diff --git a/shim-bsc919675-uninstall-shim-protocols.patch b/shim-bsc919675-uninstall-shim-protocols.patch new file mode 100644 index 0000000..a20830e --- /dev/null +++ b/shim-bsc919675-uninstall-shim-protocols.patch @@ -0,0 +1,145 @@ +From 4f8bf8c570dadf8044e7f3f260c55e3e22630998 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 3 Mar 2015 16:53:11 +0800 +Subject: [PATCH] Uninstall shim protocols at Exit() + +Shim uninstalls its own protocol at the end of the program. However, +if the loaded binary, e.g. grub2, calls Exit(), the uninstall function +would never be called, i.e. the shim protocol handle existed even if +shim was gone. This already caused crashes on the dell machines with +the following steps: + +1. boot to grub2 and press 'C' for the grub2 shell +2. type "exit" to quit the shell +3. boot to grub2 again and boot an OS + +While grub2 uses the shim protocol to verify the OS image, it may get +the old dead shim handle and crash the system. + +This commit adds uninstall_shim_protocols() to the hooked exit function +and always hook Exit to clean up the protocol handle. + +Signed-off-by: Gary Ching-Pang Lin +--- + replacements.c | 35 ++++++++++++++++++++++++++++------- + replacements.h | 1 + + shim.c | 5 ++++- + 3 files changed, 33 insertions(+), 8 deletions(-) + +diff --git a/replacements.c b/replacements.c +index f7623d9..4d96e57 100644 +--- a/replacements.c ++++ b/replacements.c +@@ -74,6 +74,10 @@ unhook_system_services(void) + return; + + systab->BootServices->Exit = system_exit; ++ ++ if (hook_exit_only) ++ return; ++ + systab->BootServices->LoadImage = system_load_image; + systab->BootServices->StartImage = system_start_image; + systab->BootServices->ExitBootServices = system_exit_boot_services; +@@ -167,10 +171,24 @@ do_exit(EFI_HANDLE ImageHandle, EFI_STATUS ExitStatus, + { + EFI_STATUS status; + unhook_system_services(); ++ uninstall_shim_protocols(); + + status = systab->BootServices->Exit(ImageHandle, ExitStatus, ExitDataSize, ExitData); +- if (EFI_ERROR(status)) ++ if (EFI_ERROR(status)) { ++ EFI_STATUS status2 = install_shim_protocols(); ++ ++ if (EFI_ERROR(status2)) { ++ Print(L"Something has gone seriously wrong: %r\n", ++ status2); ++ Print(L"shim cannot continue, sorry.\n"); ++ systab->BootServices->Stall(5000000); ++ systab->RuntimeServices->ResetSystem( ++ EfiResetShutdown, ++ EFI_SECURITY_VIOLATION, 0, NULL); ++ } ++ + hook_system_services(systab); ++ } + return status; + } + +@@ -182,6 +200,15 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) + + /* We need to hook various calls to make this work... */ + ++ /* we need to hook Exit() so that we can allow users to quit the ++ * bootloader and still e.g. start a new one or run an internal ++ * shell. */ ++ system_exit = systab->BootServices->Exit; ++ systab->BootServices->Exit = do_exit; ++ ++ if (hook_exit_only) ++ return; ++ + /* We need LoadImage() hooked so that fallback.c can load shim + * without having to fake LoadImage as well. This allows it + * to call the system LoadImage(), and have us track the output +@@ -201,10 +228,4 @@ hook_system_services(EFI_SYSTEM_TABLE *local_systab) + * and b) we can unwrap when we're done. */ + system_exit_boot_services = systab->BootServices->ExitBootServices; + systab->BootServices->ExitBootServices = exit_boot_services; +- +- /* we need to hook Exit() so that we can allow users to quit the +- * bootloader and still e.g. start a new one or run an internal +- * shell. */ +- system_exit = systab->BootServices->Exit; +- systab->BootServices->Exit = do_exit; + } +diff --git a/replacements.h b/replacements.h +index bd09424..928144d 100644 +--- a/replacements.h ++++ b/replacements.h +@@ -37,6 +37,7 @@ typedef enum { + + extern verification_method_t verification_method; + extern int loader_is_participating; ++extern int hook_exit_only; + + extern void hook_system_services(EFI_SYSTEM_TABLE *local_systab); + extern void unhook_system_services(void); +diff --git a/shim.c b/shim.c +index d46494a..6fbe427 100644 +--- a/shim.c ++++ b/shim.c +@@ -90,6 +90,7 @@ UINT8 *vendor_dbx; + */ + verification_method_t verification_method; + int loader_is_participating; ++int exit_only; + + #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} + +@@ -2100,6 +2101,7 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + /* + * Tell the user that we're in insecure mode if necessary + */ ++ hook_exit_only = 1; + if (user_insecure_mode) { + Print(L"Booting in insecure mode\n"); + uefi_call_wrapper(BS->Stall, 1, 2000000); +@@ -2110,11 +2112,12 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) + * that anything it boots has performed some + * validation of the next image. + */ +- hook_system_services(systab); ++ hook_exit_only = 0; + loader_is_participating = 0; + } + } + ++ hook_system_services(systab); + efi_status = install_shim_protocols(); + if (EFI_ERROR(efi_status)) + return efi_status; +-- +2.1.4 + diff --git a/shim-bsc920515-fix-fallback-buffer-length.patch b/shim-bsc920515-fix-fallback-buffer-length.patch new file mode 100644 index 0000000..14f15c1 --- /dev/null +++ b/shim-bsc920515-fix-fallback-buffer-length.patch @@ -0,0 +1,54 @@ +From 8bfaa280dc0fcc67e636f33f5c056d6f08b22ef5 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 25 Feb 2015 18:45:41 +0000 +Subject: [PATCH] Fix length of allocated buffer for boot option comparison. + +The following commit: + + commit 4aac8a1179e160397d7ef8f1e3232cfb4f3373d6 + Author: Gary Ching-Pang Lin + Date: Thu Mar 6 10:57:02 2014 +0800 + + [fallback] Fix the data size for boot option comparison + +corrected the data size used for comparison, but also reduced the +allocation so it doesn't include the trailing UTF16LE '\0\0' at the +end of the string, with the result that the trailer of the buffer +containing the string is overwritten, which OVMF detects as memory +corruption. + +Increase the size of the storage buffer in a few places to correct +this problem. + +Signed-off-by: Richard W.M. Jones +Cc: Laszlo Ersek +Cc: Gary Ching-Pang Lin +--- + fallback.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fallback.c b/fallback.c +index d10fb62..0c1a413 100644 +--- a/fallback.c ++++ b/fallback.c +@@ -163,7 +163,7 @@ add_boot_option(EFI_DEVICE_PATH *hddp, EFI_DEVICE_PATH *fulldp, + StrLen(label)*2 + 2 + DevicePathSize(hddp) + + StrLen(arguments) * 2; + +- CHAR8 *data = AllocateZeroPool(size); ++ CHAR8 *data = AllocateZeroPool(size + 2); + CHAR8 *cursor = data; + *(UINT32 *)cursor = LOAD_OPTION_ACTIVE; + cursor += sizeof (UINT32); +@@ -234,7 +234,7 @@ find_boot_option(EFI_DEVICE_PATH *dp, EFI_DEVICE_PATH *fulldp, + StrLen(label)*2 + 2 + DevicePathSize(dp) + + StrLen(arguments) * 2; + +- CHAR8 *data = AllocateZeroPool(size); ++ CHAR8 *data = AllocateZeroPool(size + 2); + if (!data) + return EFI_OUT_OF_RESOURCES; + CHAR8 *cursor = data; +-- +2.1.4 + diff --git a/shim-opensuse-cert-prompt.patch b/shim-opensuse-cert-prompt.patch index 9eec78c..3477d3c 100644 --- a/shim-opensuse-cert-prompt.patch +++ b/shim-opensuse-cert-prompt.patch @@ -1,4 +1,4 @@ -From e3b81e524747199fb7da29e5988cff79db1658a3 Mon Sep 17 00:00:00 2001 +From eeeb5117c7d30eef6ec8a09f884d6e6872e41638 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 18 Feb 2014 17:29:19 +0800 Subject: [PATCH 1/3] Show the build-in certificate prompt @@ -21,18 +21,18 @@ The state will store in use_openSUSE_cert, a volatile RT variable. 1 file changed, 74 insertions(+), 2 deletions(-) diff --git a/shim.c b/shim.c -index d46494a..c14a54d 100644 +index 6fbe427..112a141 100644 --- a/shim.c +++ b/shim.c -@@ -90,6 +90,7 @@ UINT8 *vendor_dbx; - */ +@@ -91,6 +91,7 @@ UINT8 *vendor_dbx; verification_method_t verification_method; int loader_is_participating; + int exit_only; +BOOLEAN use_builtin_cert; #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} -@@ -954,7 +955,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, +@@ -955,7 +956,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, if (status == EFI_SUCCESS) return status; @@ -41,7 +41,7 @@ index d46494a..c14a54d 100644 /* * Check against the shim build key */ -@@ -1708,7 +1709,7 @@ EFI_STATUS mirror_mok_list() +@@ -1709,7 +1710,7 @@ EFI_STATUS mirror_mok_list() if (efi_status != EFI_SUCCESS) DataSize = 0; @@ -50,7 +50,7 @@ index d46494a..c14a54d 100644 FullDataSize = DataSize + sizeof (*CertList) + sizeof (EFI_GUID) -@@ -2057,6 +2058,75 @@ uninstall_shim_protocols(void) +@@ -2058,6 +2059,75 @@ uninstall_shim_protocols(void) &shim_lock_guid, &shim_lock_interface); } @@ -126,9 +126,9 @@ index d46494a..c14a54d 100644 EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) { EFI_STATUS efi_status; -@@ -2112,6 +2182,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) +@@ -2114,6 +2184,8 @@ EFI_STATUS efi_main (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *passed_systab) */ - hook_system_services(systab); + hook_exit_only = 0; loader_is_participating = 0; + if (builtin_cert_prompt() != 0) + return EFI_ABORTED; @@ -136,10 +136,10 @@ index d46494a..c14a54d 100644 } -- -1.8.4.5 +2.1.4 -From 7b87b12059a9f26125f135ae649757346d26d6f8 Mon Sep 17 00:00:00 2001 +From 869b4633b647c00d13bdf9c2ad554e5d5b8b9670 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 20 Feb 2014 16:57:08 +0800 Subject: [PATCH 2/3] Support revoking the openSUSE cert @@ -292,10 +292,10 @@ index 442ab8f..7277968 100644 LibDeleteVariable(L"MokDelAuth", &shim_lock_guid); LibDeleteVariable(L"MokXAuth", &shim_lock_guid); diff --git a/shim.c b/shim.c -index c14a54d..1287eed 100644 +index 112a141..9ffac1f 100644 --- a/shim.c +++ b/shim.c -@@ -1818,7 +1818,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) +@@ -1819,7 +1819,7 @@ EFI_STATUS check_mok_request(EFI_HANDLE image_handle) check_var(L"MokPW") || check_var(L"MokAuth") || check_var(L"MokDel") || check_var(L"MokDB") || check_var(L"MokXNew") || check_var(L"MokXDel") || @@ -305,10 +305,10 @@ index c14a54d..1287eed 100644 if (efi_status != EFI_SUCCESS) { -- -1.8.4.5 +2.1.4 -From c7340fe9219777622fe58b6596f53a4cad739e9f Mon Sep 17 00:00:00 2001 +From 8d8ccfdebdd01601548d662ad8a43371d307e2f1 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Fri, 7 Mar 2014 16:17:20 +0800 Subject: [PATCH 3/3] Delete openSUSE_Verify the right way @@ -337,5 +337,5 @@ index 7277968..b5d2454 100644 console_error(L"Failed to delete openSUSE_Verify", status); return -1; -- -1.8.4.5 +2.1.4 diff --git a/shim-update-cryptlib.patch b/shim-update-cryptlib.patch new file mode 100644 index 0000000..b240055 --- /dev/null +++ b/shim-update-cryptlib.patch @@ -0,0 +1,270145 @@ +From 50d85313be40ac311591407a0025c4527d5c4a01 Mon Sep 17 00:00:00 2001 +From: Gary Ching-Pang Lin +Date: Tue, 31 Mar 2015 12:14:06 +0800 +Subject: [PATCH] Update Cryptlib and openssl + +Update Cryptlib to r16559 and openssl to 0.9.8zf +--- + Cryptlib/Include/openssl/aes.h | 106 +- + Cryptlib/Include/openssl/asn1.h | 1841 +++--- + Cryptlib/Include/openssl/asn1_mac.h | 959 ++-- + Cryptlib/Include/openssl/asn1t.h | 1093 ++-- + Cryptlib/Include/openssl/bio.h | 1106 ++-- + Cryptlib/Include/openssl/blowfish.h | 81 +- + Cryptlib/Include/openssl/bn.h | 1243 +++-- + Cryptlib/Include/openssl/buffer.h | 67 +- + Cryptlib/Include/openssl/cast.h | 64 +- + Cryptlib/Include/openssl/comp.h | 89 +- + Cryptlib/Include/openssl/conf.h | 235 +- + Cryptlib/Include/openssl/conf_api.h | 26 +- + Cryptlib/Include/openssl/crypto.h | 768 +-- + Cryptlib/Include/openssl/des.h | 308 +- + Cryptlib/Include/openssl/des_old.h | 655 ++- + Cryptlib/Include/openssl/dh.h | 286 +- + Cryptlib/Include/openssl/dsa.h | 414 +- + Cryptlib/Include/openssl/dso.h | 512 +- + Cryptlib/Include/openssl/dtls1.h | 351 +- + Cryptlib/Include/openssl/e_os2.h | 355 +- + Cryptlib/Include/openssl/ebcdic.h | 12 +- + Cryptlib/Include/openssl/ec.h | 586 +- + Cryptlib/Include/openssl/ecdh.h | 54 +- + Cryptlib/Include/openssl/ecdsa.h | 120 +- + Cryptlib/Include/openssl/engine.h | 1126 ++-- + Cryptlib/Include/openssl/err.h | 427 +- + Cryptlib/Include/openssl/evp.h | 1493 ++--- + Cryptlib/Include/openssl/hmac.h | 59 +- + Cryptlib/Include/openssl/idea.h | 56 +- + Cryptlib/Include/openssl/krb5_asn.h | 268 +- + Cryptlib/Include/openssl/kssl.h | 184 +- + Cryptlib/Include/openssl/lhash.h | 213 +- + Cryptlib/Include/openssl/md2.h | 47 +- + Cryptlib/Include/openssl/md4.h | 69 +- + Cryptlib/Include/openssl/md5.h | 67 +- + Cryptlib/Include/openssl/obj_mac.h | 7139 ++++++++++++------------ + Cryptlib/Include/openssl/objects.h | 1732 +++--- + Cryptlib/Include/openssl/ocsp.h | 635 +-- + Cryptlib/Include/openssl/opensslv.h | 56 +- + Cryptlib/Include/openssl/ossl_typ.h | 94 +- + Cryptlib/Include/openssl/pem.h | 1196 ++-- + Cryptlib/Include/openssl/pem2.h | 2 +- + Cryptlib/Include/openssl/pkcs12.h | 352 +- + Cryptlib/Include/openssl/pkcs7.h | 574 +- + Cryptlib/Include/openssl/pq_compat.h | 152 +- + Cryptlib/Include/openssl/pqueue.h | 37 +- + Cryptlib/Include/openssl/rand.h | 143 +- + Cryptlib/Include/openssl/rc2.h | 64 +- + Cryptlib/Include/openssl/rc4.h | 38 +- + Cryptlib/Include/openssl/ripemd.h | 66 +- + Cryptlib/Include/openssl/rsa.h | 725 +-- + Cryptlib/Include/openssl/safestack.h | 3840 ++++++------- + Cryptlib/Include/openssl/sha.h | 196 +- + Cryptlib/Include/openssl/ssl.h | 3565 ++++++------ + Cryptlib/Include/openssl/ssl2.h | 355 +- + Cryptlib/Include/openssl/ssl23.h | 33 +- + Cryptlib/Include/openssl/ssl3.h | 926 +-- + Cryptlib/Include/openssl/stack.h | 70 +- + Cryptlib/Include/openssl/store.h | 819 +-- + Cryptlib/Include/openssl/symhacks.h | 639 +-- + Cryptlib/Include/openssl/tls1.h | 614 +- + Cryptlib/Include/openssl/tmdiff.h | 46 +- + Cryptlib/Include/openssl/txt_db.h | 71 +- + Cryptlib/Include/openssl/ui.h | 373 +- + Cryptlib/Include/openssl/ui_compat.h | 33 +- + Cryptlib/Include/openssl/x509.h | 1897 +++---- + Cryptlib/Include/openssl/x509_vfy.h | 654 +-- + Cryptlib/Include/openssl/x509v3.h | 959 ++-- + Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 133 +- + Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 184 +- + Cryptlib/OpenSSL/crypto/aes/aes_core.c | 538 +- + Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 150 +- + Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 18 +- + Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 454 +- + Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 13 +- + Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 50 +- + Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 365 +- + Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 331 +- + Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 97 +- + Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 444 +- + Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 378 +- + Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 66 +- + Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 88 +- + Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 213 +- + Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 353 +- + Cryptlib/OpenSSL/crypto/asn1/a_hdr.c | 103 +- + Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 168 +- + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 718 +-- + Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 553 +- + Cryptlib/OpenSSL/crypto/asn1/a_meth.c | 46 +- + Cryptlib/OpenSSL/crypto/asn1/a_object.c | 603 +- + Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 28 +- + Cryptlib/OpenSSL/crypto/asn1/a_print.c | 126 +- + Cryptlib/OpenSSL/crypto/asn1/a_set.c | 320 +- + Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 347 +- + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 917 +-- + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 330 +- + Cryptlib/OpenSSL/crypto/asn1/a_time.c | 172 +- + Cryptlib/OpenSSL/crypto/asn1/a_type.c | 134 +- + Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 433 +- + Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 294 +- + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 241 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 510 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 1469 +++-- + Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 721 ++- + Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 685 ++- + Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 1360 ++--- + Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 149 +- + Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 193 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 172 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 120 +- + Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 262 +- + Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 274 +- + Cryptlib/OpenSSL/crypto/asn1/f_int.c | 294 +- + Cryptlib/OpenSSL/crypto/asn1/f_string.c | 281 +- + Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 49 +- + Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 46 +- + Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 496 +- + Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 23 +- + Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 115 +- + Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 257 +- + Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 32 +- + Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 65 +- + Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 111 +- + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 1408 +++-- + Cryptlib/OpenSSL/crypto/asn1/t_req.c | 389 +- + Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 104 +- + Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 847 +-- + Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 93 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 2325 ++++---- + Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 1151 ++-- + Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 375 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 561 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 7 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 342 +- + Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 111 +- + Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 82 +- + Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 111 +- + Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 114 +- + Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 17 +- + Cryptlib/OpenSSL/crypto/asn1/x_info.c | 89 +- + Cryptlib/OpenSSL/crypto/asn1/x_long.c | 180 +- + Cryptlib/OpenSSL/crypto/asn1/x_name.c | 355 +- + Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 150 +- + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 831 ++- + Cryptlib/OpenSSL/crypto/asn1/x_req.c | 51 +- + Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 16 +- + Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 27 +- + Cryptlib/OpenSSL/crypto/asn1/x_val.c | 16 +- + Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 207 +- + Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 153 +- + Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c | 128 +- + Cryptlib/OpenSSL/crypto/bf/bf_ecb.c | 62 +- + Cryptlib/OpenSSL/crypto/bf/bf_enc.c | 434 +- + Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c | 106 +- + Cryptlib/OpenSSL/crypto/bf/bf_skey.c | 98 +- + Cryptlib/OpenSSL/crypto/bio/b_dump.c | 203 +- + Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 863 +-- + Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 322 +- + Cryptlib/OpenSSL/crypto/bio/bf_null.c | 206 +- + Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 147 +- + Cryptlib/OpenSSL/crypto/bio/bio_err.c | 161 +- + Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 844 ++- + Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 1476 +++-- + Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 1205 ++-- + Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 323 +- + Cryptlib/OpenSSL/crypto/bio/bss_file.c | 694 ++- + Cryptlib/OpenSSL/crypto/bio/bss_log.c | 596 +- + Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 447 +- + Cryptlib/OpenSSL/crypto/bio/bss_null.c | 139 +- + Cryptlib/OpenSSL/crypto/bn/bn_add.c | 430 +- + Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 1564 +++--- + Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 478 +- + Cryptlib/OpenSSL/crypto/bn/bn_const.c | 807 +-- + Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 592 +- + Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 85 +- + Cryptlib/OpenSSL/crypto/bn/bn_div.c | 1163 ++-- + Cryptlib/OpenSSL/crypto/bn/bn_err.c | 152 +- + Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 1720 +++--- + Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 365 +- + Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 1119 ++-- + Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 2147 +++---- + Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 246 +- + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 1351 ++--- + Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 353 +- + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 1197 ++-- + Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 130 +- + Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 2004 ++++--- + Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 1437 ++--- + Cryptlib/OpenSSL/crypto/bn/bn_opt.c | 39 +- + Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 745 +-- + Cryptlib/OpenSSL/crypto/bn/bn_print.c | 489 +- + Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 316 +- + Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 329 +- + Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 283 +- + Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 369 +- + Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 678 +-- + Cryptlib/OpenSSL/crypto/bn/bn_word.c | 319 +- + Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 334 +- + Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 48 +- + Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 90 +- + Cryptlib/OpenSSL/crypto/buffer/buffer.c | 228 +- + Cryptlib/OpenSSL/crypto/cast/c_cfb64.c | 126 +- + Cryptlib/OpenSSL/crypto/cast/c_ecb.c | 44 +- + Cryptlib/OpenSSL/crypto/cast/c_enc.c | 276 +- + Cryptlib/OpenSSL/crypto/cast/c_ofb64.c | 104 +- + Cryptlib/OpenSSL/crypto/cast/c_skey.c | 207 +- + Cryptlib/OpenSSL/crypto/comp/c_rle.c | 91 +- + Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 1315 +++-- + Cryptlib/OpenSSL/crypto/comp/comp_err.c | 50 +- + Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 104 +- + Cryptlib/OpenSSL/crypto/conf/conf_api.c | 411 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.c | 1180 ++-- + Cryptlib/OpenSSL/crypto/conf/conf_err.c | 112 +- + Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 550 +- + Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 22 +- + Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 867 ++- + Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 68 +- + Cryptlib/OpenSSL/crypto/constant_time_locl.h | 211 + + Cryptlib/OpenSSL/crypto/cpt_err.c | 57 +- + Cryptlib/OpenSSL/crypto/cryptlib.c | 761 +-- + Cryptlib/OpenSSL/crypto/cversion.c | 79 +- + Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 97 +- + Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 14 +- + Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 363 +- + Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 127 +- + Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 244 +- + Cryptlib/OpenSSL/crypto/des/des_enc.c | 633 ++- + Cryptlib/OpenSSL/crypto/des/des_lib.c | 70 +- + Cryptlib/OpenSSL/crypto/des/des_old.c | 446 +- + Cryptlib/OpenSSL/crypto/des/des_old2.c | 36 +- + Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 53 +- + Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 42 +- + Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 250 +- + Cryptlib/OpenSSL/crypto/des/enc_read.c | 294 +- + Cryptlib/OpenSSL/crypto/des/enc_writ.c | 172 +- + Cryptlib/OpenSSL/crypto/des/fcrypt.c | 265 +- + Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 127 +- + Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 126 +- + Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 105 +- + Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 146 +- + Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 124 +- + Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 136 +- + Cryptlib/OpenSSL/crypto/des/rand_key.c | 19 +- + Cryptlib/OpenSSL/crypto/des/read2pwd.c | 54 +- + Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 72 +- + Cryptlib/OpenSSL/crypto/des/set_key.c | 634 ++- + Cryptlib/OpenSSL/crypto/des/str2key.c | 192 +- + Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 279 +- + Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 34 +- + Cryptlib/OpenSSL/crypto/dh/dh_check.c | 143 +- + Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 29 +- + Cryptlib/OpenSSL/crypto/dh/dh_err.c | 66 +- + Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 190 +- + Cryptlib/OpenSSL/crypto/dh/dh_key.c | 317 +- + Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 290 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c | 233 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c | 81 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_err.c | 90 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c | 538 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_key.c | 120 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c | 378 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c | 615 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c | 49 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c | 54 +- + Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c | 31 +- + Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 480 +- + Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 529 +- + Cryptlib/OpenSSL/crypto/dso/dso_err.c | 145 +- + Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 687 ++- + Cryptlib/OpenSSL/crypto/dso/dso_null.c | 46 +- + Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 24 +- + Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 800 +-- + Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 1064 ++-- + Cryptlib/OpenSSL/crypto/dyn_lck.c | 526 +- + Cryptlib/OpenSSL/crypto/ebcdic.c | 343 +- + Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 632 ++- + Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c | 1713 +++--- + Cryptlib/OpenSSL/crypto/ec/ec_asn1.c | 2361 ++++---- + Cryptlib/OpenSSL/crypto/ec/ec_check.c | 115 +- + Cryptlib/OpenSSL/crypto/ec/ec_curve.c | 2087 +++---- + Cryptlib/OpenSSL/crypto/ec/ec_cvt.c | 139 +- + Cryptlib/OpenSSL/crypto/ec/ec_err.c | 366 +- + Cryptlib/OpenSSL/crypto/ec/ec_key.c | 684 ++- + Cryptlib/OpenSSL/crypto/ec/ec_lib.c | 1875 +++---- + Cryptlib/OpenSSL/crypto/ec/ec_mult.c | 1569 +++--- + Cryptlib/OpenSSL/crypto/ec/ec_print.c | 216 +- + Cryptlib/OpenSSL/crypto/ec/ecp_mont.c | 455 +- + Cryptlib/OpenSSL/crypto/ec/ecp_nist.c | 287 +- + Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c | 3200 +++++------ + Cryptlib/OpenSSL/crypto/ecdh/ech_err.c | 46 +- + Cryptlib/OpenSSL/crypto/ecdh/ech_key.c | 17 +- + Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c | 240 +- + Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c | 232 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c | 6 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c | 60 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c | 257 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c | 719 ++- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c | 62 +- + Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c | 64 +- + Cryptlib/OpenSSL/crypto/engine/eng_all.c | 112 +- + Cryptlib/OpenSSL/crypto/engine/eng_cnf.c | 331 +- + Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c | 1667 +++--- + Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c | 620 +- + Cryptlib/OpenSSL/crypto/engine/eng_dyn.c | 922 +-- + Cryptlib/OpenSSL/crypto/engine/eng_err.c | 198 +- + Cryptlib/OpenSSL/crypto/engine/eng_fat.c | 146 +- + Cryptlib/OpenSSL/crypto/engine/eng_init.c | 171 +- + Cryptlib/OpenSSL/crypto/engine/eng_lib.c | 421 +- + Cryptlib/OpenSSL/crypto/engine/eng_list.c | 614 +- + Cryptlib/OpenSSL/crypto/engine/eng_openssl.c | 494 +- + Cryptlib/OpenSSL/crypto/engine/eng_padlock.c | 1902 +++---- + Cryptlib/OpenSSL/crypto/engine/eng_pkey.c | 226 +- + Cryptlib/OpenSSL/crypto/engine/eng_table.c | 440 +- + Cryptlib/OpenSSL/crypto/engine/tb_cipher.c | 124 +- + Cryptlib/OpenSSL/crypto/engine/tb_dh.c | 84 +- + Cryptlib/OpenSSL/crypto/engine/tb_digest.c | 124 +- + Cryptlib/OpenSSL/crypto/engine/tb_dsa.c | 84 +- + Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c | 84 +- + Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c | 84 +- + Cryptlib/OpenSSL/crypto/engine/tb_rand.c | 84 +- + Cryptlib/OpenSSL/crypto/engine/tb_rsa.c | 84 +- + Cryptlib/OpenSSL/crypto/engine/tb_store.c | 84 +- + Cryptlib/OpenSSL/crypto/err/err.c | 504 +- + Cryptlib/OpenSSL/crypto/err/err_all.c | 140 +- + Cryptlib/OpenSSL/crypto/err/err_bio.c | 27 +- + Cryptlib/OpenSSL/crypto/err/err_def.c | 798 +-- + Cryptlib/OpenSSL/crypto/err/err_prn.c | 181 +- + Cryptlib/OpenSSL/crypto/err/err_str.c | 310 +- + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 1006 ++-- + Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 678 +-- + Cryptlib/OpenSSL/crypto/evp/bio_md.c | 329 +- + Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 971 ++-- + Cryptlib/OpenSSL/crypto/evp/c_all.c | 44 +- + Cryptlib/OpenSSL/crypto/evp/c_allc.c | 274 +- + Cryptlib/OpenSSL/crypto/evp/c_alld.c | 72 +- + Cryptlib/OpenSSL/crypto/evp/dig_eng.c | 120 +- + Cryptlib/OpenSSL/crypto/evp/digest.c | 562 +- + Cryptlib/OpenSSL/crypto/evp/e_aes.c | 96 +- + Cryptlib/OpenSSL/crypto/evp/e_bf.c | 47 +- + Cryptlib/OpenSSL/crypto/evp/e_cast.c | 51 +- + Cryptlib/OpenSSL/crypto/evp/e_des.c | 181 +- + Cryptlib/OpenSSL/crypto/evp/e_des3.c | 311 +- + Cryptlib/OpenSSL/crypto/evp/e_idea.c | 87 +- + Cryptlib/OpenSSL/crypto/evp/e_null.c | 72 +- + Cryptlib/OpenSSL/crypto/evp/e_old.c | 129 +- + Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 292 +- + Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 122 +- + Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 102 +- + Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 99 +- + Cryptlib/OpenSSL/crypto/evp/enc_min.c | 557 +- + Cryptlib/OpenSSL/crypto/evp/encode.c | 696 +-- + Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 22 +- + Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 95 +- + Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 646 ++- + Cryptlib/OpenSSL/crypto/evp/evp_err.c | 236 +- + Cryptlib/OpenSSL/crypto/evp/evp_key.c | 207 +- + Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 317 +- + Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 163 +- + Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 1252 ++--- + Cryptlib/OpenSSL/crypto/evp/m_dss.c | 65 +- + Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 79 +- + Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 65 +- + Cryptlib/OpenSSL/crypto/evp/m_md2.c | 77 +- + Cryptlib/OpenSSL/crypto/evp/m_md4.c | 77 +- + Cryptlib/OpenSSL/crypto/evp/m_md5.c | 79 +- + Cryptlib/OpenSSL/crypto/evp/m_null.c | 65 +- + Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 77 +- + Cryptlib/OpenSSL/crypto/evp/m_sha.c | 75 +- + Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 279 +- + Cryptlib/OpenSSL/crypto/evp/names.c | 112 +- + Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 162 +- + Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 326 +- + Cryptlib/OpenSSL/crypto/evp/p_dec.c | 40 +- + Cryptlib/OpenSSL/crypto/evp/p_enc.c | 41 +- + Cryptlib/OpenSSL/crypto/evp/p_lib.c | 619 +- + Cryptlib/OpenSSL/crypto/evp/p_open.c | 109 +- + Cryptlib/OpenSSL/crypto/evp/p_seal.c | 87 +- + Cryptlib/OpenSSL/crypto/evp/p_sign.c | 116 +- + Cryptlib/OpenSSL/crypto/evp/p_verify.c | 97 +- + Cryptlib/OpenSSL/crypto/ex_data.c | 845 +-- + Cryptlib/OpenSSL/crypto/fips_err.c | 2 +- + Cryptlib/OpenSSL/crypto/hmac/hmac.c | 202 +- + Cryptlib/OpenSSL/crypto/idea/i_cbc.c | 209 +- + Cryptlib/OpenSSL/crypto/idea/i_cfb64.c | 127 +- + Cryptlib/OpenSSL/crypto/idea/i_ecb.c | 51 +- + Cryptlib/OpenSSL/crypto/idea/i_ofb64.c | 105 +- + Cryptlib/OpenSSL/crypto/idea/i_skey.c | 196 +- + Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 95 +- + Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 322 +- + Cryptlib/OpenSSL/crypto/lhash/lhash.c | 675 ++- + Cryptlib/OpenSSL/crypto/md2/md2_dgst.c | 305 +- + Cryptlib/OpenSSL/crypto/md2/md2_one.c | 64 +- + Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 230 +- + Cryptlib/OpenSSL/crypto/md4/md4_one.c | 61 +- + Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 264 +- + Cryptlib/OpenSSL/crypto/md5/md5_one.c | 61 +- + Cryptlib/OpenSSL/crypto/mem.c | 693 +-- + Cryptlib/OpenSSL/crypto/mem_clr.c | 32 +- + Cryptlib/OpenSSL/crypto/mem_dbg.c | 1230 ++-- + Cryptlib/OpenSSL/crypto/o_dir.c | 25 +- + Cryptlib/OpenSSL/crypto/o_init.c | 69 +- + Cryptlib/OpenSSL/crypto/o_str.c | 75 +- + Cryptlib/OpenSSL/crypto/o_time.c | 288 +- + Cryptlib/OpenSSL/crypto/objects/o_names.c | 610 +- + Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 1281 +++-- + Cryptlib/OpenSSL/crypto/objects/obj_err.c | 54 +- + Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 127 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 97 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 539 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 141 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 812 +-- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 715 ++- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 397 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 428 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 365 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 727 ++- + Cryptlib/OpenSSL/crypto/pem/pem_all.c | 471 +- + Cryptlib/OpenSSL/crypto/pem/pem_err.c | 123 +- + Cryptlib/OpenSSL/crypto/pem/pem_info.c | 586 +- + Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 1314 ++--- + Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 42 +- + Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 259 +- + Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 168 +- + Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 250 +- + Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 71 +- + Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 8 +- + Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 10 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 245 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 56 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 114 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 110 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 519 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 207 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 56 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 256 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 427 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 207 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 268 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 16 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 66 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 107 +- + Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 145 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 147 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 134 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 2105 ++++--- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 973 ++-- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 90 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 879 +-- + Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 199 +- + Cryptlib/OpenSSL/crypto/pqueue/pqueue.c | 324 +- + Cryptlib/OpenSSL/crypto/rand/md_rand.c | 809 ++- + Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 358 +- + Cryptlib/OpenSSL/crypto/rand/rand_eng.c | 143 +- + Cryptlib/OpenSSL/crypto/rand/rand_err.c | 79 +- + Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 285 +- + Cryptlib/OpenSSL/crypto/rand/rand_nw.c | 110 +- + Cryptlib/OpenSSL/crypto/rand/rand_os2.c | 74 +- + Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 384 +- + Cryptlib/OpenSSL/crypto/rand/rand_win.c | 1226 ++-- + Cryptlib/OpenSSL/crypto/rand/randfile.c | 383 +- + Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c | 334 +- + Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c | 48 +- + Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c | 181 +- + Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c | 127 +- + Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c | 105 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 491 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c | 24 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 163 +- + Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c | 477 +- + Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c | 39 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 79 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 281 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 64 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 1517 +++-- + Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c | 456 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 226 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 328 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 288 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 64 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 122 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 429 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 367 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 347 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 158 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 383 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 161 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 198 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 377 +- + Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 35 +- + Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 30 +- + Cryptlib/OpenSSL/crypto/sha/sha256.c | 619 +- + Cryptlib/OpenSSL/crypto/sha/sha512.c | 1013 ++-- + Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 25 +- + Cryptlib/OpenSSL/crypto/sha/sha_one.c | 35 +- + Cryptlib/OpenSSL/crypto/stack/stack.c | 544 +- + Cryptlib/OpenSSL/crypto/store/str_err.c | 321 +- + Cryptlib/OpenSSL/crypto/store/str_lib.c | 3083 +++++----- + Cryptlib/OpenSSL/crypto/store/str_mem.c | 552 +- + Cryptlib/OpenSSL/crypto/store/str_meth.c | 378 +- + Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 589 +- + Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 20 +- + Cryptlib/OpenSSL/crypto/ui/ui_err.c | 75 +- + Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 1448 +++-- + Cryptlib/OpenSSL/crypto/ui/ui_util.c | 62 +- + Cryptlib/OpenSSL/crypto/uid.c | 35 +- + Cryptlib/OpenSSL/crypto/x509/by_dir.c | 547 +- + Cryptlib/OpenSSL/crypto/x509/by_file.c | 405 +- + Cryptlib/OpenSSL/crypto/x509/x509_att.c | 463 +- + Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 601 +- + Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 82 +- + Cryptlib/OpenSSL/crypto/x509/x509_def.c | 39 +- + Cryptlib/OpenSSL/crypto/x509/x509_err.c | 188 +- + Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 163 +- + Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 904 ++- + Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 278 +- + Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 89 +- + Cryptlib/OpenSSL/crypto/x509/x509_req.c | 383 +- + Cryptlib/OpenSSL/crypto/x509/x509_set.c | 147 +- + Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 321 +- + Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 212 +- + Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 356 +- + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 2592 +++++---- + Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 554 +- + Cryptlib/OpenSSL/crypto/x509/x509cset.c | 179 +- + Cryptlib/OpenSSL/crypto/x509/x509name.c | 574 +- + Cryptlib/OpenSSL/crypto/x509/x509rset.c | 40 +- + Cryptlib/OpenSSL/crypto/x509/x509spki.c | 92 +- + Cryptlib/OpenSSL/crypto/x509/x509type.c | 112 +- + Cryptlib/OpenSSL/crypto/x509/x_all.c | 595 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 361 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 116 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 172 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 243 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 160 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 1090 ++-- + Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 1860 +++--- + Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 255 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 13 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 926 ++- + Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 1198 ++-- + Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 100 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 137 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 740 +-- + Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 664 +-- + Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 151 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 59 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 125 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 44 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 93 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 237 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 57 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 370 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 252 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 322 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 523 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 17 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 113 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 58 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 142 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 311 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 951 ++-- + Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 144 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 271 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 1325 ++--- + Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 310 +- + Cryptlib/OpenSSL/e_os.h | 988 ++-- + Cryptlib/OpenSSL/update.sh | 3 +- + Cryptlib/Pk/CryptAuthenticode.c | 20 +- + Cryptlib/Pk/CryptPkcs7Verify.c | 29 +- + Cryptlib/Pk/CryptX509.c | 78 +- + 571 files changed, 116388 insertions(+), 113878 deletions(-) + create mode 100644 Cryptlib/OpenSSL/crypto/constant_time_locl.h + +diff --git a/Cryptlib/Include/openssl/aes.h b/Cryptlib/Include/openssl/aes.h +index 450f2b4..83c13c9 100644 +--- a/Cryptlib/Include/openssl/aes.h ++++ b/Cryptlib/Include/openssl/aes.h +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -50,25 +50,27 @@ + */ + + #ifndef HEADER_AES_H +-#define HEADER_AES_H ++# define HEADER_AES_H + +-#include ++# include + +-#ifdef OPENSSL_NO_AES +-#error AES is disabled. +-#endif ++# ifdef OPENSSL_NO_AES ++# error AES is disabled. ++# endif + +-#define AES_ENCRYPT 1 +-#define AES_DECRYPT 0 ++# define AES_ENCRYPT 1 ++# define AES_DECRYPT 0 + +-/* Because array size can't be a const in C, the following two are macros. +- Both sizes are in bytes. */ +-#define AES_MAXNR 14 +-#define AES_BLOCK_SIZE 16 ++/* ++ * Because array size can't be a const in C, the following two are macros. ++ * Both sizes are in bytes. ++ */ ++# define AES_MAXNR 14 ++# define AES_BLOCK_SIZE 16 + +-#ifdef OPENSSL_FIPS +-#define FIPS_AES_SIZE_T int +-#endif ++# ifdef OPENSSL_FIPS ++# define FIPS_AES_SIZE_T int ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -76,11 +78,11 @@ extern "C" { + + /* This should be a hidden type, but EVP requires that the size be known */ + struct aes_key_st { +-#ifdef AES_LONG +- unsigned long rd_key[4 *(AES_MAXNR + 1)]; +-#else +- unsigned int rd_key[4 *(AES_MAXNR + 1)]; +-#endif ++# ifdef AES_LONG ++ unsigned long rd_key[4 * (AES_MAXNR + 1)]; ++# else ++ unsigned int rd_key[4 * (AES_MAXNR + 1)]; ++# endif + int rounds; + }; + typedef struct aes_key_st AES_KEY; +@@ -88,61 +90,61 @@ typedef struct aes_key_st AES_KEY; + const char *AES_options(void); + + int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key); ++ AES_KEY *key); + int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key); ++ AES_KEY *key); + + void AES_encrypt(const unsigned char *in, unsigned char *out, +- const AES_KEY *key); ++ const AES_KEY *key); + void AES_decrypt(const unsigned char *in, unsigned char *out, +- const AES_KEY *key); ++ const AES_KEY *key); + + void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const AES_KEY *key, const int enc); ++ const AES_KEY *key, const int enc); + void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, const int enc); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, const int enc); + void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num, const int enc); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num, const int enc); + void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num, const int enc); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num, const int enc); + void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num, const int enc); +-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, +- const int nbits,const AES_KEY *key, +- unsigned char *ivec,const int enc); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num, const int enc); ++void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, ++ const int nbits, const AES_KEY *key, ++ unsigned char *ivec, const int enc); + void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num); + void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char ivec[AES_BLOCK_SIZE], +- unsigned char ecount_buf[AES_BLOCK_SIZE], +- unsigned int *num); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char ivec[AES_BLOCK_SIZE], ++ unsigned char ecount_buf[AES_BLOCK_SIZE], ++ unsigned int *num); + + /* For IGE, see also http://www.links.org/files/openssl-ige.pdf */ + /* NB: the IV is _two_ blocks long */ + void AES_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, const int enc); ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, const int enc); + /* NB: the IV is _four_ blocks long */ + void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- const AES_KEY *key2, const unsigned char *ivec, +- const int enc); ++ const unsigned long length, const AES_KEY *key, ++ const AES_KEY *key2, const unsigned char *ivec, ++ const int enc); + + int AES_wrap_key(AES_KEY *key, const unsigned char *iv, +- unsigned char *out, +- const unsigned char *in, unsigned int inlen); ++ unsigned char *out, ++ const unsigned char *in, unsigned int inlen); + int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, +- unsigned char *out, +- const unsigned char *in, unsigned int inlen); ++ unsigned char *out, ++ const unsigned char *in, unsigned int inlen); + + #ifdef __cplusplus + } + #endif + +-#endif /* !HEADER_AES_H */ ++#endif /* !HEADER_AES_H */ +diff --git a/Cryptlib/Include/openssl/asn1.h b/Cryptlib/Include/openssl/asn1.h +index d9d5443..47e3e02 100644 +--- a/Cryptlib/Include/openssl/asn1.h ++++ b/Cryptlib/Include/openssl/asn1.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,236 +57,236 @@ + */ + + #ifndef HEADER_ASN1_H +-#define HEADER_ASN1_H ++# define HEADER_ASN1_H + +-#include +-#include +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#include +-#include ++# include ++# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include + +-#include ++# include + +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif + +-#ifdef OPENSSL_BUILD_SHLIBCRYPTO +-# undef OPENSSL_EXTERN +-# define OPENSSL_EXTERN OPENSSL_EXPORT +-#endif ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-#define V_ASN1_UNIVERSAL 0x00 +-#define V_ASN1_APPLICATION 0x40 +-#define V_ASN1_CONTEXT_SPECIFIC 0x80 +-#define V_ASN1_PRIVATE 0xc0 +- +-#define V_ASN1_CONSTRUCTED 0x20 +-#define V_ASN1_PRIMITIVE_TAG 0x1f +-#define V_ASN1_PRIMATIVE_TAG 0x1f +- +-#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +-#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ +-#define V_ASN1_ANY -4 /* used in ASN1 template code */ +- +-#define V_ASN1_NEG 0x100 /* negative flag */ +- +-#define V_ASN1_UNDEF -1 +-#define V_ASN1_EOC 0 +-#define V_ASN1_BOOLEAN 1 /**/ +-#define V_ASN1_INTEGER 2 +-#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +-#define V_ASN1_BIT_STRING 3 +-#define V_ASN1_OCTET_STRING 4 +-#define V_ASN1_NULL 5 +-#define V_ASN1_OBJECT 6 +-#define V_ASN1_OBJECT_DESCRIPTOR 7 +-#define V_ASN1_EXTERNAL 8 +-#define V_ASN1_REAL 9 +-#define V_ASN1_ENUMERATED 10 +-#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +-#define V_ASN1_UTF8STRING 12 +-#define V_ASN1_SEQUENCE 16 +-#define V_ASN1_SET 17 +-#define V_ASN1_NUMERICSTRING 18 /**/ +-#define V_ASN1_PRINTABLESTRING 19 +-#define V_ASN1_T61STRING 20 +-#define V_ASN1_TELETEXSTRING 20 /* alias */ +-#define V_ASN1_VIDEOTEXSTRING 21 /**/ +-#define V_ASN1_IA5STRING 22 +-#define V_ASN1_UTCTIME 23 +-#define V_ASN1_GENERALIZEDTIME 24 /**/ +-#define V_ASN1_GRAPHICSTRING 25 /**/ +-#define V_ASN1_ISO64STRING 26 /**/ +-#define V_ASN1_VISIBLESTRING 26 /* alias */ +-#define V_ASN1_GENERALSTRING 27 /**/ +-#define V_ASN1_UNIVERSALSTRING 28 /**/ +-#define V_ASN1_BMPSTRING 30 +- ++# define V_ASN1_UNIVERSAL 0x00 ++# define V_ASN1_APPLICATION 0x40 ++# define V_ASN1_CONTEXT_SPECIFIC 0x80 ++# define V_ASN1_PRIVATE 0xc0 ++ ++# define V_ASN1_CONSTRUCTED 0x20 ++# define V_ASN1_PRIMITIVE_TAG 0x1f ++# define V_ASN1_PRIMATIVE_TAG 0x1f ++ ++# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */ ++# define V_ASN1_OTHER -3/* used in ASN1_TYPE */ ++# define V_ASN1_ANY -4/* used in ASN1 template code */ ++ ++# define V_ASN1_NEG 0x100/* negative flag */ ++ ++# define V_ASN1_UNDEF -1 ++# define V_ASN1_EOC 0 ++# define V_ASN1_BOOLEAN 1 /**/ ++# define V_ASN1_INTEGER 2 ++# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) ++# define V_ASN1_BIT_STRING 3 ++# define V_ASN1_OCTET_STRING 4 ++# define V_ASN1_NULL 5 ++# define V_ASN1_OBJECT 6 ++# define V_ASN1_OBJECT_DESCRIPTOR 7 ++# define V_ASN1_EXTERNAL 8 ++# define V_ASN1_REAL 9 ++# define V_ASN1_ENUMERATED 10 ++# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) ++# define V_ASN1_UTF8STRING 12 ++# define V_ASN1_SEQUENCE 16 ++# define V_ASN1_SET 17 ++# define V_ASN1_NUMERICSTRING 18 /**/ ++# define V_ASN1_PRINTABLESTRING 19 ++# define V_ASN1_T61STRING 20 ++# define V_ASN1_TELETEXSTRING 20/* alias */ ++# define V_ASN1_VIDEOTEXSTRING 21 /**/ ++# define V_ASN1_IA5STRING 22 ++# define V_ASN1_UTCTIME 23 ++# define V_ASN1_GENERALIZEDTIME 24 /**/ ++# define V_ASN1_GRAPHICSTRING 25 /**/ ++# define V_ASN1_ISO64STRING 26 /**/ ++# define V_ASN1_VISIBLESTRING 26/* alias */ ++# define V_ASN1_GENERALSTRING 27 /**/ ++# define V_ASN1_UNIVERSALSTRING 28 /**/ ++# define V_ASN1_BMPSTRING 30 + /* For use with d2i_ASN1_type_bytes() */ +-#define B_ASN1_NUMERICSTRING 0x0001 +-#define B_ASN1_PRINTABLESTRING 0x0002 +-#define B_ASN1_T61STRING 0x0004 +-#define B_ASN1_TELETEXSTRING 0x0004 +-#define B_ASN1_VIDEOTEXSTRING 0x0008 +-#define B_ASN1_IA5STRING 0x0010 +-#define B_ASN1_GRAPHICSTRING 0x0020 +-#define B_ASN1_ISO64STRING 0x0040 +-#define B_ASN1_VISIBLESTRING 0x0040 +-#define B_ASN1_GENERALSTRING 0x0080 +-#define B_ASN1_UNIVERSALSTRING 0x0100 +-#define B_ASN1_OCTET_STRING 0x0200 +-#define B_ASN1_BIT_STRING 0x0400 +-#define B_ASN1_BMPSTRING 0x0800 +-#define B_ASN1_UNKNOWN 0x1000 +-#define B_ASN1_UTF8STRING 0x2000 +-#define B_ASN1_UTCTIME 0x4000 +-#define B_ASN1_GENERALIZEDTIME 0x8000 +-#define B_ASN1_SEQUENCE 0x10000 +- ++# define B_ASN1_NUMERICSTRING 0x0001 ++# define B_ASN1_PRINTABLESTRING 0x0002 ++# define B_ASN1_T61STRING 0x0004 ++# define B_ASN1_TELETEXSTRING 0x0004 ++# define B_ASN1_VIDEOTEXSTRING 0x0008 ++# define B_ASN1_IA5STRING 0x0010 ++# define B_ASN1_GRAPHICSTRING 0x0020 ++# define B_ASN1_ISO64STRING 0x0040 ++# define B_ASN1_VISIBLESTRING 0x0040 ++# define B_ASN1_GENERALSTRING 0x0080 ++# define B_ASN1_UNIVERSALSTRING 0x0100 ++# define B_ASN1_OCTET_STRING 0x0200 ++# define B_ASN1_BIT_STRING 0x0400 ++# define B_ASN1_BMPSTRING 0x0800 ++# define B_ASN1_UNKNOWN 0x1000 ++# define B_ASN1_UTF8STRING 0x2000 ++# define B_ASN1_UTCTIME 0x4000 ++# define B_ASN1_GENERALIZEDTIME 0x8000 ++# define B_ASN1_SEQUENCE 0x10000 + /* For use with ASN1_mbstring_copy() */ +-#define MBSTRING_FLAG 0x1000 +-#define MBSTRING_UTF8 (MBSTRING_FLAG) +-#define MBSTRING_ASC (MBSTRING_FLAG|1) +-#define MBSTRING_BMP (MBSTRING_FLAG|2) +-#define MBSTRING_UNIV (MBSTRING_FLAG|4) +- +-#define SMIME_OLDMIME 0x400 +-#define SMIME_CRLFEOL 0x800 +-#define SMIME_STREAM 0x1000 +- +-struct X509_algor_st; ++# define MBSTRING_FLAG 0x1000 ++# define MBSTRING_UTF8 (MBSTRING_FLAG) ++# define MBSTRING_ASC (MBSTRING_FLAG|1) ++# define MBSTRING_BMP (MBSTRING_FLAG|2) ++# define MBSTRING_UNIV (MBSTRING_FLAG|4) ++# define SMIME_OLDMIME 0x400 ++# define SMIME_CRLFEOL 0x800 ++# define SMIME_STREAM 0x1000 ++ struct X509_algor_st; + DECLARE_STACK_OF(X509_ALGOR) + +-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ +-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ +- +-/* We MUST make sure that, except for constness, asn1_ctx_st and +- asn1_const_ctx are exactly the same. Fortunately, as soon as +- the old ASN1 parsing macros are gone, we can throw this away +- as well... */ +-typedef struct asn1_ctx_st +- { +- unsigned char *p;/* work char pointer */ +- int eos; /* end of sequence read for indefinite encoding */ +- int error; /* error code to use when returning an error */ +- int inf; /* constructed if 0x20, indefinite is 0x21 */ +- int tag; /* tag from last 'get object' */ +- int xclass; /* class from last 'get object' */ +- long slen; /* length of last 'get object' */ +- unsigned char *max; /* largest value of p allowed */ +- unsigned char *q;/* temporary variable */ +- unsigned char **pp;/* variable */ +- int line; /* used in error processing */ +- } ASN1_CTX; +- +-typedef struct asn1_const_ctx_st +- { +- const unsigned char *p;/* work char pointer */ +- int eos; /* end of sequence read for indefinite encoding */ +- int error; /* error code to use when returning an error */ +- int inf; /* constructed if 0x20, indefinite is 0x21 */ +- int tag; /* tag from last 'get object' */ +- int xclass; /* class from last 'get object' */ +- long slen; /* length of last 'get object' */ +- const unsigned char *max; /* largest value of p allowed */ +- const unsigned char *q;/* temporary variable */ +- const unsigned char **pp;/* variable */ +- int line; /* used in error processing */ +- } ASN1_const_CTX; +- +-/* These are used internally in the ASN1_OBJECT to keep track of +- * whether the names and data need to be free()ed */ +-#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */ +-#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ +-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ +-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ +-typedef struct asn1_object_st +- { +- const char *sn,*ln; +- int nid; +- int length; +- unsigned char *data; +- int flags; /* Should we free this one */ +- } ASN1_OBJECT; +- +-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +-/* This indicates that the ASN1_STRING is not a real value but just a place +- * holder for the location where indefinite length constructed data should +- * be inserted in the memory buffer ++# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ ++# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ ++ ++/* ++ * We MUST make sure that, except for constness, asn1_ctx_st and ++ * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 ++ * parsing macros are gone, we can throw this away as well... ++ */ ++typedef struct asn1_ctx_st { ++ unsigned char *p; /* work char pointer */ ++ int eos; /* end of sequence read for indefinite ++ * encoding */ ++ int error; /* error code to use when returning an error */ ++ int inf; /* constructed if 0x20, indefinite is 0x21 */ ++ int tag; /* tag from last 'get object' */ ++ int xclass; /* class from last 'get object' */ ++ long slen; /* length of last 'get object' */ ++ unsigned char *max; /* largest value of p allowed */ ++ unsigned char *q; /* temporary variable */ ++ unsigned char **pp; /* variable */ ++ int line; /* used in error processing */ ++} ASN1_CTX; ++ ++typedef struct asn1_const_ctx_st { ++ const unsigned char *p; /* work char pointer */ ++ int eos; /* end of sequence read for indefinite ++ * encoding */ ++ int error; /* error code to use when returning an error */ ++ int inf; /* constructed if 0x20, indefinite is 0x21 */ ++ int tag; /* tag from last 'get object' */ ++ int xclass; /* class from last 'get object' */ ++ long slen; /* length of last 'get object' */ ++ const unsigned char *max; /* largest value of p allowed */ ++ const unsigned char *q; /* temporary variable */ ++ const unsigned char **pp; /* variable */ ++ int line; /* used in error processing */ ++} ASN1_const_CTX; ++ ++/* ++ * These are used internally in the ASN1_OBJECT to keep track of whether the ++ * names and data need to be free()ed ++ */ ++# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ ++# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ ++# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ ++# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ ++typedef struct asn1_object_st { ++ const char *sn, *ln; ++ int nid; ++ int length; ++ unsigned char *data; ++ int flags; /* Should we free this one */ ++} ASN1_OBJECT; ++ ++# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ ++/* ++ * This indicates that the ASN1_STRING is not a real value but just a place ++ * holder for the location where indefinite length constructed data should be ++ * inserted in the memory buffer + */ +-#define ASN1_STRING_FLAG_NDEF 0x010 ++# define ASN1_STRING_FLAG_NDEF 0x010 + +-/* This flag is used by the CMS code to indicate that a string is not +- * complete and is a place holder for content when it had all been +- * accessed. The flag will be reset when content has been written to it. ++/* ++ * This flag is used by the CMS code to indicate that a string is not ++ * complete and is a place holder for content when it had all been accessed. ++ * The flag will be reset when content has been written to it. + */ +-#define ASN1_STRING_FLAG_CONT 0x020 ++# define ASN1_STRING_FLAG_CONT 0x020 + + /* This is the base type that holds just about everything :-) */ +-typedef struct asn1_string_st +- { +- int length; +- int type; +- unsigned char *data; +- /* The value of the following field depends on the type being +- * held. It is mostly being used for BIT_STRING so if the +- * input data has a non-zero 'unused bits' value, it will be +- * handled correctly */ +- long flags; +- } ASN1_STRING; +- +-/* ASN1_ENCODING structure: this is used to save the received +- * encoding of an ASN1 type. This is useful to get round +- * problems with invalid encodings which can break signatures. ++typedef struct asn1_string_st { ++ int length; ++ int type; ++ unsigned char *data; ++ /* ++ * The value of the following field depends on the type being held. It ++ * is mostly being used for BIT_STRING so if the input data has a ++ * non-zero 'unused bits' value, it will be handled correctly ++ */ ++ long flags; ++} ASN1_STRING; ++ ++/* ++ * ASN1_ENCODING structure: this is used to save the received encoding of an ++ * ASN1 type. This is useful to get round problems with invalid encodings ++ * which can break signatures. + */ + +-typedef struct ASN1_ENCODING_st +- { +- unsigned char *enc; /* DER encoding */ +- long len; /* Length of encoding */ +- int modified; /* set to 1 if 'enc' is invalid */ +- } ASN1_ENCODING; ++typedef struct ASN1_ENCODING_st { ++ unsigned char *enc; /* DER encoding */ ++ long len; /* Length of encoding */ ++ int modified; /* set to 1 if 'enc' is invalid */ ++} ASN1_ENCODING; + + /* Used with ASN1 LONG type: if a long is set to this it is omitted */ +-#define ASN1_LONG_UNDEF 0x7fffffffL ++# define ASN1_LONG_UNDEF 0x7fffffffL + +-#define STABLE_FLAGS_MALLOC 0x01 +-#define STABLE_NO_MASK 0x02 +-#define DIRSTRING_TYPE \ ++# define STABLE_FLAGS_MALLOC 0x01 ++# define STABLE_NO_MASK 0x02 ++# define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) ++# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + + typedef struct asn1_string_table_st { +- int nid; +- long minsize; +- long maxsize; +- unsigned long mask; +- unsigned long flags; ++ int nid; ++ long minsize; ++ long maxsize; ++ unsigned long mask; ++ unsigned long flags; + } ASN1_STRING_TABLE; + + DECLARE_STACK_OF(ASN1_STRING_TABLE) + + /* size limits: this stuff is taken straight from RFC2459 */ + +-#define ub_name 32768 +-#define ub_common_name 64 +-#define ub_locality_name 128 +-#define ub_state_name 128 +-#define ub_organization_name 64 +-#define ub_organization_unit_name 64 +-#define ub_title 64 +-#define ub_email_address 128 +- +-/* Declarations for template structures: for full definitions +- * see asn1t.h ++# define ub_name 32768 ++# define ub_common_name 64 ++# define ub_locality_name 128 ++# define ub_state_name 128 ++# define ub_organization_name 64 ++# define ub_organization_unit_name 64 ++# define ub_title 64 ++# define ub_email_address 128 ++ ++/* ++ * Declarations for template structures: for full definitions see asn1t.h + */ + typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; + typedef struct ASN1_ITEM_st ASN1_ITEM; +@@ -296,64 +296,65 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; + + /* Declare ASN1 functions: the implement macro in in asn1t.h */ + +-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) ++# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ +- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) ++# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ ++ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ +- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ +- DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) ++# define DECLARE_ASN1_FUNCTIONS_name(type, name) \ ++ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ ++ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ +- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ +- DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) ++# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ ++ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ ++ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +-#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ +- type *d2i_##name(type **a, const unsigned char **in, long len); \ +- int i2d_##name(type *a, unsigned char **out); \ +- DECLARE_ASN1_ITEM(itname) ++# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ ++ type *d2i_##name(type **a, const unsigned char **in, long len); \ ++ int i2d_##name(type *a, unsigned char **out); \ ++ DECLARE_ASN1_ITEM(itname) + +-#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ +- type *d2i_##name(type **a, const unsigned char **in, long len); \ +- int i2d_##name(const type *a, unsigned char **out); \ +- DECLARE_ASN1_ITEM(name) ++# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ ++ type *d2i_##name(type **a, const unsigned char **in, long len); \ ++ int i2d_##name(const type *a, unsigned char **out); \ ++ DECLARE_ASN1_ITEM(name) + +-#define DECLARE_ASN1_NDEF_FUNCTION(name) \ +- int i2d_##name##_NDEF(name *a, unsigned char **out); ++# define DECLARE_ASN1_NDEF_FUNCTION(name) \ ++ int i2d_##name##_NDEF(name *a, unsigned char **out); + +-#define DECLARE_ASN1_FUNCTIONS_const(name) \ +- DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ +- DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) ++# define DECLARE_ASN1_FUNCTIONS_const(name) \ ++ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ ++ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ +- type *name##_new(void); \ +- void name##_free(type *a); ++# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ ++ type *name##_new(void); \ ++ void name##_free(type *a); + +-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +-#define I2D_OF(type) int (*)(type *,unsigned char **) +-#define I2D_OF_const(type) int (*)(const type *,unsigned char **) ++# define D2I_OF(type) type *(*)(type **,const unsigned char **,long) ++# define I2D_OF(type) int (*)(type *,unsigned char **) ++# define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +-#define CHECKED_D2I_OF(type, d2i) \ ++# define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +-#define CHECKED_I2D_OF(type, i2d) \ ++# define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +-#define CHECKED_NEW_OF(type, xnew) \ ++# define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +-#define CHECKED_PTR_OF(type, p) \ ++# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +-#define CHECKED_PPTR_OF(type, p) \ ++# define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) +-#define CHECKED_PTR_OF_TO_CHAR(type, p) \ ++# define CHECKED_PTR_OF_TO_CHAR(type, p) \ + ((char*) (1 ? p : (type*)0)) + +-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) ++# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) ++# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) ++# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + + TYPEDEF_D2I2D_OF(void); + +-/* The following macros and typedefs allow an ASN1_ITEM ++/*- ++ * The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in +@@ -372,7 +373,7 @@ TYPEDEF_D2I2D_OF(void); + * ... + * ASN1_ITEM_EXP *iptr; + * ... +- * } SOMETHING; ++ * } SOMETHING; + * + * It would be initialised as e.g.: + * +@@ -388,462 +389,465 @@ TYPEDEF_D2I2D_OF(void); + * + */ + +-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION ++# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + + /* ASN1_ITEM pointer exported type */ + typedef const ASN1_ITEM ASN1_ITEM_EXP; + + /* Macro to obtain ASN1_ITEM pointer from exported type */ +-#define ASN1_ITEM_ptr(iptr) (iptr) ++# define ASN1_ITEM_ptr(iptr) (iptr) + + /* Macro to include ASN1_ITEM pointer from base type */ +-#define ASN1_ITEM_ref(iptr) (&(iptr##_it)) ++# define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +-#define ASN1_ITEM_rptr(ref) (&(ref##_it)) ++# define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +-#define DECLARE_ASN1_ITEM(name) \ +- OPENSSL_EXTERN const ASN1_ITEM name##_it; ++# define DECLARE_ASN1_ITEM(name) \ ++ OPENSSL_EXTERN const ASN1_ITEM name##_it; + +-#else ++# else + +-/* Platforms that can't easily handle shared global variables are declared +- * as functions returning ASN1_ITEM pointers. ++/* ++ * Platforms that can't easily handle shared global variables are declared as ++ * functions returning ASN1_ITEM pointers. + */ + + /* ASN1_ITEM pointer exported type */ +-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); ++typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + + /* Macro to obtain ASN1_ITEM pointer from exported type */ +-#define ASN1_ITEM_ptr(iptr) (iptr()) ++# define ASN1_ITEM_ptr(iptr) (iptr()) + + /* Macro to include ASN1_ITEM pointer from base type */ +-#define ASN1_ITEM_ref(iptr) (iptr##_it) ++# define ASN1_ITEM_ref(iptr) (iptr##_it) + +-#define ASN1_ITEM_rptr(ref) (ref##_it()) ++# define ASN1_ITEM_rptr(ref) (ref##_it()) + +-#define DECLARE_ASN1_ITEM(name) \ +- const ASN1_ITEM * name##_it(void); ++# define DECLARE_ASN1_ITEM(name) \ ++ const ASN1_ITEM * name##_it(void); + +-#endif ++# endif + + /* Parameters used by ASN1_STRING_print_ex() */ + +-/* These determine which characters to escape: +- * RFC2253 special characters, control characters and +- * MSB set characters ++/* ++ * These determine which characters to escape: RFC2253 special characters, ++ * control characters and MSB set characters + */ + +-#define ASN1_STRFLGS_ESC_2253 1 +-#define ASN1_STRFLGS_ESC_CTRL 2 +-#define ASN1_STRFLGS_ESC_MSB 4 +- ++# define ASN1_STRFLGS_ESC_2253 1 ++# define ASN1_STRFLGS_ESC_CTRL 2 ++# define ASN1_STRFLGS_ESC_MSB 4 + +-/* This flag determines how we do escaping: normally +- * RC2253 backslash only, set this to use backslash and +- * quote. ++/* ++ * This flag determines how we do escaping: normally RC2253 backslash only, ++ * set this to use backslash and quote. + */ + +-#define ASN1_STRFLGS_ESC_QUOTE 8 +- ++# define ASN1_STRFLGS_ESC_QUOTE 8 + + /* These three flags are internal use only. */ + + /* Character is a valid PrintableString character */ +-#define CHARTYPE_PRINTABLESTRING 0x10 ++# define CHARTYPE_PRINTABLESTRING 0x10 + /* Character needs escaping if it is the first character */ +-#define CHARTYPE_FIRST_ESC_2253 0x20 ++# define CHARTYPE_FIRST_ESC_2253 0x20 + /* Character needs escaping if it is the last character */ +-#define CHARTYPE_LAST_ESC_2253 0x40 ++# define CHARTYPE_LAST_ESC_2253 0x40 + +-/* NB the internal flags are safely reused below by flags +- * handled at the top level. ++/* ++ * NB the internal flags are safely reused below by flags handled at the top ++ * level. + */ + +-/* If this is set we convert all character strings +- * to UTF8 first ++/* ++ * If this is set we convert all character strings to UTF8 first + */ + +-#define ASN1_STRFLGS_UTF8_CONVERT 0x10 ++# define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +-/* If this is set we don't attempt to interpret content: +- * just assume all strings are 1 byte per character. This +- * will produce some pretty odd looking output! ++/* ++ * If this is set we don't attempt to interpret content: just assume all ++ * strings are 1 byte per character. This will produce some pretty odd ++ * looking output! + */ + +-#define ASN1_STRFLGS_IGNORE_TYPE 0x20 ++# define ASN1_STRFLGS_IGNORE_TYPE 0x20 + + /* If this is set we include the string type in the output */ +-#define ASN1_STRFLGS_SHOW_TYPE 0x40 +- +-/* This determines which strings to display and which to +- * 'dump' (hex dump of content octets or DER encoding). We can +- * only dump non character strings or everything. If we +- * don't dump 'unknown' they are interpreted as character +- * strings with 1 octet per character and are subject to +- * the usual escaping options. ++# define ASN1_STRFLGS_SHOW_TYPE 0x40 ++ ++/* ++ * This determines which strings to display and which to 'dump' (hex dump of ++ * content octets or DER encoding). We can only dump non character strings or ++ * everything. If we don't dump 'unknown' they are interpreted as character ++ * strings with 1 octet per character and are subject to the usual escaping ++ * options. + */ + +-#define ASN1_STRFLGS_DUMP_ALL 0x80 +-#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 ++# define ASN1_STRFLGS_DUMP_ALL 0x80 ++# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +-/* These determine what 'dumping' does, we can dump the +- * content octets or the DER encoding: both use the +- * RFC2253 #XXXXX notation. ++/* ++ * These determine what 'dumping' does, we can dump the content octets or the ++ * DER encoding: both use the RFC2253 #XXXXX notation. + */ + +-#define ASN1_STRFLGS_DUMP_DER 0x200 ++# define ASN1_STRFLGS_DUMP_DER 0x200 + +-/* All the string flags consistent with RFC2253, +- * escaping control characters isn't essential in +- * RFC2253 but it is advisable anyway. ++/* ++ * All the string flags consistent with RFC2253, escaping control characters ++ * isn't essential in RFC2253 but it is advisable anyway. + */ + +-#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ +- ASN1_STRFLGS_ESC_CTRL | \ +- ASN1_STRFLGS_ESC_MSB | \ +- ASN1_STRFLGS_UTF8_CONVERT | \ +- ASN1_STRFLGS_DUMP_UNKNOWN | \ +- ASN1_STRFLGS_DUMP_DER) ++# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ ++ ASN1_STRFLGS_ESC_CTRL | \ ++ ASN1_STRFLGS_ESC_MSB | \ ++ ASN1_STRFLGS_UTF8_CONVERT | \ ++ ASN1_STRFLGS_DUMP_UNKNOWN | \ ++ ASN1_STRFLGS_DUMP_DER) + + DECLARE_STACK_OF(ASN1_INTEGER) + DECLARE_ASN1_SET_OF(ASN1_INTEGER) + + DECLARE_STACK_OF(ASN1_GENERALSTRING) + +-typedef struct asn1_type_st +- { +- int type; +- union { +- char *ptr; +- ASN1_BOOLEAN boolean; +- ASN1_STRING * asn1_string; +- ASN1_OBJECT * object; +- ASN1_INTEGER * integer; +- ASN1_ENUMERATED * enumerated; +- ASN1_BIT_STRING * bit_string; +- ASN1_OCTET_STRING * octet_string; +- ASN1_PRINTABLESTRING * printablestring; +- ASN1_T61STRING * t61string; +- ASN1_IA5STRING * ia5string; +- ASN1_GENERALSTRING * generalstring; +- ASN1_BMPSTRING * bmpstring; +- ASN1_UNIVERSALSTRING * universalstring; +- ASN1_UTCTIME * utctime; +- ASN1_GENERALIZEDTIME * generalizedtime; +- ASN1_VISIBLESTRING * visiblestring; +- ASN1_UTF8STRING * utf8string; +- /* set and sequence are left complete and still +- * contain the set or sequence bytes */ +- ASN1_STRING * set; +- ASN1_STRING * sequence; +- ASN1_VALUE * asn1_value; +- } value; +- } ASN1_TYPE; ++typedef struct asn1_type_st { ++ int type; ++ union { ++ char *ptr; ++ ASN1_BOOLEAN boolean; ++ ASN1_STRING *asn1_string; ++ ASN1_OBJECT *object; ++ ASN1_INTEGER *integer; ++ ASN1_ENUMERATED *enumerated; ++ ASN1_BIT_STRING *bit_string; ++ ASN1_OCTET_STRING *octet_string; ++ ASN1_PRINTABLESTRING *printablestring; ++ ASN1_T61STRING *t61string; ++ ASN1_IA5STRING *ia5string; ++ ASN1_GENERALSTRING *generalstring; ++ ASN1_BMPSTRING *bmpstring; ++ ASN1_UNIVERSALSTRING *universalstring; ++ ASN1_UTCTIME *utctime; ++ ASN1_GENERALIZEDTIME *generalizedtime; ++ ASN1_VISIBLESTRING *visiblestring; ++ ASN1_UTF8STRING *utf8string; ++ /* ++ * set and sequence are left complete and still contain the set or ++ * sequence bytes ++ */ ++ ASN1_STRING *set; ++ ASN1_STRING *sequence; ++ ASN1_VALUE *asn1_value; ++ } value; ++} ASN1_TYPE; + + DECLARE_STACK_OF(ASN1_TYPE) + DECLARE_ASN1_SET_OF(ASN1_TYPE) + +-typedef struct asn1_method_st +- { +- i2d_of_void *i2d; +- d2i_of_void *d2i; +- void *(*create)(void); +- void (*destroy)(void *); +- } ASN1_METHOD; ++typedef struct asn1_method_st { ++ i2d_of_void *i2d; ++ d2i_of_void *d2i; ++ void *(*create) (void); ++ void (*destroy) (void *); ++} ASN1_METHOD; + + /* This is used when parsing some Netscape objects */ +-typedef struct asn1_header_st +- { +- ASN1_OCTET_STRING *header; +- void *data; +- ASN1_METHOD *meth; +- } ASN1_HEADER; ++typedef struct asn1_header_st { ++ ASN1_OCTET_STRING *header; ++ void *data; ++ ASN1_METHOD *meth; ++} ASN1_HEADER; + + /* This is used to contain a list of bit names */ + typedef struct BIT_STRING_BITNAME_st { +- int bitnum; +- const char *lname; +- const char *sname; ++ int bitnum; ++ const char *lname; ++ const char *sname; + } BIT_STRING_BITNAME; + +- +-#define M_ASN1_STRING_length(x) ((x)->length) +-#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) +-#define M_ASN1_STRING_type(x) ((x)->type) +-#define M_ASN1_STRING_data(x) ((x)->data) ++# define M_ASN1_STRING_length(x) ((x)->length) ++# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) ++# define M_ASN1_STRING_type(x) ((x)->type) ++# define M_ASN1_STRING_data(x) ((x)->data) + + /* Macros for string operations */ +-#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ +- ASN1_STRING_type_new(V_ASN1_BIT_STRING) +-#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ +- ASN1_STRING_dup((ASN1_STRING *)a) +-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) +-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) +- +-#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ +- ASN1_STRING_type_new(V_ASN1_INTEGER) +-#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) +-#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) +- +-#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ +- ASN1_STRING_type_new(V_ASN1_ENUMERATED) +-#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) +-#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) +- +-#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ +- ASN1_STRING_type_new(V_ASN1_OCTET_STRING) +-#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ +- ASN1_STRING_dup((ASN1_STRING *)a) +-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ +- (ASN1_STRING *)a,(ASN1_STRING *)b) +-#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) +-#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) +-#define M_i2d_ASN1_OCTET_STRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ +- V_ASN1_UNIVERSAL) +- +-#define B_ASN1_TIME \ +- B_ASN1_UTCTIME | \ +- B_ASN1_GENERALIZEDTIME +- +-#define B_ASN1_PRINTABLE \ +- B_ASN1_NUMERICSTRING| \ +- B_ASN1_PRINTABLESTRING| \ +- B_ASN1_T61STRING| \ +- B_ASN1_IA5STRING| \ +- B_ASN1_BIT_STRING| \ +- B_ASN1_UNIVERSALSTRING|\ +- B_ASN1_BMPSTRING|\ +- B_ASN1_UTF8STRING|\ +- B_ASN1_SEQUENCE|\ +- B_ASN1_UNKNOWN +- +-#define B_ASN1_DIRECTORYSTRING \ +- B_ASN1_PRINTABLESTRING| \ +- B_ASN1_TELETEXSTRING|\ +- B_ASN1_BMPSTRING|\ +- B_ASN1_UNIVERSALSTRING|\ +- B_ASN1_UTF8STRING +- +-#define B_ASN1_DISPLAYTEXT \ +- B_ASN1_IA5STRING| \ +- B_ASN1_VISIBLESTRING| \ +- B_ASN1_BMPSTRING|\ +- B_ASN1_UTF8STRING +- +-#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) +-#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ +- pp,a->type,V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \ +- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ +- B_ASN1_PRINTABLE) +- +-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +-#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ +- pp,a->type,V_ASN1_UNIVERSAL) +-#define M_d2i_DIRECTORYSTRING(a,pp,l) \ +- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ +- B_ASN1_DIRECTORYSTRING) +- +-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ +- pp,a->type,V_ASN1_UNIVERSAL) +-#define M_d2i_DISPLAYTEXT(a,pp,l) \ +- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ +- B_ASN1_DISPLAYTEXT) +- +-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ +- ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) +-#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ +- (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) +- +-#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ +- ASN1_STRING_type_new(V_ASN1_T61STRING) +-#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_T61STRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_T61STRING(a,pp,l) \ +- (ASN1_T61STRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) +- +-#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ +- ASN1_STRING_type_new(V_ASN1_IA5STRING) +-#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_IA5STRING_dup(a) \ +- (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) +-#define M_i2d_ASN1_IA5STRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_IA5STRING(a,pp,l) \ +- (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ +- B_ASN1_IA5STRING) +- +-#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ +- ASN1_STRING_type_new(V_ASN1_UTCTIME) +-#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) +- +-#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ +- ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) +-#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ +- (ASN1_STRING *)a) +- +-#define M_ASN1_TIME_new() (ASN1_TIME *)\ +- ASN1_STRING_type_new(V_ASN1_UTCTIME) +-#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) +- +-#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ +- ASN1_STRING_type_new(V_ASN1_GENERALSTRING) +-#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_GENERALSTRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ +- (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) +- +-#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ +- ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) +-#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ +- (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) +- +-#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ +- ASN1_STRING_type_new(V_ASN1_BMPSTRING) +-#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_BMPSTRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \ +- (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) +- +-#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ +- ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) +-#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ +- (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) +- +-#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ +- ASN1_STRING_type_new(V_ASN1_UTF8STRING) +-#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) +-#define M_i2d_ASN1_UTF8STRING(a,pp) \ +- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ +- V_ASN1_UNIVERSAL) +-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \ +- (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ +- ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) ++# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_BIT_STRING) ++# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ ++ ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ ++ (ASN1_STRING *)a,(ASN1_STRING *)b) ++# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) ++ ++# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ ++ ASN1_STRING_type_new(V_ASN1_INTEGER) ++# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ ++ (ASN1_STRING *)a,(ASN1_STRING *)b) ++ ++# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ ++ ASN1_STRING_type_new(V_ASN1_ENUMERATED) ++# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ ++ (ASN1_STRING *)a,(ASN1_STRING *)b) ++ ++# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_OCTET_STRING) ++# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ ++ ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ ++ (ASN1_STRING *)a,(ASN1_STRING *)b) ++# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) ++# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) ++# define M_i2d_ASN1_OCTET_STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ ++ V_ASN1_UNIVERSAL) ++ ++# define B_ASN1_TIME \ ++ B_ASN1_UTCTIME | \ ++ B_ASN1_GENERALIZEDTIME ++ ++# define B_ASN1_PRINTABLE \ ++ B_ASN1_NUMERICSTRING| \ ++ B_ASN1_PRINTABLESTRING| \ ++ B_ASN1_T61STRING| \ ++ B_ASN1_IA5STRING| \ ++ B_ASN1_BIT_STRING| \ ++ B_ASN1_UNIVERSALSTRING|\ ++ B_ASN1_BMPSTRING|\ ++ B_ASN1_UTF8STRING|\ ++ B_ASN1_SEQUENCE|\ ++ B_ASN1_UNKNOWN ++ ++# define B_ASN1_DIRECTORYSTRING \ ++ B_ASN1_PRINTABLESTRING| \ ++ B_ASN1_TELETEXSTRING|\ ++ B_ASN1_BMPSTRING|\ ++ B_ASN1_UNIVERSALSTRING|\ ++ B_ASN1_UTF8STRING ++ ++# define B_ASN1_DISPLAYTEXT \ ++ B_ASN1_IA5STRING| \ ++ B_ASN1_VISIBLESTRING| \ ++ B_ASN1_BMPSTRING|\ ++ B_ASN1_UTF8STRING ++ ++# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) ++# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ ++ pp,a->type,V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_PRINTABLE(a,pp,l) \ ++ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ ++ B_ASN1_PRINTABLE) ++ ++# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) ++# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ ++ pp,a->type,V_ASN1_UNIVERSAL) ++# define M_d2i_DIRECTORYSTRING(a,pp,l) \ ++ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ ++ B_ASN1_DIRECTORYSTRING) ++ ++# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) ++# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ ++ pp,a->type,V_ASN1_UNIVERSAL) ++# define M_d2i_DISPLAYTEXT(a,pp,l) \ ++ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ ++ B_ASN1_DISPLAYTEXT) ++ ++# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) ++# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ ++ (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) ++ ++# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_T61STRING) ++# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_T61STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_T61STRING(a,pp,l) \ ++ (ASN1_T61STRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) ++ ++# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_IA5STRING) ++# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_IA5STRING_dup(a) \ ++ (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) ++# define M_i2d_ASN1_IA5STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_IA5STRING(a,pp,l) \ ++ (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ ++ B_ASN1_IA5STRING) ++ ++# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ ++ ASN1_STRING_type_new(V_ASN1_UTCTIME) ++# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) ++ ++# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ ++ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) ++# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ ++ (ASN1_STRING *)a) ++ ++# define M_ASN1_TIME_new() (ASN1_TIME *)\ ++ ASN1_STRING_type_new(V_ASN1_UTCTIME) ++# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) ++ ++# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_GENERALSTRING) ++# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_GENERALSTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ ++ (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) ++ ++# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) ++# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ ++ (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) ++ ++# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_BMPSTRING) ++# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_BMPSTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_BMPSTRING(a,pp,l) \ ++ (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) ++ ++# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) ++# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_VISIBLESTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ ++ (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) ++ ++# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_UTF8STRING) ++# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_UTF8STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_UTF8STRING(a,pp,l) \ ++ (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) + + /* for the is_set parameter to i2d_ASN1_SET */ +-#define IS_SEQUENCE 0 +-#define IS_SET 1 ++# define IS_SEQUENCE 0 ++# define IS_SET 1 + + DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + + int ASN1_TYPE_get(ASN1_TYPE *a); + void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); + int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); ++int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +-ASN1_OBJECT * ASN1_OBJECT_new(void ); +-void ASN1_OBJECT_free(ASN1_OBJECT *a); +-int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); +-ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, +- long length); +-ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp, +- long length); ++ASN1_OBJECT *ASN1_OBJECT_new(void); ++void ASN1_OBJECT_free(ASN1_OBJECT *a); ++int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); ++ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ++ long length); ++ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ++ long length); + + DECLARE_ASN1_ITEM(ASN1_OBJECT) + + DECLARE_STACK_OF(ASN1_OBJECT) + DECLARE_ASN1_SET_OF(ASN1_OBJECT) + +-ASN1_STRING * ASN1_STRING_new(void); +-void ASN1_STRING_free(ASN1_STRING *a); +-ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +-ASN1_STRING * ASN1_STRING_type_new(int type ); +-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +- /* Since this is used to store all sorts of things, via macros, for now, make +- its data void * */ +-int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); ++ASN1_STRING *ASN1_STRING_new(void); ++void ASN1_STRING_free(ASN1_STRING *a); ++ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a); ++ASN1_STRING *ASN1_STRING_type_new(int type); ++int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); ++ /* ++ * Since this is used to store all sorts of things, via macros, for now, ++ * make its data void * ++ */ ++int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); ++void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); + int ASN1_STRING_length(ASN1_STRING *x); + void ASN1_STRING_length_set(ASN1_STRING *x, int n); + int ASN1_STRING_type(ASN1_STRING *x); +-unsigned char * ASN1_STRING_data(ASN1_STRING *x); ++unsigned char *ASN1_STRING_data(ASN1_STRING *x); + + DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) +-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); +-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp, +- long length); +-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, +- int length ); +-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +- +-#ifndef OPENSSL_NO_BIO ++int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); ++ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, ++ const unsigned char **pp, long length); ++int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); ++int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); ++int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); ++ ++# ifndef OPENSSL_NO_BIO + int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, +- BIT_STRING_BITNAME *tbl, int indent); +-#endif ++ BIT_STRING_BITNAME *tbl, int indent); ++# endif + int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); + int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, +- BIT_STRING_BITNAME *tbl); ++ BIT_STRING_BITNAME *tbl); + +-int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); +-int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length); ++int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); ++int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); + + DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) +-int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); +-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp, +- long length); +-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp, +- long length); +-ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); ++int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); ++ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, ++ long length); ++ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, ++ long length); ++ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x); + int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); + + DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) + + int ASN1_UTCTIME_check(ASN1_UTCTIME *a); +-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); ++ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); + int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); + int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +-#if 0 ++# if 0 + time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); +-#endif ++# endif + + int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); +-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); ++ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, ++ time_t t); + int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + + DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +-ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); +-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); +-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len); ++ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); ++int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); ++int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, ++ int len); + + DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) + DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +@@ -868,40 +872,41 @@ DECLARE_ASN1_FUNCTIONS(ASN1_TIME) + + DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + +-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); ++ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); + int ASN1_TIME_check(ASN1_TIME *t); +-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); ++ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME ++ **out); + +-int i2d_ASN1_SET(STACK *a, unsigned char **pp, +- i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); +-STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length, +- d2i_of_void *d2i, void (*free_func)(void *), +- int ex_tag, int ex_class); ++int i2d_ASN1_SET(STACK * a, unsigned char **pp, ++ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); ++STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length, ++ d2i_of_void *d2i, void (*free_func) (void *), ++ int ex_tag, int ex_class); + +-#ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_BIO + int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); +-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); ++int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); + int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); +-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); +-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); +-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); ++int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); ++int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); ++int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); + int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); +-#endif +-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); ++# endif ++int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); + +-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); +-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, +- const char *sn, const char *ln); ++int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ++ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, ++ const char *sn, const char *ln); + + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); + long ASN1_INTEGER_get(ASN1_INTEGER *a); + ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); +-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); ++BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn); + + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); + long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); ++BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); + + /* General */ + /* given a string, return the correct type, max is the maximum length */ +@@ -909,11 +914,11 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int max); + + int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); + ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, +- long length, int Ptag, int Pclass); ++ long length, int Ptag, int Pclass); + unsigned long ASN1_tag2bit(int tag); + /* type is one or more of the B_ASN1_ values. */ +-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp, +- long length,int type); ++ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, ++ long length, int type); + + /* PARSING */ + int asn1_Finish(ASN1_CTX *c); +@@ -921,101 +926,103 @@ int asn1_const_Finish(ASN1_const_CTX *c); + + /* SPECIALS */ + int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, +- int *pclass, long omax); +-int ASN1_check_infinite_end(unsigned char **p,long len); +-int ASN1_const_check_infinite_end(const unsigned char **p,long len); ++ int *pclass, long omax); ++int ASN1_check_infinite_end(unsigned char **p, long len); ++int ASN1_const_check_infinite_end(const unsigned char **p, long len); + void ASN1_put_object(unsigned char **pp, int constructed, int length, +- int tag, int xclass); ++ int tag, int xclass); + int ASN1_put_eoc(unsigned char **pp); + int ASN1_object_size(int constructed, int length, int tag); + + /* Used to implement other functions */ + void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x); + +-#define ASN1_dup_of(type,i2d,d2i,x) \ ++# define ASN1_dup_of(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \ +- CHECKED_D2I_OF(type, d2i), \ +- CHECKED_PTR_OF_TO_CHAR(type, x))) ++ CHECKED_D2I_OF(type, d2i), \ ++ CHECKED_PTR_OF_TO_CHAR(type, x))) + +-#define ASN1_dup_of_const(type,i2d,d2i,x) \ ++# define ASN1_dup_of_const(type,i2d,d2i,x) \ + ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \ +- CHECKED_D2I_OF(type, d2i), \ +- CHECKED_PTR_OF_TO_CHAR(const type, x))) ++ CHECKED_D2I_OF(type, d2i), \ ++ CHECKED_PTR_OF_TO_CHAR(const type, x))) + + void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + + /* ASN1 alloc/free macros for when a type is only used internally */ + +-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) +-#define M_ASN1_free_of(x, type) \ +- ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) ++# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type)) ++# define M_ASN1_free_of(x, type) \ ++ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +-#ifndef OPENSSL_NO_FP_API +-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); ++# ifndef OPENSSL_NO_FP_API ++void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + +-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ ++# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ +- CHECKED_D2I_OF(type, d2i), \ +- in, \ +- CHECKED_PPTR_OF(type, x))) ++ CHECKED_D2I_OF(type, d2i), \ ++ in, \ ++ CHECKED_PPTR_OF(type, x))) + + void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x); ++int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +-#define ASN1_i2d_fp_of(type,i2d,out,x) \ ++# define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ +- out, \ +- CHECKED_PTR_OF(type, x))) ++ out, \ ++ CHECKED_PTR_OF(type, x))) + +-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \ ++# define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ +- out, \ +- CHECKED_PTR_OF(const type, x))) ++ out, \ ++ CHECKED_PTR_OF(const type, x))) + + int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); + int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +-#endif ++# endif + + int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); + +-#ifndef OPENSSL_NO_BIO +-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); ++# ifndef OPENSSL_NO_BIO ++void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + +-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ ++# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ +- CHECKED_D2I_OF(type, d2i), \ +- in, \ +- CHECKED_PPTR_OF(type, x))) ++ CHECKED_D2I_OF(type, d2i), \ ++ in, \ ++ CHECKED_PPTR_OF(type, x))) + + void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x); ++int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +-#define ASN1_i2d_bio_of(type,i2d,out,x) \ ++# define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ +- out, \ +- CHECKED_PTR_OF(type, x))) ++ out, \ ++ CHECKED_PTR_OF(type, x))) + +-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \ ++# define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ +- out, \ +- CHECKED_PTR_OF(const type, x))) ++ out, \ ++ CHECKED_PTR_OF(const type, x))) + + int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); +-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); +-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); +-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); ++int ASN1_UTCTIME_print(BIO *fp, ASN1_UTCTIME *a); ++int ASN1_GENERALIZEDTIME_print(BIO *fp, ASN1_GENERALIZEDTIME *a); ++int ASN1_TIME_print(BIO *fp, ASN1_TIME *a); ++int ASN1_STRING_print(BIO *bp, ASN1_STRING *v); + int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent); +-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump); +-#endif ++int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); ++int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, ++ int dump); ++# endif + const char *ASN1_tag2str(int tag); + + /* Used to load and write netscape format cert/key */ +-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); +-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length); +-ASN1_HEADER *ASN1_HEADER_new(void ); +-void ASN1_HEADER_free(ASN1_HEADER *a); ++int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp); ++ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, ++ long length); ++ASN1_HEADER *ASN1_HEADER_new(void); ++void ASN1_HEADER_free(ASN1_HEADER * a); + + int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +@@ -1025,42 +1032,42 @@ ASN1_METHOD *RSAPrivateKey_asn1_meth(void); + ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); + ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); + +-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, +- unsigned char *data, int len); +-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, +- unsigned char *data, int max_len); ++int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); ++int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); + int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, +- unsigned char *data, int len); +-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, +- unsigned char *data, int max_len); ++ unsigned char *data, int len); ++int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, ++ unsigned char *data, int max_len); + + STACK *ASN1_seq_unpack(const unsigned char *buf, int len, +- d2i_of_void *d2i, void (*free_func)(void *)); +-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, +- unsigned char **buf, int *len ); ++ d2i_of_void *d2i, void (*free_func) (void *)); ++unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, ++ unsigned char **buf, int *len); + void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); + void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); + ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, +- ASN1_OCTET_STRING **oct); ++ ASN1_OCTET_STRING **oct); + +-#define ASN1_pack_string_of(type,obj,i2d,oct) \ ++# define ASN1_pack_string_of(type,obj,i2d,oct) \ + (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ +- CHECKED_I2D_OF(type, i2d), \ +- oct)) ++ CHECKED_I2D_OF(type, i2d), \ ++ oct)) + +-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); ++ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ++ ASN1_OCTET_STRING **oct); + + void ASN1_STRING_set_default_mask(unsigned long mask); + int ASN1_STRING_set_default_mask_asc(const char *p); + unsigned long ASN1_STRING_get_default_mask(void); + int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, +- int inform, unsigned long mask); ++ int inform, unsigned long mask); + int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, +- int inform, unsigned long mask, +- long minsize, long maxsize); ++ int inform, unsigned long mask, ++ long minsize, long maxsize); + +-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, +- const unsigned char *in, int inlen, int inform, int nid); ++ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, ++ const unsigned char *in, int inlen, ++ int inform, int nid); + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); + int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); + void ASN1_STRING_TABLE_cleanup(void); +@@ -1070,27 +1077,29 @@ void ASN1_STRING_TABLE_cleanup(void); + /* Old API compatible functions */ + ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); + void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it); ++ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, ++ long len, const ASN1_ITEM *it); + int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); ++int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, ++ const ASN1_ITEM *it); + + void ASN1_add_oid_module(void); + + ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); + ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); + +-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags, +- const ASN1_ITEM *it); ++typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, ++ int flags, const ASN1_ITEM *it); + + int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, +- int ctype_nid, int econt_nid, +- STACK_OF(X509_ALGOR) *mdalgs, +- asn1_output_data_fn *data_fn, +- const ASN1_ITEM *it); ++ int ctype_nid, int econt_nid, ++ STACK_OF(X509_ALGOR) *mdalgs, ++ asn1_output_data_fn * data_fn, const ASN1_ITEM *it); + ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_ASN1_strings(void); +@@ -1098,233 +1107,235 @@ void ERR_load_ASN1_strings(void); + /* Error codes for the ASN1 functions. */ + + /* Function codes. */ +-#define ASN1_F_A2D_ASN1_OBJECT 100 +-#define ASN1_F_A2I_ASN1_ENUMERATED 101 +-#define ASN1_F_A2I_ASN1_INTEGER 102 +-#define ASN1_F_A2I_ASN1_STRING 103 +-#define ASN1_F_APPEND_EXP 176 +-#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +-#define ASN1_F_ASN1_CB 177 +-#define ASN1_F_ASN1_CHECK_TLEN 104 +-#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 +-#define ASN1_F_ASN1_COLLECT 106 +-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +-#define ASN1_F_ASN1_D2I_FP 109 +-#define ASN1_F_ASN1_D2I_READ_BIO 107 +-#define ASN1_F_ASN1_DIGEST 184 +-#define ASN1_F_ASN1_DO_ADB 110 +-#define ASN1_F_ASN1_DUP 111 +-#define ASN1_F_ASN1_ENUMERATED_SET 112 +-#define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +-#define ASN1_F_ASN1_EX_C2I 204 +-#define ASN1_F_ASN1_FIND_END 190 +-#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 +-#define ASN1_F_ASN1_GENERATE_V3 178 +-#define ASN1_F_ASN1_GET_OBJECT 114 +-#define ASN1_F_ASN1_HEADER_NEW 115 +-#define ASN1_F_ASN1_I2D_BIO 116 +-#define ASN1_F_ASN1_I2D_FP 117 +-#define ASN1_F_ASN1_INTEGER_SET 118 +-#define ASN1_F_ASN1_INTEGER_TO_BN 119 +-#define ASN1_F_ASN1_ITEM_D2I_FP 206 +-#define ASN1_F_ASN1_ITEM_DUP 191 +-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 +-#define ASN1_F_ASN1_ITEM_EX_D2I 120 +-#define ASN1_F_ASN1_ITEM_I2D_BIO 192 +-#define ASN1_F_ASN1_ITEM_I2D_FP 193 +-#define ASN1_F_ASN1_ITEM_PACK 198 +-#define ASN1_F_ASN1_ITEM_SIGN 195 +-#define ASN1_F_ASN1_ITEM_UNPACK 199 +-#define ASN1_F_ASN1_ITEM_VERIFY 197 +-#define ASN1_F_ASN1_MBSTRING_NCOPY 122 +-#define ASN1_F_ASN1_OBJECT_NEW 123 +-#define ASN1_F_ASN1_OUTPUT_DATA 207 +-#define ASN1_F_ASN1_PACK_STRING 124 +-#define ASN1_F_ASN1_PCTX_NEW 205 +-#define ASN1_F_ASN1_PKCS5_PBE_SET 125 +-#define ASN1_F_ASN1_SEQ_PACK 126 +-#define ASN1_F_ASN1_SEQ_UNPACK 127 +-#define ASN1_F_ASN1_SIGN 128 +-#define ASN1_F_ASN1_STR2TYPE 179 +-#define ASN1_F_ASN1_STRING_SET 186 +-#define ASN1_F_ASN1_STRING_TABLE_ADD 129 +-#define ASN1_F_ASN1_STRING_TYPE_NEW 130 +-#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +-#define ASN1_F_ASN1_TEMPLATE_NEW 133 +-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +-#define ASN1_F_ASN1_TIME_SET 175 +-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +-#define ASN1_F_ASN1_UNPACK_STRING 136 +-#define ASN1_F_ASN1_UTCTIME_SET 187 +-#define ASN1_F_ASN1_VERIFY 137 +-#define ASN1_F_B64_READ_ASN1 208 +-#define ASN1_F_B64_WRITE_ASN1 209 +-#define ASN1_F_BITSTR_CB 180 +-#define ASN1_F_BN_TO_ASN1_ENUMERATED 138 +-#define ASN1_F_BN_TO_ASN1_INTEGER 139 +-#define ASN1_F_C2I_ASN1_BIT_STRING 189 +-#define ASN1_F_C2I_ASN1_INTEGER 194 +-#define ASN1_F_C2I_ASN1_OBJECT 196 +-#define ASN1_F_COLLECT_DATA 140 +-#define ASN1_F_D2I_ASN1_BIT_STRING 141 +-#define ASN1_F_D2I_ASN1_BOOLEAN 142 +-#define ASN1_F_D2I_ASN1_BYTES 143 +-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 +-#define ASN1_F_D2I_ASN1_HEADER 145 +-#define ASN1_F_D2I_ASN1_INTEGER 146 +-#define ASN1_F_D2I_ASN1_OBJECT 147 +-#define ASN1_F_D2I_ASN1_SET 148 +-#define ASN1_F_D2I_ASN1_TYPE_BYTES 149 +-#define ASN1_F_D2I_ASN1_UINTEGER 150 +-#define ASN1_F_D2I_ASN1_UTCTIME 151 +-#define ASN1_F_D2I_NETSCAPE_RSA 152 +-#define ASN1_F_D2I_NETSCAPE_RSA_2 153 +-#define ASN1_F_D2I_PRIVATEKEY 154 +-#define ASN1_F_D2I_PUBLICKEY 155 +-#define ASN1_F_D2I_RSA_NET 200 +-#define ASN1_F_D2I_RSA_NET_2 201 +-#define ASN1_F_D2I_X509 156 +-#define ASN1_F_D2I_X509_CINF 157 +-#define ASN1_F_D2I_X509_PKEY 159 +-#define ASN1_F_I2D_ASN1_SET 188 +-#define ASN1_F_I2D_ASN1_TIME 160 +-#define ASN1_F_I2D_DSA_PUBKEY 161 +-#define ASN1_F_I2D_EC_PUBKEY 181 +-#define ASN1_F_I2D_PRIVATEKEY 163 +-#define ASN1_F_I2D_PUBLICKEY 164 +-#define ASN1_F_I2D_RSA_NET 162 +-#define ASN1_F_I2D_RSA_PUBKEY 165 +-#define ASN1_F_LONG_C2I 166 +-#define ASN1_F_OID_MODULE_INIT 174 +-#define ASN1_F_PARSE_TAGGING 182 +-#define ASN1_F_PKCS5_PBE2_SET 167 +-#define ASN1_F_PKCS5_PBE_SET 202 +-#define ASN1_F_SMIME_READ_ASN1 210 +-#define ASN1_F_SMIME_TEXT 211 +-#define ASN1_F_X509_CINF_NEW 168 +-#define ASN1_F_X509_CRL_ADD0_REVOKED 169 +-#define ASN1_F_X509_INFO_NEW 170 +-#define ASN1_F_X509_NAME_ENCODE 203 +-#define ASN1_F_X509_NAME_EX_D2I 158 +-#define ASN1_F_X509_NAME_EX_NEW 171 +-#define ASN1_F_X509_NEW 172 +-#define ASN1_F_X509_PKEY_NEW 173 ++# define ASN1_F_A2D_ASN1_OBJECT 100 ++# define ASN1_F_A2I_ASN1_ENUMERATED 101 ++# define ASN1_F_A2I_ASN1_INTEGER 102 ++# define ASN1_F_A2I_ASN1_STRING 103 ++# define ASN1_F_APPEND_EXP 176 ++# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 ++# define ASN1_F_ASN1_CB 177 ++# define ASN1_F_ASN1_CHECK_TLEN 104 ++# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 ++# define ASN1_F_ASN1_COLLECT 106 ++# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 ++# define ASN1_F_ASN1_D2I_FP 109 ++# define ASN1_F_ASN1_D2I_READ_BIO 107 ++# define ASN1_F_ASN1_DIGEST 184 ++# define ASN1_F_ASN1_DO_ADB 110 ++# define ASN1_F_ASN1_DUP 111 ++# define ASN1_F_ASN1_ENUMERATED_SET 112 ++# define ASN1_F_ASN1_ENUMERATED_TO_BN 113 ++# define ASN1_F_ASN1_EX_C2I 204 ++# define ASN1_F_ASN1_FIND_END 190 ++# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 ++# define ASN1_F_ASN1_GENERATE_V3 178 ++# define ASN1_F_ASN1_GET_OBJECT 114 ++# define ASN1_F_ASN1_HEADER_NEW 115 ++# define ASN1_F_ASN1_I2D_BIO 116 ++# define ASN1_F_ASN1_I2D_FP 117 ++# define ASN1_F_ASN1_INTEGER_SET 118 ++# define ASN1_F_ASN1_INTEGER_TO_BN 119 ++# define ASN1_F_ASN1_ITEM_D2I_FP 206 ++# define ASN1_F_ASN1_ITEM_DUP 191 ++# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 ++# define ASN1_F_ASN1_ITEM_EX_D2I 120 ++# define ASN1_F_ASN1_ITEM_I2D_BIO 192 ++# define ASN1_F_ASN1_ITEM_I2D_FP 193 ++# define ASN1_F_ASN1_ITEM_PACK 198 ++# define ASN1_F_ASN1_ITEM_SIGN 195 ++# define ASN1_F_ASN1_ITEM_UNPACK 199 ++# define ASN1_F_ASN1_ITEM_VERIFY 197 ++# define ASN1_F_ASN1_MBSTRING_NCOPY 122 ++# define ASN1_F_ASN1_OBJECT_NEW 123 ++# define ASN1_F_ASN1_OUTPUT_DATA 207 ++# define ASN1_F_ASN1_PACK_STRING 124 ++# define ASN1_F_ASN1_PCTX_NEW 205 ++# define ASN1_F_ASN1_PKCS5_PBE_SET 125 ++# define ASN1_F_ASN1_SEQ_PACK 126 ++# define ASN1_F_ASN1_SEQ_UNPACK 127 ++# define ASN1_F_ASN1_SIGN 128 ++# define ASN1_F_ASN1_STR2TYPE 179 ++# define ASN1_F_ASN1_STRING_SET 186 ++# define ASN1_F_ASN1_STRING_TABLE_ADD 129 ++# define ASN1_F_ASN1_STRING_TYPE_NEW 130 ++# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 ++# define ASN1_F_ASN1_TEMPLATE_NEW 133 ++# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 ++# define ASN1_F_ASN1_TIME_SET 175 ++# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 ++# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 ++# define ASN1_F_ASN1_UNPACK_STRING 136 ++# define ASN1_F_ASN1_UTCTIME_SET 187 ++# define ASN1_F_ASN1_VERIFY 137 ++# define ASN1_F_B64_READ_ASN1 208 ++# define ASN1_F_B64_WRITE_ASN1 209 ++# define ASN1_F_BITSTR_CB 180 ++# define ASN1_F_BN_TO_ASN1_ENUMERATED 138 ++# define ASN1_F_BN_TO_ASN1_INTEGER 139 ++# define ASN1_F_C2I_ASN1_BIT_STRING 189 ++# define ASN1_F_C2I_ASN1_INTEGER 194 ++# define ASN1_F_C2I_ASN1_OBJECT 196 ++# define ASN1_F_COLLECT_DATA 140 ++# define ASN1_F_D2I_ASN1_BIT_STRING 141 ++# define ASN1_F_D2I_ASN1_BOOLEAN 142 ++# define ASN1_F_D2I_ASN1_BYTES 143 ++# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 ++# define ASN1_F_D2I_ASN1_HEADER 145 ++# define ASN1_F_D2I_ASN1_INTEGER 146 ++# define ASN1_F_D2I_ASN1_OBJECT 147 ++# define ASN1_F_D2I_ASN1_SET 148 ++# define ASN1_F_D2I_ASN1_TYPE_BYTES 149 ++# define ASN1_F_D2I_ASN1_UINTEGER 150 ++# define ASN1_F_D2I_ASN1_UTCTIME 151 ++# define ASN1_F_D2I_NETSCAPE_RSA 152 ++# define ASN1_F_D2I_NETSCAPE_RSA_2 153 ++# define ASN1_F_D2I_PRIVATEKEY 154 ++# define ASN1_F_D2I_PUBLICKEY 155 ++# define ASN1_F_D2I_RSA_NET 200 ++# define ASN1_F_D2I_RSA_NET_2 201 ++# define ASN1_F_D2I_X509 156 ++# define ASN1_F_D2I_X509_CINF 157 ++# define ASN1_F_D2I_X509_PKEY 159 ++# define ASN1_F_I2D_ASN1_SET 188 ++# define ASN1_F_I2D_ASN1_TIME 160 ++# define ASN1_F_I2D_DSA_PUBKEY 161 ++# define ASN1_F_I2D_EC_PUBKEY 181 ++# define ASN1_F_I2D_PRIVATEKEY 163 ++# define ASN1_F_I2D_PUBLICKEY 164 ++# define ASN1_F_I2D_RSA_NET 162 ++# define ASN1_F_I2D_RSA_PUBKEY 165 ++# define ASN1_F_LONG_C2I 166 ++# define ASN1_F_OID_MODULE_INIT 174 ++# define ASN1_F_PARSE_TAGGING 182 ++# define ASN1_F_PKCS5_PBE2_SET 167 ++# define ASN1_F_PKCS5_PBE_SET 202 ++# define ASN1_F_SMIME_READ_ASN1 210 ++# define ASN1_F_SMIME_TEXT 211 ++# define ASN1_F_X509_CINF_NEW 168 ++# define ASN1_F_X509_CRL_ADD0_REVOKED 169 ++# define ASN1_F_X509_INFO_NEW 170 ++# define ASN1_F_X509_NAME_ENCODE 203 ++# define ASN1_F_X509_NAME_EX_D2I 158 ++# define ASN1_F_X509_NAME_EX_NEW 171 ++# define ASN1_F_X509_NEW 172 ++# define ASN1_F_X509_PKEY_NEW 173 + + /* Reason codes. */ +-#define ASN1_R_ADDING_OBJECT 171 +-#define ASN1_R_ASN1_PARSE_ERROR 198 +-#define ASN1_R_ASN1_SIG_PARSE_ERROR 199 +-#define ASN1_R_AUX_ERROR 100 +-#define ASN1_R_BAD_CLASS 101 +-#define ASN1_R_BAD_OBJECT_HEADER 102 +-#define ASN1_R_BAD_PASSWORD_READ 103 +-#define ASN1_R_BAD_TAG 104 +-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 +-#define ASN1_R_BN_LIB 105 +-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +-#define ASN1_R_BUFFER_TOO_SMALL 107 +-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +-#define ASN1_R_DATA_IS_WRONG 109 +-#define ASN1_R_DECODE_ERROR 110 +-#define ASN1_R_DECODING_ERROR 111 +-#define ASN1_R_DEPTH_EXCEEDED 174 +-#define ASN1_R_ENCODE_ERROR 112 +-#define ASN1_R_ERROR_GETTING_TIME 173 +-#define ASN1_R_ERROR_LOADING_SECTION 172 +-#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 +-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +-#define ASN1_R_EXPECTING_AN_INTEGER 115 +-#define ASN1_R_EXPECTING_AN_OBJECT 116 +-#define ASN1_R_EXPECTING_A_BOOLEAN 117 +-#define ASN1_R_EXPECTING_A_TIME 118 +-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +-#define ASN1_R_FIELD_MISSING 121 +-#define ASN1_R_FIRST_NUM_TOO_LARGE 122 +-#define ASN1_R_HEADER_TOO_LONG 123 +-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +-#define ASN1_R_ILLEGAL_BOOLEAN 176 +-#define ASN1_R_ILLEGAL_CHARACTERS 124 +-#define ASN1_R_ILLEGAL_FORMAT 177 +-#define ASN1_R_ILLEGAL_HEX 178 +-#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +-#define ASN1_R_ILLEGAL_INTEGER 180 +-#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +-#define ASN1_R_ILLEGAL_NULL 125 +-#define ASN1_R_ILLEGAL_NULL_VALUE 182 +-#define ASN1_R_ILLEGAL_OBJECT 183 +-#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +-#define ASN1_R_ILLEGAL_TAGGED_ANY 127 +-#define ASN1_R_ILLEGAL_TIME_VALUE 184 +-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +-#define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +-#define ASN1_R_INVALID_DIGIT 130 +-#define ASN1_R_INVALID_MIME_TYPE 200 +-#define ASN1_R_INVALID_MODIFIER 186 +-#define ASN1_R_INVALID_NUMBER 187 +-#define ASN1_R_INVALID_OBJECT_ENCODING 212 +-#define ASN1_R_INVALID_SEPARATOR 131 +-#define ASN1_R_INVALID_TIME_FORMAT 132 +-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +-#define ASN1_R_INVALID_UTF8STRING 134 +-#define ASN1_R_IV_TOO_LARGE 135 +-#define ASN1_R_LENGTH_ERROR 136 +-#define ASN1_R_LIST_ERROR 188 +-#define ASN1_R_MIME_NO_CONTENT_TYPE 201 +-#define ASN1_R_MIME_PARSE_ERROR 202 +-#define ASN1_R_MIME_SIG_PARSE_ERROR 203 +-#define ASN1_R_MISSING_EOC 137 +-#define ASN1_R_MISSING_SECOND_NUMBER 138 +-#define ASN1_R_MISSING_VALUE 189 +-#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +-#define ASN1_R_MSTRING_WRONG_TAG 140 +-#define ASN1_R_NESTED_ASN1_STRING 197 +-#define ASN1_R_NON_HEX_CHARACTERS 141 +-#define ASN1_R_NOT_ASCII_FORMAT 190 +-#define ASN1_R_NOT_ENOUGH_DATA 142 +-#define ASN1_R_NO_CONTENT_TYPE 204 +-#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +-#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 +-#define ASN1_R_NO_MULTIPART_BOUNDARY 206 +-#define ASN1_R_NO_SIG_CONTENT_TYPE 207 +-#define ASN1_R_NULL_IS_WRONG_LENGTH 144 +-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +-#define ASN1_R_ODD_NUMBER_OF_CHARS 145 +-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 +-#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +-#define ASN1_R_SHORT_LINE 150 +-#define ASN1_R_SIG_INVALID_MIME_TYPE 208 +-#define ASN1_R_STREAMING_NOT_SUPPORTED 209 +-#define ASN1_R_STRING_TOO_LONG 151 +-#define ASN1_R_STRING_TOO_SHORT 152 +-#define ASN1_R_TAG_VALUE_TOO_HIGH 153 +-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +-#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +-#define ASN1_R_TOO_LONG 155 +-#define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 +-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 +-#define ASN1_R_UNEXPECTED_EOC 159 +-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 +-#define ASN1_R_UNKNOWN_FORMAT 160 +-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +-#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +-#define ASN1_R_UNKNOWN_TAG 194 +-#define ASN1_R_UNKOWN_FORMAT 195 +-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +-#define ASN1_R_UNSUPPORTED_CIPHER 165 +-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 +-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +-#define ASN1_R_UNSUPPORTED_TYPE 196 +-#define ASN1_R_WRONG_TAG 168 +-#define ASN1_R_WRONG_TYPE 169 ++# define ASN1_R_ADDING_OBJECT 171 ++# define ASN1_R_ASN1_PARSE_ERROR 198 ++# define ASN1_R_ASN1_SIG_PARSE_ERROR 199 ++# define ASN1_R_AUX_ERROR 100 ++# define ASN1_R_BAD_CLASS 101 ++# define ASN1_R_BAD_OBJECT_HEADER 102 ++# define ASN1_R_BAD_PASSWORD_READ 103 ++# define ASN1_R_BAD_TAG 104 ++# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210 ++# define ASN1_R_BN_LIB 105 ++# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 ++# define ASN1_R_BUFFER_TOO_SMALL 107 ++# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 ++# define ASN1_R_DATA_IS_WRONG 109 ++# define ASN1_R_DECODE_ERROR 110 ++# define ASN1_R_DECODING_ERROR 111 ++# define ASN1_R_DEPTH_EXCEEDED 174 ++# define ASN1_R_ENCODE_ERROR 112 ++# define ASN1_R_ERROR_GETTING_TIME 173 ++# define ASN1_R_ERROR_LOADING_SECTION 172 ++# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 ++# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 ++# define ASN1_R_EXPECTING_AN_INTEGER 115 ++# define ASN1_R_EXPECTING_AN_OBJECT 116 ++# define ASN1_R_EXPECTING_A_BOOLEAN 117 ++# define ASN1_R_EXPECTING_A_TIME 118 ++# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 ++# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 ++# define ASN1_R_FIELD_MISSING 121 ++# define ASN1_R_FIRST_NUM_TOO_LARGE 122 ++# define ASN1_R_HEADER_TOO_LONG 123 ++# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 ++# define ASN1_R_ILLEGAL_BOOLEAN 176 ++# define ASN1_R_ILLEGAL_CHARACTERS 124 ++# define ASN1_R_ILLEGAL_FORMAT 177 ++# define ASN1_R_ILLEGAL_HEX 178 ++# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 ++# define ASN1_R_ILLEGAL_INTEGER 180 ++# define ASN1_R_ILLEGAL_NESTED_TAGGING 181 ++# define ASN1_R_ILLEGAL_NULL 125 ++# define ASN1_R_ILLEGAL_NULL_VALUE 182 ++# define ASN1_R_ILLEGAL_OBJECT 183 ++# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 ++# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 ++# define ASN1_R_ILLEGAL_TAGGED_ANY 127 ++# define ASN1_R_ILLEGAL_TIME_VALUE 184 ++# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 ++# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 ++# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 ++# define ASN1_R_INVALID_BMPSTRING_LENGTH 129 ++# define ASN1_R_INVALID_DIGIT 130 ++# define ASN1_R_INVALID_MIME_TYPE 200 ++# define ASN1_R_INVALID_MODIFIER 186 ++# define ASN1_R_INVALID_NUMBER 187 ++# define ASN1_R_INVALID_OBJECT_ENCODING 212 ++# define ASN1_R_INVALID_SEPARATOR 131 ++# define ASN1_R_INVALID_TIME_FORMAT 132 ++# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 ++# define ASN1_R_INVALID_UTF8STRING 134 ++# define ASN1_R_IV_TOO_LARGE 135 ++# define ASN1_R_LENGTH_ERROR 136 ++# define ASN1_R_LIST_ERROR 188 ++# define ASN1_R_MIME_NO_CONTENT_TYPE 201 ++# define ASN1_R_MIME_PARSE_ERROR 202 ++# define ASN1_R_MIME_SIG_PARSE_ERROR 203 ++# define ASN1_R_MISSING_EOC 137 ++# define ASN1_R_MISSING_SECOND_NUMBER 138 ++# define ASN1_R_MISSING_VALUE 189 ++# define ASN1_R_MSTRING_NOT_UNIVERSAL 139 ++# define ASN1_R_MSTRING_WRONG_TAG 140 ++# define ASN1_R_NESTED_ASN1_STRING 197 ++# define ASN1_R_NON_HEX_CHARACTERS 141 ++# define ASN1_R_NOT_ASCII_FORMAT 190 ++# define ASN1_R_NOT_ENOUGH_DATA 142 ++# define ASN1_R_NO_CONTENT_TYPE 204 ++# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 ++# define ASN1_R_NO_MULTIPART_BODY_FAILURE 205 ++# define ASN1_R_NO_MULTIPART_BOUNDARY 206 ++# define ASN1_R_NO_SIG_CONTENT_TYPE 207 ++# define ASN1_R_NULL_IS_WRONG_LENGTH 144 ++# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 ++# define ASN1_R_ODD_NUMBER_OF_CHARS 145 ++# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 ++# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 ++# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 ++# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 ++# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 ++# define ASN1_R_SHORT_LINE 150 ++# define ASN1_R_SIG_INVALID_MIME_TYPE 208 ++# define ASN1_R_STREAMING_NOT_SUPPORTED 209 ++# define ASN1_R_STRING_TOO_LONG 151 ++# define ASN1_R_STRING_TOO_SHORT 152 ++# define ASN1_R_TAG_VALUE_TOO_HIGH 153 ++# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 ++# define ASN1_R_TIME_NOT_ASCII_FORMAT 193 ++# define ASN1_R_TOO_LONG 155 ++# define ASN1_R_TYPE_NOT_CONSTRUCTED 156 ++# define ASN1_R_TYPE_NOT_PRIMITIVE 218 ++# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 ++# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 ++# define ASN1_R_UNEXPECTED_EOC 159 ++# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211 ++# define ASN1_R_UNKNOWN_FORMAT 160 ++# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 ++# define ASN1_R_UNKNOWN_OBJECT_TYPE 162 ++# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 ++# define ASN1_R_UNKNOWN_TAG 194 ++# define ASN1_R_UNKOWN_FORMAT 195 ++# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 ++# define ASN1_R_UNSUPPORTED_CIPHER 165 ++# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 ++# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 ++# define ASN1_R_UNSUPPORTED_TYPE 196 ++# define ASN1_R_WRONG_TAG 168 ++# define ASN1_R_WRONG_TYPE 169 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/asn1_mac.h b/Cryptlib/Include/openssl/asn1_mac.h +index d958ca6..4aa6af8 100644 +--- a/Cryptlib/Include/openssl/asn1_mac.h ++++ b/Cryptlib/Include/openssl/asn1_mac.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,513 +57,514 @@ + */ + + #ifndef HEADER_ASN1_MAC_H +-#define HEADER_ASN1_MAC_H ++# define HEADER_ASN1_MAC_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifndef ASN1_MAC_ERR_LIB +-#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 +-#endif +- +-#define ASN1_MAC_H_err(f,r,line) \ +- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) +- +-#define M_ASN1_D2I_vars(a,type,func) \ +- ASN1_const_CTX c; \ +- type ret=NULL; \ +- \ +- c.pp=(const unsigned char **)pp; \ +- c.q= *(const unsigned char **)pp; \ +- c.error=ERR_R_NESTED_ASN1_ERROR; \ +- if ((a == NULL) || ((*a) == NULL)) \ +- { if ((ret=(type)func()) == NULL) \ +- { c.line=__LINE__; goto err; } } \ +- else ret=(*a); +- +-#define M_ASN1_D2I_Init() \ +- c.p= *(const unsigned char **)pp; \ +- c.max=(length == 0)?0:(c.p+length); +- +-#define M_ASN1_D2I_Finish_2(a) \ +- if (!asn1_const_Finish(&c)) \ +- { c.line=__LINE__; goto err; } \ +- *(const unsigned char **)pp=c.p; \ +- if (a != NULL) (*a)=ret; \ +- return(ret); +- +-#define M_ASN1_D2I_Finish(a,func,e) \ +- M_ASN1_D2I_Finish_2(a); \ ++# ifndef ASN1_MAC_ERR_LIB ++# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 ++# endif ++ ++# define ASN1_MAC_H_err(f,r,line) \ ++ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) ++ ++# define M_ASN1_D2I_vars(a,type,func) \ ++ ASN1_const_CTX c; \ ++ type ret=NULL; \ ++ \ ++ c.pp=(const unsigned char **)pp; \ ++ c.q= *(const unsigned char **)pp; \ ++ c.error=ERR_R_NESTED_ASN1_ERROR; \ ++ if ((a == NULL) || ((*a) == NULL)) \ ++ { if ((ret=(type)func()) == NULL) \ ++ { c.line=__LINE__; goto err; } } \ ++ else ret=(*a); ++ ++# define M_ASN1_D2I_Init() \ ++ c.p= *(const unsigned char **)pp; \ ++ c.max=(length == 0)?0:(c.p+length); ++ ++# define M_ASN1_D2I_Finish_2(a) \ ++ if (!asn1_const_Finish(&c)) \ ++ { c.line=__LINE__; goto err; } \ ++ *(const unsigned char **)pp=c.p; \ ++ if (a != NULL) (*a)=ret; \ ++ return(ret); ++ ++# define M_ASN1_D2I_Finish(a,func,e) \ ++ M_ASN1_D2I_Finish_2(a); \ + err:\ +- ASN1_MAC_H_err((e),c.error,c.line); \ +- asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ +- return(NULL) +- +-#define M_ASN1_D2I_start_sequence() \ +- if (!asn1_GetSequence(&c,&length)) \ +- { c.line=__LINE__; goto err; } ++ ASN1_MAC_H_err((e),c.error,c.line); \ ++ asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ ++ return(NULL) ++ ++# define M_ASN1_D2I_start_sequence() \ ++ if (!asn1_GetSequence(&c,&length)) \ ++ { c.line=__LINE__; goto err; } + /* Begin reading ASN1 without a surrounding sequence */ +-#define M_ASN1_D2I_begin() \ +- c.slen = length; ++# define M_ASN1_D2I_begin() \ ++ c.slen = length; + + /* End reading ASN1 with no check on length */ +-#define M_ASN1_D2I_Finish_nolen(a, func, e) \ +- *pp=c.p; \ +- if (a != NULL) (*a)=ret; \ +- return(ret); \ ++# define M_ASN1_D2I_Finish_nolen(a, func, e) \ ++ *pp=c.p; \ ++ if (a != NULL) (*a)=ret; \ ++ return(ret); \ + err:\ +- ASN1_MAC_H_err((e),c.error,c.line); \ +- asn1_add_error(*pp,(int)(c.q- *pp)); \ +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ +- return(NULL) ++ ASN1_MAC_H_err((e),c.error,c.line); \ ++ asn1_add_error(*pp,(int)(c.q- *pp)); \ ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ ++ return(NULL) + +-#define M_ASN1_D2I_end_sequence() \ +- (((c.inf&1) == 0)?(c.slen <= 0): \ +- (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) ++# define M_ASN1_D2I_end_sequence() \ ++ (((c.inf&1) == 0)?(c.slen <= 0): \ ++ (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) + + /* Don't use this with d2i_ASN1_BOOLEAN() */ +-#define M_ASN1_D2I_get(b, func) \ +- c.q=c.p; \ +- if (func(&(b),&c.p,c.slen) == NULL) \ +- {c.line=__LINE__; goto err; } \ +- c.slen-=(c.p-c.q); ++# define M_ASN1_D2I_get(b, func) \ ++ c.q=c.p; \ ++ if (func(&(b),&c.p,c.slen) == NULL) \ ++ {c.line=__LINE__; goto err; } \ ++ c.slen-=(c.p-c.q); + + /* Don't use this with d2i_ASN1_BOOLEAN() */ +-#define M_ASN1_D2I_get_x(type,b,func) \ +- c.q=c.p; \ +- if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ +- {c.line=__LINE__; goto err; } \ +- c.slen-=(c.p-c.q); ++# define M_ASN1_D2I_get_x(type,b,func) \ ++ c.q=c.p; \ ++ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ ++ {c.line=__LINE__; goto err; } \ ++ c.slen-=(c.p-c.q); + + /* use this instead () */ +-#define M_ASN1_D2I_get_int(b,func) \ +- c.q=c.p; \ +- if (func(&(b),&c.p,c.slen) < 0) \ +- {c.line=__LINE__; goto err; } \ +- c.slen-=(c.p-c.q); +- +-#define M_ASN1_D2I_get_opt(b,func,type) \ +- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ +- == (V_ASN1_UNIVERSAL|(type)))) \ +- { \ +- M_ASN1_D2I_get(b,func); \ +- } +- +-#define M_ASN1_D2I_get_imp(b,func, type) \ +- M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ +- c.q=c.p; \ +- if (func(&(b),&c.p,c.slen) == NULL) \ +- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ +- c.slen-=(c.p-c.q);\ +- M_ASN1_next_prev=_tmp; +- +-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ +- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ +- (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ +- { \ +- unsigned char _tmp = M_ASN1_next; \ +- M_ASN1_D2I_get_imp(b,func, type);\ +- } +- +-#define M_ASN1_D2I_get_set(r,func,free_func) \ +- M_ASN1_D2I_get_imp_set(r,func,free_func, \ +- V_ASN1_SET,V_ASN1_UNIVERSAL); +- +-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ +- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ +- V_ASN1_SET,V_ASN1_UNIVERSAL); +- +-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \ +- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ +- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ +- { M_ASN1_D2I_get_set(r,func,free_func); } +- +-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ +- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ +- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ +- { M_ASN1_D2I_get_set_type(type,r,func,free_func); } +- +-#define M_ASN1_I2D_len_SET_opt(a,f) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- M_ASN1_I2D_len_SET(a,f); +- +-#define M_ASN1_I2D_put_SET_opt(a,f) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- M_ASN1_I2D_put_SET(a,f); +- +-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- M_ASN1_I2D_put_SEQUENCE(a,f); +- +-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- M_ASN1_I2D_put_SEQUENCE_type(type,a,f); +- +-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ +- if ((c.slen != 0) && \ +- (M_ASN1_next == \ +- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ +- { \ +- M_ASN1_D2I_get_imp_set(b,func,free_func,\ +- tag,V_ASN1_CONTEXT_SPECIFIC); \ +- } +- +-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ +- if ((c.slen != 0) && \ +- (M_ASN1_next == \ +- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ +- { \ +- M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ +- tag,V_ASN1_CONTEXT_SPECIFIC); \ +- } +- +-#define M_ASN1_D2I_get_seq(r,func,free_func) \ +- M_ASN1_D2I_get_imp_set(r,func,free_func,\ +- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); +- +-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ +- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ +- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) +- +-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ +- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ +- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ +- { M_ASN1_D2I_get_seq(r,func,free_func); } +- +-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ +- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ +- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ +- { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } +- +-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ +- M_ASN1_D2I_get_imp_set(r,func,free_func,\ +- x,V_ASN1_CONTEXT_SPECIFIC); +- +-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ +- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ +- x,V_ASN1_CONTEXT_SPECIFIC); +- +-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ +- c.q=c.p; \ +- if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ +- (void (*)())free_func,a,b) == NULL) \ +- { c.line=__LINE__; goto err; } \ +- c.slen-=(c.p-c.q); +- +-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ +- c.q=c.p; \ +- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ +- free_func,a,b) == NULL) \ +- { c.line=__LINE__; goto err; } \ +- c.slen-=(c.p-c.q); +- +-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \ +- c.q=c.p; \ +- if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ +- { c.line=__LINE__; goto err; } \ +- c.slen-=(c.p-c.q); +- +-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ +- if ((c.slen != 0L) && (M_ASN1_next == \ +- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ +- { \ +- int Tinf,Ttag,Tclass; \ +- long Tlen; \ +- \ +- c.q=c.p; \ +- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ +- if (Tinf & 0x80) \ +- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ +- c.line=__LINE__; goto err; } \ +- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ +- Tlen = c.slen - (c.p - c.q) - 2; \ +- if (func(&(r),&c.p,Tlen) == NULL) \ +- { c.line=__LINE__; goto err; } \ +- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ +- Tlen = c.slen - (c.p - c.q); \ +- if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ +- { c.error=ERR_R_MISSING_ASN1_EOS; \ +- c.line=__LINE__; goto err; } \ +- }\ +- c.slen-=(c.p-c.q); \ +- } +- +-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ +- if ((c.slen != 0) && (M_ASN1_next == \ +- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ +- { \ +- int Tinf,Ttag,Tclass; \ +- long Tlen; \ +- \ +- c.q=c.p; \ +- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ +- if (Tinf & 0x80) \ +- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ +- c.line=__LINE__; goto err; } \ +- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ +- Tlen = c.slen - (c.p - c.q) - 2; \ +- if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ +- (void (*)())free_func, \ +- b,V_ASN1_UNIVERSAL) == NULL) \ +- { c.line=__LINE__; goto err; } \ +- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ +- Tlen = c.slen - (c.p - c.q); \ +- if(!ASN1_check_infinite_end(&c.p, Tlen)) \ +- { c.error=ERR_R_MISSING_ASN1_EOS; \ +- c.line=__LINE__; goto err; } \ +- }\ +- c.slen-=(c.p-c.q); \ +- } +- +-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ +- if ((c.slen != 0) && (M_ASN1_next == \ +- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ +- { \ +- int Tinf,Ttag,Tclass; \ +- long Tlen; \ +- \ +- c.q=c.p; \ +- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ +- if (Tinf & 0x80) \ +- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ +- c.line=__LINE__; goto err; } \ +- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ +- Tlen = c.slen - (c.p - c.q) - 2; \ +- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ +- free_func,b,V_ASN1_UNIVERSAL) == NULL) \ +- { c.line=__LINE__; goto err; } \ +- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ +- Tlen = c.slen - (c.p - c.q); \ +- if(!ASN1_check_infinite_end(&c.p, Tlen)) \ +- { c.error=ERR_R_MISSING_ASN1_EOS; \ +- c.line=__LINE__; goto err; } \ +- }\ +- c.slen-=(c.p-c.q); \ +- } ++# define M_ASN1_D2I_get_int(b,func) \ ++ c.q=c.p; \ ++ if (func(&(b),&c.p,c.slen) < 0) \ ++ {c.line=__LINE__; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_opt(b,func,type) \ ++ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ ++ == (V_ASN1_UNIVERSAL|(type)))) \ ++ { \ ++ M_ASN1_D2I_get(b,func); \ ++ } ++ ++# define M_ASN1_D2I_get_imp(b,func, type) \ ++ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ ++ c.q=c.p; \ ++ if (func(&(b),&c.p,c.slen) == NULL) \ ++ {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ ++ c.slen-=(c.p-c.q);\ ++ M_ASN1_next_prev=_tmp; ++ ++# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ ++ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ ++ (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ ++ { \ ++ unsigned char _tmp = M_ASN1_next; \ ++ M_ASN1_D2I_get_imp(b,func, type);\ ++ } ++ ++# define M_ASN1_D2I_get_set(r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set(r,func,free_func, \ ++ V_ASN1_SET,V_ASN1_UNIVERSAL); ++ ++# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ ++ V_ASN1_SET,V_ASN1_UNIVERSAL); ++ ++# define M_ASN1_D2I_get_set_opt(r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ ++ { M_ASN1_D2I_get_set(r,func,free_func); } ++ ++# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ ++ { M_ASN1_D2I_get_set_type(type,r,func,free_func); } ++ ++# define M_ASN1_I2D_len_SET_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_len_SET(a,f); ++ ++# define M_ASN1_I2D_put_SET_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_put_SET(a,f); ++ ++# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_put_SEQUENCE(a,f); ++ ++# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); ++ ++# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ ++ if ((c.slen != 0) && \ ++ (M_ASN1_next == \ ++ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ ++ { \ ++ M_ASN1_D2I_get_imp_set(b,func,free_func,\ ++ tag,V_ASN1_CONTEXT_SPECIFIC); \ ++ } ++ ++# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ ++ if ((c.slen != 0) && \ ++ (M_ASN1_next == \ ++ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ ++ { \ ++ M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ ++ tag,V_ASN1_CONTEXT_SPECIFIC); \ ++ } ++ ++# define M_ASN1_D2I_get_seq(r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set(r,func,free_func,\ ++ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); ++ ++# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ ++ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) ++ ++# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ ++ { M_ASN1_D2I_get_seq(r,func,free_func); } ++ ++# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ ++ { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } ++ ++# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ ++ M_ASN1_D2I_get_imp_set(r,func,free_func,\ ++ x,V_ASN1_CONTEXT_SPECIFIC); ++ ++# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ ++ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ ++ x,V_ASN1_CONTEXT_SPECIFIC); ++ ++# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ ++ c.q=c.p; \ ++ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ ++ (void (*)())free_func,a,b) == NULL) \ ++ { c.line=__LINE__; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ ++ c.q=c.p; \ ++ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ ++ free_func,a,b) == NULL) \ ++ { c.line=__LINE__; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_set_strings(r,func,a,b) \ ++ c.q=c.p; \ ++ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ ++ { c.line=__LINE__; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ ++ if ((c.slen != 0L) && (M_ASN1_next == \ ++ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ ++ { \ ++ int Tinf,Ttag,Tclass; \ ++ long Tlen; \ ++ \ ++ c.q=c.p; \ ++ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ ++ if (Tinf & 0x80) \ ++ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ ++ c.line=__LINE__; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ ++ Tlen = c.slen - (c.p - c.q) - 2; \ ++ if (func(&(r),&c.p,Tlen) == NULL) \ ++ { c.line=__LINE__; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ ++ Tlen = c.slen - (c.p - c.q); \ ++ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ ++ { c.error=ERR_R_MISSING_ASN1_EOS; \ ++ c.line=__LINE__; goto err; } \ ++ }\ ++ c.slen-=(c.p-c.q); \ ++ } ++ ++# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ ++ if ((c.slen != 0) && (M_ASN1_next == \ ++ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ ++ { \ ++ int Tinf,Ttag,Tclass; \ ++ long Tlen; \ ++ \ ++ c.q=c.p; \ ++ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ ++ if (Tinf & 0x80) \ ++ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ ++ c.line=__LINE__; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ ++ Tlen = c.slen - (c.p - c.q) - 2; \ ++ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ ++ (void (*)())free_func, \ ++ b,V_ASN1_UNIVERSAL) == NULL) \ ++ { c.line=__LINE__; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ ++ Tlen = c.slen - (c.p - c.q); \ ++ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ ++ { c.error=ERR_R_MISSING_ASN1_EOS; \ ++ c.line=__LINE__; goto err; } \ ++ }\ ++ c.slen-=(c.p-c.q); \ ++ } ++ ++# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ ++ if ((c.slen != 0) && (M_ASN1_next == \ ++ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ ++ { \ ++ int Tinf,Ttag,Tclass; \ ++ long Tlen; \ ++ \ ++ c.q=c.p; \ ++ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ ++ if (Tinf & 0x80) \ ++ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ ++ c.line=__LINE__; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ ++ Tlen = c.slen - (c.p - c.q) - 2; \ ++ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ ++ free_func,b,V_ASN1_UNIVERSAL) == NULL) \ ++ { c.line=__LINE__; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ ++ Tlen = c.slen - (c.p - c.q); \ ++ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ ++ { c.error=ERR_R_MISSING_ASN1_EOS; \ ++ c.line=__LINE__; goto err; } \ ++ }\ ++ c.slen-=(c.p-c.q); \ ++ } + + /* New macros */ +-#define M_ASN1_New_Malloc(ret,type) \ +- if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ +- { c.line=__LINE__; goto err2; } +- +-#define M_ASN1_New(arg,func) \ +- if (((arg)=func()) == NULL) return(NULL) +- +-#define M_ASN1_New_Error(a) \ +-/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ +- return(NULL);*/ \ +- err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ +- return(NULL) +- +- +-/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, +- some macros that use ASN1_const_CTX still insist on writing in the input +- stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. +- Please? -- Richard Levitte */ +-#define M_ASN1_next (*((unsigned char *)(c.p))) +-#define M_ASN1_next_prev (*((unsigned char *)(c.q))) ++# define M_ASN1_New_Malloc(ret,type) \ ++ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ ++ { c.line=__LINE__; goto err2; } ++ ++# define M_ASN1_New(arg,func) \ ++ if (((arg)=func()) == NULL) return(NULL) ++ ++# define M_ASN1_New_Error(a) \ ++/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ ++ return(NULL);*/ \ ++ err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ ++ return(NULL) ++ ++/* ++ * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some ++ * macros that use ASN1_const_CTX still insist on writing in the input ++ * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? -- ++ * Richard Levitte ++ */ ++# define M_ASN1_next (*((unsigned char *)(c.p))) ++# define M_ASN1_next_prev (*((unsigned char *)(c.q))) + + /*************************************************/ + +-#define M_ASN1_I2D_vars(a) int r=0,ret=0; \ +- unsigned char *p; \ +- if (a == NULL) return(0) ++# define M_ASN1_I2D_vars(a) int r=0,ret=0; \ ++ unsigned char *p; \ ++ if (a == NULL) return(0) + + /* Length Macros */ +-#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) +-#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) +- +-#define M_ASN1_I2D_len_SET(a,f) \ +- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); +- +-#define M_ASN1_I2D_len_SET_type(type,a,f) \ +- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ +- V_ASN1_UNIVERSAL,IS_SET); +- +-#define M_ASN1_I2D_len_SEQUENCE(a,f) \ +- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ +- IS_SEQUENCE); +- +-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ +- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ +- V_ASN1_UNIVERSAL,IS_SEQUENCE) +- +-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- M_ASN1_I2D_len_SEQUENCE(a,f); +- +-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- M_ASN1_I2D_len_SEQUENCE_type(type,a,f); +- +-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ +- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); +- +-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ +- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ +- V_ASN1_CONTEXT_SPECIFIC,IS_SET); +- +-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SET); +- +-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ +- V_ASN1_CONTEXT_SPECIFIC,IS_SET); +- +-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ +- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SEQUENCE); +- +-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SEQUENCE); +- +-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ +- V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SEQUENCE); +- +-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ +- if (a != NULL)\ +- { \ +- v=f(a,NULL); \ +- ret+=ASN1_object_size(1,v,mtag); \ +- } +- +-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ +- if ((a != NULL) && (sk_num(a) != 0))\ +- { \ +- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ +- ret+=ASN1_object_size(1,v,mtag); \ +- } +- +-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ +- if ((a != NULL) && (sk_num(a) != 0))\ +- { \ +- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ +- IS_SEQUENCE); \ +- ret+=ASN1_object_size(1,v,mtag); \ +- } +- +-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0))\ +- { \ +- v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ +- V_ASN1_UNIVERSAL, \ +- IS_SEQUENCE); \ +- ret+=ASN1_object_size(1,v,mtag); \ +- } ++# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) ++# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) ++ ++# define M_ASN1_I2D_len_SET(a,f) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); ++ ++# define M_ASN1_I2D_len_SET_type(type,a,f) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ ++ V_ASN1_UNIVERSAL,IS_SET); ++ ++# define M_ASN1_I2D_len_SEQUENCE(a,f) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ ++ V_ASN1_UNIVERSAL,IS_SEQUENCE) ++ ++# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_len_SEQUENCE(a,f); ++ ++# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); ++ ++# define M_ASN1_I2D_len_IMP_SET(a,f,x) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ ++ if (a != NULL)\ ++ { \ ++ v=f(a,NULL); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0))\ ++ { \ ++ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0))\ ++ { \ ++ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0))\ ++ { \ ++ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ ++ V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } + + /* Put Macros */ +-#define M_ASN1_I2D_put(a,f) f(a,&p) +- +-#define M_ASN1_I2D_put_IMP_opt(a,f,t) \ +- if (a != NULL) \ +- { \ +- unsigned char *q=p; \ +- f(a,&p); \ +- *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ +- } +- +-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ +- V_ASN1_UNIVERSAL,IS_SET) +-#define M_ASN1_I2D_put_SET_type(type,a,f) \ ++# define M_ASN1_I2D_put(a,f) f(a,&p) ++ ++# define M_ASN1_I2D_put_IMP_opt(a,f,t) \ ++ if (a != NULL) \ ++ { \ ++ unsigned char *q=p; \ ++ f(a,&p); \ ++ *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ ++ } ++ ++# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ ++ V_ASN1_UNIVERSAL,IS_SET) ++# define M_ASN1_I2D_put_SET_type(type,a,f) \ + i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) +-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ +- V_ASN1_CONTEXT_SPECIFIC,IS_SET) +-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ ++# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SET) ++# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ + i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) +-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ +- V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) ++# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) + +-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ +- V_ASN1_UNIVERSAL,IS_SEQUENCE) ++# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ ++ V_ASN1_UNIVERSAL,IS_SEQUENCE) + +-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ ++# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ + i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ +- IS_SEQUENCE) +- +-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- M_ASN1_I2D_put_SEQUENCE(a,f); +- +-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SET); } +- +-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ +- V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SET); } +- +-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SEQUENCE); } +- +-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ +- V_ASN1_CONTEXT_SPECIFIC, \ +- IS_SEQUENCE); } +- +-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ +- if (a != NULL) \ +- { \ +- ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ +- f(a,&p); \ +- } +- +-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- { \ +- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ +- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ +- } +- +-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ +- if ((a != NULL) && (sk_num(a) != 0)) \ +- { \ +- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ +- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ +- } +- +-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ +- if ((a != NULL) && (sk_##type##_num(a) != 0)) \ +- { \ +- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ +- i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ +- IS_SEQUENCE); \ +- } +- +-#define M_ASN1_I2D_seq_total() \ +- r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ +- if (pp == NULL) return(r); \ +- p= *pp; \ +- ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) +- +-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \ +- *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ +- *(p++)=0x80 +- +-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 +- +-#define M_ASN1_I2D_finish() *pp=p; \ +- return(r); ++ IS_SEQUENCE) ++ ++# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_put_SEQUENCE(a,f); ++ ++# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SET); } ++ ++# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SET); } ++ ++# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); } ++ ++# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); } ++ ++# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ ++ if (a != NULL) \ ++ { \ ++ ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ ++ f(a,&p); \ ++ } ++ ++# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { \ ++ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ ++ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ ++ } ++ ++# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { \ ++ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ ++ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ ++ } ++ ++# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ { \ ++ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ ++ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); \ ++ } ++ ++# define M_ASN1_I2D_seq_total() \ ++ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ ++ if (pp == NULL) return(r); \ ++ p= *pp; \ ++ ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) ++ ++# define M_ASN1_I2D_INF_seq_start(tag,ctx) \ ++ *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ ++ *(p++)=0x80 ++ ++# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 ++ ++# define M_ASN1_I2D_finish() *pp=p; \ ++ return(r); + + int asn1_GetSequence(ASN1_const_CTX *c, long *length); +-void asn1_add_error(const unsigned char *address,int offset); ++void asn1_add_error(const unsigned char *address, int offset); + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/asn1t.h b/Cryptlib/Include/openssl/asn1t.h +index ac14f94..0a868ac 100644 +--- a/Cryptlib/Include/openssl/asn1t.h ++++ b/Cryptlib/Include/openssl/asn1t.h +@@ -1,6 +1,7 @@ + /* asn1t.h */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,16 +57,16 @@ + * + */ + #ifndef HEADER_ASN1T_H +-#define HEADER_ASN1T_H ++# define HEADER_ASN1T_H + +-#include +-#include +-#include ++# include ++# include ++# include + +-#ifdef OPENSSL_BUILD_SHLIBCRYPTO +-# undef OPENSSL_EXTERN +-# define OPENSSL_EXTERN OPENSSL_EXPORT +-#endif ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif + + /* ASN1 template defines, structures and functions */ + +@@ -73,505 +74,502 @@ + extern "C" { + #endif + +- +-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION ++# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + + /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) +- ++# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + + /* Macros for start and end of ASN1_ITEM definition */ + +-#define ASN1_ITEM_start(itname) \ +- OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { ++# define ASN1_ITEM_start(itname) \ ++ OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { + +-#define ASN1_ITEM_end(itname) \ +- }; ++# define ASN1_ITEM_end(itname) \ ++ }; + +-#else ++# else + + /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) +- ++# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) + + /* Macros for start and end of ASN1_ITEM definition */ + +-#define ASN1_ITEM_start(itname) \ +- const ASN1_ITEM * itname##_it(void) \ +- { \ +- static const ASN1_ITEM local_it = { +- +-#define ASN1_ITEM_end(itname) \ +- }; \ +- return &local_it; \ +- } ++# define ASN1_ITEM_start(itname) \ ++ const ASN1_ITEM * itname##_it(void) \ ++ { \ ++ static const ASN1_ITEM local_it = { + +-#endif ++# define ASN1_ITEM_end(itname) \ ++ }; \ ++ return &local_it; \ ++ } + ++# endif + + /* Macros to aid ASN1 template writing */ + +-#define ASN1_ITEM_TEMPLATE(tname) \ +- static const ASN1_TEMPLATE tname##_item_tt +- +-#define ASN1_ITEM_TEMPLATE_END(tname) \ +- ;\ +- ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_PRIMITIVE,\ +- -1,\ +- &tname##_item_tt,\ +- 0,\ +- NULL,\ +- 0,\ +- #tname \ +- ASN1_ITEM_end(tname) +- ++# define ASN1_ITEM_TEMPLATE(tname) \ ++ static const ASN1_TEMPLATE tname##_item_tt ++ ++# define ASN1_ITEM_TEMPLATE_END(tname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_PRIMITIVE,\ ++ -1,\ ++ &tname##_item_tt,\ ++ 0,\ ++ NULL,\ ++ 0,\ ++ #tname \ ++ ASN1_ITEM_end(tname) + + /* This is a ASN1 type which just embeds a template */ +- +-/* This pair helps declare a SEQUENCE. We can do: ++ ++/*- ++ * This pair helps declare a SEQUENCE. We can do: + * +- * ASN1_SEQUENCE(stname) = { +- * ... SEQUENCE components ... +- * } ASN1_SEQUENCE_END(stname) ++ * ASN1_SEQUENCE(stname) = { ++ * ... SEQUENCE components ... ++ * } ASN1_SEQUENCE_END(stname) + * +- * This will produce an ASN1_ITEM called stname_it +- * for a structure called stname. ++ * This will produce an ASN1_ITEM called stname_it ++ * for a structure called stname. + * +- * If you want the same structure but a different +- * name then use: ++ * If you want the same structure but a different ++ * name then use: + * +- * ASN1_SEQUENCE(itname) = { +- * ... SEQUENCE components ... +- * } ASN1_SEQUENCE_END_name(stname, itname) ++ * ASN1_SEQUENCE(itname) = { ++ * ... SEQUENCE components ... ++ * } ASN1_SEQUENCE_END_name(stname, itname) + * +- * This will create an item called itname_it using +- * a structure called stname. ++ * This will create an item called itname_it using ++ * a structure called stname. + */ + +-#define ASN1_SEQUENCE(tname) \ +- static const ASN1_TEMPLATE tname##_seq_tt[] +- +-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) +- +-#define ASN1_SEQUENCE_END_name(stname, tname) \ +- ;\ +- ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_SEQUENCE,\ +- V_ASN1_SEQUENCE,\ +- tname##_seq_tt,\ +- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ +- NULL,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) +- +-#define ASN1_NDEF_SEQUENCE(tname) \ +- ASN1_SEQUENCE(tname) +- +-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ +- ASN1_SEQUENCE_cb(tname, cb) +- +-#define ASN1_SEQUENCE_cb(tname, cb) \ +- static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ +- ASN1_SEQUENCE(tname) +- +-#define ASN1_BROKEN_SEQUENCE(tname) \ +- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ +- ASN1_SEQUENCE(tname) +- +-#define ASN1_SEQUENCE_ref(tname, cb, lck) \ +- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ +- ASN1_SEQUENCE(tname) +- +-#define ASN1_SEQUENCE_enc(tname, enc, cb) \ +- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ +- ASN1_SEQUENCE(tname) +- +-#define ASN1_NDEF_SEQUENCE_END(tname) \ +- ;\ +- ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_NDEF_SEQUENCE,\ +- V_ASN1_SEQUENCE,\ +- tname##_seq_tt,\ +- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ +- NULL,\ +- sizeof(tname),\ +- #tname \ +- ASN1_ITEM_end(tname) +- +-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +- +-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +- +-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +- +-#define ASN1_SEQUENCE_END_ref(stname, tname) \ +- ;\ +- ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_SEQUENCE,\ +- V_ASN1_SEQUENCE,\ +- tname##_seq_tt,\ +- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ +- &tname##_aux,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) +- +- +-/* This pair helps declare a CHOICE type. We can do: ++# define ASN1_SEQUENCE(tname) \ ++ static const ASN1_TEMPLATE tname##_seq_tt[] ++ ++# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) ++ ++# define ASN1_SEQUENCE_END_name(stname, tname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_SEQUENCE,\ ++ V_ASN1_SEQUENCE,\ ++ tname##_seq_tt,\ ++ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ ++ NULL,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) ++ ++# define ASN1_NDEF_SEQUENCE(tname) \ ++ ASN1_SEQUENCE(tname) ++ ++# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ ++ ASN1_SEQUENCE_cb(tname, cb) ++ ++# define ASN1_SEQUENCE_cb(tname, cb) \ ++ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ++ ASN1_SEQUENCE(tname) ++ ++# define ASN1_BROKEN_SEQUENCE(tname) \ ++ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ ++ ASN1_SEQUENCE(tname) ++ ++# define ASN1_SEQUENCE_ref(tname, cb, lck) \ ++ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ ++ ASN1_SEQUENCE(tname) ++ ++# define ASN1_SEQUENCE_enc(tname, enc, cb) \ ++ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ ++ ASN1_SEQUENCE(tname) ++ ++# define ASN1_NDEF_SEQUENCE_END(tname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_NDEF_SEQUENCE,\ ++ V_ASN1_SEQUENCE,\ ++ tname##_seq_tt,\ ++ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ ++ NULL,\ ++ sizeof(tname),\ ++ #tname \ ++ ASN1_ITEM_end(tname) ++ ++# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) ++ ++# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) ++ ++# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) ++ ++# define ASN1_SEQUENCE_END_ref(stname, tname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_SEQUENCE,\ ++ V_ASN1_SEQUENCE,\ ++ tname##_seq_tt,\ ++ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ ++ &tname##_aux,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) ++ ++/*- ++ * This pair helps declare a CHOICE type. We can do: + * +- * ASN1_CHOICE(chname) = { +- * ... CHOICE options ... +- * ASN1_CHOICE_END(chname) ++ * ASN1_CHOICE(chname) = { ++ * ... CHOICE options ... ++ * ASN1_CHOICE_END(chname) + * +- * This will produce an ASN1_ITEM called chname_it +- * for a structure called chname. The structure +- * definition must look like this: +- * typedef struct { +- * int type; +- * union { +- * ASN1_SOMETHING *opt1; +- * ASN1_SOMEOTHER *opt2; +- * } value; +- * } chname; +- * +- * the name of the selector must be 'type'. +- * to use an alternative selector name use the ++ * This will produce an ASN1_ITEM called chname_it ++ * for a structure called chname. The structure ++ * definition must look like this: ++ * typedef struct { ++ * int type; ++ * union { ++ * ASN1_SOMETHING *opt1; ++ * ASN1_SOMEOTHER *opt2; ++ * } value; ++ * } chname; ++ * ++ * the name of the selector must be 'type'. ++ * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +-#define ASN1_CHOICE(tname) \ +- static const ASN1_TEMPLATE tname##_ch_tt[] +- +-#define ASN1_CHOICE_cb(tname, cb) \ +- static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ +- ASN1_CHOICE(tname) +- +-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) +- +-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) +- +-#define ASN1_CHOICE_END_selector(stname, tname, selname) \ +- ;\ +- ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_CHOICE,\ +- offsetof(stname,selname) ,\ +- tname##_ch_tt,\ +- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ +- NULL,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) +- +-#define ASN1_CHOICE_END_cb(stname, tname, selname) \ +- ;\ +- ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_CHOICE,\ +- offsetof(stname,selname) ,\ +- tname##_ch_tt,\ +- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ +- &tname##_aux,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) ++# define ASN1_CHOICE(tname) \ ++ static const ASN1_TEMPLATE tname##_ch_tt[] ++ ++# define ASN1_CHOICE_cb(tname, cb) \ ++ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ++ ASN1_CHOICE(tname) ++ ++# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) ++ ++# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) ++ ++# define ASN1_CHOICE_END_selector(stname, tname, selname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_CHOICE,\ ++ offsetof(stname,selname) ,\ ++ tname##_ch_tt,\ ++ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ ++ NULL,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) ++ ++# define ASN1_CHOICE_END_cb(stname, tname, selname) \ ++ ;\ ++ ASN1_ITEM_start(tname) \ ++ ASN1_ITYPE_CHOICE,\ ++ offsetof(stname,selname) ,\ ++ tname##_ch_tt,\ ++ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ ++ &tname##_aux,\ ++ sizeof(stname),\ ++ #stname \ ++ ASN1_ITEM_end(tname) + + /* This helps with the template wrapper form of ASN1_ITEM */ + +-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ +- (flags), (tag), 0,\ +- #name, ASN1_ITEM_ref(type) } ++# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ ++ (flags), (tag), 0,\ ++ #name, ASN1_ITEM_ref(type) } + + /* These help with SEQUENCE or CHOICE components */ + + /* used to declare other types */ + +-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ +- (flags), (tag), offsetof(stname, field),\ +- #field, ASN1_ITEM_ref(type) } ++# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ ++ (flags), (tag), offsetof(stname, field),\ ++ #field, ASN1_ITEM_ref(type) } + + /* used when the structure is combined with the parent */ + +-#define ASN1_EX_COMBINE(flags, tag, type) { \ +- (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } ++# define ASN1_EX_COMBINE(flags, tag, type) { \ ++ (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } + + /* implicit and explicit helper macros */ + +-#define ASN1_IMP_EX(stname, field, type, tag, ex) \ +- ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) ++# define ASN1_IMP_EX(stname, field, type, tag, ex) \ ++ ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + +-#define ASN1_EXP_EX(stname, field, type, tag, ex) \ +- ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) ++# define ASN1_EXP_EX(stname, field, type, tag, ex) \ ++ ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + + /* Any defined by macros: the field used is in the table itself */ + +-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +-#else +-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } +-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } +-#endif ++# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION ++# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } ++# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } ++# else ++# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } ++# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } ++# endif + /* Plain simple type */ +-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) ++# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) + + /* OPTIONAL simple type */ +-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) ++# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) + + /* IMPLICIT tagged simple type */ +-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) ++# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) + + /* IMPLICIT tagged OPTIONAL simple type */ +-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) ++# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + + /* Same as above but EXPLICIT */ + +-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) ++# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) ++# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + + /* SEQUENCE OF type */ +-#define ASN1_SEQUENCE_OF(stname, field, type) \ +- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) ++# define ASN1_SEQUENCE_OF(stname, field, type) \ ++ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + + /* OPTIONAL SEQUENCE OF */ +-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ +- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) ++# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ ++ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + + /* Same as above but for SET OF */ + +-#define ASN1_SET_OF(stname, field, type) \ +- ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) ++# define ASN1_SET_OF(stname, field, type) \ ++ ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +-#define ASN1_SET_OF_OPT(stname, field, type) \ +- ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) ++# define ASN1_SET_OF_OPT(stname, field, type) \ ++ ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + + /* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +-#define ASN1_IMP_SET_OF(stname, field, type, tag) \ +- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) ++# define ASN1_IMP_SET_OF(stname, field, type, tag) \ ++ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +-#define ASN1_EXP_SET_OF(stname, field, type, tag) \ +- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) ++# define ASN1_EXP_SET_OF(stname, field, type, tag) \ ++ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ +- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) ++# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ ++ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ +- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) ++# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ ++ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ +- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) ++# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ ++ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ +- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) ++# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ++ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ +- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) ++# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ ++ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ +- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) ++# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ++ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + + /* EXPLICIT using indefinite length constructed form */ +-#define ASN1_NDEF_EXP(stname, field, type, tag) \ +- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) ++# define ASN1_NDEF_EXP(stname, field, type, tag) \ ++ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + + /* EXPLICIT OPTIONAL using indefinite length constructed form */ +-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ +- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) ++# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ ++ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + + /* Macros for the ASN1_ADB structure */ + +-#define ASN1_ADB(name) \ +- static const ASN1_ADB_TABLE name##_adbtbl[] +- +-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +- +-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ +- ;\ +- static const ASN1_ADB name##_adb = {\ +- flags,\ +- offsetof(name, field),\ +- app_table,\ +- name##_adbtbl,\ +- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ +- def,\ +- none\ +- } +- +-#else +- +-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ +- ;\ +- static const ASN1_ITEM *name##_adb(void) \ +- { \ +- static const ASN1_ADB internal_adb = \ +- {\ +- flags,\ +- offsetof(name, field),\ +- app_table,\ +- name##_adbtbl,\ +- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ +- def,\ +- none\ +- }; \ +- return (const ASN1_ITEM *) &internal_adb; \ +- } \ +- void dummy_function(void) +- +-#endif +- +-#define ADB_ENTRY(val, template) {val, template} ++# define ASN1_ADB(name) \ ++ static const ASN1_ADB_TABLE name##_adbtbl[] ++ ++# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION ++ ++# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ++ ;\ ++ static const ASN1_ADB name##_adb = {\ ++ flags,\ ++ offsetof(name, field),\ ++ app_table,\ ++ name##_adbtbl,\ ++ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ ++ def,\ ++ none\ ++ } + +-#define ASN1_ADB_TEMPLATE(name) \ +- static const ASN1_TEMPLATE name##_tt ++# else + +-/* This is the ASN1 template structure that defines +- * a wrapper round the actual type. It determines the +- * actual position of the field in the value structure, +- * various flags such as OPTIONAL and the field name. ++# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ++ ;\ ++ static const ASN1_ITEM *name##_adb(void) \ ++ { \ ++ static const ASN1_ADB internal_adb = \ ++ {\ ++ flags,\ ++ offsetof(name, field),\ ++ app_table,\ ++ name##_adbtbl,\ ++ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ ++ def,\ ++ none\ ++ }; \ ++ return (const ASN1_ITEM *) &internal_adb; \ ++ } \ ++ void dummy_function(void) ++ ++# endif ++ ++# define ADB_ENTRY(val, template) {val, template} ++ ++# define ASN1_ADB_TEMPLATE(name) \ ++ static const ASN1_TEMPLATE name##_tt ++ ++/* ++ * This is the ASN1 template structure that defines a wrapper round the ++ * actual type. It determines the actual position of the field in the value ++ * structure, various flags such as OPTIONAL and the field name. + */ + + struct ASN1_TEMPLATE_st { +-unsigned long flags; /* Various flags */ +-long tag; /* tag, not used if no tagging */ +-unsigned long offset; /* Offset of this field in structure */ +-#ifndef NO_ASN1_FIELD_NAMES +-const char *field_name; /* Field name */ +-#endif +-ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ ++ unsigned long flags; /* Various flags */ ++ long tag; /* tag, not used if no tagging */ ++ unsigned long offset; /* Offset of this field in structure */ ++# ifndef NO_ASN1_FIELD_NAMES ++ const char *field_name; /* Field name */ ++# endif ++ ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + }; + + /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +-#define ASN1_TEMPLATE_item(t) (t->item_ptr) +-#define ASN1_TEMPLATE_adb(t) (t->item_ptr) ++# define ASN1_TEMPLATE_item(t) (t->item_ptr) ++# define ASN1_TEMPLATE_adb(t) (t->item_ptr) + + typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; + typedef struct ASN1_ADB_st ASN1_ADB; + + struct ASN1_ADB_st { +- unsigned long flags; /* Various flags */ +- unsigned long offset; /* Offset of selector field */ +- STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ +- const ASN1_ADB_TABLE *tbl; /* Table of possible types */ +- long tblcount; /* Number of entries in tbl */ +- const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ +- const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ ++ unsigned long flags; /* Various flags */ ++ unsigned long offset; /* Offset of selector field */ ++ STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ ++ const ASN1_ADB_TABLE *tbl; /* Table of possible types */ ++ long tblcount; /* Number of entries in tbl */ ++ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ ++ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ + }; + + struct ASN1_ADB_TABLE_st { +- long value; /* NID for an object or value for an int */ +- const ASN1_TEMPLATE tt; /* item for this value */ ++ long value; /* NID for an object or value for an int */ ++ const ASN1_TEMPLATE tt; /* item for this value */ + }; + + /* template flags */ + + /* Field is optional */ +-#define ASN1_TFLG_OPTIONAL (0x1) ++# define ASN1_TFLG_OPTIONAL (0x1) + + /* Field is a SET OF */ +-#define ASN1_TFLG_SET_OF (0x1 << 1) ++# define ASN1_TFLG_SET_OF (0x1 << 1) + + /* Field is a SEQUENCE OF */ +-#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) ++# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +-/* Special case: this refers to a SET OF that +- * will be sorted into DER order when encoded *and* +- * the corresponding STACK will be modified to match +- * the new order. ++/* ++ * Special case: this refers to a SET OF that will be sorted into DER order ++ * when encoded *and* the corresponding STACK will be modified to match the ++ * new order. + */ +-#define ASN1_TFLG_SET_ORDER (0x3 << 1) ++# define ASN1_TFLG_SET_ORDER (0x3 << 1) + + /* Mask for SET OF or SEQUENCE OF */ +-#define ASN1_TFLG_SK_MASK (0x3 << 1) ++# define ASN1_TFLG_SK_MASK (0x3 << 1) + +-/* These flags mean the tag should be taken from the +- * tag field. If EXPLICIT then the underlying type +- * is used for the inner tag. ++/* ++ * These flags mean the tag should be taken from the tag field. If EXPLICIT ++ * then the underlying type is used for the inner tag. + */ + + /* IMPLICIT tagging */ +-#define ASN1_TFLG_IMPTAG (0x1 << 3) +- ++# define ASN1_TFLG_IMPTAG (0x1 << 3) + + /* EXPLICIT tagging, inner tag from underlying type */ +-#define ASN1_TFLG_EXPTAG (0x2 << 3) ++# define ASN1_TFLG_EXPTAG (0x2 << 3) + +-#define ASN1_TFLG_TAG_MASK (0x3 << 3) ++# define ASN1_TFLG_TAG_MASK (0x3 << 3) + + /* context specific IMPLICIT */ +-#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT ++# define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT + + /* context specific EXPLICIT */ +-#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT ++# define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT + +-/* If tagging is in force these determine the +- * type of tag to use. Otherwise the tag is +- * determined by the underlying type. These +- * values reflect the actual octet format. ++/* ++ * If tagging is in force these determine the type of tag to use. Otherwise ++ * the tag is determined by the underlying type. These values reflect the ++ * actual octet format. + */ + +-/* Universal tag */ +-#define ASN1_TFLG_UNIVERSAL (0x0<<6) +-/* Application tag */ +-#define ASN1_TFLG_APPLICATION (0x1<<6) +-/* Context specific tag */ +-#define ASN1_TFLG_CONTEXT (0x2<<6) +-/* Private tag */ +-#define ASN1_TFLG_PRIVATE (0x3<<6) ++/* Universal tag */ ++# define ASN1_TFLG_UNIVERSAL (0x0<<6) ++/* Application tag */ ++# define ASN1_TFLG_APPLICATION (0x1<<6) ++/* Context specific tag */ ++# define ASN1_TFLG_CONTEXT (0x2<<6) ++/* Private tag */ ++# define ASN1_TFLG_PRIVATE (0x3<<6) + +-#define ASN1_TFLG_TAG_CLASS (0x3<<6) ++# define ASN1_TFLG_TAG_CLASS (0x3<<6) + +-/* These are for ANY DEFINED BY type. In this case +- * the 'item' field points to an ASN1_ADB structure +- * which contains a table of values to decode the ++/* ++ * These are for ANY DEFINED BY type. In this case the 'item' field points to ++ * an ASN1_ADB structure which contains a table of values to decode the + * relevant type + */ + +-#define ASN1_TFLG_ADB_MASK (0x3<<8) ++# define ASN1_TFLG_ADB_MASK (0x3<<8) + +-#define ASN1_TFLG_ADB_OID (0x1<<8) ++# define ASN1_TFLG_ADB_OID (0x1<<8) + +-#define ASN1_TFLG_ADB_INT (0x1<<9) ++# define ASN1_TFLG_ADB_INT (0x1<<9) + +-/* This flag means a parent structure is passed +- * instead of the field: this is useful is a +- * SEQUENCE is being combined with a CHOICE for +- * example. Since this means the structure and +- * item name will differ we need to use the ++/* ++ * This flag means a parent structure is passed instead of the field: this is ++ * useful is a SEQUENCE is being combined with a CHOICE for example. Since ++ * this means the structure and item name will differ we need to use the + * ASN1_CHOICE_END_name() macro for example. + */ + +-#define ASN1_TFLG_COMBINE (0x1<<10) ++# define ASN1_TFLG_COMBINE (0x1<<10) + +-/* This flag when present in a SEQUENCE OF, SET OF +- * or EXPLICIT causes indefinite length constructed +- * encoding to be used if required. ++/* ++ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes ++ * indefinite length constructed encoding to be used if required. + */ + +-#define ASN1_TFLG_NDEF (0x1<<11) ++# define ASN1_TFLG_NDEF (0x1<<11) + + /* This is the actual ASN1 item itself */ + + struct ASN1_ITEM_st { +-char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ +-long utype; /* underlying type */ +-const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ +-long tcount; /* Number of templates if SEQUENCE or CHOICE */ +-const void *funcs; /* functions that handle this type */ +-long size; /* Structure size (usually)*/ +-#ifndef NO_ASN1_FIELD_NAMES +-const char *sname; /* Structure name */ +-#endif ++ char itype; /* The item type, primitive, SEQUENCE, CHOICE ++ * or extern */ ++ long utype; /* underlying type */ ++ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains ++ * the contents */ ++ long tcount; /* Number of templates if SEQUENCE or CHOICE */ ++ const void *funcs; /* functions that handle this type */ ++ long size; /* Structure size (usually) */ ++# ifndef NO_ASN1_FIELD_NAMES ++ const char *sname; /* Structure name */ ++# endif + }; + +-/* These are values for the itype field and ++/*- ++ * These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * +- * Otherwise templates must contain a single ++ * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * +@@ -585,7 +583,7 @@ const char *sname; /* Structure name */ + * selector. + * + * The 'funcs' field is used for application +- * specific functions. ++ * specific functions. + * + * For COMPAT types the funcs field gives a + * set of functions that handle this type, this +@@ -609,237 +607,240 @@ const char *sname; /* Structure name */ + * + */ + +-#define ASN1_ITYPE_PRIMITIVE 0x0 ++# define ASN1_ITYPE_PRIMITIVE 0x0 + +-#define ASN1_ITYPE_SEQUENCE 0x1 ++# define ASN1_ITYPE_SEQUENCE 0x1 + +-#define ASN1_ITYPE_CHOICE 0x2 ++# define ASN1_ITYPE_CHOICE 0x2 + +-#define ASN1_ITYPE_COMPAT 0x3 ++# define ASN1_ITYPE_COMPAT 0x3 + +-#define ASN1_ITYPE_EXTERN 0x4 ++# define ASN1_ITYPE_EXTERN 0x4 + +-#define ASN1_ITYPE_MSTRING 0x5 ++# define ASN1_ITYPE_MSTRING 0x5 + +-#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 ++# define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +-/* Cache for ASN1 tag and length, so we +- * don't keep re-reading it for things ++/* ++ * Cache for ASN1 tag and length, so we don't keep re-reading it for things + * like CHOICE + */ + +-struct ASN1_TLC_st{ +- char valid; /* Values below are valid */ +- int ret; /* return value */ +- long plen; /* length */ +- int ptag; /* class value */ +- int pclass; /* class value */ +- int hdrlen; /* header length */ ++struct ASN1_TLC_st { ++ char valid; /* Values below are valid */ ++ int ret; /* return value */ ++ long plen; /* length */ ++ int ptag; /* class value */ ++ int pclass; /* class value */ ++ int hdrlen; /* header length */ + }; + + /* Typedefs for ASN1 function pointers */ + +-typedef ASN1_VALUE * ASN1_new_func(void); ++typedef ASN1_VALUE *ASN1_new_func(void); + typedef void ASN1_free_func(ASN1_VALUE *a); +-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); +-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); ++typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in, ++ long length); ++typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in); + +-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx); ++typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, ++ const ASN1_ITEM *it, int tag, int aclass, char opt, ++ ASN1_TLC *ctx); + +-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); ++typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, ++ const ASN1_ITEM *it, int tag, int aclass); + typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); ++typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, ++ int *putype, const ASN1_ITEM *it); ++typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, ++ int len, int utype, char *free_cont, ++ const ASN1_ITEM *it); + + typedef struct ASN1_COMPAT_FUNCS_st { +- ASN1_new_func *asn1_new; +- ASN1_free_func *asn1_free; +- ASN1_d2i_func *asn1_d2i; +- ASN1_i2d_func *asn1_i2d; ++ ASN1_new_func *asn1_new; ++ ASN1_free_func *asn1_free; ++ ASN1_d2i_func *asn1_d2i; ++ ASN1_i2d_func *asn1_i2d; + } ASN1_COMPAT_FUNCS; + + typedef struct ASN1_EXTERN_FUNCS_st { +- void *app_data; +- ASN1_ex_new_func *asn1_ex_new; +- ASN1_ex_free_func *asn1_ex_free; +- ASN1_ex_free_func *asn1_ex_clear; +- ASN1_ex_d2i *asn1_ex_d2i; +- ASN1_ex_i2d *asn1_ex_i2d; ++ void *app_data; ++ ASN1_ex_new_func *asn1_ex_new; ++ ASN1_ex_free_func *asn1_ex_free; ++ ASN1_ex_free_func *asn1_ex_clear; ++ ASN1_ex_d2i *asn1_ex_d2i; ++ ASN1_ex_i2d *asn1_ex_i2d; + } ASN1_EXTERN_FUNCS; + + typedef struct ASN1_PRIMITIVE_FUNCS_st { +- void *app_data; +- unsigned long flags; +- ASN1_ex_new_func *prim_new; +- ASN1_ex_free_func *prim_free; +- ASN1_ex_free_func *prim_clear; +- ASN1_primitive_c2i *prim_c2i; +- ASN1_primitive_i2c *prim_i2c; ++ void *app_data; ++ unsigned long flags; ++ ASN1_ex_new_func *prim_new; ++ ASN1_ex_free_func *prim_free; ++ ASN1_ex_free_func *prim_clear; ++ ASN1_primitive_c2i *prim_c2i; ++ ASN1_primitive_i2c *prim_i2c; + } ASN1_PRIMITIVE_FUNCS; + +-/* This is the ASN1_AUX structure: it handles various +- * miscellaneous requirements. For example the use of +- * reference counts and an informational callback. +- * +- * The "informational callback" is called at various +- * points during the ASN1 encoding and decoding. It can +- * be used to provide minor customisation of the structures +- * used. This is most useful where the supplied routines +- * *almost* do the right thing but need some extra help +- * at a few points. If the callback returns zero then +- * it is assumed a fatal error has occurred and the +- * main operation should be abandoned. +- * +- * If major changes in the default behaviour are required +- * then an external type is more appropriate. ++/* ++ * This is the ASN1_AUX structure: it handles various miscellaneous ++ * requirements. For example the use of reference counts and an informational ++ * callback. The "informational callback" is called at various points during ++ * the ASN1 encoding and decoding. It can be used to provide minor ++ * customisation of the structures used. This is most useful where the ++ * supplied routines *almost* do the right thing but need some extra help at ++ * a few points. If the callback returns zero then it is assumed a fatal ++ * error has occurred and the main operation should be abandoned. If major ++ * changes in the default behaviour are required then an external type is ++ * more appropriate. + */ + + typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it); + + typedef struct ASN1_AUX_st { +- void *app_data; +- int flags; +- int ref_offset; /* Offset of reference value */ +- int ref_lock; /* Lock type to use */ +- ASN1_aux_cb *asn1_cb; +- int enc_offset; /* Offset of ASN1_ENCODING structure */ ++ void *app_data; ++ int flags; ++ int ref_offset; /* Offset of reference value */ ++ int ref_lock; /* Lock type to use */ ++ ASN1_aux_cb *asn1_cb; ++ int enc_offset; /* Offset of ASN1_ENCODING structure */ + } ASN1_AUX; + + /* Flags in ASN1_AUX */ + + /* Use a reference count */ +-#define ASN1_AFLG_REFCOUNT 1 ++# define ASN1_AFLG_REFCOUNT 1 + /* Save the encoding of structure (useful for signatures) */ +-#define ASN1_AFLG_ENCODING 2 ++# define ASN1_AFLG_ENCODING 2 + /* The Sequence length is invalid */ +-#define ASN1_AFLG_BROKEN 4 ++# define ASN1_AFLG_BROKEN 4 + + /* operation values for asn1_cb */ + +-#define ASN1_OP_NEW_PRE 0 +-#define ASN1_OP_NEW_POST 1 +-#define ASN1_OP_FREE_PRE 2 +-#define ASN1_OP_FREE_POST 3 +-#define ASN1_OP_D2I_PRE 4 +-#define ASN1_OP_D2I_POST 5 +-#define ASN1_OP_I2D_PRE 6 +-#define ASN1_OP_I2D_POST 7 ++# define ASN1_OP_NEW_PRE 0 ++# define ASN1_OP_NEW_POST 1 ++# define ASN1_OP_FREE_PRE 2 ++# define ASN1_OP_FREE_POST 3 ++# define ASN1_OP_D2I_PRE 4 ++# define ASN1_OP_D2I_POST 5 ++# define ASN1_OP_I2D_PRE 6 ++# define ASN1_OP_I2D_POST 7 + + /* Macro to implement a primitive type */ +-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ +- ASN1_ITEM_start(itname) \ +- ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ +- ASN1_ITEM_end(itname) ++# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) ++# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ ++ ASN1_ITEM_start(itname) \ ++ ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ ++ ASN1_ITEM_end(itname) + + /* Macro to implement a multi string type */ +-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ +- ASN1_ITEM_start(itname) \ +- ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ +- ASN1_ITEM_end(itname) ++# define IMPLEMENT_ASN1_MSTRING(itname, mask) \ ++ ASN1_ITEM_start(itname) \ ++ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ ++ ASN1_ITEM_end(itname) + + /* Macro to implement an ASN1_ITEM in terms of old style funcs */ + +-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) +- +-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ +- static const ASN1_COMPAT_FUNCS sname##_ff = { \ +- (ASN1_new_func *)sname##_new, \ +- (ASN1_free_func *)sname##_free, \ +- (ASN1_d2i_func *)d2i_##sname, \ +- (ASN1_i2d_func *)i2d_##sname, \ +- }; \ +- ASN1_ITEM_start(sname) \ +- ASN1_ITYPE_COMPAT, \ +- tag, \ +- NULL, \ +- 0, \ +- &sname##_ff, \ +- 0, \ +- #sname \ +- ASN1_ITEM_end(sname) +- +-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ +- ASN1_ITEM_start(sname) \ +- ASN1_ITYPE_EXTERN, \ +- tag, \ +- NULL, \ +- 0, \ +- &fptrs, \ +- 0, \ +- #sname \ +- ASN1_ITEM_end(sname) ++# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) ++ ++# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ ++ static const ASN1_COMPAT_FUNCS sname##_ff = { \ ++ (ASN1_new_func *)sname##_new, \ ++ (ASN1_free_func *)sname##_free, \ ++ (ASN1_d2i_func *)d2i_##sname, \ ++ (ASN1_i2d_func *)i2d_##sname, \ ++ }; \ ++ ASN1_ITEM_start(sname) \ ++ ASN1_ITYPE_COMPAT, \ ++ tag, \ ++ NULL, \ ++ 0, \ ++ &sname##_ff, \ ++ 0, \ ++ #sname \ ++ ASN1_ITEM_end(sname) ++ ++# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ ++ ASN1_ITEM_start(sname) \ ++ ASN1_ITYPE_EXTERN, \ ++ tag, \ ++ NULL, \ ++ 0, \ ++ &fptrs, \ ++ 0, \ ++ #sname \ ++ ASN1_ITEM_end(sname) + + /* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) +- +-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) +- +-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ +- IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +- +-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ +- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) +- +-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ +- stname *fname##_new(void) \ +- { \ +- return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ +- } \ +- void fname##_free(stname *a) \ +- { \ +- ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ +- } +- +-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ +- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ +- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) +- +-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ +- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ +- { \ +- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ +- } \ +- int i2d_##fname(stname *a, unsigned char **out) \ +- { \ +- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ +- } +- +-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ +- int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ +- { \ +- return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ +- } +- +-/* This includes evil casts to remove const: they will go away when full +- * ASN1 constification is done. ++# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) ++ ++# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) ++ ++# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ ++ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) ++ ++# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ ++ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) ++ ++# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ ++ stname *fname##_new(void) \ ++ { \ ++ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ ++ } \ ++ void fname##_free(stname *a) \ ++ { \ ++ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ ++ } ++ ++# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ ++ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ ++ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) ++ ++# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ ++ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ ++ { \ ++ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ ++ } \ ++ int i2d_##fname(stname *a, unsigned char **out) \ ++ { \ ++ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ ++ } ++ ++# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ ++ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ ++ { \ ++ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ ++ } ++ ++/* ++ * This includes evil casts to remove const: they will go away when full ASN1 ++ * constification is done. + */ +-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ +- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ +- { \ +- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ +- } \ +- int i2d_##fname(const stname *a, unsigned char **out) \ +- { \ +- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ +- } +- +-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ +- stname * stname##_dup(stname *x) \ ++# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ ++ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ ++ { \ ++ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ ++ } \ ++ int i2d_##fname(const stname *a, unsigned char **out) \ ++ { \ ++ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ ++ } ++ ++# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ ++ stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ +- IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) ++# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ ++ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ +- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ +- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) ++# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ ++ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ ++ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + + /* external definitions for primitive types */ + +@@ -862,30 +863,40 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + + void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt); +-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx); +- +-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt); ++int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt); ++int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, ++ const ASN1_ITEM *it, int tag, int aclass, char opt, ++ ASN1_TLC *ctx); ++ ++int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, ++ const ASN1_ITEM *it, int tag, int aclass); ++int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, ++ const ASN1_TEMPLATE *tt); + void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); ++int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, ++ const ASN1_ITEM *it); ++int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ++ int utype, char *free_cont, const ASN1_ITEM *it); + + int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); ++int asn1_set_choice_selector(ASN1_VALUE **pval, int value, ++ const ASN1_ITEM *it); + +-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ++ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + +-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr); ++const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, ++ int nullerr); + + int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); + + void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); + void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); +-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); ++int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, ++ const ASN1_ITEM *it); ++int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, ++ const ASN1_ITEM *it); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h +index 03bd3b2..9d29b36 100644 +--- a/Cryptlib/Include/openssl/bio.h ++++ b/Cryptlib/Include/openssl/bio.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,515 +57,528 @@ + */ + + #ifndef HEADER_BIO_H +-#define HEADER_BIO_H ++# define HEADER_BIO_H + +-#include ++# include + +-#ifndef OPENSSL_NO_FP_API +-# include +-#endif +-#include ++# ifndef OPENSSL_NO_FP_API ++# include ++# endif ++# include + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* These are the 'types' of BIOs */ +-#define BIO_TYPE_NONE 0 +-#define BIO_TYPE_MEM (1|0x0400) +-#define BIO_TYPE_FILE (2|0x0400) +- +-#define BIO_TYPE_FD (4|0x0400|0x0100) +-#define BIO_TYPE_SOCKET (5|0x0400|0x0100) +-#define BIO_TYPE_NULL (6|0x0400) +-#define BIO_TYPE_SSL (7|0x0200) +-#define BIO_TYPE_MD (8|0x0200) /* passive filter */ +-#define BIO_TYPE_BUFFER (9|0x0200) /* filter */ +-#define BIO_TYPE_CIPHER (10|0x0200) /* filter */ +-#define BIO_TYPE_BASE64 (11|0x0200) /* filter */ +-#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */ +-#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */ +-#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */ +-#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ +-#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ +-#define BIO_TYPE_NULL_FILTER (17|0x0200) +-#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ +-#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ +-#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ +-#define BIO_TYPE_DGRAM (21|0x0400|0x0100) +-#define BIO_TYPE_COMP (23|0x0200) /* filter */ +- +-#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +-#define BIO_TYPE_FILTER 0x0200 +-#define BIO_TYPE_SOURCE_SINK 0x0400 +- +-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free. +- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ +-#define BIO_NOCLOSE 0x00 +-#define BIO_CLOSE 0x01 +- +-/* These are used in the following macros and are passed to +- * BIO_ctrl() */ +-#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ +-#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ +-#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ +-#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ +-#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ +-#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ +-#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ +-#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ +-#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ +-#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ +-#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ +-#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ +-#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ ++# define BIO_TYPE_NONE 0 ++# define BIO_TYPE_MEM (1|0x0400) ++# define BIO_TYPE_FILE (2|0x0400) ++ ++# define BIO_TYPE_FD (4|0x0400|0x0100) ++# define BIO_TYPE_SOCKET (5|0x0400|0x0100) ++# define BIO_TYPE_NULL (6|0x0400) ++# define BIO_TYPE_SSL (7|0x0200) ++# define BIO_TYPE_MD (8|0x0200)/* passive filter */ ++# define BIO_TYPE_BUFFER (9|0x0200)/* filter */ ++# define BIO_TYPE_CIPHER (10|0x0200)/* filter */ ++# define BIO_TYPE_BASE64 (11|0x0200)/* filter */ ++# define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ ++# define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ ++# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ ++# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ ++# define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ ++# define BIO_TYPE_NULL_FILTER (17|0x0200) ++# define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ ++# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ ++# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ ++# define BIO_TYPE_DGRAM (21|0x0400|0x0100) ++# define BIO_TYPE_COMP (23|0x0200)/* filter */ ++ ++# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ ++# define BIO_TYPE_FILTER 0x0200 ++# define BIO_TYPE_SOURCE_SINK 0x0400 ++ ++/* ++ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. ++ * BIO_set_fp(in,stdin,BIO_NOCLOSE); ++ */ ++# define BIO_NOCLOSE 0x00 ++# define BIO_CLOSE 0x01 ++ ++/* ++ * These are used in the following macros and are passed to BIO_ctrl() ++ */ ++# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */ ++# define BIO_CTRL_EOF 2/* opt - are we at the eof */ ++# define BIO_CTRL_INFO 3/* opt - extra tit-bits */ ++# define BIO_CTRL_SET 4/* man - set the 'IO' type */ ++# define BIO_CTRL_GET 5/* man - get the 'IO' type */ ++# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */ ++# define BIO_CTRL_POP 7/* opt - internal, used to signify change */ ++# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */ ++# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */ ++# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */ ++# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ ++# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ ++# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ + /* callback is int cb(BIO *bio,state,ret); */ +-#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ +-#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ ++# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ ++# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +-#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ ++# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */ + + /* dgram BIO stuff */ +-#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +-#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally +- * connected socket to be +- * passed in */ +-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ +- +-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ +- ++# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */ ++# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected ++ * socket to be passed in */ ++# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */ ++# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */ ++# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */ ++# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */ ++ ++# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */ ++# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */ ++ + /* #ifdef IP_MTU_DISCOVER */ +-#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ ++# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */ + /* #endif */ + +-#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +-#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +-#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +-#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for +- * MTU. want to use this +- * if asking the kernel +- * fails */ ++# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */ ++# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 ++# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */ ++# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU. ++ * want to use this if asking ++ * the kernel fails */ + +-#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU +- * was exceed in the +- * previous write +- * operation */ ++# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was ++ * exceed in the previous write ++ * operation */ + +-#define BIO_CTRL_DGRAM_GET_PEER 46 +-#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ ++# define BIO_CTRL_DGRAM_GET_PEER 46 ++# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */ + +-#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to +- * adjust socket timeouts */ ++# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout ++ * to * adjust socket timeouts */ + + /* modifiers */ +-#define BIO_FP_READ 0x02 +-#define BIO_FP_WRITE 0x04 +-#define BIO_FP_APPEND 0x08 +-#define BIO_FP_TEXT 0x10 +- +-#define BIO_FLAGS_READ 0x01 +-#define BIO_FLAGS_WRITE 0x02 +-#define BIO_FLAGS_IO_SPECIAL 0x04 +-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +-#define BIO_FLAGS_SHOULD_RETRY 0x08 +-#ifndef BIO_FLAGS_UPLINK +-/* "UPLINK" flag denotes file descriptors provided by application. +- It defaults to 0, as most platforms don't require UPLINK interface. */ +-#define BIO_FLAGS_UPLINK 0 +-#endif ++# define BIO_FP_READ 0x02 ++# define BIO_FP_WRITE 0x04 ++# define BIO_FP_APPEND 0x08 ++# define BIO_FP_TEXT 0x10 ++ ++# define BIO_FLAGS_READ 0x01 ++# define BIO_FLAGS_WRITE 0x02 ++# define BIO_FLAGS_IO_SPECIAL 0x04 ++# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) ++# define BIO_FLAGS_SHOULD_RETRY 0x08 ++# ifndef BIO_FLAGS_UPLINK ++/* ++ * "UPLINK" flag denotes file descriptors provided by application. It ++ * defaults to 0, as most platforms don't require UPLINK interface. ++ */ ++# define BIO_FLAGS_UPLINK 0 ++# endif + + /* Used in BIO_gethostbyname() */ +-#define BIO_GHBN_CTRL_HITS 1 +-#define BIO_GHBN_CTRL_MISSES 2 +-#define BIO_GHBN_CTRL_CACHE_SIZE 3 +-#define BIO_GHBN_CTRL_GET_ENTRY 4 +-#define BIO_GHBN_CTRL_FLUSH 5 ++# define BIO_GHBN_CTRL_HITS 1 ++# define BIO_GHBN_CTRL_MISSES 2 ++# define BIO_GHBN_CTRL_CACHE_SIZE 3 ++# define BIO_GHBN_CTRL_GET_ENTRY 4 ++# define BIO_GHBN_CTRL_FLUSH 5 + + /* Mostly used in the SSL BIO */ +-/* Not used anymore ++/*- ++ * Not used anymore + * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 + * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 +- * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 ++ * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 + */ + +-#define BIO_FLAGS_BASE64_NO_NL 0x100 ++# define BIO_FLAGS_BASE64_NO_NL 0x100 + +-/* This is used with memory BIOs: it means we shouldn't free up or change the ++/* ++ * This is used with memory BIOs: it means we shouldn't free up or change the + * data in any way. + */ +-#define BIO_FLAGS_MEM_RDONLY 0x200 ++# define BIO_FLAGS_MEM_RDONLY 0x200 + + typedef struct bio_st BIO; + + void BIO_set_flags(BIO *b, int flags); +-int BIO_test_flags(const BIO *b, int flags); ++int BIO_test_flags(const BIO *b, int flags); + void BIO_clear_flags(BIO *b, int flags); + +-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +-#define BIO_set_retry_special(b) \ +- BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +-#define BIO_set_retry_read(b) \ +- BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +-#define BIO_set_retry_write(b) \ +- BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) ++# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) ++# define BIO_set_retry_special(b) \ ++ BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) ++# define BIO_set_retry_read(b) \ ++ BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) ++# define BIO_set_retry_write(b) \ ++ BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + + /* These are normally used internally in BIOs */ +-#define BIO_clear_retry_flags(b) \ +- BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +-#define BIO_get_retry_flags(b) \ +- BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) ++# define BIO_clear_retry_flags(b) \ ++ BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) ++# define BIO_get_retry_flags(b) \ ++ BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + + /* These should be used by the application to tell why we should retry */ +-#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +-#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +-#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +-#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +-#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) +- +-/* The next three are used in conjunction with the +- * BIO_should_io_special() condition. After this returns true, +- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO +- * stack and return the 'reason' for the special and the offending BIO. +- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */ +-/* Returned from the SSL bio when the certificate retrieval code had an error */ +-#define BIO_RR_SSL_X509_LOOKUP 0x01 ++# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) ++# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) ++# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) ++# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) ++# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) ++ ++/* ++ * The next three are used in conjunction with the BIO_should_io_special() ++ * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int ++ * *reason); will walk the BIO stack and return the 'reason' for the special ++ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return ++ * the code. ++ */ ++/* ++ * Returned from the SSL bio when the certificate retrieval code had an error ++ */ ++# define BIO_RR_SSL_X509_LOOKUP 0x01 + /* Returned from the connect BIO when a connect would have blocked */ +-#define BIO_RR_CONNECT 0x02 ++# define BIO_RR_CONNECT 0x02 + /* Returned from the accept BIO when an accept would have blocked */ +-#define BIO_RR_ACCEPT 0x03 ++# define BIO_RR_ACCEPT 0x03 + + /* These are passed by the BIO callback */ +-#define BIO_CB_FREE 0x01 +-#define BIO_CB_READ 0x02 +-#define BIO_CB_WRITE 0x03 +-#define BIO_CB_PUTS 0x04 +-#define BIO_CB_GETS 0x05 +-#define BIO_CB_CTRL 0x06 +- +-/* The callback is called before and after the underling operation, +- * The BIO_CB_RETURN flag indicates if it is after the call */ +-#define BIO_CB_RETURN 0x80 +-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) +-#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +-#define BIO_cb_post(a) ((a)&BIO_CB_RETURN) +- +-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long); +-void BIO_set_callback(BIO *b, +- long (*callback)(struct bio_st *,int,const char *,int, long,long)); ++# define BIO_CB_FREE 0x01 ++# define BIO_CB_READ 0x02 ++# define BIO_CB_WRITE 0x03 ++# define BIO_CB_PUTS 0x04 ++# define BIO_CB_GETS 0x05 ++# define BIO_CB_CTRL 0x06 ++ ++/* ++ * The callback is called before and after the underling operation, The ++ * BIO_CB_RETURN flag indicates if it is after the call ++ */ ++# define BIO_CB_RETURN 0x80 ++# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) ++# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) ++# define BIO_cb_post(a) ((a)&BIO_CB_RETURN) ++ ++long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, ++ int, long, long); ++void BIO_set_callback(BIO *b, ++ long (*callback) (struct bio_st *, int, const char *, ++ int, long, long)); + char *BIO_get_callback_arg(const BIO *b); + void BIO_set_callback_arg(BIO *b, char *arg); + +-const char * BIO_method_name(const BIO *b); ++const char *BIO_method_name(const BIO *b); + int BIO_method_type(const BIO *b); + +-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); +- +-#ifndef OPENSSL_SYS_WIN16 +-typedef struct bio_method_st +- { +- int type; +- const char *name; +- int (*bwrite)(BIO *, const char *, int); +- int (*bread)(BIO *, char *, int); +- int (*bputs)(BIO *, const char *); +- int (*bgets)(BIO *, char *, int); +- long (*ctrl)(BIO *, int, long, void *); +- int (*create)(BIO *); +- int (*destroy)(BIO *); +- long (*callback_ctrl)(BIO *, int, bio_info_cb *); +- } BIO_METHOD; +-#else +-typedef struct bio_method_st +- { +- int type; +- const char *name; +- int (_far *bwrite)(); +- int (_far *bread)(); +- int (_far *bputs)(); +- int (_far *bgets)(); +- long (_far *ctrl)(); +- int (_far *create)(); +- int (_far *destroy)(); +- long (_far *callback_ctrl)(); +- } BIO_METHOD; +-#endif ++typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, ++ long); ++ ++# ifndef OPENSSL_SYS_WIN16 ++typedef struct bio_method_st { ++ int type; ++ const char *name; ++ int (*bwrite) (BIO *, const char *, int); ++ int (*bread) (BIO *, char *, int); ++ int (*bputs) (BIO *, const char *); ++ int (*bgets) (BIO *, char *, int); ++ long (*ctrl) (BIO *, int, long, void *); ++ int (*create) (BIO *); ++ int (*destroy) (BIO *); ++ long (*callback_ctrl) (BIO *, int, bio_info_cb *); ++} BIO_METHOD; ++# else ++typedef struct bio_method_st { ++ int type; ++ const char *name; ++ int (_far * bwrite) (); ++ int (_far * bread) (); ++ int (_far * bputs) (); ++ int (_far * bgets) (); ++ long (_far * ctrl) (); ++ int (_far * create) (); ++ int (_far * destroy) (); ++ long (_far * callback_ctrl) (); ++} BIO_METHOD; ++# endif + +-struct bio_st +- { +- BIO_METHOD *method; +- /* bio, mode, argp, argi, argl, ret */ +- long (*callback)(struct bio_st *,int,const char *,int, long,long); +- char *cb_arg; /* first argument for the callback */ +- +- int init; +- int shutdown; +- int flags; /* extra storage */ +- int retry_reason; +- int num; +- void *ptr; +- struct bio_st *next_bio; /* used by filter BIOs */ +- struct bio_st *prev_bio; /* used by filter BIOs */ +- int references; +- unsigned long num_read; +- unsigned long num_write; +- +- CRYPTO_EX_DATA ex_data; +- }; ++struct bio_st { ++ BIO_METHOD *method; ++ /* bio, mode, argp, argi, argl, ret */ ++ long (*callback) (struct bio_st *, int, const char *, int, long, long); ++ char *cb_arg; /* first argument for the callback */ ++ int init; ++ int shutdown; ++ int flags; /* extra storage */ ++ int retry_reason; ++ int num; ++ void *ptr; ++ struct bio_st *next_bio; /* used by filter BIOs */ ++ struct bio_st *prev_bio; /* used by filter BIOs */ ++ int references; ++ unsigned long num_read; ++ unsigned long num_write; ++ CRYPTO_EX_DATA ex_data; ++}; + + DECLARE_STACK_OF(BIO) + +-typedef struct bio_f_buffer_ctx_struct +- { +- /* Buffers are setup like this: +- * +- * <---------------------- size -----------------------> +- * +---------------------------------------------------+ +- * | consumed | remaining | free space | +- * +---------------------------------------------------+ +- * <-- off --><------- len -------> +- */ +- +- /* BIO *bio; */ /* this is now in the BIO struct */ +- int ibuf_size; /* how big is the input buffer */ +- int obuf_size; /* how big is the output buffer */ +- +- char *ibuf; /* the char array */ +- int ibuf_len; /* how many bytes are in it */ +- int ibuf_off; /* write/read offset */ +- +- char *obuf; /* the char array */ +- int obuf_len; /* how many bytes are in it */ +- int obuf_off; /* write/read offset */ +- } BIO_F_BUFFER_CTX; ++typedef struct bio_f_buffer_ctx_struct { ++ /*- ++ * Buffers are setup like this: ++ * ++ * <---------------------- size -----------------------> ++ * +---------------------------------------------------+ ++ * | consumed | remaining | free space | ++ * +---------------------------------------------------+ ++ * <-- off --><------- len -------> ++ */ ++ /*- BIO *bio; *//* ++ * this is now in the BIO struct ++ */ ++ int ibuf_size; /* how big is the input buffer */ ++ int obuf_size; /* how big is the output buffer */ ++ char *ibuf; /* the char array */ ++ int ibuf_len; /* how many bytes are in it */ ++ int ibuf_off; /* write/read offset */ ++ char *obuf; /* the char array */ ++ int obuf_len; /* how many bytes are in it */ ++ int obuf_off; /* write/read offset */ ++} BIO_F_BUFFER_CTX; + + /* connect BIO stuff */ +-#define BIO_CONN_S_BEFORE 1 +-#define BIO_CONN_S_GET_IP 2 +-#define BIO_CONN_S_GET_PORT 3 +-#define BIO_CONN_S_CREATE_SOCKET 4 +-#define BIO_CONN_S_CONNECT 5 +-#define BIO_CONN_S_OK 6 +-#define BIO_CONN_S_BLOCKED_CONNECT 7 +-#define BIO_CONN_S_NBIO 8 +-/*#define BIO_CONN_get_param_hostname BIO_ctrl */ +- +-#define BIO_C_SET_CONNECT 100 +-#define BIO_C_DO_STATE_MACHINE 101 +-#define BIO_C_SET_NBIO 102 +-#define BIO_C_SET_PROXY_PARAM 103 +-#define BIO_C_SET_FD 104 +-#define BIO_C_GET_FD 105 +-#define BIO_C_SET_FILE_PTR 106 +-#define BIO_C_GET_FILE_PTR 107 +-#define BIO_C_SET_FILENAME 108 +-#define BIO_C_SET_SSL 109 +-#define BIO_C_GET_SSL 110 +-#define BIO_C_SET_MD 111 +-#define BIO_C_GET_MD 112 +-#define BIO_C_GET_CIPHER_STATUS 113 +-#define BIO_C_SET_BUF_MEM 114 +-#define BIO_C_GET_BUF_MEM_PTR 115 +-#define BIO_C_GET_BUFF_NUM_LINES 116 +-#define BIO_C_SET_BUFF_SIZE 117 +-#define BIO_C_SET_ACCEPT 118 +-#define BIO_C_SSL_MODE 119 +-#define BIO_C_GET_MD_CTX 120 +-#define BIO_C_GET_PROXY_PARAM 121 +-#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ +-#define BIO_C_GET_CONNECT 123 +-#define BIO_C_GET_ACCEPT 124 +-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +-#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +-#define BIO_C_FILE_SEEK 128 +-#define BIO_C_GET_CIPHER_CTX 129 +-#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/ +-#define BIO_C_SET_BIND_MODE 131 +-#define BIO_C_GET_BIND_MODE 132 +-#define BIO_C_FILE_TELL 133 +-#define BIO_C_GET_SOCKS 134 +-#define BIO_C_SET_SOCKS 135 +- +-#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +-#define BIO_C_GET_WRITE_BUF_SIZE 137 +-#define BIO_C_MAKE_BIO_PAIR 138 +-#define BIO_C_DESTROY_BIO_PAIR 139 +-#define BIO_C_GET_WRITE_GUARANTEE 140 +-#define BIO_C_GET_READ_REQUEST 141 +-#define BIO_C_SHUTDOWN_WR 142 +-#define BIO_C_NREAD0 143 +-#define BIO_C_NREAD 144 +-#define BIO_C_NWRITE0 145 +-#define BIO_C_NWRITE 146 +-#define BIO_C_RESET_READ_REQUEST 147 +-#define BIO_C_SET_MD_CTX 148 +- +- +-#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +-#define BIO_get_app_data(s) BIO_get_ex_data(s,0) ++# define BIO_CONN_S_BEFORE 1 ++# define BIO_CONN_S_GET_IP 2 ++# define BIO_CONN_S_GET_PORT 3 ++# define BIO_CONN_S_CREATE_SOCKET 4 ++# define BIO_CONN_S_CONNECT 5 ++# define BIO_CONN_S_OK 6 ++# define BIO_CONN_S_BLOCKED_CONNECT 7 ++# define BIO_CONN_S_NBIO 8 ++/* ++ * #define BIO_CONN_get_param_hostname BIO_ctrl ++ */ + +-/* BIO_s_connect() and BIO_s_socks4a_connect() */ +-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) +-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +-#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) +-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) +-#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) +-#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) +-#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) +-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) ++# define BIO_C_SET_CONNECT 100 ++# define BIO_C_DO_STATE_MACHINE 101 ++# define BIO_C_SET_NBIO 102 ++# define BIO_C_SET_PROXY_PARAM 103 ++# define BIO_C_SET_FD 104 ++# define BIO_C_GET_FD 105 ++# define BIO_C_SET_FILE_PTR 106 ++# define BIO_C_GET_FILE_PTR 107 ++# define BIO_C_SET_FILENAME 108 ++# define BIO_C_SET_SSL 109 ++# define BIO_C_GET_SSL 110 ++# define BIO_C_SET_MD 111 ++# define BIO_C_GET_MD 112 ++# define BIO_C_GET_CIPHER_STATUS 113 ++# define BIO_C_SET_BUF_MEM 114 ++# define BIO_C_GET_BUF_MEM_PTR 115 ++# define BIO_C_GET_BUFF_NUM_LINES 116 ++# define BIO_C_SET_BUFF_SIZE 117 ++# define BIO_C_SET_ACCEPT 118 ++# define BIO_C_SSL_MODE 119 ++# define BIO_C_GET_MD_CTX 120 ++# define BIO_C_GET_PROXY_PARAM 121 ++# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ ++# define BIO_C_GET_CONNECT 123 ++# define BIO_C_GET_ACCEPT 124 ++# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 ++# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 ++# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 ++# define BIO_C_FILE_SEEK 128 ++# define BIO_C_GET_CIPHER_CTX 129 ++# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input ++ * value */ ++# define BIO_C_SET_BIND_MODE 131 ++# define BIO_C_GET_BIND_MODE 132 ++# define BIO_C_FILE_TELL 133 ++# define BIO_C_GET_SOCKS 134 ++# define BIO_C_SET_SOCKS 135 ++ ++# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ ++# define BIO_C_GET_WRITE_BUF_SIZE 137 ++# define BIO_C_MAKE_BIO_PAIR 138 ++# define BIO_C_DESTROY_BIO_PAIR 139 ++# define BIO_C_GET_WRITE_GUARANTEE 140 ++# define BIO_C_GET_READ_REQUEST 141 ++# define BIO_C_SHUTDOWN_WR 142 ++# define BIO_C_NREAD0 143 ++# define BIO_C_NREAD 144 ++# define BIO_C_NWRITE0 145 ++# define BIO_C_NWRITE 146 ++# define BIO_C_RESET_READ_REQUEST 147 ++# define BIO_C_SET_MD_CTX 148 ++ ++# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) ++# define BIO_get_app_data(s) BIO_get_ex_data(s,0) + ++/* BIO_s_connect() and BIO_s_socks4a_connect() */ ++# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) ++# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) ++# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) ++# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) ++# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) ++# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) ++# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) ++# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) + +-#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) ++# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + + /* BIO_s_accept_socket() */ +-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +-#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +-/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) +-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) +- +-#define BIO_BIND_NORMAL 0 +-#define BIO_BIND_REUSEADDR_IF_UNUSED 1 +-#define BIO_BIND_REUSEADDR 2 +-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +- +-#define BIO_do_connect(b) BIO_do_handshake(b) +-#define BIO_do_accept(b) BIO_do_handshake(b) +-#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) ++# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) ++# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) ++/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ ++# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) ++# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) ++ ++# define BIO_BIND_NORMAL 0 ++# define BIO_BIND_REUSEADDR_IF_UNUSED 1 ++# define BIO_BIND_REUSEADDR 2 ++# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) ++# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) ++ ++# define BIO_do_connect(b) BIO_do_handshake(b) ++# define BIO_do_accept(b) BIO_do_handshake(b) ++# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + + /* BIO_s_proxy_client() */ +-#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) +-#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) ++# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) ++# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) + /* BIO_set_nbio(b,n) */ +-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) ++# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) + /* BIO *BIO_get_filter_bio(BIO *bio); */ +-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) +-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) +-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) ++# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) ++# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) ++# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) + +-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) +-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) +-#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) +-#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) ++# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) ++# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) ++# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) ++# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) + +-#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +-#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) ++# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) ++# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) + +-#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) +-#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) ++# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) ++# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) + +-#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +-#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) ++# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) ++# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +-/* name is cast to lose const, but might be better to route through a function +- so we can do it safely */ +-#ifdef CONST_STRICT +-/* If you are wondering why this isn't defined, its because CONST_STRICT is ++/* ++ * name is cast to lose const, but might be better to route through a ++ * function so we can do it safely ++ */ ++# ifdef CONST_STRICT ++/* ++ * If you are wondering why this isn't defined, its because CONST_STRICT is + * purely a compile-time kludge to allow const to be checked. + */ +-int BIO_read_filename(BIO *b,const char *name); +-#else +-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ +- BIO_CLOSE|BIO_FP_READ,(char *)name) +-#endif +-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ +- BIO_CLOSE|BIO_FP_WRITE,name) +-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ +- BIO_CLOSE|BIO_FP_APPEND,name) +-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ +- BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) +- +-/* WARNING WARNING, this ups the reference count on the read bio of the +- * SSL structure. This is because the ssl read BIO is now pointed to by +- * the next_bio field in the bio. So when you free the BIO, make sure +- * you are doing a BIO_free_all() to catch the underlying BIO. */ +-#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) +-#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) +-#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +-#define BIO_set_ssl_renegotiate_bytes(b,num) \ +- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); +-#define BIO_get_num_renegotiates(b) \ +- BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); +-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \ +- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); ++int BIO_read_filename(BIO *b, const char *name); ++# else ++# define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++ BIO_CLOSE|BIO_FP_READ,(char *)name) ++# endif ++# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++ BIO_CLOSE|BIO_FP_WRITE,name) ++# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++ BIO_CLOSE|BIO_FP_APPEND,name) ++# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++ BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) ++ ++/* ++ * WARNING WARNING, this ups the reference count on the read bio of the SSL ++ * structure. This is because the ssl read BIO is now pointed to by the ++ * next_bio field in the bio. So when you free the BIO, make sure you are ++ * doing a BIO_free_all() to catch the underlying BIO. ++ */ ++# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) ++# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) ++# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) ++# define BIO_set_ssl_renegotiate_bytes(b,num) \ ++ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); ++# define BIO_get_num_renegotiates(b) \ ++ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); ++# define BIO_set_ssl_renegotiate_timeout(b,seconds) \ ++ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); + + /* defined in evp.h */ +-/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ ++/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ + +-#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) +-#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) +-#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +-#define BIO_set_mem_eof_return(b,v) \ +- BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) ++# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) ++# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) ++# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) ++# define BIO_set_mem_eof_return(b,v) \ ++ BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + + /* For the BIO_f_buffer() type */ +-#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +-#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) ++# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) ++# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) ++# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) ++# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) ++# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + + /* Don't use the next one unless you know what you are doing :-) */ +-#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) +- +-#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +-#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +-#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +-#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +-#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +-#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) ++# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) ++ ++# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) ++# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) ++# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) ++# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) ++# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) ++# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) + /* ...pending macros have inappropriate return type */ + size_t BIO_ctrl_pending(BIO *b); + size_t BIO_ctrl_wpending(BIO *b); +-#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ +- cbp) +-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) ++# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) ++# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ ++ cbp) ++# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + + /* For the BIO_f_buffer() type */ +-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) ++# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) + + /* For BIO_s_bio() */ +-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +-#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +-#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) ++# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) ++# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) ++# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) ++# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) ++# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) + /* macros with inappropriate type -- but ...pending macros use int too: */ +-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +-#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) ++# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) ++# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) + size_t BIO_ctrl_get_write_guarantee(BIO *b); + size_t BIO_ctrl_get_read_request(BIO *b); + int BIO_ctrl_reset_read_request(BIO *b); + + /* ctrl macros for dgram */ +-#define BIO_ctrl_dgram_connect(b,peer) \ ++# define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +-#define BIO_ctrl_set_connected(b, state, peer) \ ++# define BIO_ctrl_set_connected(b, state, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +-#define BIO_dgram_recv_timedout(b) \ ++# define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +-#define BIO_dgram_send_timedout(b) \ ++# define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +-#define BIO_dgram_get_peer(b,peer) \ ++# define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) +-#define BIO_dgram_set_peer(b,peer) \ ++# define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) + + /* These two aren't currently implemented */ + /* int BIO_get_ex_num(BIO *bio); */ + /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ +-int BIO_set_ex_data(BIO *bio,int idx,void *data); +-void *BIO_get_ex_data(BIO *bio,int idx); ++int BIO_set_ex_data(BIO *bio, int idx, void *data); ++void *BIO_get_ex_data(BIO *bio, int idx); + int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + unsigned long BIO_number_read(BIO *bio); + unsigned long BIO_number_written(BIO *bio); + +@@ -574,52 +587,54 @@ unsigned long BIO_number_written(BIO *bio); + BIO_METHOD *BIO_s_file_internal(void); + BIO *BIO_new_file_internal(char *filename, char *mode); + BIO *BIO_new_fp_internal(FILE *stream, int close_flag); +-# define BIO_s_file BIO_s_file_internal +-# define BIO_new_file BIO_new_file_internal +-# define BIO_new_fp BIO_new_fp_internal +-# else /* FP_API */ +-BIO_METHOD *BIO_s_file(void ); ++# define BIO_s_file BIO_s_file_internal ++# define BIO_new_file BIO_new_file_internal ++# define BIO_new_fp BIO_new_fp_internal ++# else /* FP_API */ ++BIO_METHOD *BIO_s_file(void); + BIO *BIO_new_file(const char *filename, const char *mode); + BIO *BIO_new_fp(FILE *stream, int close_flag); +-# define BIO_s_file_internal BIO_s_file +-# define BIO_new_file_internal BIO_new_file +-# define BIO_new_fp_internal BIO_s_file +-# endif /* FP_API */ ++# define BIO_s_file_internal BIO_s_file ++# define BIO_new_file_internal BIO_new_file ++# define BIO_new_fp_internal BIO_s_file ++# endif /* FP_API */ + # endif +-BIO * BIO_new(BIO_METHOD *type); +-int BIO_set(BIO *a,BIO_METHOD *type); +-int BIO_free(BIO *a); +-void BIO_vfree(BIO *a); +-int BIO_read(BIO *b, void *data, int len); +-int BIO_gets(BIO *bp,char *buf, int size); +-int BIO_write(BIO *b, const void *data, int len); +-int BIO_puts(BIO *bp,const char *buf); +-int BIO_indent(BIO *b,int indent,int max); +-long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); +-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); +-char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); +-long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); +-BIO * BIO_push(BIO *b,BIO *append); +-BIO * BIO_pop(BIO *b); +-void BIO_free_all(BIO *a); +-BIO * BIO_find_type(BIO *b,int bio_type); +-BIO * BIO_next(BIO *b); +-BIO * BIO_get_retry_BIO(BIO *bio, int *reason); +-int BIO_get_retry_reason(BIO *bio); +-BIO * BIO_dup_chain(BIO *in); ++BIO *BIO_new(BIO_METHOD *type); ++int BIO_set(BIO *a, BIO_METHOD *type); ++int BIO_free(BIO *a); ++void BIO_vfree(BIO *a); ++int BIO_read(BIO *b, void *data, int len); ++int BIO_gets(BIO *bp, char *buf, int size); ++int BIO_write(BIO *b, const void *data, int len); ++int BIO_puts(BIO *bp, const char *buf); ++int BIO_indent(BIO *b, int indent, int max); ++long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); ++long BIO_callback_ctrl(BIO *b, int cmd, ++ void (*fp) (struct bio_st *, int, const char *, int, ++ long, long)); ++char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); ++long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); ++BIO *BIO_push(BIO *b, BIO *append); ++BIO *BIO_pop(BIO *b); ++void BIO_free_all(BIO *a); ++BIO *BIO_find_type(BIO *b, int bio_type); ++BIO *BIO_next(BIO *b); ++BIO *BIO_get_retry_BIO(BIO *bio, int *reason); ++int BIO_get_retry_reason(BIO *bio); ++BIO *BIO_dup_chain(BIO *in); + + int BIO_nread0(BIO *bio, char **buf); + int BIO_nread(BIO *bio, char **buf, int num); + int BIO_nwrite0(BIO *bio, char **buf); + int BIO_nwrite(BIO *bio, char **buf, int num); + +-#ifndef OPENSSL_SYS_WIN16 +-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, +- long argl,long ret); +-#else +-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, +- long argl,long ret); +-#endif ++# ifndef OPENSSL_SYS_WIN16 ++long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, ++ long argl, long ret); ++# else ++long _far _loadds BIO_debug_callback(BIO *bio, int cmd, const char *argp, ++ int argi, long argl, long ret); ++# endif + + BIO_METHOD *BIO_s_mem(void); + BIO *BIO_new_mem_buf(void *buf, int len); +@@ -627,20 +642,20 @@ BIO_METHOD *BIO_s_socket(void); + BIO_METHOD *BIO_s_connect(void); + BIO_METHOD *BIO_s_accept(void); + BIO_METHOD *BIO_s_fd(void); +-#ifndef OPENSSL_SYS_OS2 ++# ifndef OPENSSL_SYS_OS2 + BIO_METHOD *BIO_s_log(void); +-#endif ++# endif + BIO_METHOD *BIO_s_bio(void); + BIO_METHOD *BIO_s_null(void); + BIO_METHOD *BIO_f_null(void); + BIO_METHOD *BIO_f_buffer(void); +-#ifdef OPENSSL_SYS_VMS ++# ifdef OPENSSL_SYS_VMS + BIO_METHOD *BIO_f_linebuffer(void); +-#endif ++# endif + BIO_METHOD *BIO_f_nbio_test(void); +-#ifndef OPENSSL_NO_DGRAM ++# ifndef OPENSSL_NO_DGRAM + BIO_METHOD *BIO_s_datagram(void); +-#endif ++# endif + + /* BIO_METHOD *BIO_f_ber(void); */ + +@@ -650,18 +665,19 @@ int BIO_dgram_non_fatal_error(int error); + + int BIO_fd_should_retry(int i); + int BIO_fd_non_fatal_error(int error); +-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), +- void *u, const char *s, int len); +-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), +- void *u, const char *s, int len, int indent); +-int BIO_dump(BIO *b,const char *bytes,int len); +-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); +-#ifndef OPENSSL_NO_FP_API ++int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), ++ void *u, const char *s, int len); ++int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), ++ void *u, const char *s, int len, int indent); ++int BIO_dump(BIO *b, const char *bytes, int len); ++int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); ++# ifndef OPENSSL_NO_FP_API + int BIO_dump_fp(FILE *fp, const char *s, int len); + int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); +-#endif ++# endif + struct hostent *BIO_gethostbyname(const char *name); +-/* We might want a thread-safe interface too: ++/*- ++ * We might want a thread-safe interface too: + * struct hostent *BIO_gethostbyname_r(const char *name, + * struct hostent *result, void *buffer, size_t buflen); + * or something similar (caller allocates a struct hostent, +@@ -671,14 +687,14 @@ struct hostent *BIO_gethostbyname(const char *name); + */ + int BIO_sock_error(int sock); + int BIO_socket_ioctl(int fd, long type, void *arg); +-int BIO_socket_nbio(int fd,int mode); ++int BIO_socket_nbio(int fd, int mode); + int BIO_get_port(const char *str, unsigned short *port_ptr); + int BIO_get_host_ip(const char *str, unsigned char *ip); +-int BIO_get_accept_socket(char *host_port,int mode); +-int BIO_accept(int sock,char **ip_port); +-int BIO_sock_init(void ); ++int BIO_get_accept_socket(char *host_port, int mode); ++int BIO_accept(int sock, char **ip_port); ++int BIO_sock_init(void); + void BIO_sock_cleanup(void); +-int BIO_set_tcp_ndelay(int sock,int turn_on); ++int BIO_set_tcp_ndelay(int sock, int turn_on); + + BIO *BIO_new_socket(int sock, int close_flag); + BIO *BIO_new_dgram(int fd, int close_flag); +@@ -687,33 +703,37 @@ BIO *BIO_new_connect(char *host_port); + BIO *BIO_new_accept(char *host_port); + + int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, +- BIO **bio2, size_t writebuf2); +-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. +- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. +- * Size 0 uses default value. ++ BIO **bio2, size_t writebuf2); ++/* ++ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. ++ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default ++ * value. + */ + + void BIO_copy_next_retry(BIO *b); + +-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ ++/* ++ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); ++ */ + +-#ifdef __GNUC__ ++# ifdef __GNUC__ + # define __bio_h__attr__ __attribute__ +-#else ++# else + # define __bio_h__attr__(x) +-#endif ++# endif + int BIO_printf(BIO *bio, const char *format, ...) +- __bio_h__attr__((__format__(__printf__,2,3))); ++__bio_h__attr__((__format__(__printf__, 2, 3))); + int BIO_vprintf(BIO *bio, const char *format, va_list args) +- __bio_h__attr__((__format__(__printf__,2,0))); ++__bio_h__attr__((__format__(__printf__, 2, 0))); + int BIO_snprintf(char *buf, size_t n, const char *format, ...) +- __bio_h__attr__((__format__(__printf__,3,4))); ++__bio_h__attr__((__format__(__printf__, 3, 4))); + int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +- __bio_h__attr__((__format__(__printf__,3,0))); +-#undef __bio_h__attr__ ++__bio_h__attr__((__format__(__printf__, 3, 0))); ++# undef __bio_h__attr__ + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_BIO_strings(void); +@@ -721,69 +741,69 @@ void ERR_load_BIO_strings(void); + /* Error codes for the BIO functions. */ + + /* Function codes. */ +-#define BIO_F_ACPT_STATE 100 +-#define BIO_F_BIO_ACCEPT 101 +-#define BIO_F_BIO_BER_GET_HEADER 102 +-#define BIO_F_BIO_CALLBACK_CTRL 131 +-#define BIO_F_BIO_CTRL 103 +-#define BIO_F_BIO_GETHOSTBYNAME 120 +-#define BIO_F_BIO_GETS 104 +-#define BIO_F_BIO_GET_ACCEPT_SOCKET 105 +-#define BIO_F_BIO_GET_HOST_IP 106 +-#define BIO_F_BIO_GET_PORT 107 +-#define BIO_F_BIO_MAKE_PAIR 121 +-#define BIO_F_BIO_NEW 108 +-#define BIO_F_BIO_NEW_FILE 109 +-#define BIO_F_BIO_NEW_MEM_BUF 126 +-#define BIO_F_BIO_NREAD 123 +-#define BIO_F_BIO_NREAD0 124 +-#define BIO_F_BIO_NWRITE 125 +-#define BIO_F_BIO_NWRITE0 122 +-#define BIO_F_BIO_PUTS 110 +-#define BIO_F_BIO_READ 111 +-#define BIO_F_BIO_SOCK_INIT 112 +-#define BIO_F_BIO_WRITE 113 +-#define BIO_F_BUFFER_CTRL 114 +-#define BIO_F_CONN_CTRL 127 +-#define BIO_F_CONN_STATE 115 +-#define BIO_F_FILE_CTRL 116 +-#define BIO_F_FILE_READ 130 +-#define BIO_F_LINEBUFFER_CTRL 129 +-#define BIO_F_MEM_READ 128 +-#define BIO_F_MEM_WRITE 117 +-#define BIO_F_SSL_NEW 118 +-#define BIO_F_WSASTARTUP 119 ++# define BIO_F_ACPT_STATE 100 ++# define BIO_F_BIO_ACCEPT 101 ++# define BIO_F_BIO_BER_GET_HEADER 102 ++# define BIO_F_BIO_CALLBACK_CTRL 131 ++# define BIO_F_BIO_CTRL 103 ++# define BIO_F_BIO_GETHOSTBYNAME 120 ++# define BIO_F_BIO_GETS 104 ++# define BIO_F_BIO_GET_ACCEPT_SOCKET 105 ++# define BIO_F_BIO_GET_HOST_IP 106 ++# define BIO_F_BIO_GET_PORT 107 ++# define BIO_F_BIO_MAKE_PAIR 121 ++# define BIO_F_BIO_NEW 108 ++# define BIO_F_BIO_NEW_FILE 109 ++# define BIO_F_BIO_NEW_MEM_BUF 126 ++# define BIO_F_BIO_NREAD 123 ++# define BIO_F_BIO_NREAD0 124 ++# define BIO_F_BIO_NWRITE 125 ++# define BIO_F_BIO_NWRITE0 122 ++# define BIO_F_BIO_PUTS 110 ++# define BIO_F_BIO_READ 111 ++# define BIO_F_BIO_SOCK_INIT 112 ++# define BIO_F_BIO_WRITE 113 ++# define BIO_F_BUFFER_CTRL 114 ++# define BIO_F_CONN_CTRL 127 ++# define BIO_F_CONN_STATE 115 ++# define BIO_F_FILE_CTRL 116 ++# define BIO_F_FILE_READ 130 ++# define BIO_F_LINEBUFFER_CTRL 129 ++# define BIO_F_MEM_READ 128 ++# define BIO_F_MEM_WRITE 117 ++# define BIO_F_SSL_NEW 118 ++# define BIO_F_WSASTARTUP 119 + + /* Reason codes. */ +-#define BIO_R_ACCEPT_ERROR 100 +-#define BIO_R_BAD_FOPEN_MODE 101 +-#define BIO_R_BAD_HOSTNAME_LOOKUP 102 +-#define BIO_R_BROKEN_PIPE 124 +-#define BIO_R_CONNECT_ERROR 103 +-#define BIO_R_EOF_ON_MEMORY_BIO 127 +-#define BIO_R_ERROR_SETTING_NBIO 104 +-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 +-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 +-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +-#define BIO_R_INVALID_ARGUMENT 125 +-#define BIO_R_INVALID_IP_ADDRESS 108 +-#define BIO_R_IN_USE 123 +-#define BIO_R_KEEPALIVE 109 +-#define BIO_R_NBIO_CONNECT_ERROR 110 +-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 +-#define BIO_R_NO_HOSTNAME_SPECIFIED 112 +-#define BIO_R_NO_PORT_DEFINED 113 +-#define BIO_R_NO_PORT_SPECIFIED 114 +-#define BIO_R_NO_SUCH_FILE 128 +-#define BIO_R_NULL_PARAMETER 115 +-#define BIO_R_TAG_MISMATCH 116 +-#define BIO_R_UNABLE_TO_BIND_SOCKET 117 +-#define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +-#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +-#define BIO_R_UNINITIALIZED 120 +-#define BIO_R_UNSUPPORTED_METHOD 121 +-#define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +-#define BIO_R_WSASTARTUP 122 ++# define BIO_R_ACCEPT_ERROR 100 ++# define BIO_R_BAD_FOPEN_MODE 101 ++# define BIO_R_BAD_HOSTNAME_LOOKUP 102 ++# define BIO_R_BROKEN_PIPE 124 ++# define BIO_R_CONNECT_ERROR 103 ++# define BIO_R_EOF_ON_MEMORY_BIO 127 ++# define BIO_R_ERROR_SETTING_NBIO 104 ++# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 ++# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 ++# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 ++# define BIO_R_INVALID_ARGUMENT 125 ++# define BIO_R_INVALID_IP_ADDRESS 108 ++# define BIO_R_IN_USE 123 ++# define BIO_R_KEEPALIVE 109 ++# define BIO_R_NBIO_CONNECT_ERROR 110 ++# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 ++# define BIO_R_NO_HOSTNAME_SPECIFIED 112 ++# define BIO_R_NO_PORT_DEFINED 113 ++# define BIO_R_NO_PORT_SPECIFIED 114 ++# define BIO_R_NO_SUCH_FILE 128 ++# define BIO_R_NULL_PARAMETER 115 ++# define BIO_R_TAG_MISMATCH 116 ++# define BIO_R_UNABLE_TO_BIND_SOCKET 117 ++# define BIO_R_UNABLE_TO_CREATE_SOCKET 118 ++# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 ++# define BIO_R_UNINITIALIZED 120 ++# define BIO_R_UNSUPPORTED_METHOD 121 ++# define BIO_R_WRITE_TO_READ_ONLY_BIO 126 ++# define BIO_R_WSASTARTUP 122 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/blowfish.h b/Cryptlib/Include/openssl/blowfish.h +index d24ffcc..db19b9a 100644 +--- a/Cryptlib/Include/openssl/blowfish.h ++++ b/Cryptlib/Include/openssl/blowfish.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,69 +57,70 @@ + */ + + #ifndef HEADER_BLOWFISH_H +-#define HEADER_BLOWFISH_H ++# define HEADER_BLOWFISH_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef OPENSSL_NO_BF +-#error BF is disabled. +-#endif ++# ifdef OPENSSL_NO_BF ++# error BF is disabled. ++# endif + +-#define BF_ENCRYPT 1 +-#define BF_DECRYPT 0 ++# define BF_ENCRYPT 1 ++# define BF_DECRYPT 0 + +-/* ++/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! BF_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +-#define BF_LONG unsigned long +-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +-#define BF_LONG unsigned long +-#define BF_LONG_LOG2 3 ++# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# define BF_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define BF_LONG unsigned long ++# define BF_LONG_LOG2 3 + /* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... +- * ++ * + */ +-#else +-#define BF_LONG unsigned int +-#endif ++# else ++# define BF_LONG unsigned int ++# endif + +-#define BF_ROUNDS 16 +-#define BF_BLOCK 8 ++# define BF_ROUNDS 16 ++# define BF_BLOCK 8 + +-typedef struct bf_key_st +- { +- BF_LONG P[BF_ROUNDS+2]; +- BF_LONG S[4*256]; +- } BF_KEY; ++typedef struct bf_key_st { ++ BF_LONG P[BF_ROUNDS + 2]; ++ BF_LONG S[4 * 256]; ++} BF_KEY; + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +-#endif ++# endif + void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +-void BF_encrypt(BF_LONG *data,const BF_KEY *key); +-void BF_decrypt(BF_LONG *data,const BF_KEY *key); ++void BF_encrypt(BF_LONG *data, const BF_KEY *key); ++void BF_decrypt(BF_LONG *data, const BF_KEY *key); + + void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const BF_KEY *key, int enc); ++ const BF_KEY *key, int enc); + void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int enc); +-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); +-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int *num); ++ const BF_KEY *schedule, unsigned char *ivec, int enc); ++void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const BF_KEY *schedule, ++ unsigned char *ivec, int *num, int enc); ++void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const BF_KEY *schedule, ++ unsigned char *ivec, int *num); + const char *BF_options(void); + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h +index 688a4e7..6dc2d75 100644 +--- a/Cryptlib/Include/openssl/bn.h ++++ b/Cryptlib/Include/openssl/bn.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,214 +58,226 @@ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +- * Portions of the attached software ("Contribution") are developed by ++ * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * +- * The binary polynomial arithmetic software is originally written by ++ * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + + #ifndef HEADER_BN_H +-#define HEADER_BN_H ++# define HEADER_BN_H + +-#include +-#ifndef OPENSSL_NO_FP_API +-#include /* FILE */ +-#endif +-#include ++# include ++# ifndef OPENSSL_NO_FP_API ++# include /* FILE */ ++# endif ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* These preprocessor symbols control various aspects of the bignum headers and +- * library code. They're not defined by any "normal" configuration, as they are +- * intended for development and testing purposes. NB: defining all three can be +- * useful for debugging application code as well as openssl itself. +- * +- * BN_DEBUG - turn on various debugging alterations to the bignum code +- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up ++/* ++ * These preprocessor symbols control various aspects of the bignum headers ++ * and library code. They're not defined by any "normal" configuration, as ++ * they are intended for development and testing purposes. NB: defining all ++ * three can be useful for debugging application code as well as openssl ++ * itself. BN_DEBUG - turn on various debugging alterations to the bignum ++ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ + /* #define BN_DEBUG */ + /* #define BN_DEBUG_RAND */ + +-#define BN_MUL_COMBA +-#define BN_SQR_COMBA +-#define BN_RECURSION +- +-/* This next option uses the C libraries (2 word)/(1 word) function. +- * If it is not defined, I use my C version (which is slower). +- * The reason for this flag is that when the particular C compiler +- * library routine is used, and the library is linked with a different +- * compiler, the library is missing. This mostly happens when the +- * library is built with gcc and then linked using normal cc. This would +- * be a common occurrence because gcc normally produces code that is +- * 2 times faster than system compilers for the big number stuff. +- * For machines with only one compiler (or shared libraries), this should +- * be on. Again this in only really a problem on machines +- * using "long long's", are 32bit, and are not using my assembler code. */ +-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ ++# define BN_MUL_COMBA ++# define BN_SQR_COMBA ++# define BN_RECURSION ++ ++/* ++ * This next option uses the C libraries (2 word)/(1 word) function. If it is ++ * not defined, I use my C version (which is slower). The reason for this ++ * flag is that when the particular C compiler library routine is used, and ++ * the library is linked with a different compiler, the library is missing. ++ * This mostly happens when the library is built with gcc and then linked ++ * using normal cc. This would be a common occurrence because gcc normally ++ * produces code that is 2 times faster than system compilers for the big ++ * number stuff. For machines with only one compiler (or shared libraries), ++ * this should be on. Again this in only really a problem on machines using ++ * "long long's", are 32bit, and are not using my assembler code. ++ */ ++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ + defined(OPENSSL_SYS_WIN32) || defined(linux) +-# ifndef BN_DIV2W +-# define BN_DIV2W ++# ifndef BN_DIV2W ++# define BN_DIV2W ++# endif + # endif +-#endif +- +-/* assuming long is 64bit - this is the DEC Alpha +- * unsigned long long is only 64 bits :-(, don't define +- * BN_LLONG for the DEC Alpha */ +-#ifdef SIXTY_FOUR_BIT_LONG +-#define BN_ULLONG unsigned long long +-#define BN_ULONG unsigned long +-#define BN_LONG long +-#define BN_BITS 128 +-#define BN_BYTES 8 +-#define BN_BITS2 64 +-#define BN_BITS4 32 +-#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +-#define BN_MASK2 (0xffffffffffffffffL) +-#define BN_MASK2l (0xffffffffL) +-#define BN_MASK2h (0xffffffff00000000L) +-#define BN_MASK2h1 (0xffffffff80000000L) +-#define BN_TBIT (0x8000000000000000L) +-#define BN_DEC_CONV (10000000000000000000UL) +-#define BN_DEC_FMT1 "%lu" +-#define BN_DEC_FMT2 "%019lu" +-#define BN_DEC_NUM 19 +-#endif + +-/* This is where the long long data type is 64 bits, but long is 32. +- * For machines where there are 64bit registers, this is the mode to use. +- * IRIX, on R4000 and above should use this mode, along with the relevant +- * assembler code :-). Do NOT define BN_LLONG. ++/* ++ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only ++ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha + */ +-#ifdef SIXTY_FOUR_BIT +-#undef BN_LLONG +-#undef BN_ULLONG +-#define BN_ULONG unsigned long long +-#define BN_LONG long long +-#define BN_BITS 128 +-#define BN_BYTES 8 +-#define BN_BITS2 64 +-#define BN_BITS4 32 +-#define BN_MASK2 (0xffffffffffffffffLL) +-#define BN_MASK2l (0xffffffffL) +-#define BN_MASK2h (0xffffffff00000000LL) +-#define BN_MASK2h1 (0xffffffff80000000LL) +-#define BN_TBIT (0x8000000000000000LL) +-#define BN_DEC_CONV (10000000000000000000ULL) +-#define BN_DEC_FMT1 "%llu" +-#define BN_DEC_FMT2 "%019llu" +-#define BN_DEC_NUM 19 +-#endif ++# ifdef SIXTY_FOUR_BIT_LONG ++# define BN_ULLONG unsigned long long ++# define BN_ULONG unsigned long ++# define BN_LONG long ++# define BN_BITS 128 ++# define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) ++# define BN_MASK2 (0xffffffffffffffffL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000L) ++# define BN_MASK2h1 (0xffffffff80000000L) ++# define BN_TBIT (0x8000000000000000L) ++# define BN_DEC_CONV (10000000000000000000UL) ++# define BN_DEC_FMT1 "%lu" ++# define BN_DEC_FMT2 "%019lu" ++# define BN_DEC_NUM 19 ++# endif + +-#ifdef THIRTY_TWO_BIT +-#ifdef BN_LLONG +-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) +-# define BN_ULLONG unsigned __int64 +-# else +-# define BN_ULLONG unsigned long long ++/* ++ * This is where the long long data type is 64 bits, but long is 32. For ++ * machines where there are 64bit registers, this is the mode to use. IRIX, ++ * on R4000 and above should use this mode, along with the relevant assembler ++ * code :-). Do NOT define BN_LLONG. ++ */ ++# ifdef SIXTY_FOUR_BIT ++# undef BN_LLONG ++# undef BN_ULLONG ++# define BN_ULONG unsigned long long ++# define BN_LONG long long ++# define BN_BITS 128 ++# define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK2 (0xffffffffffffffffLL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000LL) ++# define BN_MASK2h1 (0xffffffff80000000LL) ++# define BN_TBIT (0x8000000000000000LL) ++# define BN_DEC_CONV (10000000000000000000ULL) ++# define BN_DEC_FMT1 "%llu" ++# define BN_DEC_FMT2 "%019llu" ++# define BN_DEC_NUM 19 + # endif +-#endif +-#define BN_ULONG unsigned long +-#define BN_LONG long +-#define BN_BITS 64 +-#define BN_BYTES 4 +-#define BN_BITS2 32 +-#define BN_BITS4 16 +-#ifdef OPENSSL_SYS_WIN32 ++ ++# ifdef THIRTY_TWO_BIT ++# ifdef BN_LLONG ++# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) ++# define BN_ULLONG unsigned __int64 ++# else ++# define BN_ULLONG unsigned long long ++# endif ++# endif ++# define BN_ULONG unsigned long ++# define BN_LONG long ++# define BN_BITS 64 ++# define BN_BYTES 4 ++# define BN_BITS2 32 ++# define BN_BITS4 16 ++# ifdef OPENSSL_SYS_WIN32 + /* VC++ doesn't like the LL suffix */ +-#define BN_MASK (0xffffffffffffffffL) +-#else +-#define BN_MASK (0xffffffffffffffffLL) +-#endif +-#define BN_MASK2 (0xffffffffL) +-#define BN_MASK2l (0xffff) +-#define BN_MASK2h1 (0xffff8000L) +-#define BN_MASK2h (0xffff0000L) +-#define BN_TBIT (0x80000000L) +-#define BN_DEC_CONV (1000000000L) +-#define BN_DEC_FMT1 "%lu" +-#define BN_DEC_FMT2 "%09lu" +-#define BN_DEC_NUM 9 +-#endif ++# define BN_MASK (0xffffffffffffffffL) ++# else ++# define BN_MASK (0xffffffffffffffffLL) ++# endif ++# define BN_MASK2 (0xffffffffL) ++# define BN_MASK2l (0xffff) ++# define BN_MASK2h1 (0xffff8000L) ++# define BN_MASK2h (0xffff0000L) ++# define BN_TBIT (0x80000000L) ++# define BN_DEC_CONV (1000000000L) ++# define BN_DEC_FMT1 "%lu" ++# define BN_DEC_FMT2 "%09lu" ++# define BN_DEC_NUM 9 ++# endif + +-#ifdef SIXTEEN_BIT +-#ifndef BN_DIV2W +-#define BN_DIV2W +-#endif +-#define BN_ULLONG unsigned long +-#define BN_ULONG unsigned short +-#define BN_LONG short +-#define BN_BITS 32 +-#define BN_BYTES 2 +-#define BN_BITS2 16 +-#define BN_BITS4 8 +-#define BN_MASK (0xffffffff) +-#define BN_MASK2 (0xffff) +-#define BN_MASK2l (0xff) +-#define BN_MASK2h1 (0xff80) +-#define BN_MASK2h (0xff00) +-#define BN_TBIT (0x8000) +-#define BN_DEC_CONV (100000) +-#define BN_DEC_FMT1 "%u" +-#define BN_DEC_FMT2 "%05u" +-#define BN_DEC_NUM 5 +-#endif ++# ifdef SIXTEEN_BIT ++# ifndef BN_DIV2W ++# define BN_DIV2W ++# endif ++# define BN_ULLONG unsigned long ++# define BN_ULONG unsigned short ++# define BN_LONG short ++# define BN_BITS 32 ++# define BN_BYTES 2 ++# define BN_BITS2 16 ++# define BN_BITS4 8 ++# define BN_MASK (0xffffffff) ++# define BN_MASK2 (0xffff) ++# define BN_MASK2l (0xff) ++# define BN_MASK2h1 (0xff80) ++# define BN_MASK2h (0xff00) ++# define BN_TBIT (0x8000) ++# define BN_DEC_CONV (100000) ++# define BN_DEC_FMT1 "%u" ++# define BN_DEC_FMT2 "%05u" ++# define BN_DEC_NUM 5 ++# endif + +-#ifdef EIGHT_BIT +-#ifndef BN_DIV2W +-#define BN_DIV2W +-#endif +-#define BN_ULLONG unsigned short +-#define BN_ULONG unsigned char +-#define BN_LONG char +-#define BN_BITS 16 +-#define BN_BYTES 1 +-#define BN_BITS2 8 +-#define BN_BITS4 4 +-#define BN_MASK (0xffff) +-#define BN_MASK2 (0xff) +-#define BN_MASK2l (0xf) +-#define BN_MASK2h1 (0xf8) +-#define BN_MASK2h (0xf0) +-#define BN_TBIT (0x80) +-#define BN_DEC_CONV (100) +-#define BN_DEC_FMT1 "%u" +-#define BN_DEC_FMT2 "%02u" +-#define BN_DEC_NUM 2 +-#endif ++# ifdef EIGHT_BIT ++# ifndef BN_DIV2W ++# define BN_DIV2W ++# endif ++# define BN_ULLONG unsigned short ++# define BN_ULONG unsigned char ++# define BN_LONG char ++# define BN_BITS 16 ++# define BN_BYTES 1 ++# define BN_BITS2 8 ++# define BN_BITS4 4 ++# define BN_MASK (0xffff) ++# define BN_MASK2 (0xff) ++# define BN_MASK2l (0xf) ++# define BN_MASK2h1 (0xf8) ++# define BN_MASK2h (0xf0) ++# define BN_TBIT (0x80) ++# define BN_DEC_CONV (100) ++# define BN_DEC_FMT1 "%u" ++# define BN_DEC_FMT2 "%02u" ++# define BN_DEC_NUM 2 ++# endif + +-#define BN_DEFAULT_BITS 1280 ++# define BN_DEFAULT_BITS 1280 + +-#define BN_FLG_MALLOCED 0x01 +-#define BN_FLG_STATIC_DATA 0x02 +-#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, +- * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, +- * BN_div() will call BN_div_no_branch, +- * BN_mod_inverse() will call BN_mod_inverse_no_branch. +- */ ++# define BN_FLG_MALLOCED 0x01 ++# define BN_FLG_STATIC_DATA 0x02 + +-#ifndef OPENSSL_NO_DEPRECATED +-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ +- /* avoid leaking exponent information through timings +- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +-#endif ++/* ++ * avoid leaking exponent information through timing, ++ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, ++ * BN_div() will call BN_div_no_branch, ++ * BN_mod_inverse() will call BN_mod_inverse_no_branch. ++ */ ++# define BN_FLG_CONSTTIME 0x04 ++ ++# ifdef OPENSSL_NO_DEPRECATED ++/* deprecated name for the flag */ ++# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME ++/* ++ * avoid leaking exponent information through timings ++ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) ++ */ ++# endif + +-#ifndef OPENSSL_NO_DEPRECATED +-#define BN_FLG_FREE 0x8000 /* used for debuging */ +-#endif +-#define BN_set_flags(b,n) ((b)->flags|=(n)) +-#define BN_get_flags(b,n) ((b)->flags&(n)) ++# ifndef OPENSSL_NO_DEPRECATED ++# define BN_FLG_FREE 0x8000 ++ /* used for debuging */ ++# endif ++# define BN_set_flags(b,n) ((b)->flags|=(n)) ++# define BN_get_flags(b,n) ((b)->flags&(n)) + +-/* get a clone of a BIGNUM with changed flags, for *temporary* use only +- * (the two BIGNUMs cannot not be used in parallel!) */ +-#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ ++/* ++ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the ++ * two BIGNUMs cannot not be used in parallel!) ++ */ ++# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ +@@ -275,7 +287,7 @@ extern "C" { + | (n))) + + /* Already declared in ossl_typ.h */ +-#if 0 ++# if 0 + typedef struct bignum_st BIGNUM; + /* Used for temp variables (declaration hidden in bn_lcl.h) */ + typedef struct bignum_ctx BN_CTX; +@@ -283,84 +295,84 @@ typedef struct bn_blinding_st BN_BLINDING; + typedef struct bn_mont_ctx_st BN_MONT_CTX; + typedef struct bn_recp_ctx_st BN_RECP_CTX; + typedef struct bn_gencb_st BN_GENCB; +-#endif ++# endif + +-struct bignum_st +- { +- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ +- int top; /* Index of last used d +1. */ +- /* The next are internal book keeping for bn_expand. */ +- int dmax; /* Size of the d array. */ +- int neg; /* one if the number is negative */ +- int flags; +- }; ++struct bignum_st { ++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit ++ * chunks. */ ++ int top; /* Index of last used d +1. */ ++ /* The next are internal book keeping for bn_expand. */ ++ int dmax; /* Size of the d array. */ ++ int neg; /* one if the number is negative */ ++ int flags; ++}; + + /* Used for montgomery multiplication */ +-struct bn_mont_ctx_st +- { +- int ri; /* number of bits in R */ +- BIGNUM RR; /* used to convert to montgomery form */ +- BIGNUM N; /* The modulus */ +- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 +- * (Ni is only stored for bignum algorithm) */ +-#if 0 +- /* OpenSSL 0.9.9 preview: */ +- BN_ULONG n0[2];/* least significant word(s) of Ni */ +-#else +- BN_ULONG n0; /* least significant word of Ni */ +-#endif +- int flags; +- }; ++struct bn_mont_ctx_st { ++ int ri; /* number of bits in R */ ++ BIGNUM RR; /* used to convert to montgomery form */ ++ BIGNUM N; /* The modulus */ ++ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only ++ * stored for bignum algorithm) */ ++# if 0 ++ /* OpenSSL 0.9.9 preview: */ ++ BN_ULONG n0[2]; /* least significant word(s) of Ni */ ++# else ++ BN_ULONG n0; /* least significant word of Ni */ ++# endif ++ int flags; ++}; + +-/* Used for reciprocal division/mod functions +- * It cannot be shared between threads ++/* ++ * Used for reciprocal division/mod functions It cannot be shared between ++ * threads + */ +-struct bn_recp_ctx_st +- { +- BIGNUM N; /* the divisor */ +- BIGNUM Nr; /* the reciprocal */ +- int num_bits; +- int shift; +- int flags; +- }; ++struct bn_recp_ctx_st { ++ BIGNUM N; /* the divisor */ ++ BIGNUM Nr; /* the reciprocal */ ++ int num_bits; ++ int shift; ++ int flags; ++}; + + /* Used for slow "generation" functions. */ +-struct bn_gencb_st +- { +- unsigned int ver; /* To handle binary (in)compatibility */ +- void *arg; /* callback-specific data */ +- union +- { +- /* if(ver==1) - handles old style callbacks */ +- void (*cb_1)(int, int, void *); +- /* if(ver==2) - new callback style */ +- int (*cb_2)(int, int, BN_GENCB *); +- } cb; +- }; ++struct bn_gencb_st { ++ unsigned int ver; /* To handle binary (in)compatibility */ ++ void *arg; /* callback-specific data */ ++ union { ++ /* if(ver==1) - handles old style callbacks */ ++ void (*cb_1) (int, int, void *); ++ /* if(ver==2) - new callback style */ ++ int (*cb_2) (int, int, BN_GENCB *); ++ } cb; ++}; + /* Wrapper function to make using BN_GENCB easier, */ + int BN_GENCB_call(BN_GENCB *cb, int a, int b); + /* Macro to populate a BN_GENCB structure with an "old"-style callback */ +-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ +- BN_GENCB *tmp_gencb = (gencb); \ +- tmp_gencb->ver = 1; \ +- tmp_gencb->arg = (cb_arg); \ +- tmp_gencb->cb.cb_1 = (callback); } ++# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 1; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_1 = (callback); } + /* Macro to populate a BN_GENCB structure with a "new"-style callback */ +-#define BN_GENCB_set(gencb, callback, cb_arg) { \ +- BN_GENCB *tmp_gencb = (gencb); \ +- tmp_gencb->ver = 2; \ +- tmp_gencb->arg = (cb_arg); \ +- tmp_gencb->cb.cb_2 = (callback); } +- +-#define BN_prime_checks 0 /* default: select number of iterations +- based on the size of the number */ +- +-/* number of Miller-Rabin iterations for an error rate of less than 2^-80 +- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook +- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; +- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates +- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ +-#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ ++# define BN_GENCB_set(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 2; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_2 = (callback); } ++ ++# define BN_prime_checks 0 /* default: select number of iterations based ++ * on the size of the number */ ++ ++/* ++ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for ++ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of ++ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; ++ * original paper: Damgaard, Landrock, Pomerance: Average case error ++ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) ++ * 177-194) ++ */ ++# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ +@@ -373,281 +385,311 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +-#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) ++# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + + /* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ +- (((w) == 0) && ((a)->top == 0))) +-#define BN_is_zero(a) ((a)->top == 0) +-#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) +-#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) +-#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) +- +-#define BN_one(a) (BN_set_word((a),1)) +-#define BN_zero_ex(a) \ +- do { \ +- BIGNUM *_tmp_bn = (a); \ +- _tmp_bn->top = 0; \ +- _tmp_bn->neg = 0; \ +- } while(0) +-#ifdef OPENSSL_NO_DEPRECATED +-#define BN_zero(a) BN_zero_ex(a) +-#else +-#define BN_zero(a) (BN_set_word((a),0)) +-#endif ++# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ ++ (((w) == 0) && ((a)->top == 0))) ++# define BN_is_zero(a) ((a)->top == 0) ++# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) ++# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) ++# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) ++ ++# define BN_one(a) (BN_set_word((a),1)) ++# define BN_zero_ex(a) \ ++ do { \ ++ BIGNUM *_tmp_bn = (a); \ ++ _tmp_bn->top = 0; \ ++ _tmp_bn->neg = 0; \ ++ } while(0) ++# ifdef OPENSSL_NO_DEPRECATED ++# define BN_zero(a) BN_zero_ex(a) ++# else ++# define BN_zero(a) (BN_set_word((a),0)) ++# endif + + const BIGNUM *BN_value_one(void); +-char * BN_options(void); ++char *BN_options(void); + BN_CTX *BN_CTX_new(void); +-#ifndef OPENSSL_NO_DEPRECATED +-void BN_CTX_init(BN_CTX *c); +-#endif +-void BN_CTX_free(BN_CTX *c); +-void BN_CTX_start(BN_CTX *ctx); ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_CTX_init(BN_CTX *c); ++# endif ++void BN_CTX_free(BN_CTX *c); ++void BN_CTX_start(BN_CTX *ctx); + BIGNUM *BN_CTX_get(BN_CTX *ctx); +-void BN_CTX_end(BN_CTX *ctx); +-int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); +-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +-int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +-int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +-int BN_num_bits(const BIGNUM *a); +-int BN_num_bits_word(BN_ULONG); ++void BN_CTX_end(BN_CTX *ctx); ++int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); ++int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); ++int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); ++int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); ++int BN_num_bits(const BIGNUM *a); ++int BN_num_bits_word(BN_ULONG); + BIGNUM *BN_new(void); +-void BN_init(BIGNUM *); +-void BN_clear_free(BIGNUM *a); ++void BN_init(BIGNUM *); ++void BN_clear_free(BIGNUM *a); + BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +-void BN_swap(BIGNUM *a, BIGNUM *b); +-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); +-int BN_bn2bin(const BIGNUM *a, unsigned char *to); +-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); +-int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +-int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); ++void BN_swap(BIGNUM *a, BIGNUM *b); ++BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); ++int BN_bn2bin(const BIGNUM *a, unsigned char *to); ++BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); ++int BN_bn2mpi(const BIGNUM *a, unsigned char *to); ++int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); ++int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); + /** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object +- * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise ++ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +-void BN_set_negative(BIGNUM *b, int n); ++void BN_set_negative(BIGNUM *b, int n); + /** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +-#define BN_is_negative(a) ((a)->neg != 0) +- +-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, +- BN_CTX *ctx); +-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); +-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); ++# define BN_is_negative(a) ((a)->neg != 0) ++ ++int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, ++ BN_CTX *ctx); ++# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) ++int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); ++int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m); ++int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m); ++int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); ++int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +-int BN_mul_word(BIGNUM *a, BN_ULONG w); +-int BN_add_word(BIGNUM *a, BN_ULONG w); +-int BN_sub_word(BIGNUM *a, BN_ULONG w); +-int BN_set_word(BIGNUM *a, BN_ULONG w); ++int BN_mul_word(BIGNUM *a, BN_ULONG w); ++int BN_add_word(BIGNUM *a, BN_ULONG w); ++int BN_sub_word(BIGNUM *a, BN_ULONG w); ++int BN_set_word(BIGNUM *a, BN_ULONG w); + BN_ULONG BN_get_word(const BIGNUM *a); + +-int BN_cmp(const BIGNUM *a, const BIGNUM *b); +-void BN_free(BIGNUM *a); +-int BN_is_bit_set(const BIGNUM *a, int n); +-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +-int BN_lshift1(BIGNUM *r, const BIGNUM *a); +-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); +- +-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m,BN_CTX *ctx); +-int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_cmp(const BIGNUM *a, const BIGNUM *b); ++void BN_free(BIGNUM *a); ++int BN_is_bit_set(const BIGNUM *a, int n); ++int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); ++int BN_lshift1(BIGNUM *r, const BIGNUM *a); ++int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++ ++int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); +-int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, +- const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, +- BN_CTX *ctx,BN_MONT_CTX *m_ctx); +-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m,BN_CTX *ctx); +- +-int BN_mask_bits(BIGNUM *a,int n); +-#ifndef OPENSSL_NO_FP_API +-int BN_print_fp(FILE *fp, const BIGNUM *a); +-#endif +-#ifdef HEADER_BIO_H +-int BN_print(BIO *fp, const BIGNUM *a); +-#else +-int BN_print(void *fp, const BIGNUM *a); +-#endif +-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); +-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +-int BN_rshift1(BIGNUM *r, const BIGNUM *a); +-void BN_clear(BIGNUM *a); ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); ++int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, ++ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, ++ BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++ ++int BN_mask_bits(BIGNUM *a, int n); ++# ifndef OPENSSL_NO_FP_API ++int BN_print_fp(FILE *fp, const BIGNUM *a); ++# endif ++# ifdef HEADER_BIO_H ++int BN_print(BIO *fp, const BIGNUM *a); ++# else ++int BN_print(void *fp, const BIGNUM *a); ++# endif ++int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); ++int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); ++int BN_rshift1(BIGNUM *r, const BIGNUM *a); ++void BN_clear(BIGNUM *a); + BIGNUM *BN_dup(const BIGNUM *a); +-int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +-int BN_set_bit(BIGNUM *a, int n); +-int BN_clear_bit(BIGNUM *a, int n); +-char * BN_bn2hex(const BIGNUM *a); +-char * BN_bn2dec(const BIGNUM *a); +-int BN_hex2bn(BIGNUM **a, const char *str); +-int BN_dec2bn(BIGNUM **a, const char *str); +-int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); +-int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ ++int BN_ucmp(const BIGNUM *a, const BIGNUM *b); ++int BN_set_bit(BIGNUM *a, int n); ++int BN_clear_bit(BIGNUM *a, int n); ++char *BN_bn2hex(const BIGNUM *a); ++char *BN_bn2dec(const BIGNUM *a); ++int BN_hex2bn(BIGNUM **a, const char *str); ++int BN_dec2bn(BIGNUM **a, const char *str); ++int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); ++int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns ++ * -2 for ++ * error */ + BIGNUM *BN_mod_inverse(BIGNUM *ret, +- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + BIGNUM *BN_mod_sqrt(BIGNUM *ret, +- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +-void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); ++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + + /* Deprecated versions */ +-#ifndef OPENSSL_NO_DEPRECATED +-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, +- const BIGNUM *add, const BIGNUM *rem, +- void (*callback)(int,int,void *),void *cb_arg); +-int BN_is_prime(const BIGNUM *p,int nchecks, +- void (*callback)(int,int,void *), +- BN_CTX *ctx,void *cb_arg); +-int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, +- void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, +- int do_trial_division); +-#endif /* !defined(OPENSSL_NO_DEPRECATED) */ ++# ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, ++ const BIGNUM *add, const BIGNUM *rem, ++ void (*callback) (int, int, void *), void *cb_arg); ++int BN_is_prime(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), ++ BN_CTX *ctx, void *cb_arg); ++int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), BN_CTX *ctx, ++ void *cb_arg, int do_trial_division); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* Newer versions */ +-int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, +- const BIGNUM *rem, BN_GENCB *cb); +-int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); +-int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, +- int do_trial_division, BN_GENCB *cb); ++int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, ++ const BIGNUM *rem, BN_GENCB *cb); ++int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); ++int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, ++ int do_trial_division, BN_GENCB *cb); + + int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + + int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +- BIGNUM *Xp1, BIGNUM *Xp2, +- const BIGNUM *Xp, +- const BIGNUM *e, BN_CTX *ctx, +- BN_GENCB *cb); +- +-BN_MONT_CTX *BN_MONT_CTX_new(void ); ++ const BIGNUM *Xp, const BIGNUM *Xp1, ++ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, ++ BN_GENCB *cb); ++int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, ++ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, ++ BN_CTX *ctx, BN_GENCB *cb); ++ ++BN_MONT_CTX *BN_MONT_CTX_new(void); + void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, +- BN_MONT_CTX *mont, BN_CTX *ctx); +-#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ +- (r),(a),&((mont)->RR),(mont),(ctx)) +-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, +- BN_MONT_CTX *mont, BN_CTX *ctx); ++int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ BN_MONT_CTX *mont, BN_CTX *ctx); ++# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ ++ (r),(a),&((mont)->RR),(mont),(ctx)) ++int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, ++ BN_MONT_CTX *mont, BN_CTX *ctx); + void BN_MONT_CTX_free(BN_MONT_CTX *mont); +-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx); +-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); ++int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); ++BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, +- const BIGNUM *mod, BN_CTX *ctx); ++ const BIGNUM *mod, BN_CTX *ctx); + + /* BN_BLINDING flags */ +-#define BN_BLINDING_NO_UPDATE 0x00000001 +-#define BN_BLINDING_NO_RECREATE 0x00000002 ++# define BN_BLINDING_NO_UPDATE 0x00000001 ++# define BN_BLINDING_NO_RECREATE 0x00000002 + +-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod); ++BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); + void BN_BLINDING_free(BN_BLINDING *b); +-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); ++int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); ++int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, ++ BN_CTX *); + unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); + void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); + void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); + BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, +- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), +- BN_MONT_CTX *m_ctx); +- +-#ifndef OPENSSL_NO_DEPRECATED +-void BN_set_params(int mul,int high,int low,int mont); +-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +-#endif ++ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, ++ int (*bn_mod_exp) (BIGNUM *r, ++ const BIGNUM *a, ++ const BIGNUM *p, ++ const BIGNUM *m, ++ BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx), ++ BN_MONT_CTX *m_ctx); ++ ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_set_params(int mul, int high, int low, int mont); ++int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ ++# endif + +-void BN_RECP_CTX_init(BN_RECP_CTX *recp); ++void BN_RECP_CTX_init(BN_RECP_CTX *recp); + BN_RECP_CTX *BN_RECP_CTX_new(void); +-void BN_RECP_CTX_free(BN_RECP_CTX *recp); +-int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); +-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, +- BN_RECP_CTX *recp,BN_CTX *ctx); +-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx); +-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, +- BN_RECP_CTX *recp, BN_CTX *ctx); +- +-/* Functions for arithmetic over binary polynomials represented by BIGNUMs. +- * ++void BN_RECP_CTX_free(BN_RECP_CTX *recp); ++int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); ++int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ++ BN_RECP_CTX *recp, BN_CTX *ctx); ++int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ++ BN_RECP_CTX *recp, BN_CTX *ctx); ++ ++/* ++ * Functions for arithmetic over binary polynomials represented by BIGNUMs. + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is +- * ignored. +- * +- * Note that input arguments are not const so that their bit arrays can +- * be expanded to the appropriate size if needed. ++ * ignored. Note that input arguments are not const so that their bit arrays ++ * can be expanded to the appropriate size if needed. + */ + +-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ +-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ +-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ +-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- BN_CTX *ctx); /* r = (a * a) mod p */ +-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, +- BN_CTX *ctx); /* r = (1 / b) mod p */ +-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ +-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ +-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- BN_CTX *ctx); /* r = sqrt(a) mod p */ +-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- BN_CTX *ctx); /* r^2 + r = a mod p */ +-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +-/* Some functions allow for representation of the irreducible polynomials ++/* ++ * r = a + b ++ */ ++int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) ++/* ++ * r=a mod p ++ */ ++int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); ++/* r = (a * b) mod p */ ++int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = (a * a) mod p */ ++int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++/* r = (1 / b) mod p */ ++int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); ++/* r = (a / b) mod p */ ++int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = (a ^ b) mod p */ ++int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = sqrt(a) mod p */ ++int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx); ++/* r^2 + r = a mod p */ ++int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx); ++# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) ++/*- ++ * Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); +- /* r = a mod p */ +-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], +- BN_CTX *ctx); /* r = (a * a) mod p */ +-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], +- BN_CTX *ctx); /* r = (1 / b) mod p */ +-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */ +-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ +-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, +- const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ +-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, +- const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); +-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); +- +-/* faster mod functions for the 'NIST primes' +- * 0 <= a < p^2 */ ++/* r = a mod p */ ++int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]); ++/* r = (a * b) mod p */ ++int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const unsigned int p[], BN_CTX *ctx); ++/* r = (a * a) mod p */ ++int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], ++ BN_CTX *ctx); ++/* r = (1 / b) mod p */ ++int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[], ++ BN_CTX *ctx); ++/* r = (a / b) mod p */ ++int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const unsigned int p[], BN_CTX *ctx); ++/* r = (a ^ b) mod p */ ++int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const unsigned int p[], BN_CTX *ctx); ++/* r = sqrt(a) mod p */ ++int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, ++ const unsigned int p[], BN_CTX *ctx); ++/* r^2 + r = a mod p */ ++int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, ++ const unsigned int p[], BN_CTX *ctx); ++int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max); ++int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a); ++ ++/* ++ * faster mod functions for the 'NIST primes' 0 <= a < p^2 ++ */ + int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +@@ -662,15 +704,16 @@ const BIGNUM *BN_get0_nist_prime_521(void); + + /* library internal functions */ + +-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ +- (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) +-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) ++# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ ++ (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2)) ++# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) + BIGNUM *bn_expand2(BIGNUM *a, int words); +-#ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_DEPRECATED + BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ +-#endif ++# endif + +-/* Bignum consistency macros ++/*- ++ * Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading +@@ -698,84 +741,87 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ + * coverage for openssl's own code. + */ + +-#ifdef BN_DEBUG ++# ifdef BN_DEBUG + + /* We only need assert() when debugging */ +-#include ++# include + +-#ifdef BN_DEBUG_RAND ++# ifdef BN_DEBUG_RAND + /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +-#ifndef RAND_pseudo_bytes +-int RAND_pseudo_bytes(unsigned char *buf,int num); +-#define BN_DEBUG_TRIX +-#endif +-#define bn_pollute(a) \ +- do { \ +- const BIGNUM *_bnum1 = (a); \ +- if(_bnum1->top < _bnum1->dmax) { \ +- unsigned char _tmp_char; \ +- /* We cast away const without the compiler knowing, any \ +- * *genuinely* constant variables that aren't mutable \ +- * wouldn't be constructed with top!=dmax. */ \ +- BN_ULONG *_not_const; \ +- memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ +- RAND_pseudo_bytes(&_tmp_char, 1); \ +- memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ +- (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ +- } \ +- } while(0) +-#ifdef BN_DEBUG_TRIX +-#undef RAND_pseudo_bytes +-#endif +-#else +-#define bn_pollute(a) +-#endif +-#define bn_check_top(a) \ +- do { \ +- const BIGNUM *_bnum2 = (a); \ +- if (_bnum2 != NULL) { \ +- assert((_bnum2->top == 0) || \ +- (_bnum2->d[_bnum2->top - 1] != 0)); \ +- bn_pollute(_bnum2); \ +- } \ +- } while(0) +- +-#define bn_fix_top(a) bn_check_top(a) +- +-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +-#define bn_wcheck_size(bn, words) \ +- do { \ +- const BIGNUM *_bnum2 = (bn); \ +- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ +- } while(0) +- +-#else /* !BN_DEBUG */ +- +-#define bn_pollute(a) +-#define bn_check_top(a) +-#define bn_fix_top(a) bn_correct_top(a) +-#define bn_check_size(bn, bits) +-#define bn_wcheck_size(bn, words) ++# ifndef RAND_pseudo_bytes ++int RAND_pseudo_bytes(unsigned char *buf, int num); ++# define BN_DEBUG_TRIX ++# endif ++# define bn_pollute(a) \ ++ do { \ ++ const BIGNUM *_bnum1 = (a); \ ++ if(_bnum1->top < _bnum1->dmax) { \ ++ unsigned char _tmp_char; \ ++ /* We cast away const without the compiler knowing, any \ ++ * *genuinely* constant variables that aren't mutable \ ++ * wouldn't be constructed with top!=dmax. */ \ ++ BN_ULONG *_not_const; \ ++ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ ++ RAND_pseudo_bytes(&_tmp_char, 1); \ ++ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ ++ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ ++ } \ ++ } while(0) ++# ifdef BN_DEBUG_TRIX ++# undef RAND_pseudo_bytes ++# endif ++# else ++# define bn_pollute(a) ++# endif ++# define bn_check_top(a) \ ++ do { \ ++ const BIGNUM *_bnum2 = (a); \ ++ if (_bnum2 != NULL) { \ ++ assert((_bnum2->top == 0) || \ ++ (_bnum2->d[_bnum2->top - 1] != 0)); \ ++ bn_pollute(_bnum2); \ ++ } \ ++ } while(0) ++ ++# define bn_fix_top(a) bn_check_top(a) ++ ++# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) ++# define bn_wcheck_size(bn, words) \ ++ do { \ ++ const BIGNUM *_bnum2 = (bn); \ ++ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ ++ } while(0) ++ ++# else /* !BN_DEBUG */ ++ ++# define bn_pollute(a) ++# define bn_check_top(a) ++# define bn_fix_top(a) bn_correct_top(a) ++# define bn_check_size(bn, bits) ++# define bn_wcheck_size(bn, words) + +-#endif ++# endif + +-#define bn_correct_top(a) \ ++# define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ +- if ((a)->top > 0) \ +- { \ +- for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ +- if (*(ftl--)) break; \ +- } \ +- bn_pollute(a); \ +- } +- +-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); ++ if ((a)->top > 0) \ ++ { \ ++ for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ ++ if (*(ftl--)) break; \ ++ } \ ++ bn_pollute(a); \ ++ } ++ ++BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, ++ BN_ULONG w); + BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +-void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); ++void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); + BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); +-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); ++BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); ++BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); + + /* Primes from RFC 2409 */ + BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +@@ -789,10 +835,11 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); + BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); + BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + +-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); ++int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_BN_strings(void); +@@ -800,65 +847,65 @@ void ERR_load_BN_strings(void); + /* Error codes for the BN functions. */ + + /* Function codes. */ +-#define BN_F_BNRAND 127 +-#define BN_F_BN_BLINDING_CONVERT_EX 100 +-#define BN_F_BN_BLINDING_CREATE_PARAM 128 +-#define BN_F_BN_BLINDING_INVERT_EX 101 +-#define BN_F_BN_BLINDING_NEW 102 +-#define BN_F_BN_BLINDING_UPDATE 103 +-#define BN_F_BN_BN2DEC 104 +-#define BN_F_BN_BN2HEX 105 +-#define BN_F_BN_CTX_GET 116 +-#define BN_F_BN_CTX_NEW 106 +-#define BN_F_BN_CTX_START 129 +-#define BN_F_BN_DIV 107 +-#define BN_F_BN_DIV_NO_BRANCH 138 +-#define BN_F_BN_DIV_RECP 130 +-#define BN_F_BN_EXP 123 +-#define BN_F_BN_EXPAND2 108 +-#define BN_F_BN_EXPAND_INTERNAL 120 +-#define BN_F_BN_GF2M_MOD 131 +-#define BN_F_BN_GF2M_MOD_EXP 132 +-#define BN_F_BN_GF2M_MOD_MUL 133 +-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +-#define BN_F_BN_GF2M_MOD_SQR 136 +-#define BN_F_BN_GF2M_MOD_SQRT 137 +-#define BN_F_BN_MOD_EXP2_MONT 118 +-#define BN_F_BN_MOD_EXP_MONT 109 +-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +-#define BN_F_BN_MOD_EXP_MONT_WORD 117 +-#define BN_F_BN_MOD_EXP_RECP 125 +-#define BN_F_BN_MOD_EXP_SIMPLE 126 +-#define BN_F_BN_MOD_INVERSE 110 +-#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +-#define BN_F_BN_MOD_LSHIFT_QUICK 119 +-#define BN_F_BN_MOD_MUL_RECIPROCAL 111 +-#define BN_F_BN_MOD_SQRT 121 +-#define BN_F_BN_MPI2BN 112 +-#define BN_F_BN_NEW 113 +-#define BN_F_BN_RAND 114 +-#define BN_F_BN_RAND_RANGE 122 +-#define BN_F_BN_USUB 115 ++# define BN_F_BNRAND 127 ++# define BN_F_BN_BLINDING_CONVERT_EX 100 ++# define BN_F_BN_BLINDING_CREATE_PARAM 128 ++# define BN_F_BN_BLINDING_INVERT_EX 101 ++# define BN_F_BN_BLINDING_NEW 102 ++# define BN_F_BN_BLINDING_UPDATE 103 ++# define BN_F_BN_BN2DEC 104 ++# define BN_F_BN_BN2HEX 105 ++# define BN_F_BN_CTX_GET 116 ++# define BN_F_BN_CTX_NEW 106 ++# define BN_F_BN_CTX_START 129 ++# define BN_F_BN_DIV 107 ++# define BN_F_BN_DIV_NO_BRANCH 138 ++# define BN_F_BN_DIV_RECP 130 ++# define BN_F_BN_EXP 123 ++# define BN_F_BN_EXPAND2 108 ++# define BN_F_BN_EXPAND_INTERNAL 120 ++# define BN_F_BN_GF2M_MOD 131 ++# define BN_F_BN_GF2M_MOD_EXP 132 ++# define BN_F_BN_GF2M_MOD_MUL 133 ++# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 ++# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 ++# define BN_F_BN_GF2M_MOD_SQR 136 ++# define BN_F_BN_GF2M_MOD_SQRT 137 ++# define BN_F_BN_MOD_EXP2_MONT 118 ++# define BN_F_BN_MOD_EXP_MONT 109 ++# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 ++# define BN_F_BN_MOD_EXP_MONT_WORD 117 ++# define BN_F_BN_MOD_EXP_RECP 125 ++# define BN_F_BN_MOD_EXP_SIMPLE 126 ++# define BN_F_BN_MOD_INVERSE 110 ++# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 ++# define BN_F_BN_MOD_LSHIFT_QUICK 119 ++# define BN_F_BN_MOD_MUL_RECIPROCAL 111 ++# define BN_F_BN_MOD_SQRT 121 ++# define BN_F_BN_MPI2BN 112 ++# define BN_F_BN_NEW 113 ++# define BN_F_BN_RAND 114 ++# define BN_F_BN_RAND_RANGE 122 ++# define BN_F_BN_USUB 115 + + /* Reason codes. */ +-#define BN_R_ARG2_LT_ARG3 100 +-#define BN_R_BAD_RECIPROCAL 101 +-#define BN_R_BIGNUM_TOO_LONG 114 +-#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +-#define BN_R_DIV_BY_ZERO 103 +-#define BN_R_ENCODING_ERROR 104 +-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +-#define BN_R_INPUT_NOT_REDUCED 110 +-#define BN_R_INVALID_LENGTH 106 +-#define BN_R_INVALID_RANGE 115 +-#define BN_R_NOT_A_SQUARE 111 +-#define BN_R_NOT_INITIALIZED 107 +-#define BN_R_NO_INVERSE 108 +-#define BN_R_NO_SOLUTION 116 +-#define BN_R_P_IS_NOT_PRIME 112 +-#define BN_R_TOO_MANY_ITERATIONS 113 +-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 ++# define BN_R_ARG2_LT_ARG3 100 ++# define BN_R_BAD_RECIPROCAL 101 ++# define BN_R_BIGNUM_TOO_LONG 114 ++# define BN_R_CALLED_WITH_EVEN_MODULUS 102 ++# define BN_R_DIV_BY_ZERO 103 ++# define BN_R_ENCODING_ERROR 104 ++# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 ++# define BN_R_INPUT_NOT_REDUCED 110 ++# define BN_R_INVALID_LENGTH 106 ++# define BN_R_INVALID_RANGE 115 ++# define BN_R_NOT_A_SQUARE 111 ++# define BN_R_NOT_INITIALIZED 107 ++# define BN_R_NO_INVERSE 108 ++# define BN_R_NO_SOLUTION 116 ++# define BN_R_P_IS_NOT_PRIME 112 ++# define BN_R_TOO_MANY_ITERATIONS 113 ++# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/buffer.h b/Cryptlib/Include/openssl/buffer.h +index 1db9607..910832f 100644 +--- a/Cryptlib/Include/openssl/buffer.h ++++ b/Cryptlib/Include/openssl/buffer.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,45 +57,44 @@ + */ + + #ifndef HEADER_BUFFER_H +-#define HEADER_BUFFER_H ++# define HEADER_BUFFER_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#include ++# include + +-#if !defined(NO_SYS_TYPES_H) +-#include +-#endif ++# if !defined(NO_SYS_TYPES_H) ++# include ++# endif + + /* Already declared in ossl_typ.h */ + /* typedef struct buf_mem_st BUF_MEM; */ + +-struct buf_mem_st +- { +- int length; /* current number of bytes */ +- char *data; +- int max; /* size of buffer */ +- }; ++struct buf_mem_st { ++ int length; /* current number of bytes */ ++ char *data; ++ int max; /* size of buffer */ ++}; + + BUF_MEM *BUF_MEM_new(void); +-void BUF_MEM_free(BUF_MEM *a); +-int BUF_MEM_grow(BUF_MEM *str, int len); +-int BUF_MEM_grow_clean(BUF_MEM *str, int len); +-char * BUF_strdup(const char *str); +-char * BUF_strndup(const char *str, size_t siz); +-void * BUF_memdup(const void *data, size_t siz); ++void BUF_MEM_free(BUF_MEM *a); ++int BUF_MEM_grow(BUF_MEM *str, int len); ++int BUF_MEM_grow_clean(BUF_MEM *str, int len); ++char *BUF_strdup(const char *str); ++char *BUF_strndup(const char *str, size_t siz); ++void *BUF_memdup(const void *data, size_t siz); + + /* safe string functions */ +-size_t BUF_strlcpy(char *dst,const char *src,size_t siz); +-size_t BUF_strlcat(char *dst,const char *src,size_t siz); +- ++size_t BUF_strlcpy(char *dst, const char *src, size_t siz); ++size_t BUF_strlcat(char *dst, const char *src, size_t siz); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_BUF_strings(void); +@@ -103,12 +102,12 @@ void ERR_load_BUF_strings(void); + /* Error codes for the BUF functions. */ + + /* Function codes. */ +-#define BUF_F_BUF_MEMDUP 103 +-#define BUF_F_BUF_MEM_GROW 100 +-#define BUF_F_BUF_MEM_GROW_CLEAN 105 +-#define BUF_F_BUF_MEM_NEW 101 +-#define BUF_F_BUF_STRDUP 102 +-#define BUF_F_BUF_STRNDUP 104 ++# define BUF_F_BUF_MEMDUP 103 ++# define BUF_F_BUF_MEM_GROW 100 ++# define BUF_F_BUF_MEM_GROW_CLEAN 105 ++# define BUF_F_BUF_MEM_NEW 101 ++# define BUF_F_BUF_STRDUP 102 ++# define BUF_F_BUF_STRNDUP 104 + + /* Reason codes. */ + +diff --git a/Cryptlib/Include/openssl/cast.h b/Cryptlib/Include/openssl/cast.h +index 6e0cd31..46c97cd 100644 +--- a/Cryptlib/Include/openssl/cast.h ++++ b/Cryptlib/Include/openssl/cast.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,48 +57,48 @@ + */ + + #ifndef HEADER_CAST_H +-#define HEADER_CAST_H ++# define HEADER_CAST_H + + #ifdef __cplusplus + extern "C" { + #endif + +-#include ++# include + +-#ifdef OPENSSL_NO_CAST +-#error CAST is disabled. +-#endif ++# ifdef OPENSSL_NO_CAST ++# error CAST is disabled. ++# endif + +-#define CAST_ENCRYPT 1 +-#define CAST_DECRYPT 0 ++# define CAST_ENCRYPT 1 ++# define CAST_DECRYPT 0 + +-#define CAST_LONG unsigned long ++# define CAST_LONG unsigned long + +-#define CAST_BLOCK 8 +-#define CAST_KEY_LENGTH 16 ++# define CAST_BLOCK 8 ++# define CAST_KEY_LENGTH 16 + +-typedef struct cast_key_st +- { +- CAST_LONG data[32]; +- int short_key; /* Use reduced rounds for short key */ +- } CAST_KEY; ++typedef struct cast_key_st { ++ CAST_LONG data[32]; ++ int short_key; /* Use reduced rounds for short key */ ++} CAST_KEY; + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +-#endif ++# endif + void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, +- int enc); ++void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, ++ const CAST_KEY *key, int enc); + void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); + void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- const CAST_KEY *ks, unsigned char *iv, int enc); ++void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const CAST_KEY *ks, unsigned char *iv, ++ int enc); + void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *schedule, unsigned char *ivec, +- int *num, int enc); +-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *schedule, unsigned char *ivec, +- int *num); ++ long length, const CAST_KEY *schedule, ++ unsigned char *ivec, int *num, int enc); ++void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const CAST_KEY *schedule, ++ unsigned char *ivec, int *num); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/comp.h b/Cryptlib/Include/openssl/comp.h +index 4b405c7..406c428 100644 +--- a/Cryptlib/Include/openssl/comp.h ++++ b/Cryptlib/Include/openssl/comp.h +@@ -1,8 +1,8 @@ + + #ifndef HEADER_COMP_H +-#define HEADER_COMP_H ++# define HEADER_COMP_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { +@@ -10,53 +10,52 @@ extern "C" { + + typedef struct comp_ctx_st COMP_CTX; + +-typedef struct comp_method_st +- { +- int type; /* NID for compression library */ +- const char *name; /* A text string to identify the library */ +- int (*init)(COMP_CTX *ctx); +- void (*finish)(COMP_CTX *ctx); +- int (*compress)(COMP_CTX *ctx, +- unsigned char *out, unsigned int olen, +- unsigned char *in, unsigned int ilen); +- int (*expand)(COMP_CTX *ctx, +- unsigned char *out, unsigned int olen, +- unsigned char *in, unsigned int ilen); +- /* The following two do NOTHING, but are kept for backward compatibility */ +- long (*ctrl)(void); +- long (*callback_ctrl)(void); +- } COMP_METHOD; +- +-struct comp_ctx_st +- { +- COMP_METHOD *meth; +- unsigned long compress_in; +- unsigned long compress_out; +- unsigned long expand_in; +- unsigned long expand_out; +- +- CRYPTO_EX_DATA ex_data; +- }; ++typedef struct comp_method_st { ++ int type; /* NID for compression library */ ++ const char *name; /* A text string to identify the library */ ++ int (*init) (COMP_CTX *ctx); ++ void (*finish) (COMP_CTX *ctx); ++ int (*compress) (COMP_CTX *ctx, ++ unsigned char *out, unsigned int olen, ++ unsigned char *in, unsigned int ilen); ++ int (*expand) (COMP_CTX *ctx, ++ unsigned char *out, unsigned int olen, ++ unsigned char *in, unsigned int ilen); ++ /* ++ * The following two do NOTHING, but are kept for backward compatibility ++ */ ++ long (*ctrl) (void); ++ long (*callback_ctrl) (void); ++} COMP_METHOD; + ++struct comp_ctx_st { ++ COMP_METHOD *meth; ++ unsigned long compress_in; ++ unsigned long compress_out; ++ unsigned long expand_in; ++ unsigned long expand_out; ++ CRYPTO_EX_DATA ex_data; ++}; + + COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); + void COMP_CTX_free(COMP_CTX *ctx); + int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, +- unsigned char *in, int ilen); ++ unsigned char *in, int ilen); + int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, +- unsigned char *in, int ilen); +-COMP_METHOD *COMP_rle(void ); +-COMP_METHOD *COMP_zlib(void ); ++ unsigned char *in, int ilen); ++COMP_METHOD *COMP_rle(void); ++COMP_METHOD *COMP_zlib(void); + void COMP_zlib_cleanup(void); + +-#ifdef HEADER_BIO_H +-#ifdef ZLIB ++# ifdef HEADER_BIO_H ++# ifdef ZLIB + BIO_METHOD *BIO_f_zlib(void); +-#endif +-#endif ++# endif ++# endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_COMP_strings(void); +@@ -64,15 +63,15 @@ void ERR_load_COMP_strings(void); + /* Error codes for the COMP functions. */ + + /* Function codes. */ +-#define COMP_F_BIO_ZLIB_FLUSH 99 +-#define COMP_F_BIO_ZLIB_NEW 100 +-#define COMP_F_BIO_ZLIB_READ 101 +-#define COMP_F_BIO_ZLIB_WRITE 102 ++# define COMP_F_BIO_ZLIB_FLUSH 99 ++# define COMP_F_BIO_ZLIB_NEW 100 ++# define COMP_F_BIO_ZLIB_READ 101 ++# define COMP_F_BIO_ZLIB_WRITE 102 + + /* Reason codes. */ +-#define COMP_R_ZLIB_DEFLATE_ERROR 99 +-#define COMP_R_ZLIB_INFLATE_ERROR 100 +-#define COMP_R_ZLIB_NOT_SUPPORTED 101 ++# define COMP_R_ZLIB_DEFLATE_ERROR 99 ++# define COMP_R_ZLIB_INFLATE_ERROR 100 ++# define COMP_R_ZLIB_NOT_SUPPORTED 101 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h +index 8aa06bc..0cdadaf 100644 +--- a/Cryptlib/Include/openssl/conf.h ++++ b/Cryptlib/Include/openssl/conf.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,26 +57,25 @@ + */ + + #ifndef HEADER_CONF_H +-#define HEADER_CONF_H ++# define HEADER_CONF_H + +-#include +-#include +-#include +-#include +-#include ++# include ++# include ++# include ++# include ++# include + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct +- { +- char *section; +- char *name; +- char *value; +- } CONF_VALUE; ++typedef struct { ++ char *section; ++ char *name; ++ char *value; ++} CONF_VALUE; + + DECLARE_STACK_OF(CONF_VALUE) + DECLARE_STACK_OF(CONF_MODULE) +@@ -86,19 +85,18 @@ struct conf_st; + struct conf_method_st; + typedef struct conf_method_st CONF_METHOD; + +-struct conf_method_st +- { +- const char *name; +- CONF *(*create)(CONF_METHOD *meth); +- int (*init)(CONF *conf); +- int (*destroy)(CONF *conf); +- int (*destroy_data)(CONF *conf); +- int (*load_bio)(CONF *conf, BIO *bp, long *eline); +- int (*dump)(const CONF *conf, BIO *bp); +- int (*is_number)(const CONF *conf, char c); +- int (*to_int)(const CONF *conf, char c); +- int (*load)(CONF *conf, const char *name, long *eline); +- }; ++struct conf_method_st { ++ const char *name; ++ CONF *(*create) (CONF_METHOD *meth); ++ int (*init) (CONF *conf); ++ int (*destroy) (CONF *conf); ++ int (*destroy_data) (CONF *conf); ++ int (*load_bio) (CONF *conf, BIO *bp, long *eline); ++ int (*dump) (const CONF *conf, BIO *bp); ++ int (*is_number) (const CONF *conf, char c); ++ int (*to_int) (const CONF *conf, char c); ++ int (*load) (CONF *conf, const char *name, long *eline); ++}; + + /* Module definitions */ + +@@ -106,26 +104,26 @@ typedef struct conf_imodule_st CONF_IMODULE; + typedef struct conf_module_st CONF_MODULE; + + /* DSO module function typedefs */ +-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); +-typedef void conf_finish_func(CONF_IMODULE *md); ++typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); ++typedef void conf_finish_func (CONF_IMODULE *md); + +-#define CONF_MFLAGS_IGNORE_ERRORS 0x1 +-#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +-#define CONF_MFLAGS_SILENT 0x4 +-#define CONF_MFLAGS_NO_DSO 0x8 +-#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +-#define CONF_MFLAGS_DEFAULT_SECTION 0x20 ++# define CONF_MFLAGS_IGNORE_ERRORS 0x1 ++# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 ++# define CONF_MFLAGS_SILENT 0x4 ++# define CONF_MFLAGS_NO_DSO 0x8 ++# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 ++# define CONF_MFLAGS_DEFAULT_SECTION 0x20 + + int CONF_set_default_method(CONF_METHOD *meth); +-void CONF_set_nconf(CONF *conf,LHASH *hash); +-LHASH *CONF_load(LHASH *conf,const char *file,long *eline); +-#ifndef OPENSSL_NO_FP_API +-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline); +-#endif +-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline); +-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section); +-char *CONF_get_string(LHASH *conf,const char *group,const char *name); +-long CONF_get_number(LHASH *conf,const char *group,const char *name); ++void CONF_set_nconf(CONF *conf, LHASH *hash); ++LHASH *CONF_load(LHASH *conf, const char *file, long *eline); ++# ifndef OPENSSL_NO_FP_API ++LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline); ++# endif ++LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline); ++STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section); ++char *CONF_get_string(LHASH *conf, const char *group, const char *name); ++long CONF_get_number(LHASH *conf, const char *group, const char *name); + void CONF_free(LHASH *conf); + int CONF_dump_fp(LHASH *conf, FILE *out); + int CONF_dump_bio(LHASH *conf, BIO *out); +@@ -133,55 +131,58 @@ int CONF_dump_bio(LHASH *conf, BIO *out); + void OPENSSL_config(const char *config_name); + void OPENSSL_no_config(void); + +-/* New conf code. The semantics are different from the functions above. +- If that wasn't the case, the above functions would have been replaced */ ++/* ++ * New conf code. The semantics are different from the functions above. If ++ * that wasn't the case, the above functions would have been replaced ++ */ + +-struct conf_st +- { +- CONF_METHOD *meth; +- void *meth_data; +- LHASH *data; +- }; ++struct conf_st { ++ CONF_METHOD *meth; ++ void *meth_data; ++ LHASH *data; ++}; + + CONF *NCONF_new(CONF_METHOD *meth); + CONF_METHOD *NCONF_default(void); + CONF_METHOD *NCONF_WIN32(void); +-#if 0 /* Just to give you an idea of what I have in mind */ ++# if 0 /* Just to give you an idea of what I have in ++ * mind */ + CONF_METHOD *NCONF_XML(void); +-#endif ++# endif + void NCONF_free(CONF *conf); + void NCONF_free_data(CONF *conf); + +-int NCONF_load(CONF *conf,const char *file,long *eline); +-#ifndef OPENSSL_NO_FP_API +-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); +-#endif +-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); +-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section); +-char *NCONF_get_string(const CONF *conf,const char *group,const char *name); +-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, +- long *result); ++int NCONF_load(CONF *conf, const char *file, long *eline); ++# ifndef OPENSSL_NO_FP_API ++int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); ++# endif ++int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); ++STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, ++ const char *section); ++char *NCONF_get_string(const CONF *conf, const char *group, const char *name); ++int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, ++ long *result); + int NCONF_dump_fp(const CONF *conf, FILE *out); + int NCONF_dump_bio(const CONF *conf, BIO *out); + +-#if 0 /* The following function has no error checking, +- and should therefore be avoided */ +-long NCONF_get_number(CONF *conf,char *group,char *name); +-#else +-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) +-#endif +- ++# if 0 /* The following function has no error ++ * checking, and should therefore be avoided */ ++long NCONF_get_number(CONF *conf, char *group, char *name); ++# else ++# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) ++# endif ++ + /* Module functions */ + + int CONF_modules_load(const CONF *cnf, const char *appname, +- unsigned long flags); ++ unsigned long flags); + int CONF_modules_load_file(const char *filename, const char *appname, +- unsigned long flags); ++ unsigned long flags); + void CONF_modules_unload(int all); + void CONF_modules_finish(void); + void CONF_modules_free(void); + int CONF_module_add(const char *name, conf_init_func *ifunc, +- conf_finish_func *ffunc); ++ conf_finish_func *ffunc); + + const char *CONF_imodule_get_name(const CONF_IMODULE *md); + const char *CONF_imodule_get_value(const CONF_IMODULE *md); +@@ -196,12 +197,14 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); + char *CONF_get1_default_config_file(void); + + int CONF_parse_list(const char *list, int sep, int nospc, +- int (*list_cb)(const char *elem, int len, void *usr), void *arg); ++ int (*list_cb) (const char *elem, int len, void *usr), ++ void *arg); + + void OPENSSL_load_builtin_modules(void); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_CONF_strings(void); +@@ -209,44 +212,44 @@ void ERR_load_CONF_strings(void); + /* Error codes for the CONF functions. */ + + /* Function codes. */ +-#define CONF_F_CONF_DUMP_FP 104 +-#define CONF_F_CONF_LOAD 100 +-#define CONF_F_CONF_LOAD_BIO 102 +-#define CONF_F_CONF_LOAD_FP 103 +-#define CONF_F_CONF_MODULES_LOAD 116 +-#define CONF_F_DEF_LOAD 120 +-#define CONF_F_DEF_LOAD_BIO 121 +-#define CONF_F_MODULE_INIT 115 +-#define CONF_F_MODULE_LOAD_DSO 117 +-#define CONF_F_MODULE_RUN 118 +-#define CONF_F_NCONF_DUMP_BIO 105 +-#define CONF_F_NCONF_DUMP_FP 106 +-#define CONF_F_NCONF_GET_NUMBER 107 +-#define CONF_F_NCONF_GET_NUMBER_E 112 +-#define CONF_F_NCONF_GET_SECTION 108 +-#define CONF_F_NCONF_GET_STRING 109 +-#define CONF_F_NCONF_LOAD 113 +-#define CONF_F_NCONF_LOAD_BIO 110 +-#define CONF_F_NCONF_LOAD_FP 114 +-#define CONF_F_NCONF_NEW 111 +-#define CONF_F_STR_COPY 101 ++# define CONF_F_CONF_DUMP_FP 104 ++# define CONF_F_CONF_LOAD 100 ++# define CONF_F_CONF_LOAD_BIO 102 ++# define CONF_F_CONF_LOAD_FP 103 ++# define CONF_F_CONF_MODULES_LOAD 116 ++# define CONF_F_DEF_LOAD 120 ++# define CONF_F_DEF_LOAD_BIO 121 ++# define CONF_F_MODULE_INIT 115 ++# define CONF_F_MODULE_LOAD_DSO 117 ++# define CONF_F_MODULE_RUN 118 ++# define CONF_F_NCONF_DUMP_BIO 105 ++# define CONF_F_NCONF_DUMP_FP 106 ++# define CONF_F_NCONF_GET_NUMBER 107 ++# define CONF_F_NCONF_GET_NUMBER_E 112 ++# define CONF_F_NCONF_GET_SECTION 108 ++# define CONF_F_NCONF_GET_STRING 109 ++# define CONF_F_NCONF_LOAD 113 ++# define CONF_F_NCONF_LOAD_BIO 110 ++# define CONF_F_NCONF_LOAD_FP 114 ++# define CONF_F_NCONF_NEW 111 ++# define CONF_F_STR_COPY 101 + + /* Reason codes. */ +-#define CONF_R_ERROR_LOADING_DSO 110 +-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +-#define CONF_R_MISSING_EQUAL_SIGN 101 +-#define CONF_R_MISSING_FINISH_FUNCTION 111 +-#define CONF_R_MISSING_INIT_FUNCTION 112 +-#define CONF_R_MODULE_INITIALIZATION_ERROR 109 +-#define CONF_R_NO_CLOSE_BRACE 102 +-#define CONF_R_NO_CONF 105 +-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +-#define CONF_R_NO_SECTION 107 +-#define CONF_R_NO_SUCH_FILE 114 +-#define CONF_R_NO_VALUE 108 +-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +-#define CONF_R_UNKNOWN_MODULE_NAME 113 +-#define CONF_R_VARIABLE_HAS_NO_VALUE 104 ++# define CONF_R_ERROR_LOADING_DSO 110 ++# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 ++# define CONF_R_MISSING_EQUAL_SIGN 101 ++# define CONF_R_MISSING_FINISH_FUNCTION 111 ++# define CONF_R_MISSING_INIT_FUNCTION 112 ++# define CONF_R_MODULE_INITIALIZATION_ERROR 109 ++# define CONF_R_NO_CLOSE_BRACE 102 ++# define CONF_R_NO_CONF 105 ++# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 ++# define CONF_R_NO_SECTION 107 ++# define CONF_R_NO_SUCH_FILE 114 ++# define CONF_R_NO_VALUE 108 ++# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 ++# define CONF_R_UNKNOWN_MODULE_NAME 113 ++# define CONF_R_VARIABLE_HAS_NO_VALUE 104 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/conf_api.h b/Cryptlib/Include/openssl/conf_api.h +index 87a954a..e478f7d 100644 +--- a/Cryptlib/Include/openssl/conf_api.h ++++ b/Cryptlib/Include/openssl/conf_api.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,10 +57,10 @@ + */ + + #ifndef HEADER_CONF_API_H +-#define HEADER_CONF_API_H ++# define HEADER_CONF_API_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { +@@ -72,12 +72,13 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); + CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); + /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ + STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, +- const char *section); ++ const char *section); + + int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); + char *_CONF_get_string(const CONF *conf, const char *section, +- const char *name); +-long _CONF_get_number(const CONF *conf, const char *section, const char *name); ++ const char *name); ++long _CONF_get_number(const CONF *conf, const char *section, ++ const char *name); + + int _CONF_new_data(CONF *conf); + void _CONF_free_data(CONF *conf); +@@ -86,4 +87,3 @@ void _CONF_free_data(CONF *conf); + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h +index ac0c949..748330f 100644 +--- a/Cryptlib/Include/openssl/crypto.h ++++ b/Cryptlib/Include/openssl/crypto.h +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,21 +58,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -87,10 +87,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -102,7 +102,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -110,272 +110,284 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + + #ifndef HEADER_CRYPTO_H +-#define HEADER_CRYPTO_H ++# define HEADER_CRYPTO_H + +-#include ++# include + +-#include ++# include + +-#ifndef OPENSSL_NO_FP_API +-#include +-#endif ++# ifndef OPENSSL_NO_FP_API ++# include ++# endif + +-#include +-#include +-#include +-#include ++# include ++# include ++# include ++# include + +-#ifdef CHARSET_EBCDIC +-#include +-#endif ++# ifdef CHARSET_EBCDIC ++# include ++# endif + +-/* Resolve problems on some operating systems with symbol names that clash +- one way or another */ +-#include ++/* ++ * Resolve problems on some operating systems with symbol names that clash ++ * one way or another ++ */ ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* Backward compatibility to SSLeay */ +-/* This is more to be used to check the correct DLL is being used +- * in the MS world. */ +-#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +-#define SSLEAY_VERSION 0 +-/* #define SSLEAY_OPTIONS 1 no longer supported */ +-#define SSLEAY_CFLAGS 2 +-#define SSLEAY_BUILT_ON 3 +-#define SSLEAY_PLATFORM 4 +-#define SSLEAY_DIR 5 ++/* ++ * This is more to be used to check the correct DLL is being used in the MS ++ * world. ++ */ ++# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER ++# define SSLEAY_VERSION 0 ++/* #define SSLEAY_OPTIONS 1 no longer supported */ ++# define SSLEAY_CFLAGS 2 ++# define SSLEAY_BUILT_ON 3 ++# define SSLEAY_PLATFORM 4 ++# define SSLEAY_DIR 5 + + /* Already declared in ossl_typ.h */ +-#if 0 ++# if 0 + typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + /* Called when a new object is created */ +-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +- int idx, long argl, void *argp); ++typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); + /* Called when an object is free()ed */ +-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +- int idx, long argl, void *argp); ++typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); + /* Called when we need to dup an object */ +-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +- int idx, long argl, void *argp); +-#endif ++typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, ++ void *from_d, int idx, long argl, void *argp); ++# endif + + /* A generic structure to pass assorted data in a expandable way */ +-typedef struct openssl_item_st +- { +- int code; +- void *value; /* Not used for flag attributes */ +- size_t value_size; /* Max size of value for output, length for input */ +- size_t *value_length; /* Returned length of value for output */ +- } OPENSSL_ITEM; +- +- +-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock ++typedef struct openssl_item_st { ++ int code; ++ void *value; /* Not used for flag attributes */ ++ size_t value_size; /* Max size of value for output, length for ++ * input */ ++ size_t *value_length; /* Returned length of value for output */ ++} OPENSSL_ITEM; ++ ++/* ++ * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock + * names in cryptlib.c + */ + +-#define CRYPTO_LOCK_ERR 1 +-#define CRYPTO_LOCK_EX_DATA 2 +-#define CRYPTO_LOCK_X509 3 +-#define CRYPTO_LOCK_X509_INFO 4 +-#define CRYPTO_LOCK_X509_PKEY 5 +-#define CRYPTO_LOCK_X509_CRL 6 +-#define CRYPTO_LOCK_X509_REQ 7 +-#define CRYPTO_LOCK_DSA 8 +-#define CRYPTO_LOCK_RSA 9 +-#define CRYPTO_LOCK_EVP_PKEY 10 +-#define CRYPTO_LOCK_X509_STORE 11 +-#define CRYPTO_LOCK_SSL_CTX 12 +-#define CRYPTO_LOCK_SSL_CERT 13 +-#define CRYPTO_LOCK_SSL_SESSION 14 +-#define CRYPTO_LOCK_SSL_SESS_CERT 15 +-#define CRYPTO_LOCK_SSL 16 +-#define CRYPTO_LOCK_SSL_METHOD 17 +-#define CRYPTO_LOCK_RAND 18 +-#define CRYPTO_LOCK_RAND2 19 +-#define CRYPTO_LOCK_MALLOC 20 +-#define CRYPTO_LOCK_BIO 21 +-#define CRYPTO_LOCK_GETHOSTBYNAME 22 +-#define CRYPTO_LOCK_GETSERVBYNAME 23 +-#define CRYPTO_LOCK_READDIR 24 +-#define CRYPTO_LOCK_RSA_BLINDING 25 +-#define CRYPTO_LOCK_DH 26 +-#define CRYPTO_LOCK_MALLOC2 27 +-#define CRYPTO_LOCK_DSO 28 +-#define CRYPTO_LOCK_DYNLOCK 29 +-#define CRYPTO_LOCK_ENGINE 30 +-#define CRYPTO_LOCK_UI 31 +-#define CRYPTO_LOCK_ECDSA 32 +-#define CRYPTO_LOCK_EC 33 +-#define CRYPTO_LOCK_ECDH 34 +-#define CRYPTO_LOCK_BN 35 +-#define CRYPTO_LOCK_EC_PRE_COMP 36 +-#define CRYPTO_LOCK_STORE 37 +-#define CRYPTO_LOCK_COMP 38 +-#ifndef OPENSSL_FIPS +-#define CRYPTO_NUM_LOCKS 39 +-#else +-#define CRYPTO_LOCK_FIPS 39 +-#define CRYPTO_LOCK_FIPS2 40 +-#define CRYPTO_NUM_LOCKS 41 +-#endif ++# define CRYPTO_LOCK_ERR 1 ++# define CRYPTO_LOCK_EX_DATA 2 ++# define CRYPTO_LOCK_X509 3 ++# define CRYPTO_LOCK_X509_INFO 4 ++# define CRYPTO_LOCK_X509_PKEY 5 ++# define CRYPTO_LOCK_X509_CRL 6 ++# define CRYPTO_LOCK_X509_REQ 7 ++# define CRYPTO_LOCK_DSA 8 ++# define CRYPTO_LOCK_RSA 9 ++# define CRYPTO_LOCK_EVP_PKEY 10 ++# define CRYPTO_LOCK_X509_STORE 11 ++# define CRYPTO_LOCK_SSL_CTX 12 ++# define CRYPTO_LOCK_SSL_CERT 13 ++# define CRYPTO_LOCK_SSL_SESSION 14 ++# define CRYPTO_LOCK_SSL_SESS_CERT 15 ++# define CRYPTO_LOCK_SSL 16 ++# define CRYPTO_LOCK_SSL_METHOD 17 ++# define CRYPTO_LOCK_RAND 18 ++# define CRYPTO_LOCK_RAND2 19 ++# define CRYPTO_LOCK_MALLOC 20 ++# define CRYPTO_LOCK_BIO 21 ++# define CRYPTO_LOCK_GETHOSTBYNAME 22 ++# define CRYPTO_LOCK_GETSERVBYNAME 23 ++# define CRYPTO_LOCK_READDIR 24 ++# define CRYPTO_LOCK_RSA_BLINDING 25 ++# define CRYPTO_LOCK_DH 26 ++# define CRYPTO_LOCK_MALLOC2 27 ++# define CRYPTO_LOCK_DSO 28 ++# define CRYPTO_LOCK_DYNLOCK 29 ++# define CRYPTO_LOCK_ENGINE 30 ++# define CRYPTO_LOCK_UI 31 ++# define CRYPTO_LOCK_ECDSA 32 ++# define CRYPTO_LOCK_EC 33 ++# define CRYPTO_LOCK_ECDH 34 ++# define CRYPTO_LOCK_BN 35 ++# define CRYPTO_LOCK_EC_PRE_COMP 36 ++# define CRYPTO_LOCK_STORE 37 ++# define CRYPTO_LOCK_COMP 38 ++# ifndef OPENSSL_FIPS ++# define CRYPTO_NUM_LOCKS 39 ++# else ++# define CRYPTO_LOCK_FIPS 39 ++# define CRYPTO_LOCK_FIPS2 40 ++# define CRYPTO_NUM_LOCKS 41 ++# endif + +-#define CRYPTO_LOCK 1 +-#define CRYPTO_UNLOCK 2 +-#define CRYPTO_READ 4 +-#define CRYPTO_WRITE 8 +- +-#ifndef OPENSSL_NO_LOCKING +-#ifndef CRYPTO_w_lock +-#define CRYPTO_w_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) +-#define CRYPTO_w_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) +-#define CRYPTO_r_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) +-#define CRYPTO_r_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) +-#define CRYPTO_add(addr,amount,type) \ +- CRYPTO_add_lock(addr,amount,type,NULL,0) +-#endif +-#else +-#define CRYPTO_w_lock(a) +-#define CRYPTO_w_unlock(a) +-#define CRYPTO_r_lock(a) +-#define CRYPTO_r_unlock(a) +-#define CRYPTO_add(a,b,c) ((*(a))+=(b)) +-#endif ++# define CRYPTO_LOCK 1 ++# define CRYPTO_UNLOCK 2 ++# define CRYPTO_READ 4 ++# define CRYPTO_WRITE 8 ++ ++# ifndef OPENSSL_NO_LOCKING ++# ifndef CRYPTO_w_lock ++# define CRYPTO_w_lock(type) \ ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0) ++# define CRYPTO_w_unlock(type) \ ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0) ++# define CRYPTO_r_lock(type) \ ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0) ++# define CRYPTO_r_unlock(type) \ ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0) ++# define CRYPTO_add(addr,amount,type) \ ++ CRYPTO_add_lock(addr,amount,type,NULL,0) ++# endif ++# else ++# define CRYPTO_w_lock(a) ++# define CRYPTO_w_unlock(a) ++# define CRYPTO_r_lock(a) ++# define CRYPTO_r_unlock(a) ++# define CRYPTO_add(a,b,c) ((*(a))+=(b)) ++# endif + +-/* Some applications as well as some parts of OpenSSL need to allocate +- and deallocate locks in a dynamic fashion. The following typedef +- makes this possible in a type-safe manner. */ ++/* ++ * Some applications as well as some parts of OpenSSL need to allocate and ++ * deallocate locks in a dynamic fashion. The following typedef makes this ++ * possible in a type-safe manner. ++ */ + /* struct CRYPTO_dynlock_value has to be defined by the application. */ +-typedef struct +- { +- int references; +- struct CRYPTO_dynlock_value *data; +- } CRYPTO_dynlock; +- +- +-/* The following can be used to detect memory leaks in the SSLeay library. +- * It used, it turns on malloc checking */ ++typedef struct { ++ int references; ++ struct CRYPTO_dynlock_value *data; ++} CRYPTO_dynlock; ++ ++/* ++ * The following can be used to detect memory leaks in the SSLeay library. It ++ * used, it turns on malloc checking ++ */ + +-#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ +-#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ +-#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ +-#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ ++# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */ ++# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */ ++# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */ ++# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */ + +-/* The following are bit values to turn on or off options connected to the +- * malloc checking functionality */ ++/* ++ * The following are bit values to turn on or off options connected to the ++ * malloc checking functionality ++ */ + + /* Adds time to the memory checking information */ +-#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ ++# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */ + /* Adds thread number to the memory checking information */ +-#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ +- +-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) ++# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */ + ++# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) + + /* predec of the BIO type */ + typedef struct bio_st BIO_dummy; + +-struct crypto_ex_data_st +- { +- STACK *sk; +- int dummy; /* gcc is screwing up this data structure :-( */ +- }; ++struct crypto_ex_data_st { ++ STACK *sk; ++ /* gcc is screwing up this data structure :-( */ ++ int dummy; ++}; + +-/* This stuff is basically class callback functions +- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ ++/* ++ * This stuff is basically class callback functions The current classes are ++ * SSL_CTX, SSL, SSL_SESSION, and a few more ++ */ + +-typedef struct crypto_ex_data_func_st +- { +- long argl; /* Arbitary long */ +- void *argp; /* Arbitary void * */ +- CRYPTO_EX_new *new_func; +- CRYPTO_EX_free *free_func; +- CRYPTO_EX_dup *dup_func; +- } CRYPTO_EX_DATA_FUNCS; ++typedef struct crypto_ex_data_func_st { ++ long argl; /* Arbitary long */ ++ void *argp; /* Arbitary void * */ ++ CRYPTO_EX_new *new_func; ++ CRYPTO_EX_free *free_func; ++ CRYPTO_EX_dup *dup_func; ++} CRYPTO_EX_DATA_FUNCS; + + DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) + +-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA ++/* ++ * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA + * entry. + */ + +-#define CRYPTO_EX_INDEX_BIO 0 +-#define CRYPTO_EX_INDEX_SSL 1 +-#define CRYPTO_EX_INDEX_SSL_CTX 2 +-#define CRYPTO_EX_INDEX_SSL_SESSION 3 +-#define CRYPTO_EX_INDEX_X509_STORE 4 +-#define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +-#define CRYPTO_EX_INDEX_RSA 6 +-#define CRYPTO_EX_INDEX_DSA 7 +-#define CRYPTO_EX_INDEX_DH 8 +-#define CRYPTO_EX_INDEX_ENGINE 9 +-#define CRYPTO_EX_INDEX_X509 10 +-#define CRYPTO_EX_INDEX_UI 11 +-#define CRYPTO_EX_INDEX_ECDSA 12 +-#define CRYPTO_EX_INDEX_ECDH 13 +-#define CRYPTO_EX_INDEX_COMP 14 +-#define CRYPTO_EX_INDEX_STORE 15 +- +-/* Dynamically assigned indexes start from this value (don't use directly, use +- * via CRYPTO_ex_data_new_class). */ +-#define CRYPTO_EX_INDEX_USER 100 +- +- +-/* This is the default callbacks, but we can have others as well: +- * this is needed in Win32 where the application malloc and the +- * library malloc may not be the same. ++# define CRYPTO_EX_INDEX_BIO 0 ++# define CRYPTO_EX_INDEX_SSL 1 ++# define CRYPTO_EX_INDEX_SSL_CTX 2 ++# define CRYPTO_EX_INDEX_SSL_SESSION 3 ++# define CRYPTO_EX_INDEX_X509_STORE 4 ++# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 ++# define CRYPTO_EX_INDEX_RSA 6 ++# define CRYPTO_EX_INDEX_DSA 7 ++# define CRYPTO_EX_INDEX_DH 8 ++# define CRYPTO_EX_INDEX_ENGINE 9 ++# define CRYPTO_EX_INDEX_X509 10 ++# define CRYPTO_EX_INDEX_UI 11 ++# define CRYPTO_EX_INDEX_ECDSA 12 ++# define CRYPTO_EX_INDEX_ECDH 13 ++# define CRYPTO_EX_INDEX_COMP 14 ++# define CRYPTO_EX_INDEX_STORE 15 ++ ++/* ++ * Dynamically assigned indexes start from this value (don't use directly, ++ * use via CRYPTO_ex_data_new_class). ++ */ ++# define CRYPTO_EX_INDEX_USER 100 ++ ++/* ++ * This is the default callbacks, but we can have others as well: this is ++ * needed in Win32 where the application malloc and the library malloc may ++ * not be the same. + */ +-#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ +- malloc, realloc, free) ++# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ ++ malloc, realloc, free) + +-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD +-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ +-# define CRYPTO_MDEBUG ++# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD ++# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ ++# define CRYPTO_MDEBUG ++# endif + # endif +-#endif + +-/* Set standard debugging functions (not done by default +- * unless CRYPTO_MDEBUG is defined) */ ++/* ++ * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG ++ * is defined) ++ */ + void CRYPTO_malloc_debug_init(void); + + int CRYPTO_mem_ctrl(int mode); + int CRYPTO_is_mem_check_on(void); + + /* for applications */ +-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) +-#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) ++# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) ++# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) + + /* for library-internal use */ +-#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) +-#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) +-#define is_MemCheck_on() CRYPTO_is_mem_check_on() +- +-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) +-#define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) +-#define OPENSSL_realloc(addr,num) \ +- CRYPTO_realloc((char *)addr,(int)num,NULL,0) +-#define OPENSSL_realloc_clean(addr,old_num,num) \ +- CRYPTO_realloc_clean(addr,old_num,num,NULL,0) +-#define OPENSSL_remalloc(addr,num) \ +- CRYPTO_remalloc((char **)addr,(int)num,NULL,0) +-#define OPENSSL_freeFunc CRYPTO_free +-#define OPENSSL_free(addr) CRYPTO_free(addr) +- +-#define OPENSSL_malloc_locked(num) \ +- CRYPTO_malloc_locked((int)num,NULL,0) +-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) +- ++# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) ++# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) ++# define is_MemCheck_on() CRYPTO_is_mem_check_on() ++ ++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,NULL,0) ++# define OPENSSL_strdup(str) CRYPTO_strdup((str),NULL,0) ++# define OPENSSL_realloc(addr,num) \ ++ CRYPTO_realloc((char *)addr,(int)num,NULL,0) ++# define OPENSSL_realloc_clean(addr,old_num,num) \ ++ CRYPTO_realloc_clean(addr,old_num,num,NULL,0) ++# define OPENSSL_remalloc(addr,num) \ ++ CRYPTO_remalloc((char **)addr,(int)num,NULL,0) ++# define OPENSSL_freeFunc CRYPTO_free ++# define OPENSSL_free(addr) CRYPTO_free(addr) ++ ++# define OPENSSL_malloc_locked(num) \ ++ CRYPTO_malloc_locked((int)num,NULL,0) ++# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + + const char *SSLeay_version(int type); + unsigned long SSLeay(void); +@@ -383,7 +395,7 @@ unsigned long SSLeay(void); + int OPENSSL_issetugid(void); + + /* An opaque type representing an implementation of "ex_data" support */ +-typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; ++typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; + /* Return an opaque pointer to the current "ex_data" implementation */ + const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); + /* Sets the "ex_data" implementation to be used (if it's not too late) */ +@@ -392,118 +404,155 @@ int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); + int CRYPTO_ex_data_new_class(void); + /* Within a given class, get/register a new index */ + int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func); +-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given +- * class (invokes whatever per-class callbacks are applicable) */ ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++/* ++ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a ++ * given class (invokes whatever per-class callbacks are applicable) ++ */ + int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, +- CRYPTO_EX_DATA *from); ++ CRYPTO_EX_DATA *from); + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index +- * (relative to the class type involved) */ ++/* ++ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular ++ * index (relative to the class type involved) ++ */ + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); +-/* This function cleans up all "ex_data" state. It mustn't be called under +- * potential race-conditions. */ ++void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); ++/* ++ * This function cleans up all "ex_data" state. It mustn't be called under ++ * potential race-conditions. ++ */ + void CRYPTO_cleanup_all_ex_data(void); + + int CRYPTO_get_new_lockid(char *name); + +-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ +-void CRYPTO_lock(int mode, int type,const char *file,int line); +-void CRYPTO_set_locking_callback(void (*func)(int mode,int type, +- const char *file,int line)); +-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, +- int line); +-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, +- const char *file, int line)); +-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, +- const char *file,int line); +-void CRYPTO_set_id_callback(unsigned long (*func)(void)); +-unsigned long (*CRYPTO_get_id_callback(void))(void); ++int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ ++void CRYPTO_lock(int mode, int type, const char *file, int line); ++void CRYPTO_set_locking_callback(void (*func) (int mode, int type, ++ const char *file, int line)); ++void (*CRYPTO_get_locking_callback(void)) (int mode, int type, ++ const char *file, int line); ++void CRYPTO_set_add_lock_callback(int (*func) ++ (int *num, int mount, int type, ++ const char *file, int line)); ++int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, ++ const char *file, int line); ++void CRYPTO_set_id_callback(unsigned long (*func) (void)); ++unsigned long (*CRYPTO_get_id_callback(void)) (void); + unsigned long CRYPTO_thread_id(void); + const char *CRYPTO_get_lock_name(int type); +-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, +- int line); ++int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, ++ int line); + +-void int_CRYPTO_set_do_dynlock_callback( +- void (*do_dynlock_cb)(int mode, int type, const char *file, int line)); ++void int_CRYPTO_set_do_dynlock_callback(void (*do_dynlock_cb) ++ (int mode, int type, ++ const char *file, int line)); + + int CRYPTO_get_new_dynlockid(void); + void CRYPTO_destroy_dynlockid(int i); + struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); +-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); +-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); +-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); +-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line); +-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line); +-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line); +- +-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- +- * call the latter last if you need different functions */ +-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); +-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); +-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int), +- void *(*r)(void *,size_t,const char *,int), +- void (*f)(void *)); +-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int), +- void (*free_func)(void *)); +-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), +- void (*r)(void *,void *,int,const char *,int,int), +- void (*f)(void *,int), +- void (*so)(long), +- long (*go)(void)); +-void CRYPTO_set_mem_info_functions( +- int (*push_info_fn)(const char *info, const char *file, int line), +- int (*pop_info_fn)(void), +- int (*remove_all_info_fn)(void)); +-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); +-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); +-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), +- void *(**r)(void *, size_t,const char *,int), +- void (**f)(void *)); +-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), +- void (**f)(void *)); +-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), +- void (**r)(void *,void *,int,const char *,int,int), +- void (**f)(void *,int), +- void (**so)(long), +- long (**go)(void)); ++void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value ++ *(*dyn_create_function) (const char ++ *file, ++ int line)); ++void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) ++ (int mode, ++ struct CRYPTO_dynlock_value *l, ++ const char *file, int line)); ++void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) ++ (struct CRYPTO_dynlock_value *l, ++ const char *file, int line)); ++struct CRYPTO_dynlock_value ++*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line); ++void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, ++ struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line); ++void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line); ++ ++/* ++ * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call ++ * the latter last if you need different functions ++ */ ++int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), ++ void (*f) (void *)); ++int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), ++ void (*free_func) (void *)); ++int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void *(*r) (void *, size_t, const char *, ++ int), void (*f) (void *)); ++int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void (*free_func) (void *)); ++int CRYPTO_set_mem_debug_functions(void (*m) ++ (void *, int, const char *, int, int), ++ void (*r) (void *, void *, int, ++ const char *, int, int), ++ void (*f) (void *, int), void (*so) (long), ++ long (*go) (void)); ++void CRYPTO_set_mem_info_functions(int (*push_info_fn) ++ (const char *info, const char *file, ++ int line), int (*pop_info_fn) (void), ++ int (*remove_all_info_fn) (void)); ++void CRYPTO_get_mem_functions(void *(**m) (size_t), ++ void *(**r) (void *, size_t), ++ void (**f) (void *)); ++void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), ++ void (**f) (void *)); ++void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), ++ void *(**r) (void *, size_t, const char *, ++ int), void (**f) (void *)); ++void CRYPTO_get_locked_mem_ex_functions(void ++ *(**m) (size_t, const char *, int), ++ void (**f) (void *)); ++void CRYPTO_get_mem_debug_functions(void (**m) ++ (void *, int, const char *, int, int), ++ void (**r) (void *, void *, int, ++ const char *, int, int), ++ void (**f) (void *, int), ++ void (**so) (long), long (**go) (void)); + + void *CRYPTO_malloc_locked(int num, const char *file, int line); + void CRYPTO_free_locked(void *); + void *CRYPTO_malloc(int num, const char *file, int line); + char *CRYPTO_strdup(const char *str, const char *file, int line); + void CRYPTO_free(void *); +-void *CRYPTO_realloc(void *addr,int num, const char *file, int line); +-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, +- int line); +-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); ++void *CRYPTO_realloc(void *addr, int num, const char *file, int line); ++void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, ++ int line); ++void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); + + void OPENSSL_cleanse(void *ptr, size_t len); + + void CRYPTO_set_mem_debug_options(long bits); + long CRYPTO_get_mem_debug_options(void); + +-#define CRYPTO_push_info(info) \ ++# define CRYPTO_push_info(info) \ + CRYPTO_push_info_(info, NULL, 0); + int CRYPTO_push_info_(const char *info, const char *file, int line); + int CRYPTO_pop_info(void); + int CRYPTO_remove_all_info(void); + +- +-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; +- * used as default in CRYPTO_MDEBUG compilations): */ +-/* The last argument has the following significance: ++/* ++ * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; ++ * used as default in CRYPTO_MDEBUG compilations): ++ */ ++/*- ++ * The last argument has the following significance: + * +- * 0: called before the actual memory allocation has taken place +- * 1: called after the actual memory allocation has taken place ++ * 0: called before the actual memory allocation has taken place ++ * 1: called after the actual memory allocation has taken place + */ +-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); +-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); +-void CRYPTO_dbg_free(void *addr,int before_p); +-/* Tell the debugging code about options. By default, the following values ++void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, ++ int before_p); ++void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, ++ int line, int before_p); ++void CRYPTO_dbg_free(void *addr, int before_p); ++/*- ++ * Tell the debugging code about options. By default, the following values + * apply: + * + * 0: Clear all options. +@@ -518,88 +567,93 @@ int CRYPTO_dbg_push_info(const char *info, const char *file, int line); + int CRYPTO_dbg_pop_info(void); + int CRYPTO_dbg_remove_all_info(void); + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + void CRYPTO_mem_leaks_fp(FILE *); +-#endif ++# endif + void CRYPTO_mem_leaks(struct bio_st *bio); + /* unsigned long order, char *file, int line, int num_bytes, char *addr */ +-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); ++typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int, ++ void *); + void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + + /* die if we have to */ +-void OpenSSLDie(const char *file,int line,const char *assertion); +-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) ++void OpenSSLDie(const char *file, int line, const char *assertion); ++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1)) + + unsigned long *OPENSSL_ia32cap_loc(void); +-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) ++# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); + +-#ifdef OPENSSL_FIPS +-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ +- alg " previous FIPS forbidden algorithm error ignored"); +- +-#define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ +- #alg " Algorithm forbidden in FIPS mode"); +- +-#ifdef OPENSSL_FIPS_STRICT +-#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) +-#else +-#define FIPS_BAD_ALGORITHM(alg) \ +- { \ +- FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ +- ERR_add_error_data(2, "Algorithm=", #alg); \ +- return 0; \ +- } +-#endif ++# ifdef OPENSSL_FIPS ++# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(NULL, 0, \ ++ alg " previous FIPS forbidden algorithm error ignored"); + +-/* Low level digest API blocking macro */ ++# define FIPS_BAD_ABORT(alg) OpenSSLDie(NULL, 0, \ ++ #alg " Algorithm forbidden in FIPS mode"); + +-#define FIPS_NON_FIPS_MD_Init(alg) \ +- int alg##_Init(alg##_CTX *c) \ +- { \ +- if (FIPS_mode()) \ +- FIPS_BAD_ALGORITHM(alg) \ +- return private_##alg##_Init(c); \ +- } \ +- int private_##alg##_Init(alg##_CTX *c) ++# ifdef OPENSSL_FIPS_STRICT ++# define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) ++# else ++# define FIPS_BAD_ALGORITHM(alg) \ ++ { \ ++ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ ++ ERR_add_error_data(2, "Algorithm=", #alg); \ ++ return 0; \ ++ } ++# endif + +-/* For ciphers the API often varies from cipher to cipher and each needs to ++/* Low level digest API blocking macro */ ++ ++# define FIPS_NON_FIPS_MD_Init(alg) \ ++ int alg##_Init(alg##_CTX *c) \ ++ { \ ++ if (FIPS_mode()) \ ++ FIPS_BAD_ALGORITHM(alg) \ ++ return private_##alg##_Init(c); \ ++ } \ ++ int private_##alg##_Init(alg##_CTX *c) ++ ++/* ++ * For ciphers the API often varies from cipher to cipher and each needs to + * be treated as a special case. Variable key length ciphers (Blowfish, RC4, + * CAST) however are very similar and can use a blocking macro. + */ + +-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ +- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ +- { \ +- if (FIPS_mode()) \ +- FIPS_BAD_ABORT(alg) \ +- private_##alg##_set_key(key, len, data); \ +- } \ +- void private_##alg##_set_key(alg##_KEY *key, int len, \ +- const unsigned char *data) ++# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ ++ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ ++ { \ ++ if (FIPS_mode()) \ ++ FIPS_BAD_ABORT(alg) \ ++ private_##alg##_set_key(key, len, data); \ ++ } \ ++ void private_##alg##_set_key(alg##_KEY *key, int len, \ ++ const unsigned char *data) + +-#else ++# else + +-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ +- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) ++# define FIPS_NON_FIPS_VCIPHER_Init(alg) \ ++ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) + +-#define FIPS_NON_FIPS_MD_Init(alg) \ +- int alg##_Init(alg##_CTX *c) ++# define FIPS_NON_FIPS_MD_Init(alg) \ ++ int alg##_Init(alg##_CTX *c) + +-#endif /* def OPENSSL_FIPS */ ++# endif /* def OPENSSL_FIPS */ + +-#define OPENSSL_HAVE_INIT 1 ++# define OPENSSL_HAVE_INIT 1 + void OPENSSL_init(void); + +-/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It +- * takes an amount of time dependent on |len|, but independent of the contents +- * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a +- * defined order as the return value when a != b is undefined, other than to be +- * non-zero. */ ++/* ++ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. ++ * It takes an amount of time dependent on |len|, but independent of the ++ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements ++ * into a defined order as the return value when a != b is undefined, other ++ * than to be non-zero. ++ */ + int CRYPTO_memcmp(const void *a, const void *b, size_t len); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_CRYPTO_strings(void); +@@ -607,18 +661,18 @@ void ERR_load_CRYPTO_strings(void); + /* Error codes for the CRYPTO functions. */ + + /* Function codes. */ +-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 +-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +-#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +-#define CRYPTO_F_DEF_ADD_INDEX 104 +-#define CRYPTO_F_DEF_GET_CLASS 105 +-#define CRYPTO_F_INT_DUP_EX_DATA 106 +-#define CRYPTO_F_INT_FREE_EX_DATA 107 +-#define CRYPTO_F_INT_NEW_EX_DATA 108 ++# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 ++# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 ++# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 ++# define CRYPTO_F_CRYPTO_SET_EX_DATA 102 ++# define CRYPTO_F_DEF_ADD_INDEX 104 ++# define CRYPTO_F_DEF_GET_CLASS 105 ++# define CRYPTO_F_INT_DUP_EX_DATA 106 ++# define CRYPTO_F_INT_FREE_EX_DATA 107 ++# define CRYPTO_F_INT_NEW_EX_DATA 108 + + /* Reason codes. */ +-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 ++# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/des.h b/Cryptlib/Include/openssl/des.h +index 92b6663..fe02e34 100644 +--- a/Cryptlib/Include/openssl/des.h ++++ b/Cryptlib/Include/openssl/des.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,19 +57,19 @@ + */ + + #ifndef HEADER_NEW_DES_H +-#define HEADER_NEW_DES_H ++# define HEADER_NEW_DES_H + +-#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, +- DES_LONG (via openssl/opensslconf.h */ ++# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG ++ * (via openssl/opensslconf.h */ + +-#ifdef OPENSSL_NO_DES +-#error DES is disabled. +-#endif ++# ifdef OPENSSL_NO_DES ++# error DES is disabled. ++# endif + +-#ifdef OPENSSL_BUILD_SHLIBCRYPTO +-# undef OPENSSL_EXTERN +-# define OPENSSL_EXTERN OPENSSL_EXPORT +-#endif ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -77,166 +77,174 @@ extern "C" { + + typedef unsigned char DES_cblock[8]; + typedef /* const */ unsigned char const_DES_cblock[8]; +-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * +- * and const_DES_cblock * are incompatible pointer types. */ +- +-typedef struct DES_ks +- { +- union +- { +- DES_cblock cblock; +- /* make sure things are correct size on machines with +- * 8 byte longs */ +- DES_LONG deslong[2]; +- } ks[16]; +- } DES_key_schedule; +- +-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT +-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT +-# define OPENSSL_ENABLE_OLD_DES_SUPPORT ++/* ++ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and ++ * const_DES_cblock * are incompatible pointer types. ++ */ ++ ++typedef struct DES_ks { ++ union { ++ DES_cblock cblock; ++ /* ++ * make sure things are correct size on machines with 8 byte longs ++ */ ++ DES_LONG deslong[2]; ++ } ks[16]; ++} DES_key_schedule; ++ ++# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT ++# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT ++# define OPENSSL_ENABLE_OLD_DES_SUPPORT ++# endif + # endif +-#endif + +-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT +-# include +-#endif ++# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT ++# include ++# endif + +-#define DES_KEY_SZ (sizeof(DES_cblock)) +-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) ++# define DES_KEY_SZ (sizeof(DES_cblock)) ++# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +-#define DES_ENCRYPT 1 +-#define DES_DECRYPT 0 ++# define DES_ENCRYPT 1 ++# define DES_DECRYPT 0 + +-#define DES_CBC_MODE 0 +-#define DES_PCBC_MODE 1 ++# define DES_CBC_MODE 0 ++# define DES_PCBC_MODE 1 + +-#define DES_ecb2_encrypt(i,o,k1,k2,e) \ +- DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) ++# define DES_ecb2_encrypt(i,o,k1,k2,e) \ ++ DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ +- DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) ++# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ ++ DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ +- DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) ++# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ ++ DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ +- DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) ++# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ ++ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +-OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */ +-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) +-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ +-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) ++OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ ++# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) ++OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */ ++# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) + + const char *DES_options(void); + void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +- DES_key_schedule *ks1,DES_key_schedule *ks2, +- DES_key_schedule *ks3, int enc); +-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, +- long length,DES_key_schedule *schedule, +- const_DES_cblock *ivec); ++ DES_key_schedule *ks1, DES_key_schedule *ks2, ++ DES_key_schedule *ks3, int enc); ++DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, ++ long length, DES_key_schedule *schedule, ++ const_DES_cblock *ivec); + /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output, +- long length,DES_key_schedule *schedule,DES_cblock *ivec, +- int enc); +-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output, +- long length,DES_key_schedule *schedule,DES_cblock *ivec, +- int enc); +-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output, +- long length,DES_key_schedule *schedule,DES_cblock *ivec, +- const_DES_cblock *inw,const_DES_cblock *outw,int enc); +-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, +- long length,DES_key_schedule *schedule,DES_cblock *ivec, +- int enc); +-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output, +- DES_key_schedule *ks,int enc); +- +-/* This is the DES encryption function that gets called by just about +- every other DES routine in the library. You should not use this +- function except to implement 'modes' of DES. I say this because the +- functions that call this routine do the conversion from 'char *' to +- long, and this needs to be done to make sure 'non-aligned' memory +- access do not occur. The characters are loaded 'little endian'. +- Data is a pointer to 2 unsigned long's and ks is the +- DES_key_schedule to use. enc, is non zero specifies encryption, +- zero if decryption. */ +-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc); +- +-/* This functions is the same as DES_encrypt1() except that the DES +- initial permutation (IP) and final permutation (FP) have been left +- out. As for DES_encrypt1(), you should not use this function. +- It is used by the routines in the library that implement triple DES. +- IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same +- as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */ +-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc); ++void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc); ++void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc); ++void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, const_DES_cblock *inw, ++ const_DES_cblock *outw, int enc); ++void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc); ++void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, ++ DES_key_schedule *ks, int enc); ++ ++/* ++ * This is the DES encryption function that gets called by just about every ++ * other DES routine in the library. You should not use this function except ++ * to implement 'modes' of DES. I say this because the functions that call ++ * this routine do the conversion from 'char *' to long, and this needs to be ++ * done to make sure 'non-aligned' memory access do not occur. The ++ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned ++ * long's and ks is the DES_key_schedule to use. enc, is non zero specifies ++ * encryption, zero if decryption. ++ */ ++void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); ++ ++/* ++ * This functions is the same as DES_encrypt1() except that the DES initial ++ * permutation (IP) and final permutation (FP) have been left out. As for ++ * DES_encrypt1(), you should not use this function. It is used by the ++ * routines in the library that implement triple DES. IP() DES_encrypt2() ++ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1() ++ * DES_encrypt1() DES_encrypt1() except faster :-). ++ */ ++void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + + void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, +- DES_key_schedule *ks2, DES_key_schedule *ks3); ++ DES_key_schedule *ks2, DES_key_schedule *ks3); + void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, +- DES_key_schedule *ks2, DES_key_schedule *ks3); +-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, +- long length, +- DES_key_schedule *ks1,DES_key_schedule *ks2, +- DES_key_schedule *ks3,DES_cblock *ivec,int enc); +-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, +- long length, +- DES_key_schedule *ks1,DES_key_schedule *ks2, +- DES_key_schedule *ks3, +- DES_cblock *ivec1,DES_cblock *ivec2, +- int enc); +-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, +- long length,DES_key_schedule *ks1, +- DES_key_schedule *ks2,DES_key_schedule *ks3, +- DES_cblock *ivec,int *num,int enc); +-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, +- int numbits,long length,DES_key_schedule *ks1, +- DES_key_schedule *ks2,DES_key_schedule *ks3, +- DES_cblock *ivec,int enc); +-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, +- long length,DES_key_schedule *ks1, +- DES_key_schedule *ks2,DES_key_schedule *ks3, +- DES_cblock *ivec,int *num); +-#if 0 +-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, +- DES_cblock *out_white); +-#endif ++ DES_key_schedule *ks2, DES_key_schedule *ks3); ++void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, ++ DES_key_schedule *ks1, DES_key_schedule *ks2, ++ DES_key_schedule *ks3, DES_cblock *ivec, int enc); ++void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, ++ long length, ++ DES_key_schedule *ks1, DES_key_schedule *ks2, ++ DES_key_schedule *ks3, ++ DES_cblock *ivec1, DES_cblock *ivec2, int enc); ++void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int *num, int enc); ++void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, ++ int numbits, long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int enc); ++void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int *num); ++# if 0 ++void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, ++ DES_cblock *out_white); ++# endif + +-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, +- DES_cblock *iv); +-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched, +- DES_cblock *iv); +-char *DES_fcrypt(const char *buf,const char *salt, char *ret); +-char *DES_crypt(const char *buf,const char *salt); +-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, +- long length,DES_key_schedule *schedule,DES_cblock *ivec); +-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output, +- long length,DES_key_schedule *schedule,DES_cblock *ivec, +- int enc); +-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[], +- long length,int out_count,DES_cblock *seed); ++int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, ++ DES_cblock *iv); ++int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, ++ DES_cblock *iv); ++char *DES_fcrypt(const char *buf, const char *salt, char *ret); ++char *DES_crypt(const char *buf, const char *salt); ++void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec); ++void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc); ++DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], ++ long length, int out_count, DES_cblock *seed); + int DES_random_key(DES_cblock *ret); + void DES_set_odd_parity(DES_cblock *key); + int DES_check_key_parity(const_DES_cblock *key); + int DES_is_weak_key(const_DES_cblock *key); +-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls ++/* ++ * DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, +- * DES_set_key_unchecked otherwise. */ +-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule); +-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); +-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); +-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); +-void DES_string_to_key(const char *str,DES_cblock *key); +-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); +-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, +- DES_key_schedule *schedule,DES_cblock *ivec,int *num, +- int enc); +-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, +- DES_key_schedule *schedule,DES_cblock *ivec,int *num); ++ * DES_set_key_unchecked otherwise. ++ */ ++int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); ++int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); ++int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); ++void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); ++void DES_string_to_key(const char *str, DES_cblock *key); ++void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); ++void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int *num, int enc); ++void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int *num); + + int DES_read_password(DES_cblock *key, const char *prompt, int verify); +-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, +- int verify); ++int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, ++ const char *prompt, int verify); + +-#define DES_fixup_key_parity DES_set_odd_parity ++# define DES_fixup_key_parity DES_set_odd_parity + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/des_old.h b/Cryptlib/Include/openssl/des_old.h +index 2b2c372..f1e1e2c 100644 +--- a/Cryptlib/Include/openssl/des_old.h ++++ b/Cryptlib/Include/openssl/des_old.h +@@ -1,6 +1,7 @@ + /* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ + +-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++/*- ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * The function names in here are deprecated and are only present to + * provide an interface compatible with openssl 0.9.6 and older as +@@ -31,8 +32,9 @@ + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +@@ -42,7 +44,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -89,333 +91,382 @@ + */ + + #ifndef HEADER_DES_H +-#define HEADER_DES_H ++# define HEADER_DES_H + +-#include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ ++# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ + +-#ifdef OPENSSL_NO_DES +-#error DES is disabled. +-#endif ++# ifdef OPENSSL_NO_DES ++# error DES is disabled. ++# endif + +-#ifndef HEADER_NEW_DES_H +-#error You must include des.h, not des_old.h directly. +-#endif ++# ifndef HEADER_NEW_DES_H ++# error You must include des.h, not des_old.h directly. ++# endif + +-#ifdef _KERBEROS_DES_H +-#error replaces . +-#endif ++# ifdef _KERBEROS_DES_H ++# error replaces . ++# endif + +-#include ++# include + +-#ifdef OPENSSL_BUILD_SHLIBCRYPTO +-# undef OPENSSL_EXTERN +-# define OPENSSL_EXTERN OPENSSL_EXPORT +-#endif ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef _ +-#undef _ +-#endif ++# ifdef _ ++# undef _ ++# endif + + typedef unsigned char _ossl_old_des_cblock[8]; +-typedef struct _ossl_old_des_ks_struct +- { +- union { +- _ossl_old_des_cblock _; +- /* make sure things are correct size on machines with +- * 8 byte longs */ +- DES_LONG pad[2]; +- } ks; +- } _ossl_old_des_key_schedule[16]; +- +-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY +-#define des_cblock DES_cblock +-#define const_des_cblock const_DES_cblock +-#define des_key_schedule DES_key_schedule +-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ +- DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) +-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ +- DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) +-#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ +- DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) +-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ +- DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) +-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ +- DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) +-#define des_options()\ +- DES_options() +-#define des_cbc_cksum(i,o,l,k,iv)\ +- DES_cbc_cksum((i),(o),(l),&(k),(iv)) +-#define des_cbc_encrypt(i,o,l,k,iv,e)\ +- DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) +-#define des_ncbc_encrypt(i,o,l,k,iv,e)\ +- DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) +-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ +- DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) +-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ +- DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) +-#define des_ecb_encrypt(i,o,k,e)\ +- DES_ecb_encrypt((i),(o),&(k),(e)) +-#define des_encrypt1(d,k,e)\ +- DES_encrypt1((d),&(k),(e)) +-#define des_encrypt2(d,k,e)\ +- DES_encrypt2((d),&(k),(e)) +-#define des_encrypt3(d,k1,k2,k3)\ +- DES_encrypt3((d),&(k1),&(k2),&(k3)) +-#define des_decrypt3(d,k1,k2,k3)\ +- DES_decrypt3((d),&(k1),&(k2),&(k3)) +-#define des_xwhite_in2out(k,i,o)\ +- DES_xwhite_in2out((k),(i),(o)) +-#define des_enc_read(f,b,l,k,iv)\ +- DES_enc_read((f),(b),(l),&(k),(iv)) +-#define des_enc_write(f,b,l,k,iv)\ +- DES_enc_write((f),(b),(l),&(k),(iv)) +-#define des_fcrypt(b,s,r)\ +- DES_fcrypt((b),(s),(r)) +-#if 0 +-#define des_crypt(b,s)\ +- DES_crypt((b),(s)) +-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) +-#define crypt(b,s)\ +- DES_crypt((b),(s)) +-#endif +-#endif +-#define des_ofb_encrypt(i,o,n,l,k,iv)\ +- DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) +-#define des_pcbc_encrypt(i,o,l,k,iv,e)\ +- DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) +-#define des_quad_cksum(i,o,l,c,s)\ +- DES_quad_cksum((i),(o),(l),(c),(s)) +-#define des_random_seed(k)\ +- _ossl_096_des_random_seed((k)) +-#define des_random_key(r)\ +- DES_random_key((r)) +-#define des_read_password(k,p,v) \ +- DES_read_password((k),(p),(v)) +-#define des_read_2passwords(k1,k2,p,v) \ +- DES_read_2passwords((k1),(k2),(p),(v)) +-#define des_set_odd_parity(k)\ +- DES_set_odd_parity((k)) +-#define des_check_key_parity(k)\ +- DES_check_key_parity((k)) +-#define des_is_weak_key(k)\ +- DES_is_weak_key((k)) +-#define des_set_key(k,ks)\ +- DES_set_key((k),&(ks)) +-#define des_key_sched(k,ks)\ +- DES_key_sched((k),&(ks)) +-#define des_set_key_checked(k,ks)\ +- DES_set_key_checked((k),&(ks)) +-#define des_set_key_unchecked(k,ks)\ +- DES_set_key_unchecked((k),&(ks)) +-#define des_string_to_key(s,k)\ +- DES_string_to_key((s),(k)) +-#define des_string_to_2keys(s,k1,k2)\ +- DES_string_to_2keys((s),(k1),(k2)) +-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ +- DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) +-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ +- DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) +- +- +-#define des_ecb2_encrypt(i,o,k1,k2,e) \ +- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) +- +-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ +- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) +- +-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ +- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) +- +-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ +- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) +- +-#define des_check_key DES_check_key +-#define des_rw_mode DES_rw_mode +-#else /* libdes compatibility */ +-/* Map all symbol names to _ossl_old_des_* form, so we avoid all +- clashes with libdes */ +-#define des_cblock _ossl_old_des_cblock +-#define des_key_schedule _ossl_old_des_key_schedule +-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ +- _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) +-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ +- _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) +-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ +- _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) +-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ +- _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) +-#define des_options()\ +- _ossl_old_des_options() +-#define des_cbc_cksum(i,o,l,k,iv)\ +- _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) +-#define des_cbc_encrypt(i,o,l,k,iv,e)\ +- _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) +-#define des_ncbc_encrypt(i,o,l,k,iv,e)\ +- _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) +-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ +- _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) +-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ +- _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) +-#define des_ecb_encrypt(i,o,k,e)\ +- _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) +-#define des_encrypt(d,k,e)\ +- _ossl_old_des_encrypt((d),(k),(e)) +-#define des_encrypt2(d,k,e)\ +- _ossl_old_des_encrypt2((d),(k),(e)) +-#define des_encrypt3(d,k1,k2,k3)\ +- _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) +-#define des_decrypt3(d,k1,k2,k3)\ +- _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) +-#define des_xwhite_in2out(k,i,o)\ +- _ossl_old_des_xwhite_in2out((k),(i),(o)) +-#define des_enc_read(f,b,l,k,iv)\ +- _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) +-#define des_enc_write(f,b,l,k,iv)\ +- _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) +-#define des_fcrypt(b,s,r)\ +- _ossl_old_des_fcrypt((b),(s),(r)) +-#define des_crypt(b,s)\ +- _ossl_old_des_crypt((b),(s)) +-#if 0 +-#define crypt(b,s)\ +- _ossl_old_crypt((b),(s)) +-#endif +-#define des_ofb_encrypt(i,o,n,l,k,iv)\ +- _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) +-#define des_pcbc_encrypt(i,o,l,k,iv,e)\ +- _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) +-#define des_quad_cksum(i,o,l,c,s)\ +- _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) +-#define des_random_seed(k)\ +- _ossl_old_des_random_seed((k)) +-#define des_random_key(r)\ +- _ossl_old_des_random_key((r)) +-#define des_read_password(k,p,v) \ +- _ossl_old_des_read_password((k),(p),(v)) +-#define des_read_2passwords(k1,k2,p,v) \ +- _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) +-#define des_set_odd_parity(k)\ +- _ossl_old_des_set_odd_parity((k)) +-#define des_is_weak_key(k)\ +- _ossl_old_des_is_weak_key((k)) +-#define des_set_key(k,ks)\ +- _ossl_old_des_set_key((k),(ks)) +-#define des_key_sched(k,ks)\ +- _ossl_old_des_key_sched((k),(ks)) +-#define des_string_to_key(s,k)\ +- _ossl_old_des_string_to_key((s),(k)) +-#define des_string_to_2keys(s,k1,k2)\ +- _ossl_old_des_string_to_2keys((s),(k1),(k2)) +-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ +- _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) +-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ +- _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) +- +- +-#define des_ecb2_encrypt(i,o,k1,k2,e) \ +- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) +- +-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ +- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) +- +-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ +- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) +- +-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ +- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) +- +-#define des_check_key DES_check_key +-#define des_rw_mode DES_rw_mode +-#endif ++typedef struct _ossl_old_des_ks_struct { ++ union { ++ _ossl_old_des_cblock _; ++ /* ++ * make sure things are correct size on machines with 8 byte longs ++ */ ++ DES_LONG pad[2]; ++ } ks; ++} _ossl_old_des_key_schedule[16]; ++ ++# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY ++# define des_cblock DES_cblock ++# define const_des_cblock const_DES_cblock ++# define des_key_schedule DES_key_schedule ++# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ ++ DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) ++# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ ++ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) ++# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ ++ DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) ++# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ ++ DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) ++# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ ++ DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) ++# define des_options()\ ++ DES_options() ++# define des_cbc_cksum(i,o,l,k,iv)\ ++ DES_cbc_cksum((i),(o),(l),&(k),(iv)) ++# define des_cbc_encrypt(i,o,l,k,iv,e)\ ++ DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) ++# define des_ncbc_encrypt(i,o,l,k,iv,e)\ ++ DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) ++# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ ++ DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) ++# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ ++ DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) ++# define des_ecb_encrypt(i,o,k,e)\ ++ DES_ecb_encrypt((i),(o),&(k),(e)) ++# define des_encrypt1(d,k,e)\ ++ DES_encrypt1((d),&(k),(e)) ++# define des_encrypt2(d,k,e)\ ++ DES_encrypt2((d),&(k),(e)) ++# define des_encrypt3(d,k1,k2,k3)\ ++ DES_encrypt3((d),&(k1),&(k2),&(k3)) ++# define des_decrypt3(d,k1,k2,k3)\ ++ DES_decrypt3((d),&(k1),&(k2),&(k3)) ++# define des_xwhite_in2out(k,i,o)\ ++ DES_xwhite_in2out((k),(i),(o)) ++# define des_enc_read(f,b,l,k,iv)\ ++ DES_enc_read((f),(b),(l),&(k),(iv)) ++# define des_enc_write(f,b,l,k,iv)\ ++ DES_enc_write((f),(b),(l),&(k),(iv)) ++# define des_fcrypt(b,s,r)\ ++ DES_fcrypt((b),(s),(r)) ++# if 0 ++# define des_crypt(b,s)\ ++ DES_crypt((b),(s)) ++# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) ++# define crypt(b,s)\ ++ DES_crypt((b),(s)) ++# endif ++# endif ++# define des_ofb_encrypt(i,o,n,l,k,iv)\ ++ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) ++# define des_pcbc_encrypt(i,o,l,k,iv,e)\ ++ DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) ++# define des_quad_cksum(i,o,l,c,s)\ ++ DES_quad_cksum((i),(o),(l),(c),(s)) ++# define des_random_seed(k)\ ++ _ossl_096_des_random_seed((k)) ++# define des_random_key(r)\ ++ DES_random_key((r)) ++# define des_read_password(k,p,v) \ ++ DES_read_password((k),(p),(v)) ++# define des_read_2passwords(k1,k2,p,v) \ ++ DES_read_2passwords((k1),(k2),(p),(v)) ++# define des_set_odd_parity(k)\ ++ DES_set_odd_parity((k)) ++# define des_check_key_parity(k)\ ++ DES_check_key_parity((k)) ++# define des_is_weak_key(k)\ ++ DES_is_weak_key((k)) ++# define des_set_key(k,ks)\ ++ DES_set_key((k),&(ks)) ++# define des_key_sched(k,ks)\ ++ DES_key_sched((k),&(ks)) ++# define des_set_key_checked(k,ks)\ ++ DES_set_key_checked((k),&(ks)) ++# define des_set_key_unchecked(k,ks)\ ++ DES_set_key_unchecked((k),&(ks)) ++# define des_string_to_key(s,k)\ ++ DES_string_to_key((s),(k)) ++# define des_string_to_2keys(s,k1,k2)\ ++ DES_string_to_2keys((s),(k1),(k2)) ++# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ ++ DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) ++# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ ++ DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) ++ ++# define des_ecb2_encrypt(i,o,k1,k2,e) \ ++ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) ++ ++# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ ++ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) ++ ++# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ ++ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) ++ ++# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ ++ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) ++ ++# define des_check_key DES_check_key ++# define des_rw_mode DES_rw_mode ++# else /* libdes compatibility */ ++/* ++ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with ++ * libdes ++ */ ++# define des_cblock _ossl_old_des_cblock ++# define des_key_schedule _ossl_old_des_key_schedule ++# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ ++ _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) ++# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ ++ _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) ++# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ ++ _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) ++# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ ++ _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) ++# define des_options()\ ++ _ossl_old_des_options() ++# define des_cbc_cksum(i,o,l,k,iv)\ ++ _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) ++# define des_cbc_encrypt(i,o,l,k,iv,e)\ ++ _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) ++# define des_ncbc_encrypt(i,o,l,k,iv,e)\ ++ _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) ++# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ ++ _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) ++# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ ++ _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) ++# define des_ecb_encrypt(i,o,k,e)\ ++ _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) ++# define des_encrypt(d,k,e)\ ++ _ossl_old_des_encrypt((d),(k),(e)) ++# define des_encrypt2(d,k,e)\ ++ _ossl_old_des_encrypt2((d),(k),(e)) ++# define des_encrypt3(d,k1,k2,k3)\ ++ _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) ++# define des_decrypt3(d,k1,k2,k3)\ ++ _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) ++# define des_xwhite_in2out(k,i,o)\ ++ _ossl_old_des_xwhite_in2out((k),(i),(o)) ++# define des_enc_read(f,b,l,k,iv)\ ++ _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) ++# define des_enc_write(f,b,l,k,iv)\ ++ _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) ++# define des_fcrypt(b,s,r)\ ++ _ossl_old_des_fcrypt((b),(s),(r)) ++# define des_crypt(b,s)\ ++ _ossl_old_des_crypt((b),(s)) ++# if 0 ++# define crypt(b,s)\ ++ _ossl_old_crypt((b),(s)) ++# endif ++# define des_ofb_encrypt(i,o,n,l,k,iv)\ ++ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) ++# define des_pcbc_encrypt(i,o,l,k,iv,e)\ ++ _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) ++# define des_quad_cksum(i,o,l,c,s)\ ++ _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) ++# define des_random_seed(k)\ ++ _ossl_old_des_random_seed((k)) ++# define des_random_key(r)\ ++ _ossl_old_des_random_key((r)) ++# define des_read_password(k,p,v) \ ++ _ossl_old_des_read_password((k),(p),(v)) ++# define des_read_2passwords(k1,k2,p,v) \ ++ _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) ++# define des_set_odd_parity(k)\ ++ _ossl_old_des_set_odd_parity((k)) ++# define des_is_weak_key(k)\ ++ _ossl_old_des_is_weak_key((k)) ++# define des_set_key(k,ks)\ ++ _ossl_old_des_set_key((k),(ks)) ++# define des_key_sched(k,ks)\ ++ _ossl_old_des_key_sched((k),(ks)) ++# define des_string_to_key(s,k)\ ++ _ossl_old_des_string_to_key((s),(k)) ++# define des_string_to_2keys(s,k1,k2)\ ++ _ossl_old_des_string_to_2keys((s),(k1),(k2)) ++# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ ++ _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) ++# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ ++ _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) ++ ++# define des_ecb2_encrypt(i,o,k1,k2,e) \ ++ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) ++ ++# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ ++ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) ++ ++# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ ++ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) ++ ++# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ ++ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) ++ ++# define des_check_key DES_check_key ++# define des_rw_mode DES_rw_mode ++# endif + + const char *_ossl_old_des_options(void); +-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2, +- _ossl_old_des_key_schedule ks3, int enc); +-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); +-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec, +- _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc); +-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, +- long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- _ossl_old_des_key_schedule ks,int enc); +-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); +-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); ++void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, int enc); ++DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec); ++void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, ++ _ossl_old_des_cblock *inw, ++ _ossl_old_des_cblock *outw, int enc); ++void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ _ossl_old_des_key_schedule ks, int enc); ++void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, ++ int enc); ++void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, ++ int enc); + void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, +- _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3); + void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, +- _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); +-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, +- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, +- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc); ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3); ++void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int enc); + void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, +- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, +- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc); ++ long length, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc); + void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, +- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, +- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); +-#if 0 +-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), +- _ossl_old_des_cblock (*out_white)); +-#endif +- +-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, +- _ossl_old_des_cblock *iv); +-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, +- _ossl_old_des_cblock *iv); +-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); +-char *_ossl_old_des_crypt(const char *buf,const char *salt); +-#if !defined(PERL5) && !defined(NeXT) +-char *_ossl_old_crypt(const char *buf,const char *salt); +-#endif +-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, +- int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); +-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); +-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- long length,int out_count,_ossl_old_des_cblock *seed); ++ long length, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num); ++# if 0 ++void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), ++ _ossl_old_des_cblock (*in_white), ++ _ossl_old_des_cblock (*out_white)); ++# endif ++ ++int _ossl_old_des_enc_read(int fd, char *buf, int len, ++ _ossl_old_des_key_schedule sched, ++ _ossl_old_des_cblock *iv); ++int _ossl_old_des_enc_write(int fd, char *buf, int len, ++ _ossl_old_des_key_schedule sched, ++ _ossl_old_des_cblock *iv); ++char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); ++char *_ossl_old_des_crypt(const char *buf, const char *salt); ++# if !defined(PERL5) && !defined(NeXT) ++char *_ossl_old_crypt(const char *buf, const char *salt); ++# endif ++void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec); ++void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ int out_count, _ossl_old_des_cblock *seed); + void _ossl_old_des_random_seed(_ossl_old_des_cblock key); + void _ossl_old_des_random_key(_ossl_old_des_cblock ret); +-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify); +-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2, +- const char *prompt,int verify); ++int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, ++ int verify); ++int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2, ++ const char *prompt, int verify); + void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); + int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); +-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); +-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); +-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key); +-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2); +-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, +- _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc); +-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, +- _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num); ++int _ossl_old_des_set_key(_ossl_old_des_cblock *key, ++ _ossl_old_des_key_schedule schedule); ++int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, ++ _ossl_old_des_key_schedule schedule); ++void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); ++void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2); ++void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc); ++void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num); + + void _ossl_096_des_random_seed(des_cblock *key); + +-/* The following definitions provide compatibility with the MIT Kerberos +- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */ ++/* ++ * The following definitions provide compatibility with the MIT Kerberos ++ * library. The _ossl_old_des_key_schedule structure is not binary ++ * compatible. ++ */ + +-#define _KERBEROS_DES_H ++# define _KERBEROS_DES_H + +-#define KRBDES_ENCRYPT DES_ENCRYPT +-#define KRBDES_DECRYPT DES_DECRYPT ++# define KRBDES_ENCRYPT DES_ENCRYPT ++# define KRBDES_DECRYPT DES_DECRYPT + +-#ifdef KERBEROS ++# ifdef KERBEROS + # define ENCRYPT DES_ENCRYPT + # define DECRYPT DES_DECRYPT +-#endif ++# endif + +-#ifndef NCOMPAT ++# ifndef NCOMPAT + # define C_Block des_cblock + # define Key_schedule des_key_schedule + # define KEY_SZ DES_KEY_SZ +@@ -432,15 +483,15 @@ void _ossl_096_des_random_seed(des_cblock *key); + # define cbc_cksum des_cbc_cksum + # define quad_cksum des_quad_cksum + # define check_parity des_check_key_parity +-#endif ++# endif + +-#define des_fixup_key_parity DES_fixup_key_parity ++# define des_fixup_key_parity DES_fixup_key_parity + + #ifdef __cplusplus + } + #endif + + /* for DES_read_pw_string et al */ +-#include ++# include + + #endif +diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h +index 10475ac..10d9f78 100644 +--- a/Cryptlib/Include/openssl/dh.h ++++ b/Cryptlib/Include/openssl/dh.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,36 +57,39 @@ + */ + + #ifndef HEADER_DH_H +-#define HEADER_DH_H ++# define HEADER_DH_H + +-#include ++# include + +-#ifdef OPENSSL_NO_DH +-#error DH is disabled. +-#endif ++# ifdef OPENSSL_NO_DH ++# error DH is disabled. ++# endif + +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif +- +-#ifndef OPENSSL_DH_MAX_MODULUS_BITS +-# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +-#endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif ++ ++# ifndef OPENSSL_DH_MAX_MODULUS_BITS ++# define OPENSSL_DH_MAX_MODULUS_BITS 10000 ++# endif + +-#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 ++# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +-#define DH_FLAG_CACHE_MONT_P 0x01 +-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH +- * implementation now uses constant time +- * modular exponentiation for secret exponents +- * by default. This flag causes the +- * faster variable sliding window method to +- * be used for all exponents. +- */ ++# define DH_FLAG_CACHE_MONT_P 0x01 ++ ++/* ++ * new with 0.9.7h; the built-in DH ++ * implementation now uses constant time ++ * modular exponentiation for secret exponents ++ * by default. This flag causes the ++ * faster variable sliding window method to ++ * be used for all exponents. ++ */ ++# define DH_FLAG_NO_EXP_CONSTTIME 0x02 + + #ifdef __cplusplus + extern "C" { +@@ -96,124 +99,127 @@ extern "C" { + /* typedef struct dh_st DH; */ + /* typedef struct dh_method DH_METHOD; */ + +-struct dh_method +- { +- const char *name; +- /* Methods here */ +- int (*generate_key)(DH *dh); +- int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); +- int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); /* Can be null */ +- +- int (*init)(DH *dh); +- int (*finish)(DH *dh); +- int flags; +- char *app_data; +- /* If this is non-NULL, it will be used to generate parameters */ +- int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); +- }; +- +-struct dh_st +- { +- /* This first argument is used to pick up errors when +- * a DH is passed instead of a EVP_PKEY */ +- int pad; +- int version; +- BIGNUM *p; +- BIGNUM *g; +- long length; /* optional */ +- BIGNUM *pub_key; /* g^x */ +- BIGNUM *priv_key; /* x */ +- +- int flags; +- BN_MONT_CTX *method_mont_p; +- /* Place holders if we want to do X9.42 DH */ +- BIGNUM *q; +- BIGNUM *j; +- unsigned char *seed; +- int seedlen; +- BIGNUM *counter; +- +- int references; +- CRYPTO_EX_DATA ex_data; +- const DH_METHOD *meth; +- ENGINE *engine; +- }; +- +-#define DH_GENERATOR_2 2 +-/* #define DH_GENERATOR_3 3 */ +-#define DH_GENERATOR_5 5 ++struct dh_method { ++ const char *name; ++ /* Methods here */ ++ int (*generate_key) (DH *dh); ++ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); ++ /* Can be null */ ++ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx); ++ int (*init) (DH *dh); ++ int (*finish) (DH *dh); ++ int flags; ++ char *app_data; ++ /* If this is non-NULL, it will be used to generate parameters */ ++ int (*generate_params) (DH *dh, int prime_len, int generator, ++ BN_GENCB *cb); ++}; ++ ++struct dh_st { ++ /* ++ * This first argument is used to pick up errors when a DH is passed ++ * instead of a EVP_PKEY ++ */ ++ int pad; ++ int version; ++ BIGNUM *p; ++ BIGNUM *g; ++ long length; /* optional */ ++ BIGNUM *pub_key; /* g^x */ ++ BIGNUM *priv_key; /* x */ ++ int flags; ++ BN_MONT_CTX *method_mont_p; ++ /* Place holders if we want to do X9.42 DH */ ++ BIGNUM *q; ++ BIGNUM *j; ++ unsigned char *seed; ++ int seedlen; ++ BIGNUM *counter; ++ int references; ++ CRYPTO_EX_DATA ex_data; ++ const DH_METHOD *meth; ++ ENGINE *engine; ++}; ++ ++# define DH_GENERATOR_2 2 ++/* #define DH_GENERATOR_3 3 */ ++# define DH_GENERATOR_5 5 + + /* DH_check error codes */ +-#define DH_CHECK_P_NOT_PRIME 0x01 +-#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +-#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +-#define DH_NOT_SUITABLE_GENERATOR 0x08 ++# define DH_CHECK_P_NOT_PRIME 0x01 ++# define DH_CHECK_P_NOT_SAFE_PRIME 0x02 ++# define DH_UNABLE_TO_CHECK_GENERATOR 0x04 ++# define DH_NOT_SUITABLE_GENERATOR 0x08 + + /* DH_check_pub_key error codes */ +-#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +-#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 ++# define DH_CHECK_PUBKEY_TOO_SMALL 0x01 ++# define DH_CHECK_PUBKEY_TOO_LARGE 0x02 + +-/* primes p where (p-1)/2 is prime too are called "safe"; we define +- this for backward compatibility: */ +-#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME ++/* ++ * primes p where (p-1)/2 is prime too are called "safe"; we define this for ++ * backward compatibility: ++ */ ++# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) +-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ +- (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) +-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ +- (unsigned char *)(x)) +-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) +-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) ++# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x) ++# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ ++ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) ++# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ ++ (unsigned char *)(x)) ++# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x) ++# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x) + + const DH_METHOD *DH_OpenSSL(void); + +-#ifdef OPENSSL_FIPS +-DH * FIPS_dh_new(void); +-void FIPS_dh_free(DH *dh); +-#endif ++# ifdef OPENSSL_FIPS ++DH *FIPS_dh_new(void); ++void FIPS_dh_free(DH *dh); ++# endif + + void DH_set_default_method(const DH_METHOD *meth); + const DH_METHOD *DH_get_default_method(void); + int DH_set_method(DH *dh, const DH_METHOD *meth); + DH *DH_new_method(ENGINE *engine); + +-DH * DH_new(void); +-void DH_free(DH *dh); +-int DH_up_ref(DH *dh); +-int DH_size(const DH *dh); ++DH *DH_new(void); ++void DH_free(DH *dh); ++int DH_up_ref(DH *dh); ++int DH_size(const DH *dh); + int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int DH_set_ex_data(DH *d, int idx, void *arg); + void *DH_get_ex_data(DH *d, int idx); + + /* Deprecated version */ +-#ifndef OPENSSL_NO_DEPRECATED +-DH * DH_generate_parameters(int prime_len,int generator, +- void (*callback)(int,int,void *),void *cb_arg); +-#endif /* !defined(OPENSSL_NO_DEPRECATED) */ ++# ifndef OPENSSL_NO_DEPRECATED ++DH *DH_generate_parameters(int prime_len, int generator, ++ void (*callback) (int, int, void *), void *cb_arg); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* New version */ +-int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); +- +-int DH_check(const DH *dh,int *codes); +-int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); +-int DH_generate_key(DH *dh); +-int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); +-DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); +-int i2d_DHparams(const DH *a,unsigned char **pp); +-#ifndef OPENSSL_NO_FP_API +-int DHparams_print_fp(FILE *fp, const DH *x); +-#endif +-#ifndef OPENSSL_NO_BIO +-int DHparams_print(BIO *bp, const DH *x); +-#else +-int DHparams_print(char *bp, const DH *x); +-#endif ++int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, ++ BN_GENCB *cb); ++ ++int DH_check(const DH *dh, int *codes); ++int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); ++int DH_generate_key(DH *dh); ++int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); ++DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); ++int i2d_DHparams(const DH *a, unsigned char **pp); ++# ifndef OPENSSL_NO_FP_API ++int DHparams_print_fp(FILE *fp, const DH *x); ++# endif ++# ifndef OPENSSL_NO_BIO ++int DHparams_print(BIO *bp, const DH *x); ++# else ++int DHparams_print(char *bp, const DH *x); ++# endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_DH_strings(void); +@@ -221,23 +227,23 @@ void ERR_load_DH_strings(void); + /* Error codes for the DH functions. */ + + /* Function codes. */ +-#define DH_F_COMPUTE_KEY 102 +-#define DH_F_DHPARAMS_PRINT 100 +-#define DH_F_DHPARAMS_PRINT_FP 101 +-#define DH_F_DH_BUILTIN_GENPARAMS 106 +-#define DH_F_DH_COMPUTE_KEY 107 +-#define DH_F_DH_GENERATE_KEY 108 +-#define DH_F_DH_GENERATE_PARAMETERS 109 +-#define DH_F_DH_NEW_METHOD 105 +-#define DH_F_GENERATE_KEY 103 +-#define DH_F_GENERATE_PARAMETERS 104 ++# define DH_F_COMPUTE_KEY 102 ++# define DH_F_DHPARAMS_PRINT 100 ++# define DH_F_DHPARAMS_PRINT_FP 101 ++# define DH_F_DH_BUILTIN_GENPARAMS 106 ++# define DH_F_DH_COMPUTE_KEY 107 ++# define DH_F_DH_GENERATE_KEY 108 ++# define DH_F_DH_GENERATE_PARAMETERS 109 ++# define DH_F_DH_NEW_METHOD 105 ++# define DH_F_GENERATE_KEY 103 ++# define DH_F_GENERATE_PARAMETERS 104 + + /* Reason codes. */ +-#define DH_R_BAD_GENERATOR 101 +-#define DH_R_INVALID_PUBKEY 102 +-#define DH_R_KEY_SIZE_TOO_SMALL 104 +-#define DH_R_MODULUS_TOO_LARGE 103 +-#define DH_R_NO_PRIVATE_VALUE 100 ++# define DH_R_BAD_GENERATOR 101 ++# define DH_R_INVALID_PUBKEY 102 ++# define DH_R_KEY_SIZE_TOO_SMALL 104 ++# define DH_R_MODULUS_TOO_LARGE 103 ++# define DH_R_NO_PRIVATE_VALUE 100 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/dsa.h b/Cryptlib/Include/openssl/dsa.h +index 702c50d..8f7b5de 100644 +--- a/Cryptlib/Include/openssl/dsa.h ++++ b/Cryptlib/Include/openssl/dsa.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,60 +63,61 @@ + * stylistic vision for SSLeay :-) */ + + #ifndef HEADER_DSA_H +-#define HEADER_DSA_H ++# define HEADER_DSA_H + +-#include ++# include + +-#ifdef OPENSSL_NO_DSA +-#error DSA is disabled. +-#endif ++# ifdef OPENSSL_NO_DSA ++# error DSA is disabled. ++# endif + +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#include +-#include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include + +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#ifndef OPENSSL_NO_DH +-# include +-#endif +-#endif ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++# endif + +-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +-# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +-#endif ++# ifndef OPENSSL_DSA_MAX_MODULUS_BITS ++# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 ++# endif ++ ++# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 ++ ++# define DSA_FLAG_CACHE_MONT_P 0x01 ++/* ++ * new with 0.9.7h; the built-in DSA implementation now uses constant time ++ * modular exponentiation for secret exponents by default. This flag causes ++ * the faster variable sliding window method to be used for all exponents. ++ */ ++# define DSA_FLAG_NO_EXP_CONSTTIME 0x02 + +-#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 +- +-#define DSA_FLAG_CACHE_MONT_P 0x01 +-#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA +- * implementation now uses constant time +- * modular exponentiation for secret exponents +- * by default. This flag causes the +- * faster variable sliding window method to +- * be used for all exponents. +- */ +- +-/* If this flag is set the DSA method is FIPS compliant and can be used +- * in FIPS mode. This is set in the validated module method. If an +- * application sets this flag in its own methods it is its reposibility +- * to ensure the result is compliant. ++/* ++ * If this flag is set the DSA method is FIPS compliant and can be used in ++ * FIPS mode. This is set in the validated module method. If an application ++ * sets this flag in its own methods it is its reposibility to ensure the ++ * result is compliant. + */ + +-#define DSA_FLAG_FIPS_METHOD 0x0400 ++# define DSA_FLAG_FIPS_METHOD 0x0400 + +-/* If this flag is set the operations normally disabled in FIPS mode are ++/* ++ * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +-#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 ++# define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +-#ifdef OPENSSL_FIPS +-#define FIPS_DSA_SIZE_T int +-#endif ++# ifdef OPENSSL_FIPS ++# define FIPS_DSA_SIZE_T int ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -126,162 +127,163 @@ extern "C" { + /* typedef struct dsa_st DSA; */ + /* typedef struct dsa_method DSA_METHOD; */ + +-typedef struct DSA_SIG_st +- { +- BIGNUM *r; +- BIGNUM *s; +- } DSA_SIG; +- +-struct dsa_method +- { +- const char *name; +- DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); +- int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp); +- int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa); +- int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, +- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *in_mont); +- int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); /* Can be null */ +- int (*init)(DSA *dsa); +- int (*finish)(DSA *dsa); +- int flags; +- char *app_data; +- /* If this is non-NULL, it is used to generate DSA parameters */ +- int (*dsa_paramgen)(DSA *dsa, int bits, +- unsigned char *seed, int seed_len, +- int *counter_ret, unsigned long *h_ret, +- BN_GENCB *cb); +- /* If this is non-NULL, it is used to generate DSA keys */ +- int (*dsa_keygen)(DSA *dsa); +- }; +- +-struct dsa_st +- { +- /* This first variable is used to pick up errors where +- * a DSA is passed instead of of a EVP_PKEY */ +- int pad; +- long version; +- int write_params; +- BIGNUM *p; +- BIGNUM *q; /* == 20 */ +- BIGNUM *g; +- +- BIGNUM *pub_key; /* y public key */ +- BIGNUM *priv_key; /* x private key */ +- +- BIGNUM *kinv; /* Signing pre-calc */ +- BIGNUM *r; /* Signing pre-calc */ +- +- int flags; +- /* Normally used to cache montgomery values */ +- BN_MONT_CTX *method_mont_p; +- int references; +- CRYPTO_EX_DATA ex_data; +- const DSA_METHOD *meth; +- /* functional reference if 'meth' is ENGINE-provided */ +- ENGINE *engine; +- }; +- +-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) +-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ +- (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ +- (unsigned char *)(x)) +-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) +-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) +- +- +-DSA_SIG * DSA_SIG_new(void); +-void DSA_SIG_free(DSA_SIG *a); +-int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +- +-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); +-int DSA_do_verify(const unsigned char *dgst,int dgst_len, +- DSA_SIG *sig,DSA *dsa); ++typedef struct DSA_SIG_st { ++ BIGNUM *r; ++ BIGNUM *s; ++} DSA_SIG; ++ ++struct dsa_method { ++ const char *name; ++ DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); ++ int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp); ++ int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa); ++ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, ++ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); ++ /* Can be null */ ++ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ int (*init) (DSA *dsa); ++ int (*finish) (DSA *dsa); ++ int flags; ++ char *app_data; ++ /* If this is non-NULL, it is used to generate DSA parameters */ ++ int (*dsa_paramgen) (DSA *dsa, int bits, ++ unsigned char *seed, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb); ++ /* If this is non-NULL, it is used to generate DSA keys */ ++ int (*dsa_keygen) (DSA *dsa); ++}; ++ ++struct dsa_st { ++ /* ++ * This first variable is used to pick up errors where a DSA is passed ++ * instead of of a EVP_PKEY ++ */ ++ int pad; ++ long version; ++ int write_params; ++ BIGNUM *p; ++ BIGNUM *q; /* == 20 */ ++ BIGNUM *g; ++ BIGNUM *pub_key; /* y public key */ ++ BIGNUM *priv_key; /* x private key */ ++ BIGNUM *kinv; /* Signing pre-calc */ ++ BIGNUM *r; /* Signing pre-calc */ ++ int flags; ++ /* Normally used to cache montgomery values */ ++ BN_MONT_CTX *method_mont_p; ++ int references; ++ CRYPTO_EX_DATA ex_data; ++ const DSA_METHOD *meth; ++ /* functional reference if 'meth' is ENGINE-provided */ ++ ENGINE *engine; ++}; ++ ++# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) ++# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ ++ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) ++# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ ++ (unsigned char *)(x)) ++# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) ++# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) ++ ++DSA_SIG *DSA_SIG_new(void); ++void DSA_SIG_free(DSA_SIG *a); ++int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); ++DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); ++ ++DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); ++int DSA_do_verify(const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa); + + const DSA_METHOD *DSA_OpenSSL(void); + +-void DSA_set_default_method(const DSA_METHOD *); ++void DSA_set_default_method(const DSA_METHOD *); + const DSA_METHOD *DSA_get_default_method(void); +-int DSA_set_method(DSA *dsa, const DSA_METHOD *); ++int DSA_set_method(DSA *dsa, const DSA_METHOD *); + +-#ifdef OPENSSL_FIPS +-DSA * FIPS_dsa_new(void); +-void FIPS_dsa_free (DSA *r); +-#endif ++# ifdef OPENSSL_FIPS ++DSA *FIPS_dsa_new(void); ++void FIPS_dsa_free(DSA *r); ++# endif + +-DSA * DSA_new(void); +-DSA * DSA_new_method(ENGINE *engine); +-void DSA_free (DSA *r); ++DSA *DSA_new(void); ++DSA *DSA_new_method(ENGINE *engine); ++void DSA_free(DSA *r); + /* "up" the DSA object's reference count */ +-int DSA_up_ref(DSA *r); +-int DSA_size(const DSA *); +- /* next 4 return -1 on error */ +-int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); +-int DSA_sign(int type,const unsigned char *dgst,int dlen, +- unsigned char *sig, unsigned int *siglen, DSA *dsa); +-int DSA_verify(int type,const unsigned char *dgst,int dgst_len, +- const unsigned char *sigbuf, int siglen, DSA *dsa); ++int DSA_up_ref(DSA *r); ++int DSA_size(const DSA *); ++ /* next 4 return -1 on error */ ++int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); ++int DSA_sign(int type, const unsigned char *dgst, int dlen, ++ unsigned char *sig, unsigned int *siglen, DSA *dsa); ++int DSA_verify(int type, const unsigned char *dgst, int dgst_len, ++ const unsigned char *sigbuf, int siglen, DSA *dsa); + int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int DSA_set_ex_data(DSA *d, int idx, void *arg); + void *DSA_get_ex_data(DSA *d, int idx); + +-DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +-DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +-DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); ++DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); ++DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); ++DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + + /* Deprecated version */ +-#ifndef OPENSSL_NO_DEPRECATED +-DSA * DSA_generate_parameters(int bits, +- unsigned char *seed,int seed_len, +- int *counter_ret, unsigned long *h_ret,void +- (*callback)(int, int, void *),void *cb_arg); +-#endif /* !defined(OPENSSL_NO_DEPRECATED) */ ++# ifndef OPENSSL_NO_DEPRECATED ++DSA *DSA_generate_parameters(int bits, ++ unsigned char *seed, int seed_len, ++ int *counter_ret, unsigned long *h_ret, void ++ (*callback) (int, int, void *), void *cb_arg); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* New version */ +-int DSA_generate_parameters_ex(DSA *dsa, int bits, +- unsigned char *seed,int seed_len, +- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); +- +-int DSA_generate_key(DSA *a); +-int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +-int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +-int i2d_DSAparams(const DSA *a,unsigned char **pp); +- +-#ifndef OPENSSL_NO_BIO +-int DSAparams_print(BIO *bp, const DSA *x); +-int DSA_print(BIO *bp, const DSA *x, int off); +-#endif +-#ifndef OPENSSL_NO_FP_API +-int DSAparams_print_fp(FILE *fp, const DSA *x); +-int DSA_print_fp(FILE *bp, const DSA *x, int off); +-#endif +- +-#define DSS_prime_checks 50 +-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1: +- * 50 rounds of Rabin-Miller */ +-#define DSA_is_prime(n, callback, cb_arg) \ +- BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) ++int DSA_generate_parameters_ex(DSA *dsa, int bits, ++ unsigned char *seed, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb); ++ ++int DSA_generate_key(DSA *a); ++int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); ++int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); ++int i2d_DSAparams(const DSA *a, unsigned char **pp); ++ ++# ifndef OPENSSL_NO_BIO ++int DSAparams_print(BIO *bp, const DSA *x); ++int DSA_print(BIO *bp, const DSA *x, int off); ++# endif ++# ifndef OPENSSL_NO_FP_API ++int DSAparams_print_fp(FILE *fp, const DSA *x); ++int DSA_print_fp(FILE *bp, const DSA *x, int off); ++# endif ++ ++# define DSS_prime_checks 50 ++/* ++ * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of ++ * Rabin-Miller ++ */ ++# define DSA_is_prime(n, callback, cb_arg) \ ++ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) + +-#ifndef OPENSSL_NO_DH +-/* Convert DSA structure (key or just parameters) into DH structure +- * (be careful to avoid small subgroup attacks when using this!) */ ++# ifndef OPENSSL_NO_DH ++/* ++ * Convert DSA structure (key or just parameters) into DH structure (be ++ * careful to avoid small subgroup attacks when using this!) ++ */ + DH *DSA_dup_DH(const DSA *r); +-#endif ++# endif + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); + int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); +-#endif ++# endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_DSA_strings(void); +@@ -289,34 +291,34 @@ void ERR_load_DSA_strings(void); + /* Error codes for the DSA functions. */ + + /* Function codes. */ +-#define DSA_F_D2I_DSA_SIG 110 +-#define DSA_F_DSAPARAMS_PRINT 100 +-#define DSA_F_DSAPARAMS_PRINT_FP 101 +-#define DSA_F_DSA_BUILTIN_KEYGEN 119 +-#define DSA_F_DSA_BUILTIN_PARAMGEN 118 +-#define DSA_F_DSA_DO_SIGN 112 +-#define DSA_F_DSA_DO_VERIFY 113 +-#define DSA_F_DSA_GENERATE_PARAMETERS 117 +-#define DSA_F_DSA_NEW_METHOD 103 +-#define DSA_F_DSA_PRINT 104 +-#define DSA_F_DSA_PRINT_FP 105 +-#define DSA_F_DSA_SET_DEFAULT_METHOD 115 +-#define DSA_F_DSA_SET_METHOD 116 +-#define DSA_F_DSA_SIGN 106 +-#define DSA_F_DSA_SIGN_SETUP 107 +-#define DSA_F_DSA_SIG_NEW 109 +-#define DSA_F_DSA_VERIFY 108 +-#define DSA_F_I2D_DSA_SIG 111 +-#define DSA_F_SIG_CB 114 ++# define DSA_F_D2I_DSA_SIG 110 ++# define DSA_F_DSAPARAMS_PRINT 100 ++# define DSA_F_DSAPARAMS_PRINT_FP 101 ++# define DSA_F_DSA_BUILTIN_KEYGEN 119 ++# define DSA_F_DSA_BUILTIN_PARAMGEN 118 ++# define DSA_F_DSA_DO_SIGN 112 ++# define DSA_F_DSA_DO_VERIFY 113 ++# define DSA_F_DSA_GENERATE_PARAMETERS 117 ++# define DSA_F_DSA_NEW_METHOD 103 ++# define DSA_F_DSA_PRINT 104 ++# define DSA_F_DSA_PRINT_FP 105 ++# define DSA_F_DSA_SET_DEFAULT_METHOD 115 ++# define DSA_F_DSA_SET_METHOD 116 ++# define DSA_F_DSA_SIGN 106 ++# define DSA_F_DSA_SIGN_SETUP 107 ++# define DSA_F_DSA_SIG_NEW 109 ++# define DSA_F_DSA_VERIFY 108 ++# define DSA_F_I2D_DSA_SIG 111 ++# define DSA_F_SIG_CB 114 + + /* Reason codes. */ +-#define DSA_R_BAD_Q_VALUE 102 +-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +-#define DSA_R_KEY_SIZE_TOO_SMALL 106 +-#define DSA_R_MISSING_PARAMETERS 101 +-#define DSA_R_MODULUS_TOO_LARGE 103 +-#define DSA_R_NON_FIPS_METHOD 104 +-#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 ++# define DSA_R_BAD_Q_VALUE 102 ++# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 ++# define DSA_R_KEY_SIZE_TOO_SMALL 106 ++# define DSA_R_MISSING_PARAMETERS 101 ++# define DSA_R_MODULUS_TOO_LARGE 103 ++# define DSA_R_NON_FIPS_METHOD 104 ++# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/dso.h b/Cryptlib/Include/openssl/dso.h +index 3e51913..277427d 100644 +--- a/Cryptlib/Include/openssl/dso.h ++++ b/Cryptlib/Include/openssl/dso.h +@@ -1,6 +1,7 @@ + /* dso.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,212 +58,244 @@ + */ + + #ifndef HEADER_DSO_H +-#define HEADER_DSO_H ++# define HEADER_DSO_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* These values are used as commands to DSO_ctrl() */ +-#define DSO_CTRL_GET_FLAGS 1 +-#define DSO_CTRL_SET_FLAGS 2 +-#define DSO_CTRL_OR_FLAGS 3 ++# define DSO_CTRL_GET_FLAGS 1 ++# define DSO_CTRL_SET_FLAGS 2 ++# define DSO_CTRL_OR_FLAGS 3 + +-/* By default, DSO_load() will translate the provided filename into a form ++/* ++ * By default, DSO_load() will translate the provided filename into a form + * typical for the platform (more specifically the DSO_METHOD) using the + * dso_name_converter function of the method. Eg. win32 will transform "blah" + * into "blah.dll", and dlfcn will transform it into "libblah.so". The +- * behaviour can be overriden by setting the name_converter callback in the DSO +- * object (using DSO_set_name_converter()). This callback could even utilise +- * the DSO_METHOD's converter too if it only wants to override behaviour for +- * one or two possible DSO methods. However, the following flag can be set in a +- * DSO to prevent *any* native name-translation at all - eg. if the caller has +- * prompted the user for a path to a driver library so the filename should be +- * interpreted as-is. */ +-#define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +-/* An extra flag to give if only the extension should be added as +- * translation. This is obviously only of importance on Unix and +- * other operating systems where the translation also may prefix +- * the name with something, like 'lib', and ignored everywhere else. +- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used +- * at the same time. */ +-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 +- +-/* The following flag controls the translation of symbol names to upper +- * case. This is currently only being implemented for OpenVMS. ++ * behaviour can be overriden by setting the name_converter callback in the ++ * DSO object (using DSO_set_name_converter()). This callback could even ++ * utilise the DSO_METHOD's converter too if it only wants to override ++ * behaviour for one or two possible DSO methods. However, the following flag ++ * can be set in a DSO to prevent *any* native name-translation at all - eg. ++ * if the caller has prompted the user for a path to a driver library so the ++ * filename should be interpreted as-is. ++ */ ++# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 ++/* ++ * An extra flag to give if only the extension should be added as ++ * translation. This is obviously only of importance on Unix and other ++ * operating systems where the translation also may prefix the name with ++ * something, like 'lib', and ignored everywhere else. This flag is also ++ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. + */ +-#define DSO_FLAG_UPCASE_SYMBOL 0x10 ++# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 + +-/* This flag loads the library with public symbols. +- * Meaning: The exported symbols of this library are public +- * to all libraries loaded after this library. +- * At the moment only implemented in unix. ++/* ++ * The following flag controls the translation of symbol names to upper case. ++ * This is currently only being implemented for OpenVMS. + */ +-#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 ++# define DSO_FLAG_UPCASE_SYMBOL 0x10 + ++/* ++ * This flag loads the library with public symbols. Meaning: The exported ++ * symbols of this library are public to all libraries loaded after this ++ * library. At the moment only implemented in unix. ++ */ ++# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + +-typedef void (*DSO_FUNC_TYPE)(void); ++typedef void (*DSO_FUNC_TYPE) (void); + + typedef struct dso_st DSO; + +-/* The function prototype used for method functions (or caller-provided +- * callbacks) that transform filenames. They are passed a DSO structure pointer +- * (or NULL if they are to be used independantly of a DSO object) and a +- * filename to transform. They should either return NULL (if there is an error +- * condition) or a newly allocated string containing the transformed form that +- * the caller will need to free with OPENSSL_free() when done. */ +-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +-/* The function prototype used for method functions (or caller-provided +- * callbacks) that merge two file specifications. They are passed a +- * DSO structure pointer (or NULL if they are to be used independantly of +- * a DSO object) and two file specifications to merge. They should +- * either return NULL (if there is an error condition) or a newly allocated +- * string containing the result of merging that the caller will need +- * to free with OPENSSL_free() when done. +- * Here, merging means that bits and pieces are taken from each of the +- * file specifications and added together in whatever fashion that is +- * sensible for the DSO method in question. The only rule that really +- * applies is that if the two specification contain pieces of the same +- * type, the copy from the first string takes priority. One could see +- * it as the first specification is the one given by the user and the +- * second being a bunch of defaults to add on if they're missing in the +- * first. */ +-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *); +- +-typedef struct dso_meth_st +- { +- const char *name; +- /* Loads a shared library, NB: new DSO_METHODs must ensure that a +- * successful load populates the loaded_filename field, and likewise a +- * successful unload OPENSSL_frees and NULLs it out. */ +- int (*dso_load)(DSO *dso); +- /* Unloads a shared library */ +- int (*dso_unload)(DSO *dso); +- /* Binds a variable */ +- void *(*dso_bind_var)(DSO *dso, const char *symname); +- /* Binds a function - assumes a return type of DSO_FUNC_TYPE. +- * This should be cast to the real function prototype by the +- * caller. Platforms that don't have compatible representations +- * for different prototypes (this is possible within ANSI C) +- * are highly unlikely to have shared libraries at all, let +- * alone a DSO_METHOD implemented for them. */ +- DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname); +- ++/* ++ * The function prototype used for method functions (or caller-provided ++ * callbacks) that transform filenames. They are passed a DSO structure ++ * pointer (or NULL if they are to be used independantly of a DSO object) and ++ * a filename to transform. They should either return NULL (if there is an ++ * error condition) or a newly allocated string containing the transformed ++ * form that the caller will need to free with OPENSSL_free() when done. ++ */ ++typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); ++/* ++ * The function prototype used for method functions (or caller-provided ++ * callbacks) that merge two file specifications. They are passed a DSO ++ * structure pointer (or NULL if they are to be used independantly of a DSO ++ * object) and two file specifications to merge. They should either return ++ * NULL (if there is an error condition) or a newly allocated string ++ * containing the result of merging that the caller will need to free with ++ * OPENSSL_free() when done. Here, merging means that bits and pieces are ++ * taken from each of the file specifications and added together in whatever ++ * fashion that is sensible for the DSO method in question. The only rule ++ * that really applies is that if the two specification contain pieces of the ++ * same type, the copy from the first string takes priority. One could see ++ * it as the first specification is the one given by the user and the second ++ * being a bunch of defaults to add on if they're missing in the first. ++ */ ++typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); ++ ++typedef struct dso_meth_st { ++ const char *name; ++ /* ++ * Loads a shared library, NB: new DSO_METHODs must ensure that a ++ * successful load populates the loaded_filename field, and likewise a ++ * successful unload OPENSSL_frees and NULLs it out. ++ */ ++ int (*dso_load) (DSO *dso); ++ /* Unloads a shared library */ ++ int (*dso_unload) (DSO *dso); ++ /* Binds a variable */ ++ void *(*dso_bind_var) (DSO *dso, const char *symname); ++ /* ++ * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should ++ * be cast to the real function prototype by the caller. Platforms that ++ * don't have compatible representations for different prototypes (this ++ * is possible within ANSI C) are highly unlikely to have shared ++ * libraries at all, let alone a DSO_METHOD implemented for them. ++ */ ++ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); + /* I don't think this would actually be used in any circumstances. */ +-#if 0 +- /* Unbinds a variable */ +- int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr); +- /* Unbinds a function */ +- int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); +-#endif +- /* The generic (yuck) "ctrl()" function. NB: Negative return +- * values (rather than zero) indicate errors. */ +- long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); +- /* The default DSO_METHOD-specific function for converting filenames to +- * a canonical native form. */ +- DSO_NAME_CONVERTER_FUNC dso_name_converter; +- /* The default DSO_METHOD-specific function for converting filenames to +- * a canonical native form. */ +- DSO_MERGER_FUNC dso_merger; +- +- /* [De]Initialisation handlers. */ +- int (*init)(DSO *dso); +- int (*finish)(DSO *dso); +- } DSO_METHOD; ++# if 0 ++ /* Unbinds a variable */ ++ int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); ++ /* Unbinds a function */ ++ int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++# endif ++ /* ++ * The generic (yuck) "ctrl()" function. NB: Negative return values ++ * (rather than zero) indicate errors. ++ */ ++ long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); ++ /* ++ * The default DSO_METHOD-specific function for converting filenames to a ++ * canonical native form. ++ */ ++ DSO_NAME_CONVERTER_FUNC dso_name_converter; ++ /* ++ * The default DSO_METHOD-specific function for converting filenames to a ++ * canonical native form. ++ */ ++ DSO_MERGER_FUNC dso_merger; ++ /* [De]Initialisation handlers. */ ++ int (*init) (DSO *dso); ++ int (*finish) (DSO *dso); ++} DSO_METHOD; + + /**********************************************************************/ + /* The low-level handle type used to refer to a loaded shared library */ + +-struct dso_st +- { +- DSO_METHOD *meth; +- /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS +- * doesn't use anything but will need to cache the filename +- * for use in the dso_bind handler. All in all, let each +- * method control its own destiny. "Handles" and such go in +- * a STACK. */ +- STACK *meth_data; +- int references; +- int flags; +- /* For use by applications etc ... use this for your bits'n'pieces, +- * don't touch meth_data! */ +- CRYPTO_EX_DATA ex_data; +- /* If this callback function pointer is set to non-NULL, then it will +- * be used in DSO_load() in place of meth->dso_name_converter. NB: This +- * should normally set using DSO_set_name_converter(). */ +- DSO_NAME_CONVERTER_FUNC name_converter; +- /* If this callback function pointer is set to non-NULL, then it will +- * be used in DSO_load() in place of meth->dso_merger. NB: This +- * should normally set using DSO_set_merger(). */ +- DSO_MERGER_FUNC merger; +- /* This is populated with (a copy of) the platform-independant +- * filename used for this DSO. */ +- char *filename; +- /* This is populated with (a copy of) the translated filename by which +- * the DSO was actually loaded. It is NULL iff the DSO is not currently +- * loaded. NB: This is here because the filename translation process +- * may involve a callback being invoked more than once not only to +- * convert to a platform-specific form, but also to try different +- * filenames in the process of trying to perform a load. As such, this +- * variable can be used to indicate (a) whether this DSO structure +- * corresponds to a loaded library or not, and (b) the filename with +- * which it was actually loaded. */ +- char *loaded_filename; +- }; +- +- +-DSO * DSO_new(void); +-DSO * DSO_new_method(DSO_METHOD *method); +-int DSO_free(DSO *dso); +-int DSO_flags(DSO *dso); +-int DSO_up_ref(DSO *dso); +-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); +- +-/* This function sets the DSO's name_converter callback. If it is non-NULL, ++struct dso_st { ++ DSO_METHOD *meth; ++ /* ++ * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use ++ * anything but will need to cache the filename for use in the dso_bind ++ * handler. All in all, let each method control its own destiny. ++ * "Handles" and such go in a STACK. ++ */ ++ STACK *meth_data; ++ int references; ++ int flags; ++ /* ++ * For use by applications etc ... use this for your bits'n'pieces, don't ++ * touch meth_data! ++ */ ++ CRYPTO_EX_DATA ex_data; ++ /* ++ * If this callback function pointer is set to non-NULL, then it will be ++ * used in DSO_load() in place of meth->dso_name_converter. NB: This ++ * should normally set using DSO_set_name_converter(). ++ */ ++ DSO_NAME_CONVERTER_FUNC name_converter; ++ /* ++ * If this callback function pointer is set to non-NULL, then it will be ++ * used in DSO_load() in place of meth->dso_merger. NB: This should ++ * normally set using DSO_set_merger(). ++ */ ++ DSO_MERGER_FUNC merger; ++ /* ++ * This is populated with (a copy of) the platform-independant filename ++ * used for this DSO. ++ */ ++ char *filename; ++ /* ++ * This is populated with (a copy of) the translated filename by which ++ * the DSO was actually loaded. It is NULL iff the DSO is not currently ++ * loaded. NB: This is here because the filename translation process may ++ * involve a callback being invoked more than once not only to convert to ++ * a platform-specific form, but also to try different filenames in the ++ * process of trying to perform a load. As such, this variable can be ++ * used to indicate (a) whether this DSO structure corresponds to a ++ * loaded library or not, and (b) the filename with which it was actually ++ * loaded. ++ */ ++ char *loaded_filename; ++}; ++ ++DSO *DSO_new(void); ++DSO *DSO_new_method(DSO_METHOD *method); ++int DSO_free(DSO *dso); ++int DSO_flags(DSO *dso); ++int DSO_up_ref(DSO *dso); ++long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); ++ ++/* ++ * This function sets the DSO's name_converter callback. If it is non-NULL, + * then it will be used instead of the associated DSO_METHOD's function. If + * oldcb is non-NULL then it is set to the function pointer value being +- * replaced. Return value is non-zero for success. */ +-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, +- DSO_NAME_CONVERTER_FUNC *oldcb); +-/* These functions can be used to get/set the platform-independant filename +- * used for a DSO. NB: set will fail if the DSO is already loaded. */ ++ * replaced. Return value is non-zero for success. ++ */ ++int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, ++ DSO_NAME_CONVERTER_FUNC *oldcb); ++/* ++ * These functions can be used to get/set the platform-independant filename ++ * used for a DSO. NB: set will fail if the DSO is already loaded. ++ */ + const char *DSO_get_filename(DSO *dso); +-int DSO_set_filename(DSO *dso, const char *filename); +-/* This function will invoke the DSO's name_converter callback to translate a ++int DSO_set_filename(DSO *dso, const char *filename); ++/* ++ * This function will invoke the DSO's name_converter callback to translate a + * filename, or if the callback isn't set it will instead use the DSO_METHOD's + * converter. If "filename" is NULL, the "filename" in the DSO itself will be + * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is + * simply duplicated. NB: This function is usually called from within a +- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that +- * caller-created DSO_METHODs can do the same thing. A non-NULL return value +- * will need to be OPENSSL_free()'d. */ +-char *DSO_convert_filename(DSO *dso, const char *filename); +-/* This function will invoke the DSO's merger callback to merge two file ++ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so ++ * that caller-created DSO_METHODs can do the same thing. A non-NULL return ++ * value will need to be OPENSSL_free()'d. ++ */ ++char *DSO_convert_filename(DSO *dso, const char *filename); ++/* ++ * This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be +- * OPENSSL_free()'d. */ +-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); +-/* If the DSO is currently loaded, this returns the filename that it was loaded +- * under, otherwise it returns NULL. So it is also useful as a test as to +- * whether the DSO is currently loaded. NB: This will not necessarily return +- * the same value as DSO_convert_filename(dso, dso->filename), because the +- * DSO_METHOD's load function may have tried a variety of filenames (with ++ * OPENSSL_free()'d. ++ */ ++char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); ++/* ++ * If the DSO is currently loaded, this returns the filename that it was ++ * loaded under, otherwise it returns NULL. So it is also useful as a test as ++ * to whether the DSO is currently loaded. NB: This will not necessarily ++ * return the same value as DSO_convert_filename(dso, dso->filename), because ++ * the DSO_METHOD's load function may have tried a variety of filenames (with + * and/or without the aid of the converters) before settling on the one it +- * actually loaded. */ ++ * actually loaded. ++ */ + const char *DSO_get_loaded_filename(DSO *dso); + +-void DSO_set_default_method(DSO_METHOD *meth); ++void DSO_set_default_method(DSO_METHOD *meth); + DSO_METHOD *DSO_get_default_method(void); + DSO_METHOD *DSO_get_method(DSO *dso); + DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); + +-/* The all-singing all-dancing load function, you normally pass NULL +- * for the first and third parameters. Use DSO_up and DSO_free for +- * subsequent reference count handling. Any flags passed in will be set +- * in the constructed DSO after its init() function but before the +- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */ ++/* ++ * The all-singing all-dancing load function, you normally pass NULL for the ++ * first and third parameters. Use DSO_up and DSO_free for subsequent ++ * reference count handling. Any flags passed in will be set in the ++ * constructed DSO after its init() function but before the load operation. ++ * If 'dso' is non-NULL, 'flags' is ignored. ++ */ + DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); + + /* This function binds to a variable inside a shared library. */ +@@ -271,23 +304,31 @@ void *DSO_bind_var(DSO *dso, const char *symname); + /* This function binds to a function inside a shared library. */ + DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); + +-/* This method is the default, but will beg, borrow, or steal whatever +- * method should be the default on any particular platform (including +- * DSO_METH_null() if necessary). */ ++/* ++ * This method is the default, but will beg, borrow, or steal whatever method ++ * should be the default on any particular platform (including ++ * DSO_METH_null() if necessary). ++ */ + DSO_METHOD *DSO_METHOD_openssl(void); + +-/* This method is defined for all platforms - if a platform has no +- * DSO support then this will be the only method! */ ++/* ++ * This method is defined for all platforms - if a platform has no DSO ++ * support then this will be the only method! ++ */ + DSO_METHOD *DSO_METHOD_null(void); + +-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions +- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into +- * this method. If not, this method will return NULL. */ ++/* ++ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen, ++ * dlclose, dlsym, etc) will be used and incorporated into this method. If ++ * not, this method will return NULL. ++ */ + DSO_METHOD *DSO_METHOD_dlfcn(void); + +-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, +- * shl_unload, shl_findsym, etc) will be used and incorporated into +- * this method. If not, this method will return NULL. */ ++/* ++ * If DSO_DL is defined, the standard dl.h-style functions (shl_load, ++ * shl_unload, shl_findsym, etc) will be used and incorporated into this ++ * method. If not, this method will return NULL. ++ */ + DSO_METHOD *DSO_METHOD_dl(void); + + /* If WIN32 is defined, use DLLs. If not, return NULL. */ +@@ -297,7 +338,8 @@ DSO_METHOD *DSO_METHOD_win32(void); + DSO_METHOD *DSO_METHOD_vms(void); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_DSO_strings(void); +@@ -305,62 +347,62 @@ void ERR_load_DSO_strings(void); + /* Error codes for the DSO functions. */ + + /* Function codes. */ +-#define DSO_F_DLFCN_BIND_FUNC 100 +-#define DSO_F_DLFCN_BIND_VAR 101 +-#define DSO_F_DLFCN_LOAD 102 +-#define DSO_F_DLFCN_MERGER 130 +-#define DSO_F_DLFCN_NAME_CONVERTER 123 +-#define DSO_F_DLFCN_UNLOAD 103 +-#define DSO_F_DL_BIND_FUNC 104 +-#define DSO_F_DL_BIND_VAR 105 +-#define DSO_F_DL_LOAD 106 +-#define DSO_F_DL_MERGER 131 +-#define DSO_F_DL_NAME_CONVERTER 124 +-#define DSO_F_DL_UNLOAD 107 +-#define DSO_F_DSO_BIND_FUNC 108 +-#define DSO_F_DSO_BIND_VAR 109 +-#define DSO_F_DSO_CONVERT_FILENAME 126 +-#define DSO_F_DSO_CTRL 110 +-#define DSO_F_DSO_FREE 111 +-#define DSO_F_DSO_GET_FILENAME 127 +-#define DSO_F_DSO_GET_LOADED_FILENAME 128 +-#define DSO_F_DSO_LOAD 112 +-#define DSO_F_DSO_MERGE 132 +-#define DSO_F_DSO_NEW_METHOD 113 +-#define DSO_F_DSO_SET_FILENAME 129 +-#define DSO_F_DSO_SET_NAME_CONVERTER 122 +-#define DSO_F_DSO_UP_REF 114 +-#define DSO_F_VMS_BIND_SYM 115 +-#define DSO_F_VMS_LOAD 116 +-#define DSO_F_VMS_MERGER 133 +-#define DSO_F_VMS_UNLOAD 117 +-#define DSO_F_WIN32_BIND_FUNC 118 +-#define DSO_F_WIN32_BIND_VAR 119 +-#define DSO_F_WIN32_JOINER 135 +-#define DSO_F_WIN32_LOAD 120 +-#define DSO_F_WIN32_MERGER 134 +-#define DSO_F_WIN32_NAME_CONVERTER 125 +-#define DSO_F_WIN32_SPLITTER 136 +-#define DSO_F_WIN32_UNLOAD 121 ++# define DSO_F_DLFCN_BIND_FUNC 100 ++# define DSO_F_DLFCN_BIND_VAR 101 ++# define DSO_F_DLFCN_LOAD 102 ++# define DSO_F_DLFCN_MERGER 130 ++# define DSO_F_DLFCN_NAME_CONVERTER 123 ++# define DSO_F_DLFCN_UNLOAD 103 ++# define DSO_F_DL_BIND_FUNC 104 ++# define DSO_F_DL_BIND_VAR 105 ++# define DSO_F_DL_LOAD 106 ++# define DSO_F_DL_MERGER 131 ++# define DSO_F_DL_NAME_CONVERTER 124 ++# define DSO_F_DL_UNLOAD 107 ++# define DSO_F_DSO_BIND_FUNC 108 ++# define DSO_F_DSO_BIND_VAR 109 ++# define DSO_F_DSO_CONVERT_FILENAME 126 ++# define DSO_F_DSO_CTRL 110 ++# define DSO_F_DSO_FREE 111 ++# define DSO_F_DSO_GET_FILENAME 127 ++# define DSO_F_DSO_GET_LOADED_FILENAME 128 ++# define DSO_F_DSO_LOAD 112 ++# define DSO_F_DSO_MERGE 132 ++# define DSO_F_DSO_NEW_METHOD 113 ++# define DSO_F_DSO_SET_FILENAME 129 ++# define DSO_F_DSO_SET_NAME_CONVERTER 122 ++# define DSO_F_DSO_UP_REF 114 ++# define DSO_F_VMS_BIND_SYM 115 ++# define DSO_F_VMS_LOAD 116 ++# define DSO_F_VMS_MERGER 133 ++# define DSO_F_VMS_UNLOAD 117 ++# define DSO_F_WIN32_BIND_FUNC 118 ++# define DSO_F_WIN32_BIND_VAR 119 ++# define DSO_F_WIN32_JOINER 135 ++# define DSO_F_WIN32_LOAD 120 ++# define DSO_F_WIN32_MERGER 134 ++# define DSO_F_WIN32_NAME_CONVERTER 125 ++# define DSO_F_WIN32_SPLITTER 136 ++# define DSO_F_WIN32_UNLOAD 121 + + /* Reason codes. */ +-#define DSO_R_CTRL_FAILED 100 +-#define DSO_R_DSO_ALREADY_LOADED 110 +-#define DSO_R_EMPTY_FILE_STRUCTURE 113 +-#define DSO_R_FAILURE 114 +-#define DSO_R_FILENAME_TOO_BIG 101 +-#define DSO_R_FINISH_FAILED 102 +-#define DSO_R_INCORRECT_FILE_SYNTAX 115 +-#define DSO_R_LOAD_FAILED 103 +-#define DSO_R_NAME_TRANSLATION_FAILED 109 +-#define DSO_R_NO_FILENAME 111 +-#define DSO_R_NO_FILE_SPECIFICATION 116 +-#define DSO_R_NULL_HANDLE 104 +-#define DSO_R_SET_FILENAME_FAILED 112 +-#define DSO_R_STACK_ERROR 105 +-#define DSO_R_SYM_FAILURE 106 +-#define DSO_R_UNLOAD_FAILED 107 +-#define DSO_R_UNSUPPORTED 108 ++# define DSO_R_CTRL_FAILED 100 ++# define DSO_R_DSO_ALREADY_LOADED 110 ++# define DSO_R_EMPTY_FILE_STRUCTURE 113 ++# define DSO_R_FAILURE 114 ++# define DSO_R_FILENAME_TOO_BIG 101 ++# define DSO_R_FINISH_FAILED 102 ++# define DSO_R_INCORRECT_FILE_SYNTAX 115 ++# define DSO_R_LOAD_FAILED 103 ++# define DSO_R_NAME_TRANSLATION_FAILED 109 ++# define DSO_R_NO_FILENAME 111 ++# define DSO_R_NO_FILE_SPECIFICATION 116 ++# define DSO_R_NULL_HANDLE 104 ++# define DSO_R_SET_FILENAME_FAILED 112 ++# define DSO_R_STACK_ERROR 105 ++# define DSO_R_SYM_FAILURE 106 ++# define DSO_R_UNLOAD_FAILED 107 ++# define DSO_R_UNSUPPORTED 108 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h +index 697ff6e..7d6e6db 100644 +--- a/Cryptlib/Include/openssl/dtls1.h ++++ b/Cryptlib/Include/openssl/dtls1.h +@@ -1,7 +1,7 @@ + /* ssl/dtls1.h */ +-/* ++/* + * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ + /* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,209 +57,180 @@ + * + */ + +-#ifndef HEADER_DTLS1_H +-#define HEADER_DTLS1_H ++#ifndef HEADER_DTLS1_H ++# define HEADER_DTLS1_H + +-#include +-#include +-#ifdef OPENSSL_SYS_VMS +-#include +-#include +-#endif +-#ifdef OPENSSL_SYS_WIN32 ++# include ++# include ++# ifdef OPENSSL_SYS_VMS ++# include ++# include ++# endif ++# ifdef OPENSSL_SYS_WIN32 + /* Needed for struct timeval */ +-#include +-#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) +-#include +-#else +-#include +-#endif ++# include ++# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) ++# include ++# else ++# include ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-#define DTLS1_VERSION 0xFEFF +-#define DTLS1_BAD_VER 0x0100 ++# define DTLS1_VERSION 0xFEFF ++# define DTLS_MAX_VERSION DTLS1_VERSION ++ ++# define DTLS1_BAD_VER 0x0100 + +-#if 0 ++# if 0 + /* this alert description is not specified anywhere... */ +-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 +-#endif ++# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 ++# endif + + /* lengths of messages */ +-#define DTLS1_COOKIE_LENGTH 256 +- +-#define DTLS1_RT_HEADER_LENGTH 13 +- +-#define DTLS1_HM_HEADER_LENGTH 12 +- +-#define DTLS1_HM_BAD_FRAGMENT -2 +-#define DTLS1_HM_FRAGMENT_RETRY -3 +- +-#define DTLS1_CCS_HEADER_LENGTH 1 +- +-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE +-#define DTLS1_AL_HEADER_LENGTH 7 +-#else +-#define DTLS1_AL_HEADER_LENGTH 2 +-#endif +- +- +-typedef struct dtls1_bitmap_st +- { +- PQ_64BIT map; +- unsigned long length; /* sizeof the bitmap in bits */ +- PQ_64BIT max_seq_num; /* max record number seen so far */ +- } DTLS1_BITMAP; +- +-struct dtls1_retransmit_state +- { +- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ +- const EVP_MD *write_hash; /* used for mac generation */ +-#ifndef OPENSSL_NO_COMP +- COMP_CTX *compress; /* compression */ +-#else +- char *compress; +-#endif +- SSL_SESSION *session; +- unsigned short epoch; +- }; +- +-struct hm_header_st +- { +- unsigned char type; +- unsigned long msg_len; +- unsigned short seq; +- unsigned long frag_off; +- unsigned long frag_len; +- unsigned int is_ccs; +- struct dtls1_retransmit_state saved_retransmit_state; +- }; +- +-struct ccs_header_st +- { +- unsigned char type; +- unsigned short seq; +- }; +- +-struct dtls1_timeout_st +- { +- /* Number of read timeouts so far */ +- unsigned int read_timeouts; +- +- /* Number of write timeouts so far */ +- unsigned int write_timeouts; +- +- /* Number of alerts received so far */ +- unsigned int num_alerts; +- }; +- +-typedef struct record_pqueue_st +- { +- unsigned short epoch; +- pqueue q; +- } record_pqueue; +- +-typedef struct hm_fragment_st +- { +- struct hm_header_st msg_header; +- unsigned char *fragment; +- unsigned char *reassembly; +- } hm_fragment; +- +-typedef struct dtls1_state_st +- { +- unsigned int send_cookie; +- unsigned char cookie[DTLS1_COOKIE_LENGTH]; +- unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; +- unsigned int cookie_len; +- +- /* +- * The current data and handshake epoch. This is initially +- * undefined, and starts at zero once the initial handshake is +- * completed +- */ +- unsigned short r_epoch; +- unsigned short w_epoch; +- +- /* records being received in the current epoch */ +- DTLS1_BITMAP bitmap; +- +- /* renegotiation starts a new set of sequence numbers */ +- DTLS1_BITMAP next_bitmap; +- +- /* handshake message numbers */ +- unsigned short handshake_write_seq; +- unsigned short next_handshake_write_seq; +- +- unsigned short handshake_read_seq; +- +- /* save last sequence number for retransmissions */ +- unsigned char last_write_sequence[8]; +- +- /* Received handshake records (processed and unprocessed) */ +- record_pqueue unprocessed_rcds; +- record_pqueue processed_rcds; +- +- /* Buffered handshake messages */ +- pqueue buffered_messages; +- +- /* Buffered (sent) handshake records */ +- pqueue sent_messages; +- +- /* Buffered application records. +- * Only for records between CCS and Finished +- * to prevent either protocol violation or +- * unnecessary message loss. +- */ +- record_pqueue buffered_app_data; +- +- /* Is set when listening for new connections with dtls1_listen() */ +- unsigned int listen; +- +- unsigned int mtu; /* max DTLS packet size */ +- +- struct hm_header_st w_msg_hdr; +- struct hm_header_st r_msg_hdr; +- +- struct dtls1_timeout_st timeout; +- +- /* Indicates when the last handshake msg sent will timeout */ +- struct timeval next_timeout; +- +- /* Timeout duration */ +- unsigned short timeout_duration; +- +- /* storage for Alert/Handshake protocol data received but not +- * yet processed by ssl3_read_bytes: */ +- unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; +- unsigned int alert_fragment_len; +- unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; +- unsigned int handshake_fragment_len; +- +- unsigned int retransmitting; +- unsigned int change_cipher_spec_ok; +- +- } DTLS1_STATE; +- +-typedef struct dtls1_record_data_st +- { +- unsigned char *packet; +- unsigned int packet_length; +- SSL3_BUFFER rbuf; +- SSL3_RECORD rrec; +- } DTLS1_RECORD_DATA; +- ++# define DTLS1_COOKIE_LENGTH 256 ++ ++# define DTLS1_RT_HEADER_LENGTH 13 ++ ++# define DTLS1_HM_HEADER_LENGTH 12 ++ ++# define DTLS1_HM_BAD_FRAGMENT -2 ++# define DTLS1_HM_FRAGMENT_RETRY -3 ++ ++# define DTLS1_CCS_HEADER_LENGTH 1 ++ ++# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE ++# define DTLS1_AL_HEADER_LENGTH 7 ++# else ++# define DTLS1_AL_HEADER_LENGTH 2 ++# endif ++ ++typedef struct dtls1_bitmap_st { ++ PQ_64BIT map; ++ unsigned long length; /* sizeof the bitmap in bits */ ++ PQ_64BIT max_seq_num; /* max record number seen so far */ ++} DTLS1_BITMAP; ++ ++struct dtls1_retransmit_state { ++ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ ++ const EVP_MD *write_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP ++ COMP_CTX *compress; /* compression */ ++# else ++ char *compress; ++# endif ++ SSL_SESSION *session; ++ unsigned short epoch; ++}; ++ ++struct hm_header_st { ++ unsigned char type; ++ unsigned long msg_len; ++ unsigned short seq; ++ unsigned long frag_off; ++ unsigned long frag_len; ++ unsigned int is_ccs; ++ struct dtls1_retransmit_state saved_retransmit_state; ++}; ++ ++struct ccs_header_st { ++ unsigned char type; ++ unsigned short seq; ++}; ++ ++struct dtls1_timeout_st { ++ /* Number of read timeouts so far */ ++ unsigned int read_timeouts; ++ /* Number of write timeouts so far */ ++ unsigned int write_timeouts; ++ /* Number of alerts received so far */ ++ unsigned int num_alerts; ++}; ++ ++typedef struct record_pqueue_st { ++ unsigned short epoch; ++ pqueue q; ++} record_pqueue; ++ ++typedef struct hm_fragment_st { ++ struct hm_header_st msg_header; ++ unsigned char *fragment; ++ unsigned char *reassembly; ++} hm_fragment; ++ ++typedef struct dtls1_state_st { ++ unsigned int send_cookie; ++ unsigned char cookie[DTLS1_COOKIE_LENGTH]; ++ unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; ++ unsigned int cookie_len; ++ /* ++ * The current data and handshake epoch. This is initially ++ * undefined, and starts at zero once the initial handshake is ++ * completed ++ */ ++ unsigned short r_epoch; ++ unsigned short w_epoch; ++ /* records being received in the current epoch */ ++ DTLS1_BITMAP bitmap; ++ /* renegotiation starts a new set of sequence numbers */ ++ DTLS1_BITMAP next_bitmap; ++ /* handshake message numbers */ ++ unsigned short handshake_write_seq; ++ unsigned short next_handshake_write_seq; ++ unsigned short handshake_read_seq; ++ /* save last sequence number for retransmissions */ ++ unsigned char last_write_sequence[8]; ++ /* Received handshake records (processed and unprocessed) */ ++ record_pqueue unprocessed_rcds; ++ record_pqueue processed_rcds; ++ /* Buffered handshake messages */ ++ pqueue buffered_messages; ++ /* Buffered (sent) handshake records */ ++ pqueue sent_messages; ++ /* ++ * Buffered application records. Only for records between CCS and ++ * Finished to prevent either protocol violation or unnecessary message ++ * loss. ++ */ ++ record_pqueue buffered_app_data; ++ /* Is set when listening for new connections with dtls1_listen() */ ++ unsigned int listen; ++ unsigned int mtu; /* max DTLS packet size */ ++ struct hm_header_st w_msg_hdr; ++ struct hm_header_st r_msg_hdr; ++ struct dtls1_timeout_st timeout; ++ /* Indicates when the last handshake msg sent will timeout */ ++ struct timeval next_timeout; ++ /* Timeout duration */ ++ unsigned short timeout_duration; ++ /* ++ * storage for Alert/Handshake protocol data received but not yet ++ * processed by ssl3_read_bytes: ++ */ ++ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; ++ unsigned int alert_fragment_len; ++ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; ++ unsigned int handshake_fragment_len; ++ unsigned int retransmitting; ++ unsigned int change_cipher_spec_ok; ++} DTLS1_STATE; ++ ++typedef struct dtls1_record_data_st { ++ unsigned char *packet; ++ unsigned int packet_length; ++ SSL3_BUFFER rbuf; ++ SSL3_RECORD rrec; ++} DTLS1_RECORD_DATA; + + /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +-#define DTLS1_TMO_READ_COUNT 2 +-#define DTLS1_TMO_WRITE_COUNT 2 ++# define DTLS1_TMO_READ_COUNT 2 ++# define DTLS1_TMO_WRITE_COUNT 2 + +-#define DTLS1_TMO_ALERT_COUNT 12 ++# define DTLS1_TMO_ALERT_COUNT 12 + + #ifdef __cplusplus + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h +index 9da0b65..c9f2543 100644 +--- a/Cryptlib/Include/openssl/e_os2.h ++++ b/Cryptlib/Include/openssl/e_os2.h +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +56,7 @@ + #include + + #ifndef HEADER_E_OS2_H +-#define HEADER_E_OS2_H ++# define HEADER_E_OS2_H + + #ifdef __cplusplus + extern "C" { +@@ -68,210 +68,217 @@ extern "C" { + * However, if none is defined, Unix is assumed. + **/ + +-#define OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_UNIX + +-/* ----------------------- Macintosh, before MacOS X ----------------------- */ +-#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_MACINTOSH_CLASSIC +-#endif ++/* ---------------------- Macintosh, before MacOS X ----------------------- */ ++# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_MACINTOSH_CLASSIC ++# endif + +-/* ----------------------- NetWare ----------------------------------------- */ +-#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_NETWARE +-#endif ++/* ---------------------- NetWare ----------------------------------------- */ ++# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_NETWARE ++# endif + +-/* ---------------------- Microsoft operating systems ---------------------- */ ++/* --------------------- Microsoft operating systems ---------------------- */ + +-/* Note that MSDOS actually denotes 32-bit environments running on top of +- MS-DOS, such as DJGPP one. */ +-#if defined(OPENSSL_SYSNAME_MSDOS) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_MSDOS +-#endif ++/* ++ * Note that MSDOS actually denotes 32-bit environments running on top of ++ * MS-DOS, such as DJGPP one. ++ */ ++# if defined(OPENSSL_SYSNAME_MSDOS) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_MSDOS ++# endif + +-/* For 32 bit environment, there seems to be the CygWin environment and then +- all the others that try to do the same thing Microsoft does... */ +-#if defined(OPENSSL_SYSNAME_UWIN) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_WIN32_UWIN +-#else +-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) ++/* ++ * For 32 bit environment, there seems to be the CygWin environment and then ++ * all the others that try to do the same thing Microsoft does... ++ */ ++# if defined(OPENSSL_SYSNAME_UWIN) + # undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_WIN32_CYGWIN ++# define OPENSSL_SYS_WIN32_UWIN + # else +-# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_WIN32 +-# endif +-# if defined(OPENSSL_SYSNAME_WINNT) ++# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) + # undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_WINNT +-# endif +-# if defined(OPENSSL_SYSNAME_WINCE) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_WINCE ++# define OPENSSL_SYS_WIN32_CYGWIN ++# else ++# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_WIN32 ++# endif ++# if defined(OPENSSL_SYSNAME_WINNT) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_WINNT ++# endif ++# if defined(OPENSSL_SYSNAME_WINCE) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_WINCE ++# endif + # endif + # endif +-#endif + + /* Anything that tries to look like Microsoft is "Windows" */ +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_WINDOWS +-# ifndef OPENSSL_SYS_MSDOS +-# define OPENSSL_SYS_MSDOS ++# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_WINDOWS ++# ifndef OPENSSL_SYS_MSDOS ++# define OPENSSL_SYS_MSDOS ++# endif + # endif +-#endif + +-/* DLL settings. This part is a bit tough, because it's up to the application +- implementor how he or she will link the application, so it requires some +- macro to be used. */ +-#ifdef OPENSSL_SYS_WINDOWS +-# ifndef OPENSSL_OPT_WINDLL +-# if defined(_WINDLL) /* This is used when building OpenSSL to indicate that +- DLL linkage should be used */ +-# define OPENSSL_OPT_WINDLL ++/* ++ * DLL settings. This part is a bit tough, because it's up to the ++ * application implementor how he or she will link the application, so it ++ * requires some macro to be used. ++ */ ++# ifdef OPENSSL_SYS_WINDOWS ++# ifndef OPENSSL_OPT_WINDLL ++# if defined(_WINDLL) /* This is used when building OpenSSL to ++ * indicate that DLL linkage should be used */ ++# define OPENSSL_OPT_WINDLL ++# endif + # endif + # endif +-#endif + +-/* -------------------------------- OpenVMS -------------------------------- */ +-#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_VMS +-# if defined(__DECC) +-# define OPENSSL_SYS_VMS_DECC +-# elif defined(__DECCXX) +-# define OPENSSL_SYS_VMS_DECC +-# define OPENSSL_SYS_VMS_DECCXX +-# else +-# define OPENSSL_SYS_VMS_NODECC ++/* ------------------------------- OpenVMS -------------------------------- */ ++# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_VMS ++# if defined(__DECC) ++# define OPENSSL_SYS_VMS_DECC ++# elif defined(__DECCXX) ++# define OPENSSL_SYS_VMS_DECC ++# define OPENSSL_SYS_VMS_DECCXX ++# else ++# define OPENSSL_SYS_VMS_NODECC ++# endif + # endif +-#endif + +-/* --------------------------------- OS/2 ---------------------------------- */ +-#if defined(__EMX__) || defined(__OS2__) +-# undef OPENSSL_SYS_UNIX +-# define OPENSSL_SYS_OS2 +-#endif +- +-/* --------------------------------- Unix ---------------------------------- */ +-#ifdef OPENSSL_SYS_UNIX +-# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) +-# define OPENSSL_SYS_LINUX +-# endif +-# ifdef OPENSSL_SYSNAME_MPE +-# define OPENSSL_SYS_MPE +-# endif +-# ifdef OPENSSL_SYSNAME_SNI +-# define OPENSSL_SYS_SNI +-# endif +-# ifdef OPENSSL_SYSNAME_ULTRASPARC +-# define OPENSSL_SYS_ULTRASPARC +-# endif +-# ifdef OPENSSL_SYSNAME_NEWS4 +-# define OPENSSL_SYS_NEWS4 +-# endif +-# ifdef OPENSSL_SYSNAME_MACOSX +-# define OPENSSL_SYS_MACOSX +-# endif +-# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY +-# define OPENSSL_SYS_MACOSX_RHAPSODY +-# define OPENSSL_SYS_MACOSX +-# endif +-# ifdef OPENSSL_SYSNAME_SUNOS +-# define OPENSSL_SYS_SUNOS +-#endif +-# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) +-# define OPENSSL_SYS_CRAY ++/* -------------------------------- OS/2 ---------------------------------- */ ++# if defined(__EMX__) || defined(__OS2__) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_OS2 + # endif +-# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) +-# define OPENSSL_SYS_AIX ++ ++/* -------------------------------- Unix ---------------------------------- */ ++# ifdef OPENSSL_SYS_UNIX ++# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) ++# define OPENSSL_SYS_LINUX ++# endif ++# ifdef OPENSSL_SYSNAME_MPE ++# define OPENSSL_SYS_MPE ++# endif ++# ifdef OPENSSL_SYSNAME_SNI ++# define OPENSSL_SYS_SNI ++# endif ++# ifdef OPENSSL_SYSNAME_ULTRASPARC ++# define OPENSSL_SYS_ULTRASPARC ++# endif ++# ifdef OPENSSL_SYSNAME_NEWS4 ++# define OPENSSL_SYS_NEWS4 ++# endif ++# ifdef OPENSSL_SYSNAME_MACOSX ++# define OPENSSL_SYS_MACOSX ++# endif ++# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY ++# define OPENSSL_SYS_MACOSX_RHAPSODY ++# define OPENSSL_SYS_MACOSX ++# endif ++# ifdef OPENSSL_SYSNAME_SUNOS ++# define OPENSSL_SYS_SUNOS ++# endif ++# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) ++# define OPENSSL_SYS_CRAY ++# endif ++# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) ++# define OPENSSL_SYS_AIX ++# endif + # endif +-#endif + +-/* --------------------------------- VOS ----------------------------------- */ +-#ifdef OPENSSL_SYSNAME_VOS +-# define OPENSSL_SYS_VOS +-#endif ++/* -------------------------------- VOS ----------------------------------- */ ++# ifdef OPENSSL_SYSNAME_VOS ++# define OPENSSL_SYS_VOS ++# endif + +-/* ------------------------------- VxWorks --------------------------------- */ +-#ifdef OPENSSL_SYSNAME_VXWORKS +-# define OPENSSL_SYS_VXWORKS +-#endif ++/* ------------------------------ VxWorks --------------------------------- */ ++# ifdef OPENSSL_SYSNAME_VXWORKS ++# define OPENSSL_SYS_VXWORKS ++# endif + + /** + * That's it for OS-specific stuff + *****************************************************************************/ + +- + /* Specials for I/O an exit */ +-#ifdef OPENSSL_SYS_MSDOS +-# define OPENSSL_UNISTD_IO +-# define OPENSSL_DECLARE_EXIT extern void exit(int); +-#else +-# define OPENSSL_UNISTD_IO OPENSSL_UNISTD +-# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ +-#endif +- +-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare +- certain global symbols that, with some compilers under VMS, have to be +- defined and declared explicitely with globaldef and globalref. +- Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare +- DLL exports and imports for compilers under Win32. These are a little +- more complicated to use. Basically, for any library that exports some +- global variables, the following code must be present in the header file +- that declares them, before OPENSSL_EXTERN is used: +- +- #ifdef SOME_BUILD_FLAG_MACRO +- # undef OPENSSL_EXTERN +- # define OPENSSL_EXTERN OPENSSL_EXPORT +- #endif +- +- The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL +- have some generally sensible values, and for OPENSSL_EXTERN to have the +- value OPENSSL_IMPORT. +-*/ ++# ifdef OPENSSL_SYS_MSDOS ++# define OPENSSL_UNISTD_IO ++# define OPENSSL_DECLARE_EXIT extern void exit(int); ++# else ++# define OPENSSL_UNISTD_IO OPENSSL_UNISTD ++# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */ ++# endif + +-#if defined(OPENSSL_SYS_VMS_NODECC) +-# define OPENSSL_EXPORT globalref +-# define OPENSSL_IMPORT globalref +-# define OPENSSL_GLOBAL globaldef +-#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) +-# define OPENSSL_EXPORT extern __declspec(dllexport) +-# define OPENSSL_IMPORT extern __declspec(dllimport) +-# define OPENSSL_GLOBAL +-#else +-# define OPENSSL_EXPORT extern +-# define OPENSSL_IMPORT extern +-# define OPENSSL_GLOBAL +-#endif +-#define OPENSSL_EXTERN OPENSSL_IMPORT ++/*- ++ * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare ++ * certain global symbols that, with some compilers under VMS, have to be ++ * defined and declared explicitely with globaldef and globalref. ++ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare ++ * DLL exports and imports for compilers under Win32. These are a little ++ * more complicated to use. Basically, for any library that exports some ++ * global variables, the following code must be present in the header file ++ * that declares them, before OPENSSL_EXTERN is used: ++ * ++ * #ifdef SOME_BUILD_FLAG_MACRO ++ * # undef OPENSSL_EXTERN ++ * # define OPENSSL_EXTERN OPENSSL_EXPORT ++ * #endif ++ * ++ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL ++ * have some generally sensible values, and for OPENSSL_EXTERN to have the ++ * value OPENSSL_IMPORT. ++ */ + +-/* Macros to allow global variables to be reached through function calls when +- required (if a shared library version requvres it, for example. +- The way it's done allows definitions like this: ++# if defined(OPENSSL_SYS_VMS_NODECC) ++# define OPENSSL_EXPORT globalref ++# define OPENSSL_IMPORT globalref ++# define OPENSSL_GLOBAL globaldef ++# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) ++# define OPENSSL_EXPORT extern __declspec(dllexport) ++# define OPENSSL_IMPORT extern __declspec(dllimport) ++# define OPENSSL_GLOBAL ++# else ++# define OPENSSL_EXPORT extern ++# define OPENSSL_IMPORT extern ++# define OPENSSL_GLOBAL ++# endif ++# define OPENSSL_EXTERN OPENSSL_IMPORT + +- // in foobar.c +- OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0; +- // in foobar.h +- OPENSSL_DECLARE_GLOBAL(int,foobar); +- #define foobar OPENSSL_GLOBAL_REF(foobar) +-*/ +-#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION +-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ +- extern type _hide_##name; \ +- type *_shadow_##name(void) { return &_hide_##name; } \ +- static type _hide_##name +-# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) +-# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) +-#else +-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name +-# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name +-# define OPENSSL_GLOBAL_REF(name) _shadow_##name +-#endif ++/*- ++ * Macros to allow global variables to be reached through function calls when ++ * required (if a shared library version requires it, for example. ++ * The way it's done allows definitions like this: ++ * ++ * // in foobar.c ++ * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0) ++ * // in foobar.h ++ * OPENSSL_DECLARE_GLOBAL(int,foobar); ++ * #define foobar OPENSSL_GLOBAL_REF(foobar) ++ */ ++# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION ++# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \ ++ extern type _hide_##name; \ ++ type *_shadow_##name(void) { return &_hide_##name; } \ ++ static type _hide_##name ++# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void) ++# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name())) ++# else ++# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name ++# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name ++# define OPENSSL_GLOBAL_REF(name) _shadow_##name ++# endif + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ebcdic.h b/Cryptlib/Include/openssl/ebcdic.h +index 6d65afc..fc72ecf 100644 +--- a/Cryptlib/Include/openssl/ebcdic.h ++++ b/Cryptlib/Include/openssl/ebcdic.h +@@ -1,15 +1,15 @@ + /* crypto/ebcdic.h */ + + #ifndef HEADER_EBCDIC_H +-#define HEADER_EBCDIC_H ++# define HEADER_EBCDIC_H + +-#include ++# include + + /* Avoid name clashes with other applications */ +-#define os_toascii _openssl_os_toascii +-#define os_toebcdic _openssl_os_toebcdic +-#define ebcdic2ascii _openssl_ebcdic2ascii +-#define ascii2ebcdic _openssl_ascii2ebcdic ++# define os_toascii _openssl_os_toascii ++# define os_toebcdic _openssl_os_toebcdic ++# define ebcdic2ascii _openssl_ebcdic2ascii ++# define ascii2ebcdic _openssl_ascii2ebcdic + + extern const unsigned char os_toascii[256]; + extern const unsigned char os_toebcdic[256]; +diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h +index 367307f..08adf1f 100644 +--- a/Cryptlib/Include/openssl/ec.h ++++ b/Cryptlib/Include/openssl/ec.h +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,81 +58,79 @@ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +- * Portions of the attached software ("Contribution") are developed by ++ * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * +- * The elliptic curve binary polynomial software is originally written by ++ * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + + #ifndef HEADER_EC_H +-#define HEADER_EC_H ++# define HEADER_EC_H + +-#include ++# include + +-#ifdef OPENSSL_NO_EC +-#error EC is disabled. +-#endif ++# ifdef OPENSSL_NO_EC ++# error EC is disabled. ++# endif + +-#include +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif ++# include ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif + +-#ifdef __cplusplus ++# ifdef __cplusplus + extern "C" { +-#elif defined(__SUNPRO_C) +-# if __SUNPRO_C >= 0x520 +-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) ++# elif defined(__SUNPRO_C) ++# if __SUNPRO_C >= 0x520 ++# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) ++# endif + # endif +-#endif +- + +-#ifndef OPENSSL_ECC_MAX_FIELD_BITS +-# define OPENSSL_ECC_MAX_FIELD_BITS 661 +-#endif ++# ifndef OPENSSL_ECC_MAX_FIELD_BITS ++# define OPENSSL_ECC_MAX_FIELD_BITS 661 ++# endif + + typedef enum { +- /* values as defined in X9.62 (ECDSA) and elsewhere */ +- POINT_CONVERSION_COMPRESSED = 2, +- POINT_CONVERSION_UNCOMPRESSED = 4, +- POINT_CONVERSION_HYBRID = 6 ++ /* values as defined in X9.62 (ECDSA) and elsewhere */ ++ POINT_CONVERSION_COMPRESSED = 2, ++ POINT_CONVERSION_UNCOMPRESSED = 4, ++ POINT_CONVERSION_HYBRID = 6 + } point_conversion_form_t; + +- + typedef struct ec_method_st EC_METHOD; + + typedef struct ec_group_st +- /* +- EC_METHOD *meth; +- -- field definition +- -- curve coefficients +- -- optional generator with associated information (order, cofactor) +- -- optional extra data (precomputed table for fast computation of multiples of generator) +- -- ASN1 stuff +- */ +- EC_GROUP; ++ /*- ++ EC_METHOD *meth; ++ -- field definition ++ -- curve coefficients ++ -- optional generator with associated information (order, cofactor) ++ -- optional extra data (precomputed table for fast computation of multiples of generator) ++ -- ASN1 stuff ++ */ ++ EC_GROUP; + + typedef struct ec_point_st EC_POINT; + +- +-/* EC_METHODs for curves over GF(p). +- * EC_GFp_simple_method provides the basis for the optimized methods. ++/* ++ * EC_METHODs for curves over GF(p). EC_GFp_simple_method provides the basis ++ * for the optimized methods. + */ + const EC_METHOD *EC_GFp_simple_method(void); + const EC_METHOD *EC_GFp_mont_method(void); + const EC_METHOD *EC_GFp_nist_method(void); + +-/* EC_METHOD for curves over GF(2^m). ++/* ++ * EC_METHOD for curves over GF(2^m). + */ + const EC_METHOD *EC_GF2m_simple_method(void); + +- + EC_GROUP *EC_GROUP_new(const EC_METHOD *); + void EC_GROUP_free(EC_GROUP *); + void EC_GROUP_clear_free(EC_GROUP *); +@@ -142,7 +140,8 @@ EC_GROUP *EC_GROUP_dup(const EC_GROUP *); + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); + int EC_METHOD_get_field_type(const EC_METHOD *); + +-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); ++int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, ++ const BIGNUM *order, const BIGNUM *cofactor); + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); + int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); + int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +@@ -160,43 +159,56 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); ++int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *); ++int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, ++ BN_CTX *); ++int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *); ++int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, ++ BN_CTX *); + + /* returns the number of bits needed to represent a field element */ + int EC_GROUP_get_degree(const EC_GROUP *); + + /* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */ + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the +- * elliptic curve is not zero, 0 otherwise */ ++/* ++ * EC_GROUP_check_discriminant() returns 1 if the discriminant of the ++ * elliptic curve is not zero, 0 otherwise ++ */ + int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *); + + /* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */ + int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *); + +-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() +- * after choosing an appropriate EC_METHOD */ +-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); ++/* ++ * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after ++ * choosing an appropriate EC_METHOD ++ */ ++EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *); ++EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *); + +-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure +- * specified by a curve name (in form of a NID) */ ++/* ++ * EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a ++ * curve name (in form of a NID) ++ */ + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + /* handling of internal curves */ +-typedef struct { +- int nid; +- const char *comment; +- } EC_builtin_curve; +-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number +- * of all available curves or zero if a error occurred. +- * In case r ist not zero nitems EC_builtin_curve structures +- * are filled with the data of the first nitems internal groups */ ++typedef struct { ++ int nid; ++ const char *comment; ++} EC_builtin_curve; ++/* ++ * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all ++ * available curves or zero if a error occurred. In case r ist not zero ++ * nitems EC_builtin_curve structures are filled with the data of the first ++ * nitems internal groups ++ */ + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +- + /* EC_POINT functions */ + + EC_POINT *EC_POINT_new(const EC_GROUP *); +@@ -204,101 +216,118 @@ void EC_POINT_free(EC_POINT *); + void EC_POINT_clear_free(EC_POINT *); + int EC_POINT_copy(EC_POINT *, const EC_POINT *); + EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *); +- ++ + const EC_METHOD *EC_POINT_method_of(const EC_POINT *); + + int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); +-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); ++ const BIGNUM *x, const BIGNUM *y, ++ const BIGNUM *z, BN_CTX *); ++int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, ++ const EC_POINT *, BIGNUM *x, ++ BIGNUM *y, BIGNUM *z, BN_CTX *); + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *); ++ const BIGNUM *x, const BIGNUM *y, ++ BN_CTX *); + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); ++ BIGNUM *x, BIGNUM *y, BN_CTX *); + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, BN_CTX *); ++ const BIGNUM *x, int y_bit, ++ BN_CTX *); + + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *); ++ const BIGNUM *x, const BIGNUM *y, ++ BN_CTX *); + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *, +- BIGNUM *x, BIGNUM *y, BN_CTX *); ++ BIGNUM *x, BIGNUM *y, BN_CTX *); + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *, +- const BIGNUM *x, int y_bit, BN_CTX *); ++ const BIGNUM *x, int y_bit, ++ BN_CTX *); + +-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *); +-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, +- const unsigned char *buf, size_t len, BN_CTX *); ++size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, ++ point_conversion_form_t form, unsigned char *buf, ++ size_t len, BN_CTX *); ++int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, const unsigned char *buf, ++ size_t len, BN_CTX *); + + /* other interfaces to point2oct/oct2point: */ + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, +- point_conversion_form_t form, BIGNUM *, BN_CTX *); ++ point_conversion_form_t form, BIGNUM *, BN_CTX *); + EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, +- EC_POINT *, BN_CTX *); ++ EC_POINT *, BN_CTX *); + char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, +- point_conversion_form_t form, BN_CTX *); ++ point_conversion_form_t form, BN_CTX *); + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, +- EC_POINT *, BN_CTX *); ++ EC_POINT *, BN_CTX *); + +-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); ++int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *); + int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); + int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); + + int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); + int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); ++int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, ++ BN_CTX *); + + int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +- ++int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], ++ BN_CTX *); + +-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); +-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); ++int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, ++ const EC_POINT *[], const BIGNUM *[], BN_CTX *); ++int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, ++ const EC_POINT *, const BIGNUM *, BN_CTX *); + +-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */ ++/* ++ * EC_GROUP_precompute_mult() stores multiples of generator for faster point ++ * multiplication ++ */ + int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */ ++/* ++ * EC_GROUP_have_precompute_mult() reports whether such precomputation has ++ * been done ++ */ + int EC_GROUP_have_precompute_mult(const EC_GROUP *); + +- +- + /* ASN1 stuff */ + +-/* EC_GROUP_get_basis_type() returns the NID of the basis type +- * used to represent the field elements */ ++/* ++ * EC_GROUP_get_basis_type() returns the NID of the basis type used to ++ * represent the field elements ++ */ + int EC_GROUP_get_basis_type(const EC_GROUP *); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +- unsigned int *k2, unsigned int *k3); ++int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, ++ unsigned int *k2, unsigned int *k3); + +-#define OPENSSL_EC_NAMED_CURVE 0x001 ++# define OPENSSL_EC_NAMED_CURVE 0x001 + + typedef struct ecpk_parameters_st ECPKPARAMETERS; + + EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ ++# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) ++# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) ++# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ +- (unsigned char *)(x)) ++# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ ++ (unsigned char *)(x)) + +-#ifndef OPENSSL_NO_BIO +-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +-#endif +-#ifndef OPENSSL_NO_FP_API +-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +-#endif ++# ifndef OPENSSL_NO_BIO ++int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); ++# endif ++# ifndef OPENSSL_NO_FP_API ++int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); ++# endif + + /* the EC_KEY stuff */ + typedef struct ec_key_st EC_KEY; + + /* some values for the encoding_flag */ +-#define EC_PKEY_NO_PARAMETERS 0x001 +-#define EC_PKEY_NO_PUBKEY 0x002 ++# define EC_PKEY_NO_PARAMETERS 0x001 ++# define EC_PKEY_NO_PUBKEY 0x002 + + EC_KEY *EC_KEY_new(void); + EC_KEY *EC_KEY_new_by_curve_name(int nid); +@@ -319,8 +348,10 @@ void EC_KEY_set_enc_flags(EC_KEY *, unsigned int); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *); + void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t); + /* functions to set/get method specific data */ +-void *EC_KEY_get_key_method_data(EC_KEY *, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); ++void *EC_KEY_get_key_method_data(EC_KEY *, ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)); + /** Sets the key method data of an EC_KEY object, if none has yet been set. + * \param key EC_KEY object + * \param data opaque data to install. +@@ -330,7 +361,9 @@ void *EC_KEY_get_key_method_data(EC_KEY *, + * \return the previously set data pointer, or NULL if |data| was inserted. + */ + void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)); + /* wrapper functions for the underlying EC_GROUP object */ + void EC_KEY_set_asn1_flag(EC_KEY *, int); + int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx); +@@ -346,32 +379,35 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out); + /* de- and encoding functions for EC parameters */ + EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len); + int i2d_ECParameters(EC_KEY *a, unsigned char **out); +-/* de- and encoding functions for EC public key +- * (octet string, not DER -- hence 'o2i' and 'i2o') */ ++/* ++ * de- and encoding functions for EC public key (octet string, not DER -- ++ * hence 'o2i' and 'i2o') ++ */ + EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len); + int i2o_ECPublicKey(EC_KEY *a, unsigned char **out); + +-#ifndef OPENSSL_NO_BIO +-int ECParameters_print(BIO *bp, const EC_KEY *x); +-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); +-#endif +-#ifndef OPENSSL_NO_FP_API +-int ECParameters_print_fp(FILE *fp, const EC_KEY *x); +-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); +-#endif ++# ifndef OPENSSL_NO_BIO ++int ECParameters_print(BIO *bp, const EC_KEY *x); ++int EC_KEY_print(BIO *bp, const EC_KEY *x, int off); ++# endif ++# ifndef OPENSSL_NO_FP_API ++int ECParameters_print_fp(FILE *fp, const EC_KEY *x); ++int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off); ++# endif + +-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) ++# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + +-#ifndef __cplusplus +-#if defined(__SUNPRO_C) +-# if __SUNPRO_C >= 0x520 +-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) ++# ifndef __cplusplus ++# if defined(__SUNPRO_C) ++# if __SUNPRO_C >= 0x520 ++# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) ++# endif + # endif + # endif +-#endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_EC_strings(void); +@@ -379,154 +415,154 @@ void ERR_load_EC_strings(void); + /* Error codes for the EC functions. */ + + /* Function codes. */ +-#define EC_F_COMPUTE_WNAF 143 +-#define EC_F_D2I_ECPARAMETERS 144 +-#define EC_F_D2I_ECPKPARAMETERS 145 +-#define EC_F_D2I_ECPRIVATEKEY 146 +-#define EC_F_ECPARAMETERS_PRINT 147 +-#define EC_F_ECPARAMETERS_PRINT_FP 148 +-#define EC_F_ECPKPARAMETERS_PRINT 149 +-#define EC_F_ECPKPARAMETERS_PRINT_FP 150 +-#define EC_F_ECP_NIST_MOD_192 203 +-#define EC_F_ECP_NIST_MOD_224 204 +-#define EC_F_ECP_NIST_MOD_256 205 +-#define EC_F_ECP_NIST_MOD_521 206 +-#define EC_F_EC_ASN1_GROUP2CURVE 153 +-#define EC_F_EC_ASN1_GROUP2FIELDID 154 +-#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +-#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +-#define EC_F_EC_EX_DATA_SET_DATA 211 +-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +-#define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +-#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +-#define EC_F_EC_GFP_MONT_FIELD_MUL 131 +-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +-#define EC_F_EC_GFP_MONT_FIELD_SQR 132 +-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +-#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +-#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 +-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 +-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +-#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +-#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +-#define EC_F_EC_GROUP_CHECK 170 +-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +-#define EC_F_EC_GROUP_COPY 106 +-#define EC_F_EC_GROUP_GET0_GENERATOR 139 +-#define EC_F_EC_GROUP_GET_COFACTOR 140 +-#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +-#define EC_F_EC_GROUP_GET_CURVE_GFP 130 +-#define EC_F_EC_GROUP_GET_DEGREE 173 +-#define EC_F_EC_GROUP_GET_ORDER 141 +-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +-#define EC_F_EC_GROUP_NEW 108 +-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +-#define EC_F_EC_GROUP_NEW_FROM_DATA 175 +-#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +-#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +-#define EC_F_EC_GROUP_SET_CURVE_GFP 109 +-#define EC_F_EC_GROUP_SET_EXTRA_DATA 110 +-#define EC_F_EC_GROUP_SET_GENERATOR 111 +-#define EC_F_EC_KEY_CHECK_KEY 177 +-#define EC_F_EC_KEY_COPY 178 +-#define EC_F_EC_KEY_GENERATE_KEY 179 +-#define EC_F_EC_KEY_NEW 182 +-#define EC_F_EC_KEY_PRINT 180 +-#define EC_F_EC_KEY_PRINT_FP 181 +-#define EC_F_EC_POINTS_MAKE_AFFINE 136 +-#define EC_F_EC_POINTS_MUL 138 +-#define EC_F_EC_POINT_ADD 112 +-#define EC_F_EC_POINT_CMP 113 +-#define EC_F_EC_POINT_COPY 114 +-#define EC_F_EC_POINT_DBL 115 +-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +-#define EC_F_EC_POINT_INVERT 210 +-#define EC_F_EC_POINT_IS_AT_INFINITY 118 +-#define EC_F_EC_POINT_IS_ON_CURVE 119 +-#define EC_F_EC_POINT_MAKE_AFFINE 120 +-#define EC_F_EC_POINT_MUL 184 +-#define EC_F_EC_POINT_NEW 121 +-#define EC_F_EC_POINT_OCT2POINT 122 +-#define EC_F_EC_POINT_POINT2OCT 123 +-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +-#define EC_F_EC_POINT_SET_TO_INFINITY 127 +-#define EC_F_EC_PRE_COMP_DUP 207 +-#define EC_F_EC_PRE_COMP_NEW 196 +-#define EC_F_EC_WNAF_MUL 187 +-#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +-#define EC_F_I2D_ECPARAMETERS 190 +-#define EC_F_I2D_ECPKPARAMETERS 191 +-#define EC_F_I2D_ECPRIVATEKEY 192 +-#define EC_F_I2O_ECPUBLICKEY 151 +-#define EC_F_O2I_ECPUBLICKEY 152 ++# define EC_F_COMPUTE_WNAF 143 ++# define EC_F_D2I_ECPARAMETERS 144 ++# define EC_F_D2I_ECPKPARAMETERS 145 ++# define EC_F_D2I_ECPRIVATEKEY 146 ++# define EC_F_ECPARAMETERS_PRINT 147 ++# define EC_F_ECPARAMETERS_PRINT_FP 148 ++# define EC_F_ECPKPARAMETERS_PRINT 149 ++# define EC_F_ECPKPARAMETERS_PRINT_FP 150 ++# define EC_F_ECP_NIST_MOD_192 203 ++# define EC_F_ECP_NIST_MOD_224 204 ++# define EC_F_ECP_NIST_MOD_256 205 ++# define EC_F_ECP_NIST_MOD_521 206 ++# define EC_F_EC_ASN1_GROUP2CURVE 153 ++# define EC_F_EC_ASN1_GROUP2FIELDID 154 ++# define EC_F_EC_ASN1_GROUP2PARAMETERS 155 ++# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 ++# define EC_F_EC_ASN1_PARAMETERS2GROUP 157 ++# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 ++# define EC_F_EC_EX_DATA_SET_DATA 211 ++# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 ++# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 ++# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 ++# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 ++# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 ++# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 ++# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 ++# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 ++# define EC_F_EC_GFP_MONT_FIELD_DECODE 133 ++# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 ++# define EC_F_EC_GFP_MONT_FIELD_MUL 131 ++# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 ++# define EC_F_EC_GFP_MONT_FIELD_SQR 132 ++# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 ++# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 ++# define EC_F_EC_GFP_NIST_FIELD_MUL 200 ++# define EC_F_EC_GFP_NIST_FIELD_SQR 201 ++# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 ++# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 ++# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 ++# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 ++# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 ++# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 ++# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 ++# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 ++# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 ++# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 ++# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 ++# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 ++# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 ++# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 ++# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 ++# define EC_F_EC_GROUP_CHECK 170 ++# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 ++# define EC_F_EC_GROUP_COPY 106 ++# define EC_F_EC_GROUP_GET0_GENERATOR 139 ++# define EC_F_EC_GROUP_GET_COFACTOR 140 ++# define EC_F_EC_GROUP_GET_CURVE_GF2M 172 ++# define EC_F_EC_GROUP_GET_CURVE_GFP 130 ++# define EC_F_EC_GROUP_GET_DEGREE 173 ++# define EC_F_EC_GROUP_GET_ORDER 141 ++# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 ++# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 ++# define EC_F_EC_GROUP_NEW 108 ++# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 ++# define EC_F_EC_GROUP_NEW_FROM_DATA 175 ++# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 ++# define EC_F_EC_GROUP_SET_CURVE_GF2M 176 ++# define EC_F_EC_GROUP_SET_CURVE_GFP 109 ++# define EC_F_EC_GROUP_SET_EXTRA_DATA 110 ++# define EC_F_EC_GROUP_SET_GENERATOR 111 ++# define EC_F_EC_KEY_CHECK_KEY 177 ++# define EC_F_EC_KEY_COPY 178 ++# define EC_F_EC_KEY_GENERATE_KEY 179 ++# define EC_F_EC_KEY_NEW 182 ++# define EC_F_EC_KEY_PRINT 180 ++# define EC_F_EC_KEY_PRINT_FP 181 ++# define EC_F_EC_POINTS_MAKE_AFFINE 136 ++# define EC_F_EC_POINTS_MUL 138 ++# define EC_F_EC_POINT_ADD 112 ++# define EC_F_EC_POINT_CMP 113 ++# define EC_F_EC_POINT_COPY 114 ++# define EC_F_EC_POINT_DBL 115 ++# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 ++# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 ++# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 ++# define EC_F_EC_POINT_INVERT 210 ++# define EC_F_EC_POINT_IS_AT_INFINITY 118 ++# define EC_F_EC_POINT_IS_ON_CURVE 119 ++# define EC_F_EC_POINT_MAKE_AFFINE 120 ++# define EC_F_EC_POINT_MUL 184 ++# define EC_F_EC_POINT_NEW 121 ++# define EC_F_EC_POINT_OCT2POINT 122 ++# define EC_F_EC_POINT_POINT2OCT 123 ++# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 ++# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 ++# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 ++# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 ++# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 ++# define EC_F_EC_POINT_SET_TO_INFINITY 127 ++# define EC_F_EC_PRE_COMP_DUP 207 ++# define EC_F_EC_PRE_COMP_NEW 196 ++# define EC_F_EC_WNAF_MUL 187 ++# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 ++# define EC_F_I2D_ECPARAMETERS 190 ++# define EC_F_I2D_ECPKPARAMETERS 191 ++# define EC_F_I2D_ECPRIVATEKEY 192 ++# define EC_F_I2O_ECPUBLICKEY 151 ++# define EC_F_O2I_ECPUBLICKEY 152 + + /* Reason codes. */ +-#define EC_R_ASN1_ERROR 115 +-#define EC_R_ASN1_UNKNOWN_FIELD 116 +-#define EC_R_BUFFER_TOO_SMALL 100 +-#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +-#define EC_R_DISCRIMINANT_IS_ZERO 118 +-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +-#define EC_R_FIELD_TOO_LARGE 138 +-#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +-#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +-#define EC_R_INCOMPATIBLE_OBJECTS 101 +-#define EC_R_INVALID_ARGUMENT 112 +-#define EC_R_INVALID_COMPRESSED_POINT 110 +-#define EC_R_INVALID_COMPRESSION_BIT 109 +-#define EC_R_INVALID_ENCODING 102 +-#define EC_R_INVALID_FIELD 103 +-#define EC_R_INVALID_FORM 104 +-#define EC_R_INVALID_GROUP_ORDER 122 +-#define EC_R_INVALID_PENTANOMIAL_BASIS 132 +-#define EC_R_INVALID_PRIVATE_KEY 123 +-#define EC_R_INVALID_TRINOMIAL_BASIS 137 +-#define EC_R_MISSING_PARAMETERS 124 +-#define EC_R_MISSING_PRIVATE_KEY 125 +-#define EC_R_NOT_A_NIST_PRIME 135 +-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +-#define EC_R_NOT_IMPLEMENTED 126 +-#define EC_R_NOT_INITIALIZED 111 +-#define EC_R_NO_FIELD_MOD 133 +-#define EC_R_PASSED_NULL_PARAMETER 134 +-#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +-#define EC_R_POINT_AT_INFINITY 106 +-#define EC_R_POINT_IS_NOT_ON_CURVE 107 +-#define EC_R_SLOT_FULL 108 +-#define EC_R_UNDEFINED_GENERATOR 113 +-#define EC_R_UNDEFINED_ORDER 128 +-#define EC_R_UNKNOWN_GROUP 129 +-#define EC_R_UNKNOWN_ORDER 114 +-#define EC_R_UNSUPPORTED_FIELD 131 +-#define EC_R_WRONG_ORDER 130 ++# define EC_R_ASN1_ERROR 115 ++# define EC_R_ASN1_UNKNOWN_FIELD 116 ++# define EC_R_BUFFER_TOO_SMALL 100 ++# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 ++# define EC_R_DISCRIMINANT_IS_ZERO 118 ++# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 ++# define EC_R_FIELD_TOO_LARGE 138 ++# define EC_R_GROUP2PKPARAMETERS_FAILURE 120 ++# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 ++# define EC_R_INCOMPATIBLE_OBJECTS 101 ++# define EC_R_INVALID_ARGUMENT 112 ++# define EC_R_INVALID_COMPRESSED_POINT 110 ++# define EC_R_INVALID_COMPRESSION_BIT 109 ++# define EC_R_INVALID_ENCODING 102 ++# define EC_R_INVALID_FIELD 103 ++# define EC_R_INVALID_FORM 104 ++# define EC_R_INVALID_GROUP_ORDER 122 ++# define EC_R_INVALID_PENTANOMIAL_BASIS 132 ++# define EC_R_INVALID_PRIVATE_KEY 123 ++# define EC_R_INVALID_TRINOMIAL_BASIS 137 ++# define EC_R_MISSING_PARAMETERS 124 ++# define EC_R_MISSING_PRIVATE_KEY 125 ++# define EC_R_NOT_A_NIST_PRIME 135 ++# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 ++# define EC_R_NOT_IMPLEMENTED 126 ++# define EC_R_NOT_INITIALIZED 111 ++# define EC_R_NO_FIELD_MOD 133 ++# define EC_R_PASSED_NULL_PARAMETER 134 ++# define EC_R_PKPARAMETERS2GROUP_FAILURE 127 ++# define EC_R_POINT_AT_INFINITY 106 ++# define EC_R_POINT_IS_NOT_ON_CURVE 107 ++# define EC_R_SLOT_FULL 108 ++# define EC_R_UNDEFINED_GENERATOR 113 ++# define EC_R_UNDEFINED_ORDER 128 ++# define EC_R_UNKNOWN_GROUP 129 ++# define EC_R_UNKNOWN_ORDER 114 ++# define EC_R_UNSUPPORTED_FIELD 131 ++# define EC_R_WRONG_ORDER 130 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ecdh.h b/Cryptlib/Include/openssl/ecdh.h +index b4b58ee..eb4047d 100644 +--- a/Cryptlib/Include/openssl/ecdh.h ++++ b/Cryptlib/Include/openssl/ecdh.h +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,19 +67,19 @@ + * + */ + #ifndef HEADER_ECDH_H +-#define HEADER_ECDH_H ++# define HEADER_ECDH_H + +-#include ++# include + +-#ifdef OPENSSL_NO_ECDH +-#error ECDH is disabled. +-#endif ++# ifdef OPENSSL_NO_ECDH ++# error ECDH is disabled. ++# endif + +-#include +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif ++# include ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -87,21 +87,23 @@ extern "C" { + + const ECDH_METHOD *ECDH_OpenSSL(void); + +-void ECDH_set_default_method(const ECDH_METHOD *); ++void ECDH_set_default_method(const ECDH_METHOD *); + const ECDH_METHOD *ECDH_get_default_method(void); +-int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); +- +-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, +- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); ++int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); + +-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new +- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +-void *ECDH_get_ex_data(EC_KEY *d, int idx); ++int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, ++ EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, ++ void *out, size_t *outlen)); + ++int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new ++ *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); ++void *ECDH_get_ex_data(EC_KEY *d, int idx); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_ECDH_strings(void); +@@ -109,13 +111,13 @@ void ERR_load_ECDH_strings(void); + /* Error codes for the ECDH functions. */ + + /* Function codes. */ +-#define ECDH_F_ECDH_COMPUTE_KEY 100 +-#define ECDH_F_ECDH_DATA_NEW_METHOD 101 ++# define ECDH_F_ECDH_COMPUTE_KEY 100 ++# define ECDH_F_ECDH_DATA_NEW_METHOD 101 + + /* Reason codes. */ +-#define ECDH_R_KDF_FAILED 102 +-#define ECDH_R_NO_PRIVATE_VALUE 100 +-#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 ++# define ECDH_R_KDF_FAILED 102 ++# define ECDH_R_NO_PRIVATE_VALUE 100 ++# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ecdsa.h b/Cryptlib/Include/openssl/ecdsa.h +index f20c8ee..48dd988 100644 +--- a/Cryptlib/Include/openssl/ecdsa.h ++++ b/Cryptlib/Include/openssl/ecdsa.h +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,29 +57,28 @@ + * + */ + #ifndef HEADER_ECDSA_H +-#define HEADER_ECDSA_H ++# define HEADER_ECDSA_H + +-#include ++# include + +-#ifdef OPENSSL_NO_ECDSA +-#error ECDSA is disabled. +-#endif ++# ifdef OPENSSL_NO_ECDSA ++# error ECDSA is disabled. ++# endif + +-#include +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif ++# include ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct ECDSA_SIG_st +- { +- BIGNUM *r; +- BIGNUM *s; +- } ECDSA_SIG; ++typedef struct ECDSA_SIG_st { ++ BIGNUM *r; ++ BIGNUM *s; ++} ECDSA_SIG; + + /** ECDSA_SIG *ECDSA_SIG_new(void) + * allocates and initialize a ECDSA_SIG structure +@@ -91,20 +90,20 @@ ECDSA_SIG *ECDSA_SIG_new(void); + * frees a ECDSA_SIG structure + * \param a pointer to the ECDSA_SIG structure + */ +-void ECDSA_SIG_free(ECDSA_SIG *a); ++void ECDSA_SIG_free(ECDSA_SIG *a); + + /** i2d_ECDSA_SIG + * DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param a pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL +- * \return the length of the DER encoded ECDSA_SIG object or 0 ++ * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +-int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); ++int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp); + + /** d2i_ECDSA_SIG + * decodes a DER encoded ECDSA signature (note: this function changes *pp +- * (*pp += len)). ++ * (*pp += len)). + * \param v pointer to ECDSA_SIG pointer (may be NULL) + * \param pp buffer with the DER encoded signature + * \param len bufferlength +@@ -120,7 +119,8 @@ ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len); + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL + */ +-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); ++ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, ++ EC_KEY *eckey); + + /** ECDSA_do_sign_ex + * computes ECDSA signature of a given hash value using the supplied +@@ -128,13 +128,14 @@ ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey); + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv optional pointer to a pre-computed inverse k +- * \param rp optional pointer to the pre-computed rp value (see ++ * \param rp optional pointer to the pre-computed rp value (see + * ECDSA_sign_setup + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL + */ +-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); ++ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, ++ const BIGNUM *kinv, const BIGNUM *rp, ++ EC_KEY *eckey); + + /** ECDSA_do_verify + * verifies that the supplied signature is a valid ECDSA +@@ -145,8 +146,8 @@ ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + * \param eckey pointer to the EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error + */ +-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY* eckey); ++int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey); + + const ECDSA_METHOD *ECDSA_OpenSSL(void); + +@@ -154,7 +155,7 @@ const ECDSA_METHOD *ECDSA_OpenSSL(void); + * sets the default ECDSA method + * \param meth the new default ECDSA_METHOD + */ +-void ECDSA_set_default_method(const ECDSA_METHOD *meth); ++void ECDSA_set_default_method(const ECDSA_METHOD *meth); + + /** ECDSA_get_default_method + * returns the default ECDSA method +@@ -166,27 +167,26 @@ const ECDSA_METHOD *ECDSA_get_default_method(void); + * sets method to be used for the ECDSA operations + * \param eckey pointer to the EC_KEY object + * \param meth pointer to the new method +- * \return 1 on success and 0 otherwise ++ * \return 1 on success and 0 otherwise + */ +-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); ++int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + + /** ECDSA_size + * returns the maximum length of the DER encoded signature + * \param eckey pointer to a EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +-int ECDSA_size(const EC_KEY *eckey); ++int ECDSA_size(const EC_KEY *eckey); + + /** ECDSA_sign_setup +- * precompute parts of the signing operation. ++ * precompute parts of the signing operation. + * \param eckey pointer to the EC_KEY object containing a private EC key + * \param ctx pointer to a BN_CTX object (may be NULL) + * \param kinv pointer to a BIGNUM pointer for the inverse of k + * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, +- BIGNUM **rp); ++int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + + /** ECDSA_sign + * computes ECDSA signature of a given hash value using the supplied +@@ -199,9 +199,8 @@ int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +-int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +- ++int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, ++ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + + /** ECDSA_sign_ex + * computes ECDSA signature of a given hash value using the supplied +@@ -212,38 +211,39 @@ int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv optional pointer to a pre-computed inverse k +- * \param rp optional pointer to the pre-computed rp value (see ++ * \param rp optional pointer to the pre-computed rp value (see + * ECDSA_sign_setup + * \param eckey pointer to the EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +- unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, +- const BIGNUM *rp, EC_KEY *eckey); ++int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, ++ unsigned char *sig, unsigned int *siglen, ++ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + + /** ECDSA_verify + * verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored +- * \param dgst pointer to the hash value ++ * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey pointer to the EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error + */ +-int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +- const unsigned char *sig, int siglen, EC_KEY *eckey); ++int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, ++ const unsigned char *sig, int siglen, EC_KEY *eckey); + + /* the standard ex_data functions */ +-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new +- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +-void *ECDSA_get_ex_data(EC_KEY *d, int idx); +- ++int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new ++ *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); ++void *ECDSA_get_ex_data(EC_KEY *d, int idx); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_ECDSA_strings(void); +@@ -251,19 +251,19 @@ void ERR_load_ECDSA_strings(void); + /* Error codes for the ECDSA functions. */ + + /* Function codes. */ +-#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 +-#define ECDSA_F_ECDSA_DO_SIGN 101 +-#define ECDSA_F_ECDSA_DO_VERIFY 102 +-#define ECDSA_F_ECDSA_SIGN_SETUP 103 ++# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 ++# define ECDSA_F_ECDSA_DO_SIGN 101 ++# define ECDSA_F_ECDSA_DO_VERIFY 102 ++# define ECDSA_F_ECDSA_SIGN_SETUP 103 + + /* Reason codes. */ +-#define ECDSA_R_BAD_SIGNATURE 100 +-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +-#define ECDSA_R_ERR_EC_LIB 102 +-#define ECDSA_R_MISSING_PARAMETERS 103 +-#define ECDSA_R_NEED_NEW_SETUP_VALUES 106 +-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +-#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 ++# define ECDSA_R_BAD_SIGNATURE 100 ++# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 ++# define ECDSA_R_ERR_EC_LIB 102 ++# define ECDSA_R_MISSING_PARAMETERS 103 ++# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 ++# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 ++# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h +index b4e0444..335b78f 100644 +--- a/Cryptlib/Include/openssl/engine.h ++++ b/Cryptlib/Include/openssl/engine.h +@@ -1,6 +1,7 @@ + /* openssl/engine.h */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,233 +58,285 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + + #ifndef HEADER_ENGINE_H +-#define HEADER_ENGINE_H +- +-#include +- +-#ifdef OPENSSL_NO_ENGINE +-#error ENGINE is disabled. +-#endif +- +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif +-#ifndef OPENSSL_NO_DSA +-#include +-#endif +-#ifndef OPENSSL_NO_DH +-#include +-#endif +-#ifndef OPENSSL_NO_ECDH +-#include +-#endif +-#ifndef OPENSSL_NO_ECDSA +-#include +-#endif +-#include +-#include +-#include +-#include +-#endif +- +-#include +- +-#include +-#include ++# define HEADER_ENGINE_H ++ ++# include ++ ++# ifdef OPENSSL_NO_ENGINE ++# error ENGINE is disabled. ++# endif ++ ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++# ifndef OPENSSL_NO_ECDH ++# include ++# endif ++# ifndef OPENSSL_NO_ECDSA ++# include ++# endif ++# include ++# include ++# include ++# include ++# endif ++ ++# include ++ ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* These flags are used to control combinations of algorithm (methods) +- * by bitwise "OR"ing. */ +-#define ENGINE_METHOD_RSA (unsigned int)0x0001 +-#define ENGINE_METHOD_DSA (unsigned int)0x0002 +-#define ENGINE_METHOD_DH (unsigned int)0x0004 +-#define ENGINE_METHOD_RAND (unsigned int)0x0008 +-#define ENGINE_METHOD_ECDH (unsigned int)0x0010 +-#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 +-#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +-#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +-#define ENGINE_METHOD_STORE (unsigned int)0x0100 ++/* ++ * These flags are used to control combinations of algorithm (methods) by ++ * bitwise "OR"ing. ++ */ ++# define ENGINE_METHOD_RSA (unsigned int)0x0001 ++# define ENGINE_METHOD_DSA (unsigned int)0x0002 ++# define ENGINE_METHOD_DH (unsigned int)0x0004 ++# define ENGINE_METHOD_RAND (unsigned int)0x0008 ++# define ENGINE_METHOD_ECDH (unsigned int)0x0010 ++# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 ++# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 ++# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 ++# define ENGINE_METHOD_STORE (unsigned int)0x0100 + /* Obvious all-or-nothing cases. */ +-#define ENGINE_METHOD_ALL (unsigned int)0xFFFF +-#define ENGINE_METHOD_NONE (unsigned int)0x0000 +- +-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used +- * internally to control registration of ENGINE implementations, and can be set +- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to +- * initialise registered ENGINEs if they are not already initialised. */ +-#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 ++# define ENGINE_METHOD_ALL (unsigned int)0xFFFF ++# define ENGINE_METHOD_NONE (unsigned int)0x0000 ++ ++/* ++ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used ++ * internally to control registration of ENGINE implementations, and can be ++ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to ++ * initialise registered ENGINEs if they are not already initialised. ++ */ ++# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 + + /* ENGINE flags that can be set by ENGINE_set_flags(). */ +-/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ +- +-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related +- * control commands on their own. Without this flag, ENGINE_ctrl() handles these +- * control commands on behalf of the ENGINE using their "cmd_defns" data. */ +-#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 +- +-/* This flag is for ENGINEs who return new duplicate structures when found via +- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() +- * commands are called in sequence as part of some stateful process like +- * key-generation setup and execution), it can set this flag - then each attempt +- * to obtain the ENGINE will result in it being copied into a new structure. +- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments +- * the existing ENGINE's structural reference count. */ +-#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 +- +-/* ENGINEs can support their own command types, and these flags are used in +- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each +- * command expects. Currently only numeric and string input is supported. If a +- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, +- * then it is regarded as an "internal" control command - and not for use in +- * config setting situations. As such, they're not available to the +- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to +- * this list of 'command types' should be reflected carefully in +- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ ++/* Not used */ ++/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ ++ ++/* ++ * This flag is for ENGINEs that wish to handle the various 'CMD'-related ++ * control commands on their own. Without this flag, ENGINE_ctrl() handles ++ * these control commands on behalf of the ENGINE using their "cmd_defns" ++ * data. ++ */ ++# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 ++ ++/* ++ * This flag is for ENGINEs who return new duplicate structures when found ++ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if ++ * ENGINE_ctrl() commands are called in sequence as part of some stateful ++ * process like key-generation setup and execution), it can set this flag - ++ * then each attempt to obtain the ENGINE will result in it being copied into ++ * a new structure. Normally, ENGINEs don't declare this flag so ++ * ENGINE_by_id() just increments the existing ENGINE's structural reference ++ * count. ++ */ ++# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 ++ ++/* ++ * ENGINEs can support their own command types, and these flags are used in ++ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input ++ * each command expects. Currently only numeric and string input is ++ * supported. If a control command supports none of the _NUMERIC, _STRING, or ++ * _NO_INPUT options, then it is regarded as an "internal" control command - ++ * and not for use in config setting situations. As such, they're not ++ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() ++ * access. Changes to this list of 'command types' should be reflected ++ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). ++ */ + + /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ +-#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to +- * ENGINE_ctrl) */ +-#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +-/* Indicates that the control command takes *no* input. Ie. the control command +- * is unparameterised. */ +-#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +-/* Indicates that the control command is internal. This control command won't ++# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 ++/* ++ * accepts string input (cast from 'void*' to 'const char *', 4th parameter ++ * to ENGINE_ctrl) ++ */ ++# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 ++/* ++ * Indicates that the control command takes *no* input. Ie. the control ++ * command is unparameterised. ++ */ ++# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 ++/* ++ * Indicates that the control command is internal. This control command won't + * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() +- * function. */ +-#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 +- +-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs +- * relying on these commands should compile conditional support for +- * compatibility (eg. if these symbols are defined) but should also migrate the +- * same functionality to their own ENGINE-specific control functions that can be +- * "discovered" by calling applications. The fact these control commands +- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the +- * fact that application code can find and use them without requiring per-ENGINE +- * hacking. */ +- +-/* These flags are used to tell the ctrl function what should be done. +- * All command numbers are shared between all engines, even if some don't +- * make sense to some engines. In such a case, they do nothing but return +- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ +-#define ENGINE_CTRL_SET_LOGSTREAM 1 +-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 +-#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any +- handles/connections etc. */ +-#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ +-#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used +- when calling the password +- callback and the user +- interface */ +-#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given +- a string that represents a +- file name or so */ +-#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given +- section in the already loaded +- configuration */ +- +-/* These control commands allow an application to deal with an arbitrary engine +- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE +- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, +- * including ENGINE-specific command types, return zero for an error. +- * +- * An ENGINE can choose to implement these ctrl functions, and can internally +- * manage things however it chooses - it does so by setting the +- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the +- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns +- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() +- * handler need only implement its own commands - the above "meta" commands will +- * be taken care of. */ +- +-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then +- * all the remaining control commands will return failure, so it is worth +- * checking this first if the caller is trying to "discover" the engine's +- * capabilities and doesn't want errors generated unnecessarily. */ +-#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 +-/* Returns a positive command number for the first command supported by the +- * engine. Returns zero if no ctrl commands are supported. */ +-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +-/* The 'long' argument specifies a command implemented by the engine, and the +- * return value is the next command supported, or zero if there are no more. */ +-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +-/* The 'void*' argument is a command name (cast from 'const char *'), and the +- * return value is the command that corresponds to it. */ +-#define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +-/* The next two allow a command to be converted into its corresponding string +- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN +- * case, the return value is the length of the command name (not counting a +- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer +- * large enough, and it will be populated with the name of the command (WITH a +- * trailing EOL). */ +-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +-#define ENGINE_CTRL_GET_NAME_FROM_CMD 15 ++ * function. ++ */ ++# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 ++ ++/* ++ * NB: These 3 control commands are deprecated and should not be used. ++ * ENGINEs relying on these commands should compile conditional support for ++ * compatibility (eg. if these symbols are defined) but should also migrate ++ * the same functionality to their own ENGINE-specific control functions that ++ * can be "discovered" by calling applications. The fact these control ++ * commands wouldn't be "executable" (ie. usable by text-based config) ++ * doesn't change the fact that application code can find and use them ++ * without requiring per-ENGINE hacking. ++ */ ++ ++/* ++ * These flags are used to tell the ctrl function what should be done. All ++ * command numbers are shared between all engines, even if some don't make ++ * sense to some engines. In such a case, they do nothing but return the ++ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. ++ */ ++# define ENGINE_CTRL_SET_LOGSTREAM 1 ++# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 ++# define ENGINE_CTRL_HUP 3/* Close and reinitialise ++ * any handles/connections ++ * etc. */ ++# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */ ++# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used ++ * when calling the password ++ * callback and the user ++ * interface */ ++# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration, ++ * given a string that ++ * represents a file name ++ * or so */ ++# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given ++ * section in the already ++ * loaded configuration */ ++ ++/* ++ * These control commands allow an application to deal with an arbitrary ++ * engine in a dynamic way. Warn: Negative return values indicate errors FOR ++ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other ++ * commands, including ENGINE-specific command types, return zero for an ++ * error. An ENGINE can choose to implement these ctrl functions, and can ++ * internally manage things however it chooses - it does so by setting the ++ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise ++ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the ++ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ++ * ctrl() handler need only implement its own commands - the above "meta" ++ * commands will be taken care of. ++ */ ++ ++/* ++ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", ++ * then all the remaining control commands will return failure, so it is ++ * worth checking this first if the caller is trying to "discover" the ++ * engine's capabilities and doesn't want errors generated unnecessarily. ++ */ ++# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 ++/* ++ * Returns a positive command number for the first command supported by the ++ * engine. Returns zero if no ctrl commands are supported. ++ */ ++# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 ++/* ++ * The 'long' argument specifies a command implemented by the engine, and the ++ * return value is the next command supported, or zero if there are no more. ++ */ ++# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 ++/* ++ * The 'void*' argument is a command name (cast from 'const char *'), and the ++ * return value is the command that corresponds to it. ++ */ ++# define ENGINE_CTRL_GET_CMD_FROM_NAME 13 ++/* ++ * The next two allow a command to be converted into its corresponding string ++ * form. In each case, the 'long' argument supplies the command. In the ++ * NAME_LEN case, the return value is the length of the command name (not ++ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a ++ * string buffer large enough, and it will be populated with the name of the ++ * command (WITH a trailing EOL). ++ */ ++# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 ++# define ENGINE_CTRL_GET_NAME_FROM_CMD 15 + /* The next two are similar but give a "short description" of a command. */ +-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +-#define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +-/* With this command, the return value is the OR'd combination of ++# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 ++# define ENGINE_CTRL_GET_DESC_FROM_CMD 17 ++/* ++ * With this command, the return value is the OR'd combination of + * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given +- * engine-specific ctrl command expects. */ +-#define ENGINE_CTRL_GET_CMD_FLAGS 18 ++ * engine-specific ctrl command expects. ++ */ ++# define ENGINE_CTRL_GET_CMD_FLAGS 18 + +-/* ENGINE implementations should start the numbering of their own control +- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ +-#define ENGINE_CMD_BASE 200 ++/* ++ * ENGINE implementations should start the numbering of their own control ++ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). ++ */ ++# define ENGINE_CMD_BASE 200 + +-/* NB: These 2 nCipher "chil" control commands are deprecated, and their ++/* ++ * NB: These 2 nCipher "chil" control commands are deprecated, and their + * functionality is now available through ENGINE-specific control commands + * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 +- * commands should be migrated to the more general command handling before these +- * are removed. */ ++ * commands should be migrated to the more general command handling before ++ * these are removed. ++ */ + + /* Flags specific to the nCipher "chil" engine */ +-#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 +- /* Depending on the value of the (long)i argument, this sets or +- * unsets the SimpleForkCheck flag in the CHIL API to enable or +- * disable checking and workarounds for applications that fork(). +- */ +-#define ENGINE_CTRL_CHIL_NO_LOCKING 101 +- /* This prevents the initialisation function from providing mutex +- * callbacks to the nCipher library. */ +- +-/* If an ENGINE supports its own specific control commands and wishes the +- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its +- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries +- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that +- * supports the stated commands (ie. the "cmd_num" entries as described by the +- * array). NB: The array must be ordered in increasing order of cmd_num. +- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set +- * to zero and/or cmd_name set to NULL. */ +-typedef struct ENGINE_CMD_DEFN_st +- { +- unsigned int cmd_num; /* The command number */ +- const char *cmd_name; /* The command name itself */ +- const char *cmd_desc; /* A short description of the command */ +- unsigned int cmd_flags; /* The input the command expects */ +- } ENGINE_CMD_DEFN; ++# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 ++ /* ++ * Depending on the value of the (long)i argument, this sets or ++ * unsets the SimpleForkCheck flag in the CHIL API to enable or ++ * disable checking and workarounds for applications that fork(). ++ */ ++# define ENGINE_CTRL_CHIL_NO_LOCKING 101 ++ /* ++ * This prevents the initialisation function from providing mutex ++ * callbacks to the nCipher library. ++ */ ++ ++/* ++ * If an ENGINE supports its own specific control commands and wishes the ++ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on ++ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN ++ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl() ++ * handler that supports the stated commands (ie. the "cmd_num" entries as ++ * described by the array). NB: The array must be ordered in increasing order ++ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element ++ * has cmd_num set to zero and/or cmd_name set to NULL. ++ */ ++typedef struct ENGINE_CMD_DEFN_st { ++ unsigned int cmd_num; /* The command number */ ++ const char *cmd_name; /* The command name itself */ ++ const char *cmd_desc; /* A short description of the command */ ++ unsigned int cmd_flags; /* The input the command expects */ ++} ENGINE_CMD_DEFN; + + /* Generic function pointer */ +-typedef int (*ENGINE_GEN_FUNC_PTR)(void); ++typedef int (*ENGINE_GEN_FUNC_PTR) (void); + /* Generic function pointer taking no arguments */ +-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); ++typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *); + /* Specific control function pointer */ +-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)); ++typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *, ++ void (*f) (void)); + /* Generic load_key function pointer */ +-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, +- UI_METHOD *ui_method, void *callback_data); +-typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, +- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, +- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); +-/* These callback types are for an ENGINE's handler for cipher and digest logic. ++typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, ++ UI_METHOD *ui_method, ++ void *callback_data); ++typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl, ++ STACK_OF(X509_NAME) *ca_dn, ++ X509 **pcert, EVP_PKEY **pkey, ++ STACK_OF(X509) **pother, ++ UI_METHOD *ui_method, ++ void *callback_data); ++/*- ++ * These callback types are for an ENGINE's handler for cipher and digest logic. + * These handlers have these prototypes; + * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); + * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); +@@ -293,20 +346,26 @@ typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + * If the framework wants a list of supported 'nid's, it will call; + * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) + */ +-/* Returns to a pointer to the array of supported cipher 'nid's. If the second +- * parameter is non-NULL it is set to the size of the returned array. */ +-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); +-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); +- +-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE +- * structures where the pointers have a "structural reference". This means that +- * their reference is to allowed access to the structure but it does not imply +- * that the structure is functional. To simply increment or decrement the +- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not +- * required when iterating using ENGINE_get_next as it will automatically +- * decrement the structural reference count of the "current" ENGINE and +- * increment the structural reference count of the ENGINE it returns (unless it +- * is NULL). */ ++/* ++ * Returns to a pointer to the array of supported cipher 'nid's. If the ++ * second parameter is non-NULL it is set to the size of the returned array. ++ */ ++typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **, ++ const int **, int); ++typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **, ++ int); ++ ++/* ++ * STRUCTURE functions ... all of these functions deal with pointers to ++ * ENGINE structures where the pointers have a "structural reference". This ++ * means that their reference is to allowed access to the structure but it ++ * does not imply that the structure is functional. To simply increment or ++ * decrement the structural reference count, use ENGINE_by_id and ++ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next ++ * as it will automatically decrement the structural reference count of the ++ * "current" ENGINE and increment the structural reference count of the ++ * ENGINE it returns (unless it is NULL). ++ */ + + /* Get the first/last "ENGINE" type available. */ + ENGINE *ENGINE_get_first(void); +@@ -323,40 +382,43 @@ ENGINE *ENGINE_by_id(const char *id); + /* Add all the built-in engines. */ + void ENGINE_load_openssl(void); + void ENGINE_load_dynamic(void); +-#ifndef OPENSSL_NO_STATIC_ENGINE ++# ifndef OPENSSL_NO_STATIC_ENGINE + void ENGINE_load_4758cca(void); + void ENGINE_load_aep(void); + void ENGINE_load_atalla(void); + void ENGINE_load_chil(void); + void ENGINE_load_cswift(void); +-#ifndef OPENSSL_NO_GMP ++# ifndef OPENSSL_NO_GMP + void ENGINE_load_gmp(void); +-#endif ++# endif + void ENGINE_load_nuron(void); + void ENGINE_load_sureware(void); + void ENGINE_load_ubsec(void); +-#ifdef OPENSSL_SYS_WIN32 +-#ifndef OPENSSL_NO_CAPIENG ++# ifdef OPENSSL_SYS_WIN32 ++# ifndef OPENSSL_NO_CAPIENG + void ENGINE_load_capi(void); +-#endif +-#endif +-#endif ++# endif ++# endif ++# endif + void ENGINE_load_cryptodev(void); + void ENGINE_load_padlock(void); + void ENGINE_load_builtin_engines(void); + +-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation +- * "registry" handling. */ ++/* ++ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation ++ * "registry" handling. ++ */ + unsigned int ENGINE_get_table_flags(void); + void ENGINE_set_table_flags(unsigned int flags); + +-/* Manage registration of ENGINEs per "table". For each type, there are 3 ++/*- Manage registration of ENGINEs per "table". For each type, there are 3 + * functions; + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list + * Cleanup is automatically registered from each table when required, so +- * ENGINE_cleanup() will reverse any "register" operations. */ ++ * ENGINE_cleanup() will reverse any "register" operations. ++ */ + + int ENGINE_register_RSA(ENGINE *e); + void ENGINE_unregister_RSA(ENGINE *e); +@@ -394,63 +456,77 @@ int ENGINE_register_digests(ENGINE *e); + void ENGINE_unregister_digests(ENGINE *e); + void ENGINE_register_all_digests(void); + +-/* These functions register all support from the above categories. Note, use of +- * these functions can result in static linkage of code your application may not +- * need. If you only need a subset of functionality, consider using more +- * selective initialisation. */ ++/* ++ * These functions register all support from the above categories. Note, use ++ * of these functions can result in static linkage of code your application ++ * may not need. If you only need a subset of functionality, consider using ++ * more selective initialisation. ++ */ + int ENGINE_register_complete(ENGINE *e); + int ENGINE_register_all_complete(void); + +-/* Send parametrised control commands to the engine. The possibilities to send +- * down an integer, a pointer to data or a function pointer are provided. Any of +- * the parameters may or may not be NULL, depending on the command number. In +- * actuality, this function only requires a structural (rather than functional) +- * reference to an engine, but many control commands may require the engine be +- * functional. The caller should be aware of trying commands that require an +- * operational ENGINE, and only use functional references in such situations. */ +-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +- +-/* This function tests if an ENGINE-specific command is usable as a "setting". +- * Eg. in an application's config file that gets processed through ++/* ++ * Send parametrised control commands to the engine. The possibilities to ++ * send down an integer, a pointer to data or a function pointer are ++ * provided. Any of the parameters may or may not be NULL, depending on the ++ * command number. In actuality, this function only requires a structural ++ * (rather than functional) reference to an engine, but many control commands ++ * may require the engine be functional. The caller should be aware of trying ++ * commands that require an operational ENGINE, and only use functional ++ * references in such situations. ++ */ ++int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); ++ ++/* ++ * This function tests if an ENGINE-specific command is usable as a ++ * "setting". Eg. in an application's config file that gets processed through + * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to +- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ ++ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). ++ */ + int ENGINE_cmd_is_executable(ENGINE *e, int cmd); + +-/* This function works like ENGINE_ctrl() with the exception of taking a +- * command name instead of a command number, and can handle optional commands. +- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to +- * use the cmd_name and cmd_optional. */ ++/* ++ * This function works like ENGINE_ctrl() with the exception of taking a ++ * command name instead of a command number, and can handle optional ++ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation ++ * on how to use the cmd_name and cmd_optional. ++ */ + int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +- long i, void *p, void (*f)(void), int cmd_optional); +- +-/* This function passes a command-name and argument to an ENGINE. The cmd_name +- * is converted to a command number and the control command is called using +- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in +- * which case no control command is called). The command is checked for input +- * flags, and if necessary the argument will be converted to a numeric value. If +- * cmd_optional is non-zero, then if the ENGINE doesn't support the given +- * cmd_name the return value will be success anyway. This function is intended +- * for applications to use so that users (or config files) can supply +- * engine-specific config data to the ENGINE at run-time to control behaviour of +- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() +- * functions that return data, deal with binary data, or that are otherwise +- * supposed to be used directly through ENGINE_ctrl() in application code. Any +- * "return" data from an ENGINE_ctrl() operation in this function will be lost - +- * the return value is interpreted as failure if the return value is zero, +- * success otherwise, and this function returns a boolean value as a result. In +- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE +- * implementations with parameterisations that work in this scheme, so that +- * compliant ENGINE-based applications can work consistently with the same +- * configuration for the same ENGINE-enabled devices, across applications. */ ++ long i, void *p, void (*f) (void), int cmd_optional); ++ ++/* ++ * This function passes a command-name and argument to an ENGINE. The ++ * cmd_name is converted to a command number and the control command is ++ * called using 'arg' as an argument (unless the ENGINE doesn't support such ++ * a command, in which case no control command is called). The command is ++ * checked for input flags, and if necessary the argument will be converted ++ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE ++ * doesn't support the given cmd_name the return value will be success ++ * anyway. This function is intended for applications to use so that users ++ * (or config files) can supply engine-specific config data to the ENGINE at ++ * run-time to control behaviour of specific engines. As such, it shouldn't ++ * be used for calling ENGINE_ctrl() functions that return data, deal with ++ * binary data, or that are otherwise supposed to be used directly through ++ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl() ++ * operation in this function will be lost - the return value is interpreted ++ * as failure if the return value is zero, success otherwise, and this ++ * function returns a boolean value as a result. In other words, vendors of ++ * 'ENGINE'-enabled devices should write ENGINE implementations with ++ * parameterisations that work in this scheme, so that compliant ENGINE-based ++ * applications can work consistently with the same configuration for the ++ * same ENGINE-enabled devices, across applications. ++ */ + int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +- int cmd_optional); +- +-/* These functions are useful for manufacturing new ENGINE structures. They +- * don't address reference counting at all - one uses them to populate an ENGINE +- * structure with personalised implementations of things prior to using it +- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also +- * here so that the ENGINE structure doesn't have to be exposed and break binary +- * compatibility! */ ++ int cmd_optional); ++ ++/* ++ * These functions are useful for manufacturing new ENGINE structures. They ++ * don't address reference counting at all - one uses them to populate an ++ * ENGINE structure with personalised implementations of things prior to ++ * using it directly or adding it to the builtin ENGINE list in OpenSSL. ++ * These are also here so that the ENGINE structure doesn't have to be ++ * exposed and break binary compatibility! ++ */ + ENGINE *ENGINE_new(void); + int ENGINE_free(ENGINE *e); + int ENGINE_up_ref(ENGINE *e); +@@ -467,30 +543,37 @@ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); + int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); + int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); + int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); ++int ENGINE_set_load_privkey_function(ENGINE *e, ++ ENGINE_LOAD_KEY_PTR loadpriv_f); + int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); + int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, +- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); ++ ENGINE_SSL_CLIENT_CERT_PTR ++ loadssl_f); + int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); + int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); + int ENGINE_set_flags(ENGINE *e, int flags); + int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); + /* These functions allow control over any per-structure ENGINE data. */ + int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); + int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); + void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function +- * automatically ensures the list cleanup function is registered to be called +- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure +- * ENGINE_cleanup() will clean up after them. */ ++/* ++ * This function cleans up anything that needs it. Eg. the ENGINE_add() ++ * function automatically ensures the list cleanup function is registered to ++ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_*** ++ * functions ensure ENGINE_cleanup() will clean up after them. ++ */ + void ENGINE_cleanup(void); + +-/* These return values from within the ENGINE structure. These can be useful ++/* ++ * These return values from within the ENGINE structure. These can be useful + * with functional references as well as structural references - it depends + * which you obtained. Using the result for functional purposes if you only +- * obtained a structural reference may be problematic! */ ++ * obtained a structural reference may be problematic! ++ */ + const char *ENGINE_get_id(const ENGINE *e); + const char *ENGINE_get_name(const ENGINE *e); + const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +@@ -506,7 +589,8 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); + ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); + ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); + ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ++ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE ++ *e); + ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); + ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); + const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +@@ -514,43 +598,52 @@ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); + const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); + int ENGINE_get_flags(const ENGINE *e); + +-/* FUNCTIONAL functions. These functions deal with ENGINE structures +- * that have (or will) be initialised for use. Broadly speaking, the +- * structural functions are useful for iterating the list of available +- * engine types, creating new engine types, and other "list" operations. +- * These functions actually deal with ENGINEs that are to be used. As +- * such these functions can fail (if applicable) when particular +- * engines are unavailable - eg. if a hardware accelerator is not +- * attached or not functioning correctly. Each ENGINE has 2 reference +- * counts; structural and functional. Every time a functional reference +- * is obtained or released, a corresponding structural reference is +- * automatically obtained or released too. */ +- +-/* Initialise a engine type for use (or up its reference count if it's +- * already in use). This will fail if the engine is not currently +- * operational and cannot initialise. */ ++/* ++ * FUNCTIONAL functions. These functions deal with ENGINE structures that ++ * have (or will) be initialised for use. Broadly speaking, the structural ++ * functions are useful for iterating the list of available engine types, ++ * creating new engine types, and other "list" operations. These functions ++ * actually deal with ENGINEs that are to be used. As such these functions ++ * can fail (if applicable) when particular engines are unavailable - eg. if ++ * a hardware accelerator is not attached or not functioning correctly. Each ++ * ENGINE has 2 reference counts; structural and functional. Every time a ++ * functional reference is obtained or released, a corresponding structural ++ * reference is automatically obtained or released too. ++ */ ++ ++/* ++ * Initialise a engine type for use (or up its reference count if it's ++ * already in use). This will fail if the engine is not currently operational ++ * and cannot initialise. ++ */ + int ENGINE_init(ENGINE *e); +-/* Free a functional reference to a engine type. This does not require +- * a corresponding call to ENGINE_free as it also releases a structural +- * reference. */ ++/* ++ * Free a functional reference to a engine type. This does not require a ++ * corresponding call to ENGINE_free as it also releases a structural ++ * reference. ++ */ + int ENGINE_finish(ENGINE *e); + +-/* The following functions handle keys that are stored in some secondary ++/* ++ * The following functions handle keys that are stored in some secondary + * location, handled by the engine. The storage may be on a card or +- * whatever. */ ++ * whatever. ++ */ + EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +- UI_METHOD *ui_method, void *callback_data); ++ UI_METHOD *ui_method, void *callback_data); + EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +- UI_METHOD *ui_method, void *callback_data); ++ UI_METHOD *ui_method, void *callback_data); + int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, +- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, +- STACK_OF(X509) **pother, +- UI_METHOD *ui_method, void *callback_data); +- +-/* This returns a pointer for the current ENGINE structure that +- * is (by default) performing any RSA operations. The value returned +- * is an incremented reference, so it should be free'd (ENGINE_finish) +- * before it is discarded. */ ++ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, ++ EVP_PKEY **ppkey, STACK_OF(X509) **pother, ++ UI_METHOD *ui_method, void *callback_data); ++ ++/* ++ * This returns a pointer for the current ENGINE structure that is (by ++ * default) performing any RSA operations. The value returned is an ++ * incremented reference, so it should be free'd (ENGINE_finish) before it is ++ * discarded. ++ */ + ENGINE *ENGINE_get_default_RSA(void); + /* Same for the other "methods" */ + ENGINE *ENGINE_get_default_DSA(void); +@@ -558,15 +651,19 @@ ENGINE *ENGINE_get_default_ECDH(void); + ENGINE *ENGINE_get_default_ECDSA(void); + ENGINE *ENGINE_get_default_DH(void); + ENGINE *ENGINE_get_default_RAND(void); +-/* These functions can be used to get a functional reference to perform +- * ciphering or digesting corresponding to "nid". */ ++/* ++ * These functions can be used to get a functional reference to perform ++ * ciphering or digesting corresponding to "nid". ++ */ + ENGINE *ENGINE_get_cipher_engine(int nid); + ENGINE *ENGINE_get_digest_engine(int nid); + +-/* This sets a new default ENGINE structure for performing RSA +- * operations. If the result is non-zero (success) then the ENGINE +- * structure will have had its reference count up'd so the caller +- * should still free their own reference 'e'. */ ++/* ++ * This sets a new default ENGINE structure for performing RSA operations. If ++ * the result is non-zero (success) then the ENGINE structure will have had ++ * its reference count up'd so the caller should still free their own ++ * reference 'e'. ++ */ + int ENGINE_set_default_RSA(ENGINE *e); + int ENGINE_set_default_string(ENGINE *e, const char *def_list); + /* Same for the other "methods" */ +@@ -578,11 +675,13 @@ int ENGINE_set_default_RAND(ENGINE *e); + int ENGINE_set_default_ciphers(ENGINE *e); + int ENGINE_set_default_digests(ENGINE *e); + +-/* The combination "set" - the flags are bitwise "OR"d from the ++/* ++ * The combination "set" - the flags are bitwise "OR"d from the + * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" + * function, this function can result in unnecessary static linkage. If your + * application requires only specific functionality, consider using more +- * selective functions. */ ++ * selective functions. ++ */ + int ENGINE_set_default(ENGINE *e, unsigned int flags); + + void ENGINE_add_conf_module(void); +@@ -595,122 +694,137 @@ void ENGINE_add_conf_module(void); + /**************************/ + + /* Binary/behaviour compatibility levels */ +-#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 +-/* Binary versions older than this are too old for us (whether we're a loader or +- * a loadee) */ +-#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 +- +-/* When compiling an ENGINE entirely as an external shared library, loadable by +- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure +- * type provides the calling application's (or library's) error functionality +- * and memory management function pointers to the loaded library. These should +- * be used/set in the loaded library code so that the loading application's +- * 'state' will be used/changed in all operations. The 'static_state' pointer +- * allows the loaded library to know if it shares the same static data as the +- * calling application (or library), and thus whether these callbacks need to be +- * set or not. */ +-typedef void *(*dyn_MEM_malloc_cb)(size_t); +-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); +-typedef void (*dyn_MEM_free_cb)(void *); ++# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 ++/* ++ * Binary versions older than this are too old for us (whether we're a loader ++ * or a loadee) ++ */ ++# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 ++ ++/* ++ * When compiling an ENGINE entirely as an external shared library, loadable ++ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' ++ * structure type provides the calling application's (or library's) error ++ * functionality and memory management function pointers to the loaded ++ * library. These should be used/set in the loaded library code so that the ++ * loading application's 'state' will be used/changed in all operations. The ++ * 'static_state' pointer allows the loaded library to know if it shares the ++ * same static data as the calling application (or library), and thus whether ++ * these callbacks need to be set or not. ++ */ ++typedef void *(*dyn_MEM_malloc_cb) (size_t); ++typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); ++typedef void (*dyn_MEM_free_cb) (void *); + typedef struct st_dynamic_MEM_fns { +- dyn_MEM_malloc_cb malloc_cb; +- dyn_MEM_realloc_cb realloc_cb; +- dyn_MEM_free_cb free_cb; +- } dynamic_MEM_fns; +-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use +- * these types so we (and any other dependant code) can simplify a bit?? */ +-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); +-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); +-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( +- const char *,int); +-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, +- const char *,int); +-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, +- const char *,int); ++ dyn_MEM_malloc_cb malloc_cb; ++ dyn_MEM_realloc_cb realloc_cb; ++ dyn_MEM_free_cb free_cb; ++} dynamic_MEM_fns; ++/* ++ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and ++ * use these types so we (and any other dependant code) can simplify a bit?? ++ */ ++typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); ++typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); ++typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, ++ int); ++typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, ++ const char *, int); ++typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, ++ const char *, int); + typedef struct st_dynamic_LOCK_fns { +- dyn_lock_locking_cb lock_locking_cb; +- dyn_lock_add_lock_cb lock_add_lock_cb; +- dyn_dynlock_create_cb dynlock_create_cb; +- dyn_dynlock_lock_cb dynlock_lock_cb; +- dyn_dynlock_destroy_cb dynlock_destroy_cb; +- } dynamic_LOCK_fns; ++ dyn_lock_locking_cb lock_locking_cb; ++ dyn_lock_add_lock_cb lock_add_lock_cb; ++ dyn_dynlock_create_cb dynlock_create_cb; ++ dyn_dynlock_lock_cb dynlock_lock_cb; ++ dyn_dynlock_destroy_cb dynlock_destroy_cb; ++} dynamic_LOCK_fns; + /* The top-level structure */ + typedef struct st_dynamic_fns { +- void *static_state; +- const ERR_FNS *err_fns; +- const CRYPTO_EX_DATA_IMPL *ex_data_fns; +- dynamic_MEM_fns mem_fns; +- dynamic_LOCK_fns lock_fns; +- } dynamic_fns; +- +-/* The version checking function should be of this prototype. NB: The +- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. +- * If this function returns zero, it indicates a (potential) version ++ void *static_state; ++ const ERR_FNS *err_fns; ++ const CRYPTO_EX_DATA_IMPL *ex_data_fns; ++ dynamic_MEM_fns mem_fns; ++ dynamic_LOCK_fns lock_fns; ++} dynamic_fns; ++ ++/* ++ * The version checking function should be of this prototype. NB: The ++ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading ++ * code. If this function returns zero, it indicates a (potential) version + * incompatibility and the loaded library doesn't believe it can proceed. + * Otherwise, the returned value is the (latest) version supported by the +- * loading library. The loader may still decide that the loaded code's version +- * is unsatisfactory and could veto the load. The function is expected to +- * be implemented with the symbol name "v_check", and a default implementation +- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ +-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); +-#define IMPLEMENT_DYNAMIC_CHECK_FN() \ +- OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ +- if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ +- return 0; } +- +-/* This function is passed the ENGINE structure to initialise with its own ++ * loading library. The loader may still decide that the loaded code's ++ * version is unsatisfactory and could veto the load. The function is ++ * expected to be implemented with the symbol name "v_check", and a default ++ * implementation can be fully instantiated with ++ * IMPLEMENT_DYNAMIC_CHECK_FN(). ++ */ ++typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); ++# define IMPLEMENT_DYNAMIC_CHECK_FN() \ ++ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ ++ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ ++ return 0; } ++ ++/* ++ * This function is passed the ENGINE structure to initialise with its own + * function and command settings. It should not adjust the structural or +- * functional reference counts. If this function returns zero, (a) the load will +- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the +- * structure, and (c) the shared library will be unloaded. So implementations +- * should do their own internal cleanup in failure circumstances otherwise they +- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that +- * the loader is looking for. If this is NULL, the shared library can choose to +- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared +- * library must initialise only an ENGINE matching the passed 'id'. The function +- * is expected to be implemented with the symbol name "bind_engine". A standard +- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where +- * the parameter 'fn' is a callback function that populates the ENGINE structure +- * and returns an int value (zero for failure). 'fn' should have prototype; +- * [static] int fn(ENGINE *e, const char *id); */ +-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, +- const dynamic_fns *fns); +-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ +- OPENSSL_EXPORT \ +- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ +- if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ +- if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ +- fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ +- return 0; \ +- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ +- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ +- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ +- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ +- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ +- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ +- return 0; \ +- if(!ERR_set_implementation(fns->err_fns)) return 0; \ +- skip_cbs: \ +- if(!fn(e,id)) return 0; \ +- return 1; } +- +-/* If the loading application (or library) and the loaded ENGINE library share +- * the same static data (eg. they're both dynamically linked to the same +- * libcrypto.so) we need a way to avoid trying to set system callbacks - this +- * would fail, and for the same reason that it's unnecessary to try. If the +- * loaded ENGINE has (or gets from through the loader) its own copy of the +- * libcrypto static data, we will need to set the callbacks. The easiest way to +- * detect this is to have a function that returns a pointer to some static data +- * and let the loading application and loaded ENGINE compare their respective +- * values. */ ++ * functional reference counts. If this function returns zero, (a) the load ++ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto ++ * the structure, and (c) the shared library will be unloaded. So ++ * implementations should do their own internal cleanup in failure ++ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL, ++ * represents the ENGINE id that the loader is looking for. If this is NULL, ++ * the shared library can choose to return failure or to initialise a ++ * 'default' ENGINE. If non-NULL, the shared library must initialise only an ++ * ENGINE matching the passed 'id'. The function is expected to be ++ * implemented with the symbol name "bind_engine". A standard implementation ++ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter ++ * 'fn' is a callback function that populates the ENGINE structure and ++ * returns an int value (zero for failure). 'fn' should have prototype; ++ * [static] int fn(ENGINE *e, const char *id); ++ */ ++typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, ++ const dynamic_fns *fns); ++# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ ++ OPENSSL_EXPORT \ ++ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ ++ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ ++ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ ++ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ ++ return 0; \ ++ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ ++ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ ++ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ ++ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ ++ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ ++ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ ++ return 0; \ ++ if(!ERR_set_implementation(fns->err_fns)) return 0; \ ++ skip_cbs: \ ++ if(!fn(e,id)) return 0; \ ++ return 1; } ++ ++/* ++ * If the loading application (or library) and the loaded ENGINE library ++ * share the same static data (eg. they're both dynamically linked to the ++ * same libcrypto.so) we need a way to avoid trying to set system callbacks - ++ * this would fail, and for the same reason that it's unnecessary to try. If ++ * the loaded ENGINE has (or gets from through the loader) its own copy of ++ * the libcrypto static data, we will need to set the callbacks. The easiest ++ * way to detect this is to have a function that returns a pointer to some ++ * static data and let the loading application and loaded ENGINE compare ++ * their respective values. ++ */ + void *ENGINE_get_static_state(void); + +-#if defined(__OpenBSD__) || defined(__FreeBSD__) ++# if defined(__OpenBSD__) || defined(__FreeBSD__) + void ENGINE_setup_bsd_cryptodev(void); +-#endif ++# endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_ENGINE_strings(void); +@@ -718,85 +832,85 @@ void ERR_load_ENGINE_strings(void); + /* Error codes for the ENGINE functions. */ + + /* Function codes. */ +-#define ENGINE_F_DYNAMIC_CTRL 180 +-#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +-#define ENGINE_F_DYNAMIC_LOAD 182 +-#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +-#define ENGINE_F_ENGINE_ADD 105 +-#define ENGINE_F_ENGINE_BY_ID 106 +-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +-#define ENGINE_F_ENGINE_CTRL 142 +-#define ENGINE_F_ENGINE_CTRL_CMD 178 +-#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +-#define ENGINE_F_ENGINE_FINISH 107 +-#define ENGINE_F_ENGINE_FREE_UTIL 108 +-#define ENGINE_F_ENGINE_GET_CIPHER 185 +-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 +-#define ENGINE_F_ENGINE_GET_DIGEST 186 +-#define ENGINE_F_ENGINE_GET_NEXT 115 +-#define ENGINE_F_ENGINE_GET_PREV 116 +-#define ENGINE_F_ENGINE_INIT 119 +-#define ENGINE_F_ENGINE_LIST_ADD 120 +-#define ENGINE_F_ENGINE_LIST_REMOVE 121 +-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 +-#define ENGINE_F_ENGINE_NEW 122 +-#define ENGINE_F_ENGINE_REMOVE 123 +-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 +-#define ENGINE_F_ENGINE_SET_ID 129 +-#define ENGINE_F_ENGINE_SET_NAME 130 +-#define ENGINE_F_ENGINE_TABLE_REGISTER 184 +-#define ENGINE_F_ENGINE_UNLOAD_KEY 152 +-#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +-#define ENGINE_F_ENGINE_UP_REF 190 +-#define ENGINE_F_INT_CTRL_HELPER 172 +-#define ENGINE_F_INT_ENGINE_CONFIGURE 188 +-#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +-#define ENGINE_F_LOG_MESSAGE 141 ++# define ENGINE_F_DYNAMIC_CTRL 180 ++# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 ++# define ENGINE_F_DYNAMIC_LOAD 182 ++# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 ++# define ENGINE_F_ENGINE_ADD 105 ++# define ENGINE_F_ENGINE_BY_ID 106 ++# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 ++# define ENGINE_F_ENGINE_CTRL 142 ++# define ENGINE_F_ENGINE_CTRL_CMD 178 ++# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 ++# define ENGINE_F_ENGINE_FINISH 107 ++# define ENGINE_F_ENGINE_FREE_UTIL 108 ++# define ENGINE_F_ENGINE_GET_CIPHER 185 ++# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 ++# define ENGINE_F_ENGINE_GET_DIGEST 186 ++# define ENGINE_F_ENGINE_GET_NEXT 115 ++# define ENGINE_F_ENGINE_GET_PREV 116 ++# define ENGINE_F_ENGINE_INIT 119 ++# define ENGINE_F_ENGINE_LIST_ADD 120 ++# define ENGINE_F_ENGINE_LIST_REMOVE 121 ++# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 ++# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 ++# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192 ++# define ENGINE_F_ENGINE_NEW 122 ++# define ENGINE_F_ENGINE_REMOVE 123 ++# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 ++# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 ++# define ENGINE_F_ENGINE_SET_ID 129 ++# define ENGINE_F_ENGINE_SET_NAME 130 ++# define ENGINE_F_ENGINE_TABLE_REGISTER 184 ++# define ENGINE_F_ENGINE_UNLOAD_KEY 152 ++# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 ++# define ENGINE_F_ENGINE_UP_REF 190 ++# define ENGINE_F_INT_CTRL_HELPER 172 ++# define ENGINE_F_INT_ENGINE_CONFIGURE 188 ++# define ENGINE_F_INT_ENGINE_MODULE_INIT 187 ++# define ENGINE_F_LOG_MESSAGE 141 + + /* Reason codes. */ +-#define ENGINE_R_ALREADY_LOADED 100 +-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +-#define ENGINE_R_CMD_NOT_EXECUTABLE 134 +-#define ENGINE_R_COMMAND_TAKES_INPUT 135 +-#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +-#define ENGINE_R_CONFLICTING_ENGINE_ID 103 +-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +-#define ENGINE_R_DH_NOT_IMPLEMENTED 139 +-#define ENGINE_R_DSA_NOT_IMPLEMENTED 140 +-#define ENGINE_R_DSO_FAILURE 104 +-#define ENGINE_R_DSO_NOT_FOUND 132 +-#define ENGINE_R_ENGINES_SECTION_ERROR 148 +-#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 +-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +-#define ENGINE_R_ENGINE_SECTION_ERROR 149 +-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +-#define ENGINE_R_FINISH_FAILED 106 +-#define ENGINE_R_GET_HANDLE_FAILED 107 +-#define ENGINE_R_ID_OR_NAME_MISSING 108 +-#define ENGINE_R_INIT_FAILED 109 +-#define ENGINE_R_INTERNAL_LIST_ERROR 110 +-#define ENGINE_R_INVALID_ARGUMENT 143 +-#define ENGINE_R_INVALID_CMD_NAME 137 +-#define ENGINE_R_INVALID_CMD_NUMBER 138 +-#define ENGINE_R_INVALID_INIT_VALUE 151 +-#define ENGINE_R_INVALID_STRING 150 +-#define ENGINE_R_NOT_INITIALISED 117 +-#define ENGINE_R_NOT_LOADED 112 +-#define ENGINE_R_NO_CONTROL_FUNCTION 120 +-#define ENGINE_R_NO_INDEX 144 +-#define ENGINE_R_NO_LOAD_FUNCTION 125 +-#define ENGINE_R_NO_REFERENCE 130 +-#define ENGINE_R_NO_SUCH_ENGINE 116 +-#define ENGINE_R_NO_UNLOAD_FUNCTION 126 +-#define ENGINE_R_PROVIDE_PARAMETERS 113 +-#define ENGINE_R_RSA_NOT_IMPLEMENTED 141 +-#define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +-#define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +-#define ENGINE_R_VERSION_INCOMPATIBILITY 145 ++# define ENGINE_R_ALREADY_LOADED 100 ++# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 ++# define ENGINE_R_CMD_NOT_EXECUTABLE 134 ++# define ENGINE_R_COMMAND_TAKES_INPUT 135 ++# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 ++# define ENGINE_R_CONFLICTING_ENGINE_ID 103 ++# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 ++# define ENGINE_R_DH_NOT_IMPLEMENTED 139 ++# define ENGINE_R_DSA_NOT_IMPLEMENTED 140 ++# define ENGINE_R_DSO_FAILURE 104 ++# define ENGINE_R_DSO_NOT_FOUND 132 ++# define ENGINE_R_ENGINES_SECTION_ERROR 148 ++# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101 ++# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 ++# define ENGINE_R_ENGINE_SECTION_ERROR 149 ++# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 ++# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 ++# define ENGINE_R_FINISH_FAILED 106 ++# define ENGINE_R_GET_HANDLE_FAILED 107 ++# define ENGINE_R_ID_OR_NAME_MISSING 108 ++# define ENGINE_R_INIT_FAILED 109 ++# define ENGINE_R_INTERNAL_LIST_ERROR 110 ++# define ENGINE_R_INVALID_ARGUMENT 143 ++# define ENGINE_R_INVALID_CMD_NAME 137 ++# define ENGINE_R_INVALID_CMD_NUMBER 138 ++# define ENGINE_R_INVALID_INIT_VALUE 151 ++# define ENGINE_R_INVALID_STRING 150 ++# define ENGINE_R_NOT_INITIALISED 117 ++# define ENGINE_R_NOT_LOADED 112 ++# define ENGINE_R_NO_CONTROL_FUNCTION 120 ++# define ENGINE_R_NO_INDEX 144 ++# define ENGINE_R_NO_LOAD_FUNCTION 125 ++# define ENGINE_R_NO_REFERENCE 130 ++# define ENGINE_R_NO_SUCH_ENGINE 116 ++# define ENGINE_R_NO_UNLOAD_FUNCTION 126 ++# define ENGINE_R_PROVIDE_PARAMETERS 113 ++# define ENGINE_R_RSA_NOT_IMPLEMENTED 141 ++# define ENGINE_R_UNIMPLEMENTED_CIPHER 146 ++# define ENGINE_R_UNIMPLEMENTED_DIGEST 147 ++# define ENGINE_R_VERSION_INCOMPATIBILITY 145 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h +index 73d7733..2a2ecc8 100644 +--- a/Cryptlib/Include/openssl/err.h ++++ b/Cryptlib/Include/openssl/err.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,234 +57,233 @@ + */ + + #ifndef HEADER_ERR_H +-#define HEADER_ERR_H ++# define HEADER_ERR_H + +-#include ++# include + +-#ifndef OPENSSL_NO_FP_API +-#include +-#include +-#endif ++# ifndef OPENSSL_NO_FP_API ++# include ++# include ++# endif + +-#include +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#ifndef OPENSSL_NO_LHASH +-#include +-#endif ++# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# ifndef OPENSSL_NO_LHASH ++# include ++# endif + +-#ifdef __cplusplus ++#ifdef __cplusplus + extern "C" { + #endif + +-#ifndef OPENSSL_NO_ERR +-#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +-#else +-#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +-#endif ++# ifndef OPENSSL_NO_ERR ++# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) ++# else ++# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) ++# endif + +-#include ++# include + +-#define ERR_TXT_MALLOCED 0x01 +-#define ERR_TXT_STRING 0x02 ++# define ERR_TXT_MALLOCED 0x01 ++# define ERR_TXT_STRING 0x02 + +-#define ERR_FLAG_MARK 0x01 ++# define ERR_FLAG_MARK 0x01 + +-#define ERR_NUM_ERRORS 16 +-typedef struct err_state_st +- { +- unsigned long pid; +- int err_flags[ERR_NUM_ERRORS]; +- unsigned long err_buffer[ERR_NUM_ERRORS]; +- char *err_data[ERR_NUM_ERRORS]; +- int err_data_flags[ERR_NUM_ERRORS]; +- const char *err_file[ERR_NUM_ERRORS]; +- int err_line[ERR_NUM_ERRORS]; +- int top,bottom; +- } ERR_STATE; ++# define ERR_NUM_ERRORS 16 ++typedef struct err_state_st { ++ unsigned long pid; ++ int err_flags[ERR_NUM_ERRORS]; ++ unsigned long err_buffer[ERR_NUM_ERRORS]; ++ char *err_data[ERR_NUM_ERRORS]; ++ int err_data_flags[ERR_NUM_ERRORS]; ++ const char *err_file[ERR_NUM_ERRORS]; ++ int err_line[ERR_NUM_ERRORS]; ++ int top, bottom; ++} ERR_STATE; + + /* library */ +-#define ERR_LIB_NONE 1 +-#define ERR_LIB_SYS 2 +-#define ERR_LIB_BN 3 +-#define ERR_LIB_RSA 4 +-#define ERR_LIB_DH 5 +-#define ERR_LIB_EVP 6 +-#define ERR_LIB_BUF 7 +-#define ERR_LIB_OBJ 8 +-#define ERR_LIB_PEM 9 +-#define ERR_LIB_DSA 10 +-#define ERR_LIB_X509 11 ++# define ERR_LIB_NONE 1 ++# define ERR_LIB_SYS 2 ++# define ERR_LIB_BN 3 ++# define ERR_LIB_RSA 4 ++# define ERR_LIB_DH 5 ++# define ERR_LIB_EVP 6 ++# define ERR_LIB_BUF 7 ++# define ERR_LIB_OBJ 8 ++# define ERR_LIB_PEM 9 ++# define ERR_LIB_DSA 10 ++# define ERR_LIB_X509 11 + /* #define ERR_LIB_METH 12 */ +-#define ERR_LIB_ASN1 13 +-#define ERR_LIB_CONF 14 +-#define ERR_LIB_CRYPTO 15 +-#define ERR_LIB_EC 16 +-#define ERR_LIB_SSL 20 ++# define ERR_LIB_ASN1 13 ++# define ERR_LIB_CONF 14 ++# define ERR_LIB_CRYPTO 15 ++# define ERR_LIB_EC 16 ++# define ERR_LIB_SSL 20 + /* #define ERR_LIB_SSL23 21 */ + /* #define ERR_LIB_SSL2 22 */ + /* #define ERR_LIB_SSL3 23 */ + /* #define ERR_LIB_RSAREF 30 */ + /* #define ERR_LIB_PROXY 31 */ +-#define ERR_LIB_BIO 32 +-#define ERR_LIB_PKCS7 33 +-#define ERR_LIB_X509V3 34 +-#define ERR_LIB_PKCS12 35 +-#define ERR_LIB_RAND 36 +-#define ERR_LIB_DSO 37 +-#define ERR_LIB_ENGINE 38 +-#define ERR_LIB_OCSP 39 +-#define ERR_LIB_UI 40 +-#define ERR_LIB_COMP 41 +-#define ERR_LIB_ECDSA 42 +-#define ERR_LIB_ECDH 43 +-#define ERR_LIB_STORE 44 +-#define ERR_LIB_FIPS 45 +-#define ERR_LIB_CMS 46 +-#define ERR_LIB_JPAKE 47 +- +-#define ERR_LIB_USER 128 +- +-#define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) +-#define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) +-#define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) +-#define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) +-#define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) +-#define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) +-#define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) +-#define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) +-#define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) +-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) +-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) +-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) +-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) +-#define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) +-#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +-#define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) +-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) +-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) +-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) +-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) +-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) +-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) +-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) +-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) +-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) +-#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) +-#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +-#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) +-#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +-#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) +- +-/* Borland C seems too stupid to be able to shift and do longs in +- * the pre-processor :-( */ +-#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ +- ((((unsigned long)f)&0xfffL)*0x1000)| \ +- ((((unsigned long)r)&0xfffL))) +-#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) +-#define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) +-#define ERR_GET_REASON(l) (int)((l)&0xfffL) +-#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) +- ++# define ERR_LIB_BIO 32 ++# define ERR_LIB_PKCS7 33 ++# define ERR_LIB_X509V3 34 ++# define ERR_LIB_PKCS12 35 ++# define ERR_LIB_RAND 36 ++# define ERR_LIB_DSO 37 ++# define ERR_LIB_ENGINE 38 ++# define ERR_LIB_OCSP 39 ++# define ERR_LIB_UI 40 ++# define ERR_LIB_COMP 41 ++# define ERR_LIB_ECDSA 42 ++# define ERR_LIB_ECDH 43 ++# define ERR_LIB_STORE 44 ++# define ERR_LIB_FIPS 45 ++# define ERR_LIB_CMS 46 ++# define ERR_LIB_JPAKE 47 ++ ++# define ERR_LIB_USER 128 ++ ++# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) ++# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) ++# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) ++# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) ++# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) ++# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) ++# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) ++# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) ++# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) ++# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) ++# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) ++# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) ++# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) ++# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) ++# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) ++# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) ++# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) ++# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) ++# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) ++# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) ++# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) ++# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) ++# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) ++# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) ++# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) ++# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) ++# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) ++# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) ++# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) ++# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) ++# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) ++ ++/* ++ * Borland C seems too stupid to be able to shift and do longs in the ++ * pre-processor :-( ++ */ ++# define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ ++ ((((unsigned long)f)&0xfffL)*0x1000)| \ ++ ((((unsigned long)r)&0xfffL))) ++# define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) ++# define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) ++# define ERR_GET_REASON(l) (int)((l)&0xfffL) ++# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) + + /* OS functions */ +-#define SYS_F_FOPEN 1 +-#define SYS_F_CONNECT 2 +-#define SYS_F_GETSERVBYNAME 3 +-#define SYS_F_SOCKET 4 +-#define SYS_F_IOCTLSOCKET 5 +-#define SYS_F_BIND 6 +-#define SYS_F_LISTEN 7 +-#define SYS_F_ACCEPT 8 +-#define SYS_F_WSASTARTUP 9 /* Winsock stuff */ +-#define SYS_F_OPENDIR 10 +-#define SYS_F_FREAD 11 +- ++# define SYS_F_FOPEN 1 ++# define SYS_F_CONNECT 2 ++# define SYS_F_GETSERVBYNAME 3 ++# define SYS_F_SOCKET 4 ++# define SYS_F_IOCTLSOCKET 5 ++# define SYS_F_BIND 6 ++# define SYS_F_LISTEN 7 ++# define SYS_F_ACCEPT 8 ++# define SYS_F_WSASTARTUP 9/* Winsock stuff */ ++# define SYS_F_OPENDIR 10 ++# define SYS_F_FREAD 11 + + /* reasons */ +-#define ERR_R_SYS_LIB ERR_LIB_SYS /* 2 */ +-#define ERR_R_BN_LIB ERR_LIB_BN /* 3 */ +-#define ERR_R_RSA_LIB ERR_LIB_RSA /* 4 */ +-#define ERR_R_DH_LIB ERR_LIB_DH /* 5 */ +-#define ERR_R_EVP_LIB ERR_LIB_EVP /* 6 */ +-#define ERR_R_BUF_LIB ERR_LIB_BUF /* 7 */ +-#define ERR_R_OBJ_LIB ERR_LIB_OBJ /* 8 */ +-#define ERR_R_PEM_LIB ERR_LIB_PEM /* 9 */ +-#define ERR_R_DSA_LIB ERR_LIB_DSA /* 10 */ +-#define ERR_R_X509_LIB ERR_LIB_X509 /* 11 */ +-#define ERR_R_ASN1_LIB ERR_LIB_ASN1 /* 13 */ +-#define ERR_R_CONF_LIB ERR_LIB_CONF /* 14 */ +-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO /* 15 */ +-#define ERR_R_EC_LIB ERR_LIB_EC /* 16 */ +-#define ERR_R_SSL_LIB ERR_LIB_SSL /* 20 */ +-#define ERR_R_BIO_LIB ERR_LIB_BIO /* 32 */ +-#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 /* 33 */ +-#define ERR_R_X509V3_LIB ERR_LIB_X509V3 /* 34 */ +-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* 35 */ +-#define ERR_R_RAND_LIB ERR_LIB_RAND /* 36 */ +-#define ERR_R_DSO_LIB ERR_LIB_DSO /* 37 */ +-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE /* 38 */ +-#define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ +-#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ +-#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ +-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ +-#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +-#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ +- +-#define ERR_R_NESTED_ASN1_ERROR 58 +-#define ERR_R_BAD_ASN1_OBJECT_HEADER 59 +-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 +-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 +-#define ERR_R_ASN1_LENGTH_MISMATCH 62 +-#define ERR_R_MISSING_ASN1_EOS 63 ++# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ ++# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */ ++# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */ ++# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */ ++# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */ ++# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */ ++# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */ ++# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */ ++# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ ++# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ ++# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ ++# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */ ++# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */ ++# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ ++# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */ ++# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ ++# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ ++# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ ++# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */ ++# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */ ++# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */ ++# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ ++# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */ ++# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ ++# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */ ++# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ ++# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ ++# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ ++ ++# define ERR_R_NESTED_ASN1_ERROR 58 ++# define ERR_R_BAD_ASN1_OBJECT_HEADER 59 ++# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 ++# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 ++# define ERR_R_ASN1_LENGTH_MISMATCH 62 ++# define ERR_R_MISSING_ASN1_EOS 63 + + /* fatal error */ +-#define ERR_R_FATAL 64 +-#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +-#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +-#define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +-#define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +-#define ERR_R_DISABLED (5|ERR_R_FATAL) +- +-/* 99 is the maximum possible ERR_R_... code, higher values +- * are reserved for the individual libraries */ +- ++# define ERR_R_FATAL 64 ++# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) ++# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) ++# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) ++# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) ++# define ERR_R_DISABLED (5|ERR_R_FATAL) ++ ++/* ++ * 99 is the maximum possible ERR_R_... code, higher values are reserved for ++ * the individual libraries ++ */ + +-typedef struct ERR_string_data_st +- { +- unsigned long error; +- const char *string; +- } ERR_STRING_DATA; ++typedef struct ERR_string_data_st { ++ unsigned long error; ++ const char *string; ++} ERR_STRING_DATA; + +-void ERR_put_error(int lib, int func,int reason,const char *file,int line); +-void ERR_set_error_data(char *data,int flags); ++void ERR_put_error(int lib, int func, int reason, const char *file, int line); ++void ERR_set_error_data(char *data, int flags); + + unsigned long ERR_get_error(void); +-unsigned long ERR_get_error_line(const char **file,int *line); +-unsigned long ERR_get_error_line_data(const char **file,int *line, +- const char **data, int *flags); ++unsigned long ERR_get_error_line(const char **file, int *line); ++unsigned long ERR_get_error_line_data(const char **file, int *line, ++ const char **data, int *flags); + unsigned long ERR_peek_error(void); +-unsigned long ERR_peek_error_line(const char **file,int *line); +-unsigned long ERR_peek_error_line_data(const char **file,int *line, +- const char **data,int *flags); ++unsigned long ERR_peek_error_line(const char **file, int *line); ++unsigned long ERR_peek_error_line_data(const char **file, int *line, ++ const char **data, int *flags); + unsigned long ERR_peek_last_error(void); +-unsigned long ERR_peek_last_error_line(const char **file,int *line); +-unsigned long ERR_peek_last_error_line_data(const char **file,int *line, +- const char **data,int *flags); +-void ERR_clear_error(void ); +-char *ERR_error_string(unsigned long e,char *buf); ++unsigned long ERR_peek_last_error_line(const char **file, int *line); ++unsigned long ERR_peek_last_error_line_data(const char **file, int *line, ++ const char **data, int *flags); ++void ERR_clear_error(void); ++char *ERR_error_string(unsigned long e, char *buf); + void ERR_error_string_n(unsigned long e, char *buf, size_t len); + const char *ERR_lib_error_string(unsigned long e); + const char *ERR_func_error_string(unsigned long e); + const char *ERR_reason_error_string(unsigned long e); +-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), +- void *u); +-#ifndef OPENSSL_NO_FP_API ++void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), ++ void *u); ++# ifndef OPENSSL_NO_FP_API + void ERR_print_errors_fp(FILE *fp); +-#endif +-#ifndef OPENSSL_NO_BIO ++# endif ++# ifndef OPENSSL_NO_BIO + void ERR_print_errors(BIO *bp); + + /* Add EFIAPI for UEFI version. */ +@@ -293,9 +292,9 @@ void EFIAPI ERR_add_error_data(int num, ...); + #else + void ERR_add_error_data(int num, ...); + #endif +-#endif +-void ERR_load_strings(int lib,ERR_STRING_DATA str[]); +-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); ++# endif ++void ERR_load_strings(int lib, ERR_STRING_DATA str[]); ++void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); + void ERR_load_ERR_strings(void); + void ERR_load_crypto_strings(void); + void ERR_free_strings(void); +@@ -303,33 +302,37 @@ void ERR_free_strings(void); + void ERR_remove_state(unsigned long pid); /* if zero we look it up */ + ERR_STATE *ERR_get_state(void); + +-#ifndef OPENSSL_NO_LHASH ++# ifndef OPENSSL_NO_LHASH + LHASH *ERR_get_string_table(void); + LHASH *ERR_get_err_state_table(void); + void ERR_release_err_state_table(LHASH **hash); +-#endif ++# endif + + int ERR_get_next_error_library(void); + + int ERR_set_mark(void); + int ERR_pop_to_mark(void); + +-#ifdef OPENSSL_FIPS +-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), +- void (*remove_func)(unsigned long pid)); ++# ifdef OPENSSL_FIPS ++void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), ++ void (*remove_func) (unsigned long pid)); + void int_ERR_lib_init(void); +-#endif ++# endif + + /* Already defined in ossl_typ.h */ + /* typedef struct st_ERR_FNS ERR_FNS; */ +-/* An application can use this function and provide the return value to loaded +- * modules that should use the application's ERR state/functionality */ ++/* ++ * An application can use this function and provide the return value to ++ * loaded modules that should use the application's ERR state/functionality ++ */ + const ERR_FNS *ERR_get_implementation(void); +-/* A loaded module should call this function prior to any ERR operations using +- * the application's "ERR_FNS". */ ++/* ++ * A loaded module should call this function prior to any ERR operations ++ * using the application's "ERR_FNS". ++ */ + int ERR_set_implementation(const ERR_FNS *fns); + +-#ifdef __cplusplus ++#ifdef __cplusplus + } + #endif + +diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h +index 79c0971..df838d0 100644 +--- a/Cryptlib/Include/openssl/evp.h ++++ b/Cryptlib/Include/openssl/evp.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,579 +57,587 @@ + */ + + #ifndef HEADER_ENVELOPE_H +-#define HEADER_ENVELOPE_H +- +-#ifdef OPENSSL_ALGORITHM_DEFINES +-# include +-#else +-# define OPENSSL_ALGORITHM_DEFINES +-# include +-# undef OPENSSL_ALGORITHM_DEFINES +-#endif ++# define HEADER_ENVELOPE_H ++ ++# ifdef OPENSSL_ALGORITHM_DEFINES ++# include ++# else ++# define OPENSSL_ALGORITHM_DEFINES ++# include ++# undef OPENSSL_ALGORITHM_DEFINES ++# endif + +-#include ++# include + +-#include ++# include + +-#ifndef OPENSSL_NO_BIO +-#include +-#endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + +-#ifdef OPENSSL_FIPS +-#include +-#endif ++# ifdef OPENSSL_FIPS ++# include ++# endif + +-/* +-#define EVP_RC2_KEY_SIZE 16 +-#define EVP_RC4_KEY_SIZE 16 +-#define EVP_BLOWFISH_KEY_SIZE 16 +-#define EVP_CAST5_KEY_SIZE 16 +-#define EVP_RC5_32_12_16_KEY_SIZE 16 ++/*- ++#define EVP_RC2_KEY_SIZE 16 ++#define EVP_RC4_KEY_SIZE 16 ++#define EVP_BLOWFISH_KEY_SIZE 16 ++#define EVP_CAST5_KEY_SIZE 16 ++#define EVP_RC5_32_12_16_KEY_SIZE 16 + */ +-#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ +-#define EVP_MAX_KEY_LENGTH 32 +-#define EVP_MAX_IV_LENGTH 16 +-#define EVP_MAX_BLOCK_LENGTH 32 ++# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ ++# define EVP_MAX_KEY_LENGTH 32 ++# define EVP_MAX_IV_LENGTH 16 ++# define EVP_MAX_BLOCK_LENGTH 32 + +-#define PKCS5_SALT_LEN 8 ++# define PKCS5_SALT_LEN 8 + /* Default PKCS#5 iteration count */ +-#define PKCS5_DEFAULT_ITER 2048 +- +-#include +- +-#define EVP_PK_RSA 0x0001 +-#define EVP_PK_DSA 0x0002 +-#define EVP_PK_DH 0x0004 +-#define EVP_PK_EC 0x0008 +-#define EVP_PKT_SIGN 0x0010 +-#define EVP_PKT_ENC 0x0020 +-#define EVP_PKT_EXCH 0x0040 +-#define EVP_PKS_RSA 0x0100 +-#define EVP_PKS_DSA 0x0200 +-#define EVP_PKS_EC 0x0400 +-#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ +- +-#define EVP_PKEY_NONE NID_undef +-#define EVP_PKEY_RSA NID_rsaEncryption +-#define EVP_PKEY_RSA2 NID_rsa +-#define EVP_PKEY_DSA NID_dsa +-#define EVP_PKEY_DSA1 NID_dsa_2 +-#define EVP_PKEY_DSA2 NID_dsaWithSHA +-#define EVP_PKEY_DSA3 NID_dsaWithSHA1 +-#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +-#define EVP_PKEY_DH NID_dhKeyAgreement +-#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +- +-#ifdef __cplusplus ++# define PKCS5_DEFAULT_ITER 2048 ++ ++# include ++ ++# define EVP_PK_RSA 0x0001 ++# define EVP_PK_DSA 0x0002 ++# define EVP_PK_DH 0x0004 ++# define EVP_PK_EC 0x0008 ++# define EVP_PKT_SIGN 0x0010 ++# define EVP_PKT_ENC 0x0020 ++# define EVP_PKT_EXCH 0x0040 ++# define EVP_PKS_RSA 0x0100 ++# define EVP_PKS_DSA 0x0200 ++# define EVP_PKS_EC 0x0400 ++# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ ++ ++# define EVP_PKEY_NONE NID_undef ++# define EVP_PKEY_RSA NID_rsaEncryption ++# define EVP_PKEY_RSA2 NID_rsa ++# define EVP_PKEY_DSA NID_dsa ++# define EVP_PKEY_DSA1 NID_dsa_2 ++# define EVP_PKEY_DSA2 NID_dsaWithSHA ++# define EVP_PKEY_DSA3 NID_dsaWithSHA1 ++# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 ++# define EVP_PKEY_DH NID_dhKeyAgreement ++# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey ++ ++#ifdef __cplusplus + extern "C" { + #endif + +-/* Type needs to be a bit field +- * Sub-type needs to be for variations on the method, as in, can it do +- * arbitrary encryption.... */ +-struct evp_pkey_st +- { +- int type; +- int save_type; +- int references; +- union { +- char *ptr; +-#ifndef OPENSSL_NO_RSA +- struct rsa_st *rsa; /* RSA */ +-#endif +-#ifndef OPENSSL_NO_DSA +- struct dsa_st *dsa; /* DSA */ +-#endif +-#ifndef OPENSSL_NO_DH +- struct dh_st *dh; /* DH */ +-#endif +-#ifndef OPENSSL_NO_EC +- struct ec_key_st *ec; /* ECC */ +-#endif +- } pkey; +- int save_parameters; +- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +- } /* EVP_PKEY */; +- +-#define EVP_PKEY_MO_SIGN 0x0001 +-#define EVP_PKEY_MO_VERIFY 0x0002 +-#define EVP_PKEY_MO_ENCRYPT 0x0004 +-#define EVP_PKEY_MO_DECRYPT 0x0008 +- +-#if 0 +-/* This structure is required to tie the message digest and signing together. +- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or +- * oid, md and pkey. +- * This is required because for various smart-card perform the digest and +- * signing/verification on-board. To handle this case, the specific +- * EVP_MD and EVP_PKEY_METHODs need to be closely associated. +- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. +- * This can either be software or a token to provide the required low level ++/* ++ * Type needs to be a bit field Sub-type needs to be for variations on the ++ * method, as in, can it do arbitrary encryption.... ++ */ ++struct evp_pkey_st { ++ int type; ++ int save_type; ++ int references; ++ union { ++ char *ptr; ++# ifndef OPENSSL_NO_RSA ++ struct rsa_st *rsa; /* RSA */ ++# endif ++# ifndef OPENSSL_NO_DSA ++ struct dsa_st *dsa; /* DSA */ ++# endif ++# ifndef OPENSSL_NO_DH ++ struct dh_st *dh; /* DH */ ++# endif ++# ifndef OPENSSL_NO_EC ++ struct ec_key_st *ec; /* ECC */ ++# endif ++ } pkey; ++ int save_parameters; ++ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ ++} /* EVP_PKEY */ ; ++ ++# define EVP_PKEY_MO_SIGN 0x0001 ++# define EVP_PKEY_MO_VERIFY 0x0002 ++# define EVP_PKEY_MO_ENCRYPT 0x0004 ++# define EVP_PKEY_MO_DECRYPT 0x0008 ++ ++# if 0 ++/* ++ * This structure is required to tie the message digest and signing together. ++ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or oid, md ++ * and pkey. This is required because for various smart-card perform the ++ * digest and signing/verification on-board. To handle this case, the ++ * specific EVP_MD and EVP_PKEY_METHODs need to be closely associated. When a ++ * PKEY is created, it will have a EVP_PKEY_METHOD associated with it. This ++ * can either be software or a token to provide the required low level + * routines. + */ +-typedef struct evp_pkey_md_st +- { +- int oid; +- EVP_MD *md; +- EVP_PKEY_METHOD *pkey; +- } EVP_PKEY_MD; +- +-#define EVP_rsa_md2() \ +- EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_md2()) +-#define EVP_rsa_md5() \ +- EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_md5()) +-#define EVP_rsa_sha0() \ +- EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_sha()) +-#define EVP_rsa_sha1() \ +- EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ +- EVP_rsa_pkcs1(),EVP_sha1()) +-#define EVP_rsa_ripemd160() \ +- EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ +- EVP_rsa_pkcs1(),EVP_ripemd160()) +-#define EVP_rsa_mdc2() \ +- EVP_PKEY_MD_add(NID_mdc2WithRSA,\ +- EVP_rsa_octet_string(),EVP_mdc2()) +-#define EVP_dsa_sha() \ +- EVP_PKEY_MD_add(NID_dsaWithSHA,\ +- EVP_dsa(),EVP_sha()) +-#define EVP_dsa_sha1() \ +- EVP_PKEY_MD_add(NID_dsaWithSHA1,\ +- EVP_dsa(),EVP_sha1()) +- +-typedef struct evp_pkey_method_st +- { +- char *name; +- int flags; +- int type; /* RSA, DSA, an SSLeay specific constant */ +- int oid; /* For the pub-key type */ +- int encrypt_oid; /* pub/priv key encryption */ +- +- int (*sign)(); +- int (*verify)(); +- struct { +- int (*set)(); /* get and/or set the underlying type */ +- int (*get)(); +- int (*encrypt)(); +- int (*decrypt)(); +- int (*i2d)(); +- int (*d2i)(); +- int (*dup)(); +- } pub,priv; +- int (*set_asn1_parameters)(); +- int (*get_asn1_parameters)(); +- } EVP_PKEY_METHOD; +-#endif ++typedef struct evp_pkey_md_st { ++ int oid; ++ EVP_MD *md; ++ EVP_PKEY_METHOD *pkey; ++} EVP_PKEY_MD; ++ ++# define EVP_rsa_md2() \ ++ EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ ++ EVP_rsa_pkcs1(),EVP_md2()) ++# define EVP_rsa_md5() \ ++ EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ ++ EVP_rsa_pkcs1(),EVP_md5()) ++# define EVP_rsa_sha0() \ ++ EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ ++ EVP_rsa_pkcs1(),EVP_sha()) ++# define EVP_rsa_sha1() \ ++ EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ ++ EVP_rsa_pkcs1(),EVP_sha1()) ++# define EVP_rsa_ripemd160() \ ++ EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ ++ EVP_rsa_pkcs1(),EVP_ripemd160()) ++# define EVP_rsa_mdc2() \ ++ EVP_PKEY_MD_add(NID_mdc2WithRSA,\ ++ EVP_rsa_octet_string(),EVP_mdc2()) ++# define EVP_dsa_sha() \ ++ EVP_PKEY_MD_add(NID_dsaWithSHA,\ ++ EVP_dsa(),EVP_sha()) ++# define EVP_dsa_sha1() \ ++ EVP_PKEY_MD_add(NID_dsaWithSHA1,\ ++ EVP_dsa(),EVP_sha1()) ++ ++typedef struct evp_pkey_method_st { ++ char *name; ++ int flags; ++ int type; /* RSA, DSA, an SSLeay specific constant */ ++ int oid; /* For the pub-key type */ ++ int encrypt_oid; /* pub/priv key encryption */ ++ int (*sign) (); ++ int (*verify) (); ++ struct { ++ int (*set) (); /* get and/or set the underlying type */ ++ int (*get) (); ++ int (*encrypt) (); ++ int (*decrypt) (); ++ int (*i2d) (); ++ int (*d2i) (); ++ int (*dup) (); ++ } pub, priv; ++ int (*set_asn1_parameters) (); ++ int (*get_asn1_parameters) (); ++} EVP_PKEY_METHOD; ++# endif + +-#ifndef EVP_MD +-struct env_md_st +- { +- int type; +- int pkey_type; +- int md_size; +- unsigned long flags; +- int (*init)(EVP_MD_CTX *ctx); +- int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); +- int (*final)(EVP_MD_CTX *ctx,unsigned char *md); +- int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); +- int (*cleanup)(EVP_MD_CTX *ctx); +- +- /* FIXME: prototype these some day */ +- int (*sign)(int type, const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, void *key); +- int (*verify)(int type, const unsigned char *m, unsigned int m_length, +- const unsigned char *sigbuf, unsigned int siglen, +- void *key); +- int required_pkey_type[5]; /*EVP_PKEY_xxx */ +- int block_size; +- int ctx_size; /* how big does the ctx->md_data need to be */ +- } /* EVP_MD */; +- +-typedef int evp_sign_method(int type,const unsigned char *m, +- unsigned int m_length,unsigned char *sigret, +- unsigned int *siglen, void *key); +-typedef int evp_verify_method(int type,const unsigned char *m, +- unsigned int m_length,const unsigned char *sigbuf, +- unsigned int siglen, void *key); +- +-typedef struct +- { +- EVP_MD_CTX *mctx; +- void *key; +- } EVP_MD_SVCTX; +- +-#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single +- * block */ +- +-#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ +- +-#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ +- +-#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} +- +-#ifndef OPENSSL_NO_DSA +-#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ +- (evp_verify_method *)DSA_verify, \ +- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ +- EVP_PKEY_DSA4,0} +-#else +-#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method +-#endif ++# ifndef EVP_MD ++struct env_md_st { ++ int type; ++ int pkey_type; ++ int md_size; ++ unsigned long flags; ++ int (*init) (EVP_MD_CTX *ctx); ++ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); ++ int (*final) (EVP_MD_CTX *ctx, unsigned char *md); ++ int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); ++ int (*cleanup) (EVP_MD_CTX *ctx); ++ /* FIXME: prototype these some day */ ++ int (*sign) (int type, const unsigned char *m, unsigned int m_length, ++ unsigned char *sigret, unsigned int *siglen, void *key); ++ int (*verify) (int type, const unsigned char *m, unsigned int m_length, ++ const unsigned char *sigbuf, unsigned int siglen, ++ void *key); ++ int required_pkey_type[5]; /* EVP_PKEY_xxx */ ++ int block_size; ++ int ctx_size; /* how big does the ctx->md_data need to be */ ++} /* EVP_MD */ ; ++ ++typedef int evp_sign_method(int type, const unsigned char *m, ++ unsigned int m_length, unsigned char *sigret, ++ unsigned int *siglen, void *key); ++typedef int evp_verify_method(int type, const unsigned char *m, ++ unsigned int m_length, ++ const unsigned char *sigbuf, ++ unsigned int siglen, void *key); ++ ++typedef struct { ++ EVP_MD_CTX *mctx; ++ void *key; ++} EVP_MD_SVCTX; ++ ++/* digest can only handle a single block */ ++# define EVP_MD_FLAG_ONESHOT 0x0001 + +-#ifndef OPENSSL_NO_ECDSA +-#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ +- (evp_verify_method *)ECDSA_verify, \ +- {EVP_PKEY_EC,0,0,0} +-#else +-#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +-#endif ++/* Note if suitable for use in FIPS mode */ ++# define EVP_MD_FLAG_FIPS 0x0400 + +-#ifndef OPENSSL_NO_RSA +-#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ +- (evp_verify_method *)RSA_verify, \ +- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ +- (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ +- (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ +- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} +-#else +-#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method +-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method +-#endif ++# define EVP_MD_FLAG_SVCTX 0x0800 ++ /* pass EVP_MD_SVCTX to sign/verify */ + +-#endif /* !EVP_MD */ ++# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} + +-struct env_md_ctx_st +- { +- const EVP_MD *digest; +- ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ +- unsigned long flags; +- void *md_data; +- } /* EVP_MD_CTX */; ++# ifndef OPENSSL_NO_DSA ++# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ ++ (evp_verify_method *)DSA_verify, \ ++ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ ++ EVP_PKEY_DSA4,0} ++# else ++# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method ++# endif ++ ++# ifndef OPENSSL_NO_ECDSA ++# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ ++ (evp_verify_method *)ECDSA_verify, \ ++ {EVP_PKEY_EC,0,0,0} ++# else ++# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method ++# endif ++ ++# ifndef OPENSSL_NO_RSA ++# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ ++ (evp_verify_method *)RSA_verify, \ ++ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} ++# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ ++ (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ ++ (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ ++ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} ++# else ++# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method ++# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method ++# endif ++ ++# endif /* !EVP_MD */ ++ ++struct env_md_ctx_st { ++ const EVP_MD *digest; ++ ENGINE *engine; /* functional reference if 'digest' is ++ * ENGINE-provided */ ++ unsigned long flags; ++ void *md_data; ++} /* EVP_MD_CTX */ ; + + /* values for EVP_MD_CTX flags */ + +-#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called +- * once only */ +-#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been +- * cleaned */ +-#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data +- * in EVP_MD_CTX_cleanup */ +-#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest +- * in FIPS mode */ +- +-#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +-#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +-#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ +-#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ +-#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ +- ((ctx->flags>>16) &0xFFFF) /* seed length */ +-#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ +-#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ +- +-struct evp_cipher_st +- { +- int nid; +- int block_size; +- int key_len; /* Default value for variable length ciphers */ +- int iv_len; +- unsigned long flags; /* Various flags */ +- int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); /* init key */ +- int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ +- int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ +- int ctx_size; /* how big ctx->cipher_data needs to be */ +- int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ +- int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ +- int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ +- void *app_data; /* Application data */ +- } /* EVP_CIPHER */; ++# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be ++ * called once only */ ++# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been ++ * cleaned */ ++# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data ++ * in EVP_MD_CTX_cleanup */ ++# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS ++ * digest in FIPS mode */ ++ ++# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */ ++# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */ ++# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */ ++# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ ++# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ ++ ((ctx->flags>>16) &0xFFFF) /* seed length */ ++# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */ ++# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */ ++ ++struct evp_cipher_st { ++ int nid; ++ int block_size; ++ /* Default value for variable length ciphers */ ++ int key_len; ++ int iv_len; ++ /* Various flags */ ++ unsigned long flags; ++ /* init key */ ++ int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc); ++ /* encrypt/decrypt data */ ++ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl); ++ /* cleanup ctx */ ++ int (*cleanup) (EVP_CIPHER_CTX *); ++ /* how big ctx->cipher_data needs to be */ ++ int ctx_size; ++ /* Populate a ASN1_TYPE with parameters */ ++ int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); ++ /* Get parameters from a ASN1_TYPE */ ++ int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); ++ /* Miscellaneous operations */ ++ int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); ++ /* Application data */ ++ void *app_data; ++} /* EVP_CIPHER */ ; + + /* Values for cipher flags */ + + /* Modes for ciphers */ + +-#define EVP_CIPH_STREAM_CIPHER 0x0 +-#define EVP_CIPH_ECB_MODE 0x1 +-#define EVP_CIPH_CBC_MODE 0x2 +-#define EVP_CIPH_CFB_MODE 0x3 +-#define EVP_CIPH_OFB_MODE 0x4 +-#define EVP_CIPH_MODE 0x7 ++# define EVP_CIPH_STREAM_CIPHER 0x0 ++# define EVP_CIPH_ECB_MODE 0x1 ++# define EVP_CIPH_CBC_MODE 0x2 ++# define EVP_CIPH_CFB_MODE 0x3 ++# define EVP_CIPH_OFB_MODE 0x4 ++# define EVP_CIPH_MODE 0x7 + /* Set if variable length cipher */ +-#define EVP_CIPH_VARIABLE_LENGTH 0x8 ++# define EVP_CIPH_VARIABLE_LENGTH 0x8 + /* Set if the iv handling should be done by the cipher itself */ +-#define EVP_CIPH_CUSTOM_IV 0x10 ++# define EVP_CIPH_CUSTOM_IV 0x10 + /* Set if the cipher's init() function should be called if key is NULL */ +-#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 ++# define EVP_CIPH_ALWAYS_CALL_INIT 0x20 + /* Call ctrl() to init cipher parameters */ +-#define EVP_CIPH_CTRL_INIT 0x40 ++# define EVP_CIPH_CTRL_INIT 0x40 + /* Don't use standard key length function */ +-#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 ++# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 + /* Don't use standard block padding */ +-#define EVP_CIPH_NO_PADDING 0x100 ++# define EVP_CIPH_NO_PADDING 0x100 + /* cipher handles random key generation */ +-#define EVP_CIPH_RAND_KEY 0x200 ++# define EVP_CIPH_RAND_KEY 0x200 + /* Note if suitable for use in FIPS mode */ +-#define EVP_CIPH_FLAG_FIPS 0x400 ++# define EVP_CIPH_FLAG_FIPS 0x400 + /* Allow non FIPS cipher in FIPS mode */ +-#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 ++# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 + /* Allow use default ASN1 get/set iv */ +-#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 ++# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 + /* Buffer length in bits not bytes: CFB1 mode only */ +-#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 ++# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 + + /* ctrl() values */ + +-#define EVP_CTRL_INIT 0x0 +-#define EVP_CTRL_SET_KEY_LENGTH 0x1 +-#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +-#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +-#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +-#define EVP_CTRL_SET_RC5_ROUNDS 0x5 +-#define EVP_CTRL_RAND_KEY 0x6 +- +-typedef struct evp_cipher_info_st +- { +- const EVP_CIPHER *cipher; +- unsigned char iv[EVP_MAX_IV_LENGTH]; +- } EVP_CIPHER_INFO; +- +-struct evp_cipher_ctx_st +- { +- const EVP_CIPHER *cipher; +- ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ +- int encrypt; /* encrypt or decrypt */ +- int buf_len; /* number we have left */ +- +- unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ +- unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ +- unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ +- int num; /* used by cfb/ofb mode */ +- +- void *app_data; /* application stuff */ +- int key_len; /* May change for variable length cipher */ +- unsigned long flags; /* Various flags */ +- void *cipher_data; /* per EVP data */ +- int final_used; +- int block_mask; +- unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ +- } /* EVP_CIPHER_CTX */; +- +-typedef struct evp_Encode_Ctx_st +- { +- int num; /* number saved in a partial encode/decode */ +- int length; /* The length is either the output line length +- * (in input bytes) or the shortest input line +- * length that is ok. Once decoding begins, +- * the length is adjusted up each time a longer +- * line is decoded */ +- unsigned char enc_data[80]; /* data to encode */ +- int line_num; /* number read on current line */ +- int expect_nl; +- } EVP_ENCODE_CTX; ++# define EVP_CTRL_INIT 0x0 ++# define EVP_CTRL_SET_KEY_LENGTH 0x1 ++# define EVP_CTRL_GET_RC2_KEY_BITS 0x2 ++# define EVP_CTRL_SET_RC2_KEY_BITS 0x3 ++# define EVP_CTRL_GET_RC5_ROUNDS 0x4 ++# define EVP_CTRL_SET_RC5_ROUNDS 0x5 ++# define EVP_CTRL_RAND_KEY 0x6 ++ ++typedef struct evp_cipher_info_st { ++ const EVP_CIPHER *cipher; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++} EVP_CIPHER_INFO; ++ ++struct evp_cipher_ctx_st { ++ const EVP_CIPHER *cipher; ++ ENGINE *engine; /* functional reference if 'cipher' is ++ * ENGINE-provided */ ++ int encrypt; /* encrypt or decrypt */ ++ int buf_len; /* number we have left */ ++ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ ++ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ ++ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ ++ int num; /* used by cfb/ofb mode */ ++ void *app_data; /* application stuff */ ++ int key_len; /* May change for variable length cipher */ ++ unsigned long flags; /* Various flags */ ++ void *cipher_data; /* per EVP data */ ++ int final_used; ++ int block_mask; ++ unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ ++} /* EVP_CIPHER_CTX */ ; ++ ++typedef struct evp_Encode_Ctx_st { ++ /* number saved in a partial encode/decode */ ++ int num; ++ /* ++ * The length is either the output line length (in input bytes) or the ++ * shortest input line length that is ok. Once decoding begins, the ++ * length is adjusted up each time a longer line is decoded ++ */ ++ int length; ++ /* data to encode */ ++ unsigned char enc_data[80]; ++ /* number read on current line */ ++ int line_num; ++ int expect_nl; ++} EVP_ENCODE_CTX; + + /* Password based encryption function */ +-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *cipher, +- const EVP_MD *md, int en_de); +- +-#ifndef OPENSSL_NO_RSA +-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ +- (char *)(rsa)) +-#endif ++typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, ++ int passlen, ASN1_TYPE *param, ++ const EVP_CIPHER *cipher, const EVP_MD *md, ++ int en_de); ++ ++# ifndef OPENSSL_NO_RSA ++# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ ++ (char *)(rsa)) ++# endif + +-#ifndef OPENSSL_NO_DSA +-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ +- (char *)(dsa)) +-#endif ++# ifndef OPENSSL_NO_DSA ++# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ ++ (char *)(dsa)) ++# endif + +-#ifndef OPENSSL_NO_DH +-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ +- (char *)(dh)) +-#endif ++# ifndef OPENSSL_NO_DH ++# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ ++ (char *)(dh)) ++# endif + +-#ifndef OPENSSL_NO_EC +-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ ++# ifndef OPENSSL_NO_EC ++# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +-#endif ++# endif + + /* Add some extra combinations */ +-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) ++# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) ++# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) ++# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) ++# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + + /* Macros to reduce FIPS dependencies: do NOT use in applications */ +-#define M_EVP_MD_size(e) ((e)->md_size) +-#define M_EVP_MD_block_size(e) ((e)->block_size) +-#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +-#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +-#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +-#define M_EVP_MD_type(e) ((e)->type) +-#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) +-#define M_EVP_MD_CTX_md(e) ((e)->digest) ++# define M_EVP_MD_size(e) ((e)->md_size) ++# define M_EVP_MD_block_size(e) ((e)->block_size) ++# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) ++# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) ++# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) ++# define M_EVP_MD_type(e) ((e)->type) ++# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) ++# define M_EVP_MD_CTX_md(e) ((e)->digest) + +-#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) ++# define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) + + int EVP_MD_type(const EVP_MD *md); +-#define EVP_MD_nid(e) EVP_MD_type(e) +-#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +-int EVP_MD_pkey_type(const EVP_MD *md); ++# define EVP_MD_nid(e) EVP_MD_type(e) ++# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) ++int EVP_MD_pkey_type(const EVP_MD *md); + int EVP_MD_size(const EVP_MD *md); + int EVP_MD_block_size(const EVP_MD *md); + +-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +-#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +-#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +-#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) ++const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); ++# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) ++# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) ++# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) + + int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +-#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) ++# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) + int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); + unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +-#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) ++# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); ++const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); ++void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); + void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +-#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) ++# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) + unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +-#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) +- +-#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +-#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) +- +-#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +-#define EVP_SignInit(a,b) EVP_DigestInit(a,b) +-#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +-#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +-#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +-#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +-#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +-#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +- +-#ifdef CONST_STRICT +-void BIO_set_md(BIO *,const EVP_MD *md); +-#else +-# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +-#endif +-#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) +-#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +-#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) +-#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +-#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) ++# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) ++ ++# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) ++# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) ++ ++# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) ++# define EVP_SignInit(a,b) EVP_DigestInit(a,b) ++# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) ++# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) ++# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) ++# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) ++# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) ++# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) ++ ++# ifdef CONST_STRICT ++void BIO_set_md(BIO *, const EVP_MD *md); ++# else ++# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) ++# endif ++# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) ++# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) ++# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) ++# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) ++# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) + + int EVP_Cipher(EVP_CIPHER_CTX *c, +- unsigned char *out, +- const unsigned char *in, +- unsigned int inl); +- +-#define EVP_add_cipher_alias(n,alias) \ +- OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +-#define EVP_add_digest_alias(n,alias) \ +- OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) +-#define EVP_delete_cipher_alias(alias) \ +- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); +-#define EVP_delete_digest_alias(alias) \ +- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); +- +-void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); ++ unsigned char *out, const unsigned char *in, unsigned int inl); ++ ++# define EVP_add_cipher_alias(n,alias) \ ++ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) ++# define EVP_add_digest_alias(n,alias) \ ++ OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) ++# define EVP_delete_cipher_alias(alias) \ ++ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); ++# define EVP_delete_digest_alias(alias) \ ++ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); ++ ++void EVP_MD_CTX_init(EVP_MD_CTX *ctx); ++int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); + EVP_MD_CTX *EVP_MD_CTX_create(void); +-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags); +-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +-int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, +- size_t cnt); +-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +-int EVP_Digest(const void *data, size_t count, +- unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); +- +-int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); +-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +-int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); +- +-int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); +-void EVP_set_pw_prompt(const char *prompt); +-char * EVP_get_pw_prompt(void); +- +-int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, +- const unsigned char *salt, const unsigned char *data, +- int datal, int count, unsigned char *key,unsigned char *iv); +- +-void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +-void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +-int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); +- +-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv); +-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, const unsigned char *iv); +-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl, const unsigned char *in, int inl); +-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +- +-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv); +-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, const unsigned char *iv); +-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl, const unsigned char *in, int inl); +-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +- +-int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, +- const unsigned char *key,const unsigned char *iv, +- int enc); +-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key,const unsigned char *iv, +- int enc); +-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl, const unsigned char *in, int inl); +-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +- +-int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, +- EVP_PKEY *pkey); +- +-int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf, +- unsigned int siglen,EVP_PKEY *pkey); +- +-int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, +- const unsigned char *ek, int ekl, const unsigned char *iv, +- EVP_PKEY *priv); +-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +- +-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +- unsigned char **ek, int *ekl, unsigned char *iv, +- EVP_PKEY **pubk, int npubk); +-int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); +- +-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, +- const unsigned char *in,int inl); +-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); +-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); +- +-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, +- const unsigned char *in, int inl); +-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned +- char *out, int *outl); +-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); ++void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); ++int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); ++void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); ++void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); ++int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); ++int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); ++int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); ++int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); ++int EVP_Digest(const void *data, size_t count, ++ unsigned char *md, unsigned int *size, const EVP_MD *type, ++ ENGINE *impl); ++ ++int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); ++int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); ++int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); ++ ++int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); ++void EVP_set_pw_prompt(const char *prompt); ++char *EVP_get_pw_prompt(void); ++ ++int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, ++ const unsigned char *salt, const unsigned char *data, ++ int datal, int count, unsigned char *key, ++ unsigned char *iv); ++ ++void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); ++void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); ++int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); ++ ++int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, const unsigned char *iv); ++int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv); ++int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++ ++int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, const unsigned char *iv); ++int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv); ++int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++ ++int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, const unsigned char *iv, ++ int enc); ++int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv, int enc); ++int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++ ++int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, ++ EVP_PKEY *pkey); ++ ++int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, ++ unsigned int siglen, EVP_PKEY *pkey); ++ ++int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ++ const unsigned char *ek, int ekl, const unsigned char *iv, ++ EVP_PKEY *priv); ++int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++ ++int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ++ unsigned char **ek, int *ekl, unsigned char *iv, ++ EVP_PKEY **pubk, int npubk); ++int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++ ++void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); ++void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); ++int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); ++ ++void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); ++int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned ++ char *out, int *outl); ++int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + + void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +@@ -640,65 +648,65 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); + int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +-#ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_BIO + BIO_METHOD *BIO_f_md(void); + BIO_METHOD *BIO_f_base64(void); + BIO_METHOD *BIO_f_cipher(void); + BIO_METHOD *BIO_f_reliable(void); +-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k, +- const unsigned char *i, int enc); +-#endif ++void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, ++ const unsigned char *i, int enc); ++# endif + + const EVP_MD *EVP_md_null(void); +-#ifndef OPENSSL_NO_MD2 ++# ifndef OPENSSL_NO_MD2 + const EVP_MD *EVP_md2(void); +-#endif +-#ifndef OPENSSL_NO_MD4 ++# endif ++# ifndef OPENSSL_NO_MD4 + const EVP_MD *EVP_md4(void); +-#endif +-#ifndef OPENSSL_NO_MD5 ++# endif ++# ifndef OPENSSL_NO_MD5 + const EVP_MD *EVP_md5(void); +-#endif +-#ifndef OPENSSL_NO_SHA ++# endif ++# ifndef OPENSSL_NO_SHA + const EVP_MD *EVP_sha(void); + const EVP_MD *EVP_sha1(void); + const EVP_MD *EVP_dss(void); + const EVP_MD *EVP_dss1(void); + const EVP_MD *EVP_ecdsa(void); +-#endif +-#ifndef OPENSSL_NO_SHA256 ++# endif ++# ifndef OPENSSL_NO_SHA256 + const EVP_MD *EVP_sha224(void); + const EVP_MD *EVP_sha256(void); +-#endif +-#ifndef OPENSSL_NO_SHA512 ++# endif ++# ifndef OPENSSL_NO_SHA512 + const EVP_MD *EVP_sha384(void); + const EVP_MD *EVP_sha512(void); +-#endif +-#ifndef OPENSSL_NO_MDC2 ++# endif ++# ifndef OPENSSL_NO_MDC2 + const EVP_MD *EVP_mdc2(void); +-#endif +-#ifndef OPENSSL_NO_RIPEMD ++# endif ++# ifndef OPENSSL_NO_RIPEMD + const EVP_MD *EVP_ripemd160(void); +-#endif +-const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +-#ifndef OPENSSL_NO_DES ++# endif ++const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ ++# ifndef OPENSSL_NO_DES + const EVP_CIPHER *EVP_des_ecb(void); + const EVP_CIPHER *EVP_des_ede(void); + const EVP_CIPHER *EVP_des_ede3(void); + const EVP_CIPHER *EVP_des_ede_ecb(void); + const EVP_CIPHER *EVP_des_ede3_ecb(void); + const EVP_CIPHER *EVP_des_cfb64(void); +-# define EVP_des_cfb EVP_des_cfb64 ++# define EVP_des_cfb EVP_des_cfb64 + const EVP_CIPHER *EVP_des_cfb1(void); + const EVP_CIPHER *EVP_des_cfb8(void); + const EVP_CIPHER *EVP_des_ede_cfb64(void); +-# define EVP_des_ede_cfb EVP_des_ede_cfb64 +-#if 0 ++# define EVP_des_ede_cfb EVP_des_ede_cfb64 ++# if 0 + const EVP_CIPHER *EVP_des_ede_cfb1(void); + const EVP_CIPHER *EVP_des_ede_cfb8(void); +-#endif ++# endif + const EVP_CIPHER *EVP_des_ede3_cfb64(void); +-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 ++# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 + const EVP_CIPHER *EVP_des_ede3_cfb1(void); + const EVP_CIPHER *EVP_des_ede3_cfb8(void); + const EVP_CIPHER *EVP_des_ofb(void); +@@ -708,137 +716,140 @@ const EVP_CIPHER *EVP_des_cbc(void); + const EVP_CIPHER *EVP_des_ede_cbc(void); + const EVP_CIPHER *EVP_des_ede3_cbc(void); + const EVP_CIPHER *EVP_desx_cbc(void); +-/* This should now be supported through the dev_crypto ENGINE. But also, why are +- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ +-#if 0 +-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO ++/* ++ * This should now be supported through the dev_crypto ENGINE. But also, why ++ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler ++ * branch? ++ */ ++# if 0 ++# ifdef OPENSSL_OPENBSD_DEV_CRYPTO + const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); + const EVP_CIPHER *EVP_dev_crypto_rc4(void); + const EVP_MD *EVP_dev_crypto_md5(void); ++# endif ++# endif + # endif +-#endif +-#endif +-#ifndef OPENSSL_NO_RC4 ++# ifndef OPENSSL_NO_RC4 + const EVP_CIPHER *EVP_rc4(void); + const EVP_CIPHER *EVP_rc4_40(void); +-#endif +-#ifndef OPENSSL_NO_IDEA ++# endif ++# ifndef OPENSSL_NO_IDEA + const EVP_CIPHER *EVP_idea_ecb(void); + const EVP_CIPHER *EVP_idea_cfb64(void); +-# define EVP_idea_cfb EVP_idea_cfb64 ++# define EVP_idea_cfb EVP_idea_cfb64 + const EVP_CIPHER *EVP_idea_ofb(void); + const EVP_CIPHER *EVP_idea_cbc(void); +-#endif +-#ifndef OPENSSL_NO_RC2 ++# endif ++# ifndef OPENSSL_NO_RC2 + const EVP_CIPHER *EVP_rc2_ecb(void); + const EVP_CIPHER *EVP_rc2_cbc(void); + const EVP_CIPHER *EVP_rc2_40_cbc(void); + const EVP_CIPHER *EVP_rc2_64_cbc(void); + const EVP_CIPHER *EVP_rc2_cfb64(void); +-# define EVP_rc2_cfb EVP_rc2_cfb64 ++# define EVP_rc2_cfb EVP_rc2_cfb64 + const EVP_CIPHER *EVP_rc2_ofb(void); +-#endif +-#ifndef OPENSSL_NO_BF ++# endif ++# ifndef OPENSSL_NO_BF + const EVP_CIPHER *EVP_bf_ecb(void); + const EVP_CIPHER *EVP_bf_cbc(void); + const EVP_CIPHER *EVP_bf_cfb64(void); +-# define EVP_bf_cfb EVP_bf_cfb64 ++# define EVP_bf_cfb EVP_bf_cfb64 + const EVP_CIPHER *EVP_bf_ofb(void); +-#endif +-#ifndef OPENSSL_NO_CAST ++# endif ++# ifndef OPENSSL_NO_CAST + const EVP_CIPHER *EVP_cast5_ecb(void); + const EVP_CIPHER *EVP_cast5_cbc(void); + const EVP_CIPHER *EVP_cast5_cfb64(void); +-# define EVP_cast5_cfb EVP_cast5_cfb64 ++# define EVP_cast5_cfb EVP_cast5_cfb64 + const EVP_CIPHER *EVP_cast5_ofb(void); +-#endif +-#ifndef OPENSSL_NO_RC5 ++# endif ++# ifndef OPENSSL_NO_RC5 + const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); + const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); + const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); +-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 ++# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 + const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); +-#endif +-#ifndef OPENSSL_NO_AES ++# endif ++# ifndef OPENSSL_NO_AES + const EVP_CIPHER *EVP_aes_128_ecb(void); + const EVP_CIPHER *EVP_aes_128_cbc(void); + const EVP_CIPHER *EVP_aes_128_cfb1(void); + const EVP_CIPHER *EVP_aes_128_cfb8(void); + const EVP_CIPHER *EVP_aes_128_cfb128(void); +-# define EVP_aes_128_cfb EVP_aes_128_cfb128 ++# define EVP_aes_128_cfb EVP_aes_128_cfb128 + const EVP_CIPHER *EVP_aes_128_ofb(void); +-#if 0 ++# if 0 + const EVP_CIPHER *EVP_aes_128_ctr(void); +-#endif ++# endif + const EVP_CIPHER *EVP_aes_192_ecb(void); + const EVP_CIPHER *EVP_aes_192_cbc(void); + const EVP_CIPHER *EVP_aes_192_cfb1(void); + const EVP_CIPHER *EVP_aes_192_cfb8(void); + const EVP_CIPHER *EVP_aes_192_cfb128(void); +-# define EVP_aes_192_cfb EVP_aes_192_cfb128 ++# define EVP_aes_192_cfb EVP_aes_192_cfb128 + const EVP_CIPHER *EVP_aes_192_ofb(void); +-#if 0 ++# if 0 + const EVP_CIPHER *EVP_aes_192_ctr(void); +-#endif ++# endif + const EVP_CIPHER *EVP_aes_256_ecb(void); + const EVP_CIPHER *EVP_aes_256_cbc(void); + const EVP_CIPHER *EVP_aes_256_cfb1(void); + const EVP_CIPHER *EVP_aes_256_cfb8(void); + const EVP_CIPHER *EVP_aes_256_cfb128(void); +-# define EVP_aes_256_cfb EVP_aes_256_cfb128 ++# define EVP_aes_256_cfb EVP_aes_256_cfb128 + const EVP_CIPHER *EVP_aes_256_ofb(void); +-#if 0 ++# if 0 + const EVP_CIPHER *EVP_aes_256_ctr(void); +-#endif +-#endif +-#ifndef OPENSSL_NO_CAMELLIA ++# endif ++# endif ++# ifndef OPENSSL_NO_CAMELLIA + const EVP_CIPHER *EVP_camellia_128_ecb(void); + const EVP_CIPHER *EVP_camellia_128_cbc(void); + const EVP_CIPHER *EVP_camellia_128_cfb1(void); + const EVP_CIPHER *EVP_camellia_128_cfb8(void); + const EVP_CIPHER *EVP_camellia_128_cfb128(void); +-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 ++# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 + const EVP_CIPHER *EVP_camellia_128_ofb(void); + const EVP_CIPHER *EVP_camellia_192_ecb(void); + const EVP_CIPHER *EVP_camellia_192_cbc(void); + const EVP_CIPHER *EVP_camellia_192_cfb1(void); + const EVP_CIPHER *EVP_camellia_192_cfb8(void); + const EVP_CIPHER *EVP_camellia_192_cfb128(void); +-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 ++# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 + const EVP_CIPHER *EVP_camellia_192_ofb(void); + const EVP_CIPHER *EVP_camellia_256_ecb(void); + const EVP_CIPHER *EVP_camellia_256_cbc(void); + const EVP_CIPHER *EVP_camellia_256_cfb1(void); + const EVP_CIPHER *EVP_camellia_256_cfb8(void); + const EVP_CIPHER *EVP_camellia_256_cfb128(void); +-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 ++# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 + const EVP_CIPHER *EVP_camellia_256_ofb(void); +-#endif ++# endif + +-#ifndef OPENSSL_NO_SEED ++# ifndef OPENSSL_NO_SEED + const EVP_CIPHER *EVP_seed_ecb(void); + const EVP_CIPHER *EVP_seed_cbc(void); + const EVP_CIPHER *EVP_seed_cfb128(void); +-# define EVP_seed_cfb EVP_seed_cfb128 ++# define EVP_seed_cfb EVP_seed_cfb128 + const EVP_CIPHER *EVP_seed_ofb(void); +-#endif ++# endif + + void OPENSSL_add_all_algorithms_noconf(void); + void OPENSSL_add_all_algorithms_conf(void); + +-#ifdef OPENSSL_LOAD_CONF +-#define OpenSSL_add_all_algorithms() \ +- OPENSSL_add_all_algorithms_conf() +-#else +-#define OpenSSL_add_all_algorithms() \ +- OPENSSL_add_all_algorithms_noconf() +-#endif ++# ifdef OPENSSL_LOAD_CONF ++# define OpenSSL_add_all_algorithms() \ ++ OPENSSL_add_all_algorithms_conf() ++# else ++# define OpenSSL_add_all_algorithms() \ ++ OPENSSL_add_all_algorithms_noconf() ++# endif + + void OpenSSL_add_all_ciphers(void); + void OpenSSL_add_all_digests(void); +-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() +-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() +-#define SSLeay_add_all_digests() OpenSSL_add_all_digests() ++# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() ++# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() ++# define SSLeay_add_all_digests() OpenSSL_add_all_digests() + + int EVP_add_cipher(const EVP_CIPHER *cipher); + int EVP_add_digest(const EVP_MD *digest); +@@ -847,54 +858,54 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); + const EVP_MD *EVP_get_digestbyname(const char *name); + void EVP_cleanup(void); + +-int EVP_PKEY_decrypt(unsigned char *dec_key, +- const unsigned char *enc_key,int enc_key_len, +- EVP_PKEY *private_key); +-int EVP_PKEY_encrypt(unsigned char *enc_key, +- const unsigned char *key,int key_len, +- EVP_PKEY *pub_key); +-int EVP_PKEY_type(int type); +-int EVP_PKEY_bits(EVP_PKEY *pkey); +-int EVP_PKEY_size(EVP_PKEY *pkey); +-int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); +- +-#ifndef OPENSSL_NO_RSA ++int EVP_PKEY_decrypt(unsigned char *dec_key, ++ const unsigned char *enc_key, int enc_key_len, ++ EVP_PKEY *private_key); ++int EVP_PKEY_encrypt(unsigned char *enc_key, ++ const unsigned char *key, int key_len, ++ EVP_PKEY *pub_key); ++int EVP_PKEY_type(int type); ++int EVP_PKEY_bits(EVP_PKEY *pkey); ++int EVP_PKEY_size(EVP_PKEY *pkey); ++int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); ++ ++# ifndef OPENSSL_NO_RSA + struct rsa_st; +-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); ++int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); + struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +-#endif +-#ifndef OPENSSL_NO_DSA ++# endif ++# ifndef OPENSSL_NO_DSA + struct dsa_st; +-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); ++int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); + struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +-#endif +-#ifndef OPENSSL_NO_DH ++# endif ++# ifndef OPENSSL_NO_DH + struct dh_st; +-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); ++int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); + struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +-#endif +-#ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + struct ec_key_st; +-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key); ++int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); + struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +-#endif ++# endif + +-EVP_PKEY * EVP_PKEY_new(void); +-void EVP_PKEY_free(EVP_PKEY *pkey); ++EVP_PKEY *EVP_PKEY_new(void); ++void EVP_PKEY_free(EVP_PKEY *pkey); + +-EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, +- long length); +-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); ++EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, ++ long length); ++int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +-EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp, +- long length); +-EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +- long length); +-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); ++EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, ++ long length); ++EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, ++ long length); ++int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + + int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); ++int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +@@ -906,48 +917,50 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + + /* These are used by EVP_CIPHER methods */ +-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); +-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); ++int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); ++int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + + /* PKCS5 password based encryption */ + int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, +- int en_de); ++ ASN1_TYPE *param, const EVP_CIPHER *cipher, ++ const EVP_MD *md, int en_de); + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +- const unsigned char *salt, int saltlen, int iter, +- int keylen, unsigned char *out); ++ const unsigned char *salt, int saltlen, int iter, ++ int keylen, unsigned char *out); + int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, +- int en_de); ++ ASN1_TYPE *param, const EVP_CIPHER *cipher, ++ const EVP_MD *md, int en_de); + + void PKCS5_PBE_add(void); + +-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); ++int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, ++ ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, +- EVP_PBE_KEYGEN *keygen); ++ EVP_PBE_KEYGEN *keygen); + void EVP_PBE_cleanup(void); + +-#ifdef OPENSSL_FIPS +-#ifndef OPENSSL_NO_ENGINE +-void int_EVP_MD_set_engine_callbacks( +- int (*eng_md_init)(ENGINE *impl), +- int (*eng_md_fin)(ENGINE *impl), +- int (*eng_md_evp) +- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); ++# ifdef OPENSSL_FIPS ++# ifndef OPENSSL_NO_ENGINE ++void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), ++ int (*eng_md_fin) (ENGINE *impl), ++ int (*eng_md_evp) ++ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ++ ENGINE *impl)); + void int_EVP_MD_init_engine_callbacks(void); +-void int_EVP_CIPHER_set_engine_callbacks( +- int (*eng_ciph_fin)(ENGINE *impl), +- int (*eng_ciph_evp) +- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); ++void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), ++ int (*eng_ciph_evp) ++ (EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER **pciph, ++ ENGINE *impl)); + void int_EVP_CIPHER_init_engine_callbacks(void); +-#endif +-#endif ++# endif ++# endif + + void EVP_add_alg_module(void); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_EVP_strings(void); +@@ -955,103 +968,103 @@ void ERR_load_EVP_strings(void); + /* Error codes for the EVP functions. */ + + /* Function codes. */ +-#define EVP_F_AES_INIT_KEY 133 +-#define EVP_F_ALG_MODULE_INIT 138 +-#define EVP_F_CAMELLIA_INIT_KEY 159 +-#define EVP_F_D2I_PKEY 100 +-#define EVP_F_DO_EVP_ENC_ENGINE 140 +-#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 +-#define EVP_F_DO_EVP_MD_ENGINE 139 +-#define EVP_F_DO_EVP_MD_ENGINE_FULL 142 +-#define EVP_F_DSAPKEY2PKCS8 134 +-#define EVP_F_DSA_PKEY2PKCS8 135 +-#define EVP_F_ECDSA_PKEY2PKCS8 129 +-#define EVP_F_ECKEY_PKEY2PKCS8 132 +-#define EVP_F_EVP_CIPHERINIT 137 +-#define EVP_F_EVP_CIPHERINIT_EX 123 +-#define EVP_F_EVP_CIPHER_CTX_CTRL 124 +-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +-#define EVP_F_EVP_DECRYPTFINAL_EX 101 +-#define EVP_F_EVP_DIGESTINIT 136 +-#define EVP_F_EVP_DIGESTINIT_EX 128 +-#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +-#define EVP_F_EVP_MD_CTX_COPY_EX 110 +-#define EVP_F_EVP_OPENINIT 102 +-#define EVP_F_EVP_PBE_ALG_ADD 115 +-#define EVP_F_EVP_PBE_CIPHERINIT 116 +-#define EVP_F_EVP_PKCS82PKEY 111 +-#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 +-#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +-#define EVP_F_EVP_PKEY_DECRYPT 104 +-#define EVP_F_EVP_PKEY_ENCRYPT 105 +-#define EVP_F_EVP_PKEY_GET1_DH 119 +-#define EVP_F_EVP_PKEY_GET1_DSA 120 +-#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +-#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 +-#define EVP_F_EVP_PKEY_GET1_RSA 121 +-#define EVP_F_EVP_PKEY_NEW 106 +-#define EVP_F_EVP_RIJNDAEL 126 +-#define EVP_F_EVP_SIGNFINAL 107 +-#define EVP_F_EVP_VERIFYFINAL 108 +-#define EVP_F_PKCS5_PBE_KEYIVGEN 117 +-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +-#define EVP_F_PKCS8_SET_BROKEN 112 +-#define EVP_F_RC2_MAGIC_TO_METH 109 +-#define EVP_F_RC5_CTRL 125 ++# define EVP_F_AES_INIT_KEY 133 ++# define EVP_F_ALG_MODULE_INIT 138 ++# define EVP_F_CAMELLIA_INIT_KEY 159 ++# define EVP_F_D2I_PKEY 100 ++# define EVP_F_DO_EVP_ENC_ENGINE 140 ++# define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 ++# define EVP_F_DO_EVP_MD_ENGINE 139 ++# define EVP_F_DO_EVP_MD_ENGINE_FULL 142 ++# define EVP_F_DSAPKEY2PKCS8 134 ++# define EVP_F_DSA_PKEY2PKCS8 135 ++# define EVP_F_ECDSA_PKEY2PKCS8 129 ++# define EVP_F_ECKEY_PKEY2PKCS8 132 ++# define EVP_F_EVP_CIPHERINIT 137 ++# define EVP_F_EVP_CIPHERINIT_EX 123 ++# define EVP_F_EVP_CIPHER_CTX_CTRL 124 ++# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 ++# define EVP_F_EVP_DECRYPTFINAL_EX 101 ++# define EVP_F_EVP_DIGESTINIT 136 ++# define EVP_F_EVP_DIGESTINIT_EX 128 ++# define EVP_F_EVP_ENCRYPTFINAL_EX 127 ++# define EVP_F_EVP_MD_CTX_COPY_EX 110 ++# define EVP_F_EVP_OPENINIT 102 ++# define EVP_F_EVP_PBE_ALG_ADD 115 ++# define EVP_F_EVP_PBE_CIPHERINIT 116 ++# define EVP_F_EVP_PKCS82PKEY 111 ++# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 ++# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 ++# define EVP_F_EVP_PKEY_DECRYPT 104 ++# define EVP_F_EVP_PKEY_ENCRYPT 105 ++# define EVP_F_EVP_PKEY_GET1_DH 119 ++# define EVP_F_EVP_PKEY_GET1_DSA 120 ++# define EVP_F_EVP_PKEY_GET1_ECDSA 130 ++# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 ++# define EVP_F_EVP_PKEY_GET1_RSA 121 ++# define EVP_F_EVP_PKEY_NEW 106 ++# define EVP_F_EVP_RIJNDAEL 126 ++# define EVP_F_EVP_SIGNFINAL 107 ++# define EVP_F_EVP_VERIFYFINAL 108 ++# define EVP_F_PKCS5_PBE_KEYIVGEN 117 ++# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 ++# define EVP_F_PKCS8_SET_BROKEN 112 ++# define EVP_F_RC2_MAGIC_TO_METH 109 ++# define EVP_F_RC5_CTRL 125 + + /* Reason codes. */ +-#define EVP_R_AES_KEY_SETUP_FAILED 143 +-#define EVP_R_ASN1_LIB 140 +-#define EVP_R_BAD_BLOCK_LENGTH 136 +-#define EVP_R_BAD_DECRYPT 100 +-#define EVP_R_BAD_KEY_LENGTH 137 +-#define EVP_R_BN_DECODE_ERROR 112 +-#define EVP_R_BN_PUBKEY_ERROR 113 +-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +-#define EVP_R_CIPHER_PARAMETER_ERROR 122 +-#define EVP_R_CTRL_NOT_IMPLEMENTED 132 +-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +-#define EVP_R_DECODE_ERROR 114 +-#define EVP_R_DIFFERENT_KEY_TYPES 101 +-#define EVP_R_DISABLED_FOR_FIPS 144 +-#define EVP_R_ENCODE_ERROR 115 +-#define EVP_R_ERROR_LOADING_SECTION 145 +-#define EVP_R_ERROR_SETTING_FIPS_MODE 146 +-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +-#define EVP_R_EXPECTING_AN_RSA_KEY 127 +-#define EVP_R_EXPECTING_A_DH_KEY 128 +-#define EVP_R_EXPECTING_A_DSA_KEY 129 +-#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +-#define EVP_R_EXPECTING_A_EC_KEY 142 +-#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 +-#define EVP_R_INITIALIZATION_ERROR 134 +-#define EVP_R_INPUT_NOT_INITIALIZED 111 +-#define EVP_R_INVALID_FIPS_MODE 148 +-#define EVP_R_INVALID_KEY_LENGTH 130 +-#define EVP_R_IV_TOO_LARGE 102 +-#define EVP_R_KEYGEN_FAILURE 120 +-#define EVP_R_MISSING_PARAMETERS 103 +-#define EVP_R_NO_CIPHER_SET 131 +-#define EVP_R_NO_DIGEST_SET 139 +-#define EVP_R_NO_DSA_PARAMETERS 116 +-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +-#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +-#define EVP_R_UNKNOWN_OPTION 149 +-#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +-#define EVP_R_UNSUPPORTED_CIPHER 107 +-#define EVP_R_UNSUPPORTED_KEYLENGTH 123 +-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +-#define EVP_R_UNSUPPORTED_KEY_SIZE 108 +-#define EVP_R_UNSUPPORTED_PRF 125 +-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +-#define EVP_R_UNSUPPORTED_SALT_TYPE 126 +-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +-#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 +-#define EVP_R_SEED_KEY_SETUP_FAILED 162 ++# define EVP_R_AES_KEY_SETUP_FAILED 143 ++# define EVP_R_ASN1_LIB 140 ++# define EVP_R_BAD_BLOCK_LENGTH 136 ++# define EVP_R_BAD_DECRYPT 100 ++# define EVP_R_BAD_KEY_LENGTH 137 ++# define EVP_R_BN_DECODE_ERROR 112 ++# define EVP_R_BN_PUBKEY_ERROR 113 ++# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 ++# define EVP_R_CIPHER_PARAMETER_ERROR 122 ++# define EVP_R_CTRL_NOT_IMPLEMENTED 132 ++# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 ++# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 ++# define EVP_R_DECODE_ERROR 114 ++# define EVP_R_DIFFERENT_KEY_TYPES 101 ++# define EVP_R_DISABLED_FOR_FIPS 144 ++# define EVP_R_ENCODE_ERROR 115 ++# define EVP_R_ERROR_LOADING_SECTION 145 ++# define EVP_R_ERROR_SETTING_FIPS_MODE 146 ++# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 ++# define EVP_R_EXPECTING_AN_RSA_KEY 127 ++# define EVP_R_EXPECTING_A_DH_KEY 128 ++# define EVP_R_EXPECTING_A_DSA_KEY 129 ++# define EVP_R_EXPECTING_A_ECDSA_KEY 141 ++# define EVP_R_EXPECTING_A_EC_KEY 142 ++# define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 ++# define EVP_R_INITIALIZATION_ERROR 134 ++# define EVP_R_INPUT_NOT_INITIALIZED 111 ++# define EVP_R_INVALID_FIPS_MODE 148 ++# define EVP_R_INVALID_KEY_LENGTH 130 ++# define EVP_R_IV_TOO_LARGE 102 ++# define EVP_R_KEYGEN_FAILURE 120 ++# define EVP_R_MISSING_PARAMETERS 103 ++# define EVP_R_NO_CIPHER_SET 131 ++# define EVP_R_NO_DIGEST_SET 139 ++# define EVP_R_NO_DSA_PARAMETERS 116 ++# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 ++# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 ++# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 ++# define EVP_R_PUBLIC_KEY_NOT_RSA 106 ++# define EVP_R_UNKNOWN_OPTION 149 ++# define EVP_R_UNKNOWN_PBE_ALGORITHM 121 ++# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 ++# define EVP_R_UNSUPPORTED_CIPHER 107 ++# define EVP_R_UNSUPPORTED_KEYLENGTH 123 ++# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 ++# define EVP_R_UNSUPPORTED_KEY_SIZE 108 ++# define EVP_R_UNSUPPORTED_PRF 125 ++# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 ++# define EVP_R_UNSUPPORTED_SALT_TYPE 126 ++# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 ++# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 ++# define EVP_R_SEED_KEY_SETUP_FAILED 162 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/hmac.h b/Cryptlib/Include/openssl/hmac.h +index fc38ffb..fcc2d0f 100644 +--- a/Cryptlib/Include/openssl/hmac.h ++++ b/Cryptlib/Include/openssl/hmac.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,56 +49,55 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + #ifndef HEADER_HMAC_H +-#define HEADER_HMAC_H ++# define HEADER_HMAC_H + +-#include ++# include + +-#ifdef OPENSSL_NO_HMAC +-#error HMAC is disabled. +-#endif ++# ifdef OPENSSL_NO_HMAC ++# error HMAC is disabled. ++# endif + +-#include ++# include + +-#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ ++# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct hmac_ctx_st +- { +- const EVP_MD *md; +- EVP_MD_CTX md_ctx; +- EVP_MD_CTX i_ctx; +- EVP_MD_CTX o_ctx; +- unsigned int key_length; +- unsigned char key[HMAC_MAX_MD_CBLOCK]; +- } HMAC_CTX; +- +-#define HMAC_size(e) (EVP_MD_size((e)->md)) ++typedef struct hmac_ctx_st { ++ const EVP_MD *md; ++ EVP_MD_CTX md_ctx; ++ EVP_MD_CTX i_ctx; ++ EVP_MD_CTX o_ctx; ++ unsigned int key_length; ++ unsigned char key[HMAC_MAX_MD_CBLOCK]; ++} HMAC_CTX; + ++# define HMAC_size(e) (EVP_MD_size((e)->md)) + + void HMAC_CTX_init(HMAC_CTX *ctx); + void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ ++/* deprecated */ ++# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) + +-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md); /* deprecated */ ++/* deprecated */ ++void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); + void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md, ENGINE *impl); ++ const EVP_MD *md, ENGINE *impl); + void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); + void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); + unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, +- const unsigned char *d, size_t n, unsigned char *md, +- unsigned int *md_len); ++ const unsigned char *d, size_t n, unsigned char *md, ++ unsigned int *md_len); + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); + +diff --git a/Cryptlib/Include/openssl/idea.h b/Cryptlib/Include/openssl/idea.h +index a137d4c..60d2d95 100644 +--- a/Cryptlib/Include/openssl/idea.h ++++ b/Cryptlib/Include/openssl/idea.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,44 +57,46 @@ + */ + + #ifndef HEADER_IDEA_H +-#define HEADER_IDEA_H ++# define HEADER_IDEA_H + +-#include /* IDEA_INT, OPENSSL_NO_IDEA */ ++# include /* IDEA_INT, OPENSSL_NO_IDEA */ + +-#ifdef OPENSSL_NO_IDEA +-#error IDEA is disabled. +-#endif ++# ifdef OPENSSL_NO_IDEA ++# error IDEA is disabled. ++# endif + +-#define IDEA_ENCRYPT 1 +-#define IDEA_DECRYPT 0 ++# define IDEA_ENCRYPT 1 ++# define IDEA_DECRYPT 0 + +-#define IDEA_BLOCK 8 +-#define IDEA_KEY_LENGTH 16 ++# define IDEA_BLOCK 8 ++# define IDEA_KEY_LENGTH 16 + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct idea_key_st +- { +- IDEA_INT data[9][6]; +- } IDEA_KEY_SCHEDULE; ++typedef struct idea_key_st { ++ IDEA_INT data[9][6]; ++} IDEA_KEY_SCHEDULE; + + const char *idea_options(void); + void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, +- IDEA_KEY_SCHEDULE *ks); +-#ifdef OPENSSL_FIPS +-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +-#endif ++ IDEA_KEY_SCHEDULE *ks); ++# ifdef OPENSSL_FIPS ++void private_idea_set_encrypt_key(const unsigned char *key, ++ IDEA_KEY_SCHEDULE *ks); ++# endif + void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); + void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); + void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); ++ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, ++ int enc); + void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, +- int *num,int enc); ++ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, ++ int *num, int enc); + void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); ++ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, ++ int *num); + void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/krb5_asn.h b/Cryptlib/Include/openssl/krb5_asn.h +index 41725d0..9cf5a26 100644 +--- a/Cryptlib/Include/openssl/krb5_asn.h ++++ b/Cryptlib/Include/openssl/krb5_asn.h +@@ -1,7 +1,8 @@ + /* krb5_asn.h */ +-/* Written by Vern Staats for the OpenSSL project, +-** using ocsp/{*.h,*asn*.c} as a starting point +-*/ ++/* ++ * Written by Vern Staats for the OpenSSL project, ** ++ * using ocsp/{*.h,*asn*.c} as a starting point ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +@@ -11,7 +12,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,177 +59,161 @@ + */ + + #ifndef HEADER_KRB5_ASN_H +-#define HEADER_KRB5_ASN_H ++# define HEADER_KRB5_ASN_H + + /* +-#include +-*/ +-#include ++ * #include ++ */ ++# include + + #ifdef __cplusplus + extern "C" { + #endif + ++/* ++ * ASN.1 from Kerberos RFC 1510 ++ */ + +-/* ASN.1 from Kerberos RFC 1510 +-*/ +- +-/* EncryptedData ::= SEQUENCE { +-** etype[0] INTEGER, -- EncryptionType +-** kvno[1] INTEGER OPTIONAL, +-** cipher[2] OCTET STRING -- ciphertext +-** } +-*/ +-typedef struct krb5_encdata_st +- { +- ASN1_INTEGER *etype; +- ASN1_INTEGER *kvno; +- ASN1_OCTET_STRING *cipher; +- } KRB5_ENCDATA; ++/*- EncryptedData ::= SEQUENCE { ++ * etype[0] INTEGER, -- EncryptionType ++ * kvno[1] INTEGER OPTIONAL, ++ * cipher[2] OCTET STRING -- ciphertext ++ * } ++ */ ++typedef struct krb5_encdata_st { ++ ASN1_INTEGER *etype; ++ ASN1_INTEGER *kvno; ++ ASN1_OCTET_STRING *cipher; ++} KRB5_ENCDATA; + + DECLARE_STACK_OF(KRB5_ENCDATA) + +-/* PrincipalName ::= SEQUENCE { +-** name-type[0] INTEGER, +-** name-string[1] SEQUENCE OF GeneralString +-** } +-*/ +-typedef struct krb5_princname_st +- { +- ASN1_INTEGER *nametype; +- STACK_OF(ASN1_GENERALSTRING) *namestring; +- } KRB5_PRINCNAME; ++/*- PrincipalName ::= SEQUENCE { ++ * name-type[0] INTEGER, ++ * name-string[1] SEQUENCE OF GeneralString ++ * } ++ */ ++typedef struct krb5_princname_st { ++ ASN1_INTEGER *nametype; ++ STACK_OF(ASN1_GENERALSTRING) *namestring; ++} KRB5_PRINCNAME; + + DECLARE_STACK_OF(KRB5_PRINCNAME) + +- +-/* Ticket ::= [APPLICATION 1] SEQUENCE { +-** tkt-vno[0] INTEGER, +-** realm[1] Realm, +-** sname[2] PrincipalName, +-** enc-part[3] EncryptedData +-** } +-*/ +-typedef struct krb5_tktbody_st +- { +- ASN1_INTEGER *tktvno; +- ASN1_GENERALSTRING *realm; +- KRB5_PRINCNAME *sname; +- KRB5_ENCDATA *encdata; +- } KRB5_TKTBODY; ++/*- Ticket ::= [APPLICATION 1] SEQUENCE { ++ * tkt-vno[0] INTEGER, ++ * realm[1] Realm, ++ * sname[2] PrincipalName, ++ * enc-part[3] EncryptedData ++ * } ++ */ ++typedef struct krb5_tktbody_st { ++ ASN1_INTEGER *tktvno; ++ ASN1_GENERALSTRING *realm; ++ KRB5_PRINCNAME *sname; ++ KRB5_ENCDATA *encdata; ++} KRB5_TKTBODY; + + typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; + DECLARE_STACK_OF(KRB5_TKTBODY) + +- +-/* AP-REQ ::= [APPLICATION 14] SEQUENCE { +-** pvno[0] INTEGER, +-** msg-type[1] INTEGER, +-** ap-options[2] APOptions, +-** ticket[3] Ticket, +-** authenticator[4] EncryptedData +-** } +-** +-** APOptions ::= BIT STRING { +-** reserved(0), use-session-key(1), mutual-required(2) } +-*/ +-typedef struct krb5_ap_req_st +- { +- ASN1_INTEGER *pvno; +- ASN1_INTEGER *msgtype; +- ASN1_BIT_STRING *apoptions; +- KRB5_TICKET *ticket; +- KRB5_ENCDATA *authenticator; +- } KRB5_APREQBODY; ++/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { ++ * pvno[0] INTEGER, ++ * msg-type[1] INTEGER, ++ * ap-options[2] APOptions, ++ * ticket[3] Ticket, ++ * authenticator[4] EncryptedData ++ * } ++ * ++ * APOptions ::= BIT STRING { ++ * reserved(0), use-session-key(1), mutual-required(2) } ++ */ ++typedef struct krb5_ap_req_st { ++ ASN1_INTEGER *pvno; ++ ASN1_INTEGER *msgtype; ++ ASN1_BIT_STRING *apoptions; ++ KRB5_TICKET *ticket; ++ KRB5_ENCDATA *authenticator; ++} KRB5_APREQBODY; + + typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; + DECLARE_STACK_OF(KRB5_APREQBODY) + ++/* Authenticator Stuff */ + +-/* Authenticator Stuff */ +- +- +-/* Checksum ::= SEQUENCE { +-** cksumtype[0] INTEGER, +-** checksum[1] OCTET STRING +-** } +-*/ +-typedef struct krb5_checksum_st +- { +- ASN1_INTEGER *ctype; +- ASN1_OCTET_STRING *checksum; +- } KRB5_CHECKSUM; ++/*- Checksum ::= SEQUENCE { ++ * cksumtype[0] INTEGER, ++ * checksum[1] OCTET STRING ++ * } ++ */ ++typedef struct krb5_checksum_st { ++ ASN1_INTEGER *ctype; ++ ASN1_OCTET_STRING *checksum; ++} KRB5_CHECKSUM; + + DECLARE_STACK_OF(KRB5_CHECKSUM) + +- +-/* EncryptionKey ::= SEQUENCE { +-** keytype[0] INTEGER, +-** keyvalue[1] OCTET STRING +-** } +-*/ +-typedef struct krb5_encryptionkey_st +- { +- ASN1_INTEGER *ktype; +- ASN1_OCTET_STRING *keyvalue; +- } KRB5_ENCKEY; ++/*- EncryptionKey ::= SEQUENCE { ++ * keytype[0] INTEGER, ++ * keyvalue[1] OCTET STRING ++ * } ++ */ ++typedef struct krb5_encryptionkey_st { ++ ASN1_INTEGER *ktype; ++ ASN1_OCTET_STRING *keyvalue; ++} KRB5_ENCKEY; + + DECLARE_STACK_OF(KRB5_ENCKEY) + +- +-/* AuthorizationData ::= SEQUENCE OF SEQUENCE { +-** ad-type[0] INTEGER, +-** ad-data[1] OCTET STRING +-** } +-*/ +-typedef struct krb5_authorization_st +- { +- ASN1_INTEGER *adtype; +- ASN1_OCTET_STRING *addata; +- } KRB5_AUTHDATA; ++/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { ++ * ad-type[0] INTEGER, ++ * ad-data[1] OCTET STRING ++ * } ++ */ ++typedef struct krb5_authorization_st { ++ ASN1_INTEGER *adtype; ++ ASN1_OCTET_STRING *addata; ++} KRB5_AUTHDATA; + + DECLARE_STACK_OF(KRB5_AUTHDATA) + +- +-/* -- Unencrypted authenticator +-** Authenticator ::= [APPLICATION 2] SEQUENCE { +-** authenticator-vno[0] INTEGER, +-** crealm[1] Realm, +-** cname[2] PrincipalName, +-** cksum[3] Checksum OPTIONAL, +-** cusec[4] INTEGER, +-** ctime[5] KerberosTime, +-** subkey[6] EncryptionKey OPTIONAL, +-** seq-number[7] INTEGER OPTIONAL, +-** authorization-data[8] AuthorizationData OPTIONAL +-** } +-*/ +-typedef struct krb5_authenticator_st +- { +- ASN1_INTEGER *avno; +- ASN1_GENERALSTRING *crealm; +- KRB5_PRINCNAME *cname; +- KRB5_CHECKSUM *cksum; +- ASN1_INTEGER *cusec; +- ASN1_GENERALIZEDTIME *ctime; +- KRB5_ENCKEY *subkey; +- ASN1_INTEGER *seqnum; +- KRB5_AUTHDATA *authorization; +- } KRB5_AUTHENTBODY; ++/*- -- Unencrypted authenticator ++ * Authenticator ::= [APPLICATION 2] SEQUENCE { ++ * authenticator-vno[0] INTEGER, ++ * crealm[1] Realm, ++ * cname[2] PrincipalName, ++ * cksum[3] Checksum OPTIONAL, ++ * cusec[4] INTEGER, ++ * ctime[5] KerberosTime, ++ * subkey[6] EncryptionKey OPTIONAL, ++ * seq-number[7] INTEGER OPTIONAL, ++ * authorization-data[8] AuthorizationData OPTIONAL ++ * } ++ */ ++typedef struct krb5_authenticator_st { ++ ASN1_INTEGER *avno; ++ ASN1_GENERALSTRING *crealm; ++ KRB5_PRINCNAME *cname; ++ KRB5_CHECKSUM *cksum; ++ ASN1_INTEGER *cusec; ++ ASN1_GENERALIZEDTIME *ctime; ++ KRB5_ENCKEY *subkey; ++ ASN1_INTEGER *seqnum; ++ KRB5_AUTHDATA *authorization; ++} KRB5_AUTHENTBODY; + + typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; + DECLARE_STACK_OF(KRB5_AUTHENTBODY) + +- +-/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = +-** type *name##_new(void); +-** void name##_free(type *a); +-** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = +-** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = +-** type *d2i_##name(type **a, const unsigned char **in, long len); +-** int i2d_##name(type *a, unsigned char **out); +-** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it +-*/ ++/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = ++ * type *name##_new(void); ++ * void name##_free(type *a); ++ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = ++ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = ++ * type *d2i_##name(type **a, const unsigned char **in, long len); ++ * int i2d_##name(type *a, unsigned char **out); ++ * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it ++ */ + + DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) + DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) +@@ -243,9 +228,9 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) + DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) + DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) + +- + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +@@ -253,4 +238,3 @@ DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/kssl.h b/Cryptlib/Include/openssl/kssl.h +index a3d20e1..931b4a7 100644 +--- a/Cryptlib/Include/openssl/kssl.h ++++ b/Cryptlib/Include/openssl/kssl.h +@@ -1,6 +1,7 @@ + /* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ +-/* Written by Vern Staats for the OpenSSL project 2000. +- * project 2000. ++/* ++ * Written by Vern Staats for the OpenSSL project ++ * 2000. project 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,97 +58,96 @@ + */ + + /* +-** 19990701 VRS Started. +-*/ ++ ** 19990701 VRS Started. ++ */ + +-#ifndef KSSL_H +-#define KSSL_H ++#ifndef KSSL_H ++# define KSSL_H + +-#include ++# include + +-#ifndef OPENSSL_NO_KRB5 ++# ifndef OPENSSL_NO_KRB5 + +-#include +-#include +-#include ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* +-** Depending on which KRB5 implementation used, some types from +-** the other may be missing. Resolve that here and now +-*/ +-#ifdef KRB5_HEIMDAL ++ * Depending on which KRB5 implementation used, some types from ++ * the other may be missing. Resolve that here and now ++ */ ++# ifdef KRB5_HEIMDAL + typedef unsigned char krb5_octet; +-#define FAR +-#else ++# define FAR ++# else + +-#ifndef FAR +-#define FAR +-#endif ++# ifndef FAR ++# define FAR ++# endif + +-#endif ++# endif ++ ++/*- ++ * Uncomment this to debug kssl problems or ++ * to trace usage of the Kerberos session key ++ * ++ * #define KSSL_DEBUG ++ */ + +-/* Uncomment this to debug kssl problems or +-** to trace usage of the Kerberos session key +-** +-** #define KSSL_DEBUG +-*/ ++# ifndef KRB5SVC ++# define KRB5SVC "host" ++# endif + +-#ifndef KRB5SVC +-#define KRB5SVC "host" +-#endif ++# ifndef KRB5KEYTAB ++# define KRB5KEYTAB "/etc/krb5.keytab" ++# endif + +-#ifndef KRB5KEYTAB +-#define KRB5KEYTAB "/etc/krb5.keytab" +-#endif ++# ifndef KRB5SENDAUTH ++# define KRB5SENDAUTH 1 ++# endif + +-#ifndef KRB5SENDAUTH +-#define KRB5SENDAUTH 1 +-#endif ++# ifndef KRB5CHECKAUTH ++# define KRB5CHECKAUTH 1 ++# endif + +-#ifndef KRB5CHECKAUTH +-#define KRB5CHECKAUTH 1 +-#endif ++# ifndef KSSL_CLOCKSKEW ++# define KSSL_CLOCKSKEW 300; ++# endif + +-#ifndef KSSL_CLOCKSKEW +-#define KSSL_CLOCKSKEW 300; +-#endif ++# define KSSL_ERR_MAX 255 ++typedef struct kssl_err_st { ++ int reason; ++ char text[KSSL_ERR_MAX + 1]; ++} KSSL_ERR; + +-#define KSSL_ERR_MAX 255 +-typedef struct kssl_err_st { +- int reason; +- char text[KSSL_ERR_MAX+1]; +- } KSSL_ERR; +- +- +-/* Context for passing +-** (1) Kerberos session key to SSL, and +-** (2) Config data between application and SSL lib +-*/ +-typedef struct kssl_ctx_st +- { +- /* used by: disposition: */ +- char *service_name; /* C,S default ok (kssl) */ +- char *service_host; /* C input, REQUIRED */ +- char *client_princ; /* S output from krb5 ticket */ +- char *keytab_file; /* S NULL (/etc/krb5.keytab) */ +- char *cred_cache; /* C NULL (default) */ +- krb5_enctype enctype; +- int length; +- krb5_octet FAR *key; +- } KSSL_CTX; +- +-#define KSSL_CLIENT 1 +-#define KSSL_SERVER 2 +-#define KSSL_SERVICE 3 +-#define KSSL_KEYTAB 4 +- +-#define KSSL_CTX_OK 0 +-#define KSSL_CTX_ERR 1 +-#define KSSL_NOMEM 2 ++/*- Context for passing ++ * (1) Kerberos session key to SSL, and ++ * (2) Config data between application and SSL lib ++ */ ++typedef struct kssl_ctx_st { ++ /* used by: disposition: */ ++ char *service_name; /* C,S default ok (kssl) */ ++ char *service_host; /* C input, REQUIRED */ ++ char *client_princ; /* S output from krb5 ticket */ ++ char *keytab_file; /* S NULL (/etc/krb5.keytab) */ ++ char *cred_cache; /* C NULL (default) */ ++ krb5_enctype enctype; ++ int length; ++ krb5_octet FAR *key; ++} KSSL_CTX; ++ ++# define KSSL_CLIENT 1 ++# define KSSL_SERVER 2 ++# define KSSL_SERVICE 3 ++# define KSSL_KEYTAB 4 ++ ++# define KSSL_CTX_OK 0 ++# define KSSL_CTX_ERR 1 ++# define KSSL_NOMEM 2 + + /* Public (for use by applications that use OpenSSL with Kerberos 5 support */ + krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); +@@ -155,25 +155,29 @@ KSSL_CTX *kssl_ctx_new(void); + KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); + void kssl_ctx_show(KSSL_CTX *kssl_ctx); + krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, +- krb5_data *realm, krb5_data *entity, int nentities); +-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, +- krb5_data *authenp, KSSL_ERR *kssl_err); +-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, +- krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); ++ krb5_data *realm, krb5_data *entity, ++ int nentities); ++krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, ++ krb5_data *authenp, KSSL_ERR *kssl_err); ++krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, ++ krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); + krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); +-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); ++void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); + void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); +-krb5_error_code kssl_build_principal_2(krb5_context context, +- krb5_principal *princ, int rlen, const char *realm, +- int slen, const char *svc, int hlen, const char *host); +-krb5_error_code kssl_validate_times(krb5_timestamp atime, +- krb5_ticket_times *ttimes); +-krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, +- krb5_timestamp *atimep, KSSL_ERR *kssl_err); +-unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); ++krb5_error_code kssl_build_principal_2(krb5_context context, ++ krb5_principal *princ, int rlen, ++ const char *realm, int slen, ++ const char *svc, int hlen, ++ const char *host); ++krb5_error_code kssl_validate_times(krb5_timestamp atime, ++ krb5_ticket_times *ttimes); ++krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, ++ krb5_timestamp *atimep, ++ KSSL_ERR *kssl_err); ++unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); + + #ifdef __cplusplus + } + #endif +-#endif /* OPENSSL_NO_KRB5 */ +-#endif /* KSSL_H */ ++# endif /* OPENSSL_NO_KRB5 */ ++#endif /* KSSL_H */ +diff --git a/Cryptlib/Include/openssl/lhash.h b/Cryptlib/Include/openssl/lhash.h +index d392d0c..4374be2 100644 +--- a/Cryptlib/Include/openssl/lhash.h ++++ b/Cryptlib/Include/openssl/lhash.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,127 +49,127 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* Header for dynamic hash table routines +- * Author - Eric Young ++/* ++ * Header for dynamic hash table routines Author - Eric Young + */ + + #ifndef HEADER_LHASH_H +-#define HEADER_LHASH_H ++# define HEADER_LHASH_H + +-#include +-#ifndef OPENSSL_NO_FP_API +-#include +-#endif ++# include ++# ifndef OPENSSL_NO_FP_API ++# include ++# endif + +-#ifndef OPENSSL_NO_BIO +-#include +-#endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct lhash_node_st +- { +- void *data; +- struct lhash_node_st *next; +-#ifndef OPENSSL_NO_HASH_COMP +- unsigned long hash; +-#endif +- } LHASH_NODE; +- +-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); +-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); +-typedef void (*LHASH_DOALL_FN_TYPE)(void *); +-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); +- +-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. +- * This way, callbacks can be provided to LHASH structures without function +- * pointer casting and the macro-defined callbacks provide per-variable casting +- * before deferring to the underlying type-specific callbacks. NB: It is +- * possible to place a "static" in front of both the DECLARE and IMPLEMENT +- * macros if the functions are strictly internal. */ ++typedef struct lhash_node_st { ++ void *data; ++ struct lhash_node_st *next; ++# ifndef OPENSSL_NO_HASH_COMP ++ unsigned long hash; ++# endif ++} LHASH_NODE; ++ ++typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); ++typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *); ++typedef void (*LHASH_DOALL_FN_TYPE) (void *); ++typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); ++ ++/* ++ * Macros for declaring and implementing type-safe wrappers for LHASH ++ * callbacks. This way, callbacks can be provided to LHASH structures without ++ * function pointer casting and the macro-defined callbacks provide ++ * per-variable casting before deferring to the underlying type-specific ++ * callbacks. NB: It is possible to place a "static" in front of both the ++ * DECLARE and IMPLEMENT macros if the functions are strictly internal. ++ */ + + /* First: "hash" functions */ +-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \ +- unsigned long f_name##_LHASH_HASH(const void *); +-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ +- unsigned long f_name##_LHASH_HASH(const void *arg) { \ +- o_type a = (o_type)arg; \ +- return f_name(a); } +-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH ++# define DECLARE_LHASH_HASH_FN(f_name,o_type) \ ++ unsigned long f_name##_LHASH_HASH(const void *); ++# define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ ++ unsigned long f_name##_LHASH_HASH(const void *arg) { \ ++ o_type a = (o_type)arg; \ ++ return f_name(a); } ++# define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH + + /* Second: "compare" functions */ +-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \ +- int f_name##_LHASH_COMP(const void *, const void *); +-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ +- int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ +- o_type a = (o_type)arg1; \ +- o_type b = (o_type)arg2; \ +- return f_name(a,b); } +-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP ++# define DECLARE_LHASH_COMP_FN(f_name,o_type) \ ++ int f_name##_LHASH_COMP(const void *, const void *); ++# define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ ++ int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ ++ o_type a = (o_type)arg1; \ ++ o_type b = (o_type)arg2; \ ++ return f_name(a,b); } ++# define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP + + /* Third: "doall" functions */ +-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ +- void f_name##_LHASH_DOALL(void *); +-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ +- void f_name##_LHASH_DOALL(void *arg) { \ +- o_type a = (o_type)arg; \ +- f_name(a); } +-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL ++# define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ ++ void f_name##_LHASH_DOALL(void *); ++# define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ ++ void f_name##_LHASH_DOALL(void *arg) { \ ++ o_type a = (o_type)arg; \ ++ f_name(a); } ++# define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL + + /* Fourth: "doall_arg" functions */ +-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ +- void f_name##_LHASH_DOALL_ARG(void *, void *); +-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ +- void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ +- o_type a = (o_type)arg1; \ +- a_type b = (a_type)arg2; \ +- f_name(a,b); } +-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG +- +-typedef struct lhash_st +- { +- LHASH_NODE **b; +- LHASH_COMP_FN_TYPE comp; +- LHASH_HASH_FN_TYPE hash; +- unsigned int num_nodes; +- unsigned int num_alloc_nodes; +- unsigned int p; +- unsigned int pmax; +- unsigned long up_load; /* load times 256 */ +- unsigned long down_load; /* load times 256 */ +- unsigned long num_items; +- +- unsigned long num_expands; +- unsigned long num_expand_reallocs; +- unsigned long num_contracts; +- unsigned long num_contract_reallocs; +- unsigned long num_hash_calls; +- unsigned long num_comp_calls; +- unsigned long num_insert; +- unsigned long num_replace; +- unsigned long num_delete; +- unsigned long num_no_delete; +- unsigned long num_retrieve; +- unsigned long num_retrieve_miss; +- unsigned long num_hash_comps; +- +- int error; +- } LHASH; +- +-#define LH_LOAD_MULT 256 +- +-/* Indicates a malloc() error in the last call, this is only bad +- * in lh_insert(). */ +-#define lh_error(lh) ((lh)->error) ++# define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ ++ void f_name##_LHASH_DOALL_ARG(void *, void *); ++# define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ ++ void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ ++ o_type a = (o_type)arg1; \ ++ a_type b = (a_type)arg2; \ ++ f_name(a,b); } ++# define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG ++ ++typedef struct lhash_st { ++ LHASH_NODE **b; ++ LHASH_COMP_FN_TYPE comp; ++ LHASH_HASH_FN_TYPE hash; ++ unsigned int num_nodes; ++ unsigned int num_alloc_nodes; ++ unsigned int p; ++ unsigned int pmax; ++ unsigned long up_load; /* load times 256 */ ++ unsigned long down_load; /* load times 256 */ ++ unsigned long num_items; ++ unsigned long num_expands; ++ unsigned long num_expand_reallocs; ++ unsigned long num_contracts; ++ unsigned long num_contract_reallocs; ++ unsigned long num_hash_calls; ++ unsigned long num_comp_calls; ++ unsigned long num_insert; ++ unsigned long num_replace; ++ unsigned long num_delete; ++ unsigned long num_no_delete; ++ unsigned long num_retrieve; ++ unsigned long num_retrieve_miss; ++ unsigned long num_hash_comps; ++ int error; ++} LHASH; ++ ++# define LH_LOAD_MULT 256 ++ ++/* ++ * Indicates a malloc() error in the last call, this is only bad in ++ * lh_insert(). ++ */ ++# define lh_error(lh) ((lh)->error) + + LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); + void lh_free(LHASH *lh); +@@ -181,20 +181,19 @@ void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); + unsigned long lh_strhash(const char *c); + unsigned long lh_num_items(const LHASH *lh); + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + void lh_stats(const LHASH *lh, FILE *out); + void lh_node_stats(const LHASH *lh, FILE *out); + void lh_node_usage_stats(const LHASH *lh, FILE *out); +-#endif ++# endif + +-#ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_BIO + void lh_stats_bio(const LHASH *lh, BIO *out); + void lh_node_stats_bio(const LHASH *lh, BIO *out); + void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); +-#endif ++# endif + #ifdef __cplusplus + } + #endif + + #endif +- +diff --git a/Cryptlib/Include/openssl/md2.h b/Cryptlib/Include/openssl/md2.h +index d59c9f2..b568d3f 100644 +--- a/Cryptlib/Include/openssl/md2.h ++++ b/Cryptlib/Include/openssl/md2.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,37 +57,36 @@ + */ + + #ifndef HEADER_MD2_H +-#define HEADER_MD2_H ++# define HEADER_MD2_H + +-#include /* OPENSSL_NO_MD2, MD2_INT */ +-#ifdef OPENSSL_NO_MD2 +-#error MD2 is disabled. +-#endif +-#include ++# include /* OPENSSL_NO_MD2, MD2_INT */ ++# ifdef OPENSSL_NO_MD2 ++# error MD2 is disabled. ++# endif ++# include + +-#define MD2_DIGEST_LENGTH 16 +-#define MD2_BLOCK 16 ++# define MD2_DIGEST_LENGTH 16 ++# define MD2_BLOCK 16 + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct MD2state_st +- { +- unsigned int num; +- unsigned char data[MD2_BLOCK]; +- MD2_INT cksm[MD2_BLOCK]; +- MD2_INT state[MD2_BLOCK]; +- } MD2_CTX; ++typedef struct MD2state_st { ++ unsigned int num; ++ unsigned char data[MD2_BLOCK]; ++ MD2_INT cksm[MD2_BLOCK]; ++ MD2_INT state[MD2_BLOCK]; ++} MD2_CTX; + + const char *MD2_options(void); +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + int private_MD2_Init(MD2_CTX *c); +-#endif ++# endif + int MD2_Init(MD2_CTX *c); + int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); + int MD2_Final(unsigned char *md, MD2_CTX *c); +-unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md); ++unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/md4.h b/Cryptlib/Include/openssl/md4.h +index ba1fe4a..a99d20a 100644 +--- a/Cryptlib/Include/openssl/md4.h ++++ b/Cryptlib/Include/openssl/md4.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,57 +57,56 @@ + */ + + #ifndef HEADER_MD4_H +-#define HEADER_MD4_H ++# define HEADER_MD4_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef OPENSSL_NO_MD4 +-#error MD4 is disabled. +-#endif ++# ifdef OPENSSL_NO_MD4 ++# error MD4 is disabled. ++# endif + +-/* ++/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! +- * ! MD4_LONG_LOG2 has to be defined along. ! ++ * ! MD4_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +-#define MD4_LONG unsigned long +-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +-#define MD4_LONG unsigned long +-#define MD4_LONG_LOG2 3 ++# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# define MD4_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define MD4_LONG unsigned long ++# define MD4_LONG_LOG2 3 + /* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... +- * ++ * + */ +-#else +-#define MD4_LONG unsigned int +-#endif ++# else ++# define MD4_LONG unsigned int ++# endif + +-#define MD4_CBLOCK 64 +-#define MD4_LBLOCK (MD4_CBLOCK/4) +-#define MD4_DIGEST_LENGTH 16 ++# define MD4_CBLOCK 64 ++# define MD4_LBLOCK (MD4_CBLOCK/4) ++# define MD4_DIGEST_LENGTH 16 + +-typedef struct MD4state_st +- { +- MD4_LONG A,B,C,D; +- MD4_LONG Nl,Nh; +- MD4_LONG data[MD4_LBLOCK]; +- unsigned int num; +- } MD4_CTX; ++typedef struct MD4state_st { ++ MD4_LONG A, B, C, D; ++ MD4_LONG Nl, Nh; ++ MD4_LONG data[MD4_LBLOCK]; ++ unsigned int num; ++} MD4_CTX; + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + int private_MD4_Init(MD4_CTX *c); +-#endif ++# endif + int MD4_Init(MD4_CTX *c); + int MD4_Update(MD4_CTX *c, const void *data, size_t len); + int MD4_Final(unsigned char *md, MD4_CTX *c); +diff --git a/Cryptlib/Include/openssl/md5.h b/Cryptlib/Include/openssl/md5.h +index 0761f84..87a9c9e 100644 +--- a/Cryptlib/Include/openssl/md5.h ++++ b/Cryptlib/Include/openssl/md5.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,57 +57,56 @@ + */ + + #ifndef HEADER_MD5_H +-#define HEADER_MD5_H ++# define HEADER_MD5_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef OPENSSL_NO_MD5 +-#error MD5 is disabled. +-#endif ++# ifdef OPENSSL_NO_MD5 ++# error MD5 is disabled. ++# endif + + /* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! +- * ! MD5_LONG_LOG2 has to be defined along. ! ++ * ! MD5_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +-#define MD5_LONG unsigned long +-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +-#define MD5_LONG unsigned long +-#define MD5_LONG_LOG2 3 ++# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# define MD5_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define MD5_LONG unsigned long ++# define MD5_LONG_LOG2 3 + /* + * _CRAY note. I could declare short, but I have no idea what impact + * does it have on performance on none-T3E machines. I could declare + * int, but at least on C90 sizeof(int) can be chosen at compile time. + * So I've chosen long... +- * ++ * + */ +-#else +-#define MD5_LONG unsigned int +-#endif ++# else ++# define MD5_LONG unsigned int ++# endif + +-#define MD5_CBLOCK 64 +-#define MD5_LBLOCK (MD5_CBLOCK/4) +-#define MD5_DIGEST_LENGTH 16 ++# define MD5_CBLOCK 64 ++# define MD5_LBLOCK (MD5_CBLOCK/4) ++# define MD5_DIGEST_LENGTH 16 + +-typedef struct MD5state_st +- { +- MD5_LONG A,B,C,D; +- MD5_LONG Nl,Nh; +- MD5_LONG data[MD5_LBLOCK]; +- unsigned int num; +- } MD5_CTX; ++typedef struct MD5state_st { ++ MD5_LONG A, B, C, D; ++ MD5_LONG Nl, Nh; ++ MD5_LONG data[MD5_LBLOCK]; ++ unsigned int num; ++} MD5_CTX; + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + int private_MD5_Init(MD5_CTX *c); +-#endif ++# endif + int MD5_Init(MD5_CTX *c); + int MD5_Update(MD5_CTX *c, const void *data, size_t len); + int MD5_Final(unsigned char *md, MD5_CTX *c); +diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h +index 282f11a..ec6c8ea 100644 +--- a/Cryptlib/Include/openssl/obj_mac.h ++++ b/Cryptlib/Include/openssl/obj_mac.h +@@ -1,8 +1,8 @@ + /* crypto/objects/obj_mac.h */ + +-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the +- * following command: +- * perl objects.pl objects.txt obj_mac.num obj_mac.h ++/* ++ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following ++ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h + */ + + /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +@@ -11,21 +11,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -40,10 +40,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -55,3860 +55,3859 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-#define SN_undef "UNDEF" +-#define LN_undef "undefined" +-#define NID_undef 0 +-#define OBJ_undef 0L +- +-#define SN_itu_t "ITU-T" +-#define LN_itu_t "itu-t" +-#define NID_itu_t 645 +-#define OBJ_itu_t 0L +- +-#define NID_ccitt 404 +-#define OBJ_ccitt OBJ_itu_t +- +-#define SN_iso "ISO" +-#define LN_iso "iso" +-#define NID_iso 181 +-#define OBJ_iso 1L +- +-#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +-#define LN_joint_iso_itu_t "joint-iso-itu-t" +-#define NID_joint_iso_itu_t 646 +-#define OBJ_joint_iso_itu_t 2L +- +-#define NID_joint_iso_ccitt 393 +-#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t +- +-#define SN_member_body "member-body" +-#define LN_member_body "ISO Member Body" +-#define NID_member_body 182 +-#define OBJ_member_body OBJ_iso,2L +- +-#define SN_identified_organization "identified-organization" +-#define NID_identified_organization 676 +-#define OBJ_identified_organization OBJ_iso,3L +- +-#define SN_hmac_md5 "HMAC-MD5" +-#define LN_hmac_md5 "hmac-md5" +-#define NID_hmac_md5 780 +-#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L +- +-#define SN_hmac_sha1 "HMAC-SHA1" +-#define LN_hmac_sha1 "hmac-sha1" +-#define NID_hmac_sha1 781 +-#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L +- +-#define SN_certicom_arc "certicom-arc" +-#define NID_certicom_arc 677 +-#define OBJ_certicom_arc OBJ_identified_organization,132L ++#define SN_undef "UNDEF" ++#define LN_undef "undefined" ++#define NID_undef 0 ++#define OBJ_undef 0L ++ ++#define SN_itu_t "ITU-T" ++#define LN_itu_t "itu-t" ++#define NID_itu_t 645 ++#define OBJ_itu_t 0L ++ ++#define NID_ccitt 404 ++#define OBJ_ccitt OBJ_itu_t ++ ++#define SN_iso "ISO" ++#define LN_iso "iso" ++#define NID_iso 181 ++#define OBJ_iso 1L ++ ++#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" ++#define LN_joint_iso_itu_t "joint-iso-itu-t" ++#define NID_joint_iso_itu_t 646 ++#define OBJ_joint_iso_itu_t 2L ++ ++#define NID_joint_iso_ccitt 393 ++#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t ++ ++#define SN_member_body "member-body" ++#define LN_member_body "ISO Member Body" ++#define NID_member_body 182 ++#define OBJ_member_body OBJ_iso,2L ++ ++#define SN_identified_organization "identified-organization" ++#define NID_identified_organization 676 ++#define OBJ_identified_organization OBJ_iso,3L ++ ++#define SN_hmac_md5 "HMAC-MD5" ++#define LN_hmac_md5 "hmac-md5" ++#define NID_hmac_md5 780 ++#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L ++ ++#define SN_hmac_sha1 "HMAC-SHA1" ++#define LN_hmac_sha1 "hmac-sha1" ++#define NID_hmac_sha1 781 ++#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +-#define SN_international_organizations "international-organizations" +-#define LN_international_organizations "International Organizations" +-#define NID_international_organizations 647 +-#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L ++#define SN_certicom_arc "certicom-arc" ++#define NID_certicom_arc 677 ++#define OBJ_certicom_arc OBJ_identified_organization,132L + +-#define SN_wap "wap" +-#define NID_wap 678 +-#define OBJ_wap OBJ_international_organizations,43L ++#define SN_international_organizations "international-organizations" ++#define LN_international_organizations "International Organizations" ++#define NID_international_organizations 647 ++#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +-#define SN_wap_wsg "wap-wsg" +-#define NID_wap_wsg 679 +-#define OBJ_wap_wsg OBJ_wap,1L ++#define SN_wap "wap" ++#define NID_wap 678 ++#define OBJ_wap OBJ_international_organizations,43L + +-#define SN_selected_attribute_types "selected-attribute-types" +-#define LN_selected_attribute_types "Selected Attribute Types" +-#define NID_selected_attribute_types 394 +-#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L +- +-#define SN_clearance "clearance" +-#define NID_clearance 395 +-#define OBJ_clearance OBJ_selected_attribute_types,55L +- +-#define SN_ISO_US "ISO-US" +-#define LN_ISO_US "ISO US Member Body" +-#define NID_ISO_US 183 +-#define OBJ_ISO_US OBJ_member_body,840L +- +-#define SN_X9_57 "X9-57" +-#define LN_X9_57 "X9.57" +-#define NID_X9_57 184 +-#define OBJ_X9_57 OBJ_ISO_US,10040L ++#define SN_wap_wsg "wap-wsg" ++#define NID_wap_wsg 679 ++#define OBJ_wap_wsg OBJ_wap,1L + +-#define SN_X9cm "X9cm" +-#define LN_X9cm "X9.57 CM ?" +-#define NID_X9cm 185 +-#define OBJ_X9cm OBJ_X9_57,4L ++#define SN_selected_attribute_types "selected-attribute-types" ++#define LN_selected_attribute_types "Selected Attribute Types" ++#define NID_selected_attribute_types 394 ++#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L ++ ++#define SN_clearance "clearance" ++#define NID_clearance 395 ++#define OBJ_clearance OBJ_selected_attribute_types,55L ++ ++#define SN_ISO_US "ISO-US" ++#define LN_ISO_US "ISO US Member Body" ++#define NID_ISO_US 183 ++#define OBJ_ISO_US OBJ_member_body,840L ++ ++#define SN_X9_57 "X9-57" ++#define LN_X9_57 "X9.57" ++#define NID_X9_57 184 ++#define OBJ_X9_57 OBJ_ISO_US,10040L + +-#define SN_dsa "DSA" +-#define LN_dsa "dsaEncryption" +-#define NID_dsa 116 +-#define OBJ_dsa OBJ_X9cm,1L +- +-#define SN_dsaWithSHA1 "DSA-SHA1" +-#define LN_dsaWithSHA1 "dsaWithSHA1" +-#define NID_dsaWithSHA1 113 +-#define OBJ_dsaWithSHA1 OBJ_X9cm,3L +- +-#define SN_ansi_X9_62 "ansi-X9-62" +-#define LN_ansi_X9_62 "ANSI X9.62" +-#define NID_ansi_X9_62 405 +-#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L +- +-#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L +- +-#define SN_X9_62_prime_field "prime-field" +-#define NID_X9_62_prime_field 406 +-#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L +- +-#define SN_X9_62_characteristic_two_field "characteristic-two-field" +-#define NID_X9_62_characteristic_two_field 407 +-#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L +- +-#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +-#define NID_X9_62_id_characteristic_two_basis 680 +-#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L +- +-#define SN_X9_62_onBasis "onBasis" +-#define NID_X9_62_onBasis 681 +-#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L ++#define SN_X9cm "X9cm" ++#define LN_X9cm "X9.57 CM ?" ++#define NID_X9cm 185 ++#define OBJ_X9cm OBJ_X9_57,4L + +-#define SN_X9_62_tpBasis "tpBasis" +-#define NID_X9_62_tpBasis 682 +-#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L ++#define SN_dsa "DSA" ++#define LN_dsa "dsaEncryption" ++#define NID_dsa 116 ++#define OBJ_dsa OBJ_X9cm,1L ++ ++#define SN_dsaWithSHA1 "DSA-SHA1" ++#define LN_dsaWithSHA1 "dsaWithSHA1" ++#define NID_dsaWithSHA1 113 ++#define OBJ_dsaWithSHA1 OBJ_X9cm,3L ++ ++#define SN_ansi_X9_62 "ansi-X9-62" ++#define LN_ansi_X9_62 "ANSI X9.62" ++#define NID_ansi_X9_62 405 ++#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L ++ ++#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L ++ ++#define SN_X9_62_prime_field "prime-field" ++#define NID_X9_62_prime_field 406 ++#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L ++ ++#define SN_X9_62_characteristic_two_field "characteristic-two-field" ++#define NID_X9_62_characteristic_two_field 407 ++#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L ++ ++#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" ++#define NID_X9_62_id_characteristic_two_basis 680 ++#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L ++ ++#define SN_X9_62_onBasis "onBasis" ++#define NID_X9_62_onBasis 681 ++#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +-#define SN_X9_62_ppBasis "ppBasis" +-#define NID_X9_62_ppBasis 683 +-#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L ++#define SN_X9_62_tpBasis "tpBasis" ++#define NID_X9_62_tpBasis 682 ++#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +-#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L ++#define SN_X9_62_ppBasis "ppBasis" ++#define NID_X9_62_ppBasis 683 ++#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +-#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +-#define NID_X9_62_id_ecPublicKey 408 +-#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L ++#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +-#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L ++#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" ++#define NID_X9_62_id_ecPublicKey 408 ++#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +-#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L ++#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +-#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +-#define NID_X9_62_c2pnb163v1 684 +-#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L ++#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +-#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +-#define NID_X9_62_c2pnb163v2 685 +-#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L ++#define SN_X9_62_c2pnb163v1 "c2pnb163v1" ++#define NID_X9_62_c2pnb163v1 684 ++#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +-#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +-#define NID_X9_62_c2pnb163v3 686 +-#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L ++#define SN_X9_62_c2pnb163v2 "c2pnb163v2" ++#define NID_X9_62_c2pnb163v2 685 ++#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +-#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +-#define NID_X9_62_c2pnb176v1 687 +-#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L ++#define SN_X9_62_c2pnb163v3 "c2pnb163v3" ++#define NID_X9_62_c2pnb163v3 686 ++#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +-#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +-#define NID_X9_62_c2tnb191v1 688 +-#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L ++#define SN_X9_62_c2pnb176v1 "c2pnb176v1" ++#define NID_X9_62_c2pnb176v1 687 ++#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +-#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +-#define NID_X9_62_c2tnb191v2 689 +-#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L ++#define SN_X9_62_c2tnb191v1 "c2tnb191v1" ++#define NID_X9_62_c2tnb191v1 688 ++#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +-#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +-#define NID_X9_62_c2tnb191v3 690 +-#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L ++#define SN_X9_62_c2tnb191v2 "c2tnb191v2" ++#define NID_X9_62_c2tnb191v2 689 ++#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +-#define SN_X9_62_c2onb191v4 "c2onb191v4" +-#define NID_X9_62_c2onb191v4 691 +-#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L ++#define SN_X9_62_c2tnb191v3 "c2tnb191v3" ++#define NID_X9_62_c2tnb191v3 690 ++#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +-#define SN_X9_62_c2onb191v5 "c2onb191v5" +-#define NID_X9_62_c2onb191v5 692 +-#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L ++#define SN_X9_62_c2onb191v4 "c2onb191v4" ++#define NID_X9_62_c2onb191v4 691 ++#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +-#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +-#define NID_X9_62_c2pnb208w1 693 +-#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L ++#define SN_X9_62_c2onb191v5 "c2onb191v5" ++#define NID_X9_62_c2onb191v5 692 ++#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +-#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +-#define NID_X9_62_c2tnb239v1 694 +-#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L ++#define SN_X9_62_c2pnb208w1 "c2pnb208w1" ++#define NID_X9_62_c2pnb208w1 693 ++#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +-#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +-#define NID_X9_62_c2tnb239v2 695 +-#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L ++#define SN_X9_62_c2tnb239v1 "c2tnb239v1" ++#define NID_X9_62_c2tnb239v1 694 ++#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +-#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +-#define NID_X9_62_c2tnb239v3 696 +-#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L ++#define SN_X9_62_c2tnb239v2 "c2tnb239v2" ++#define NID_X9_62_c2tnb239v2 695 ++#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +-#define SN_X9_62_c2onb239v4 "c2onb239v4" +-#define NID_X9_62_c2onb239v4 697 +-#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L ++#define SN_X9_62_c2tnb239v3 "c2tnb239v3" ++#define NID_X9_62_c2tnb239v3 696 ++#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +-#define SN_X9_62_c2onb239v5 "c2onb239v5" +-#define NID_X9_62_c2onb239v5 698 +-#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L ++#define SN_X9_62_c2onb239v4 "c2onb239v4" ++#define NID_X9_62_c2onb239v4 697 ++#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +-#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +-#define NID_X9_62_c2pnb272w1 699 +-#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L ++#define SN_X9_62_c2onb239v5 "c2onb239v5" ++#define NID_X9_62_c2onb239v5 698 ++#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +-#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +-#define NID_X9_62_c2pnb304w1 700 +-#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L ++#define SN_X9_62_c2pnb272w1 "c2pnb272w1" ++#define NID_X9_62_c2pnb272w1 699 ++#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +-#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +-#define NID_X9_62_c2tnb359v1 701 +-#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L ++#define SN_X9_62_c2pnb304w1 "c2pnb304w1" ++#define NID_X9_62_c2pnb304w1 700 ++#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +-#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +-#define NID_X9_62_c2pnb368w1 702 +-#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L ++#define SN_X9_62_c2tnb359v1 "c2tnb359v1" ++#define NID_X9_62_c2tnb359v1 701 ++#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +-#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +-#define NID_X9_62_c2tnb431r1 703 +-#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L ++#define SN_X9_62_c2pnb368w1 "c2pnb368w1" ++#define NID_X9_62_c2pnb368w1 702 ++#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +-#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L ++#define SN_X9_62_c2tnb431r1 "c2tnb431r1" ++#define NID_X9_62_c2tnb431r1 703 ++#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +-#define SN_X9_62_prime192v1 "prime192v1" +-#define NID_X9_62_prime192v1 409 +-#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L ++#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +-#define SN_X9_62_prime192v2 "prime192v2" +-#define NID_X9_62_prime192v2 410 +-#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L ++#define SN_X9_62_prime192v1 "prime192v1" ++#define NID_X9_62_prime192v1 409 ++#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +-#define SN_X9_62_prime192v3 "prime192v3" +-#define NID_X9_62_prime192v3 411 +-#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L ++#define SN_X9_62_prime192v2 "prime192v2" ++#define NID_X9_62_prime192v2 410 ++#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +-#define SN_X9_62_prime239v1 "prime239v1" +-#define NID_X9_62_prime239v1 412 +-#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L ++#define SN_X9_62_prime192v3 "prime192v3" ++#define NID_X9_62_prime192v3 411 ++#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +-#define SN_X9_62_prime239v2 "prime239v2" +-#define NID_X9_62_prime239v2 413 +-#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L ++#define SN_X9_62_prime239v1 "prime239v1" ++#define NID_X9_62_prime239v1 412 ++#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +-#define SN_X9_62_prime239v3 "prime239v3" +-#define NID_X9_62_prime239v3 414 +-#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L ++#define SN_X9_62_prime239v2 "prime239v2" ++#define NID_X9_62_prime239v2 413 ++#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +-#define SN_X9_62_prime256v1 "prime256v1" +-#define NID_X9_62_prime256v1 415 +-#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L ++#define SN_X9_62_prime239v3 "prime239v3" ++#define NID_X9_62_prime239v3 414 ++#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +-#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L ++#define SN_X9_62_prime256v1 "prime256v1" ++#define NID_X9_62_prime256v1 415 ++#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +-#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +-#define NID_ecdsa_with_SHA1 416 +-#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L ++#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +-#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +-#define NID_ecdsa_with_Recommended 791 +-#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L ++#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" ++#define NID_ecdsa_with_SHA1 416 ++#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +-#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +-#define NID_ecdsa_with_Specified 792 +-#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L ++#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" ++#define NID_ecdsa_with_Recommended 791 ++#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +-#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +-#define NID_ecdsa_with_SHA224 793 +-#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L ++#define SN_ecdsa_with_Specified "ecdsa-with-Specified" ++#define NID_ecdsa_with_Specified 792 ++#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +-#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +-#define NID_ecdsa_with_SHA256 794 +-#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L ++#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" ++#define NID_ecdsa_with_SHA224 793 ++#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +-#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +-#define NID_ecdsa_with_SHA384 795 +-#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L ++#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" ++#define NID_ecdsa_with_SHA256 794 ++#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +-#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +-#define NID_ecdsa_with_SHA512 796 +-#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L ++#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" ++#define NID_ecdsa_with_SHA384 795 ++#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +-#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L ++#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" ++#define NID_ecdsa_with_SHA512 796 ++#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +-#define SN_secp112r1 "secp112r1" +-#define NID_secp112r1 704 +-#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L ++#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +-#define SN_secp112r2 "secp112r2" +-#define NID_secp112r2 705 +-#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L ++#define SN_secp112r1 "secp112r1" ++#define NID_secp112r1 704 ++#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +-#define SN_secp128r1 "secp128r1" +-#define NID_secp128r1 706 +-#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L ++#define SN_secp112r2 "secp112r2" ++#define NID_secp112r2 705 ++#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +-#define SN_secp128r2 "secp128r2" +-#define NID_secp128r2 707 +-#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L ++#define SN_secp128r1 "secp128r1" ++#define NID_secp128r1 706 ++#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +-#define SN_secp160k1 "secp160k1" +-#define NID_secp160k1 708 +-#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L ++#define SN_secp128r2 "secp128r2" ++#define NID_secp128r2 707 ++#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +-#define SN_secp160r1 "secp160r1" +-#define NID_secp160r1 709 +-#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L ++#define SN_secp160k1 "secp160k1" ++#define NID_secp160k1 708 ++#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +-#define SN_secp160r2 "secp160r2" +-#define NID_secp160r2 710 +-#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L ++#define SN_secp160r1 "secp160r1" ++#define NID_secp160r1 709 ++#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +-#define SN_secp192k1 "secp192k1" +-#define NID_secp192k1 711 +-#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L ++#define SN_secp160r2 "secp160r2" ++#define NID_secp160r2 710 ++#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +-#define SN_secp224k1 "secp224k1" +-#define NID_secp224k1 712 +-#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L ++#define SN_secp192k1 "secp192k1" ++#define NID_secp192k1 711 ++#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +-#define SN_secp224r1 "secp224r1" +-#define NID_secp224r1 713 +-#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L ++#define SN_secp224k1 "secp224k1" ++#define NID_secp224k1 712 ++#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +-#define SN_secp256k1 "secp256k1" +-#define NID_secp256k1 714 +-#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L ++#define SN_secp224r1 "secp224r1" ++#define NID_secp224r1 713 ++#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +-#define SN_secp384r1 "secp384r1" +-#define NID_secp384r1 715 +-#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L ++#define SN_secp256k1 "secp256k1" ++#define NID_secp256k1 714 ++#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +-#define SN_secp521r1 "secp521r1" +-#define NID_secp521r1 716 +-#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L ++#define SN_secp384r1 "secp384r1" ++#define NID_secp384r1 715 ++#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +-#define SN_sect113r1 "sect113r1" +-#define NID_sect113r1 717 +-#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L ++#define SN_secp521r1 "secp521r1" ++#define NID_secp521r1 716 ++#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +-#define SN_sect113r2 "sect113r2" +-#define NID_sect113r2 718 +-#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L ++#define SN_sect113r1 "sect113r1" ++#define NID_sect113r1 717 ++#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +-#define SN_sect131r1 "sect131r1" +-#define NID_sect131r1 719 +-#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L ++#define SN_sect113r2 "sect113r2" ++#define NID_sect113r2 718 ++#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +-#define SN_sect131r2 "sect131r2" +-#define NID_sect131r2 720 +-#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L ++#define SN_sect131r1 "sect131r1" ++#define NID_sect131r1 719 ++#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +-#define SN_sect163k1 "sect163k1" +-#define NID_sect163k1 721 +-#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L ++#define SN_sect131r2 "sect131r2" ++#define NID_sect131r2 720 ++#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +-#define SN_sect163r1 "sect163r1" +-#define NID_sect163r1 722 +-#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L ++#define SN_sect163k1 "sect163k1" ++#define NID_sect163k1 721 ++#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +-#define SN_sect163r2 "sect163r2" +-#define NID_sect163r2 723 +-#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L ++#define SN_sect163r1 "sect163r1" ++#define NID_sect163r1 722 ++#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +-#define SN_sect193r1 "sect193r1" +-#define NID_sect193r1 724 +-#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L ++#define SN_sect163r2 "sect163r2" ++#define NID_sect163r2 723 ++#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +-#define SN_sect193r2 "sect193r2" +-#define NID_sect193r2 725 +-#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L ++#define SN_sect193r1 "sect193r1" ++#define NID_sect193r1 724 ++#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +-#define SN_sect233k1 "sect233k1" +-#define NID_sect233k1 726 +-#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L ++#define SN_sect193r2 "sect193r2" ++#define NID_sect193r2 725 ++#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +-#define SN_sect233r1 "sect233r1" +-#define NID_sect233r1 727 +-#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L ++#define SN_sect233k1 "sect233k1" ++#define NID_sect233k1 726 ++#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +-#define SN_sect239k1 "sect239k1" +-#define NID_sect239k1 728 +-#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L ++#define SN_sect233r1 "sect233r1" ++#define NID_sect233r1 727 ++#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +-#define SN_sect283k1 "sect283k1" +-#define NID_sect283k1 729 +-#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L ++#define SN_sect239k1 "sect239k1" ++#define NID_sect239k1 728 ++#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +-#define SN_sect283r1 "sect283r1" +-#define NID_sect283r1 730 +-#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L ++#define SN_sect283k1 "sect283k1" ++#define NID_sect283k1 729 ++#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +-#define SN_sect409k1 "sect409k1" +-#define NID_sect409k1 731 +-#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L ++#define SN_sect283r1 "sect283r1" ++#define NID_sect283r1 730 ++#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +-#define SN_sect409r1 "sect409r1" +-#define NID_sect409r1 732 +-#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L ++#define SN_sect409k1 "sect409k1" ++#define NID_sect409k1 731 ++#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +-#define SN_sect571k1 "sect571k1" +-#define NID_sect571k1 733 +-#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L ++#define SN_sect409r1 "sect409r1" ++#define NID_sect409r1 732 ++#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +-#define SN_sect571r1 "sect571r1" +-#define NID_sect571r1 734 +-#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L ++#define SN_sect571k1 "sect571k1" ++#define NID_sect571k1 733 ++#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +-#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L +- +-#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +-#define NID_wap_wsg_idm_ecid_wtls1 735 +-#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L +- +-#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +-#define NID_wap_wsg_idm_ecid_wtls3 736 +-#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L +- +-#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +-#define NID_wap_wsg_idm_ecid_wtls4 737 +-#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L +- +-#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +-#define NID_wap_wsg_idm_ecid_wtls5 738 +-#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L +- +-#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +-#define NID_wap_wsg_idm_ecid_wtls6 739 +-#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L +- +-#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +-#define NID_wap_wsg_idm_ecid_wtls7 740 +-#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L +- +-#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +-#define NID_wap_wsg_idm_ecid_wtls8 741 +-#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L +- +-#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +-#define NID_wap_wsg_idm_ecid_wtls9 742 +-#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L +- +-#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +-#define NID_wap_wsg_idm_ecid_wtls10 743 +-#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L +- +-#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +-#define NID_wap_wsg_idm_ecid_wtls11 744 +-#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L +- +-#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +-#define NID_wap_wsg_idm_ecid_wtls12 745 +-#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L +- +-#define SN_cast5_cbc "CAST5-CBC" +-#define LN_cast5_cbc "cast5-cbc" +-#define NID_cast5_cbc 108 +-#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L +- +-#define SN_cast5_ecb "CAST5-ECB" +-#define LN_cast5_ecb "cast5-ecb" +-#define NID_cast5_ecb 109 +- +-#define SN_cast5_cfb64 "CAST5-CFB" +-#define LN_cast5_cfb64 "cast5-cfb" +-#define NID_cast5_cfb64 110 +- +-#define SN_cast5_ofb64 "CAST5-OFB" +-#define LN_cast5_ofb64 "cast5-ofb" +-#define NID_cast5_ofb64 111 +- +-#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +-#define NID_pbeWithMD5AndCast5_CBC 112 +-#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L +- +-#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +-#define LN_id_PasswordBasedMAC "password based MAC" +-#define NID_id_PasswordBasedMAC 782 +-#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L +- +-#define SN_id_DHBasedMac "id-DHBasedMac" +-#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +-#define NID_id_DHBasedMac 783 +-#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L +- +-#define SN_rsadsi "rsadsi" +-#define LN_rsadsi "RSA Data Security, Inc." +-#define NID_rsadsi 1 +-#define OBJ_rsadsi OBJ_ISO_US,113549L +- +-#define SN_pkcs "pkcs" +-#define LN_pkcs "RSA Data Security, Inc. PKCS" +-#define NID_pkcs 2 +-#define OBJ_pkcs OBJ_rsadsi,1L +- +-#define SN_pkcs1 "pkcs1" +-#define NID_pkcs1 186 +-#define OBJ_pkcs1 OBJ_pkcs,1L +- +-#define LN_rsaEncryption "rsaEncryption" +-#define NID_rsaEncryption 6 +-#define OBJ_rsaEncryption OBJ_pkcs1,1L +- +-#define SN_md2WithRSAEncryption "RSA-MD2" +-#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +-#define NID_md2WithRSAEncryption 7 +-#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L +- +-#define SN_md4WithRSAEncryption "RSA-MD4" +-#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +-#define NID_md4WithRSAEncryption 396 +-#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L +- +-#define SN_md5WithRSAEncryption "RSA-MD5" +-#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +-#define NID_md5WithRSAEncryption 8 +-#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L +- +-#define SN_sha1WithRSAEncryption "RSA-SHA1" +-#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +-#define NID_sha1WithRSAEncryption 65 +-#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L +- +-#define SN_sha256WithRSAEncryption "RSA-SHA256" +-#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +-#define NID_sha256WithRSAEncryption 668 +-#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L +- +-#define SN_sha384WithRSAEncryption "RSA-SHA384" +-#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +-#define NID_sha384WithRSAEncryption 669 +-#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L +- +-#define SN_sha512WithRSAEncryption "RSA-SHA512" +-#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +-#define NID_sha512WithRSAEncryption 670 +-#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L +- +-#define SN_sha224WithRSAEncryption "RSA-SHA224" +-#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +-#define NID_sha224WithRSAEncryption 671 +-#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L +- +-#define SN_pkcs3 "pkcs3" +-#define NID_pkcs3 27 +-#define OBJ_pkcs3 OBJ_pkcs,3L +- +-#define LN_dhKeyAgreement "dhKeyAgreement" +-#define NID_dhKeyAgreement 28 +-#define OBJ_dhKeyAgreement OBJ_pkcs3,1L +- +-#define SN_pkcs5 "pkcs5" +-#define NID_pkcs5 187 +-#define OBJ_pkcs5 OBJ_pkcs,5L +- +-#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +-#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +-#define NID_pbeWithMD2AndDES_CBC 9 +-#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L +- +-#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +-#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +-#define NID_pbeWithMD5AndDES_CBC 10 +-#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L +- +-#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +-#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +-#define NID_pbeWithMD2AndRC2_CBC 168 +-#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L +- +-#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +-#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +-#define NID_pbeWithMD5AndRC2_CBC 169 +-#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L +- +-#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +-#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +-#define NID_pbeWithSHA1AndDES_CBC 170 +-#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L +- +-#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +-#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +-#define NID_pbeWithSHA1AndRC2_CBC 68 +-#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L +- +-#define LN_id_pbkdf2 "PBKDF2" +-#define NID_id_pbkdf2 69 +-#define OBJ_id_pbkdf2 OBJ_pkcs5,12L +- +-#define LN_pbes2 "PBES2" +-#define NID_pbes2 161 +-#define OBJ_pbes2 OBJ_pkcs5,13L +- +-#define LN_pbmac1 "PBMAC1" +-#define NID_pbmac1 162 +-#define OBJ_pbmac1 OBJ_pkcs5,14L +- +-#define SN_pkcs7 "pkcs7" +-#define NID_pkcs7 20 +-#define OBJ_pkcs7 OBJ_pkcs,7L +- +-#define LN_pkcs7_data "pkcs7-data" +-#define NID_pkcs7_data 21 +-#define OBJ_pkcs7_data OBJ_pkcs7,1L +- +-#define LN_pkcs7_signed "pkcs7-signedData" +-#define NID_pkcs7_signed 22 +-#define OBJ_pkcs7_signed OBJ_pkcs7,2L +- +-#define LN_pkcs7_enveloped "pkcs7-envelopedData" +-#define NID_pkcs7_enveloped 23 +-#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L +- +-#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +-#define NID_pkcs7_signedAndEnveloped 24 +-#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L +- +-#define LN_pkcs7_digest "pkcs7-digestData" +-#define NID_pkcs7_digest 25 +-#define OBJ_pkcs7_digest OBJ_pkcs7,5L +- +-#define LN_pkcs7_encrypted "pkcs7-encryptedData" +-#define NID_pkcs7_encrypted 26 +-#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L +- +-#define SN_pkcs9 "pkcs9" +-#define NID_pkcs9 47 +-#define OBJ_pkcs9 OBJ_pkcs,9L +- +-#define LN_pkcs9_emailAddress "emailAddress" +-#define NID_pkcs9_emailAddress 48 +-#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L +- +-#define LN_pkcs9_unstructuredName "unstructuredName" +-#define NID_pkcs9_unstructuredName 49 +-#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L +- +-#define LN_pkcs9_contentType "contentType" +-#define NID_pkcs9_contentType 50 +-#define OBJ_pkcs9_contentType OBJ_pkcs9,3L +- +-#define LN_pkcs9_messageDigest "messageDigest" +-#define NID_pkcs9_messageDigest 51 +-#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L +- +-#define LN_pkcs9_signingTime "signingTime" +-#define NID_pkcs9_signingTime 52 +-#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L +- +-#define LN_pkcs9_countersignature "countersignature" +-#define NID_pkcs9_countersignature 53 +-#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L +- +-#define LN_pkcs9_challengePassword "challengePassword" +-#define NID_pkcs9_challengePassword 54 +-#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L +- +-#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +-#define NID_pkcs9_unstructuredAddress 55 +-#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L +- +-#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +-#define NID_pkcs9_extCertAttributes 56 +-#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L +- +-#define SN_ext_req "extReq" +-#define LN_ext_req "Extension Request" +-#define NID_ext_req 172 +-#define OBJ_ext_req OBJ_pkcs9,14L +- +-#define SN_SMIMECapabilities "SMIME-CAPS" +-#define LN_SMIMECapabilities "S/MIME Capabilities" +-#define NID_SMIMECapabilities 167 +-#define OBJ_SMIMECapabilities OBJ_pkcs9,15L +- +-#define SN_SMIME "SMIME" +-#define LN_SMIME "S/MIME" +-#define NID_SMIME 188 +-#define OBJ_SMIME OBJ_pkcs9,16L ++#define SN_sect571r1 "sect571r1" ++#define NID_sect571r1 734 ++#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +-#define SN_id_smime_mod "id-smime-mod" +-#define NID_id_smime_mod 189 +-#define OBJ_id_smime_mod OBJ_SMIME,0L ++#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L ++ ++#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" ++#define NID_wap_wsg_idm_ecid_wtls1 735 ++#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L ++ ++#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" ++#define NID_wap_wsg_idm_ecid_wtls3 736 ++#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L ++ ++#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" ++#define NID_wap_wsg_idm_ecid_wtls4 737 ++#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L ++ ++#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" ++#define NID_wap_wsg_idm_ecid_wtls5 738 ++#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L ++ ++#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" ++#define NID_wap_wsg_idm_ecid_wtls6 739 ++#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L ++ ++#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" ++#define NID_wap_wsg_idm_ecid_wtls7 740 ++#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L ++ ++#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" ++#define NID_wap_wsg_idm_ecid_wtls8 741 ++#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L ++ ++#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" ++#define NID_wap_wsg_idm_ecid_wtls9 742 ++#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L ++ ++#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" ++#define NID_wap_wsg_idm_ecid_wtls10 743 ++#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L ++ ++#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" ++#define NID_wap_wsg_idm_ecid_wtls11 744 ++#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L ++ ++#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" ++#define NID_wap_wsg_idm_ecid_wtls12 745 ++#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L ++ ++#define SN_cast5_cbc "CAST5-CBC" ++#define LN_cast5_cbc "cast5-cbc" ++#define NID_cast5_cbc 108 ++#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L ++ ++#define SN_cast5_ecb "CAST5-ECB" ++#define LN_cast5_ecb "cast5-ecb" ++#define NID_cast5_ecb 109 ++ ++#define SN_cast5_cfb64 "CAST5-CFB" ++#define LN_cast5_cfb64 "cast5-cfb" ++#define NID_cast5_cfb64 110 ++ ++#define SN_cast5_ofb64 "CAST5-OFB" ++#define LN_cast5_ofb64 "cast5-ofb" ++#define NID_cast5_ofb64 111 ++ ++#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" ++#define NID_pbeWithMD5AndCast5_CBC 112 ++#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L ++ ++#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" ++#define LN_id_PasswordBasedMAC "password based MAC" ++#define NID_id_PasswordBasedMAC 782 ++#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L ++ ++#define SN_id_DHBasedMac "id-DHBasedMac" ++#define LN_id_DHBasedMac "Diffie-Hellman based MAC" ++#define NID_id_DHBasedMac 783 ++#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L ++ ++#define SN_rsadsi "rsadsi" ++#define LN_rsadsi "RSA Data Security, Inc." ++#define NID_rsadsi 1 ++#define OBJ_rsadsi OBJ_ISO_US,113549L ++ ++#define SN_pkcs "pkcs" ++#define LN_pkcs "RSA Data Security, Inc. PKCS" ++#define NID_pkcs 2 ++#define OBJ_pkcs OBJ_rsadsi,1L ++ ++#define SN_pkcs1 "pkcs1" ++#define NID_pkcs1 186 ++#define OBJ_pkcs1 OBJ_pkcs,1L ++ ++#define LN_rsaEncryption "rsaEncryption" ++#define NID_rsaEncryption 6 ++#define OBJ_rsaEncryption OBJ_pkcs1,1L ++ ++#define SN_md2WithRSAEncryption "RSA-MD2" ++#define LN_md2WithRSAEncryption "md2WithRSAEncryption" ++#define NID_md2WithRSAEncryption 7 ++#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L ++ ++#define SN_md4WithRSAEncryption "RSA-MD4" ++#define LN_md4WithRSAEncryption "md4WithRSAEncryption" ++#define NID_md4WithRSAEncryption 396 ++#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L ++ ++#define SN_md5WithRSAEncryption "RSA-MD5" ++#define LN_md5WithRSAEncryption "md5WithRSAEncryption" ++#define NID_md5WithRSAEncryption 8 ++#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L ++ ++#define SN_sha1WithRSAEncryption "RSA-SHA1" ++#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" ++#define NID_sha1WithRSAEncryption 65 ++#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L ++ ++#define SN_sha256WithRSAEncryption "RSA-SHA256" ++#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" ++#define NID_sha256WithRSAEncryption 668 ++#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L ++ ++#define SN_sha384WithRSAEncryption "RSA-SHA384" ++#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" ++#define NID_sha384WithRSAEncryption 669 ++#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L ++ ++#define SN_sha512WithRSAEncryption "RSA-SHA512" ++#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" ++#define NID_sha512WithRSAEncryption 670 ++#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L ++ ++#define SN_sha224WithRSAEncryption "RSA-SHA224" ++#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" ++#define NID_sha224WithRSAEncryption 671 ++#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L ++ ++#define SN_pkcs3 "pkcs3" ++#define NID_pkcs3 27 ++#define OBJ_pkcs3 OBJ_pkcs,3L ++ ++#define LN_dhKeyAgreement "dhKeyAgreement" ++#define NID_dhKeyAgreement 28 ++#define OBJ_dhKeyAgreement OBJ_pkcs3,1L ++ ++#define SN_pkcs5 "pkcs5" ++#define NID_pkcs5 187 ++#define OBJ_pkcs5 OBJ_pkcs,5L ++ ++#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" ++#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" ++#define NID_pbeWithMD2AndDES_CBC 9 ++#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L ++ ++#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" ++#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" ++#define NID_pbeWithMD5AndDES_CBC 10 ++#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L ++ ++#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" ++#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" ++#define NID_pbeWithMD2AndRC2_CBC 168 ++#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L ++ ++#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" ++#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" ++#define NID_pbeWithMD5AndRC2_CBC 169 ++#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L ++ ++#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" ++#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" ++#define NID_pbeWithSHA1AndDES_CBC 170 ++#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L ++ ++#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" ++#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" ++#define NID_pbeWithSHA1AndRC2_CBC 68 ++#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L ++ ++#define LN_id_pbkdf2 "PBKDF2" ++#define NID_id_pbkdf2 69 ++#define OBJ_id_pbkdf2 OBJ_pkcs5,12L ++ ++#define LN_pbes2 "PBES2" ++#define NID_pbes2 161 ++#define OBJ_pbes2 OBJ_pkcs5,13L ++ ++#define LN_pbmac1 "PBMAC1" ++#define NID_pbmac1 162 ++#define OBJ_pbmac1 OBJ_pkcs5,14L ++ ++#define SN_pkcs7 "pkcs7" ++#define NID_pkcs7 20 ++#define OBJ_pkcs7 OBJ_pkcs,7L ++ ++#define LN_pkcs7_data "pkcs7-data" ++#define NID_pkcs7_data 21 ++#define OBJ_pkcs7_data OBJ_pkcs7,1L ++ ++#define LN_pkcs7_signed "pkcs7-signedData" ++#define NID_pkcs7_signed 22 ++#define OBJ_pkcs7_signed OBJ_pkcs7,2L ++ ++#define LN_pkcs7_enveloped "pkcs7-envelopedData" ++#define NID_pkcs7_enveloped 23 ++#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L ++ ++#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" ++#define NID_pkcs7_signedAndEnveloped 24 ++#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L ++ ++#define LN_pkcs7_digest "pkcs7-digestData" ++#define NID_pkcs7_digest 25 ++#define OBJ_pkcs7_digest OBJ_pkcs7,5L ++ ++#define LN_pkcs7_encrypted "pkcs7-encryptedData" ++#define NID_pkcs7_encrypted 26 ++#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L ++ ++#define SN_pkcs9 "pkcs9" ++#define NID_pkcs9 47 ++#define OBJ_pkcs9 OBJ_pkcs,9L ++ ++#define LN_pkcs9_emailAddress "emailAddress" ++#define NID_pkcs9_emailAddress 48 ++#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L ++ ++#define LN_pkcs9_unstructuredName "unstructuredName" ++#define NID_pkcs9_unstructuredName 49 ++#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L ++ ++#define LN_pkcs9_contentType "contentType" ++#define NID_pkcs9_contentType 50 ++#define OBJ_pkcs9_contentType OBJ_pkcs9,3L ++ ++#define LN_pkcs9_messageDigest "messageDigest" ++#define NID_pkcs9_messageDigest 51 ++#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L ++ ++#define LN_pkcs9_signingTime "signingTime" ++#define NID_pkcs9_signingTime 52 ++#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L ++ ++#define LN_pkcs9_countersignature "countersignature" ++#define NID_pkcs9_countersignature 53 ++#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L ++ ++#define LN_pkcs9_challengePassword "challengePassword" ++#define NID_pkcs9_challengePassword 54 ++#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L ++ ++#define LN_pkcs9_unstructuredAddress "unstructuredAddress" ++#define NID_pkcs9_unstructuredAddress 55 ++#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L ++ ++#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" ++#define NID_pkcs9_extCertAttributes 56 ++#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L ++ ++#define SN_ext_req "extReq" ++#define LN_ext_req "Extension Request" ++#define NID_ext_req 172 ++#define OBJ_ext_req OBJ_pkcs9,14L ++ ++#define SN_SMIMECapabilities "SMIME-CAPS" ++#define LN_SMIMECapabilities "S/MIME Capabilities" ++#define NID_SMIMECapabilities 167 ++#define OBJ_SMIMECapabilities OBJ_pkcs9,15L ++ ++#define SN_SMIME "SMIME" ++#define LN_SMIME "S/MIME" ++#define NID_SMIME 188 ++#define OBJ_SMIME OBJ_pkcs9,16L + +-#define SN_id_smime_ct "id-smime-ct" +-#define NID_id_smime_ct 190 +-#define OBJ_id_smime_ct OBJ_SMIME,1L ++#define SN_id_smime_mod "id-smime-mod" ++#define NID_id_smime_mod 189 ++#define OBJ_id_smime_mod OBJ_SMIME,0L + +-#define SN_id_smime_aa "id-smime-aa" +-#define NID_id_smime_aa 191 +-#define OBJ_id_smime_aa OBJ_SMIME,2L ++#define SN_id_smime_ct "id-smime-ct" ++#define NID_id_smime_ct 190 ++#define OBJ_id_smime_ct OBJ_SMIME,1L + +-#define SN_id_smime_alg "id-smime-alg" +-#define NID_id_smime_alg 192 +-#define OBJ_id_smime_alg OBJ_SMIME,3L ++#define SN_id_smime_aa "id-smime-aa" ++#define NID_id_smime_aa 191 ++#define OBJ_id_smime_aa OBJ_SMIME,2L + +-#define SN_id_smime_cd "id-smime-cd" +-#define NID_id_smime_cd 193 +-#define OBJ_id_smime_cd OBJ_SMIME,4L ++#define SN_id_smime_alg "id-smime-alg" ++#define NID_id_smime_alg 192 ++#define OBJ_id_smime_alg OBJ_SMIME,3L + +-#define SN_id_smime_spq "id-smime-spq" +-#define NID_id_smime_spq 194 +-#define OBJ_id_smime_spq OBJ_SMIME,5L ++#define SN_id_smime_cd "id-smime-cd" ++#define NID_id_smime_cd 193 ++#define OBJ_id_smime_cd OBJ_SMIME,4L + +-#define SN_id_smime_cti "id-smime-cti" +-#define NID_id_smime_cti 195 +-#define OBJ_id_smime_cti OBJ_SMIME,6L ++#define SN_id_smime_spq "id-smime-spq" ++#define NID_id_smime_spq 194 ++#define OBJ_id_smime_spq OBJ_SMIME,5L + +-#define SN_id_smime_mod_cms "id-smime-mod-cms" +-#define NID_id_smime_mod_cms 196 +-#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L ++#define SN_id_smime_cti "id-smime-cti" ++#define NID_id_smime_cti 195 ++#define OBJ_id_smime_cti OBJ_SMIME,6L + +-#define SN_id_smime_mod_ess "id-smime-mod-ess" +-#define NID_id_smime_mod_ess 197 +-#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L ++#define SN_id_smime_mod_cms "id-smime-mod-cms" ++#define NID_id_smime_mod_cms 196 ++#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +-#define SN_id_smime_mod_oid "id-smime-mod-oid" +-#define NID_id_smime_mod_oid 198 +-#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L ++#define SN_id_smime_mod_ess "id-smime-mod-ess" ++#define NID_id_smime_mod_ess 197 ++#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +-#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +-#define NID_id_smime_mod_msg_v3 199 +-#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L ++#define SN_id_smime_mod_oid "id-smime-mod-oid" ++#define NID_id_smime_mod_oid 198 ++#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +-#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +-#define NID_id_smime_mod_ets_eSignature_88 200 +-#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L ++#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" ++#define NID_id_smime_mod_msg_v3 199 ++#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +-#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +-#define NID_id_smime_mod_ets_eSignature_97 201 +-#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L ++#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" ++#define NID_id_smime_mod_ets_eSignature_88 200 ++#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +-#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +-#define NID_id_smime_mod_ets_eSigPolicy_88 202 +-#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L ++#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" ++#define NID_id_smime_mod_ets_eSignature_97 201 ++#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +-#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +-#define NID_id_smime_mod_ets_eSigPolicy_97 203 +-#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L ++#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" ++#define NID_id_smime_mod_ets_eSigPolicy_88 202 ++#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +-#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +-#define NID_id_smime_ct_receipt 204 +-#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L ++#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" ++#define NID_id_smime_mod_ets_eSigPolicy_97 203 ++#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +-#define SN_id_smime_ct_authData "id-smime-ct-authData" +-#define NID_id_smime_ct_authData 205 +-#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L ++#define SN_id_smime_ct_receipt "id-smime-ct-receipt" ++#define NID_id_smime_ct_receipt 204 ++#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +-#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +-#define NID_id_smime_ct_publishCert 206 +-#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L ++#define SN_id_smime_ct_authData "id-smime-ct-authData" ++#define NID_id_smime_ct_authData 205 ++#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +-#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +-#define NID_id_smime_ct_TSTInfo 207 +-#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L ++#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" ++#define NID_id_smime_ct_publishCert 206 ++#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +-#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +-#define NID_id_smime_ct_TDTInfo 208 +-#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L ++#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" ++#define NID_id_smime_ct_TSTInfo 207 ++#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +-#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +-#define NID_id_smime_ct_contentInfo 209 +-#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L ++#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" ++#define NID_id_smime_ct_TDTInfo 208 ++#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +-#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +-#define NID_id_smime_ct_DVCSRequestData 210 +-#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L ++#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" ++#define NID_id_smime_ct_contentInfo 209 ++#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +-#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +-#define NID_id_smime_ct_DVCSResponseData 211 +-#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L ++#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" ++#define NID_id_smime_ct_DVCSRequestData 210 ++#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +-#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +-#define NID_id_smime_ct_compressedData 786 +-#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L ++#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" ++#define NID_id_smime_ct_DVCSResponseData 211 ++#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +-#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +-#define NID_id_ct_asciiTextWithCRLF 787 +-#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L ++#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" ++#define NID_id_smime_ct_compressedData 786 ++#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +-#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +-#define NID_id_smime_aa_receiptRequest 212 +-#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L ++#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" ++#define NID_id_ct_asciiTextWithCRLF 787 ++#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +-#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +-#define NID_id_smime_aa_securityLabel 213 +-#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L ++#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" ++#define NID_id_smime_aa_receiptRequest 212 ++#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +-#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +-#define NID_id_smime_aa_mlExpandHistory 214 +-#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L ++#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" ++#define NID_id_smime_aa_securityLabel 213 ++#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +-#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +-#define NID_id_smime_aa_contentHint 215 +-#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L ++#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" ++#define NID_id_smime_aa_mlExpandHistory 214 ++#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +-#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +-#define NID_id_smime_aa_msgSigDigest 216 +-#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L ++#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" ++#define NID_id_smime_aa_contentHint 215 ++#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +-#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +-#define NID_id_smime_aa_encapContentType 217 +-#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L ++#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" ++#define NID_id_smime_aa_msgSigDigest 216 ++#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +-#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +-#define NID_id_smime_aa_contentIdentifier 218 +-#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L ++#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" ++#define NID_id_smime_aa_encapContentType 217 ++#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +-#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +-#define NID_id_smime_aa_macValue 219 +-#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L ++#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" ++#define NID_id_smime_aa_contentIdentifier 218 ++#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +-#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +-#define NID_id_smime_aa_equivalentLabels 220 +-#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L ++#define SN_id_smime_aa_macValue "id-smime-aa-macValue" ++#define NID_id_smime_aa_macValue 219 ++#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +-#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +-#define NID_id_smime_aa_contentReference 221 +-#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L ++#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" ++#define NID_id_smime_aa_equivalentLabels 220 ++#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +-#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +-#define NID_id_smime_aa_encrypKeyPref 222 +-#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L ++#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" ++#define NID_id_smime_aa_contentReference 221 ++#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +-#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +-#define NID_id_smime_aa_signingCertificate 223 +-#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L ++#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" ++#define NID_id_smime_aa_encrypKeyPref 222 ++#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +-#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +-#define NID_id_smime_aa_smimeEncryptCerts 224 +-#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L ++#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" ++#define NID_id_smime_aa_signingCertificate 223 ++#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +-#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +-#define NID_id_smime_aa_timeStampToken 225 +-#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L ++#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" ++#define NID_id_smime_aa_smimeEncryptCerts 224 ++#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +-#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +-#define NID_id_smime_aa_ets_sigPolicyId 226 +-#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L ++#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" ++#define NID_id_smime_aa_timeStampToken 225 ++#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +-#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +-#define NID_id_smime_aa_ets_commitmentType 227 +-#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L ++#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" ++#define NID_id_smime_aa_ets_sigPolicyId 226 ++#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +-#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +-#define NID_id_smime_aa_ets_signerLocation 228 +-#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L ++#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" ++#define NID_id_smime_aa_ets_commitmentType 227 ++#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +-#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +-#define NID_id_smime_aa_ets_signerAttr 229 +-#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L ++#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" ++#define NID_id_smime_aa_ets_signerLocation 228 ++#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +-#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +-#define NID_id_smime_aa_ets_otherSigCert 230 +-#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L ++#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" ++#define NID_id_smime_aa_ets_signerAttr 229 ++#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +-#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +-#define NID_id_smime_aa_ets_contentTimestamp 231 +-#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L ++#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" ++#define NID_id_smime_aa_ets_otherSigCert 230 ++#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +-#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +-#define NID_id_smime_aa_ets_CertificateRefs 232 +-#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L ++#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" ++#define NID_id_smime_aa_ets_contentTimestamp 231 ++#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +-#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +-#define NID_id_smime_aa_ets_RevocationRefs 233 +-#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L ++#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" ++#define NID_id_smime_aa_ets_CertificateRefs 232 ++#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +-#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +-#define NID_id_smime_aa_ets_certValues 234 +-#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L ++#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" ++#define NID_id_smime_aa_ets_RevocationRefs 233 ++#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +-#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +-#define NID_id_smime_aa_ets_revocationValues 235 +-#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L ++#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" ++#define NID_id_smime_aa_ets_certValues 234 ++#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +-#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +-#define NID_id_smime_aa_ets_escTimeStamp 236 +-#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L ++#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" ++#define NID_id_smime_aa_ets_revocationValues 235 ++#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +-#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +-#define NID_id_smime_aa_ets_certCRLTimestamp 237 +-#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L ++#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" ++#define NID_id_smime_aa_ets_escTimeStamp 236 ++#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +-#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +-#define NID_id_smime_aa_ets_archiveTimeStamp 238 +-#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L ++#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" ++#define NID_id_smime_aa_ets_certCRLTimestamp 237 ++#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +-#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +-#define NID_id_smime_aa_signatureType 239 +-#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L ++#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" ++#define NID_id_smime_aa_ets_archiveTimeStamp 238 ++#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +-#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +-#define NID_id_smime_aa_dvcs_dvc 240 +-#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L ++#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" ++#define NID_id_smime_aa_signatureType 239 ++#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +-#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +-#define NID_id_smime_alg_ESDHwith3DES 241 +-#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L ++#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" ++#define NID_id_smime_aa_dvcs_dvc 240 ++#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +-#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +-#define NID_id_smime_alg_ESDHwithRC2 242 +-#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L ++#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" ++#define NID_id_smime_alg_ESDHwith3DES 241 ++#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +-#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +-#define NID_id_smime_alg_3DESwrap 243 +-#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L ++#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" ++#define NID_id_smime_alg_ESDHwithRC2 242 ++#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +-#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +-#define NID_id_smime_alg_RC2wrap 244 +-#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L ++#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" ++#define NID_id_smime_alg_3DESwrap 243 ++#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +-#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +-#define NID_id_smime_alg_ESDH 245 +-#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L ++#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" ++#define NID_id_smime_alg_RC2wrap 244 ++#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +-#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +-#define NID_id_smime_alg_CMS3DESwrap 246 +-#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L ++#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" ++#define NID_id_smime_alg_ESDH 245 ++#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +-#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +-#define NID_id_smime_alg_CMSRC2wrap 247 +-#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L ++#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" ++#define NID_id_smime_alg_CMS3DESwrap 246 ++#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +-#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +-#define NID_id_smime_cd_ldap 248 +-#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L ++#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" ++#define NID_id_smime_alg_CMSRC2wrap 247 ++#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +-#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +-#define NID_id_smime_spq_ets_sqt_uri 249 +-#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L ++#define SN_id_smime_cd_ldap "id-smime-cd-ldap" ++#define NID_id_smime_cd_ldap 248 ++#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +-#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +-#define NID_id_smime_spq_ets_sqt_unotice 250 +-#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L ++#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" ++#define NID_id_smime_spq_ets_sqt_uri 249 ++#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +-#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +-#define NID_id_smime_cti_ets_proofOfOrigin 251 +-#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L ++#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" ++#define NID_id_smime_spq_ets_sqt_unotice 250 ++#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +-#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +-#define NID_id_smime_cti_ets_proofOfReceipt 252 +-#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L ++#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" ++#define NID_id_smime_cti_ets_proofOfOrigin 251 ++#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +-#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +-#define NID_id_smime_cti_ets_proofOfDelivery 253 +-#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L ++#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" ++#define NID_id_smime_cti_ets_proofOfReceipt 252 ++#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +-#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +-#define NID_id_smime_cti_ets_proofOfSender 254 +-#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L ++#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" ++#define NID_id_smime_cti_ets_proofOfDelivery 253 ++#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +-#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +-#define NID_id_smime_cti_ets_proofOfApproval 255 +-#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L ++#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" ++#define NID_id_smime_cti_ets_proofOfSender 254 ++#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +-#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +-#define NID_id_smime_cti_ets_proofOfCreation 256 +-#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L ++#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" ++#define NID_id_smime_cti_ets_proofOfApproval 255 ++#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +-#define LN_friendlyName "friendlyName" +-#define NID_friendlyName 156 +-#define OBJ_friendlyName OBJ_pkcs9,20L ++#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" ++#define NID_id_smime_cti_ets_proofOfCreation 256 ++#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +-#define LN_localKeyID "localKeyID" +-#define NID_localKeyID 157 +-#define OBJ_localKeyID OBJ_pkcs9,21L ++#define LN_friendlyName "friendlyName" ++#define NID_friendlyName 156 ++#define OBJ_friendlyName OBJ_pkcs9,20L + +-#define SN_ms_csp_name "CSPName" +-#define LN_ms_csp_name "Microsoft CSP Name" +-#define NID_ms_csp_name 417 +-#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L ++#define LN_localKeyID "localKeyID" ++#define NID_localKeyID 157 ++#define OBJ_localKeyID OBJ_pkcs9,21L + +-#define SN_LocalKeySet "LocalKeySet" +-#define LN_LocalKeySet "Microsoft Local Key set" +-#define NID_LocalKeySet 856 +-#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L ++#define SN_ms_csp_name "CSPName" ++#define LN_ms_csp_name "Microsoft CSP Name" ++#define NID_ms_csp_name 417 ++#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +-#define OBJ_certTypes OBJ_pkcs9,22L ++#define SN_LocalKeySet "LocalKeySet" ++#define LN_LocalKeySet "Microsoft Local Key set" ++#define NID_LocalKeySet 856 ++#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +-#define LN_x509Certificate "x509Certificate" +-#define NID_x509Certificate 158 +-#define OBJ_x509Certificate OBJ_certTypes,1L ++#define OBJ_certTypes OBJ_pkcs9,22L + +-#define LN_sdsiCertificate "sdsiCertificate" +-#define NID_sdsiCertificate 159 +-#define OBJ_sdsiCertificate OBJ_certTypes,2L ++#define LN_x509Certificate "x509Certificate" ++#define NID_x509Certificate 158 ++#define OBJ_x509Certificate OBJ_certTypes,1L + +-#define OBJ_crlTypes OBJ_pkcs9,23L ++#define LN_sdsiCertificate "sdsiCertificate" ++#define NID_sdsiCertificate 159 ++#define OBJ_sdsiCertificate OBJ_certTypes,2L + +-#define LN_x509Crl "x509Crl" +-#define NID_x509Crl 160 +-#define OBJ_x509Crl OBJ_crlTypes,1L ++#define OBJ_crlTypes OBJ_pkcs9,23L + +-#define OBJ_pkcs12 OBJ_pkcs,12L ++#define LN_x509Crl "x509Crl" ++#define NID_x509Crl 160 ++#define OBJ_x509Crl OBJ_crlTypes,1L + +-#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L ++#define OBJ_pkcs12 OBJ_pkcs,12L + +-#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +-#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +-#define NID_pbe_WithSHA1And128BitRC4 144 +-#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L ++#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +-#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +-#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +-#define NID_pbe_WithSHA1And40BitRC4 145 +-#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L ++#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" ++#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" ++#define NID_pbe_WithSHA1And128BitRC4 144 ++#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L ++#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" ++#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" ++#define NID_pbe_WithSHA1And40BitRC4 145 ++#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L ++#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" ++#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" ++#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 ++#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +-#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +-#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +-#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +-#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L ++#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" ++#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" ++#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 ++#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +-#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +-#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +-#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +-#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L ++#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" ++#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" ++#define NID_pbe_WithSHA1And128BitRC2_CBC 148 ++#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +-#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L ++#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" ++#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" ++#define NID_pbe_WithSHA1And40BitRC2_CBC 149 ++#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +-#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L ++#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +-#define LN_keyBag "keyBag" +-#define NID_keyBag 150 +-#define OBJ_keyBag OBJ_pkcs12_BagIds,1L ++#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +-#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +-#define NID_pkcs8ShroudedKeyBag 151 +-#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L ++#define LN_keyBag "keyBag" ++#define NID_keyBag 150 ++#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +-#define LN_certBag "certBag" +-#define NID_certBag 152 +-#define OBJ_certBag OBJ_pkcs12_BagIds,3L ++#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" ++#define NID_pkcs8ShroudedKeyBag 151 ++#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +-#define LN_crlBag "crlBag" +-#define NID_crlBag 153 +-#define OBJ_crlBag OBJ_pkcs12_BagIds,4L ++#define LN_certBag "certBag" ++#define NID_certBag 152 ++#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +-#define LN_secretBag "secretBag" +-#define NID_secretBag 154 +-#define OBJ_secretBag OBJ_pkcs12_BagIds,5L ++#define LN_crlBag "crlBag" ++#define NID_crlBag 153 ++#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +-#define LN_safeContentsBag "safeContentsBag" +-#define NID_safeContentsBag 155 +-#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L ++#define LN_secretBag "secretBag" ++#define NID_secretBag 154 ++#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +-#define SN_md2 "MD2" +-#define LN_md2 "md2" +-#define NID_md2 3 +-#define OBJ_md2 OBJ_rsadsi,2L,2L +- +-#define SN_md4 "MD4" +-#define LN_md4 "md4" +-#define NID_md4 257 +-#define OBJ_md4 OBJ_rsadsi,2L,4L +- +-#define SN_md5 "MD5" +-#define LN_md5 "md5" +-#define NID_md5 4 +-#define OBJ_md5 OBJ_rsadsi,2L,5L +- +-#define SN_md5_sha1 "MD5-SHA1" +-#define LN_md5_sha1 "md5-sha1" +-#define NID_md5_sha1 114 +- +-#define LN_hmacWithMD5 "hmacWithMD5" +-#define NID_hmacWithMD5 797 +-#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L +- +-#define LN_hmacWithSHA1 "hmacWithSHA1" +-#define NID_hmacWithSHA1 163 +-#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L +- +-#define LN_hmacWithSHA224 "hmacWithSHA224" +-#define NID_hmacWithSHA224 798 +-#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L +- +-#define LN_hmacWithSHA256 "hmacWithSHA256" +-#define NID_hmacWithSHA256 799 +-#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L +- +-#define LN_hmacWithSHA384 "hmacWithSHA384" +-#define NID_hmacWithSHA384 800 +-#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L +- +-#define LN_hmacWithSHA512 "hmacWithSHA512" +-#define NID_hmacWithSHA512 801 +-#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L +- +-#define SN_rc2_cbc "RC2-CBC" +-#define LN_rc2_cbc "rc2-cbc" +-#define NID_rc2_cbc 37 +-#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L +- +-#define SN_rc2_ecb "RC2-ECB" +-#define LN_rc2_ecb "rc2-ecb" +-#define NID_rc2_ecb 38 +- +-#define SN_rc2_cfb64 "RC2-CFB" +-#define LN_rc2_cfb64 "rc2-cfb" +-#define NID_rc2_cfb64 39 +- +-#define SN_rc2_ofb64 "RC2-OFB" +-#define LN_rc2_ofb64 "rc2-ofb" +-#define NID_rc2_ofb64 40 +- +-#define SN_rc2_40_cbc "RC2-40-CBC" +-#define LN_rc2_40_cbc "rc2-40-cbc" +-#define NID_rc2_40_cbc 98 +- +-#define SN_rc2_64_cbc "RC2-64-CBC" +-#define LN_rc2_64_cbc "rc2-64-cbc" +-#define NID_rc2_64_cbc 166 +- +-#define SN_rc4 "RC4" +-#define LN_rc4 "rc4" +-#define NID_rc4 5 +-#define OBJ_rc4 OBJ_rsadsi,3L,4L +- +-#define SN_rc4_40 "RC4-40" +-#define LN_rc4_40 "rc4-40" +-#define NID_rc4_40 97 +- +-#define SN_des_ede3_cbc "DES-EDE3-CBC" +-#define LN_des_ede3_cbc "des-ede3-cbc" +-#define NID_des_ede3_cbc 44 +-#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L +- +-#define SN_rc5_cbc "RC5-CBC" +-#define LN_rc5_cbc "rc5-cbc" +-#define NID_rc5_cbc 120 +-#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L +- +-#define SN_rc5_ecb "RC5-ECB" +-#define LN_rc5_ecb "rc5-ecb" +-#define NID_rc5_ecb 121 +- +-#define SN_rc5_cfb64 "RC5-CFB" +-#define LN_rc5_cfb64 "rc5-cfb" +-#define NID_rc5_cfb64 122 +- +-#define SN_rc5_ofb64 "RC5-OFB" +-#define LN_rc5_ofb64 "rc5-ofb" +-#define NID_rc5_ofb64 123 +- +-#define SN_ms_ext_req "msExtReq" +-#define LN_ms_ext_req "Microsoft Extension Request" +-#define NID_ms_ext_req 171 +-#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L +- +-#define SN_ms_code_ind "msCodeInd" +-#define LN_ms_code_ind "Microsoft Individual Code Signing" +-#define NID_ms_code_ind 134 +-#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L +- +-#define SN_ms_code_com "msCodeCom" +-#define LN_ms_code_com "Microsoft Commercial Code Signing" +-#define NID_ms_code_com 135 +-#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L +- +-#define SN_ms_ctl_sign "msCTLSign" +-#define LN_ms_ctl_sign "Microsoft Trust List Signing" +-#define NID_ms_ctl_sign 136 +-#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L +- +-#define SN_ms_sgc "msSGC" +-#define LN_ms_sgc "Microsoft Server Gated Crypto" +-#define NID_ms_sgc 137 +-#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L +- +-#define SN_ms_efs "msEFS" +-#define LN_ms_efs "Microsoft Encrypted File System" +-#define NID_ms_efs 138 +-#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L +- +-#define SN_ms_smartcard_login "msSmartcardLogin" +-#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +-#define NID_ms_smartcard_login 648 +-#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L +- +-#define SN_ms_upn "msUPN" +-#define LN_ms_upn "Microsoft Universal Principal Name" +-#define NID_ms_upn 649 +-#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L +- +-#define SN_idea_cbc "IDEA-CBC" +-#define LN_idea_cbc "idea-cbc" +-#define NID_idea_cbc 34 +-#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L +- +-#define SN_idea_ecb "IDEA-ECB" +-#define LN_idea_ecb "idea-ecb" +-#define NID_idea_ecb 36 +- +-#define SN_idea_cfb64 "IDEA-CFB" +-#define LN_idea_cfb64 "idea-cfb" +-#define NID_idea_cfb64 35 +- +-#define SN_idea_ofb64 "IDEA-OFB" +-#define LN_idea_ofb64 "idea-ofb" +-#define NID_idea_ofb64 46 +- +-#define SN_bf_cbc "BF-CBC" +-#define LN_bf_cbc "bf-cbc" +-#define NID_bf_cbc 91 +-#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L +- +-#define SN_bf_ecb "BF-ECB" +-#define LN_bf_ecb "bf-ecb" +-#define NID_bf_ecb 92 +- +-#define SN_bf_cfb64 "BF-CFB" +-#define LN_bf_cfb64 "bf-cfb" +-#define NID_bf_cfb64 93 +- +-#define SN_bf_ofb64 "BF-OFB" +-#define LN_bf_ofb64 "bf-ofb" +-#define NID_bf_ofb64 94 +- +-#define SN_id_pkix "PKIX" +-#define NID_id_pkix 127 +-#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L +- +-#define SN_id_pkix_mod "id-pkix-mod" +-#define NID_id_pkix_mod 258 +-#define OBJ_id_pkix_mod OBJ_id_pkix,0L +- +-#define SN_id_pe "id-pe" +-#define NID_id_pe 175 +-#define OBJ_id_pe OBJ_id_pkix,1L +- +-#define SN_id_qt "id-qt" +-#define NID_id_qt 259 +-#define OBJ_id_qt OBJ_id_pkix,2L +- +-#define SN_id_kp "id-kp" +-#define NID_id_kp 128 +-#define OBJ_id_kp OBJ_id_pkix,3L +- +-#define SN_id_it "id-it" +-#define NID_id_it 260 +-#define OBJ_id_it OBJ_id_pkix,4L +- +-#define SN_id_pkip "id-pkip" +-#define NID_id_pkip 261 +-#define OBJ_id_pkip OBJ_id_pkix,5L +- +-#define SN_id_alg "id-alg" +-#define NID_id_alg 262 +-#define OBJ_id_alg OBJ_id_pkix,6L +- +-#define SN_id_cmc "id-cmc" +-#define NID_id_cmc 263 +-#define OBJ_id_cmc OBJ_id_pkix,7L +- +-#define SN_id_on "id-on" +-#define NID_id_on 264 +-#define OBJ_id_on OBJ_id_pkix,8L +- +-#define SN_id_pda "id-pda" +-#define NID_id_pda 265 +-#define OBJ_id_pda OBJ_id_pkix,9L +- +-#define SN_id_aca "id-aca" +-#define NID_id_aca 266 +-#define OBJ_id_aca OBJ_id_pkix,10L +- +-#define SN_id_qcs "id-qcs" +-#define NID_id_qcs 267 +-#define OBJ_id_qcs OBJ_id_pkix,11L +- +-#define SN_id_cct "id-cct" +-#define NID_id_cct 268 +-#define OBJ_id_cct OBJ_id_pkix,12L +- +-#define SN_id_ppl "id-ppl" +-#define NID_id_ppl 662 +-#define OBJ_id_ppl OBJ_id_pkix,21L +- +-#define SN_id_ad "id-ad" +-#define NID_id_ad 176 +-#define OBJ_id_ad OBJ_id_pkix,48L +- +-#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +-#define NID_id_pkix1_explicit_88 269 +-#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L +- +-#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +-#define NID_id_pkix1_implicit_88 270 +-#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L +- +-#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +-#define NID_id_pkix1_explicit_93 271 +-#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L +- +-#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +-#define NID_id_pkix1_implicit_93 272 +-#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L +- +-#define SN_id_mod_crmf "id-mod-crmf" +-#define NID_id_mod_crmf 273 +-#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L +- +-#define SN_id_mod_cmc "id-mod-cmc" +-#define NID_id_mod_cmc 274 +-#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L +- +-#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +-#define NID_id_mod_kea_profile_88 275 +-#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L +- +-#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +-#define NID_id_mod_kea_profile_93 276 +-#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L +- +-#define SN_id_mod_cmp "id-mod-cmp" +-#define NID_id_mod_cmp 277 +-#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L +- +-#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +-#define NID_id_mod_qualified_cert_88 278 +-#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L +- +-#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +-#define NID_id_mod_qualified_cert_93 279 +-#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L +- +-#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +-#define NID_id_mod_attribute_cert 280 +-#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L +- +-#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +-#define NID_id_mod_timestamp_protocol 281 +-#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L +- +-#define SN_id_mod_ocsp "id-mod-ocsp" +-#define NID_id_mod_ocsp 282 +-#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L +- +-#define SN_id_mod_dvcs "id-mod-dvcs" +-#define NID_id_mod_dvcs 283 +-#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L +- +-#define SN_id_mod_cmp2000 "id-mod-cmp2000" +-#define NID_id_mod_cmp2000 284 +-#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L +- +-#define SN_info_access "authorityInfoAccess" +-#define LN_info_access "Authority Information Access" +-#define NID_info_access 177 +-#define OBJ_info_access OBJ_id_pe,1L +- +-#define SN_biometricInfo "biometricInfo" +-#define LN_biometricInfo "Biometric Info" +-#define NID_biometricInfo 285 +-#define OBJ_biometricInfo OBJ_id_pe,2L +- +-#define SN_qcStatements "qcStatements" +-#define NID_qcStatements 286 +-#define OBJ_qcStatements OBJ_id_pe,3L +- +-#define SN_ac_auditEntity "ac-auditEntity" +-#define NID_ac_auditEntity 287 +-#define OBJ_ac_auditEntity OBJ_id_pe,4L +- +-#define SN_ac_targeting "ac-targeting" +-#define NID_ac_targeting 288 +-#define OBJ_ac_targeting OBJ_id_pe,5L +- +-#define SN_aaControls "aaControls" +-#define NID_aaControls 289 +-#define OBJ_aaControls OBJ_id_pe,6L +- +-#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +-#define NID_sbgp_ipAddrBlock 290 +-#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L +- +-#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +-#define NID_sbgp_autonomousSysNum 291 +-#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L +- +-#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +-#define NID_sbgp_routerIdentifier 292 +-#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L +- +-#define SN_ac_proxying "ac-proxying" +-#define NID_ac_proxying 397 +-#define OBJ_ac_proxying OBJ_id_pe,10L +- +-#define SN_sinfo_access "subjectInfoAccess" +-#define LN_sinfo_access "Subject Information Access" +-#define NID_sinfo_access 398 +-#define OBJ_sinfo_access OBJ_id_pe,11L +- +-#define SN_proxyCertInfo "proxyCertInfo" +-#define LN_proxyCertInfo "Proxy Certificate Information" +-#define NID_proxyCertInfo 663 +-#define OBJ_proxyCertInfo OBJ_id_pe,14L +- +-#define SN_id_qt_cps "id-qt-cps" +-#define LN_id_qt_cps "Policy Qualifier CPS" +-#define NID_id_qt_cps 164 +-#define OBJ_id_qt_cps OBJ_id_qt,1L +- +-#define SN_id_qt_unotice "id-qt-unotice" +-#define LN_id_qt_unotice "Policy Qualifier User Notice" +-#define NID_id_qt_unotice 165 +-#define OBJ_id_qt_unotice OBJ_id_qt,2L +- +-#define SN_textNotice "textNotice" +-#define NID_textNotice 293 +-#define OBJ_textNotice OBJ_id_qt,3L +- +-#define SN_server_auth "serverAuth" +-#define LN_server_auth "TLS Web Server Authentication" +-#define NID_server_auth 129 +-#define OBJ_server_auth OBJ_id_kp,1L +- +-#define SN_client_auth "clientAuth" +-#define LN_client_auth "TLS Web Client Authentication" +-#define NID_client_auth 130 +-#define OBJ_client_auth OBJ_id_kp,2L +- +-#define SN_code_sign "codeSigning" +-#define LN_code_sign "Code Signing" +-#define NID_code_sign 131 +-#define OBJ_code_sign OBJ_id_kp,3L +- +-#define SN_email_protect "emailProtection" +-#define LN_email_protect "E-mail Protection" +-#define NID_email_protect 132 +-#define OBJ_email_protect OBJ_id_kp,4L +- +-#define SN_ipsecEndSystem "ipsecEndSystem" +-#define LN_ipsecEndSystem "IPSec End System" +-#define NID_ipsecEndSystem 294 +-#define OBJ_ipsecEndSystem OBJ_id_kp,5L +- +-#define SN_ipsecTunnel "ipsecTunnel" +-#define LN_ipsecTunnel "IPSec Tunnel" +-#define NID_ipsecTunnel 295 +-#define OBJ_ipsecTunnel OBJ_id_kp,6L +- +-#define SN_ipsecUser "ipsecUser" +-#define LN_ipsecUser "IPSec User" +-#define NID_ipsecUser 296 +-#define OBJ_ipsecUser OBJ_id_kp,7L +- +-#define SN_time_stamp "timeStamping" +-#define LN_time_stamp "Time Stamping" +-#define NID_time_stamp 133 +-#define OBJ_time_stamp OBJ_id_kp,8L +- +-#define SN_OCSP_sign "OCSPSigning" +-#define LN_OCSP_sign "OCSP Signing" +-#define NID_OCSP_sign 180 +-#define OBJ_OCSP_sign OBJ_id_kp,9L +- +-#define SN_dvcs "DVCS" +-#define LN_dvcs "dvcs" +-#define NID_dvcs 297 +-#define OBJ_dvcs OBJ_id_kp,10L +- +-#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +-#define NID_id_it_caProtEncCert 298 +-#define OBJ_id_it_caProtEncCert OBJ_id_it,1L +- +-#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +-#define NID_id_it_signKeyPairTypes 299 +-#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L +- +-#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +-#define NID_id_it_encKeyPairTypes 300 +-#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L +- +-#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +-#define NID_id_it_preferredSymmAlg 301 +-#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L +- +-#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +-#define NID_id_it_caKeyUpdateInfo 302 +-#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L +- +-#define SN_id_it_currentCRL "id-it-currentCRL" +-#define NID_id_it_currentCRL 303 +-#define OBJ_id_it_currentCRL OBJ_id_it,6L +- +-#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +-#define NID_id_it_unsupportedOIDs 304 +-#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L +- +-#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +-#define NID_id_it_subscriptionRequest 305 +-#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L +- +-#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +-#define NID_id_it_subscriptionResponse 306 +-#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L +- +-#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +-#define NID_id_it_keyPairParamReq 307 +-#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L +- +-#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +-#define NID_id_it_keyPairParamRep 308 +-#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L +- +-#define SN_id_it_revPassphrase "id-it-revPassphrase" +-#define NID_id_it_revPassphrase 309 +-#define OBJ_id_it_revPassphrase OBJ_id_it,12L +- +-#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +-#define NID_id_it_implicitConfirm 310 +-#define OBJ_id_it_implicitConfirm OBJ_id_it,13L +- +-#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +-#define NID_id_it_confirmWaitTime 311 +-#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L +- +-#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +-#define NID_id_it_origPKIMessage 312 +-#define OBJ_id_it_origPKIMessage OBJ_id_it,15L +- +-#define SN_id_it_suppLangTags "id-it-suppLangTags" +-#define NID_id_it_suppLangTags 784 +-#define OBJ_id_it_suppLangTags OBJ_id_it,16L +- +-#define SN_id_regCtrl "id-regCtrl" +-#define NID_id_regCtrl 313 +-#define OBJ_id_regCtrl OBJ_id_pkip,1L +- +-#define SN_id_regInfo "id-regInfo" +-#define NID_id_regInfo 314 +-#define OBJ_id_regInfo OBJ_id_pkip,2L +- +-#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +-#define NID_id_regCtrl_regToken 315 +-#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L +- +-#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +-#define NID_id_regCtrl_authenticator 316 +-#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L ++#define LN_safeContentsBag "safeContentsBag" ++#define NID_safeContentsBag 155 ++#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +-#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +-#define NID_id_regCtrl_pkiPublicationInfo 317 +-#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L ++#define SN_md2 "MD2" ++#define LN_md2 "md2" ++#define NID_md2 3 ++#define OBJ_md2 OBJ_rsadsi,2L,2L ++ ++#define SN_md4 "MD4" ++#define LN_md4 "md4" ++#define NID_md4 257 ++#define OBJ_md4 OBJ_rsadsi,2L,4L ++ ++#define SN_md5 "MD5" ++#define LN_md5 "md5" ++#define NID_md5 4 ++#define OBJ_md5 OBJ_rsadsi,2L,5L ++ ++#define SN_md5_sha1 "MD5-SHA1" ++#define LN_md5_sha1 "md5-sha1" ++#define NID_md5_sha1 114 ++ ++#define LN_hmacWithMD5 "hmacWithMD5" ++#define NID_hmacWithMD5 797 ++#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L ++ ++#define LN_hmacWithSHA1 "hmacWithSHA1" ++#define NID_hmacWithSHA1 163 ++#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L ++ ++#define LN_hmacWithSHA224 "hmacWithSHA224" ++#define NID_hmacWithSHA224 798 ++#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L ++ ++#define LN_hmacWithSHA256 "hmacWithSHA256" ++#define NID_hmacWithSHA256 799 ++#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L ++ ++#define LN_hmacWithSHA384 "hmacWithSHA384" ++#define NID_hmacWithSHA384 800 ++#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L ++ ++#define LN_hmacWithSHA512 "hmacWithSHA512" ++#define NID_hmacWithSHA512 801 ++#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L ++ ++#define SN_rc2_cbc "RC2-CBC" ++#define LN_rc2_cbc "rc2-cbc" ++#define NID_rc2_cbc 37 ++#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L ++ ++#define SN_rc2_ecb "RC2-ECB" ++#define LN_rc2_ecb "rc2-ecb" ++#define NID_rc2_ecb 38 ++ ++#define SN_rc2_cfb64 "RC2-CFB" ++#define LN_rc2_cfb64 "rc2-cfb" ++#define NID_rc2_cfb64 39 ++ ++#define SN_rc2_ofb64 "RC2-OFB" ++#define LN_rc2_ofb64 "rc2-ofb" ++#define NID_rc2_ofb64 40 ++ ++#define SN_rc2_40_cbc "RC2-40-CBC" ++#define LN_rc2_40_cbc "rc2-40-cbc" ++#define NID_rc2_40_cbc 98 ++ ++#define SN_rc2_64_cbc "RC2-64-CBC" ++#define LN_rc2_64_cbc "rc2-64-cbc" ++#define NID_rc2_64_cbc 166 ++ ++#define SN_rc4 "RC4" ++#define LN_rc4 "rc4" ++#define NID_rc4 5 ++#define OBJ_rc4 OBJ_rsadsi,3L,4L ++ ++#define SN_rc4_40 "RC4-40" ++#define LN_rc4_40 "rc4-40" ++#define NID_rc4_40 97 ++ ++#define SN_des_ede3_cbc "DES-EDE3-CBC" ++#define LN_des_ede3_cbc "des-ede3-cbc" ++#define NID_des_ede3_cbc 44 ++#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L ++ ++#define SN_rc5_cbc "RC5-CBC" ++#define LN_rc5_cbc "rc5-cbc" ++#define NID_rc5_cbc 120 ++#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L ++ ++#define SN_rc5_ecb "RC5-ECB" ++#define LN_rc5_ecb "rc5-ecb" ++#define NID_rc5_ecb 121 ++ ++#define SN_rc5_cfb64 "RC5-CFB" ++#define LN_rc5_cfb64 "rc5-cfb" ++#define NID_rc5_cfb64 122 ++ ++#define SN_rc5_ofb64 "RC5-OFB" ++#define LN_rc5_ofb64 "rc5-ofb" ++#define NID_rc5_ofb64 123 ++ ++#define SN_ms_ext_req "msExtReq" ++#define LN_ms_ext_req "Microsoft Extension Request" ++#define NID_ms_ext_req 171 ++#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L ++ ++#define SN_ms_code_ind "msCodeInd" ++#define LN_ms_code_ind "Microsoft Individual Code Signing" ++#define NID_ms_code_ind 134 ++#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L ++ ++#define SN_ms_code_com "msCodeCom" ++#define LN_ms_code_com "Microsoft Commercial Code Signing" ++#define NID_ms_code_com 135 ++#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L ++ ++#define SN_ms_ctl_sign "msCTLSign" ++#define LN_ms_ctl_sign "Microsoft Trust List Signing" ++#define NID_ms_ctl_sign 136 ++#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L ++ ++#define SN_ms_sgc "msSGC" ++#define LN_ms_sgc "Microsoft Server Gated Crypto" ++#define NID_ms_sgc 137 ++#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L ++ ++#define SN_ms_efs "msEFS" ++#define LN_ms_efs "Microsoft Encrypted File System" ++#define NID_ms_efs 138 ++#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L ++ ++#define SN_ms_smartcard_login "msSmartcardLogin" ++#define LN_ms_smartcard_login "Microsoft Smartcardlogin" ++#define NID_ms_smartcard_login 648 ++#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L ++ ++#define SN_ms_upn "msUPN" ++#define LN_ms_upn "Microsoft Universal Principal Name" ++#define NID_ms_upn 649 ++#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L ++ ++#define SN_idea_cbc "IDEA-CBC" ++#define LN_idea_cbc "idea-cbc" ++#define NID_idea_cbc 34 ++#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L ++ ++#define SN_idea_ecb "IDEA-ECB" ++#define LN_idea_ecb "idea-ecb" ++#define NID_idea_ecb 36 ++ ++#define SN_idea_cfb64 "IDEA-CFB" ++#define LN_idea_cfb64 "idea-cfb" ++#define NID_idea_cfb64 35 ++ ++#define SN_idea_ofb64 "IDEA-OFB" ++#define LN_idea_ofb64 "idea-ofb" ++#define NID_idea_ofb64 46 ++ ++#define SN_bf_cbc "BF-CBC" ++#define LN_bf_cbc "bf-cbc" ++#define NID_bf_cbc 91 ++#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L ++ ++#define SN_bf_ecb "BF-ECB" ++#define LN_bf_ecb "bf-ecb" ++#define NID_bf_ecb 92 ++ ++#define SN_bf_cfb64 "BF-CFB" ++#define LN_bf_cfb64 "bf-cfb" ++#define NID_bf_cfb64 93 ++ ++#define SN_bf_ofb64 "BF-OFB" ++#define LN_bf_ofb64 "bf-ofb" ++#define NID_bf_ofb64 94 ++ ++#define SN_id_pkix "PKIX" ++#define NID_id_pkix 127 ++#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L ++ ++#define SN_id_pkix_mod "id-pkix-mod" ++#define NID_id_pkix_mod 258 ++#define OBJ_id_pkix_mod OBJ_id_pkix,0L ++ ++#define SN_id_pe "id-pe" ++#define NID_id_pe 175 ++#define OBJ_id_pe OBJ_id_pkix,1L ++ ++#define SN_id_qt "id-qt" ++#define NID_id_qt 259 ++#define OBJ_id_qt OBJ_id_pkix,2L ++ ++#define SN_id_kp "id-kp" ++#define NID_id_kp 128 ++#define OBJ_id_kp OBJ_id_pkix,3L ++ ++#define SN_id_it "id-it" ++#define NID_id_it 260 ++#define OBJ_id_it OBJ_id_pkix,4L ++ ++#define SN_id_pkip "id-pkip" ++#define NID_id_pkip 261 ++#define OBJ_id_pkip OBJ_id_pkix,5L ++ ++#define SN_id_alg "id-alg" ++#define NID_id_alg 262 ++#define OBJ_id_alg OBJ_id_pkix,6L ++ ++#define SN_id_cmc "id-cmc" ++#define NID_id_cmc 263 ++#define OBJ_id_cmc OBJ_id_pkix,7L ++ ++#define SN_id_on "id-on" ++#define NID_id_on 264 ++#define OBJ_id_on OBJ_id_pkix,8L ++ ++#define SN_id_pda "id-pda" ++#define NID_id_pda 265 ++#define OBJ_id_pda OBJ_id_pkix,9L ++ ++#define SN_id_aca "id-aca" ++#define NID_id_aca 266 ++#define OBJ_id_aca OBJ_id_pkix,10L ++ ++#define SN_id_qcs "id-qcs" ++#define NID_id_qcs 267 ++#define OBJ_id_qcs OBJ_id_pkix,11L ++ ++#define SN_id_cct "id-cct" ++#define NID_id_cct 268 ++#define OBJ_id_cct OBJ_id_pkix,12L ++ ++#define SN_id_ppl "id-ppl" ++#define NID_id_ppl 662 ++#define OBJ_id_ppl OBJ_id_pkix,21L ++ ++#define SN_id_ad "id-ad" ++#define NID_id_ad 176 ++#define OBJ_id_ad OBJ_id_pkix,48L ++ ++#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" ++#define NID_id_pkix1_explicit_88 269 ++#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L ++ ++#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" ++#define NID_id_pkix1_implicit_88 270 ++#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L ++ ++#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" ++#define NID_id_pkix1_explicit_93 271 ++#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L ++ ++#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" ++#define NID_id_pkix1_implicit_93 272 ++#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L ++ ++#define SN_id_mod_crmf "id-mod-crmf" ++#define NID_id_mod_crmf 273 ++#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L ++ ++#define SN_id_mod_cmc "id-mod-cmc" ++#define NID_id_mod_cmc 274 ++#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L ++ ++#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" ++#define NID_id_mod_kea_profile_88 275 ++#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L ++ ++#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" ++#define NID_id_mod_kea_profile_93 276 ++#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L ++ ++#define SN_id_mod_cmp "id-mod-cmp" ++#define NID_id_mod_cmp 277 ++#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L ++ ++#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" ++#define NID_id_mod_qualified_cert_88 278 ++#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L ++ ++#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" ++#define NID_id_mod_qualified_cert_93 279 ++#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L ++ ++#define SN_id_mod_attribute_cert "id-mod-attribute-cert" ++#define NID_id_mod_attribute_cert 280 ++#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L ++ ++#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" ++#define NID_id_mod_timestamp_protocol 281 ++#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L ++ ++#define SN_id_mod_ocsp "id-mod-ocsp" ++#define NID_id_mod_ocsp 282 ++#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L ++ ++#define SN_id_mod_dvcs "id-mod-dvcs" ++#define NID_id_mod_dvcs 283 ++#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L ++ ++#define SN_id_mod_cmp2000 "id-mod-cmp2000" ++#define NID_id_mod_cmp2000 284 ++#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L ++ ++#define SN_info_access "authorityInfoAccess" ++#define LN_info_access "Authority Information Access" ++#define NID_info_access 177 ++#define OBJ_info_access OBJ_id_pe,1L ++ ++#define SN_biometricInfo "biometricInfo" ++#define LN_biometricInfo "Biometric Info" ++#define NID_biometricInfo 285 ++#define OBJ_biometricInfo OBJ_id_pe,2L ++ ++#define SN_qcStatements "qcStatements" ++#define NID_qcStatements 286 ++#define OBJ_qcStatements OBJ_id_pe,3L ++ ++#define SN_ac_auditEntity "ac-auditEntity" ++#define NID_ac_auditEntity 287 ++#define OBJ_ac_auditEntity OBJ_id_pe,4L ++ ++#define SN_ac_targeting "ac-targeting" ++#define NID_ac_targeting 288 ++#define OBJ_ac_targeting OBJ_id_pe,5L ++ ++#define SN_aaControls "aaControls" ++#define NID_aaControls 289 ++#define OBJ_aaControls OBJ_id_pe,6L ++ ++#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" ++#define NID_sbgp_ipAddrBlock 290 ++#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L ++ ++#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" ++#define NID_sbgp_autonomousSysNum 291 ++#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L ++ ++#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" ++#define NID_sbgp_routerIdentifier 292 ++#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L ++ ++#define SN_ac_proxying "ac-proxying" ++#define NID_ac_proxying 397 ++#define OBJ_ac_proxying OBJ_id_pe,10L ++ ++#define SN_sinfo_access "subjectInfoAccess" ++#define LN_sinfo_access "Subject Information Access" ++#define NID_sinfo_access 398 ++#define OBJ_sinfo_access OBJ_id_pe,11L ++ ++#define SN_proxyCertInfo "proxyCertInfo" ++#define LN_proxyCertInfo "Proxy Certificate Information" ++#define NID_proxyCertInfo 663 ++#define OBJ_proxyCertInfo OBJ_id_pe,14L ++ ++#define SN_id_qt_cps "id-qt-cps" ++#define LN_id_qt_cps "Policy Qualifier CPS" ++#define NID_id_qt_cps 164 ++#define OBJ_id_qt_cps OBJ_id_qt,1L ++ ++#define SN_id_qt_unotice "id-qt-unotice" ++#define LN_id_qt_unotice "Policy Qualifier User Notice" ++#define NID_id_qt_unotice 165 ++#define OBJ_id_qt_unotice OBJ_id_qt,2L ++ ++#define SN_textNotice "textNotice" ++#define NID_textNotice 293 ++#define OBJ_textNotice OBJ_id_qt,3L ++ ++#define SN_server_auth "serverAuth" ++#define LN_server_auth "TLS Web Server Authentication" ++#define NID_server_auth 129 ++#define OBJ_server_auth OBJ_id_kp,1L ++ ++#define SN_client_auth "clientAuth" ++#define LN_client_auth "TLS Web Client Authentication" ++#define NID_client_auth 130 ++#define OBJ_client_auth OBJ_id_kp,2L ++ ++#define SN_code_sign "codeSigning" ++#define LN_code_sign "Code Signing" ++#define NID_code_sign 131 ++#define OBJ_code_sign OBJ_id_kp,3L ++ ++#define SN_email_protect "emailProtection" ++#define LN_email_protect "E-mail Protection" ++#define NID_email_protect 132 ++#define OBJ_email_protect OBJ_id_kp,4L ++ ++#define SN_ipsecEndSystem "ipsecEndSystem" ++#define LN_ipsecEndSystem "IPSec End System" ++#define NID_ipsecEndSystem 294 ++#define OBJ_ipsecEndSystem OBJ_id_kp,5L ++ ++#define SN_ipsecTunnel "ipsecTunnel" ++#define LN_ipsecTunnel "IPSec Tunnel" ++#define NID_ipsecTunnel 295 ++#define OBJ_ipsecTunnel OBJ_id_kp,6L ++ ++#define SN_ipsecUser "ipsecUser" ++#define LN_ipsecUser "IPSec User" ++#define NID_ipsecUser 296 ++#define OBJ_ipsecUser OBJ_id_kp,7L ++ ++#define SN_time_stamp "timeStamping" ++#define LN_time_stamp "Time Stamping" ++#define NID_time_stamp 133 ++#define OBJ_time_stamp OBJ_id_kp,8L ++ ++#define SN_OCSP_sign "OCSPSigning" ++#define LN_OCSP_sign "OCSP Signing" ++#define NID_OCSP_sign 180 ++#define OBJ_OCSP_sign OBJ_id_kp,9L ++ ++#define SN_dvcs "DVCS" ++#define LN_dvcs "dvcs" ++#define NID_dvcs 297 ++#define OBJ_dvcs OBJ_id_kp,10L ++ ++#define SN_id_it_caProtEncCert "id-it-caProtEncCert" ++#define NID_id_it_caProtEncCert 298 ++#define OBJ_id_it_caProtEncCert OBJ_id_it,1L ++ ++#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" ++#define NID_id_it_signKeyPairTypes 299 ++#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L ++ ++#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" ++#define NID_id_it_encKeyPairTypes 300 ++#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L ++ ++#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" ++#define NID_id_it_preferredSymmAlg 301 ++#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L ++ ++#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" ++#define NID_id_it_caKeyUpdateInfo 302 ++#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L ++ ++#define SN_id_it_currentCRL "id-it-currentCRL" ++#define NID_id_it_currentCRL 303 ++#define OBJ_id_it_currentCRL OBJ_id_it,6L ++ ++#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" ++#define NID_id_it_unsupportedOIDs 304 ++#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L ++ ++#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" ++#define NID_id_it_subscriptionRequest 305 ++#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L ++ ++#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" ++#define NID_id_it_subscriptionResponse 306 ++#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L ++ ++#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" ++#define NID_id_it_keyPairParamReq 307 ++#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L ++ ++#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" ++#define NID_id_it_keyPairParamRep 308 ++#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L ++ ++#define SN_id_it_revPassphrase "id-it-revPassphrase" ++#define NID_id_it_revPassphrase 309 ++#define OBJ_id_it_revPassphrase OBJ_id_it,12L ++ ++#define SN_id_it_implicitConfirm "id-it-implicitConfirm" ++#define NID_id_it_implicitConfirm 310 ++#define OBJ_id_it_implicitConfirm OBJ_id_it,13L ++ ++#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" ++#define NID_id_it_confirmWaitTime 311 ++#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L ++ ++#define SN_id_it_origPKIMessage "id-it-origPKIMessage" ++#define NID_id_it_origPKIMessage 312 ++#define OBJ_id_it_origPKIMessage OBJ_id_it,15L ++ ++#define SN_id_it_suppLangTags "id-it-suppLangTags" ++#define NID_id_it_suppLangTags 784 ++#define OBJ_id_it_suppLangTags OBJ_id_it,16L ++ ++#define SN_id_regCtrl "id-regCtrl" ++#define NID_id_regCtrl 313 ++#define OBJ_id_regCtrl OBJ_id_pkip,1L ++ ++#define SN_id_regInfo "id-regInfo" ++#define NID_id_regInfo 314 ++#define OBJ_id_regInfo OBJ_id_pkip,2L ++ ++#define SN_id_regCtrl_regToken "id-regCtrl-regToken" ++#define NID_id_regCtrl_regToken 315 ++#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L ++ ++#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" ++#define NID_id_regCtrl_authenticator 316 ++#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +-#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +-#define NID_id_regCtrl_pkiArchiveOptions 318 +-#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L ++#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" ++#define NID_id_regCtrl_pkiPublicationInfo 317 ++#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +-#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +-#define NID_id_regCtrl_oldCertID 319 +-#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L ++#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" ++#define NID_id_regCtrl_pkiArchiveOptions 318 ++#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +-#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +-#define NID_id_regCtrl_protocolEncrKey 320 +-#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L ++#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" ++#define NID_id_regCtrl_oldCertID 319 ++#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +-#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +-#define NID_id_regInfo_utf8Pairs 321 +-#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L ++#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" ++#define NID_id_regCtrl_protocolEncrKey 320 ++#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +-#define SN_id_regInfo_certReq "id-regInfo-certReq" +-#define NID_id_regInfo_certReq 322 +-#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L ++#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" ++#define NID_id_regInfo_utf8Pairs 321 ++#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +-#define SN_id_alg_des40 "id-alg-des40" +-#define NID_id_alg_des40 323 +-#define OBJ_id_alg_des40 OBJ_id_alg,1L ++#define SN_id_regInfo_certReq "id-regInfo-certReq" ++#define NID_id_regInfo_certReq 322 ++#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +-#define SN_id_alg_noSignature "id-alg-noSignature" +-#define NID_id_alg_noSignature 324 +-#define OBJ_id_alg_noSignature OBJ_id_alg,2L ++#define SN_id_alg_des40 "id-alg-des40" ++#define NID_id_alg_des40 323 ++#define OBJ_id_alg_des40 OBJ_id_alg,1L + +-#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +-#define NID_id_alg_dh_sig_hmac_sha1 325 +-#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L ++#define SN_id_alg_noSignature "id-alg-noSignature" ++#define NID_id_alg_noSignature 324 ++#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +-#define SN_id_alg_dh_pop "id-alg-dh-pop" +-#define NID_id_alg_dh_pop 326 +-#define OBJ_id_alg_dh_pop OBJ_id_alg,4L ++#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" ++#define NID_id_alg_dh_sig_hmac_sha1 325 ++#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +-#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +-#define NID_id_cmc_statusInfo 327 +-#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L ++#define SN_id_alg_dh_pop "id-alg-dh-pop" ++#define NID_id_alg_dh_pop 326 ++#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +-#define SN_id_cmc_identification "id-cmc-identification" +-#define NID_id_cmc_identification 328 +-#define OBJ_id_cmc_identification OBJ_id_cmc,2L ++#define SN_id_cmc_statusInfo "id-cmc-statusInfo" ++#define NID_id_cmc_statusInfo 327 ++#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +-#define SN_id_cmc_identityProof "id-cmc-identityProof" +-#define NID_id_cmc_identityProof 329 +-#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L ++#define SN_id_cmc_identification "id-cmc-identification" ++#define NID_id_cmc_identification 328 ++#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +-#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +-#define NID_id_cmc_dataReturn 330 +-#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L ++#define SN_id_cmc_identityProof "id-cmc-identityProof" ++#define NID_id_cmc_identityProof 329 ++#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +-#define SN_id_cmc_transactionId "id-cmc-transactionId" +-#define NID_id_cmc_transactionId 331 +-#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L ++#define SN_id_cmc_dataReturn "id-cmc-dataReturn" ++#define NID_id_cmc_dataReturn 330 ++#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +-#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +-#define NID_id_cmc_senderNonce 332 +-#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L ++#define SN_id_cmc_transactionId "id-cmc-transactionId" ++#define NID_id_cmc_transactionId 331 ++#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +-#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +-#define NID_id_cmc_recipientNonce 333 +-#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L ++#define SN_id_cmc_senderNonce "id-cmc-senderNonce" ++#define NID_id_cmc_senderNonce 332 ++#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +-#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +-#define NID_id_cmc_addExtensions 334 +-#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L ++#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" ++#define NID_id_cmc_recipientNonce 333 ++#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +-#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +-#define NID_id_cmc_encryptedPOP 335 +-#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L ++#define SN_id_cmc_addExtensions "id-cmc-addExtensions" ++#define NID_id_cmc_addExtensions 334 ++#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +-#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +-#define NID_id_cmc_decryptedPOP 336 +-#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L ++#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" ++#define NID_id_cmc_encryptedPOP 335 ++#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +-#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +-#define NID_id_cmc_lraPOPWitness 337 +-#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L ++#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" ++#define NID_id_cmc_decryptedPOP 336 ++#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +-#define SN_id_cmc_getCert "id-cmc-getCert" +-#define NID_id_cmc_getCert 338 +-#define OBJ_id_cmc_getCert OBJ_id_cmc,15L ++#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" ++#define NID_id_cmc_lraPOPWitness 337 ++#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +-#define SN_id_cmc_getCRL "id-cmc-getCRL" +-#define NID_id_cmc_getCRL 339 +-#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L ++#define SN_id_cmc_getCert "id-cmc-getCert" ++#define NID_id_cmc_getCert 338 ++#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +-#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +-#define NID_id_cmc_revokeRequest 340 +-#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L ++#define SN_id_cmc_getCRL "id-cmc-getCRL" ++#define NID_id_cmc_getCRL 339 ++#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +-#define SN_id_cmc_regInfo "id-cmc-regInfo" +-#define NID_id_cmc_regInfo 341 +-#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L ++#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" ++#define NID_id_cmc_revokeRequest 340 ++#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +-#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +-#define NID_id_cmc_responseInfo 342 +-#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L ++#define SN_id_cmc_regInfo "id-cmc-regInfo" ++#define NID_id_cmc_regInfo 341 ++#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +-#define SN_id_cmc_queryPending "id-cmc-queryPending" +-#define NID_id_cmc_queryPending 343 +-#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L +- +-#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +-#define NID_id_cmc_popLinkRandom 344 +-#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L +- +-#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +-#define NID_id_cmc_popLinkWitness 345 +-#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L +- +-#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +-#define NID_id_cmc_confirmCertAcceptance 346 +-#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L +- +-#define SN_id_on_personalData "id-on-personalData" +-#define NID_id_on_personalData 347 +-#define OBJ_id_on_personalData OBJ_id_on,1L +- +-#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +-#define LN_id_on_permanentIdentifier "Permanent Identifier" +-#define NID_id_on_permanentIdentifier 858 +-#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L +- +-#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +-#define NID_id_pda_dateOfBirth 348 +-#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L +- +-#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +-#define NID_id_pda_placeOfBirth 349 +-#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L +- +-#define SN_id_pda_gender "id-pda-gender" +-#define NID_id_pda_gender 351 +-#define OBJ_id_pda_gender OBJ_id_pda,3L +- +-#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +-#define NID_id_pda_countryOfCitizenship 352 +-#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L +- +-#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +-#define NID_id_pda_countryOfResidence 353 +-#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L +- +-#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +-#define NID_id_aca_authenticationInfo 354 +-#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L +- +-#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +-#define NID_id_aca_accessIdentity 355 +-#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L +- +-#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +-#define NID_id_aca_chargingIdentity 356 +-#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L +- +-#define SN_id_aca_group "id-aca-group" +-#define NID_id_aca_group 357 +-#define OBJ_id_aca_group OBJ_id_aca,4L +- +-#define SN_id_aca_role "id-aca-role" +-#define NID_id_aca_role 358 +-#define OBJ_id_aca_role OBJ_id_aca,5L +- +-#define SN_id_aca_encAttrs "id-aca-encAttrs" +-#define NID_id_aca_encAttrs 399 +-#define OBJ_id_aca_encAttrs OBJ_id_aca,6L +- +-#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +-#define NID_id_qcs_pkixQCSyntax_v1 359 +-#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L +- +-#define SN_id_cct_crs "id-cct-crs" +-#define NID_id_cct_crs 360 +-#define OBJ_id_cct_crs OBJ_id_cct,1L +- +-#define SN_id_cct_PKIData "id-cct-PKIData" +-#define NID_id_cct_PKIData 361 +-#define OBJ_id_cct_PKIData OBJ_id_cct,2L +- +-#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +-#define NID_id_cct_PKIResponse 362 +-#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L +- +-#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +-#define LN_id_ppl_anyLanguage "Any language" +-#define NID_id_ppl_anyLanguage 664 +-#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L +- +-#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +-#define LN_id_ppl_inheritAll "Inherit all" +-#define NID_id_ppl_inheritAll 665 +-#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L +- +-#define SN_Independent "id-ppl-independent" +-#define LN_Independent "Independent" +-#define NID_Independent 667 +-#define OBJ_Independent OBJ_id_ppl,2L +- +-#define SN_ad_OCSP "OCSP" +-#define LN_ad_OCSP "OCSP" +-#define NID_ad_OCSP 178 +-#define OBJ_ad_OCSP OBJ_id_ad,1L +- +-#define SN_ad_ca_issuers "caIssuers" +-#define LN_ad_ca_issuers "CA Issuers" +-#define NID_ad_ca_issuers 179 +-#define OBJ_ad_ca_issuers OBJ_id_ad,2L +- +-#define SN_ad_timeStamping "ad_timestamping" +-#define LN_ad_timeStamping "AD Time Stamping" +-#define NID_ad_timeStamping 363 +-#define OBJ_ad_timeStamping OBJ_id_ad,3L +- +-#define SN_ad_dvcs "AD_DVCS" +-#define LN_ad_dvcs "ad dvcs" +-#define NID_ad_dvcs 364 +-#define OBJ_ad_dvcs OBJ_id_ad,4L +- +-#define SN_caRepository "caRepository" +-#define LN_caRepository "CA Repository" +-#define NID_caRepository 785 +-#define OBJ_caRepository OBJ_id_ad,5L +- +-#define OBJ_id_pkix_OCSP OBJ_ad_OCSP +- +-#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +-#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +-#define NID_id_pkix_OCSP_basic 365 +-#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L +- +-#define SN_id_pkix_OCSP_Nonce "Nonce" +-#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +-#define NID_id_pkix_OCSP_Nonce 366 +-#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L +- +-#define SN_id_pkix_OCSP_CrlID "CrlID" +-#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +-#define NID_id_pkix_OCSP_CrlID 367 +-#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L +- +-#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +-#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +-#define NID_id_pkix_OCSP_acceptableResponses 368 +-#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L +- +-#define SN_id_pkix_OCSP_noCheck "noCheck" +-#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +-#define NID_id_pkix_OCSP_noCheck 369 +-#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L +- +-#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +-#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +-#define NID_id_pkix_OCSP_archiveCutoff 370 +-#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L +- +-#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +-#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +-#define NID_id_pkix_OCSP_serviceLocator 371 +-#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L +- +-#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +-#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +-#define NID_id_pkix_OCSP_extendedStatus 372 +-#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L +- +-#define SN_id_pkix_OCSP_valid "valid" +-#define NID_id_pkix_OCSP_valid 373 +-#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L +- +-#define SN_id_pkix_OCSP_path "path" +-#define NID_id_pkix_OCSP_path 374 +-#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L +- +-#define SN_id_pkix_OCSP_trustRoot "trustRoot" +-#define LN_id_pkix_OCSP_trustRoot "Trust Root" +-#define NID_id_pkix_OCSP_trustRoot 375 +-#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L +- +-#define SN_algorithm "algorithm" +-#define LN_algorithm "algorithm" +-#define NID_algorithm 376 +-#define OBJ_algorithm 1L,3L,14L,3L,2L +- +-#define SN_md5WithRSA "RSA-NP-MD5" +-#define LN_md5WithRSA "md5WithRSA" +-#define NID_md5WithRSA 104 +-#define OBJ_md5WithRSA OBJ_algorithm,3L +- +-#define SN_des_ecb "DES-ECB" +-#define LN_des_ecb "des-ecb" +-#define NID_des_ecb 29 +-#define OBJ_des_ecb OBJ_algorithm,6L +- +-#define SN_des_cbc "DES-CBC" +-#define LN_des_cbc "des-cbc" +-#define NID_des_cbc 31 +-#define OBJ_des_cbc OBJ_algorithm,7L +- +-#define SN_des_ofb64 "DES-OFB" +-#define LN_des_ofb64 "des-ofb" +-#define NID_des_ofb64 45 +-#define OBJ_des_ofb64 OBJ_algorithm,8L +- +-#define SN_des_cfb64 "DES-CFB" +-#define LN_des_cfb64 "des-cfb" +-#define NID_des_cfb64 30 +-#define OBJ_des_cfb64 OBJ_algorithm,9L +- +-#define SN_rsaSignature "rsaSignature" +-#define NID_rsaSignature 377 +-#define OBJ_rsaSignature OBJ_algorithm,11L +- +-#define SN_dsa_2 "DSA-old" +-#define LN_dsa_2 "dsaEncryption-old" +-#define NID_dsa_2 67 +-#define OBJ_dsa_2 OBJ_algorithm,12L +- +-#define SN_dsaWithSHA "DSA-SHA" +-#define LN_dsaWithSHA "dsaWithSHA" +-#define NID_dsaWithSHA 66 +-#define OBJ_dsaWithSHA OBJ_algorithm,13L +- +-#define SN_shaWithRSAEncryption "RSA-SHA" +-#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +-#define NID_shaWithRSAEncryption 42 +-#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L +- +-#define SN_des_ede_ecb "DES-EDE" +-#define LN_des_ede_ecb "des-ede" +-#define NID_des_ede_ecb 32 +-#define OBJ_des_ede_ecb OBJ_algorithm,17L +- +-#define SN_des_ede3_ecb "DES-EDE3" +-#define LN_des_ede3_ecb "des-ede3" +-#define NID_des_ede3_ecb 33 +- +-#define SN_des_ede_cbc "DES-EDE-CBC" +-#define LN_des_ede_cbc "des-ede-cbc" +-#define NID_des_ede_cbc 43 +- +-#define SN_des_ede_cfb64 "DES-EDE-CFB" +-#define LN_des_ede_cfb64 "des-ede-cfb" +-#define NID_des_ede_cfb64 60 +- +-#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +-#define LN_des_ede3_cfb64 "des-ede3-cfb" +-#define NID_des_ede3_cfb64 61 +- +-#define SN_des_ede_ofb64 "DES-EDE-OFB" +-#define LN_des_ede_ofb64 "des-ede-ofb" +-#define NID_des_ede_ofb64 62 +- +-#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +-#define LN_des_ede3_ofb64 "des-ede3-ofb" +-#define NID_des_ede3_ofb64 63 +- +-#define SN_desx_cbc "DESX-CBC" +-#define LN_desx_cbc "desx-cbc" +-#define NID_desx_cbc 80 +- +-#define SN_sha "SHA" +-#define LN_sha "sha" +-#define NID_sha 41 +-#define OBJ_sha OBJ_algorithm,18L +- +-#define SN_sha1 "SHA1" +-#define LN_sha1 "sha1" +-#define NID_sha1 64 +-#define OBJ_sha1 OBJ_algorithm,26L +- +-#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +-#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +-#define NID_dsaWithSHA1_2 70 +-#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L +- +-#define SN_sha1WithRSA "RSA-SHA1-2" +-#define LN_sha1WithRSA "sha1WithRSA" +-#define NID_sha1WithRSA 115 +-#define OBJ_sha1WithRSA OBJ_algorithm,29L +- +-#define SN_ripemd160 "RIPEMD160" +-#define LN_ripemd160 "ripemd160" +-#define NID_ripemd160 117 +-#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L +- +-#define SN_ripemd160WithRSA "RSA-RIPEMD160" +-#define LN_ripemd160WithRSA "ripemd160WithRSA" +-#define NID_ripemd160WithRSA 119 +-#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +- +-#define SN_sxnet "SXNetID" +-#define LN_sxnet "Strong Extranet ID" +-#define NID_sxnet 143 +-#define OBJ_sxnet 1L,3L,101L,1L,4L,1L +- +-#define SN_X500 "X500" +-#define LN_X500 "directory services (X.500)" +-#define NID_X500 11 +-#define OBJ_X500 2L,5L +- +-#define SN_X509 "X509" +-#define NID_X509 12 +-#define OBJ_X509 OBJ_X500,4L +- +-#define SN_commonName "CN" +-#define LN_commonName "commonName" +-#define NID_commonName 13 +-#define OBJ_commonName OBJ_X509,3L +- +-#define SN_surname "SN" +-#define LN_surname "surname" +-#define NID_surname 100 +-#define OBJ_surname OBJ_X509,4L +- +-#define LN_serialNumber "serialNumber" +-#define NID_serialNumber 105 +-#define OBJ_serialNumber OBJ_X509,5L +- +-#define SN_countryName "C" +-#define LN_countryName "countryName" +-#define NID_countryName 14 +-#define OBJ_countryName OBJ_X509,6L +- +-#define SN_localityName "L" +-#define LN_localityName "localityName" +-#define NID_localityName 15 +-#define OBJ_localityName OBJ_X509,7L +- +-#define SN_stateOrProvinceName "ST" +-#define LN_stateOrProvinceName "stateOrProvinceName" +-#define NID_stateOrProvinceName 16 +-#define OBJ_stateOrProvinceName OBJ_X509,8L +- +-#define SN_streetAddress "street" +-#define LN_streetAddress "streetAddress" +-#define NID_streetAddress 660 +-#define OBJ_streetAddress OBJ_X509,9L +- +-#define SN_organizationName "O" +-#define LN_organizationName "organizationName" +-#define NID_organizationName 17 +-#define OBJ_organizationName OBJ_X509,10L +- +-#define SN_organizationalUnitName "OU" +-#define LN_organizationalUnitName "organizationalUnitName" +-#define NID_organizationalUnitName 18 +-#define OBJ_organizationalUnitName OBJ_X509,11L +- +-#define SN_title "title" +-#define LN_title "title" +-#define NID_title 106 +-#define OBJ_title OBJ_X509,12L +- +-#define LN_description "description" +-#define NID_description 107 +-#define OBJ_description OBJ_X509,13L +- +-#define LN_searchGuide "searchGuide" +-#define NID_searchGuide 859 +-#define OBJ_searchGuide OBJ_X509,14L +- +-#define LN_businessCategory "businessCategory" +-#define NID_businessCategory 860 +-#define OBJ_businessCategory OBJ_X509,15L +- +-#define LN_postalAddress "postalAddress" +-#define NID_postalAddress 861 +-#define OBJ_postalAddress OBJ_X509,16L +- +-#define LN_postalCode "postalCode" +-#define NID_postalCode 661 +-#define OBJ_postalCode OBJ_X509,17L +- +-#define LN_postOfficeBox "postOfficeBox" +-#define NID_postOfficeBox 862 +-#define OBJ_postOfficeBox OBJ_X509,18L +- +-#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +-#define NID_physicalDeliveryOfficeName 863 +-#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L +- +-#define LN_telephoneNumber "telephoneNumber" +-#define NID_telephoneNumber 864 +-#define OBJ_telephoneNumber OBJ_X509,20L +- +-#define LN_telexNumber "telexNumber" +-#define NID_telexNumber 865 +-#define OBJ_telexNumber OBJ_X509,21L +- +-#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +-#define NID_teletexTerminalIdentifier 866 +-#define OBJ_teletexTerminalIdentifier OBJ_X509,22L +- +-#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +-#define NID_facsimileTelephoneNumber 867 +-#define OBJ_facsimileTelephoneNumber OBJ_X509,23L +- +-#define LN_x121Address "x121Address" +-#define NID_x121Address 868 +-#define OBJ_x121Address OBJ_X509,24L +- +-#define LN_internationaliSDNNumber "internationaliSDNNumber" +-#define NID_internationaliSDNNumber 869 +-#define OBJ_internationaliSDNNumber OBJ_X509,25L +- +-#define LN_registeredAddress "registeredAddress" +-#define NID_registeredAddress 870 +-#define OBJ_registeredAddress OBJ_X509,26L +- +-#define LN_destinationIndicator "destinationIndicator" +-#define NID_destinationIndicator 871 +-#define OBJ_destinationIndicator OBJ_X509,27L +- +-#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +-#define NID_preferredDeliveryMethod 872 +-#define OBJ_preferredDeliveryMethod OBJ_X509,28L +- +-#define LN_presentationAddress "presentationAddress" +-#define NID_presentationAddress 873 +-#define OBJ_presentationAddress OBJ_X509,29L +- +-#define LN_supportedApplicationContext "supportedApplicationContext" +-#define NID_supportedApplicationContext 874 +-#define OBJ_supportedApplicationContext OBJ_X509,30L +- +-#define SN_member "member" +-#define NID_member 875 +-#define OBJ_member OBJ_X509,31L +- +-#define SN_owner "owner" +-#define NID_owner 876 +-#define OBJ_owner OBJ_X509,32L +- +-#define LN_roleOccupant "roleOccupant" +-#define NID_roleOccupant 877 +-#define OBJ_roleOccupant OBJ_X509,33L +- +-#define SN_seeAlso "seeAlso" +-#define NID_seeAlso 878 +-#define OBJ_seeAlso OBJ_X509,34L +- +-#define LN_userPassword "userPassword" +-#define NID_userPassword 879 +-#define OBJ_userPassword OBJ_X509,35L +- +-#define LN_userCertificate "userCertificate" +-#define NID_userCertificate 880 +-#define OBJ_userCertificate OBJ_X509,36L +- +-#define LN_cACertificate "cACertificate" +-#define NID_cACertificate 881 +-#define OBJ_cACertificate OBJ_X509,37L +- +-#define LN_authorityRevocationList "authorityRevocationList" +-#define NID_authorityRevocationList 882 +-#define OBJ_authorityRevocationList OBJ_X509,38L +- +-#define LN_certificateRevocationList "certificateRevocationList" +-#define NID_certificateRevocationList 883 +-#define OBJ_certificateRevocationList OBJ_X509,39L +- +-#define LN_crossCertificatePair "crossCertificatePair" +-#define NID_crossCertificatePair 884 +-#define OBJ_crossCertificatePair OBJ_X509,40L +- +-#define SN_name "name" +-#define LN_name "name" +-#define NID_name 173 +-#define OBJ_name OBJ_X509,41L +- +-#define SN_givenName "GN" +-#define LN_givenName "givenName" +-#define NID_givenName 99 +-#define OBJ_givenName OBJ_X509,42L +- +-#define SN_initials "initials" +-#define LN_initials "initials" +-#define NID_initials 101 +-#define OBJ_initials OBJ_X509,43L +- +-#define LN_generationQualifier "generationQualifier" +-#define NID_generationQualifier 509 +-#define OBJ_generationQualifier OBJ_X509,44L +- +-#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +-#define NID_x500UniqueIdentifier 503 +-#define OBJ_x500UniqueIdentifier OBJ_X509,45L +- +-#define SN_dnQualifier "dnQualifier" +-#define LN_dnQualifier "dnQualifier" +-#define NID_dnQualifier 174 +-#define OBJ_dnQualifier OBJ_X509,46L +- +-#define LN_enhancedSearchGuide "enhancedSearchGuide" +-#define NID_enhancedSearchGuide 885 +-#define OBJ_enhancedSearchGuide OBJ_X509,47L +- +-#define LN_protocolInformation "protocolInformation" +-#define NID_protocolInformation 886 +-#define OBJ_protocolInformation OBJ_X509,48L +- +-#define LN_distinguishedName "distinguishedName" +-#define NID_distinguishedName 887 +-#define OBJ_distinguishedName OBJ_X509,49L +- +-#define LN_uniqueMember "uniqueMember" +-#define NID_uniqueMember 888 +-#define OBJ_uniqueMember OBJ_X509,50L +- +-#define LN_houseIdentifier "houseIdentifier" +-#define NID_houseIdentifier 889 +-#define OBJ_houseIdentifier OBJ_X509,51L +- +-#define LN_supportedAlgorithms "supportedAlgorithms" +-#define NID_supportedAlgorithms 890 +-#define OBJ_supportedAlgorithms OBJ_X509,52L +- +-#define LN_deltaRevocationList "deltaRevocationList" +-#define NID_deltaRevocationList 891 +-#define OBJ_deltaRevocationList OBJ_X509,53L +- +-#define SN_dmdName "dmdName" +-#define NID_dmdName 892 +-#define OBJ_dmdName OBJ_X509,54L +- +-#define LN_pseudonym "pseudonym" +-#define NID_pseudonym 510 +-#define OBJ_pseudonym OBJ_X509,65L +- +-#define SN_role "role" +-#define LN_role "role" +-#define NID_role 400 +-#define OBJ_role OBJ_X509,72L +- +-#define SN_X500algorithms "X500algorithms" +-#define LN_X500algorithms "directory services - algorithms" +-#define NID_X500algorithms 378 +-#define OBJ_X500algorithms OBJ_X500,8L +- +-#define SN_rsa "RSA" +-#define LN_rsa "rsa" +-#define NID_rsa 19 +-#define OBJ_rsa OBJ_X500algorithms,1L,1L +- +-#define SN_mdc2WithRSA "RSA-MDC2" +-#define LN_mdc2WithRSA "mdc2WithRSA" +-#define NID_mdc2WithRSA 96 +-#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L +- +-#define SN_mdc2 "MDC2" +-#define LN_mdc2 "mdc2" +-#define NID_mdc2 95 +-#define OBJ_mdc2 OBJ_X500algorithms,3L,101L +- +-#define SN_id_ce "id-ce" +-#define NID_id_ce 81 +-#define OBJ_id_ce OBJ_X500,29L +- +-#define SN_subject_directory_attributes "subjectDirectoryAttributes" +-#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +-#define NID_subject_directory_attributes 769 +-#define OBJ_subject_directory_attributes OBJ_id_ce,9L +- +-#define SN_subject_key_identifier "subjectKeyIdentifier" +-#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +-#define NID_subject_key_identifier 82 +-#define OBJ_subject_key_identifier OBJ_id_ce,14L +- +-#define SN_key_usage "keyUsage" +-#define LN_key_usage "X509v3 Key Usage" +-#define NID_key_usage 83 +-#define OBJ_key_usage OBJ_id_ce,15L +- +-#define SN_private_key_usage_period "privateKeyUsagePeriod" +-#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +-#define NID_private_key_usage_period 84 +-#define OBJ_private_key_usage_period OBJ_id_ce,16L +- +-#define SN_subject_alt_name "subjectAltName" +-#define LN_subject_alt_name "X509v3 Subject Alternative Name" +-#define NID_subject_alt_name 85 +-#define OBJ_subject_alt_name OBJ_id_ce,17L +- +-#define SN_issuer_alt_name "issuerAltName" +-#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +-#define NID_issuer_alt_name 86 +-#define OBJ_issuer_alt_name OBJ_id_ce,18L +- +-#define SN_basic_constraints "basicConstraints" +-#define LN_basic_constraints "X509v3 Basic Constraints" +-#define NID_basic_constraints 87 +-#define OBJ_basic_constraints OBJ_id_ce,19L +- +-#define SN_crl_number "crlNumber" +-#define LN_crl_number "X509v3 CRL Number" +-#define NID_crl_number 88 +-#define OBJ_crl_number OBJ_id_ce,20L +- +-#define SN_crl_reason "CRLReason" +-#define LN_crl_reason "X509v3 CRL Reason Code" +-#define NID_crl_reason 141 +-#define OBJ_crl_reason OBJ_id_ce,21L +- +-#define SN_invalidity_date "invalidityDate" +-#define LN_invalidity_date "Invalidity Date" +-#define NID_invalidity_date 142 +-#define OBJ_invalidity_date OBJ_id_ce,24L +- +-#define SN_delta_crl "deltaCRL" +-#define LN_delta_crl "X509v3 Delta CRL Indicator" +-#define NID_delta_crl 140 +-#define OBJ_delta_crl OBJ_id_ce,27L +- +-#define SN_issuing_distribution_point "issuingDistributionPoint" +-#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +-#define NID_issuing_distribution_point 770 +-#define OBJ_issuing_distribution_point OBJ_id_ce,28L +- +-#define SN_certificate_issuer "certificateIssuer" +-#define LN_certificate_issuer "X509v3 Certificate Issuer" +-#define NID_certificate_issuer 771 +-#define OBJ_certificate_issuer OBJ_id_ce,29L +- +-#define SN_name_constraints "nameConstraints" +-#define LN_name_constraints "X509v3 Name Constraints" +-#define NID_name_constraints 666 +-#define OBJ_name_constraints OBJ_id_ce,30L +- +-#define SN_crl_distribution_points "crlDistributionPoints" +-#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +-#define NID_crl_distribution_points 103 +-#define OBJ_crl_distribution_points OBJ_id_ce,31L +- +-#define SN_certificate_policies "certificatePolicies" +-#define LN_certificate_policies "X509v3 Certificate Policies" +-#define NID_certificate_policies 89 +-#define OBJ_certificate_policies OBJ_id_ce,32L +- +-#define SN_any_policy "anyPolicy" +-#define LN_any_policy "X509v3 Any Policy" +-#define NID_any_policy 746 +-#define OBJ_any_policy OBJ_certificate_policies,0L +- +-#define SN_policy_mappings "policyMappings" +-#define LN_policy_mappings "X509v3 Policy Mappings" +-#define NID_policy_mappings 747 +-#define OBJ_policy_mappings OBJ_id_ce,33L +- +-#define SN_authority_key_identifier "authorityKeyIdentifier" +-#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +-#define NID_authority_key_identifier 90 +-#define OBJ_authority_key_identifier OBJ_id_ce,35L +- +-#define SN_policy_constraints "policyConstraints" +-#define LN_policy_constraints "X509v3 Policy Constraints" +-#define NID_policy_constraints 401 +-#define OBJ_policy_constraints OBJ_id_ce,36L +- +-#define SN_ext_key_usage "extendedKeyUsage" +-#define LN_ext_key_usage "X509v3 Extended Key Usage" +-#define NID_ext_key_usage 126 +-#define OBJ_ext_key_usage OBJ_id_ce,37L +- +-#define SN_freshest_crl "freshestCRL" +-#define LN_freshest_crl "X509v3 Freshest CRL" +-#define NID_freshest_crl 857 +-#define OBJ_freshest_crl OBJ_id_ce,46L +- +-#define SN_inhibit_any_policy "inhibitAnyPolicy" +-#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +-#define NID_inhibit_any_policy 748 +-#define OBJ_inhibit_any_policy OBJ_id_ce,54L +- +-#define SN_target_information "targetInformation" +-#define LN_target_information "X509v3 AC Targeting" +-#define NID_target_information 402 +-#define OBJ_target_information OBJ_id_ce,55L +- +-#define SN_no_rev_avail "noRevAvail" +-#define LN_no_rev_avail "X509v3 No Revocation Available" +-#define NID_no_rev_avail 403 +-#define OBJ_no_rev_avail OBJ_id_ce,56L +- +-#define SN_netscape "Netscape" +-#define LN_netscape "Netscape Communications Corp." +-#define NID_netscape 57 +-#define OBJ_netscape 2L,16L,840L,1L,113730L +- +-#define SN_netscape_cert_extension "nsCertExt" +-#define LN_netscape_cert_extension "Netscape Certificate Extension" +-#define NID_netscape_cert_extension 58 +-#define OBJ_netscape_cert_extension OBJ_netscape,1L +- +-#define SN_netscape_data_type "nsDataType" +-#define LN_netscape_data_type "Netscape Data Type" +-#define NID_netscape_data_type 59 +-#define OBJ_netscape_data_type OBJ_netscape,2L +- +-#define SN_netscape_cert_type "nsCertType" +-#define LN_netscape_cert_type "Netscape Cert Type" +-#define NID_netscape_cert_type 71 +-#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L +- +-#define SN_netscape_base_url "nsBaseUrl" +-#define LN_netscape_base_url "Netscape Base Url" +-#define NID_netscape_base_url 72 +-#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L +- +-#define SN_netscape_revocation_url "nsRevocationUrl" +-#define LN_netscape_revocation_url "Netscape Revocation Url" +-#define NID_netscape_revocation_url 73 +-#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L +- +-#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +-#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +-#define NID_netscape_ca_revocation_url 74 +-#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L +- +-#define SN_netscape_renewal_url "nsRenewalUrl" +-#define LN_netscape_renewal_url "Netscape Renewal Url" +-#define NID_netscape_renewal_url 75 +-#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L +- +-#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +-#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +-#define NID_netscape_ca_policy_url 76 +-#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L +- +-#define SN_netscape_ssl_server_name "nsSslServerName" +-#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +-#define NID_netscape_ssl_server_name 77 +-#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L +- +-#define SN_netscape_comment "nsComment" +-#define LN_netscape_comment "Netscape Comment" +-#define NID_netscape_comment 78 +-#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L +- +-#define SN_netscape_cert_sequence "nsCertSequence" +-#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +-#define NID_netscape_cert_sequence 79 +-#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L +- +-#define SN_ns_sgc "nsSGC" +-#define LN_ns_sgc "Netscape Server Gated Crypto" +-#define NID_ns_sgc 139 +-#define OBJ_ns_sgc OBJ_netscape,4L,1L +- +-#define SN_org "ORG" +-#define LN_org "org" +-#define NID_org 379 +-#define OBJ_org OBJ_iso,3L +- +-#define SN_dod "DOD" +-#define LN_dod "dod" +-#define NID_dod 380 +-#define OBJ_dod OBJ_org,6L +- +-#define SN_iana "IANA" +-#define LN_iana "iana" +-#define NID_iana 381 +-#define OBJ_iana OBJ_dod,1L +- +-#define OBJ_internet OBJ_iana +- +-#define SN_Directory "directory" +-#define LN_Directory "Directory" +-#define NID_Directory 382 +-#define OBJ_Directory OBJ_internet,1L +- +-#define SN_Management "mgmt" +-#define LN_Management "Management" +-#define NID_Management 383 +-#define OBJ_Management OBJ_internet,2L +- +-#define SN_Experimental "experimental" +-#define LN_Experimental "Experimental" +-#define NID_Experimental 384 +-#define OBJ_Experimental OBJ_internet,3L +- +-#define SN_Private "private" +-#define LN_Private "Private" +-#define NID_Private 385 +-#define OBJ_Private OBJ_internet,4L +- +-#define SN_Security "security" +-#define LN_Security "Security" +-#define NID_Security 386 +-#define OBJ_Security OBJ_internet,5L +- +-#define SN_SNMPv2 "snmpv2" +-#define LN_SNMPv2 "SNMPv2" +-#define NID_SNMPv2 387 +-#define OBJ_SNMPv2 OBJ_internet,6L +- +-#define LN_Mail "Mail" +-#define NID_Mail 388 +-#define OBJ_Mail OBJ_internet,7L +- +-#define SN_Enterprises "enterprises" +-#define LN_Enterprises "Enterprises" +-#define NID_Enterprises 389 +-#define OBJ_Enterprises OBJ_Private,1L +- +-#define SN_dcObject "dcobject" +-#define LN_dcObject "dcObject" +-#define NID_dcObject 390 +-#define OBJ_dcObject OBJ_Enterprises,1466L,344L +- +-#define SN_mime_mhs "mime-mhs" +-#define LN_mime_mhs "MIME MHS" +-#define NID_mime_mhs 504 +-#define OBJ_mime_mhs OBJ_Mail,1L +- +-#define SN_mime_mhs_headings "mime-mhs-headings" +-#define LN_mime_mhs_headings "mime-mhs-headings" +-#define NID_mime_mhs_headings 505 +-#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L +- +-#define SN_mime_mhs_bodies "mime-mhs-bodies" +-#define LN_mime_mhs_bodies "mime-mhs-bodies" +-#define NID_mime_mhs_bodies 506 +-#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L +- +-#define SN_id_hex_partial_message "id-hex-partial-message" +-#define LN_id_hex_partial_message "id-hex-partial-message" +-#define NID_id_hex_partial_message 507 +-#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L +- +-#define SN_id_hex_multipart_message "id-hex-multipart-message" +-#define LN_id_hex_multipart_message "id-hex-multipart-message" +-#define NID_id_hex_multipart_message 508 +-#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L +- +-#define SN_rle_compression "RLE" +-#define LN_rle_compression "run length compression" +-#define NID_rle_compression 124 +-#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L +- +-#define SN_zlib_compression "ZLIB" +-#define LN_zlib_compression "zlib compression" +-#define NID_zlib_compression 125 +-#define OBJ_zlib_compression OBJ_id_smime_alg,8L +- +-#define OBJ_csor 2L,16L,840L,1L,101L,3L +- +-#define OBJ_nistAlgorithms OBJ_csor,4L +- +-#define OBJ_aes OBJ_nistAlgorithms,1L +- +-#define SN_aes_128_ecb "AES-128-ECB" +-#define LN_aes_128_ecb "aes-128-ecb" +-#define NID_aes_128_ecb 418 +-#define OBJ_aes_128_ecb OBJ_aes,1L +- +-#define SN_aes_128_cbc "AES-128-CBC" +-#define LN_aes_128_cbc "aes-128-cbc" +-#define NID_aes_128_cbc 419 +-#define OBJ_aes_128_cbc OBJ_aes,2L +- +-#define SN_aes_128_ofb128 "AES-128-OFB" +-#define LN_aes_128_ofb128 "aes-128-ofb" +-#define NID_aes_128_ofb128 420 +-#define OBJ_aes_128_ofb128 OBJ_aes,3L +- +-#define SN_aes_128_cfb128 "AES-128-CFB" +-#define LN_aes_128_cfb128 "aes-128-cfb" +-#define NID_aes_128_cfb128 421 +-#define OBJ_aes_128_cfb128 OBJ_aes,4L +- +-#define SN_aes_192_ecb "AES-192-ECB" +-#define LN_aes_192_ecb "aes-192-ecb" +-#define NID_aes_192_ecb 422 +-#define OBJ_aes_192_ecb OBJ_aes,21L +- +-#define SN_aes_192_cbc "AES-192-CBC" +-#define LN_aes_192_cbc "aes-192-cbc" +-#define NID_aes_192_cbc 423 +-#define OBJ_aes_192_cbc OBJ_aes,22L +- +-#define SN_aes_192_ofb128 "AES-192-OFB" +-#define LN_aes_192_ofb128 "aes-192-ofb" +-#define NID_aes_192_ofb128 424 +-#define OBJ_aes_192_ofb128 OBJ_aes,23L +- +-#define SN_aes_192_cfb128 "AES-192-CFB" +-#define LN_aes_192_cfb128 "aes-192-cfb" +-#define NID_aes_192_cfb128 425 +-#define OBJ_aes_192_cfb128 OBJ_aes,24L +- +-#define SN_aes_256_ecb "AES-256-ECB" +-#define LN_aes_256_ecb "aes-256-ecb" +-#define NID_aes_256_ecb 426 +-#define OBJ_aes_256_ecb OBJ_aes,41L +- +-#define SN_aes_256_cbc "AES-256-CBC" +-#define LN_aes_256_cbc "aes-256-cbc" +-#define NID_aes_256_cbc 427 +-#define OBJ_aes_256_cbc OBJ_aes,42L +- +-#define SN_aes_256_ofb128 "AES-256-OFB" +-#define LN_aes_256_ofb128 "aes-256-ofb" +-#define NID_aes_256_ofb128 428 +-#define OBJ_aes_256_ofb128 OBJ_aes,43L +- +-#define SN_aes_256_cfb128 "AES-256-CFB" +-#define LN_aes_256_cfb128 "aes-256-cfb" +-#define NID_aes_256_cfb128 429 +-#define OBJ_aes_256_cfb128 OBJ_aes,44L +- +-#define SN_aes_128_cfb1 "AES-128-CFB1" +-#define LN_aes_128_cfb1 "aes-128-cfb1" +-#define NID_aes_128_cfb1 650 +- +-#define SN_aes_192_cfb1 "AES-192-CFB1" +-#define LN_aes_192_cfb1 "aes-192-cfb1" +-#define NID_aes_192_cfb1 651 +- +-#define SN_aes_256_cfb1 "AES-256-CFB1" +-#define LN_aes_256_cfb1 "aes-256-cfb1" +-#define NID_aes_256_cfb1 652 +- +-#define SN_aes_128_cfb8 "AES-128-CFB8" +-#define LN_aes_128_cfb8 "aes-128-cfb8" +-#define NID_aes_128_cfb8 653 +- +-#define SN_aes_192_cfb8 "AES-192-CFB8" +-#define LN_aes_192_cfb8 "aes-192-cfb8" +-#define NID_aes_192_cfb8 654 +- +-#define SN_aes_256_cfb8 "AES-256-CFB8" +-#define LN_aes_256_cfb8 "aes-256-cfb8" +-#define NID_aes_256_cfb8 655 +- +-#define SN_des_cfb1 "DES-CFB1" +-#define LN_des_cfb1 "des-cfb1" +-#define NID_des_cfb1 656 +- +-#define SN_des_cfb8 "DES-CFB8" +-#define LN_des_cfb8 "des-cfb8" +-#define NID_des_cfb8 657 +- +-#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +-#define LN_des_ede3_cfb1 "des-ede3-cfb1" +-#define NID_des_ede3_cfb1 658 +- +-#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +-#define LN_des_ede3_cfb8 "des-ede3-cfb8" +-#define NID_des_ede3_cfb8 659 +- +-#define SN_id_aes128_wrap "id-aes128-wrap" +-#define NID_id_aes128_wrap 788 +-#define OBJ_id_aes128_wrap OBJ_aes,5L +- +-#define SN_id_aes192_wrap "id-aes192-wrap" +-#define NID_id_aes192_wrap 789 +-#define OBJ_id_aes192_wrap OBJ_aes,25L +- +-#define SN_id_aes256_wrap "id-aes256-wrap" +-#define NID_id_aes256_wrap 790 +-#define OBJ_id_aes256_wrap OBJ_aes,45L +- +-#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L +- +-#define SN_sha256 "SHA256" +-#define LN_sha256 "sha256" +-#define NID_sha256 672 +-#define OBJ_sha256 OBJ_nist_hashalgs,1L +- +-#define SN_sha384 "SHA384" +-#define LN_sha384 "sha384" +-#define NID_sha384 673 +-#define OBJ_sha384 OBJ_nist_hashalgs,2L +- +-#define SN_sha512 "SHA512" +-#define LN_sha512 "sha512" +-#define NID_sha512 674 +-#define OBJ_sha512 OBJ_nist_hashalgs,3L +- +-#define SN_sha224 "SHA224" +-#define LN_sha224 "sha224" +-#define NID_sha224 675 +-#define OBJ_sha224 OBJ_nist_hashalgs,4L +- +-#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L +- +-#define SN_dsa_with_SHA224 "dsa_with_SHA224" +-#define NID_dsa_with_SHA224 802 +-#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L +- +-#define SN_dsa_with_SHA256 "dsa_with_SHA256" +-#define NID_dsa_with_SHA256 803 +-#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L +- +-#define SN_hold_instruction_code "holdInstructionCode" +-#define LN_hold_instruction_code "Hold Instruction Code" +-#define NID_hold_instruction_code 430 +-#define OBJ_hold_instruction_code OBJ_id_ce,23L +- +-#define OBJ_holdInstruction OBJ_X9_57,2L +- +-#define SN_hold_instruction_none "holdInstructionNone" +-#define LN_hold_instruction_none "Hold Instruction None" +-#define NID_hold_instruction_none 431 +-#define OBJ_hold_instruction_none OBJ_holdInstruction,1L +- +-#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +-#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +-#define NID_hold_instruction_call_issuer 432 +-#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L +- +-#define SN_hold_instruction_reject "holdInstructionReject" +-#define LN_hold_instruction_reject "Hold Instruction Reject" +-#define NID_hold_instruction_reject 433 +-#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L +- +-#define SN_data "data" +-#define NID_data 434 +-#define OBJ_data OBJ_itu_t,9L +- +-#define SN_pss "pss" +-#define NID_pss 435 +-#define OBJ_pss OBJ_data,2342L +- +-#define SN_ucl "ucl" +-#define NID_ucl 436 +-#define OBJ_ucl OBJ_pss,19200300L +- +-#define SN_pilot "pilot" +-#define NID_pilot 437 +-#define OBJ_pilot OBJ_ucl,100L +- +-#define LN_pilotAttributeType "pilotAttributeType" +-#define NID_pilotAttributeType 438 +-#define OBJ_pilotAttributeType OBJ_pilot,1L +- +-#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +-#define NID_pilotAttributeSyntax 439 +-#define OBJ_pilotAttributeSyntax OBJ_pilot,3L +- +-#define LN_pilotObjectClass "pilotObjectClass" +-#define NID_pilotObjectClass 440 +-#define OBJ_pilotObjectClass OBJ_pilot,4L +- +-#define LN_pilotGroups "pilotGroups" +-#define NID_pilotGroups 441 +-#define OBJ_pilotGroups OBJ_pilot,10L +- +-#define LN_iA5StringSyntax "iA5StringSyntax" +-#define NID_iA5StringSyntax 442 +-#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L +- +-#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +-#define NID_caseIgnoreIA5StringSyntax 443 +-#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L +- +-#define LN_pilotObject "pilotObject" +-#define NID_pilotObject 444 +-#define OBJ_pilotObject OBJ_pilotObjectClass,3L +- +-#define LN_pilotPerson "pilotPerson" +-#define NID_pilotPerson 445 +-#define OBJ_pilotPerson OBJ_pilotObjectClass,4L +- +-#define SN_account "account" +-#define NID_account 446 +-#define OBJ_account OBJ_pilotObjectClass,5L +- +-#define SN_document "document" +-#define NID_document 447 +-#define OBJ_document OBJ_pilotObjectClass,6L +- +-#define SN_room "room" +-#define NID_room 448 +-#define OBJ_room OBJ_pilotObjectClass,7L +- +-#define LN_documentSeries "documentSeries" +-#define NID_documentSeries 449 +-#define OBJ_documentSeries OBJ_pilotObjectClass,9L +- +-#define SN_Domain "domain" +-#define LN_Domain "Domain" +-#define NID_Domain 392 +-#define OBJ_Domain OBJ_pilotObjectClass,13L +- +-#define LN_rFC822localPart "rFC822localPart" +-#define NID_rFC822localPart 450 +-#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L +- +-#define LN_dNSDomain "dNSDomain" +-#define NID_dNSDomain 451 +-#define OBJ_dNSDomain OBJ_pilotObjectClass,15L +- +-#define LN_domainRelatedObject "domainRelatedObject" +-#define NID_domainRelatedObject 452 +-#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L +- +-#define LN_friendlyCountry "friendlyCountry" +-#define NID_friendlyCountry 453 +-#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L +- +-#define LN_simpleSecurityObject "simpleSecurityObject" +-#define NID_simpleSecurityObject 454 +-#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L +- +-#define LN_pilotOrganization "pilotOrganization" +-#define NID_pilotOrganization 455 +-#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L +- +-#define LN_pilotDSA "pilotDSA" +-#define NID_pilotDSA 456 +-#define OBJ_pilotDSA OBJ_pilotObjectClass,21L +- +-#define LN_qualityLabelledData "qualityLabelledData" +-#define NID_qualityLabelledData 457 +-#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L +- +-#define SN_userId "UID" +-#define LN_userId "userId" +-#define NID_userId 458 +-#define OBJ_userId OBJ_pilotAttributeType,1L +- +-#define LN_textEncodedORAddress "textEncodedORAddress" +-#define NID_textEncodedORAddress 459 +-#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L +- +-#define SN_rfc822Mailbox "mail" +-#define LN_rfc822Mailbox "rfc822Mailbox" +-#define NID_rfc822Mailbox 460 +-#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L +- +-#define SN_info "info" +-#define NID_info 461 +-#define OBJ_info OBJ_pilotAttributeType,4L +- +-#define LN_favouriteDrink "favouriteDrink" +-#define NID_favouriteDrink 462 +-#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L +- +-#define LN_roomNumber "roomNumber" +-#define NID_roomNumber 463 +-#define OBJ_roomNumber OBJ_pilotAttributeType,6L +- +-#define SN_photo "photo" +-#define NID_photo 464 +-#define OBJ_photo OBJ_pilotAttributeType,7L +- +-#define LN_userClass "userClass" +-#define NID_userClass 465 +-#define OBJ_userClass OBJ_pilotAttributeType,8L +- +-#define SN_host "host" +-#define NID_host 466 +-#define OBJ_host OBJ_pilotAttributeType,9L +- +-#define SN_manager "manager" +-#define NID_manager 467 +-#define OBJ_manager OBJ_pilotAttributeType,10L +- +-#define LN_documentIdentifier "documentIdentifier" +-#define NID_documentIdentifier 468 +-#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L +- +-#define LN_documentTitle "documentTitle" +-#define NID_documentTitle 469 +-#define OBJ_documentTitle OBJ_pilotAttributeType,12L +- +-#define LN_documentVersion "documentVersion" +-#define NID_documentVersion 470 +-#define OBJ_documentVersion OBJ_pilotAttributeType,13L +- +-#define LN_documentAuthor "documentAuthor" +-#define NID_documentAuthor 471 +-#define OBJ_documentAuthor OBJ_pilotAttributeType,14L +- +-#define LN_documentLocation "documentLocation" +-#define NID_documentLocation 472 +-#define OBJ_documentLocation OBJ_pilotAttributeType,15L +- +-#define LN_homeTelephoneNumber "homeTelephoneNumber" +-#define NID_homeTelephoneNumber 473 +-#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L +- +-#define SN_secretary "secretary" +-#define NID_secretary 474 +-#define OBJ_secretary OBJ_pilotAttributeType,21L +- +-#define LN_otherMailbox "otherMailbox" +-#define NID_otherMailbox 475 +-#define OBJ_otherMailbox OBJ_pilotAttributeType,22L +- +-#define LN_lastModifiedTime "lastModifiedTime" +-#define NID_lastModifiedTime 476 +-#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L +- +-#define LN_lastModifiedBy "lastModifiedBy" +-#define NID_lastModifiedBy 477 +-#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L +- +-#define SN_domainComponent "DC" +-#define LN_domainComponent "domainComponent" +-#define NID_domainComponent 391 +-#define OBJ_domainComponent OBJ_pilotAttributeType,25L ++#define SN_id_cmc_responseInfo "id-cmc-responseInfo" ++#define NID_id_cmc_responseInfo 342 ++#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +-#define LN_aRecord "aRecord" +-#define NID_aRecord 478 +-#define OBJ_aRecord OBJ_pilotAttributeType,26L +- +-#define LN_pilotAttributeType27 "pilotAttributeType27" +-#define NID_pilotAttributeType27 479 +-#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L +- +-#define LN_mXRecord "mXRecord" +-#define NID_mXRecord 480 +-#define OBJ_mXRecord OBJ_pilotAttributeType,28L +- +-#define LN_nSRecord "nSRecord" +-#define NID_nSRecord 481 +-#define OBJ_nSRecord OBJ_pilotAttributeType,29L +- +-#define LN_sOARecord "sOARecord" +-#define NID_sOARecord 482 +-#define OBJ_sOARecord OBJ_pilotAttributeType,30L +- +-#define LN_cNAMERecord "cNAMERecord" +-#define NID_cNAMERecord 483 +-#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L +- +-#define LN_associatedDomain "associatedDomain" +-#define NID_associatedDomain 484 +-#define OBJ_associatedDomain OBJ_pilotAttributeType,37L +- +-#define LN_associatedName "associatedName" +-#define NID_associatedName 485 +-#define OBJ_associatedName OBJ_pilotAttributeType,38L +- +-#define LN_homePostalAddress "homePostalAddress" +-#define NID_homePostalAddress 486 +-#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L +- +-#define LN_personalTitle "personalTitle" +-#define NID_personalTitle 487 +-#define OBJ_personalTitle OBJ_pilotAttributeType,40L +- +-#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +-#define NID_mobileTelephoneNumber 488 +-#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L +- +-#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +-#define NID_pagerTelephoneNumber 489 +-#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L +- +-#define LN_friendlyCountryName "friendlyCountryName" +-#define NID_friendlyCountryName 490 +-#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L +- +-#define LN_organizationalStatus "organizationalStatus" +-#define NID_organizationalStatus 491 +-#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L +- +-#define LN_janetMailbox "janetMailbox" +-#define NID_janetMailbox 492 +-#define OBJ_janetMailbox OBJ_pilotAttributeType,46L +- +-#define LN_mailPreferenceOption "mailPreferenceOption" +-#define NID_mailPreferenceOption 493 +-#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L +- +-#define LN_buildingName "buildingName" +-#define NID_buildingName 494 +-#define OBJ_buildingName OBJ_pilotAttributeType,48L +- +-#define LN_dSAQuality "dSAQuality" +-#define NID_dSAQuality 495 +-#define OBJ_dSAQuality OBJ_pilotAttributeType,49L +- +-#define LN_singleLevelQuality "singleLevelQuality" +-#define NID_singleLevelQuality 496 +-#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L +- +-#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +-#define NID_subtreeMinimumQuality 497 +-#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L +- +-#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +-#define NID_subtreeMaximumQuality 498 +-#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L +- +-#define LN_personalSignature "personalSignature" +-#define NID_personalSignature 499 +-#define OBJ_personalSignature OBJ_pilotAttributeType,53L +- +-#define LN_dITRedirect "dITRedirect" +-#define NID_dITRedirect 500 +-#define OBJ_dITRedirect OBJ_pilotAttributeType,54L +- +-#define SN_audio "audio" +-#define NID_audio 501 +-#define OBJ_audio OBJ_pilotAttributeType,55L +- +-#define LN_documentPublisher "documentPublisher" +-#define NID_documentPublisher 502 +-#define OBJ_documentPublisher OBJ_pilotAttributeType,56L ++#define SN_id_cmc_queryPending "id-cmc-queryPending" ++#define NID_id_cmc_queryPending 343 ++#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L ++ ++#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" ++#define NID_id_cmc_popLinkRandom 344 ++#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L ++ ++#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" ++#define NID_id_cmc_popLinkWitness 345 ++#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L ++ ++#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" ++#define NID_id_cmc_confirmCertAcceptance 346 ++#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L ++ ++#define SN_id_on_personalData "id-on-personalData" ++#define NID_id_on_personalData 347 ++#define OBJ_id_on_personalData OBJ_id_on,1L ++ ++#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" ++#define LN_id_on_permanentIdentifier "Permanent Identifier" ++#define NID_id_on_permanentIdentifier 858 ++#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L ++ ++#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" ++#define NID_id_pda_dateOfBirth 348 ++#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L ++ ++#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" ++#define NID_id_pda_placeOfBirth 349 ++#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L ++ ++#define SN_id_pda_gender "id-pda-gender" ++#define NID_id_pda_gender 351 ++#define OBJ_id_pda_gender OBJ_id_pda,3L ++ ++#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" ++#define NID_id_pda_countryOfCitizenship 352 ++#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L ++ ++#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" ++#define NID_id_pda_countryOfResidence 353 ++#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L ++ ++#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" ++#define NID_id_aca_authenticationInfo 354 ++#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L ++ ++#define SN_id_aca_accessIdentity "id-aca-accessIdentity" ++#define NID_id_aca_accessIdentity 355 ++#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L ++ ++#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" ++#define NID_id_aca_chargingIdentity 356 ++#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L ++ ++#define SN_id_aca_group "id-aca-group" ++#define NID_id_aca_group 357 ++#define OBJ_id_aca_group OBJ_id_aca,4L ++ ++#define SN_id_aca_role "id-aca-role" ++#define NID_id_aca_role 358 ++#define OBJ_id_aca_role OBJ_id_aca,5L ++ ++#define SN_id_aca_encAttrs "id-aca-encAttrs" ++#define NID_id_aca_encAttrs 399 ++#define OBJ_id_aca_encAttrs OBJ_id_aca,6L ++ ++#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" ++#define NID_id_qcs_pkixQCSyntax_v1 359 ++#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L ++ ++#define SN_id_cct_crs "id-cct-crs" ++#define NID_id_cct_crs 360 ++#define OBJ_id_cct_crs OBJ_id_cct,1L ++ ++#define SN_id_cct_PKIData "id-cct-PKIData" ++#define NID_id_cct_PKIData 361 ++#define OBJ_id_cct_PKIData OBJ_id_cct,2L ++ ++#define SN_id_cct_PKIResponse "id-cct-PKIResponse" ++#define NID_id_cct_PKIResponse 362 ++#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L ++ ++#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" ++#define LN_id_ppl_anyLanguage "Any language" ++#define NID_id_ppl_anyLanguage 664 ++#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L ++ ++#define SN_id_ppl_inheritAll "id-ppl-inheritAll" ++#define LN_id_ppl_inheritAll "Inherit all" ++#define NID_id_ppl_inheritAll 665 ++#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L ++ ++#define SN_Independent "id-ppl-independent" ++#define LN_Independent "Independent" ++#define NID_Independent 667 ++#define OBJ_Independent OBJ_id_ppl,2L ++ ++#define SN_ad_OCSP "OCSP" ++#define LN_ad_OCSP "OCSP" ++#define NID_ad_OCSP 178 ++#define OBJ_ad_OCSP OBJ_id_ad,1L ++ ++#define SN_ad_ca_issuers "caIssuers" ++#define LN_ad_ca_issuers "CA Issuers" ++#define NID_ad_ca_issuers 179 ++#define OBJ_ad_ca_issuers OBJ_id_ad,2L ++ ++#define SN_ad_timeStamping "ad_timestamping" ++#define LN_ad_timeStamping "AD Time Stamping" ++#define NID_ad_timeStamping 363 ++#define OBJ_ad_timeStamping OBJ_id_ad,3L ++ ++#define SN_ad_dvcs "AD_DVCS" ++#define LN_ad_dvcs "ad dvcs" ++#define NID_ad_dvcs 364 ++#define OBJ_ad_dvcs OBJ_id_ad,4L ++ ++#define SN_caRepository "caRepository" ++#define LN_caRepository "CA Repository" ++#define NID_caRepository 785 ++#define OBJ_caRepository OBJ_id_ad,5L ++ ++#define OBJ_id_pkix_OCSP OBJ_ad_OCSP ++ ++#define SN_id_pkix_OCSP_basic "basicOCSPResponse" ++#define LN_id_pkix_OCSP_basic "Basic OCSP Response" ++#define NID_id_pkix_OCSP_basic 365 ++#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L ++ ++#define SN_id_pkix_OCSP_Nonce "Nonce" ++#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" ++#define NID_id_pkix_OCSP_Nonce 366 ++#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L ++ ++#define SN_id_pkix_OCSP_CrlID "CrlID" ++#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" ++#define NID_id_pkix_OCSP_CrlID 367 ++#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L ++ ++#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" ++#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" ++#define NID_id_pkix_OCSP_acceptableResponses 368 ++#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L ++ ++#define SN_id_pkix_OCSP_noCheck "noCheck" ++#define LN_id_pkix_OCSP_noCheck "OCSP No Check" ++#define NID_id_pkix_OCSP_noCheck 369 ++#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L ++ ++#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" ++#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" ++#define NID_id_pkix_OCSP_archiveCutoff 370 ++#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L ++ ++#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" ++#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" ++#define NID_id_pkix_OCSP_serviceLocator 371 ++#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L ++ ++#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" ++#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" ++#define NID_id_pkix_OCSP_extendedStatus 372 ++#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L ++ ++#define SN_id_pkix_OCSP_valid "valid" ++#define NID_id_pkix_OCSP_valid 373 ++#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L ++ ++#define SN_id_pkix_OCSP_path "path" ++#define NID_id_pkix_OCSP_path 374 ++#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L ++ ++#define SN_id_pkix_OCSP_trustRoot "trustRoot" ++#define LN_id_pkix_OCSP_trustRoot "Trust Root" ++#define NID_id_pkix_OCSP_trustRoot 375 ++#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L ++ ++#define SN_algorithm "algorithm" ++#define LN_algorithm "algorithm" ++#define NID_algorithm 376 ++#define OBJ_algorithm 1L,3L,14L,3L,2L ++ ++#define SN_md5WithRSA "RSA-NP-MD5" ++#define LN_md5WithRSA "md5WithRSA" ++#define NID_md5WithRSA 104 ++#define OBJ_md5WithRSA OBJ_algorithm,3L ++ ++#define SN_des_ecb "DES-ECB" ++#define LN_des_ecb "des-ecb" ++#define NID_des_ecb 29 ++#define OBJ_des_ecb OBJ_algorithm,6L ++ ++#define SN_des_cbc "DES-CBC" ++#define LN_des_cbc "des-cbc" ++#define NID_des_cbc 31 ++#define OBJ_des_cbc OBJ_algorithm,7L ++ ++#define SN_des_ofb64 "DES-OFB" ++#define LN_des_ofb64 "des-ofb" ++#define NID_des_ofb64 45 ++#define OBJ_des_ofb64 OBJ_algorithm,8L ++ ++#define SN_des_cfb64 "DES-CFB" ++#define LN_des_cfb64 "des-cfb" ++#define NID_des_cfb64 30 ++#define OBJ_des_cfb64 OBJ_algorithm,9L ++ ++#define SN_rsaSignature "rsaSignature" ++#define NID_rsaSignature 377 ++#define OBJ_rsaSignature OBJ_algorithm,11L ++ ++#define SN_dsa_2 "DSA-old" ++#define LN_dsa_2 "dsaEncryption-old" ++#define NID_dsa_2 67 ++#define OBJ_dsa_2 OBJ_algorithm,12L ++ ++#define SN_dsaWithSHA "DSA-SHA" ++#define LN_dsaWithSHA "dsaWithSHA" ++#define NID_dsaWithSHA 66 ++#define OBJ_dsaWithSHA OBJ_algorithm,13L ++ ++#define SN_shaWithRSAEncryption "RSA-SHA" ++#define LN_shaWithRSAEncryption "shaWithRSAEncryption" ++#define NID_shaWithRSAEncryption 42 ++#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L ++ ++#define SN_des_ede_ecb "DES-EDE" ++#define LN_des_ede_ecb "des-ede" ++#define NID_des_ede_ecb 32 ++#define OBJ_des_ede_ecb OBJ_algorithm,17L ++ ++#define SN_des_ede3_ecb "DES-EDE3" ++#define LN_des_ede3_ecb "des-ede3" ++#define NID_des_ede3_ecb 33 ++ ++#define SN_des_ede_cbc "DES-EDE-CBC" ++#define LN_des_ede_cbc "des-ede-cbc" ++#define NID_des_ede_cbc 43 ++ ++#define SN_des_ede_cfb64 "DES-EDE-CFB" ++#define LN_des_ede_cfb64 "des-ede-cfb" ++#define NID_des_ede_cfb64 60 ++ ++#define SN_des_ede3_cfb64 "DES-EDE3-CFB" ++#define LN_des_ede3_cfb64 "des-ede3-cfb" ++#define NID_des_ede3_cfb64 61 ++ ++#define SN_des_ede_ofb64 "DES-EDE-OFB" ++#define LN_des_ede_ofb64 "des-ede-ofb" ++#define NID_des_ede_ofb64 62 ++ ++#define SN_des_ede3_ofb64 "DES-EDE3-OFB" ++#define LN_des_ede3_ofb64 "des-ede3-ofb" ++#define NID_des_ede3_ofb64 63 ++ ++#define SN_desx_cbc "DESX-CBC" ++#define LN_desx_cbc "desx-cbc" ++#define NID_desx_cbc 80 ++ ++#define SN_sha "SHA" ++#define LN_sha "sha" ++#define NID_sha 41 ++#define OBJ_sha OBJ_algorithm,18L ++ ++#define SN_sha1 "SHA1" ++#define LN_sha1 "sha1" ++#define NID_sha1 64 ++#define OBJ_sha1 OBJ_algorithm,26L ++ ++#define SN_dsaWithSHA1_2 "DSA-SHA1-old" ++#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" ++#define NID_dsaWithSHA1_2 70 ++#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L ++ ++#define SN_sha1WithRSA "RSA-SHA1-2" ++#define LN_sha1WithRSA "sha1WithRSA" ++#define NID_sha1WithRSA 115 ++#define OBJ_sha1WithRSA OBJ_algorithm,29L ++ ++#define SN_ripemd160 "RIPEMD160" ++#define LN_ripemd160 "ripemd160" ++#define NID_ripemd160 117 ++#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L ++ ++#define SN_ripemd160WithRSA "RSA-RIPEMD160" ++#define LN_ripemd160WithRSA "ripemd160WithRSA" ++#define NID_ripemd160WithRSA 119 ++#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L ++ ++#define SN_sxnet "SXNetID" ++#define LN_sxnet "Strong Extranet ID" ++#define NID_sxnet 143 ++#define OBJ_sxnet 1L,3L,101L,1L,4L,1L ++ ++#define SN_X500 "X500" ++#define LN_X500 "directory services (X.500)" ++#define NID_X500 11 ++#define OBJ_X500 2L,5L ++ ++#define SN_X509 "X509" ++#define NID_X509 12 ++#define OBJ_X509 OBJ_X500,4L ++ ++#define SN_commonName "CN" ++#define LN_commonName "commonName" ++#define NID_commonName 13 ++#define OBJ_commonName OBJ_X509,3L ++ ++#define SN_surname "SN" ++#define LN_surname "surname" ++#define NID_surname 100 ++#define OBJ_surname OBJ_X509,4L ++ ++#define LN_serialNumber "serialNumber" ++#define NID_serialNumber 105 ++#define OBJ_serialNumber OBJ_X509,5L ++ ++#define SN_countryName "C" ++#define LN_countryName "countryName" ++#define NID_countryName 14 ++#define OBJ_countryName OBJ_X509,6L ++ ++#define SN_localityName "L" ++#define LN_localityName "localityName" ++#define NID_localityName 15 ++#define OBJ_localityName OBJ_X509,7L ++ ++#define SN_stateOrProvinceName "ST" ++#define LN_stateOrProvinceName "stateOrProvinceName" ++#define NID_stateOrProvinceName 16 ++#define OBJ_stateOrProvinceName OBJ_X509,8L ++ ++#define SN_streetAddress "street" ++#define LN_streetAddress "streetAddress" ++#define NID_streetAddress 660 ++#define OBJ_streetAddress OBJ_X509,9L ++ ++#define SN_organizationName "O" ++#define LN_organizationName "organizationName" ++#define NID_organizationName 17 ++#define OBJ_organizationName OBJ_X509,10L ++ ++#define SN_organizationalUnitName "OU" ++#define LN_organizationalUnitName "organizationalUnitName" ++#define NID_organizationalUnitName 18 ++#define OBJ_organizationalUnitName OBJ_X509,11L ++ ++#define SN_title "title" ++#define LN_title "title" ++#define NID_title 106 ++#define OBJ_title OBJ_X509,12L ++ ++#define LN_description "description" ++#define NID_description 107 ++#define OBJ_description OBJ_X509,13L ++ ++#define LN_searchGuide "searchGuide" ++#define NID_searchGuide 859 ++#define OBJ_searchGuide OBJ_X509,14L ++ ++#define LN_businessCategory "businessCategory" ++#define NID_businessCategory 860 ++#define OBJ_businessCategory OBJ_X509,15L ++ ++#define LN_postalAddress "postalAddress" ++#define NID_postalAddress 861 ++#define OBJ_postalAddress OBJ_X509,16L ++ ++#define LN_postalCode "postalCode" ++#define NID_postalCode 661 ++#define OBJ_postalCode OBJ_X509,17L ++ ++#define LN_postOfficeBox "postOfficeBox" ++#define NID_postOfficeBox 862 ++#define OBJ_postOfficeBox OBJ_X509,18L ++ ++#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" ++#define NID_physicalDeliveryOfficeName 863 ++#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L ++ ++#define LN_telephoneNumber "telephoneNumber" ++#define NID_telephoneNumber 864 ++#define OBJ_telephoneNumber OBJ_X509,20L ++ ++#define LN_telexNumber "telexNumber" ++#define NID_telexNumber 865 ++#define OBJ_telexNumber OBJ_X509,21L ++ ++#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" ++#define NID_teletexTerminalIdentifier 866 ++#define OBJ_teletexTerminalIdentifier OBJ_X509,22L ++ ++#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" ++#define NID_facsimileTelephoneNumber 867 ++#define OBJ_facsimileTelephoneNumber OBJ_X509,23L ++ ++#define LN_x121Address "x121Address" ++#define NID_x121Address 868 ++#define OBJ_x121Address OBJ_X509,24L ++ ++#define LN_internationaliSDNNumber "internationaliSDNNumber" ++#define NID_internationaliSDNNumber 869 ++#define OBJ_internationaliSDNNumber OBJ_X509,25L ++ ++#define LN_registeredAddress "registeredAddress" ++#define NID_registeredAddress 870 ++#define OBJ_registeredAddress OBJ_X509,26L ++ ++#define LN_destinationIndicator "destinationIndicator" ++#define NID_destinationIndicator 871 ++#define OBJ_destinationIndicator OBJ_X509,27L ++ ++#define LN_preferredDeliveryMethod "preferredDeliveryMethod" ++#define NID_preferredDeliveryMethod 872 ++#define OBJ_preferredDeliveryMethod OBJ_X509,28L ++ ++#define LN_presentationAddress "presentationAddress" ++#define NID_presentationAddress 873 ++#define OBJ_presentationAddress OBJ_X509,29L ++ ++#define LN_supportedApplicationContext "supportedApplicationContext" ++#define NID_supportedApplicationContext 874 ++#define OBJ_supportedApplicationContext OBJ_X509,30L ++ ++#define SN_member "member" ++#define NID_member 875 ++#define OBJ_member OBJ_X509,31L ++ ++#define SN_owner "owner" ++#define NID_owner 876 ++#define OBJ_owner OBJ_X509,32L ++ ++#define LN_roleOccupant "roleOccupant" ++#define NID_roleOccupant 877 ++#define OBJ_roleOccupant OBJ_X509,33L ++ ++#define SN_seeAlso "seeAlso" ++#define NID_seeAlso 878 ++#define OBJ_seeAlso OBJ_X509,34L ++ ++#define LN_userPassword "userPassword" ++#define NID_userPassword 879 ++#define OBJ_userPassword OBJ_X509,35L ++ ++#define LN_userCertificate "userCertificate" ++#define NID_userCertificate 880 ++#define OBJ_userCertificate OBJ_X509,36L ++ ++#define LN_cACertificate "cACertificate" ++#define NID_cACertificate 881 ++#define OBJ_cACertificate OBJ_X509,37L ++ ++#define LN_authorityRevocationList "authorityRevocationList" ++#define NID_authorityRevocationList 882 ++#define OBJ_authorityRevocationList OBJ_X509,38L ++ ++#define LN_certificateRevocationList "certificateRevocationList" ++#define NID_certificateRevocationList 883 ++#define OBJ_certificateRevocationList OBJ_X509,39L ++ ++#define LN_crossCertificatePair "crossCertificatePair" ++#define NID_crossCertificatePair 884 ++#define OBJ_crossCertificatePair OBJ_X509,40L ++ ++#define SN_name "name" ++#define LN_name "name" ++#define NID_name 173 ++#define OBJ_name OBJ_X509,41L ++ ++#define SN_givenName "GN" ++#define LN_givenName "givenName" ++#define NID_givenName 99 ++#define OBJ_givenName OBJ_X509,42L ++ ++#define SN_initials "initials" ++#define LN_initials "initials" ++#define NID_initials 101 ++#define OBJ_initials OBJ_X509,43L ++ ++#define LN_generationQualifier "generationQualifier" ++#define NID_generationQualifier 509 ++#define OBJ_generationQualifier OBJ_X509,44L ++ ++#define LN_x500UniqueIdentifier "x500UniqueIdentifier" ++#define NID_x500UniqueIdentifier 503 ++#define OBJ_x500UniqueIdentifier OBJ_X509,45L ++ ++#define SN_dnQualifier "dnQualifier" ++#define LN_dnQualifier "dnQualifier" ++#define NID_dnQualifier 174 ++#define OBJ_dnQualifier OBJ_X509,46L ++ ++#define LN_enhancedSearchGuide "enhancedSearchGuide" ++#define NID_enhancedSearchGuide 885 ++#define OBJ_enhancedSearchGuide OBJ_X509,47L ++ ++#define LN_protocolInformation "protocolInformation" ++#define NID_protocolInformation 886 ++#define OBJ_protocolInformation OBJ_X509,48L ++ ++#define LN_distinguishedName "distinguishedName" ++#define NID_distinguishedName 887 ++#define OBJ_distinguishedName OBJ_X509,49L ++ ++#define LN_uniqueMember "uniqueMember" ++#define NID_uniqueMember 888 ++#define OBJ_uniqueMember OBJ_X509,50L ++ ++#define LN_houseIdentifier "houseIdentifier" ++#define NID_houseIdentifier 889 ++#define OBJ_houseIdentifier OBJ_X509,51L ++ ++#define LN_supportedAlgorithms "supportedAlgorithms" ++#define NID_supportedAlgorithms 890 ++#define OBJ_supportedAlgorithms OBJ_X509,52L ++ ++#define LN_deltaRevocationList "deltaRevocationList" ++#define NID_deltaRevocationList 891 ++#define OBJ_deltaRevocationList OBJ_X509,53L ++ ++#define SN_dmdName "dmdName" ++#define NID_dmdName 892 ++#define OBJ_dmdName OBJ_X509,54L ++ ++#define LN_pseudonym "pseudonym" ++#define NID_pseudonym 510 ++#define OBJ_pseudonym OBJ_X509,65L ++ ++#define SN_role "role" ++#define LN_role "role" ++#define NID_role 400 ++#define OBJ_role OBJ_X509,72L ++ ++#define SN_X500algorithms "X500algorithms" ++#define LN_X500algorithms "directory services - algorithms" ++#define NID_X500algorithms 378 ++#define OBJ_X500algorithms OBJ_X500,8L ++ ++#define SN_rsa "RSA" ++#define LN_rsa "rsa" ++#define NID_rsa 19 ++#define OBJ_rsa OBJ_X500algorithms,1L,1L ++ ++#define SN_mdc2WithRSA "RSA-MDC2" ++#define LN_mdc2WithRSA "mdc2WithRSA" ++#define NID_mdc2WithRSA 96 ++#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L ++ ++#define SN_mdc2 "MDC2" ++#define LN_mdc2 "mdc2" ++#define NID_mdc2 95 ++#define OBJ_mdc2 OBJ_X500algorithms,3L,101L ++ ++#define SN_id_ce "id-ce" ++#define NID_id_ce 81 ++#define OBJ_id_ce OBJ_X500,29L ++ ++#define SN_subject_directory_attributes "subjectDirectoryAttributes" ++#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" ++#define NID_subject_directory_attributes 769 ++#define OBJ_subject_directory_attributes OBJ_id_ce,9L ++ ++#define SN_subject_key_identifier "subjectKeyIdentifier" ++#define LN_subject_key_identifier "X509v3 Subject Key Identifier" ++#define NID_subject_key_identifier 82 ++#define OBJ_subject_key_identifier OBJ_id_ce,14L ++ ++#define SN_key_usage "keyUsage" ++#define LN_key_usage "X509v3 Key Usage" ++#define NID_key_usage 83 ++#define OBJ_key_usage OBJ_id_ce,15L ++ ++#define SN_private_key_usage_period "privateKeyUsagePeriod" ++#define LN_private_key_usage_period "X509v3 Private Key Usage Period" ++#define NID_private_key_usage_period 84 ++#define OBJ_private_key_usage_period OBJ_id_ce,16L ++ ++#define SN_subject_alt_name "subjectAltName" ++#define LN_subject_alt_name "X509v3 Subject Alternative Name" ++#define NID_subject_alt_name 85 ++#define OBJ_subject_alt_name OBJ_id_ce,17L ++ ++#define SN_issuer_alt_name "issuerAltName" ++#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" ++#define NID_issuer_alt_name 86 ++#define OBJ_issuer_alt_name OBJ_id_ce,18L ++ ++#define SN_basic_constraints "basicConstraints" ++#define LN_basic_constraints "X509v3 Basic Constraints" ++#define NID_basic_constraints 87 ++#define OBJ_basic_constraints OBJ_id_ce,19L ++ ++#define SN_crl_number "crlNumber" ++#define LN_crl_number "X509v3 CRL Number" ++#define NID_crl_number 88 ++#define OBJ_crl_number OBJ_id_ce,20L ++ ++#define SN_crl_reason "CRLReason" ++#define LN_crl_reason "X509v3 CRL Reason Code" ++#define NID_crl_reason 141 ++#define OBJ_crl_reason OBJ_id_ce,21L ++ ++#define SN_invalidity_date "invalidityDate" ++#define LN_invalidity_date "Invalidity Date" ++#define NID_invalidity_date 142 ++#define OBJ_invalidity_date OBJ_id_ce,24L ++ ++#define SN_delta_crl "deltaCRL" ++#define LN_delta_crl "X509v3 Delta CRL Indicator" ++#define NID_delta_crl 140 ++#define OBJ_delta_crl OBJ_id_ce,27L ++ ++#define SN_issuing_distribution_point "issuingDistributionPoint" ++#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" ++#define NID_issuing_distribution_point 770 ++#define OBJ_issuing_distribution_point OBJ_id_ce,28L ++ ++#define SN_certificate_issuer "certificateIssuer" ++#define LN_certificate_issuer "X509v3 Certificate Issuer" ++#define NID_certificate_issuer 771 ++#define OBJ_certificate_issuer OBJ_id_ce,29L ++ ++#define SN_name_constraints "nameConstraints" ++#define LN_name_constraints "X509v3 Name Constraints" ++#define NID_name_constraints 666 ++#define OBJ_name_constraints OBJ_id_ce,30L ++ ++#define SN_crl_distribution_points "crlDistributionPoints" ++#define LN_crl_distribution_points "X509v3 CRL Distribution Points" ++#define NID_crl_distribution_points 103 ++#define OBJ_crl_distribution_points OBJ_id_ce,31L ++ ++#define SN_certificate_policies "certificatePolicies" ++#define LN_certificate_policies "X509v3 Certificate Policies" ++#define NID_certificate_policies 89 ++#define OBJ_certificate_policies OBJ_id_ce,32L ++ ++#define SN_any_policy "anyPolicy" ++#define LN_any_policy "X509v3 Any Policy" ++#define NID_any_policy 746 ++#define OBJ_any_policy OBJ_certificate_policies,0L ++ ++#define SN_policy_mappings "policyMappings" ++#define LN_policy_mappings "X509v3 Policy Mappings" ++#define NID_policy_mappings 747 ++#define OBJ_policy_mappings OBJ_id_ce,33L ++ ++#define SN_authority_key_identifier "authorityKeyIdentifier" ++#define LN_authority_key_identifier "X509v3 Authority Key Identifier" ++#define NID_authority_key_identifier 90 ++#define OBJ_authority_key_identifier OBJ_id_ce,35L ++ ++#define SN_policy_constraints "policyConstraints" ++#define LN_policy_constraints "X509v3 Policy Constraints" ++#define NID_policy_constraints 401 ++#define OBJ_policy_constraints OBJ_id_ce,36L ++ ++#define SN_ext_key_usage "extendedKeyUsage" ++#define LN_ext_key_usage "X509v3 Extended Key Usage" ++#define NID_ext_key_usage 126 ++#define OBJ_ext_key_usage OBJ_id_ce,37L ++ ++#define SN_freshest_crl "freshestCRL" ++#define LN_freshest_crl "X509v3 Freshest CRL" ++#define NID_freshest_crl 857 ++#define OBJ_freshest_crl OBJ_id_ce,46L ++ ++#define SN_inhibit_any_policy "inhibitAnyPolicy" ++#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" ++#define NID_inhibit_any_policy 748 ++#define OBJ_inhibit_any_policy OBJ_id_ce,54L ++ ++#define SN_target_information "targetInformation" ++#define LN_target_information "X509v3 AC Targeting" ++#define NID_target_information 402 ++#define OBJ_target_information OBJ_id_ce,55L ++ ++#define SN_no_rev_avail "noRevAvail" ++#define LN_no_rev_avail "X509v3 No Revocation Available" ++#define NID_no_rev_avail 403 ++#define OBJ_no_rev_avail OBJ_id_ce,56L ++ ++#define SN_netscape "Netscape" ++#define LN_netscape "Netscape Communications Corp." ++#define NID_netscape 57 ++#define OBJ_netscape 2L,16L,840L,1L,113730L ++ ++#define SN_netscape_cert_extension "nsCertExt" ++#define LN_netscape_cert_extension "Netscape Certificate Extension" ++#define NID_netscape_cert_extension 58 ++#define OBJ_netscape_cert_extension OBJ_netscape,1L ++ ++#define SN_netscape_data_type "nsDataType" ++#define LN_netscape_data_type "Netscape Data Type" ++#define NID_netscape_data_type 59 ++#define OBJ_netscape_data_type OBJ_netscape,2L ++ ++#define SN_netscape_cert_type "nsCertType" ++#define LN_netscape_cert_type "Netscape Cert Type" ++#define NID_netscape_cert_type 71 ++#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L ++ ++#define SN_netscape_base_url "nsBaseUrl" ++#define LN_netscape_base_url "Netscape Base Url" ++#define NID_netscape_base_url 72 ++#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L ++ ++#define SN_netscape_revocation_url "nsRevocationUrl" ++#define LN_netscape_revocation_url "Netscape Revocation Url" ++#define NID_netscape_revocation_url 73 ++#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L ++ ++#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" ++#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" ++#define NID_netscape_ca_revocation_url 74 ++#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L ++ ++#define SN_netscape_renewal_url "nsRenewalUrl" ++#define LN_netscape_renewal_url "Netscape Renewal Url" ++#define NID_netscape_renewal_url 75 ++#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L ++ ++#define SN_netscape_ca_policy_url "nsCaPolicyUrl" ++#define LN_netscape_ca_policy_url "Netscape CA Policy Url" ++#define NID_netscape_ca_policy_url 76 ++#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L ++ ++#define SN_netscape_ssl_server_name "nsSslServerName" ++#define LN_netscape_ssl_server_name "Netscape SSL Server Name" ++#define NID_netscape_ssl_server_name 77 ++#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L ++ ++#define SN_netscape_comment "nsComment" ++#define LN_netscape_comment "Netscape Comment" ++#define NID_netscape_comment 78 ++#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L ++ ++#define SN_netscape_cert_sequence "nsCertSequence" ++#define LN_netscape_cert_sequence "Netscape Certificate Sequence" ++#define NID_netscape_cert_sequence 79 ++#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L ++ ++#define SN_ns_sgc "nsSGC" ++#define LN_ns_sgc "Netscape Server Gated Crypto" ++#define NID_ns_sgc 139 ++#define OBJ_ns_sgc OBJ_netscape,4L,1L ++ ++#define SN_org "ORG" ++#define LN_org "org" ++#define NID_org 379 ++#define OBJ_org OBJ_iso,3L ++ ++#define SN_dod "DOD" ++#define LN_dod "dod" ++#define NID_dod 380 ++#define OBJ_dod OBJ_org,6L ++ ++#define SN_iana "IANA" ++#define LN_iana "iana" ++#define NID_iana 381 ++#define OBJ_iana OBJ_dod,1L ++ ++#define OBJ_internet OBJ_iana ++ ++#define SN_Directory "directory" ++#define LN_Directory "Directory" ++#define NID_Directory 382 ++#define OBJ_Directory OBJ_internet,1L ++ ++#define SN_Management "mgmt" ++#define LN_Management "Management" ++#define NID_Management 383 ++#define OBJ_Management OBJ_internet,2L ++ ++#define SN_Experimental "experimental" ++#define LN_Experimental "Experimental" ++#define NID_Experimental 384 ++#define OBJ_Experimental OBJ_internet,3L ++ ++#define SN_Private "private" ++#define LN_Private "Private" ++#define NID_Private 385 ++#define OBJ_Private OBJ_internet,4L ++ ++#define SN_Security "security" ++#define LN_Security "Security" ++#define NID_Security 386 ++#define OBJ_Security OBJ_internet,5L ++ ++#define SN_SNMPv2 "snmpv2" ++#define LN_SNMPv2 "SNMPv2" ++#define NID_SNMPv2 387 ++#define OBJ_SNMPv2 OBJ_internet,6L ++ ++#define LN_Mail "Mail" ++#define NID_Mail 388 ++#define OBJ_Mail OBJ_internet,7L ++ ++#define SN_Enterprises "enterprises" ++#define LN_Enterprises "Enterprises" ++#define NID_Enterprises 389 ++#define OBJ_Enterprises OBJ_Private,1L ++ ++#define SN_dcObject "dcobject" ++#define LN_dcObject "dcObject" ++#define NID_dcObject 390 ++#define OBJ_dcObject OBJ_Enterprises,1466L,344L ++ ++#define SN_mime_mhs "mime-mhs" ++#define LN_mime_mhs "MIME MHS" ++#define NID_mime_mhs 504 ++#define OBJ_mime_mhs OBJ_Mail,1L ++ ++#define SN_mime_mhs_headings "mime-mhs-headings" ++#define LN_mime_mhs_headings "mime-mhs-headings" ++#define NID_mime_mhs_headings 505 ++#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L ++ ++#define SN_mime_mhs_bodies "mime-mhs-bodies" ++#define LN_mime_mhs_bodies "mime-mhs-bodies" ++#define NID_mime_mhs_bodies 506 ++#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L ++ ++#define SN_id_hex_partial_message "id-hex-partial-message" ++#define LN_id_hex_partial_message "id-hex-partial-message" ++#define NID_id_hex_partial_message 507 ++#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L ++ ++#define SN_id_hex_multipart_message "id-hex-multipart-message" ++#define LN_id_hex_multipart_message "id-hex-multipart-message" ++#define NID_id_hex_multipart_message 508 ++#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L ++ ++#define SN_rle_compression "RLE" ++#define LN_rle_compression "run length compression" ++#define NID_rle_compression 124 ++#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L ++ ++#define SN_zlib_compression "ZLIB" ++#define LN_zlib_compression "zlib compression" ++#define NID_zlib_compression 125 ++#define OBJ_zlib_compression OBJ_id_smime_alg,8L ++ ++#define OBJ_csor 2L,16L,840L,1L,101L,3L ++ ++#define OBJ_nistAlgorithms OBJ_csor,4L ++ ++#define OBJ_aes OBJ_nistAlgorithms,1L ++ ++#define SN_aes_128_ecb "AES-128-ECB" ++#define LN_aes_128_ecb "aes-128-ecb" ++#define NID_aes_128_ecb 418 ++#define OBJ_aes_128_ecb OBJ_aes,1L ++ ++#define SN_aes_128_cbc "AES-128-CBC" ++#define LN_aes_128_cbc "aes-128-cbc" ++#define NID_aes_128_cbc 419 ++#define OBJ_aes_128_cbc OBJ_aes,2L ++ ++#define SN_aes_128_ofb128 "AES-128-OFB" ++#define LN_aes_128_ofb128 "aes-128-ofb" ++#define NID_aes_128_ofb128 420 ++#define OBJ_aes_128_ofb128 OBJ_aes,3L ++ ++#define SN_aes_128_cfb128 "AES-128-CFB" ++#define LN_aes_128_cfb128 "aes-128-cfb" ++#define NID_aes_128_cfb128 421 ++#define OBJ_aes_128_cfb128 OBJ_aes,4L ++ ++#define SN_aes_192_ecb "AES-192-ECB" ++#define LN_aes_192_ecb "aes-192-ecb" ++#define NID_aes_192_ecb 422 ++#define OBJ_aes_192_ecb OBJ_aes,21L ++ ++#define SN_aes_192_cbc "AES-192-CBC" ++#define LN_aes_192_cbc "aes-192-cbc" ++#define NID_aes_192_cbc 423 ++#define OBJ_aes_192_cbc OBJ_aes,22L ++ ++#define SN_aes_192_ofb128 "AES-192-OFB" ++#define LN_aes_192_ofb128 "aes-192-ofb" ++#define NID_aes_192_ofb128 424 ++#define OBJ_aes_192_ofb128 OBJ_aes,23L ++ ++#define SN_aes_192_cfb128 "AES-192-CFB" ++#define LN_aes_192_cfb128 "aes-192-cfb" ++#define NID_aes_192_cfb128 425 ++#define OBJ_aes_192_cfb128 OBJ_aes,24L ++ ++#define SN_aes_256_ecb "AES-256-ECB" ++#define LN_aes_256_ecb "aes-256-ecb" ++#define NID_aes_256_ecb 426 ++#define OBJ_aes_256_ecb OBJ_aes,41L ++ ++#define SN_aes_256_cbc "AES-256-CBC" ++#define LN_aes_256_cbc "aes-256-cbc" ++#define NID_aes_256_cbc 427 ++#define OBJ_aes_256_cbc OBJ_aes,42L ++ ++#define SN_aes_256_ofb128 "AES-256-OFB" ++#define LN_aes_256_ofb128 "aes-256-ofb" ++#define NID_aes_256_ofb128 428 ++#define OBJ_aes_256_ofb128 OBJ_aes,43L ++ ++#define SN_aes_256_cfb128 "AES-256-CFB" ++#define LN_aes_256_cfb128 "aes-256-cfb" ++#define NID_aes_256_cfb128 429 ++#define OBJ_aes_256_cfb128 OBJ_aes,44L ++ ++#define SN_aes_128_cfb1 "AES-128-CFB1" ++#define LN_aes_128_cfb1 "aes-128-cfb1" ++#define NID_aes_128_cfb1 650 ++ ++#define SN_aes_192_cfb1 "AES-192-CFB1" ++#define LN_aes_192_cfb1 "aes-192-cfb1" ++#define NID_aes_192_cfb1 651 ++ ++#define SN_aes_256_cfb1 "AES-256-CFB1" ++#define LN_aes_256_cfb1 "aes-256-cfb1" ++#define NID_aes_256_cfb1 652 ++ ++#define SN_aes_128_cfb8 "AES-128-CFB8" ++#define LN_aes_128_cfb8 "aes-128-cfb8" ++#define NID_aes_128_cfb8 653 ++ ++#define SN_aes_192_cfb8 "AES-192-CFB8" ++#define LN_aes_192_cfb8 "aes-192-cfb8" ++#define NID_aes_192_cfb8 654 ++ ++#define SN_aes_256_cfb8 "AES-256-CFB8" ++#define LN_aes_256_cfb8 "aes-256-cfb8" ++#define NID_aes_256_cfb8 655 ++ ++#define SN_des_cfb1 "DES-CFB1" ++#define LN_des_cfb1 "des-cfb1" ++#define NID_des_cfb1 656 ++ ++#define SN_des_cfb8 "DES-CFB8" ++#define LN_des_cfb8 "des-cfb8" ++#define NID_des_cfb8 657 ++ ++#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" ++#define LN_des_ede3_cfb1 "des-ede3-cfb1" ++#define NID_des_ede3_cfb1 658 ++ ++#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" ++#define LN_des_ede3_cfb8 "des-ede3-cfb8" ++#define NID_des_ede3_cfb8 659 ++ ++#define SN_id_aes128_wrap "id-aes128-wrap" ++#define NID_id_aes128_wrap 788 ++#define OBJ_id_aes128_wrap OBJ_aes,5L ++ ++#define SN_id_aes192_wrap "id-aes192-wrap" ++#define NID_id_aes192_wrap 789 ++#define OBJ_id_aes192_wrap OBJ_aes,25L ++ ++#define SN_id_aes256_wrap "id-aes256-wrap" ++#define NID_id_aes256_wrap 790 ++#define OBJ_id_aes256_wrap OBJ_aes,45L ++ ++#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L ++ ++#define SN_sha256 "SHA256" ++#define LN_sha256 "sha256" ++#define NID_sha256 672 ++#define OBJ_sha256 OBJ_nist_hashalgs,1L ++ ++#define SN_sha384 "SHA384" ++#define LN_sha384 "sha384" ++#define NID_sha384 673 ++#define OBJ_sha384 OBJ_nist_hashalgs,2L ++ ++#define SN_sha512 "SHA512" ++#define LN_sha512 "sha512" ++#define NID_sha512 674 ++#define OBJ_sha512 OBJ_nist_hashalgs,3L ++ ++#define SN_sha224 "SHA224" ++#define LN_sha224 "sha224" ++#define NID_sha224 675 ++#define OBJ_sha224 OBJ_nist_hashalgs,4L ++ ++#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L ++ ++#define SN_dsa_with_SHA224 "dsa_with_SHA224" ++#define NID_dsa_with_SHA224 802 ++#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L ++ ++#define SN_dsa_with_SHA256 "dsa_with_SHA256" ++#define NID_dsa_with_SHA256 803 ++#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L ++ ++#define SN_hold_instruction_code "holdInstructionCode" ++#define LN_hold_instruction_code "Hold Instruction Code" ++#define NID_hold_instruction_code 430 ++#define OBJ_hold_instruction_code OBJ_id_ce,23L ++ ++#define OBJ_holdInstruction OBJ_X9_57,2L ++ ++#define SN_hold_instruction_none "holdInstructionNone" ++#define LN_hold_instruction_none "Hold Instruction None" ++#define NID_hold_instruction_none 431 ++#define OBJ_hold_instruction_none OBJ_holdInstruction,1L ++ ++#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" ++#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" ++#define NID_hold_instruction_call_issuer 432 ++#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L ++ ++#define SN_hold_instruction_reject "holdInstructionReject" ++#define LN_hold_instruction_reject "Hold Instruction Reject" ++#define NID_hold_instruction_reject 433 ++#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L ++ ++#define SN_data "data" ++#define NID_data 434 ++#define OBJ_data OBJ_itu_t,9L ++ ++#define SN_pss "pss" ++#define NID_pss 435 ++#define OBJ_pss OBJ_data,2342L ++ ++#define SN_ucl "ucl" ++#define NID_ucl 436 ++#define OBJ_ucl OBJ_pss,19200300L ++ ++#define SN_pilot "pilot" ++#define NID_pilot 437 ++#define OBJ_pilot OBJ_ucl,100L ++ ++#define LN_pilotAttributeType "pilotAttributeType" ++#define NID_pilotAttributeType 438 ++#define OBJ_pilotAttributeType OBJ_pilot,1L ++ ++#define LN_pilotAttributeSyntax "pilotAttributeSyntax" ++#define NID_pilotAttributeSyntax 439 ++#define OBJ_pilotAttributeSyntax OBJ_pilot,3L ++ ++#define LN_pilotObjectClass "pilotObjectClass" ++#define NID_pilotObjectClass 440 ++#define OBJ_pilotObjectClass OBJ_pilot,4L ++ ++#define LN_pilotGroups "pilotGroups" ++#define NID_pilotGroups 441 ++#define OBJ_pilotGroups OBJ_pilot,10L ++ ++#define LN_iA5StringSyntax "iA5StringSyntax" ++#define NID_iA5StringSyntax 442 ++#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L ++ ++#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" ++#define NID_caseIgnoreIA5StringSyntax 443 ++#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L ++ ++#define LN_pilotObject "pilotObject" ++#define NID_pilotObject 444 ++#define OBJ_pilotObject OBJ_pilotObjectClass,3L ++ ++#define LN_pilotPerson "pilotPerson" ++#define NID_pilotPerson 445 ++#define OBJ_pilotPerson OBJ_pilotObjectClass,4L ++ ++#define SN_account "account" ++#define NID_account 446 ++#define OBJ_account OBJ_pilotObjectClass,5L ++ ++#define SN_document "document" ++#define NID_document 447 ++#define OBJ_document OBJ_pilotObjectClass,6L ++ ++#define SN_room "room" ++#define NID_room 448 ++#define OBJ_room OBJ_pilotObjectClass,7L ++ ++#define LN_documentSeries "documentSeries" ++#define NID_documentSeries 449 ++#define OBJ_documentSeries OBJ_pilotObjectClass,9L ++ ++#define SN_Domain "domain" ++#define LN_Domain "Domain" ++#define NID_Domain 392 ++#define OBJ_Domain OBJ_pilotObjectClass,13L ++ ++#define LN_rFC822localPart "rFC822localPart" ++#define NID_rFC822localPart 450 ++#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L ++ ++#define LN_dNSDomain "dNSDomain" ++#define NID_dNSDomain 451 ++#define OBJ_dNSDomain OBJ_pilotObjectClass,15L ++ ++#define LN_domainRelatedObject "domainRelatedObject" ++#define NID_domainRelatedObject 452 ++#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L ++ ++#define LN_friendlyCountry "friendlyCountry" ++#define NID_friendlyCountry 453 ++#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L ++ ++#define LN_simpleSecurityObject "simpleSecurityObject" ++#define NID_simpleSecurityObject 454 ++#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L ++ ++#define LN_pilotOrganization "pilotOrganization" ++#define NID_pilotOrganization 455 ++#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L ++ ++#define LN_pilotDSA "pilotDSA" ++#define NID_pilotDSA 456 ++#define OBJ_pilotDSA OBJ_pilotObjectClass,21L ++ ++#define LN_qualityLabelledData "qualityLabelledData" ++#define NID_qualityLabelledData 457 ++#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L ++ ++#define SN_userId "UID" ++#define LN_userId "userId" ++#define NID_userId 458 ++#define OBJ_userId OBJ_pilotAttributeType,1L ++ ++#define LN_textEncodedORAddress "textEncodedORAddress" ++#define NID_textEncodedORAddress 459 ++#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L ++ ++#define SN_rfc822Mailbox "mail" ++#define LN_rfc822Mailbox "rfc822Mailbox" ++#define NID_rfc822Mailbox 460 ++#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L ++ ++#define SN_info "info" ++#define NID_info 461 ++#define OBJ_info OBJ_pilotAttributeType,4L ++ ++#define LN_favouriteDrink "favouriteDrink" ++#define NID_favouriteDrink 462 ++#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L ++ ++#define LN_roomNumber "roomNumber" ++#define NID_roomNumber 463 ++#define OBJ_roomNumber OBJ_pilotAttributeType,6L ++ ++#define SN_photo "photo" ++#define NID_photo 464 ++#define OBJ_photo OBJ_pilotAttributeType,7L ++ ++#define LN_userClass "userClass" ++#define NID_userClass 465 ++#define OBJ_userClass OBJ_pilotAttributeType,8L ++ ++#define SN_host "host" ++#define NID_host 466 ++#define OBJ_host OBJ_pilotAttributeType,9L ++ ++#define SN_manager "manager" ++#define NID_manager 467 ++#define OBJ_manager OBJ_pilotAttributeType,10L ++ ++#define LN_documentIdentifier "documentIdentifier" ++#define NID_documentIdentifier 468 ++#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L ++ ++#define LN_documentTitle "documentTitle" ++#define NID_documentTitle 469 ++#define OBJ_documentTitle OBJ_pilotAttributeType,12L ++ ++#define LN_documentVersion "documentVersion" ++#define NID_documentVersion 470 ++#define OBJ_documentVersion OBJ_pilotAttributeType,13L ++ ++#define LN_documentAuthor "documentAuthor" ++#define NID_documentAuthor 471 ++#define OBJ_documentAuthor OBJ_pilotAttributeType,14L ++ ++#define LN_documentLocation "documentLocation" ++#define NID_documentLocation 472 ++#define OBJ_documentLocation OBJ_pilotAttributeType,15L ++ ++#define LN_homeTelephoneNumber "homeTelephoneNumber" ++#define NID_homeTelephoneNumber 473 ++#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L ++ ++#define SN_secretary "secretary" ++#define NID_secretary 474 ++#define OBJ_secretary OBJ_pilotAttributeType,21L ++ ++#define LN_otherMailbox "otherMailbox" ++#define NID_otherMailbox 475 ++#define OBJ_otherMailbox OBJ_pilotAttributeType,22L ++ ++#define LN_lastModifiedTime "lastModifiedTime" ++#define NID_lastModifiedTime 476 ++#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L ++ ++#define LN_lastModifiedBy "lastModifiedBy" ++#define NID_lastModifiedBy 477 ++#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L ++ ++#define SN_domainComponent "DC" ++#define LN_domainComponent "domainComponent" ++#define NID_domainComponent 391 ++#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +-#define SN_id_set "id-set" +-#define LN_id_set "Secure Electronic Transactions" +-#define NID_id_set 512 +-#define OBJ_id_set OBJ_international_organizations,42L +- +-#define SN_set_ctype "set-ctype" +-#define LN_set_ctype "content types" +-#define NID_set_ctype 513 +-#define OBJ_set_ctype OBJ_id_set,0L +- +-#define SN_set_msgExt "set-msgExt" +-#define LN_set_msgExt "message extensions" +-#define NID_set_msgExt 514 +-#define OBJ_set_msgExt OBJ_id_set,1L +- +-#define SN_set_attr "set-attr" +-#define NID_set_attr 515 +-#define OBJ_set_attr OBJ_id_set,3L +- +-#define SN_set_policy "set-policy" +-#define NID_set_policy 516 +-#define OBJ_set_policy OBJ_id_set,5L +- +-#define SN_set_certExt "set-certExt" +-#define LN_set_certExt "certificate extensions" +-#define NID_set_certExt 517 +-#define OBJ_set_certExt OBJ_id_set,7L ++#define LN_aRecord "aRecord" ++#define NID_aRecord 478 ++#define OBJ_aRecord OBJ_pilotAttributeType,26L ++ ++#define LN_pilotAttributeType27 "pilotAttributeType27" ++#define NID_pilotAttributeType27 479 ++#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L ++ ++#define LN_mXRecord "mXRecord" ++#define NID_mXRecord 480 ++#define OBJ_mXRecord OBJ_pilotAttributeType,28L ++ ++#define LN_nSRecord "nSRecord" ++#define NID_nSRecord 481 ++#define OBJ_nSRecord OBJ_pilotAttributeType,29L ++ ++#define LN_sOARecord "sOARecord" ++#define NID_sOARecord 482 ++#define OBJ_sOARecord OBJ_pilotAttributeType,30L ++ ++#define LN_cNAMERecord "cNAMERecord" ++#define NID_cNAMERecord 483 ++#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L ++ ++#define LN_associatedDomain "associatedDomain" ++#define NID_associatedDomain 484 ++#define OBJ_associatedDomain OBJ_pilotAttributeType,37L ++ ++#define LN_associatedName "associatedName" ++#define NID_associatedName 485 ++#define OBJ_associatedName OBJ_pilotAttributeType,38L ++ ++#define LN_homePostalAddress "homePostalAddress" ++#define NID_homePostalAddress 486 ++#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L ++ ++#define LN_personalTitle "personalTitle" ++#define NID_personalTitle 487 ++#define OBJ_personalTitle OBJ_pilotAttributeType,40L ++ ++#define LN_mobileTelephoneNumber "mobileTelephoneNumber" ++#define NID_mobileTelephoneNumber 488 ++#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L ++ ++#define LN_pagerTelephoneNumber "pagerTelephoneNumber" ++#define NID_pagerTelephoneNumber 489 ++#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L ++ ++#define LN_friendlyCountryName "friendlyCountryName" ++#define NID_friendlyCountryName 490 ++#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L ++ ++#define LN_organizationalStatus "organizationalStatus" ++#define NID_organizationalStatus 491 ++#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L ++ ++#define LN_janetMailbox "janetMailbox" ++#define NID_janetMailbox 492 ++#define OBJ_janetMailbox OBJ_pilotAttributeType,46L ++ ++#define LN_mailPreferenceOption "mailPreferenceOption" ++#define NID_mailPreferenceOption 493 ++#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L ++ ++#define LN_buildingName "buildingName" ++#define NID_buildingName 494 ++#define OBJ_buildingName OBJ_pilotAttributeType,48L ++ ++#define LN_dSAQuality "dSAQuality" ++#define NID_dSAQuality 495 ++#define OBJ_dSAQuality OBJ_pilotAttributeType,49L ++ ++#define LN_singleLevelQuality "singleLevelQuality" ++#define NID_singleLevelQuality 496 ++#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L ++ ++#define LN_subtreeMinimumQuality "subtreeMinimumQuality" ++#define NID_subtreeMinimumQuality 497 ++#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L ++ ++#define LN_subtreeMaximumQuality "subtreeMaximumQuality" ++#define NID_subtreeMaximumQuality 498 ++#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L ++ ++#define LN_personalSignature "personalSignature" ++#define NID_personalSignature 499 ++#define OBJ_personalSignature OBJ_pilotAttributeType,53L ++ ++#define LN_dITRedirect "dITRedirect" ++#define NID_dITRedirect 500 ++#define OBJ_dITRedirect OBJ_pilotAttributeType,54L ++ ++#define SN_audio "audio" ++#define NID_audio 501 ++#define OBJ_audio OBJ_pilotAttributeType,55L ++ ++#define LN_documentPublisher "documentPublisher" ++#define NID_documentPublisher 502 ++#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +-#define SN_set_brand "set-brand" +-#define NID_set_brand 518 +-#define OBJ_set_brand OBJ_id_set,8L ++#define SN_id_set "id-set" ++#define LN_id_set "Secure Electronic Transactions" ++#define NID_id_set 512 ++#define OBJ_id_set OBJ_international_organizations,42L ++ ++#define SN_set_ctype "set-ctype" ++#define LN_set_ctype "content types" ++#define NID_set_ctype 513 ++#define OBJ_set_ctype OBJ_id_set,0L ++ ++#define SN_set_msgExt "set-msgExt" ++#define LN_set_msgExt "message extensions" ++#define NID_set_msgExt 514 ++#define OBJ_set_msgExt OBJ_id_set,1L ++ ++#define SN_set_attr "set-attr" ++#define NID_set_attr 515 ++#define OBJ_set_attr OBJ_id_set,3L ++ ++#define SN_set_policy "set-policy" ++#define NID_set_policy 516 ++#define OBJ_set_policy OBJ_id_set,5L ++ ++#define SN_set_certExt "set-certExt" ++#define LN_set_certExt "certificate extensions" ++#define NID_set_certExt 517 ++#define OBJ_set_certExt OBJ_id_set,7L + +-#define SN_setct_PANData "setct-PANData" +-#define NID_setct_PANData 519 +-#define OBJ_setct_PANData OBJ_set_ctype,0L ++#define SN_set_brand "set-brand" ++#define NID_set_brand 518 ++#define OBJ_set_brand OBJ_id_set,8L + +-#define SN_setct_PANToken "setct-PANToken" +-#define NID_setct_PANToken 520 +-#define OBJ_setct_PANToken OBJ_set_ctype,1L ++#define SN_setct_PANData "setct-PANData" ++#define NID_setct_PANData 519 ++#define OBJ_setct_PANData OBJ_set_ctype,0L + +-#define SN_setct_PANOnly "setct-PANOnly" +-#define NID_setct_PANOnly 521 +-#define OBJ_setct_PANOnly OBJ_set_ctype,2L ++#define SN_setct_PANToken "setct-PANToken" ++#define NID_setct_PANToken 520 ++#define OBJ_setct_PANToken OBJ_set_ctype,1L + +-#define SN_setct_OIData "setct-OIData" +-#define NID_setct_OIData 522 +-#define OBJ_setct_OIData OBJ_set_ctype,3L ++#define SN_setct_PANOnly "setct-PANOnly" ++#define NID_setct_PANOnly 521 ++#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +-#define SN_setct_PI "setct-PI" +-#define NID_setct_PI 523 +-#define OBJ_setct_PI OBJ_set_ctype,4L ++#define SN_setct_OIData "setct-OIData" ++#define NID_setct_OIData 522 ++#define OBJ_setct_OIData OBJ_set_ctype,3L + +-#define SN_setct_PIData "setct-PIData" +-#define NID_setct_PIData 524 +-#define OBJ_setct_PIData OBJ_set_ctype,5L ++#define SN_setct_PI "setct-PI" ++#define NID_setct_PI 523 ++#define OBJ_setct_PI OBJ_set_ctype,4L + +-#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +-#define NID_setct_PIDataUnsigned 525 +-#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L ++#define SN_setct_PIData "setct-PIData" ++#define NID_setct_PIData 524 ++#define OBJ_setct_PIData OBJ_set_ctype,5L + +-#define SN_setct_HODInput "setct-HODInput" +-#define NID_setct_HODInput 526 +-#define OBJ_setct_HODInput OBJ_set_ctype,7L ++#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" ++#define NID_setct_PIDataUnsigned 525 ++#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +-#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +-#define NID_setct_AuthResBaggage 527 +-#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L ++#define SN_setct_HODInput "setct-HODInput" ++#define NID_setct_HODInput 526 ++#define OBJ_setct_HODInput OBJ_set_ctype,7L + +-#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +-#define NID_setct_AuthRevReqBaggage 528 +-#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L ++#define SN_setct_AuthResBaggage "setct-AuthResBaggage" ++#define NID_setct_AuthResBaggage 527 ++#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +-#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +-#define NID_setct_AuthRevResBaggage 529 +-#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L ++#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" ++#define NID_setct_AuthRevReqBaggage 528 ++#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +-#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +-#define NID_setct_CapTokenSeq 530 +-#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L ++#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" ++#define NID_setct_AuthRevResBaggage 529 ++#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +-#define SN_setct_PInitResData "setct-PInitResData" +-#define NID_setct_PInitResData 531 +-#define OBJ_setct_PInitResData OBJ_set_ctype,12L ++#define SN_setct_CapTokenSeq "setct-CapTokenSeq" ++#define NID_setct_CapTokenSeq 530 ++#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +-#define SN_setct_PI_TBS "setct-PI-TBS" +-#define NID_setct_PI_TBS 532 +-#define OBJ_setct_PI_TBS OBJ_set_ctype,13L ++#define SN_setct_PInitResData "setct-PInitResData" ++#define NID_setct_PInitResData 531 ++#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +-#define SN_setct_PResData "setct-PResData" +-#define NID_setct_PResData 533 +-#define OBJ_setct_PResData OBJ_set_ctype,14L ++#define SN_setct_PI_TBS "setct-PI-TBS" ++#define NID_setct_PI_TBS 532 ++#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +-#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +-#define NID_setct_AuthReqTBS 534 +-#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L ++#define SN_setct_PResData "setct-PResData" ++#define NID_setct_PResData 533 ++#define OBJ_setct_PResData OBJ_set_ctype,14L + +-#define SN_setct_AuthResTBS "setct-AuthResTBS" +-#define NID_setct_AuthResTBS 535 +-#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L ++#define SN_setct_AuthReqTBS "setct-AuthReqTBS" ++#define NID_setct_AuthReqTBS 534 ++#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +-#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +-#define NID_setct_AuthResTBSX 536 +-#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L ++#define SN_setct_AuthResTBS "setct-AuthResTBS" ++#define NID_setct_AuthResTBS 535 ++#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +-#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +-#define NID_setct_AuthTokenTBS 537 +-#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L ++#define SN_setct_AuthResTBSX "setct-AuthResTBSX" ++#define NID_setct_AuthResTBSX 536 ++#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +-#define SN_setct_CapTokenData "setct-CapTokenData" +-#define NID_setct_CapTokenData 538 +-#define OBJ_setct_CapTokenData OBJ_set_ctype,20L ++#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" ++#define NID_setct_AuthTokenTBS 537 ++#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +-#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +-#define NID_setct_CapTokenTBS 539 +-#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L ++#define SN_setct_CapTokenData "setct-CapTokenData" ++#define NID_setct_CapTokenData 538 ++#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +-#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +-#define NID_setct_AcqCardCodeMsg 540 +-#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L ++#define SN_setct_CapTokenTBS "setct-CapTokenTBS" ++#define NID_setct_CapTokenTBS 539 ++#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +-#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +-#define NID_setct_AuthRevReqTBS 541 +-#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L ++#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" ++#define NID_setct_AcqCardCodeMsg 540 ++#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +-#define SN_setct_AuthRevResData "setct-AuthRevResData" +-#define NID_setct_AuthRevResData 542 +-#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L ++#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" ++#define NID_setct_AuthRevReqTBS 541 ++#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +-#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +-#define NID_setct_AuthRevResTBS 543 +-#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L ++#define SN_setct_AuthRevResData "setct-AuthRevResData" ++#define NID_setct_AuthRevResData 542 ++#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +-#define SN_setct_CapReqTBS "setct-CapReqTBS" +-#define NID_setct_CapReqTBS 544 +-#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L ++#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" ++#define NID_setct_AuthRevResTBS 543 ++#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +-#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +-#define NID_setct_CapReqTBSX 545 +-#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L ++#define SN_setct_CapReqTBS "setct-CapReqTBS" ++#define NID_setct_CapReqTBS 544 ++#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +-#define SN_setct_CapResData "setct-CapResData" +-#define NID_setct_CapResData 546 +-#define OBJ_setct_CapResData OBJ_set_ctype,28L ++#define SN_setct_CapReqTBSX "setct-CapReqTBSX" ++#define NID_setct_CapReqTBSX 545 ++#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +-#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +-#define NID_setct_CapRevReqTBS 547 +-#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L ++#define SN_setct_CapResData "setct-CapResData" ++#define NID_setct_CapResData 546 ++#define OBJ_setct_CapResData OBJ_set_ctype,28L + +-#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +-#define NID_setct_CapRevReqTBSX 548 +-#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L ++#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" ++#define NID_setct_CapRevReqTBS 547 ++#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +-#define SN_setct_CapRevResData "setct-CapRevResData" +-#define NID_setct_CapRevResData 549 +-#define OBJ_setct_CapRevResData OBJ_set_ctype,31L ++#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" ++#define NID_setct_CapRevReqTBSX 548 ++#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +-#define SN_setct_CredReqTBS "setct-CredReqTBS" +-#define NID_setct_CredReqTBS 550 +-#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L ++#define SN_setct_CapRevResData "setct-CapRevResData" ++#define NID_setct_CapRevResData 549 ++#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +-#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +-#define NID_setct_CredReqTBSX 551 +-#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L ++#define SN_setct_CredReqTBS "setct-CredReqTBS" ++#define NID_setct_CredReqTBS 550 ++#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +-#define SN_setct_CredResData "setct-CredResData" +-#define NID_setct_CredResData 552 +-#define OBJ_setct_CredResData OBJ_set_ctype,34L ++#define SN_setct_CredReqTBSX "setct-CredReqTBSX" ++#define NID_setct_CredReqTBSX 551 ++#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +-#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +-#define NID_setct_CredRevReqTBS 553 +-#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L ++#define SN_setct_CredResData "setct-CredResData" ++#define NID_setct_CredResData 552 ++#define OBJ_setct_CredResData OBJ_set_ctype,34L + +-#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +-#define NID_setct_CredRevReqTBSX 554 +-#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L ++#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" ++#define NID_setct_CredRevReqTBS 553 ++#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +-#define SN_setct_CredRevResData "setct-CredRevResData" +-#define NID_setct_CredRevResData 555 +-#define OBJ_setct_CredRevResData OBJ_set_ctype,37L ++#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" ++#define NID_setct_CredRevReqTBSX 554 ++#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +-#define SN_setct_PCertReqData "setct-PCertReqData" +-#define NID_setct_PCertReqData 556 +-#define OBJ_setct_PCertReqData OBJ_set_ctype,38L ++#define SN_setct_CredRevResData "setct-CredRevResData" ++#define NID_setct_CredRevResData 555 ++#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +-#define SN_setct_PCertResTBS "setct-PCertResTBS" +-#define NID_setct_PCertResTBS 557 +-#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L ++#define SN_setct_PCertReqData "setct-PCertReqData" ++#define NID_setct_PCertReqData 556 ++#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +-#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +-#define NID_setct_BatchAdminReqData 558 +-#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L ++#define SN_setct_PCertResTBS "setct-PCertResTBS" ++#define NID_setct_PCertResTBS 557 ++#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +-#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +-#define NID_setct_BatchAdminResData 559 +-#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L ++#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" ++#define NID_setct_BatchAdminReqData 558 ++#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +-#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +-#define NID_setct_CardCInitResTBS 560 +-#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L ++#define SN_setct_BatchAdminResData "setct-BatchAdminResData" ++#define NID_setct_BatchAdminResData 559 ++#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +-#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +-#define NID_setct_MeAqCInitResTBS 561 +-#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L ++#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" ++#define NID_setct_CardCInitResTBS 560 ++#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +-#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +-#define NID_setct_RegFormResTBS 562 +-#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L ++#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" ++#define NID_setct_MeAqCInitResTBS 561 ++#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +-#define SN_setct_CertReqData "setct-CertReqData" +-#define NID_setct_CertReqData 563 +-#define OBJ_setct_CertReqData OBJ_set_ctype,45L ++#define SN_setct_RegFormResTBS "setct-RegFormResTBS" ++#define NID_setct_RegFormResTBS 562 ++#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +-#define SN_setct_CertReqTBS "setct-CertReqTBS" +-#define NID_setct_CertReqTBS 564 +-#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L ++#define SN_setct_CertReqData "setct-CertReqData" ++#define NID_setct_CertReqData 563 ++#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +-#define SN_setct_CertResData "setct-CertResData" +-#define NID_setct_CertResData 565 +-#define OBJ_setct_CertResData OBJ_set_ctype,47L ++#define SN_setct_CertReqTBS "setct-CertReqTBS" ++#define NID_setct_CertReqTBS 564 ++#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +-#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +-#define NID_setct_CertInqReqTBS 566 +-#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L ++#define SN_setct_CertResData "setct-CertResData" ++#define NID_setct_CertResData 565 ++#define OBJ_setct_CertResData OBJ_set_ctype,47L + +-#define SN_setct_ErrorTBS "setct-ErrorTBS" +-#define NID_setct_ErrorTBS 567 +-#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L ++#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" ++#define NID_setct_CertInqReqTBS 566 ++#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +-#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +-#define NID_setct_PIDualSignedTBE 568 +-#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L ++#define SN_setct_ErrorTBS "setct-ErrorTBS" ++#define NID_setct_ErrorTBS 567 ++#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +-#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +-#define NID_setct_PIUnsignedTBE 569 +-#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L ++#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" ++#define NID_setct_PIDualSignedTBE 568 ++#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +-#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +-#define NID_setct_AuthReqTBE 570 +-#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L ++#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" ++#define NID_setct_PIUnsignedTBE 569 ++#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +-#define SN_setct_AuthResTBE "setct-AuthResTBE" +-#define NID_setct_AuthResTBE 571 +-#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L ++#define SN_setct_AuthReqTBE "setct-AuthReqTBE" ++#define NID_setct_AuthReqTBE 570 ++#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +-#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +-#define NID_setct_AuthResTBEX 572 +-#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L ++#define SN_setct_AuthResTBE "setct-AuthResTBE" ++#define NID_setct_AuthResTBE 571 ++#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +-#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +-#define NID_setct_AuthTokenTBE 573 +-#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L ++#define SN_setct_AuthResTBEX "setct-AuthResTBEX" ++#define NID_setct_AuthResTBEX 572 ++#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +-#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +-#define NID_setct_CapTokenTBE 574 +-#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L ++#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" ++#define NID_setct_AuthTokenTBE 573 ++#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +-#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +-#define NID_setct_CapTokenTBEX 575 +-#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L ++#define SN_setct_CapTokenTBE "setct-CapTokenTBE" ++#define NID_setct_CapTokenTBE 574 ++#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +-#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +-#define NID_setct_AcqCardCodeMsgTBE 576 +-#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L ++#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" ++#define NID_setct_CapTokenTBEX 575 ++#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +-#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +-#define NID_setct_AuthRevReqTBE 577 +-#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L ++#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" ++#define NID_setct_AcqCardCodeMsgTBE 576 ++#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +-#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +-#define NID_setct_AuthRevResTBE 578 +-#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L ++#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" ++#define NID_setct_AuthRevReqTBE 577 ++#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +-#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +-#define NID_setct_AuthRevResTBEB 579 +-#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L ++#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" ++#define NID_setct_AuthRevResTBE 578 ++#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +-#define SN_setct_CapReqTBE "setct-CapReqTBE" +-#define NID_setct_CapReqTBE 580 +-#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L ++#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" ++#define NID_setct_AuthRevResTBEB 579 ++#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +-#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +-#define NID_setct_CapReqTBEX 581 +-#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L ++#define SN_setct_CapReqTBE "setct-CapReqTBE" ++#define NID_setct_CapReqTBE 580 ++#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +-#define SN_setct_CapResTBE "setct-CapResTBE" +-#define NID_setct_CapResTBE 582 +-#define OBJ_setct_CapResTBE OBJ_set_ctype,64L ++#define SN_setct_CapReqTBEX "setct-CapReqTBEX" ++#define NID_setct_CapReqTBEX 581 ++#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +-#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +-#define NID_setct_CapRevReqTBE 583 +-#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L ++#define SN_setct_CapResTBE "setct-CapResTBE" ++#define NID_setct_CapResTBE 582 ++#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +-#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +-#define NID_setct_CapRevReqTBEX 584 +-#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L ++#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" ++#define NID_setct_CapRevReqTBE 583 ++#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +-#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +-#define NID_setct_CapRevResTBE 585 +-#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L ++#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" ++#define NID_setct_CapRevReqTBEX 584 ++#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +-#define SN_setct_CredReqTBE "setct-CredReqTBE" +-#define NID_setct_CredReqTBE 586 +-#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L ++#define SN_setct_CapRevResTBE "setct-CapRevResTBE" ++#define NID_setct_CapRevResTBE 585 ++#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +-#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +-#define NID_setct_CredReqTBEX 587 +-#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L ++#define SN_setct_CredReqTBE "setct-CredReqTBE" ++#define NID_setct_CredReqTBE 586 ++#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +-#define SN_setct_CredResTBE "setct-CredResTBE" +-#define NID_setct_CredResTBE 588 +-#define OBJ_setct_CredResTBE OBJ_set_ctype,70L ++#define SN_setct_CredReqTBEX "setct-CredReqTBEX" ++#define NID_setct_CredReqTBEX 587 ++#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +-#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +-#define NID_setct_CredRevReqTBE 589 +-#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L ++#define SN_setct_CredResTBE "setct-CredResTBE" ++#define NID_setct_CredResTBE 588 ++#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +-#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +-#define NID_setct_CredRevReqTBEX 590 +-#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L ++#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" ++#define NID_setct_CredRevReqTBE 589 ++#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +-#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +-#define NID_setct_CredRevResTBE 591 +-#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L ++#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" ++#define NID_setct_CredRevReqTBEX 590 ++#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +-#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +-#define NID_setct_BatchAdminReqTBE 592 +-#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L ++#define SN_setct_CredRevResTBE "setct-CredRevResTBE" ++#define NID_setct_CredRevResTBE 591 ++#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +-#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +-#define NID_setct_BatchAdminResTBE 593 +-#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L ++#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" ++#define NID_setct_BatchAdminReqTBE 592 ++#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +-#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +-#define NID_setct_RegFormReqTBE 594 +-#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L ++#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" ++#define NID_setct_BatchAdminResTBE 593 ++#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +-#define SN_setct_CertReqTBE "setct-CertReqTBE" +-#define NID_setct_CertReqTBE 595 +-#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L ++#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" ++#define NID_setct_RegFormReqTBE 594 ++#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +-#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +-#define NID_setct_CertReqTBEX 596 +-#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L ++#define SN_setct_CertReqTBE "setct-CertReqTBE" ++#define NID_setct_CertReqTBE 595 ++#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +-#define SN_setct_CertResTBE "setct-CertResTBE" +-#define NID_setct_CertResTBE 597 +-#define OBJ_setct_CertResTBE OBJ_set_ctype,79L ++#define SN_setct_CertReqTBEX "setct-CertReqTBEX" ++#define NID_setct_CertReqTBEX 596 ++#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +-#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +-#define NID_setct_CRLNotificationTBS 598 +-#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L ++#define SN_setct_CertResTBE "setct-CertResTBE" ++#define NID_setct_CertResTBE 597 ++#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +-#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +-#define NID_setct_CRLNotificationResTBS 599 +-#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L +- +-#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +-#define NID_setct_BCIDistributionTBS 600 +-#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L +- +-#define SN_setext_genCrypt "setext-genCrypt" +-#define LN_setext_genCrypt "generic cryptogram" +-#define NID_setext_genCrypt 601 +-#define OBJ_setext_genCrypt OBJ_set_msgExt,1L +- +-#define SN_setext_miAuth "setext-miAuth" +-#define LN_setext_miAuth "merchant initiated auth" +-#define NID_setext_miAuth 602 +-#define OBJ_setext_miAuth OBJ_set_msgExt,3L +- +-#define SN_setext_pinSecure "setext-pinSecure" +-#define NID_setext_pinSecure 603 +-#define OBJ_setext_pinSecure OBJ_set_msgExt,4L +- +-#define SN_setext_pinAny "setext-pinAny" +-#define NID_setext_pinAny 604 +-#define OBJ_setext_pinAny OBJ_set_msgExt,5L +- +-#define SN_setext_track2 "setext-track2" +-#define NID_setext_track2 605 +-#define OBJ_setext_track2 OBJ_set_msgExt,7L +- +-#define SN_setext_cv "setext-cv" +-#define LN_setext_cv "additional verification" +-#define NID_setext_cv 606 +-#define OBJ_setext_cv OBJ_set_msgExt,8L +- +-#define SN_set_policy_root "set-policy-root" +-#define NID_set_policy_root 607 +-#define OBJ_set_policy_root OBJ_set_policy,0L +- +-#define SN_setCext_hashedRoot "setCext-hashedRoot" +-#define NID_setCext_hashedRoot 608 +-#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L +- +-#define SN_setCext_certType "setCext-certType" +-#define NID_setCext_certType 609 +-#define OBJ_setCext_certType OBJ_set_certExt,1L +- +-#define SN_setCext_merchData "setCext-merchData" +-#define NID_setCext_merchData 610 +-#define OBJ_setCext_merchData OBJ_set_certExt,2L +- +-#define SN_setCext_cCertRequired "setCext-cCertRequired" +-#define NID_setCext_cCertRequired 611 +-#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L +- +-#define SN_setCext_tunneling "setCext-tunneling" +-#define NID_setCext_tunneling 612 +-#define OBJ_setCext_tunneling OBJ_set_certExt,4L +- +-#define SN_setCext_setExt "setCext-setExt" +-#define NID_setCext_setExt 613 +-#define OBJ_setCext_setExt OBJ_set_certExt,5L +- +-#define SN_setCext_setQualf "setCext-setQualf" +-#define NID_setCext_setQualf 614 +-#define OBJ_setCext_setQualf OBJ_set_certExt,6L +- +-#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +-#define NID_setCext_PGWYcapabilities 615 +-#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L +- +-#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +-#define NID_setCext_TokenIdentifier 616 +-#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L +- +-#define SN_setCext_Track2Data "setCext-Track2Data" +-#define NID_setCext_Track2Data 617 +-#define OBJ_setCext_Track2Data OBJ_set_certExt,9L +- +-#define SN_setCext_TokenType "setCext-TokenType" +-#define NID_setCext_TokenType 618 +-#define OBJ_setCext_TokenType OBJ_set_certExt,10L +- +-#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +-#define NID_setCext_IssuerCapabilities 619 +-#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L +- +-#define SN_setAttr_Cert "setAttr-Cert" +-#define NID_setAttr_Cert 620 +-#define OBJ_setAttr_Cert OBJ_set_attr,0L +- +-#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +-#define LN_setAttr_PGWYcap "payment gateway capabilities" +-#define NID_setAttr_PGWYcap 621 +-#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L +- +-#define SN_setAttr_TokenType "setAttr-TokenType" +-#define NID_setAttr_TokenType 622 +-#define OBJ_setAttr_TokenType OBJ_set_attr,2L +- +-#define SN_setAttr_IssCap "setAttr-IssCap" +-#define LN_setAttr_IssCap "issuer capabilities" +-#define NID_setAttr_IssCap 623 +-#define OBJ_setAttr_IssCap OBJ_set_attr,3L +- +-#define SN_set_rootKeyThumb "set-rootKeyThumb" +-#define NID_set_rootKeyThumb 624 +-#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L +- +-#define SN_set_addPolicy "set-addPolicy" +-#define NID_set_addPolicy 625 +-#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L +- +-#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +-#define NID_setAttr_Token_EMV 626 +-#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L +- +-#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +-#define NID_setAttr_Token_B0Prime 627 +-#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L +- +-#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +-#define NID_setAttr_IssCap_CVM 628 +-#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L +- +-#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +-#define NID_setAttr_IssCap_T2 629 +-#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L +- +-#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +-#define NID_setAttr_IssCap_Sig 630 +-#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L +- +-#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +-#define LN_setAttr_GenCryptgrm "generate cryptogram" +-#define NID_setAttr_GenCryptgrm 631 +-#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L +- +-#define SN_setAttr_T2Enc "setAttr-T2Enc" +-#define LN_setAttr_T2Enc "encrypted track 2" +-#define NID_setAttr_T2Enc 632 +-#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L +- +-#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +-#define LN_setAttr_T2cleartxt "cleartext track 2" +-#define NID_setAttr_T2cleartxt 633 +-#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L +- +-#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +-#define LN_setAttr_TokICCsig "ICC or token signature" +-#define NID_setAttr_TokICCsig 634 +-#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L +- +-#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +-#define LN_setAttr_SecDevSig "secure device signature" +-#define NID_setAttr_SecDevSig 635 +-#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L +- +-#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +-#define NID_set_brand_IATA_ATA 636 +-#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L +- +-#define SN_set_brand_Diners "set-brand-Diners" +-#define NID_set_brand_Diners 637 +-#define OBJ_set_brand_Diners OBJ_set_brand,30L +- +-#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +-#define NID_set_brand_AmericanExpress 638 +-#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L +- +-#define SN_set_brand_JCB "set-brand-JCB" +-#define NID_set_brand_JCB 639 +-#define OBJ_set_brand_JCB OBJ_set_brand,35L +- +-#define SN_set_brand_Visa "set-brand-Visa" +-#define NID_set_brand_Visa 640 +-#define OBJ_set_brand_Visa OBJ_set_brand,4L +- +-#define SN_set_brand_MasterCard "set-brand-MasterCard" +-#define NID_set_brand_MasterCard 641 +-#define OBJ_set_brand_MasterCard OBJ_set_brand,5L +- +-#define SN_set_brand_Novus "set-brand-Novus" +-#define NID_set_brand_Novus 642 +-#define OBJ_set_brand_Novus OBJ_set_brand,6011L +- +-#define SN_des_cdmf "DES-CDMF" +-#define LN_des_cdmf "des-cdmf" +-#define NID_des_cdmf 643 +-#define OBJ_des_cdmf OBJ_rsadsi,3L,10L +- +-#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +-#define NID_rsaOAEPEncryptionSET 644 +-#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L +- +-#define SN_ipsec3 "Oakley-EC2N-3" +-#define LN_ipsec3 "ipsec3" +-#define NID_ipsec3 749 +- +-#define SN_ipsec4 "Oakley-EC2N-4" +-#define LN_ipsec4 "ipsec4" +-#define NID_ipsec4 750 +- +-#define SN_whirlpool "whirlpool" +-#define NID_whirlpool 804 +-#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L +- +-#define SN_cryptopro "cryptopro" +-#define NID_cryptopro 805 +-#define OBJ_cryptopro OBJ_member_body,643L,2L,2L +- +-#define SN_cryptocom "cryptocom" +-#define NID_cryptocom 806 +-#define OBJ_cryptocom OBJ_member_body,643L,2L,9L +- +-#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +-#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +-#define NID_id_GostR3411_94_with_GostR3410_2001 807 +-#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L +- +-#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +-#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +-#define NID_id_GostR3411_94_with_GostR3410_94 808 +-#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L +- +-#define SN_id_GostR3411_94 "md_gost94" +-#define LN_id_GostR3411_94 "GOST R 34.11-94" +-#define NID_id_GostR3411_94 809 +-#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L +- +-#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +-#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +-#define NID_id_HMACGostR3411_94 810 +-#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L +- +-#define SN_id_GostR3410_2001 "gost2001" +-#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +-#define NID_id_GostR3410_2001 811 +-#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L +- +-#define SN_id_GostR3410_94 "gost94" +-#define LN_id_GostR3410_94 "GOST R 34.10-94" +-#define NID_id_GostR3410_94 812 +-#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L +- +-#define SN_id_Gost28147_89 "gost89" +-#define LN_id_Gost28147_89 "GOST 28147-89" +-#define NID_id_Gost28147_89 813 +-#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L +- +-#define SN_gost89_cnt "gost89-cnt" +-#define NID_gost89_cnt 814 +- +-#define SN_id_Gost28147_89_MAC "gost-mac" +-#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +-#define NID_id_Gost28147_89_MAC 815 +-#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L +- +-#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +-#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +-#define NID_id_GostR3411_94_prf 816 +-#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L +- +-#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +-#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +-#define NID_id_GostR3410_2001DH 817 +-#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L +- +-#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +-#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +-#define NID_id_GostR3410_94DH 818 +-#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L +- +-#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +-#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +-#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L +- +-#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +-#define NID_id_Gost28147_89_None_KeyMeshing 820 +-#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L +- +-#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +-#define NID_id_GostR3411_94_TestParamSet 821 +-#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L +- +-#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +-#define NID_id_GostR3411_94_CryptoProParamSet 822 +-#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L +- +-#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +-#define NID_id_Gost28147_89_TestParamSet 823 +-#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L +- +-#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +-#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L +- +-#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +-#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L +- +-#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +-#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L +- +-#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +-#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L +- +-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L +- +-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L +- +-#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +-#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +-#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L +- +-#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +-#define NID_id_GostR3410_94_TestParamSet 831 +-#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L +- +-#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +-#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L +- +-#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +-#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L +- +-#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +-#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L +- +-#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +-#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L +- +-#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +-#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L +- +-#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +-#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L +- +-#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +-#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +-#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L +- +-#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +-#define NID_id_GostR3410_2001_TestParamSet 839 +-#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L +- +-#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +-#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +-#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L +- +-#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +-#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +-#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L +- +-#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +-#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +-#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L +- +-#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +-#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +-#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L +- +-#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +-#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +-#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L +- +-#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +-#define NID_id_GostR3410_94_a 845 +-#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L +- +-#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +-#define NID_id_GostR3410_94_aBis 846 +-#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L +- +-#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +-#define NID_id_GostR3410_94_b 847 +-#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L +- +-#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +-#define NID_id_GostR3410_94_bBis 848 +-#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L +- +-#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +-#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +-#define NID_id_Gost28147_89_cc 849 +-#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L +- +-#define SN_id_GostR3410_94_cc "gost94cc" +-#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +-#define NID_id_GostR3410_94_cc 850 +-#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L +- +-#define SN_id_GostR3410_2001_cc "gost2001cc" +-#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +-#define NID_id_GostR3410_2001_cc 851 +-#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L +- +-#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +-#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +-#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +-#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L +- +-#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +-#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +-#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +-#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L +- +-#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +-#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +-#define NID_id_GostR3410_2001_ParamSet_cc 854 +-#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L +- +-#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +-#define LN_camellia_128_cbc "camellia-128-cbc" +-#define NID_camellia_128_cbc 751 +-#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L +- +-#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +-#define LN_camellia_192_cbc "camellia-192-cbc" +-#define NID_camellia_192_cbc 752 +-#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L +- +-#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +-#define LN_camellia_256_cbc "camellia-256-cbc" +-#define NID_camellia_256_cbc 753 +-#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L +- +-#define OBJ_ntt_ds 0L,3L,4401L,5L +- +-#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L +- +-#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +-#define LN_camellia_128_ecb "camellia-128-ecb" +-#define NID_camellia_128_ecb 754 +-#define OBJ_camellia_128_ecb OBJ_camellia,1L +- +-#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +-#define LN_camellia_128_ofb128 "camellia-128-ofb" +-#define NID_camellia_128_ofb128 766 +-#define OBJ_camellia_128_ofb128 OBJ_camellia,3L +- +-#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +-#define LN_camellia_128_cfb128 "camellia-128-cfb" +-#define NID_camellia_128_cfb128 757 +-#define OBJ_camellia_128_cfb128 OBJ_camellia,4L +- +-#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +-#define LN_camellia_192_ecb "camellia-192-ecb" +-#define NID_camellia_192_ecb 755 +-#define OBJ_camellia_192_ecb OBJ_camellia,21L +- +-#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +-#define LN_camellia_192_ofb128 "camellia-192-ofb" +-#define NID_camellia_192_ofb128 767 +-#define OBJ_camellia_192_ofb128 OBJ_camellia,23L +- +-#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +-#define LN_camellia_192_cfb128 "camellia-192-cfb" +-#define NID_camellia_192_cfb128 758 +-#define OBJ_camellia_192_cfb128 OBJ_camellia,24L +- +-#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +-#define LN_camellia_256_ecb "camellia-256-ecb" +-#define NID_camellia_256_ecb 756 +-#define OBJ_camellia_256_ecb OBJ_camellia,41L +- +-#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +-#define LN_camellia_256_ofb128 "camellia-256-ofb" +-#define NID_camellia_256_ofb128 768 +-#define OBJ_camellia_256_ofb128 OBJ_camellia,43L +- +-#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +-#define LN_camellia_256_cfb128 "camellia-256-cfb" +-#define NID_camellia_256_cfb128 759 +-#define OBJ_camellia_256_cfb128 OBJ_camellia,44L +- +-#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +-#define LN_camellia_128_cfb1 "camellia-128-cfb1" +-#define NID_camellia_128_cfb1 760 +- +-#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +-#define LN_camellia_192_cfb1 "camellia-192-cfb1" +-#define NID_camellia_192_cfb1 761 +- +-#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +-#define LN_camellia_256_cfb1 "camellia-256-cfb1" +-#define NID_camellia_256_cfb1 762 +- +-#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +-#define LN_camellia_128_cfb8 "camellia-128-cfb8" +-#define NID_camellia_128_cfb8 763 +- +-#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +-#define LN_camellia_192_cfb8 "camellia-192-cfb8" +-#define NID_camellia_192_cfb8 764 +- +-#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +-#define LN_camellia_256_cfb8 "camellia-256-cfb8" +-#define NID_camellia_256_cfb8 765 +- +-#define SN_kisa "KISA" +-#define LN_kisa "kisa" +-#define NID_kisa 773 +-#define OBJ_kisa OBJ_member_body,410L,200004L +- +-#define SN_seed_ecb "SEED-ECB" +-#define LN_seed_ecb "seed-ecb" +-#define NID_seed_ecb 776 +-#define OBJ_seed_ecb OBJ_kisa,1L,3L +- +-#define SN_seed_cbc "SEED-CBC" +-#define LN_seed_cbc "seed-cbc" +-#define NID_seed_cbc 777 +-#define OBJ_seed_cbc OBJ_kisa,1L,4L +- +-#define SN_seed_cfb128 "SEED-CFB" +-#define LN_seed_cfb128 "seed-cfb" +-#define NID_seed_cfb128 779 +-#define OBJ_seed_cfb128 OBJ_kisa,1L,5L +- +-#define SN_seed_ofb128 "SEED-OFB" +-#define LN_seed_ofb128 "seed-ofb" +-#define NID_seed_ofb128 778 +-#define OBJ_seed_ofb128 OBJ_kisa,1L,6L +- +-#define SN_hmac "HMAC" +-#define LN_hmac "hmac" +-#define NID_hmac 855 ++#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" ++#define NID_setct_CRLNotificationTBS 598 ++#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + ++#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" ++#define NID_setct_CRLNotificationResTBS 599 ++#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L ++ ++#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" ++#define NID_setct_BCIDistributionTBS 600 ++#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L ++ ++#define SN_setext_genCrypt "setext-genCrypt" ++#define LN_setext_genCrypt "generic cryptogram" ++#define NID_setext_genCrypt 601 ++#define OBJ_setext_genCrypt OBJ_set_msgExt,1L ++ ++#define SN_setext_miAuth "setext-miAuth" ++#define LN_setext_miAuth "merchant initiated auth" ++#define NID_setext_miAuth 602 ++#define OBJ_setext_miAuth OBJ_set_msgExt,3L ++ ++#define SN_setext_pinSecure "setext-pinSecure" ++#define NID_setext_pinSecure 603 ++#define OBJ_setext_pinSecure OBJ_set_msgExt,4L ++ ++#define SN_setext_pinAny "setext-pinAny" ++#define NID_setext_pinAny 604 ++#define OBJ_setext_pinAny OBJ_set_msgExt,5L ++ ++#define SN_setext_track2 "setext-track2" ++#define NID_setext_track2 605 ++#define OBJ_setext_track2 OBJ_set_msgExt,7L ++ ++#define SN_setext_cv "setext-cv" ++#define LN_setext_cv "additional verification" ++#define NID_setext_cv 606 ++#define OBJ_setext_cv OBJ_set_msgExt,8L ++ ++#define SN_set_policy_root "set-policy-root" ++#define NID_set_policy_root 607 ++#define OBJ_set_policy_root OBJ_set_policy,0L ++ ++#define SN_setCext_hashedRoot "setCext-hashedRoot" ++#define NID_setCext_hashedRoot 608 ++#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L ++ ++#define SN_setCext_certType "setCext-certType" ++#define NID_setCext_certType 609 ++#define OBJ_setCext_certType OBJ_set_certExt,1L ++ ++#define SN_setCext_merchData "setCext-merchData" ++#define NID_setCext_merchData 610 ++#define OBJ_setCext_merchData OBJ_set_certExt,2L ++ ++#define SN_setCext_cCertRequired "setCext-cCertRequired" ++#define NID_setCext_cCertRequired 611 ++#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L ++ ++#define SN_setCext_tunneling "setCext-tunneling" ++#define NID_setCext_tunneling 612 ++#define OBJ_setCext_tunneling OBJ_set_certExt,4L ++ ++#define SN_setCext_setExt "setCext-setExt" ++#define NID_setCext_setExt 613 ++#define OBJ_setCext_setExt OBJ_set_certExt,5L ++ ++#define SN_setCext_setQualf "setCext-setQualf" ++#define NID_setCext_setQualf 614 ++#define OBJ_setCext_setQualf OBJ_set_certExt,6L ++ ++#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" ++#define NID_setCext_PGWYcapabilities 615 ++#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L ++ ++#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" ++#define NID_setCext_TokenIdentifier 616 ++#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L ++ ++#define SN_setCext_Track2Data "setCext-Track2Data" ++#define NID_setCext_Track2Data 617 ++#define OBJ_setCext_Track2Data OBJ_set_certExt,9L ++ ++#define SN_setCext_TokenType "setCext-TokenType" ++#define NID_setCext_TokenType 618 ++#define OBJ_setCext_TokenType OBJ_set_certExt,10L ++ ++#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" ++#define NID_setCext_IssuerCapabilities 619 ++#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L ++ ++#define SN_setAttr_Cert "setAttr-Cert" ++#define NID_setAttr_Cert 620 ++#define OBJ_setAttr_Cert OBJ_set_attr,0L ++ ++#define SN_setAttr_PGWYcap "setAttr-PGWYcap" ++#define LN_setAttr_PGWYcap "payment gateway capabilities" ++#define NID_setAttr_PGWYcap 621 ++#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L ++ ++#define SN_setAttr_TokenType "setAttr-TokenType" ++#define NID_setAttr_TokenType 622 ++#define OBJ_setAttr_TokenType OBJ_set_attr,2L ++ ++#define SN_setAttr_IssCap "setAttr-IssCap" ++#define LN_setAttr_IssCap "issuer capabilities" ++#define NID_setAttr_IssCap 623 ++#define OBJ_setAttr_IssCap OBJ_set_attr,3L ++ ++#define SN_set_rootKeyThumb "set-rootKeyThumb" ++#define NID_set_rootKeyThumb 624 ++#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L ++ ++#define SN_set_addPolicy "set-addPolicy" ++#define NID_set_addPolicy 625 ++#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L ++ ++#define SN_setAttr_Token_EMV "setAttr-Token-EMV" ++#define NID_setAttr_Token_EMV 626 ++#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L ++ ++#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" ++#define NID_setAttr_Token_B0Prime 627 ++#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L ++ ++#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" ++#define NID_setAttr_IssCap_CVM 628 ++#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L ++ ++#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" ++#define NID_setAttr_IssCap_T2 629 ++#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L ++ ++#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" ++#define NID_setAttr_IssCap_Sig 630 ++#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L ++ ++#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" ++#define LN_setAttr_GenCryptgrm "generate cryptogram" ++#define NID_setAttr_GenCryptgrm 631 ++#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L ++ ++#define SN_setAttr_T2Enc "setAttr-T2Enc" ++#define LN_setAttr_T2Enc "encrypted track 2" ++#define NID_setAttr_T2Enc 632 ++#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L ++ ++#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" ++#define LN_setAttr_T2cleartxt "cleartext track 2" ++#define NID_setAttr_T2cleartxt 633 ++#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L ++ ++#define SN_setAttr_TokICCsig "setAttr-TokICCsig" ++#define LN_setAttr_TokICCsig "ICC or token signature" ++#define NID_setAttr_TokICCsig 634 ++#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L ++ ++#define SN_setAttr_SecDevSig "setAttr-SecDevSig" ++#define LN_setAttr_SecDevSig "secure device signature" ++#define NID_setAttr_SecDevSig 635 ++#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L ++ ++#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" ++#define NID_set_brand_IATA_ATA 636 ++#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L ++ ++#define SN_set_brand_Diners "set-brand-Diners" ++#define NID_set_brand_Diners 637 ++#define OBJ_set_brand_Diners OBJ_set_brand,30L ++ ++#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" ++#define NID_set_brand_AmericanExpress 638 ++#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L ++ ++#define SN_set_brand_JCB "set-brand-JCB" ++#define NID_set_brand_JCB 639 ++#define OBJ_set_brand_JCB OBJ_set_brand,35L ++ ++#define SN_set_brand_Visa "set-brand-Visa" ++#define NID_set_brand_Visa 640 ++#define OBJ_set_brand_Visa OBJ_set_brand,4L ++ ++#define SN_set_brand_MasterCard "set-brand-MasterCard" ++#define NID_set_brand_MasterCard 641 ++#define OBJ_set_brand_MasterCard OBJ_set_brand,5L ++ ++#define SN_set_brand_Novus "set-brand-Novus" ++#define NID_set_brand_Novus 642 ++#define OBJ_set_brand_Novus OBJ_set_brand,6011L ++ ++#define SN_des_cdmf "DES-CDMF" ++#define LN_des_cdmf "des-cdmf" ++#define NID_des_cdmf 643 ++#define OBJ_des_cdmf OBJ_rsadsi,3L,10L ++ ++#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" ++#define NID_rsaOAEPEncryptionSET 644 ++#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L ++ ++#define SN_ipsec3 "Oakley-EC2N-3" ++#define LN_ipsec3 "ipsec3" ++#define NID_ipsec3 749 ++ ++#define SN_ipsec4 "Oakley-EC2N-4" ++#define LN_ipsec4 "ipsec4" ++#define NID_ipsec4 750 ++ ++#define SN_whirlpool "whirlpool" ++#define NID_whirlpool 804 ++#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L ++ ++#define SN_cryptopro "cryptopro" ++#define NID_cryptopro 805 ++#define OBJ_cryptopro OBJ_member_body,643L,2L,2L ++ ++#define SN_cryptocom "cryptocom" ++#define NID_cryptocom 806 ++#define OBJ_cryptocom OBJ_member_body,643L,2L,9L ++ ++#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" ++#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" ++#define NID_id_GostR3411_94_with_GostR3410_2001 807 ++#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L ++ ++#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" ++#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" ++#define NID_id_GostR3411_94_with_GostR3410_94 808 ++#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L ++ ++#define SN_id_GostR3411_94 "md_gost94" ++#define LN_id_GostR3411_94 "GOST R 34.11-94" ++#define NID_id_GostR3411_94 809 ++#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L ++ ++#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" ++#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" ++#define NID_id_HMACGostR3411_94 810 ++#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L ++ ++#define SN_id_GostR3410_2001 "gost2001" ++#define LN_id_GostR3410_2001 "GOST R 34.10-2001" ++#define NID_id_GostR3410_2001 811 ++#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L ++ ++#define SN_id_GostR3410_94 "gost94" ++#define LN_id_GostR3410_94 "GOST R 34.10-94" ++#define NID_id_GostR3410_94 812 ++#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L ++ ++#define SN_id_Gost28147_89 "gost89" ++#define LN_id_Gost28147_89 "GOST 28147-89" ++#define NID_id_Gost28147_89 813 ++#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L ++ ++#define SN_gost89_cnt "gost89-cnt" ++#define NID_gost89_cnt 814 ++ ++#define SN_id_Gost28147_89_MAC "gost-mac" ++#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" ++#define NID_id_Gost28147_89_MAC 815 ++#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L ++ ++#define SN_id_GostR3411_94_prf "prf-gostr3411-94" ++#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" ++#define NID_id_GostR3411_94_prf 816 ++#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L ++ ++#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" ++#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" ++#define NID_id_GostR3410_2001DH 817 ++#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L ++ ++#define SN_id_GostR3410_94DH "id-GostR3410-94DH" ++#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" ++#define NID_id_GostR3410_94DH 818 ++#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L ++ ++#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" ++#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 ++#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L ++ ++#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" ++#define NID_id_Gost28147_89_None_KeyMeshing 820 ++#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L ++ ++#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" ++#define NID_id_GostR3411_94_TestParamSet 821 ++#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L ++ ++#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" ++#define NID_id_GostR3411_94_CryptoProParamSet 822 ++#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L ++ ++#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" ++#define NID_id_Gost28147_89_TestParamSet 823 ++#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L ++ ++#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 ++#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L ++ ++#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 ++#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L ++ ++#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 ++#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L ++ ++#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 ++#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L ++ ++#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 ++#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L ++ ++#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 ++#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L ++ ++#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" ++#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 ++#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L ++ ++#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" ++#define NID_id_GostR3410_94_TestParamSet 831 ++#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L ++ ++#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 ++#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L ++ ++#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 ++#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L ++ ++#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 ++#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L ++ ++#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 ++#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L ++ ++#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 ++#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L ++ ++#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 ++#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L ++ ++#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" ++#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 ++#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L ++ ++#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" ++#define NID_id_GostR3410_2001_TestParamSet 839 ++#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L ++ ++#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" ++#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 ++#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L ++ ++#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" ++#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 ++#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L ++ ++#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" ++#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 ++#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L ++ ++#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" ++#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 ++#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L ++ ++#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" ++#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 ++#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L ++ ++#define SN_id_GostR3410_94_a "id-GostR3410-94-a" ++#define NID_id_GostR3410_94_a 845 ++#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L ++ ++#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" ++#define NID_id_GostR3410_94_aBis 846 ++#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L ++ ++#define SN_id_GostR3410_94_b "id-GostR3410-94-b" ++#define NID_id_GostR3410_94_b 847 ++#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L ++ ++#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" ++#define NID_id_GostR3410_94_bBis 848 ++#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L ++ ++#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" ++#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" ++#define NID_id_Gost28147_89_cc 849 ++#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L ++ ++#define SN_id_GostR3410_94_cc "gost94cc" ++#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" ++#define NID_id_GostR3410_94_cc 850 ++#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L ++ ++#define SN_id_GostR3410_2001_cc "gost2001cc" ++#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" ++#define NID_id_GostR3410_2001_cc 851 ++#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L ++ ++#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" ++#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" ++#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 ++#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L ++ ++#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" ++#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" ++#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 ++#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L ++ ++#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" ++#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" ++#define NID_id_GostR3410_2001_ParamSet_cc 854 ++#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L ++ ++#define SN_camellia_128_cbc "CAMELLIA-128-CBC" ++#define LN_camellia_128_cbc "camellia-128-cbc" ++#define NID_camellia_128_cbc 751 ++#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L ++ ++#define SN_camellia_192_cbc "CAMELLIA-192-CBC" ++#define LN_camellia_192_cbc "camellia-192-cbc" ++#define NID_camellia_192_cbc 752 ++#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L ++ ++#define SN_camellia_256_cbc "CAMELLIA-256-CBC" ++#define LN_camellia_256_cbc "camellia-256-cbc" ++#define NID_camellia_256_cbc 753 ++#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L ++ ++#define OBJ_ntt_ds 0L,3L,4401L,5L ++ ++#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L ++ ++#define SN_camellia_128_ecb "CAMELLIA-128-ECB" ++#define LN_camellia_128_ecb "camellia-128-ecb" ++#define NID_camellia_128_ecb 754 ++#define OBJ_camellia_128_ecb OBJ_camellia,1L ++ ++#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" ++#define LN_camellia_128_ofb128 "camellia-128-ofb" ++#define NID_camellia_128_ofb128 766 ++#define OBJ_camellia_128_ofb128 OBJ_camellia,3L ++ ++#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" ++#define LN_camellia_128_cfb128 "camellia-128-cfb" ++#define NID_camellia_128_cfb128 757 ++#define OBJ_camellia_128_cfb128 OBJ_camellia,4L ++ ++#define SN_camellia_192_ecb "CAMELLIA-192-ECB" ++#define LN_camellia_192_ecb "camellia-192-ecb" ++#define NID_camellia_192_ecb 755 ++#define OBJ_camellia_192_ecb OBJ_camellia,21L ++ ++#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" ++#define LN_camellia_192_ofb128 "camellia-192-ofb" ++#define NID_camellia_192_ofb128 767 ++#define OBJ_camellia_192_ofb128 OBJ_camellia,23L ++ ++#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" ++#define LN_camellia_192_cfb128 "camellia-192-cfb" ++#define NID_camellia_192_cfb128 758 ++#define OBJ_camellia_192_cfb128 OBJ_camellia,24L ++ ++#define SN_camellia_256_ecb "CAMELLIA-256-ECB" ++#define LN_camellia_256_ecb "camellia-256-ecb" ++#define NID_camellia_256_ecb 756 ++#define OBJ_camellia_256_ecb OBJ_camellia,41L ++ ++#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" ++#define LN_camellia_256_ofb128 "camellia-256-ofb" ++#define NID_camellia_256_ofb128 768 ++#define OBJ_camellia_256_ofb128 OBJ_camellia,43L ++ ++#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" ++#define LN_camellia_256_cfb128 "camellia-256-cfb" ++#define NID_camellia_256_cfb128 759 ++#define OBJ_camellia_256_cfb128 OBJ_camellia,44L ++ ++#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" ++#define LN_camellia_128_cfb1 "camellia-128-cfb1" ++#define NID_camellia_128_cfb1 760 ++ ++#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" ++#define LN_camellia_192_cfb1 "camellia-192-cfb1" ++#define NID_camellia_192_cfb1 761 ++ ++#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" ++#define LN_camellia_256_cfb1 "camellia-256-cfb1" ++#define NID_camellia_256_cfb1 762 ++ ++#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" ++#define LN_camellia_128_cfb8 "camellia-128-cfb8" ++#define NID_camellia_128_cfb8 763 ++ ++#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" ++#define LN_camellia_192_cfb8 "camellia-192-cfb8" ++#define NID_camellia_192_cfb8 764 ++ ++#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" ++#define LN_camellia_256_cfb8 "camellia-256-cfb8" ++#define NID_camellia_256_cfb8 765 ++ ++#define SN_kisa "KISA" ++#define LN_kisa "kisa" ++#define NID_kisa 773 ++#define OBJ_kisa OBJ_member_body,410L,200004L ++ ++#define SN_seed_ecb "SEED-ECB" ++#define LN_seed_ecb "seed-ecb" ++#define NID_seed_ecb 776 ++#define OBJ_seed_ecb OBJ_kisa,1L,3L ++ ++#define SN_seed_cbc "SEED-CBC" ++#define LN_seed_cbc "seed-cbc" ++#define NID_seed_cbc 777 ++#define OBJ_seed_cbc OBJ_kisa,1L,4L ++ ++#define SN_seed_cfb128 "SEED-CFB" ++#define LN_seed_cfb128 "seed-cfb" ++#define NID_seed_cfb128 779 ++#define OBJ_seed_cfb128 OBJ_kisa,1L,5L ++ ++#define SN_seed_ofb128 "SEED-OFB" ++#define LN_seed_ofb128 "seed-ofb" ++#define NID_seed_ofb128 778 ++#define OBJ_seed_ofb128 OBJ_kisa,1L,6L ++ ++#define SN_hmac "HMAC" ++#define LN_hmac "hmac" ++#define NID_hmac 855 +diff --git a/Cryptlib/Include/openssl/objects.h b/Cryptlib/Include/openssl/objects.h +index 7242f76..7958754 100644 +--- a/Cryptlib/Include/openssl/objects.h ++++ b/Cryptlib/Include/openssl/objects.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,973 +57,979 @@ + */ + + #ifndef HEADER_OBJECTS_H +-#define HEADER_OBJECTS_H +- +-#define USE_OBJ_MAC +- +-#ifdef USE_OBJ_MAC +-#include +-#else +-#define SN_undef "UNDEF" +-#define LN_undef "undefined" +-#define NID_undef 0 +-#define OBJ_undef 0L +- +-#define SN_Algorithm "Algorithm" +-#define LN_algorithm "algorithm" +-#define NID_algorithm 38 +-#define OBJ_algorithm 1L,3L,14L,3L,2L +- +-#define LN_rsadsi "rsadsi" +-#define NID_rsadsi 1 +-#define OBJ_rsadsi 1L,2L,840L,113549L +- +-#define LN_pkcs "pkcs" +-#define NID_pkcs 2 +-#define OBJ_pkcs OBJ_rsadsi,1L +- +-#define SN_md2 "MD2" +-#define LN_md2 "md2" +-#define NID_md2 3 +-#define OBJ_md2 OBJ_rsadsi,2L,2L +- +-#define SN_md5 "MD5" +-#define LN_md5 "md5" +-#define NID_md5 4 +-#define OBJ_md5 OBJ_rsadsi,2L,5L +- +-#define SN_rc4 "RC4" +-#define LN_rc4 "rc4" +-#define NID_rc4 5 +-#define OBJ_rc4 OBJ_rsadsi,3L,4L +- +-#define LN_rsaEncryption "rsaEncryption" +-#define NID_rsaEncryption 6 +-#define OBJ_rsaEncryption OBJ_pkcs,1L,1L +- +-#define SN_md2WithRSAEncryption "RSA-MD2" +-#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +-#define NID_md2WithRSAEncryption 7 +-#define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L +- +-#define SN_md5WithRSAEncryption "RSA-MD5" +-#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +-#define NID_md5WithRSAEncryption 8 +-#define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L +- +-#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +-#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +-#define NID_pbeWithMD2AndDES_CBC 9 +-#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L +- +-#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +-#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +-#define NID_pbeWithMD5AndDES_CBC 10 +-#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L +- +-#define LN_X500 "X500" +-#define NID_X500 11 +-#define OBJ_X500 2L,5L +- +-#define LN_X509 "X509" +-#define NID_X509 12 +-#define OBJ_X509 OBJ_X500,4L +- +-#define SN_commonName "CN" +-#define LN_commonName "commonName" +-#define NID_commonName 13 +-#define OBJ_commonName OBJ_X509,3L +- +-#define SN_countryName "C" +-#define LN_countryName "countryName" +-#define NID_countryName 14 +-#define OBJ_countryName OBJ_X509,6L +- +-#define SN_localityName "L" +-#define LN_localityName "localityName" +-#define NID_localityName 15 +-#define OBJ_localityName OBJ_X509,7L ++# define HEADER_OBJECTS_H ++ ++# define USE_OBJ_MAC ++ ++# ifdef USE_OBJ_MAC ++# include ++# else ++# define SN_undef "UNDEF" ++# define LN_undef "undefined" ++# define NID_undef 0 ++# define OBJ_undef 0L ++ ++# define SN_Algorithm "Algorithm" ++# define LN_algorithm "algorithm" ++# define NID_algorithm 38 ++# define OBJ_algorithm 1L,3L,14L,3L,2L ++ ++# define LN_rsadsi "rsadsi" ++# define NID_rsadsi 1 ++# define OBJ_rsadsi 1L,2L,840L,113549L ++ ++# define LN_pkcs "pkcs" ++# define NID_pkcs 2 ++# define OBJ_pkcs OBJ_rsadsi,1L ++ ++# define SN_md2 "MD2" ++# define LN_md2 "md2" ++# define NID_md2 3 ++# define OBJ_md2 OBJ_rsadsi,2L,2L ++ ++# define SN_md5 "MD5" ++# define LN_md5 "md5" ++# define NID_md5 4 ++# define OBJ_md5 OBJ_rsadsi,2L,5L ++ ++# define SN_rc4 "RC4" ++# define LN_rc4 "rc4" ++# define NID_rc4 5 ++# define OBJ_rc4 OBJ_rsadsi,3L,4L ++ ++# define LN_rsaEncryption "rsaEncryption" ++# define NID_rsaEncryption 6 ++# define OBJ_rsaEncryption OBJ_pkcs,1L,1L ++ ++# define SN_md2WithRSAEncryption "RSA-MD2" ++# define LN_md2WithRSAEncryption "md2WithRSAEncryption" ++# define NID_md2WithRSAEncryption 7 ++# define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L ++ ++# define SN_md5WithRSAEncryption "RSA-MD5" ++# define LN_md5WithRSAEncryption "md5WithRSAEncryption" ++# define NID_md5WithRSAEncryption 8 ++# define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L ++ ++# define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" ++# define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" ++# define NID_pbeWithMD2AndDES_CBC 9 ++# define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L ++ ++# define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" ++# define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" ++# define NID_pbeWithMD5AndDES_CBC 10 ++# define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L ++ ++# define LN_X500 "X500" ++# define NID_X500 11 ++# define OBJ_X500 2L,5L ++ ++# define LN_X509 "X509" ++# define NID_X509 12 ++# define OBJ_X509 OBJ_X500,4L ++ ++# define SN_commonName "CN" ++# define LN_commonName "commonName" ++# define NID_commonName 13 ++# define OBJ_commonName OBJ_X509,3L ++ ++# define SN_countryName "C" ++# define LN_countryName "countryName" ++# define NID_countryName 14 ++# define OBJ_countryName OBJ_X509,6L ++ ++# define SN_localityName "L" ++# define LN_localityName "localityName" ++# define NID_localityName 15 ++# define OBJ_localityName OBJ_X509,7L + + /* Postal Address? PA */ + + /* should be "ST" (rfc1327) but MS uses 'S' */ +-#define SN_stateOrProvinceName "ST" +-#define LN_stateOrProvinceName "stateOrProvinceName" +-#define NID_stateOrProvinceName 16 +-#define OBJ_stateOrProvinceName OBJ_X509,8L +- +-#define SN_organizationName "O" +-#define LN_organizationName "organizationName" +-#define NID_organizationName 17 +-#define OBJ_organizationName OBJ_X509,10L +- +-#define SN_organizationalUnitName "OU" +-#define LN_organizationalUnitName "organizationalUnitName" +-#define NID_organizationalUnitName 18 +-#define OBJ_organizationalUnitName OBJ_X509,11L +- +-#define SN_rsa "RSA" +-#define LN_rsa "rsa" +-#define NID_rsa 19 +-#define OBJ_rsa OBJ_X500,8L,1L,1L +- +-#define LN_pkcs7 "pkcs7" +-#define NID_pkcs7 20 +-#define OBJ_pkcs7 OBJ_pkcs,7L +- +-#define LN_pkcs7_data "pkcs7-data" +-#define NID_pkcs7_data 21 +-#define OBJ_pkcs7_data OBJ_pkcs7,1L +- +-#define LN_pkcs7_signed "pkcs7-signedData" +-#define NID_pkcs7_signed 22 +-#define OBJ_pkcs7_signed OBJ_pkcs7,2L +- +-#define LN_pkcs7_enveloped "pkcs7-envelopedData" +-#define NID_pkcs7_enveloped 23 +-#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L +- +-#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +-#define NID_pkcs7_signedAndEnveloped 24 +-#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L +- +-#define LN_pkcs7_digest "pkcs7-digestData" +-#define NID_pkcs7_digest 25 +-#define OBJ_pkcs7_digest OBJ_pkcs7,5L +- +-#define LN_pkcs7_encrypted "pkcs7-encryptedData" +-#define NID_pkcs7_encrypted 26 +-#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L +- +-#define LN_pkcs3 "pkcs3" +-#define NID_pkcs3 27 +-#define OBJ_pkcs3 OBJ_pkcs,3L +- +-#define LN_dhKeyAgreement "dhKeyAgreement" +-#define NID_dhKeyAgreement 28 +-#define OBJ_dhKeyAgreement OBJ_pkcs3,1L +- +-#define SN_des_ecb "DES-ECB" +-#define LN_des_ecb "des-ecb" +-#define NID_des_ecb 29 +-#define OBJ_des_ecb OBJ_algorithm,6L +- +-#define SN_des_cfb64 "DES-CFB" +-#define LN_des_cfb64 "des-cfb" +-#define NID_des_cfb64 30 ++# define SN_stateOrProvinceName "ST" ++# define LN_stateOrProvinceName "stateOrProvinceName" ++# define NID_stateOrProvinceName 16 ++# define OBJ_stateOrProvinceName OBJ_X509,8L ++ ++# define SN_organizationName "O" ++# define LN_organizationName "organizationName" ++# define NID_organizationName 17 ++# define OBJ_organizationName OBJ_X509,10L ++ ++# define SN_organizationalUnitName "OU" ++# define LN_organizationalUnitName "organizationalUnitName" ++# define NID_organizationalUnitName 18 ++# define OBJ_organizationalUnitName OBJ_X509,11L ++ ++# define SN_rsa "RSA" ++# define LN_rsa "rsa" ++# define NID_rsa 19 ++# define OBJ_rsa OBJ_X500,8L,1L,1L ++ ++# define LN_pkcs7 "pkcs7" ++# define NID_pkcs7 20 ++# define OBJ_pkcs7 OBJ_pkcs,7L ++ ++# define LN_pkcs7_data "pkcs7-data" ++# define NID_pkcs7_data 21 ++# define OBJ_pkcs7_data OBJ_pkcs7,1L ++ ++# define LN_pkcs7_signed "pkcs7-signedData" ++# define NID_pkcs7_signed 22 ++# define OBJ_pkcs7_signed OBJ_pkcs7,2L ++ ++# define LN_pkcs7_enveloped "pkcs7-envelopedData" ++# define NID_pkcs7_enveloped 23 ++# define OBJ_pkcs7_enveloped OBJ_pkcs7,3L ++ ++# define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" ++# define NID_pkcs7_signedAndEnveloped 24 ++# define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L ++ ++# define LN_pkcs7_digest "pkcs7-digestData" ++# define NID_pkcs7_digest 25 ++# define OBJ_pkcs7_digest OBJ_pkcs7,5L ++ ++# define LN_pkcs7_encrypted "pkcs7-encryptedData" ++# define NID_pkcs7_encrypted 26 ++# define OBJ_pkcs7_encrypted OBJ_pkcs7,6L ++ ++# define LN_pkcs3 "pkcs3" ++# define NID_pkcs3 27 ++# define OBJ_pkcs3 OBJ_pkcs,3L ++ ++# define LN_dhKeyAgreement "dhKeyAgreement" ++# define NID_dhKeyAgreement 28 ++# define OBJ_dhKeyAgreement OBJ_pkcs3,1L ++ ++# define SN_des_ecb "DES-ECB" ++# define LN_des_ecb "des-ecb" ++# define NID_des_ecb 29 ++# define OBJ_des_ecb OBJ_algorithm,6L ++ ++# define SN_des_cfb64 "DES-CFB" ++# define LN_des_cfb64 "des-cfb" ++# define NID_des_cfb64 30 + /* IV + num */ +-#define OBJ_des_cfb64 OBJ_algorithm,9L ++# define OBJ_des_cfb64 OBJ_algorithm,9L + +-#define SN_des_cbc "DES-CBC" +-#define LN_des_cbc "des-cbc" +-#define NID_des_cbc 31 ++# define SN_des_cbc "DES-CBC" ++# define LN_des_cbc "des-cbc" ++# define NID_des_cbc 31 + /* IV */ +-#define OBJ_des_cbc OBJ_algorithm,7L ++# define OBJ_des_cbc OBJ_algorithm,7L + +-#define SN_des_ede "DES-EDE" +-#define LN_des_ede "des-ede" +-#define NID_des_ede 32 ++# define SN_des_ede "DES-EDE" ++# define LN_des_ede "des-ede" ++# define NID_des_ede 32 + /* ?? */ +-#define OBJ_des_ede OBJ_algorithm,17L +- +-#define SN_des_ede3 "DES-EDE3" +-#define LN_des_ede3 "des-ede3" +-#define NID_des_ede3 33 +- +-#define SN_idea_cbc "IDEA-CBC" +-#define LN_idea_cbc "idea-cbc" +-#define NID_idea_cbc 34 +-#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L +- +-#define SN_idea_cfb64 "IDEA-CFB" +-#define LN_idea_cfb64 "idea-cfb" +-#define NID_idea_cfb64 35 +- +-#define SN_idea_ecb "IDEA-ECB" +-#define LN_idea_ecb "idea-ecb" +-#define NID_idea_ecb 36 +- +-#define SN_rc2_cbc "RC2-CBC" +-#define LN_rc2_cbc "rc2-cbc" +-#define NID_rc2_cbc 37 +-#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L +- +-#define SN_rc2_ecb "RC2-ECB" +-#define LN_rc2_ecb "rc2-ecb" +-#define NID_rc2_ecb 38 +- +-#define SN_rc2_cfb64 "RC2-CFB" +-#define LN_rc2_cfb64 "rc2-cfb" +-#define NID_rc2_cfb64 39 +- +-#define SN_rc2_ofb64 "RC2-OFB" +-#define LN_rc2_ofb64 "rc2-ofb" +-#define NID_rc2_ofb64 40 +- +-#define SN_sha "SHA" +-#define LN_sha "sha" +-#define NID_sha 41 +-#define OBJ_sha OBJ_algorithm,18L +- +-#define SN_shaWithRSAEncryption "RSA-SHA" +-#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +-#define NID_shaWithRSAEncryption 42 +-#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L +- +-#define SN_des_ede_cbc "DES-EDE-CBC" +-#define LN_des_ede_cbc "des-ede-cbc" +-#define NID_des_ede_cbc 43 +- +-#define SN_des_ede3_cbc "DES-EDE3-CBC" +-#define LN_des_ede3_cbc "des-ede3-cbc" +-#define NID_des_ede3_cbc 44 +-#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L +- +-#define SN_des_ofb64 "DES-OFB" +-#define LN_des_ofb64 "des-ofb" +-#define NID_des_ofb64 45 +-#define OBJ_des_ofb64 OBJ_algorithm,8L +- +-#define SN_idea_ofb64 "IDEA-OFB" +-#define LN_idea_ofb64 "idea-ofb" +-#define NID_idea_ofb64 46 +- +-#define LN_pkcs9 "pkcs9" +-#define NID_pkcs9 47 +-#define OBJ_pkcs9 OBJ_pkcs,9L +- +-#define SN_pkcs9_emailAddress "Email" +-#define LN_pkcs9_emailAddress "emailAddress" +-#define NID_pkcs9_emailAddress 48 +-#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L +- +-#define LN_pkcs9_unstructuredName "unstructuredName" +-#define NID_pkcs9_unstructuredName 49 +-#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L +- +-#define LN_pkcs9_contentType "contentType" +-#define NID_pkcs9_contentType 50 +-#define OBJ_pkcs9_contentType OBJ_pkcs9,3L +- +-#define LN_pkcs9_messageDigest "messageDigest" +-#define NID_pkcs9_messageDigest 51 +-#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L +- +-#define LN_pkcs9_signingTime "signingTime" +-#define NID_pkcs9_signingTime 52 +-#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L +- +-#define LN_pkcs9_countersignature "countersignature" +-#define NID_pkcs9_countersignature 53 +-#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L +- +-#define LN_pkcs9_challengePassword "challengePassword" +-#define NID_pkcs9_challengePassword 54 +-#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L +- +-#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +-#define NID_pkcs9_unstructuredAddress 55 +-#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L +- +-#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +-#define NID_pkcs9_extCertAttributes 56 +-#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L +- +-#define SN_netscape "Netscape" +-#define LN_netscape "Netscape Communications Corp." +-#define NID_netscape 57 +-#define OBJ_netscape 2L,16L,840L,1L,113730L +- +-#define SN_netscape_cert_extension "nsCertExt" +-#define LN_netscape_cert_extension "Netscape Certificate Extension" +-#define NID_netscape_cert_extension 58 +-#define OBJ_netscape_cert_extension OBJ_netscape,1L +- +-#define SN_netscape_data_type "nsDataType" +-#define LN_netscape_data_type "Netscape Data Type" +-#define NID_netscape_data_type 59 +-#define OBJ_netscape_data_type OBJ_netscape,2L +- +-#define SN_des_ede_cfb64 "DES-EDE-CFB" +-#define LN_des_ede_cfb64 "des-ede-cfb" +-#define NID_des_ede_cfb64 60 +- +-#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +-#define LN_des_ede3_cfb64 "des-ede3-cfb" +-#define NID_des_ede3_cfb64 61 +- +-#define SN_des_ede_ofb64 "DES-EDE-OFB" +-#define LN_des_ede_ofb64 "des-ede-ofb" +-#define NID_des_ede_ofb64 62 +- +-#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +-#define LN_des_ede3_ofb64 "des-ede3-ofb" +-#define NID_des_ede3_ofb64 63 ++# define OBJ_des_ede OBJ_algorithm,17L ++ ++# define SN_des_ede3 "DES-EDE3" ++# define LN_des_ede3 "des-ede3" ++# define NID_des_ede3 33 ++ ++# define SN_idea_cbc "IDEA-CBC" ++# define LN_idea_cbc "idea-cbc" ++# define NID_idea_cbc 34 ++# define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L ++ ++# define SN_idea_cfb64 "IDEA-CFB" ++# define LN_idea_cfb64 "idea-cfb" ++# define NID_idea_cfb64 35 ++ ++# define SN_idea_ecb "IDEA-ECB" ++# define LN_idea_ecb "idea-ecb" ++# define NID_idea_ecb 36 ++ ++# define SN_rc2_cbc "RC2-CBC" ++# define LN_rc2_cbc "rc2-cbc" ++# define NID_rc2_cbc 37 ++# define OBJ_rc2_cbc OBJ_rsadsi,3L,2L ++ ++# define SN_rc2_ecb "RC2-ECB" ++# define LN_rc2_ecb "rc2-ecb" ++# define NID_rc2_ecb 38 ++ ++# define SN_rc2_cfb64 "RC2-CFB" ++# define LN_rc2_cfb64 "rc2-cfb" ++# define NID_rc2_cfb64 39 ++ ++# define SN_rc2_ofb64 "RC2-OFB" ++# define LN_rc2_ofb64 "rc2-ofb" ++# define NID_rc2_ofb64 40 ++ ++# define SN_sha "SHA" ++# define LN_sha "sha" ++# define NID_sha 41 ++# define OBJ_sha OBJ_algorithm,18L ++ ++# define SN_shaWithRSAEncryption "RSA-SHA" ++# define LN_shaWithRSAEncryption "shaWithRSAEncryption" ++# define NID_shaWithRSAEncryption 42 ++# define OBJ_shaWithRSAEncryption OBJ_algorithm,15L ++ ++# define SN_des_ede_cbc "DES-EDE-CBC" ++# define LN_des_ede_cbc "des-ede-cbc" ++# define NID_des_ede_cbc 43 ++ ++# define SN_des_ede3_cbc "DES-EDE3-CBC" ++# define LN_des_ede3_cbc "des-ede3-cbc" ++# define NID_des_ede3_cbc 44 ++# define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L ++ ++# define SN_des_ofb64 "DES-OFB" ++# define LN_des_ofb64 "des-ofb" ++# define NID_des_ofb64 45 ++# define OBJ_des_ofb64 OBJ_algorithm,8L ++ ++# define SN_idea_ofb64 "IDEA-OFB" ++# define LN_idea_ofb64 "idea-ofb" ++# define NID_idea_ofb64 46 ++ ++# define LN_pkcs9 "pkcs9" ++# define NID_pkcs9 47 ++# define OBJ_pkcs9 OBJ_pkcs,9L ++ ++# define SN_pkcs9_emailAddress "Email" ++# define LN_pkcs9_emailAddress "emailAddress" ++# define NID_pkcs9_emailAddress 48 ++# define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L ++ ++# define LN_pkcs9_unstructuredName "unstructuredName" ++# define NID_pkcs9_unstructuredName 49 ++# define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L ++ ++# define LN_pkcs9_contentType "contentType" ++# define NID_pkcs9_contentType 50 ++# define OBJ_pkcs9_contentType OBJ_pkcs9,3L ++ ++# define LN_pkcs9_messageDigest "messageDigest" ++# define NID_pkcs9_messageDigest 51 ++# define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L ++ ++# define LN_pkcs9_signingTime "signingTime" ++# define NID_pkcs9_signingTime 52 ++# define OBJ_pkcs9_signingTime OBJ_pkcs9,5L ++ ++# define LN_pkcs9_countersignature "countersignature" ++# define NID_pkcs9_countersignature 53 ++# define OBJ_pkcs9_countersignature OBJ_pkcs9,6L ++ ++# define LN_pkcs9_challengePassword "challengePassword" ++# define NID_pkcs9_challengePassword 54 ++# define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L ++ ++# define LN_pkcs9_unstructuredAddress "unstructuredAddress" ++# define NID_pkcs9_unstructuredAddress 55 ++# define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L ++ ++# define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" ++# define NID_pkcs9_extCertAttributes 56 ++# define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L ++ ++# define SN_netscape "Netscape" ++# define LN_netscape "Netscape Communications Corp." ++# define NID_netscape 57 ++# define OBJ_netscape 2L,16L,840L,1L,113730L ++ ++# define SN_netscape_cert_extension "nsCertExt" ++# define LN_netscape_cert_extension "Netscape Certificate Extension" ++# define NID_netscape_cert_extension 58 ++# define OBJ_netscape_cert_extension OBJ_netscape,1L ++ ++# define SN_netscape_data_type "nsDataType" ++# define LN_netscape_data_type "Netscape Data Type" ++# define NID_netscape_data_type 59 ++# define OBJ_netscape_data_type OBJ_netscape,2L ++ ++# define SN_des_ede_cfb64 "DES-EDE-CFB" ++# define LN_des_ede_cfb64 "des-ede-cfb" ++# define NID_des_ede_cfb64 60 ++ ++# define SN_des_ede3_cfb64 "DES-EDE3-CFB" ++# define LN_des_ede3_cfb64 "des-ede3-cfb" ++# define NID_des_ede3_cfb64 61 ++ ++# define SN_des_ede_ofb64 "DES-EDE-OFB" ++# define LN_des_ede_ofb64 "des-ede-ofb" ++# define NID_des_ede_ofb64 62 ++ ++# define SN_des_ede3_ofb64 "DES-EDE3-OFB" ++# define LN_des_ede3_ofb64 "des-ede3-ofb" ++# define NID_des_ede3_ofb64 63 + + /* I'm not sure about the object ID */ +-#define SN_sha1 "SHA1" +-#define LN_sha1 "sha1" +-#define NID_sha1 64 +-#define OBJ_sha1 OBJ_algorithm,26L ++# define SN_sha1 "SHA1" ++# define LN_sha1 "sha1" ++# define NID_sha1 64 ++# define OBJ_sha1 OBJ_algorithm,26L + /* 28 Jun 1996 - eay */ +-/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ ++/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */ + +-#define SN_sha1WithRSAEncryption "RSA-SHA1" +-#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +-#define NID_sha1WithRSAEncryption 65 +-#define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L ++# define SN_sha1WithRSAEncryption "RSA-SHA1" ++# define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" ++# define NID_sha1WithRSAEncryption 65 ++# define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L + +-#define SN_dsaWithSHA "DSA-SHA" +-#define LN_dsaWithSHA "dsaWithSHA" +-#define NID_dsaWithSHA 66 +-#define OBJ_dsaWithSHA OBJ_algorithm,13L ++# define SN_dsaWithSHA "DSA-SHA" ++# define LN_dsaWithSHA "dsaWithSHA" ++# define NID_dsaWithSHA 66 ++# define OBJ_dsaWithSHA OBJ_algorithm,13L + +-#define SN_dsa_2 "DSA-old" +-#define LN_dsa_2 "dsaEncryption-old" +-#define NID_dsa_2 67 +-#define OBJ_dsa_2 OBJ_algorithm,12L ++# define SN_dsa_2 "DSA-old" ++# define LN_dsa_2 "dsaEncryption-old" ++# define NID_dsa_2 67 ++# define OBJ_dsa_2 OBJ_algorithm,12L + + /* proposed by microsoft to RSA */ +-#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +-#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +-#define NID_pbeWithSHA1AndRC2_CBC 68 +-#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L +- +-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now +- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something +- * completely different. ++# define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" ++# define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" ++# define NID_pbeWithSHA1AndRC2_CBC 68 ++# define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L ++ ++/* ++ * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined ++ * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely ++ * different. + */ +-#define LN_id_pbkdf2 "PBKDF2" +-#define NID_id_pbkdf2 69 +-#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L ++# define LN_id_pbkdf2 "PBKDF2" ++# define NID_id_pbkdf2 69 ++# define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L + +-#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +-#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +-#define NID_dsaWithSHA1_2 70 ++# define SN_dsaWithSHA1_2 "DSA-SHA1-old" ++# define LN_dsaWithSHA1_2 "dsaWithSHA1-old" ++# define NID_dsaWithSHA1_2 70 + /* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ +-#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L +- +-#define SN_netscape_cert_type "nsCertType" +-#define LN_netscape_cert_type "Netscape Cert Type" +-#define NID_netscape_cert_type 71 +-#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L +- +-#define SN_netscape_base_url "nsBaseUrl" +-#define LN_netscape_base_url "Netscape Base Url" +-#define NID_netscape_base_url 72 +-#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L +- +-#define SN_netscape_revocation_url "nsRevocationUrl" +-#define LN_netscape_revocation_url "Netscape Revocation Url" +-#define NID_netscape_revocation_url 73 +-#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L +- +-#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +-#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +-#define NID_netscape_ca_revocation_url 74 +-#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L +- +-#define SN_netscape_renewal_url "nsRenewalUrl" +-#define LN_netscape_renewal_url "Netscape Renewal Url" +-#define NID_netscape_renewal_url 75 +-#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L +- +-#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +-#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +-#define NID_netscape_ca_policy_url 76 +-#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L +- +-#define SN_netscape_ssl_server_name "nsSslServerName" +-#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +-#define NID_netscape_ssl_server_name 77 +-#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L +- +-#define SN_netscape_comment "nsComment" +-#define LN_netscape_comment "Netscape Comment" +-#define NID_netscape_comment 78 +-#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L +- +-#define SN_netscape_cert_sequence "nsCertSequence" +-#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +-#define NID_netscape_cert_sequence 79 +-#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L +- +-#define SN_desx_cbc "DESX-CBC" +-#define LN_desx_cbc "desx-cbc" +-#define NID_desx_cbc 80 +- +-#define SN_id_ce "id-ce" +-#define NID_id_ce 81 +-#define OBJ_id_ce 2L,5L,29L +- +-#define SN_subject_key_identifier "subjectKeyIdentifier" +-#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +-#define NID_subject_key_identifier 82 +-#define OBJ_subject_key_identifier OBJ_id_ce,14L +- +-#define SN_key_usage "keyUsage" +-#define LN_key_usage "X509v3 Key Usage" +-#define NID_key_usage 83 +-#define OBJ_key_usage OBJ_id_ce,15L +- +-#define SN_private_key_usage_period "privateKeyUsagePeriod" +-#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +-#define NID_private_key_usage_period 84 +-#define OBJ_private_key_usage_period OBJ_id_ce,16L +- +-#define SN_subject_alt_name "subjectAltName" +-#define LN_subject_alt_name "X509v3 Subject Alternative Name" +-#define NID_subject_alt_name 85 +-#define OBJ_subject_alt_name OBJ_id_ce,17L +- +-#define SN_issuer_alt_name "issuerAltName" +-#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +-#define NID_issuer_alt_name 86 +-#define OBJ_issuer_alt_name OBJ_id_ce,18L +- +-#define SN_basic_constraints "basicConstraints" +-#define LN_basic_constraints "X509v3 Basic Constraints" +-#define NID_basic_constraints 87 +-#define OBJ_basic_constraints OBJ_id_ce,19L +- +-#define SN_crl_number "crlNumber" +-#define LN_crl_number "X509v3 CRL Number" +-#define NID_crl_number 88 +-#define OBJ_crl_number OBJ_id_ce,20L +- +-#define SN_certificate_policies "certificatePolicies" +-#define LN_certificate_policies "X509v3 Certificate Policies" +-#define NID_certificate_policies 89 +-#define OBJ_certificate_policies OBJ_id_ce,32L +- +-#define SN_authority_key_identifier "authorityKeyIdentifier" +-#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +-#define NID_authority_key_identifier 90 +-#define OBJ_authority_key_identifier OBJ_id_ce,35L +- +-#define SN_bf_cbc "BF-CBC" +-#define LN_bf_cbc "bf-cbc" +-#define NID_bf_cbc 91 +-#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L +- +-#define SN_bf_ecb "BF-ECB" +-#define LN_bf_ecb "bf-ecb" +-#define NID_bf_ecb 92 +- +-#define SN_bf_cfb64 "BF-CFB" +-#define LN_bf_cfb64 "bf-cfb" +-#define NID_bf_cfb64 93 +- +-#define SN_bf_ofb64 "BF-OFB" +-#define LN_bf_ofb64 "bf-ofb" +-#define NID_bf_ofb64 94 +- +-#define SN_mdc2 "MDC2" +-#define LN_mdc2 "mdc2" +-#define NID_mdc2 95 +-#define OBJ_mdc2 2L,5L,8L,3L,101L +-/* An alternative? 1L,3L,14L,3L,2L,19L */ +- +-#define SN_mdc2WithRSA "RSA-MDC2" +-#define LN_mdc2WithRSA "mdc2withRSA" +-#define NID_mdc2WithRSA 96 +-#define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L +- +-#define SN_rc4_40 "RC4-40" +-#define LN_rc4_40 "rc4-40" +-#define NID_rc4_40 97 +- +-#define SN_rc2_40_cbc "RC2-40-CBC" +-#define LN_rc2_40_cbc "rc2-40-cbc" +-#define NID_rc2_40_cbc 98 +- +-#define SN_givenName "G" +-#define LN_givenName "givenName" +-#define NID_givenName 99 +-#define OBJ_givenName OBJ_X509,42L +- +-#define SN_surname "S" +-#define LN_surname "surname" +-#define NID_surname 100 +-#define OBJ_surname OBJ_X509,4L +- +-#define SN_initials "I" +-#define LN_initials "initials" +-#define NID_initials 101 +-#define OBJ_initials OBJ_X509,43L +- +-#define SN_uniqueIdentifier "UID" +-#define LN_uniqueIdentifier "uniqueIdentifier" +-#define NID_uniqueIdentifier 102 +-#define OBJ_uniqueIdentifier OBJ_X509,45L +- +-#define SN_crl_distribution_points "crlDistributionPoints" +-#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +-#define NID_crl_distribution_points 103 +-#define OBJ_crl_distribution_points OBJ_id_ce,31L +- +-#define SN_md5WithRSA "RSA-NP-MD5" +-#define LN_md5WithRSA "md5WithRSA" +-#define NID_md5WithRSA 104 +-#define OBJ_md5WithRSA OBJ_algorithm,3L +- +-#define SN_serialNumber "SN" +-#define LN_serialNumber "serialNumber" +-#define NID_serialNumber 105 +-#define OBJ_serialNumber OBJ_X509,5L +- +-#define SN_title "T" +-#define LN_title "title" +-#define NID_title 106 +-#define OBJ_title OBJ_X509,12L +- +-#define SN_description "D" +-#define LN_description "description" +-#define NID_description 107 +-#define OBJ_description OBJ_X509,13L ++# define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L ++ ++# define SN_netscape_cert_type "nsCertType" ++# define LN_netscape_cert_type "Netscape Cert Type" ++# define NID_netscape_cert_type 71 ++# define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L ++ ++# define SN_netscape_base_url "nsBaseUrl" ++# define LN_netscape_base_url "Netscape Base Url" ++# define NID_netscape_base_url 72 ++# define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L ++ ++# define SN_netscape_revocation_url "nsRevocationUrl" ++# define LN_netscape_revocation_url "Netscape Revocation Url" ++# define NID_netscape_revocation_url 73 ++# define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L ++ ++# define SN_netscape_ca_revocation_url "nsCaRevocationUrl" ++# define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" ++# define NID_netscape_ca_revocation_url 74 ++# define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L ++ ++# define SN_netscape_renewal_url "nsRenewalUrl" ++# define LN_netscape_renewal_url "Netscape Renewal Url" ++# define NID_netscape_renewal_url 75 ++# define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L ++ ++# define SN_netscape_ca_policy_url "nsCaPolicyUrl" ++# define LN_netscape_ca_policy_url "Netscape CA Policy Url" ++# define NID_netscape_ca_policy_url 76 ++# define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L ++ ++# define SN_netscape_ssl_server_name "nsSslServerName" ++# define LN_netscape_ssl_server_name "Netscape SSL Server Name" ++# define NID_netscape_ssl_server_name 77 ++# define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L ++ ++# define SN_netscape_comment "nsComment" ++# define LN_netscape_comment "Netscape Comment" ++# define NID_netscape_comment 78 ++# define OBJ_netscape_comment OBJ_netscape_cert_extension,13L ++ ++# define SN_netscape_cert_sequence "nsCertSequence" ++# define LN_netscape_cert_sequence "Netscape Certificate Sequence" ++# define NID_netscape_cert_sequence 79 ++# define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L ++ ++# define SN_desx_cbc "DESX-CBC" ++# define LN_desx_cbc "desx-cbc" ++# define NID_desx_cbc 80 ++ ++# define SN_id_ce "id-ce" ++# define NID_id_ce 81 ++# define OBJ_id_ce 2L,5L,29L ++ ++# define SN_subject_key_identifier "subjectKeyIdentifier" ++# define LN_subject_key_identifier "X509v3 Subject Key Identifier" ++# define NID_subject_key_identifier 82 ++# define OBJ_subject_key_identifier OBJ_id_ce,14L ++ ++# define SN_key_usage "keyUsage" ++# define LN_key_usage "X509v3 Key Usage" ++# define NID_key_usage 83 ++# define OBJ_key_usage OBJ_id_ce,15L ++ ++# define SN_private_key_usage_period "privateKeyUsagePeriod" ++# define LN_private_key_usage_period "X509v3 Private Key Usage Period" ++# define NID_private_key_usage_period 84 ++# define OBJ_private_key_usage_period OBJ_id_ce,16L ++ ++# define SN_subject_alt_name "subjectAltName" ++# define LN_subject_alt_name "X509v3 Subject Alternative Name" ++# define NID_subject_alt_name 85 ++# define OBJ_subject_alt_name OBJ_id_ce,17L ++ ++# define SN_issuer_alt_name "issuerAltName" ++# define LN_issuer_alt_name "X509v3 Issuer Alternative Name" ++# define NID_issuer_alt_name 86 ++# define OBJ_issuer_alt_name OBJ_id_ce,18L ++ ++# define SN_basic_constraints "basicConstraints" ++# define LN_basic_constraints "X509v3 Basic Constraints" ++# define NID_basic_constraints 87 ++# define OBJ_basic_constraints OBJ_id_ce,19L ++ ++# define SN_crl_number "crlNumber" ++# define LN_crl_number "X509v3 CRL Number" ++# define NID_crl_number 88 ++# define OBJ_crl_number OBJ_id_ce,20L ++ ++# define SN_certificate_policies "certificatePolicies" ++# define LN_certificate_policies "X509v3 Certificate Policies" ++# define NID_certificate_policies 89 ++# define OBJ_certificate_policies OBJ_id_ce,32L ++ ++# define SN_authority_key_identifier "authorityKeyIdentifier" ++# define LN_authority_key_identifier "X509v3 Authority Key Identifier" ++# define NID_authority_key_identifier 90 ++# define OBJ_authority_key_identifier OBJ_id_ce,35L ++ ++# define SN_bf_cbc "BF-CBC" ++# define LN_bf_cbc "bf-cbc" ++# define NID_bf_cbc 91 ++# define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L ++ ++# define SN_bf_ecb "BF-ECB" ++# define LN_bf_ecb "bf-ecb" ++# define NID_bf_ecb 92 ++ ++# define SN_bf_cfb64 "BF-CFB" ++# define LN_bf_cfb64 "bf-cfb" ++# define NID_bf_cfb64 93 ++ ++# define SN_bf_ofb64 "BF-OFB" ++# define LN_bf_ofb64 "bf-ofb" ++# define NID_bf_ofb64 94 ++ ++# define SN_mdc2 "MDC2" ++# define LN_mdc2 "mdc2" ++# define NID_mdc2 95 ++# define OBJ_mdc2 2L,5L,8L,3L,101L ++/* An alternative? 1L,3L,14L,3L,2L,19L */ ++ ++# define SN_mdc2WithRSA "RSA-MDC2" ++# define LN_mdc2WithRSA "mdc2withRSA" ++# define NID_mdc2WithRSA 96 ++# define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L ++ ++# define SN_rc4_40 "RC4-40" ++# define LN_rc4_40 "rc4-40" ++# define NID_rc4_40 97 ++ ++# define SN_rc2_40_cbc "RC2-40-CBC" ++# define LN_rc2_40_cbc "rc2-40-cbc" ++# define NID_rc2_40_cbc 98 ++ ++# define SN_givenName "G" ++# define LN_givenName "givenName" ++# define NID_givenName 99 ++# define OBJ_givenName OBJ_X509,42L ++ ++# define SN_surname "S" ++# define LN_surname "surname" ++# define NID_surname 100 ++# define OBJ_surname OBJ_X509,4L ++ ++# define SN_initials "I" ++# define LN_initials "initials" ++# define NID_initials 101 ++# define OBJ_initials OBJ_X509,43L ++ ++# define SN_uniqueIdentifier "UID" ++# define LN_uniqueIdentifier "uniqueIdentifier" ++# define NID_uniqueIdentifier 102 ++# define OBJ_uniqueIdentifier OBJ_X509,45L ++ ++# define SN_crl_distribution_points "crlDistributionPoints" ++# define LN_crl_distribution_points "X509v3 CRL Distribution Points" ++# define NID_crl_distribution_points 103 ++# define OBJ_crl_distribution_points OBJ_id_ce,31L ++ ++# define SN_md5WithRSA "RSA-NP-MD5" ++# define LN_md5WithRSA "md5WithRSA" ++# define NID_md5WithRSA 104 ++# define OBJ_md5WithRSA OBJ_algorithm,3L ++ ++# define SN_serialNumber "SN" ++# define LN_serialNumber "serialNumber" ++# define NID_serialNumber 105 ++# define OBJ_serialNumber OBJ_X509,5L ++ ++# define SN_title "T" ++# define LN_title "title" ++# define NID_title 106 ++# define OBJ_title OBJ_X509,12L ++ ++# define SN_description "D" ++# define LN_description "description" ++# define NID_description 107 ++# define OBJ_description OBJ_X509,13L + + /* CAST5 is CAST-128, I'm just sticking with the documentation */ +-#define SN_cast5_cbc "CAST5-CBC" +-#define LN_cast5_cbc "cast5-cbc" +-#define NID_cast5_cbc 108 +-#define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L ++# define SN_cast5_cbc "CAST5-CBC" ++# define LN_cast5_cbc "cast5-cbc" ++# define NID_cast5_cbc 108 ++# define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L + +-#define SN_cast5_ecb "CAST5-ECB" +-#define LN_cast5_ecb "cast5-ecb" +-#define NID_cast5_ecb 109 ++# define SN_cast5_ecb "CAST5-ECB" ++# define LN_cast5_ecb "cast5-ecb" ++# define NID_cast5_ecb 109 + +-#define SN_cast5_cfb64 "CAST5-CFB" +-#define LN_cast5_cfb64 "cast5-cfb" +-#define NID_cast5_cfb64 110 ++# define SN_cast5_cfb64 "CAST5-CFB" ++# define LN_cast5_cfb64 "cast5-cfb" ++# define NID_cast5_cfb64 110 + +-#define SN_cast5_ofb64 "CAST5-OFB" +-#define LN_cast5_ofb64 "cast5-ofb" +-#define NID_cast5_ofb64 111 ++# define SN_cast5_ofb64 "CAST5-OFB" ++# define LN_cast5_ofb64 "cast5-ofb" ++# define NID_cast5_ofb64 111 + +-#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +-#define NID_pbeWithMD5AndCast5_CBC 112 +-#define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L ++# define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" ++# define NID_pbeWithMD5AndCast5_CBC 112 ++# define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L + +-/* This is one sun will soon be using :-( ++/*- ++ * This is one sun will soon be using :-( + * id-dsa-with-sha1 ID ::= { + * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } + */ +-#define SN_dsaWithSHA1 "DSA-SHA1" +-#define LN_dsaWithSHA1 "dsaWithSHA1" +-#define NID_dsaWithSHA1 113 +-#define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L +- +-#define NID_md5_sha1 114 +-#define SN_md5_sha1 "MD5-SHA1" +-#define LN_md5_sha1 "md5-sha1" +- +-#define SN_sha1WithRSA "RSA-SHA1-2" +-#define LN_sha1WithRSA "sha1WithRSA" +-#define NID_sha1WithRSA 115 +-#define OBJ_sha1WithRSA OBJ_algorithm,29L +- +-#define SN_dsa "DSA" +-#define LN_dsa "dsaEncryption" +-#define NID_dsa 116 +-#define OBJ_dsa 1L,2L,840L,10040L,4L,1L +- +-#define SN_ripemd160 "RIPEMD160" +-#define LN_ripemd160 "ripemd160" +-#define NID_ripemd160 117 +-#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L +- +-/* The name should actually be rsaSignatureWithripemd160, but I'm going +- * to continue using the convention I'm using with the other ciphers */ +-#define SN_ripemd160WithRSA "RSA-RIPEMD160" +-#define LN_ripemd160WithRSA "ripemd160WithRSA" +-#define NID_ripemd160WithRSA 119 +-#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L +- +-/* Taken from rfc2040 ++# define SN_dsaWithSHA1 "DSA-SHA1" ++# define LN_dsaWithSHA1 "dsaWithSHA1" ++# define NID_dsaWithSHA1 113 ++# define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L ++ ++# define NID_md5_sha1 114 ++# define SN_md5_sha1 "MD5-SHA1" ++# define LN_md5_sha1 "md5-sha1" ++ ++# define SN_sha1WithRSA "RSA-SHA1-2" ++# define LN_sha1WithRSA "sha1WithRSA" ++# define NID_sha1WithRSA 115 ++# define OBJ_sha1WithRSA OBJ_algorithm,29L ++ ++# define SN_dsa "DSA" ++# define LN_dsa "dsaEncryption" ++# define NID_dsa 116 ++# define OBJ_dsa 1L,2L,840L,10040L,4L,1L ++ ++# define SN_ripemd160 "RIPEMD160" ++# define LN_ripemd160 "ripemd160" ++# define NID_ripemd160 117 ++# define OBJ_ripemd160 1L,3L,36L,3L,2L,1L ++ ++/* ++ * The name should actually be rsaSignatureWithripemd160, but I'm going to ++ * continue using the convention I'm using with the other ciphers ++ */ ++# define SN_ripemd160WithRSA "RSA-RIPEMD160" ++# define LN_ripemd160WithRSA "ripemd160WithRSA" ++# define NID_ripemd160WithRSA 119 ++# define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L ++ ++/*- ++ * Taken from rfc2040 + * RC5_CBC_Parameters ::= SEQUENCE { +- * version INTEGER (v1_0(16)), +- * rounds INTEGER (8..127), +- * blockSizeInBits INTEGER (64, 128), +- * iv OCTET STRING OPTIONAL +- * } ++ * version INTEGER (v1_0(16)), ++ * rounds INTEGER (8..127), ++ * blockSizeInBits INTEGER (64, 128), ++ * iv OCTET STRING OPTIONAL ++ * } + */ +-#define SN_rc5_cbc "RC5-CBC" +-#define LN_rc5_cbc "rc5-cbc" +-#define NID_rc5_cbc 120 +-#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L +- +-#define SN_rc5_ecb "RC5-ECB" +-#define LN_rc5_ecb "rc5-ecb" +-#define NID_rc5_ecb 121 +- +-#define SN_rc5_cfb64 "RC5-CFB" +-#define LN_rc5_cfb64 "rc5-cfb" +-#define NID_rc5_cfb64 122 +- +-#define SN_rc5_ofb64 "RC5-OFB" +-#define LN_rc5_ofb64 "rc5-ofb" +-#define NID_rc5_ofb64 123 +- +-#define SN_rle_compression "RLE" +-#define LN_rle_compression "run length compression" +-#define NID_rle_compression 124 +-#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L +- +-#define SN_zlib_compression "ZLIB" +-#define LN_zlib_compression "zlib compression" +-#define NID_zlib_compression 125 +-#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L +- +-#define SN_ext_key_usage "extendedKeyUsage" +-#define LN_ext_key_usage "X509v3 Extended Key Usage" +-#define NID_ext_key_usage 126 +-#define OBJ_ext_key_usage OBJ_id_ce,37 +- +-#define SN_id_pkix "PKIX" +-#define NID_id_pkix 127 +-#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L +- +-#define SN_id_kp "id-kp" +-#define NID_id_kp 128 +-#define OBJ_id_kp OBJ_id_pkix,3L ++# define SN_rc5_cbc "RC5-CBC" ++# define LN_rc5_cbc "rc5-cbc" ++# define NID_rc5_cbc 120 ++# define OBJ_rc5_cbc OBJ_rsadsi,3L,8L ++ ++# define SN_rc5_ecb "RC5-ECB" ++# define LN_rc5_ecb "rc5-ecb" ++# define NID_rc5_ecb 121 ++ ++# define SN_rc5_cfb64 "RC5-CFB" ++# define LN_rc5_cfb64 "rc5-cfb" ++# define NID_rc5_cfb64 122 ++ ++# define SN_rc5_ofb64 "RC5-OFB" ++# define LN_rc5_ofb64 "rc5-ofb" ++# define NID_rc5_ofb64 123 ++ ++# define SN_rle_compression "RLE" ++# define LN_rle_compression "run length compression" ++# define NID_rle_compression 124 ++# define OBJ_rle_compression 1L,1L,1L,1L,666L,1L ++ ++# define SN_zlib_compression "ZLIB" ++# define LN_zlib_compression "zlib compression" ++# define NID_zlib_compression 125 ++# define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L ++ ++# define SN_ext_key_usage "extendedKeyUsage" ++# define LN_ext_key_usage "X509v3 Extended Key Usage" ++# define NID_ext_key_usage 126 ++# define OBJ_ext_key_usage OBJ_id_ce,37 ++ ++# define SN_id_pkix "PKIX" ++# define NID_id_pkix 127 ++# define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L ++ ++# define SN_id_kp "id-kp" ++# define NID_id_kp 128 ++# define OBJ_id_kp OBJ_id_pkix,3L + + /* PKIX extended key usage OIDs */ + +-#define SN_server_auth "serverAuth" +-#define LN_server_auth "TLS Web Server Authentication" +-#define NID_server_auth 129 +-#define OBJ_server_auth OBJ_id_kp,1L ++# define SN_server_auth "serverAuth" ++# define LN_server_auth "TLS Web Server Authentication" ++# define NID_server_auth 129 ++# define OBJ_server_auth OBJ_id_kp,1L + +-#define SN_client_auth "clientAuth" +-#define LN_client_auth "TLS Web Client Authentication" +-#define NID_client_auth 130 +-#define OBJ_client_auth OBJ_id_kp,2L ++# define SN_client_auth "clientAuth" ++# define LN_client_auth "TLS Web Client Authentication" ++# define NID_client_auth 130 ++# define OBJ_client_auth OBJ_id_kp,2L + +-#define SN_code_sign "codeSigning" +-#define LN_code_sign "Code Signing" +-#define NID_code_sign 131 +-#define OBJ_code_sign OBJ_id_kp,3L ++# define SN_code_sign "codeSigning" ++# define LN_code_sign "Code Signing" ++# define NID_code_sign 131 ++# define OBJ_code_sign OBJ_id_kp,3L + +-#define SN_email_protect "emailProtection" +-#define LN_email_protect "E-mail Protection" +-#define NID_email_protect 132 +-#define OBJ_email_protect OBJ_id_kp,4L ++# define SN_email_protect "emailProtection" ++# define LN_email_protect "E-mail Protection" ++# define NID_email_protect 132 ++# define OBJ_email_protect OBJ_id_kp,4L + +-#define SN_time_stamp "timeStamping" +-#define LN_time_stamp "Time Stamping" +-#define NID_time_stamp 133 +-#define OBJ_time_stamp OBJ_id_kp,8L ++# define SN_time_stamp "timeStamping" ++# define LN_time_stamp "Time Stamping" ++# define NID_time_stamp 133 ++# define OBJ_time_stamp OBJ_id_kp,8L + + /* Additional extended key usage OIDs: Microsoft */ + +-#define SN_ms_code_ind "msCodeInd" +-#define LN_ms_code_ind "Microsoft Individual Code Signing" +-#define NID_ms_code_ind 134 +-#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L ++# define SN_ms_code_ind "msCodeInd" ++# define LN_ms_code_ind "Microsoft Individual Code Signing" ++# define NID_ms_code_ind 134 ++# define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +-#define SN_ms_code_com "msCodeCom" +-#define LN_ms_code_com "Microsoft Commercial Code Signing" +-#define NID_ms_code_com 135 +-#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L ++# define SN_ms_code_com "msCodeCom" ++# define LN_ms_code_com "Microsoft Commercial Code Signing" ++# define NID_ms_code_com 135 ++# define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +-#define SN_ms_ctl_sign "msCTLSign" +-#define LN_ms_ctl_sign "Microsoft Trust List Signing" +-#define NID_ms_ctl_sign 136 +-#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L ++# define SN_ms_ctl_sign "msCTLSign" ++# define LN_ms_ctl_sign "Microsoft Trust List Signing" ++# define NID_ms_ctl_sign 136 ++# define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +-#define SN_ms_sgc "msSGC" +-#define LN_ms_sgc "Microsoft Server Gated Crypto" +-#define NID_ms_sgc 137 +-#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L ++# define SN_ms_sgc "msSGC" ++# define LN_ms_sgc "Microsoft Server Gated Crypto" ++# define NID_ms_sgc 137 ++# define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +-#define SN_ms_efs "msEFS" +-#define LN_ms_efs "Microsoft Encrypted File System" +-#define NID_ms_efs 138 +-#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L ++# define SN_ms_efs "msEFS" ++# define LN_ms_efs "Microsoft Encrypted File System" ++# define NID_ms_efs 138 ++# define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + + /* Additional usage: Netscape */ + +-#define SN_ns_sgc "nsSGC" +-#define LN_ns_sgc "Netscape Server Gated Crypto" +-#define NID_ns_sgc 139 +-#define OBJ_ns_sgc OBJ_netscape,4L,1L ++# define SN_ns_sgc "nsSGC" ++# define LN_ns_sgc "Netscape Server Gated Crypto" ++# define NID_ns_sgc 139 ++# define OBJ_ns_sgc OBJ_netscape,4L,1L + +-#define SN_delta_crl "deltaCRL" +-#define LN_delta_crl "X509v3 Delta CRL Indicator" +-#define NID_delta_crl 140 +-#define OBJ_delta_crl OBJ_id_ce,27L ++# define SN_delta_crl "deltaCRL" ++# define LN_delta_crl "X509v3 Delta CRL Indicator" ++# define NID_delta_crl 140 ++# define OBJ_delta_crl OBJ_id_ce,27L + +-#define SN_crl_reason "CRLReason" +-#define LN_crl_reason "CRL Reason Code" +-#define NID_crl_reason 141 +-#define OBJ_crl_reason OBJ_id_ce,21L ++# define SN_crl_reason "CRLReason" ++# define LN_crl_reason "CRL Reason Code" ++# define NID_crl_reason 141 ++# define OBJ_crl_reason OBJ_id_ce,21L + +-#define SN_invalidity_date "invalidityDate" +-#define LN_invalidity_date "Invalidity Date" +-#define NID_invalidity_date 142 +-#define OBJ_invalidity_date OBJ_id_ce,24L ++# define SN_invalidity_date "invalidityDate" ++# define LN_invalidity_date "Invalidity Date" ++# define NID_invalidity_date 142 ++# define OBJ_invalidity_date OBJ_id_ce,24L + +-#define SN_sxnet "SXNetID" +-#define LN_sxnet "Strong Extranet ID" +-#define NID_sxnet 143 +-#define OBJ_sxnet 1L,3L,101L,1L,4L,1L ++# define SN_sxnet "SXNetID" ++# define LN_sxnet "Strong Extranet ID" ++# define NID_sxnet 143 ++# define OBJ_sxnet 1L,3L,101L,1L,4L,1L + + /* PKCS12 and related OBJECT IDENTIFIERS */ + +-#define OBJ_pkcs12 OBJ_pkcs,12L +-#define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 ++# define OBJ_pkcs12 OBJ_pkcs,12L ++# define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 + +-#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +-#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +-#define NID_pbe_WithSHA1And128BitRC4 144 +-#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L ++# define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" ++# define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" ++# define NID_pbe_WithSHA1And128BitRC4 144 ++# define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L + +-#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +-#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +-#define NID_pbe_WithSHA1And40BitRC4 145 +-#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L ++# define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" ++# define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" ++# define NID_pbe_WithSHA1And40BitRC4 145 ++# define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L + +-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L ++# define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" ++# define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" ++# define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 ++# define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L + +-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L ++# define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" ++# define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" ++# define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 ++# define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L + +-#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +-#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +-#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +-#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L ++# define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" ++# define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" ++# define NID_pbe_WithSHA1And128BitRC2_CBC 148 ++# define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L + +-#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +-#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +-#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +-#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L ++# define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" ++# define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" ++# define NID_pbe_WithSHA1And40BitRC2_CBC 149 ++# define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L + +-#define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L ++# define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L + +-#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L ++# define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L + +-#define LN_keyBag "keyBag" +-#define NID_keyBag 150 +-#define OBJ_keyBag OBJ_pkcs12_BagIds, 1L ++# define LN_keyBag "keyBag" ++# define NID_keyBag 150 ++# define OBJ_keyBag OBJ_pkcs12_BagIds, 1L + +-#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +-#define NID_pkcs8ShroudedKeyBag 151 +-#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L ++# define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" ++# define NID_pkcs8ShroudedKeyBag 151 ++# define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L + +-#define LN_certBag "certBag" +-#define NID_certBag 152 +-#define OBJ_certBag OBJ_pkcs12_BagIds, 3L ++# define LN_certBag "certBag" ++# define NID_certBag 152 ++# define OBJ_certBag OBJ_pkcs12_BagIds, 3L + +-#define LN_crlBag "crlBag" +-#define NID_crlBag 153 +-#define OBJ_crlBag OBJ_pkcs12_BagIds, 4L ++# define LN_crlBag "crlBag" ++# define NID_crlBag 153 ++# define OBJ_crlBag OBJ_pkcs12_BagIds, 4L + +-#define LN_secretBag "secretBag" +-#define NID_secretBag 154 +-#define OBJ_secretBag OBJ_pkcs12_BagIds, 5L ++# define LN_secretBag "secretBag" ++# define NID_secretBag 154 ++# define OBJ_secretBag OBJ_pkcs12_BagIds, 5L + +-#define LN_safeContentsBag "safeContentsBag" +-#define NID_safeContentsBag 155 +-#define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L ++# define LN_safeContentsBag "safeContentsBag" ++# define NID_safeContentsBag 155 ++# define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L + +-#define LN_friendlyName "friendlyName" +-#define NID_friendlyName 156 +-#define OBJ_friendlyName OBJ_pkcs9, 20L ++# define LN_friendlyName "friendlyName" ++# define NID_friendlyName 156 ++# define OBJ_friendlyName OBJ_pkcs9, 20L + +-#define LN_localKeyID "localKeyID" +-#define NID_localKeyID 157 +-#define OBJ_localKeyID OBJ_pkcs9, 21L ++# define LN_localKeyID "localKeyID" ++# define NID_localKeyID 157 ++# define OBJ_localKeyID OBJ_pkcs9, 21L + +-#define OBJ_certTypes OBJ_pkcs9, 22L ++# define OBJ_certTypes OBJ_pkcs9, 22L + +-#define LN_x509Certificate "x509Certificate" +-#define NID_x509Certificate 158 +-#define OBJ_x509Certificate OBJ_certTypes, 1L ++# define LN_x509Certificate "x509Certificate" ++# define NID_x509Certificate 158 ++# define OBJ_x509Certificate OBJ_certTypes, 1L + +-#define LN_sdsiCertificate "sdsiCertificate" +-#define NID_sdsiCertificate 159 +-#define OBJ_sdsiCertificate OBJ_certTypes, 2L ++# define LN_sdsiCertificate "sdsiCertificate" ++# define NID_sdsiCertificate 159 ++# define OBJ_sdsiCertificate OBJ_certTypes, 2L + +-#define OBJ_crlTypes OBJ_pkcs9, 23L ++# define OBJ_crlTypes OBJ_pkcs9, 23L + +-#define LN_x509Crl "x509Crl" +-#define NID_x509Crl 160 +-#define OBJ_x509Crl OBJ_crlTypes, 1L ++# define LN_x509Crl "x509Crl" ++# define NID_x509Crl 160 ++# define OBJ_x509Crl OBJ_crlTypes, 1L + + /* PKCS#5 v2 OIDs */ + +-#define LN_pbes2 "PBES2" +-#define NID_pbes2 161 +-#define OBJ_pbes2 OBJ_pkcs,5L,13L ++# define LN_pbes2 "PBES2" ++# define NID_pbes2 161 ++# define OBJ_pbes2 OBJ_pkcs,5L,13L + +-#define LN_pbmac1 "PBMAC1" +-#define NID_pbmac1 162 +-#define OBJ_pbmac1 OBJ_pkcs,5L,14L ++# define LN_pbmac1 "PBMAC1" ++# define NID_pbmac1 162 ++# define OBJ_pbmac1 OBJ_pkcs,5L,14L + +-#define LN_hmacWithSHA1 "hmacWithSHA1" +-#define NID_hmacWithSHA1 163 +-#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L ++# define LN_hmacWithSHA1 "hmacWithSHA1" ++# define NID_hmacWithSHA1 163 ++# define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + + /* Policy Qualifier Ids */ + +-#define LN_id_qt_cps "Policy Qualifier CPS" +-#define SN_id_qt_cps "id-qt-cps" +-#define NID_id_qt_cps 164 +-#define OBJ_id_qt_cps OBJ_id_pkix,2L,1L ++# define LN_id_qt_cps "Policy Qualifier CPS" ++# define SN_id_qt_cps "id-qt-cps" ++# define NID_id_qt_cps 164 ++# define OBJ_id_qt_cps OBJ_id_pkix,2L,1L + +-#define LN_id_qt_unotice "Policy Qualifier User Notice" +-#define SN_id_qt_unotice "id-qt-unotice" +-#define NID_id_qt_unotice 165 +-#define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L ++# define LN_id_qt_unotice "Policy Qualifier User Notice" ++# define SN_id_qt_unotice "id-qt-unotice" ++# define NID_id_qt_unotice 165 ++# define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L + +-#define SN_rc2_64_cbc "RC2-64-CBC" +-#define LN_rc2_64_cbc "rc2-64-cbc" +-#define NID_rc2_64_cbc 166 ++# define SN_rc2_64_cbc "RC2-64-CBC" ++# define LN_rc2_64_cbc "rc2-64-cbc" ++# define NID_rc2_64_cbc 166 + +-#define SN_SMIMECapabilities "SMIME-CAPS" +-#define LN_SMIMECapabilities "S/MIME Capabilities" +-#define NID_SMIMECapabilities 167 +-#define OBJ_SMIMECapabilities OBJ_pkcs9,15L ++# define SN_SMIMECapabilities "SMIME-CAPS" ++# define LN_SMIMECapabilities "S/MIME Capabilities" ++# define NID_SMIMECapabilities 167 ++# define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +-#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +-#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +-#define NID_pbeWithMD2AndRC2_CBC 168 +-#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L ++# define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" ++# define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" ++# define NID_pbeWithMD2AndRC2_CBC 168 ++# define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L + +-#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +-#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +-#define NID_pbeWithMD5AndRC2_CBC 169 +-#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L ++# define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" ++# define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" ++# define NID_pbeWithMD5AndRC2_CBC 169 ++# define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L + +-#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +-#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +-#define NID_pbeWithSHA1AndDES_CBC 170 +-#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L ++# define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" ++# define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" ++# define NID_pbeWithSHA1AndDES_CBC 170 ++# define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L + + /* Extension request OIDs */ + +-#define LN_ms_ext_req "Microsoft Extension Request" +-#define SN_ms_ext_req "msExtReq" +-#define NID_ms_ext_req 171 +-#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L ++# define LN_ms_ext_req "Microsoft Extension Request" ++# define SN_ms_ext_req "msExtReq" ++# define NID_ms_ext_req 171 ++# define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +-#define LN_ext_req "Extension Request" +-#define SN_ext_req "extReq" +-#define NID_ext_req 172 +-#define OBJ_ext_req OBJ_pkcs9,14L ++# define LN_ext_req "Extension Request" ++# define SN_ext_req "extReq" ++# define NID_ext_req 172 ++# define OBJ_ext_req OBJ_pkcs9,14L + +-#define SN_name "name" +-#define LN_name "name" +-#define NID_name 173 +-#define OBJ_name OBJ_X509,41L ++# define SN_name "name" ++# define LN_name "name" ++# define NID_name 173 ++# define OBJ_name OBJ_X509,41L + +-#define SN_dnQualifier "dnQualifier" +-#define LN_dnQualifier "dnQualifier" +-#define NID_dnQualifier 174 +-#define OBJ_dnQualifier OBJ_X509,46L ++# define SN_dnQualifier "dnQualifier" ++# define LN_dnQualifier "dnQualifier" ++# define NID_dnQualifier 174 ++# define OBJ_dnQualifier OBJ_X509,46L + +-#define SN_id_pe "id-pe" +-#define NID_id_pe 175 +-#define OBJ_id_pe OBJ_id_pkix,1L ++# define SN_id_pe "id-pe" ++# define NID_id_pe 175 ++# define OBJ_id_pe OBJ_id_pkix,1L + +-#define SN_id_ad "id-ad" +-#define NID_id_ad 176 +-#define OBJ_id_ad OBJ_id_pkix,48L ++# define SN_id_ad "id-ad" ++# define NID_id_ad 176 ++# define OBJ_id_ad OBJ_id_pkix,48L + +-#define SN_info_access "authorityInfoAccess" +-#define LN_info_access "Authority Information Access" +-#define NID_info_access 177 +-#define OBJ_info_access OBJ_id_pe,1L ++# define SN_info_access "authorityInfoAccess" ++# define LN_info_access "Authority Information Access" ++# define NID_info_access 177 ++# define OBJ_info_access OBJ_id_pe,1L + +-#define SN_ad_OCSP "OCSP" +-#define LN_ad_OCSP "OCSP" +-#define NID_ad_OCSP 178 +-#define OBJ_ad_OCSP OBJ_id_ad,1L ++# define SN_ad_OCSP "OCSP" ++# define LN_ad_OCSP "OCSP" ++# define NID_ad_OCSP 178 ++# define OBJ_ad_OCSP OBJ_id_ad,1L + +-#define SN_ad_ca_issuers "caIssuers" +-#define LN_ad_ca_issuers "CA Issuers" +-#define NID_ad_ca_issuers 179 +-#define OBJ_ad_ca_issuers OBJ_id_ad,2L ++# define SN_ad_ca_issuers "caIssuers" ++# define LN_ad_ca_issuers "CA Issuers" ++# define NID_ad_ca_issuers 179 ++# define OBJ_ad_ca_issuers OBJ_id_ad,2L + +-#define SN_OCSP_sign "OCSPSigning" +-#define LN_OCSP_sign "OCSP Signing" +-#define NID_OCSP_sign 180 +-#define OBJ_OCSP_sign OBJ_id_kp,9L +-#endif /* USE_OBJ_MAC */ ++# define SN_OCSP_sign "OCSPSigning" ++# define LN_OCSP_sign "OCSP Signing" ++# define NID_OCSP_sign 180 ++# define OBJ_OCSP_sign OBJ_id_kp,9L ++# endif /* USE_OBJ_MAC */ + +-#include +-#include ++# include ++# include + +-#define OBJ_NAME_TYPE_UNDEF 0x00 +-#define OBJ_NAME_TYPE_MD_METH 0x01 +-#define OBJ_NAME_TYPE_CIPHER_METH 0x02 +-#define OBJ_NAME_TYPE_PKEY_METH 0x03 +-#define OBJ_NAME_TYPE_COMP_METH 0x04 +-#define OBJ_NAME_TYPE_NUM 0x05 ++# define OBJ_NAME_TYPE_UNDEF 0x00 ++# define OBJ_NAME_TYPE_MD_METH 0x01 ++# define OBJ_NAME_TYPE_CIPHER_METH 0x02 ++# define OBJ_NAME_TYPE_PKEY_METH 0x03 ++# define OBJ_NAME_TYPE_COMP_METH 0x04 ++# define OBJ_NAME_TYPE_NUM 0x05 + +-#define OBJ_NAME_ALIAS 0x8000 ++# define OBJ_NAME_ALIAS 0x8000 + +-#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 ++# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 ++# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct obj_name_st +- { +- int type; +- int alias; +- const char *name; +- const char *data; +- } OBJ_NAME; +- +-#define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) ++typedef struct obj_name_st { ++ int type; ++ int alias; ++ const char *name; ++ const char *data; ++} OBJ_NAME; + ++# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) + + int OBJ_NAME_init(void); +-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), +- int (*cmp_func)(const char *, const char *), +- void (*free_func)(const char *, int, const char *)); +-const char *OBJ_NAME_get(const char *name,int type); +-int OBJ_NAME_add(const char *name,int type,const char *data); +-int OBJ_NAME_remove(const char *name,int type); ++int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), ++ int (*cmp_func) (const char *, const char *), ++ void (*free_func) (const char *, int, const char *)); ++const char *OBJ_NAME_get(const char *name, int type); ++int OBJ_NAME_add(const char *name, int type, const char *data); ++int OBJ_NAME_remove(const char *name, int type); + void OBJ_NAME_cleanup(int type); /* -1 for everything */ +-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg), +- void *arg); +-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), +- void *arg); +- +-ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +-ASN1_OBJECT * OBJ_nid2obj(int n); +-const char * OBJ_nid2ln(int n); +-const char * OBJ_nid2sn(int n); +-int OBJ_obj2nid(const ASN1_OBJECT *o); +-ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +-int OBJ_txt2nid(const char *s); +-int OBJ_ln2nid(const char *s); +-int OBJ_sn2nid(const char *s); +-int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); +-const char * OBJ_bsearch(const char *key,const char *base,int num,int size, +- int (*cmp)(const void *, const void *)); +-const char * OBJ_bsearch_ex(const char *key,const char *base,int num, +- int size, int (*cmp)(const void *, const void *), int flags); +- +-int OBJ_new_nid(int num); +-int OBJ_add_object(const ASN1_OBJECT *obj); +-int OBJ_create(const char *oid,const char *sn,const char *ln); +-void OBJ_cleanup(void ); +-int OBJ_create_objects(BIO *in); ++void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), ++ void *arg); ++void OBJ_NAME_do_all_sorted(int type, ++ void (*fn) (const OBJ_NAME *, void *arg), ++ void *arg); ++ ++ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); ++ASN1_OBJECT *OBJ_nid2obj(int n); ++const char *OBJ_nid2ln(int n); ++const char *OBJ_nid2sn(int n); ++int OBJ_obj2nid(const ASN1_OBJECT *o); ++ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); ++int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); ++int OBJ_txt2nid(const char *s); ++int OBJ_ln2nid(const char *s); ++int OBJ_sn2nid(const char *s); ++int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); ++const char *OBJ_bsearch(const char *key, const char *base, int num, int size, ++ int (*cmp) (const void *, const void *)); ++const char *OBJ_bsearch_ex(const char *key, const char *base, int num, ++ int size, int (*cmp) (const void *, const void *), ++ int flags); ++ ++int OBJ_new_nid(int num); ++int OBJ_add_object(const ASN1_OBJECT *obj); ++int OBJ_create(const char *oid, const char *sn, const char *ln); ++void OBJ_cleanup(void); ++int OBJ_create_objects(BIO *in); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_OBJ_strings(void); +@@ -1031,17 +1037,17 @@ void ERR_load_OBJ_strings(void); + /* Error codes for the OBJ functions. */ + + /* Function codes. */ +-#define OBJ_F_OBJ_ADD_OBJECT 105 +-#define OBJ_F_OBJ_CREATE 100 +-#define OBJ_F_OBJ_DUP 101 +-#define OBJ_F_OBJ_NAME_NEW_INDEX 106 +-#define OBJ_F_OBJ_NID2LN 102 +-#define OBJ_F_OBJ_NID2OBJ 103 +-#define OBJ_F_OBJ_NID2SN 104 ++# define OBJ_F_OBJ_ADD_OBJECT 105 ++# define OBJ_F_OBJ_CREATE 100 ++# define OBJ_F_OBJ_DUP 101 ++# define OBJ_F_OBJ_NAME_NEW_INDEX 106 ++# define OBJ_F_OBJ_NID2LN 102 ++# define OBJ_F_OBJ_NID2OBJ 103 ++# define OBJ_F_OBJ_NID2SN 104 + + /* Reason codes. */ +-#define OBJ_R_MALLOC_FAILURE 100 +-#define OBJ_R_UNKNOWN_NID 101 ++# define OBJ_R_MALLOC_FAILURE 100 ++# define OBJ_R_UNKNOWN_NID 101 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ocsp.h b/Cryptlib/Include/openssl/ocsp.h +index a0577a7..026725d 100644 +--- a/Cryptlib/Include/openssl/ocsp.h ++++ b/Cryptlib/Include/openssl/ocsp.h +@@ -1,11 +1,14 @@ + /* ocsp.h */ +-/* Written by Tom Titchener for the OpenSSL +- * project. */ ++/* ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ + +-/* History: +- This file was transfered to Richard Levitte from CertCo by Kathy +- Weinhold in mid-spring 2000 to be included in OpenSSL or released +- as a patch kit. */ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +@@ -15,7 +18,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,11 +65,11 @@ + */ + + #ifndef HEADER_OCSP_H +-#define HEADER_OCSP_H ++# define HEADER_OCSP_H + +-#include +-#include +-#include ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { +@@ -74,88 +77,82 @@ extern "C" { + + /* Various flags and values */ + +-#define OCSP_DEFAULT_NONCE_LENGTH 16 +- +-#define OCSP_NOCERTS 0x1 +-#define OCSP_NOINTERN 0x2 +-#define OCSP_NOSIGS 0x4 +-#define OCSP_NOCHAIN 0x8 +-#define OCSP_NOVERIFY 0x10 +-#define OCSP_NOEXPLICIT 0x20 +-#define OCSP_NOCASIGN 0x40 +-#define OCSP_NODELEGATED 0x80 +-#define OCSP_NOCHECKS 0x100 +-#define OCSP_TRUSTOTHER 0x200 +-#define OCSP_RESPID_KEY 0x400 +-#define OCSP_NOTIME 0x800 +- +-/* CertID ::= SEQUENCE { ++# define OCSP_DEFAULT_NONCE_LENGTH 16 ++ ++# define OCSP_NOCERTS 0x1 ++# define OCSP_NOINTERN 0x2 ++# define OCSP_NOSIGS 0x4 ++# define OCSP_NOCHAIN 0x8 ++# define OCSP_NOVERIFY 0x10 ++# define OCSP_NOEXPLICIT 0x20 ++# define OCSP_NOCASIGN 0x40 ++# define OCSP_NODELEGATED 0x80 ++# define OCSP_NOCHECKS 0x100 ++# define OCSP_TRUSTOTHER 0x200 ++# define OCSP_RESPID_KEY 0x400 ++# define OCSP_NOTIME 0x800 ++ ++/*- CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +-typedef struct ocsp_cert_id_st +- { +- X509_ALGOR *hashAlgorithm; +- ASN1_OCTET_STRING *issuerNameHash; +- ASN1_OCTET_STRING *issuerKeyHash; +- ASN1_INTEGER *serialNumber; +- } OCSP_CERTID; ++typedef struct ocsp_cert_id_st { ++ X509_ALGOR *hashAlgorithm; ++ ASN1_OCTET_STRING *issuerNameHash; ++ ASN1_OCTET_STRING *issuerKeyHash; ++ ASN1_INTEGER *serialNumber; ++} OCSP_CERTID; + + DECLARE_STACK_OF(OCSP_CERTID) + +-/* Request ::= SEQUENCE { ++/*- Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +-typedef struct ocsp_one_request_st +- { +- OCSP_CERTID *reqCert; +- STACK_OF(X509_EXTENSION) *singleRequestExtensions; +- } OCSP_ONEREQ; ++typedef struct ocsp_one_request_st { ++ OCSP_CERTID *reqCert; ++ STACK_OF(X509_EXTENSION) *singleRequestExtensions; ++} OCSP_ONEREQ; + + DECLARE_STACK_OF(OCSP_ONEREQ) + DECLARE_ASN1_SET_OF(OCSP_ONEREQ) + +- +-/* TBSRequest ::= SEQUENCE { ++/*- TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +-typedef struct ocsp_req_info_st +- { +- ASN1_INTEGER *version; +- GENERAL_NAME *requestorName; +- STACK_OF(OCSP_ONEREQ) *requestList; +- STACK_OF(X509_EXTENSION) *requestExtensions; +- } OCSP_REQINFO; +- +-/* Signature ::= SEQUENCE { ++typedef struct ocsp_req_info_st { ++ ASN1_INTEGER *version; ++ GENERAL_NAME *requestorName; ++ STACK_OF(OCSP_ONEREQ) *requestList; ++ STACK_OF(X509_EXTENSION) *requestExtensions; ++} OCSP_REQINFO; ++ ++/*- Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +-typedef struct ocsp_signature_st +- { +- X509_ALGOR *signatureAlgorithm; +- ASN1_BIT_STRING *signature; +- STACK_OF(X509) *certs; +- } OCSP_SIGNATURE; +- +-/* OCSPRequest ::= SEQUENCE { ++typedef struct ocsp_signature_st { ++ X509_ALGOR *signatureAlgorithm; ++ ASN1_BIT_STRING *signature; ++ STACK_OF(X509) *certs; ++} OCSP_SIGNATURE; ++ ++/*- OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +-typedef struct ocsp_request_st +- { +- OCSP_REQINFO *tbsRequest; +- OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +- } OCSP_REQUEST; ++typedef struct ocsp_request_st { ++ OCSP_REQINFO *tbsRequest; ++ OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ ++} OCSP_REQUEST; + +-/* OCSPResponseStatus ::= ENUMERATED { ++/*- OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer +@@ -165,149 +162,145 @@ typedef struct ocsp_request_st + * unauthorized (6) --Request unauthorized + * } + */ +-#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +-#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +-#define OCSP_RESPONSE_STATUS_TRYLATER 3 +-#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 +- +-/* ResponseBytes ::= SEQUENCE { ++# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 ++# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 ++# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 ++# define OCSP_RESPONSE_STATUS_TRYLATER 3 ++# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 ++# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 ++ ++/*- ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +-typedef struct ocsp_resp_bytes_st +- { +- ASN1_OBJECT *responseType; +- ASN1_OCTET_STRING *response; +- } OCSP_RESPBYTES; ++typedef struct ocsp_resp_bytes_st { ++ ASN1_OBJECT *responseType; ++ ASN1_OCTET_STRING *response; ++} OCSP_RESPBYTES; + +-/* OCSPResponse ::= SEQUENCE { ++/*- OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +-struct ocsp_response_st +- { +- ASN1_ENUMERATED *responseStatus; +- OCSP_RESPBYTES *responseBytes; +- }; ++struct ocsp_response_st { ++ ASN1_ENUMERATED *responseStatus; ++ OCSP_RESPBYTES *responseBytes; ++}; + +-/* ResponderID ::= CHOICE { ++/*- ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +-#define V_OCSP_RESPID_NAME 0 +-#define V_OCSP_RESPID_KEY 1 +-struct ocsp_responder_id_st +- { +- int type; +- union { +- X509_NAME* byName; +- ASN1_OCTET_STRING *byKey; +- } value; +- }; ++# define V_OCSP_RESPID_NAME 0 ++# define V_OCSP_RESPID_KEY 1 ++struct ocsp_responder_id_st { ++ int type; ++ union { ++ X509_NAME *byName; ++ ASN1_OCTET_STRING *byKey; ++ } value; ++}; + + DECLARE_STACK_OF(OCSP_RESPID) + DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) + +-/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key ++/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +-/* RevokedInfo ::= SEQUENCE { ++/*- RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +-typedef struct ocsp_revoked_info_st +- { +- ASN1_GENERALIZEDTIME *revocationTime; +- ASN1_ENUMERATED *revocationReason; +- } OCSP_REVOKEDINFO; ++typedef struct ocsp_revoked_info_st { ++ ASN1_GENERALIZEDTIME *revocationTime; ++ ASN1_ENUMERATED *revocationReason; ++} OCSP_REVOKEDINFO; + +-/* CertStatus ::= CHOICE { ++/*- CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +-#define V_OCSP_CERTSTATUS_GOOD 0 +-#define V_OCSP_CERTSTATUS_REVOKED 1 +-#define V_OCSP_CERTSTATUS_UNKNOWN 2 +-typedef struct ocsp_cert_status_st +- { +- int type; +- union { +- ASN1_NULL *good; +- OCSP_REVOKEDINFO *revoked; +- ASN1_NULL *unknown; +- } value; +- } OCSP_CERTSTATUS; +- +-/* SingleResponse ::= SEQUENCE { ++# define V_OCSP_CERTSTATUS_GOOD 0 ++# define V_OCSP_CERTSTATUS_REVOKED 1 ++# define V_OCSP_CERTSTATUS_UNKNOWN 2 ++typedef struct ocsp_cert_status_st { ++ int type; ++ union { ++ ASN1_NULL *good; ++ OCSP_REVOKEDINFO *revoked; ++ ASN1_NULL *unknown; ++ } value; ++} OCSP_CERTSTATUS; ++ ++/*- SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +-typedef struct ocsp_single_response_st +- { +- OCSP_CERTID *certId; +- OCSP_CERTSTATUS *certStatus; +- ASN1_GENERALIZEDTIME *thisUpdate; +- ASN1_GENERALIZEDTIME *nextUpdate; +- STACK_OF(X509_EXTENSION) *singleExtensions; +- } OCSP_SINGLERESP; ++typedef struct ocsp_single_response_st { ++ OCSP_CERTID *certId; ++ OCSP_CERTSTATUS *certStatus; ++ ASN1_GENERALIZEDTIME *thisUpdate; ++ ASN1_GENERALIZEDTIME *nextUpdate; ++ STACK_OF(X509_EXTENSION) *singleExtensions; ++} OCSP_SINGLERESP; + + DECLARE_STACK_OF(OCSP_SINGLERESP) + DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) + +-/* ResponseData ::= SEQUENCE { ++/*- ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +-typedef struct ocsp_response_data_st +- { +- ASN1_INTEGER *version; +- OCSP_RESPID *responderId; +- ASN1_GENERALIZEDTIME *producedAt; +- STACK_OF(OCSP_SINGLERESP) *responses; +- STACK_OF(X509_EXTENSION) *responseExtensions; +- } OCSP_RESPDATA; +- +-/* BasicOCSPResponse ::= SEQUENCE { ++typedef struct ocsp_response_data_st { ++ ASN1_INTEGER *version; ++ OCSP_RESPID *responderId; ++ ASN1_GENERALIZEDTIME *producedAt; ++ STACK_OF(OCSP_SINGLERESP) *responses; ++ STACK_OF(X509_EXTENSION) *responseExtensions; ++} OCSP_RESPDATA; ++ ++/*- BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +- /* Note 1: +- The value for "signature" is specified in the OCSP rfc2560 as follows: +- "The value for the signature SHALL be computed on the hash of the DER +- encoding ResponseData." This means that you must hash the DER-encoded +- tbsResponseData, and then run it through a crypto-signing function, which +- will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems +- a bit odd, but that's the spec. Also note that the data structures do not +- leave anywhere to independently specify the algorithm used for the initial +- hash. So, we look at the signature-specification algorithm, and try to do +- something intelligent. -- Kathy Weinhold, CertCo */ +- /* Note 2: +- It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open +- for interpretation. I've done tests against another responder, and found +- that it doesn't do the double hashing that the RFC seems to say one +- should. Therefore, all relevant functions take a flag saying which +- variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ +-typedef struct ocsp_basic_response_st +- { +- OCSP_RESPDATA *tbsResponseData; +- X509_ALGOR *signatureAlgorithm; +- ASN1_BIT_STRING *signature; +- STACK_OF(X509) *certs; +- } OCSP_BASICRESP; +- +-/* ++ /* ++ * Note 1: The value for "signature" is specified in the OCSP rfc2560 as ++ * follows: "The value for the signature SHALL be computed on the hash of ++ * the DER encoding ResponseData." This means that you must hash the ++ * DER-encoded tbsResponseData, and then run it through a crypto-signing ++ * function, which will (at least w/RSA) do a hash-'n'-private-encrypt ++ * operation. This seems a bit odd, but that's the spec. Also note that ++ * the data structures do not leave anywhere to independently specify the ++ * algorithm used for the initial hash. So, we look at the ++ * signature-specification algorithm, and try to do something intelligent. ++ * -- Kathy Weinhold, CertCo ++ */ ++ /* ++ * Note 2: It seems that the mentioned passage from RFC 2560 (section ++ * 4.2.1) is open for interpretation. I've done tests against another ++ * responder, and found that it doesn't do the double hashing that the RFC ++ * seems to say one should. Therefore, all relevant functions take a flag ++ * saying which variant should be used. -- Richard Levitte, OpenSSL team ++ * and CeloCom ++ */ ++typedef struct ocsp_basic_response_st { ++ OCSP_RESPDATA *tbsResponseData; ++ X509_ALGOR *signatureAlgorithm; ++ ASN1_BIT_STRING *signature; ++ STACK_OF(X509) *certs; ++} OCSP_BASICRESP; ++ ++/*- + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), +@@ -318,100 +311,100 @@ typedef struct ocsp_basic_response_st + * certificateHold (6), + * removeFromCRL (8) } + */ +-#define OCSP_REVOKED_STATUS_NOSTATUS -1 +-#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +-#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +-#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +- +-/* CrlID ::= SEQUENCE { ++# define OCSP_REVOKED_STATUS_NOSTATUS -1 ++# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 ++# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 ++# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 ++# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 ++# define OCSP_REVOKED_STATUS_SUPERSEDED 4 ++# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 ++# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 ++# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 ++ ++/*- ++ * CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +-typedef struct ocsp_crl_id_st +- { +- ASN1_IA5STRING *crlUrl; +- ASN1_INTEGER *crlNum; +- ASN1_GENERALIZEDTIME *crlTime; +- } OCSP_CRLID; +- +-/* ServiceLocator ::= SEQUENCE { ++typedef struct ocsp_crl_id_st { ++ ASN1_IA5STRING *crlUrl; ++ ASN1_INTEGER *crlNum; ++ ASN1_GENERALIZEDTIME *crlTime; ++} OCSP_CRLID; ++ ++/*- ++ * ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +-typedef struct ocsp_service_locator_st +- { +- X509_NAME* issuer; +- STACK_OF(ACCESS_DESCRIPTION) *locator; +- } OCSP_SERVICELOC; +- +-#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" ++typedef struct ocsp_service_locator_st { ++ X509_NAME *issuer; ++ STACK_OF(ACCESS_DESCRIPTION) *locator; ++} OCSP_SERVICELOC; + +-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) ++# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" ++# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) ++# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +-#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ ++# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) ++ ++# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) + +-#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ ++# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) + +-#define PEM_write_bio_OCSP_REQUEST(bp,o) \ ++# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ +- bp,(char *)o, NULL,NULL,0,NULL,NULL) ++ bp,(char *)o, NULL,NULL,0,NULL,NULL) + +-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \ ++# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ +- bp,(char *)o, NULL,NULL,0,NULL,NULL) ++ bp,(char *)o, NULL,NULL,0,NULL,NULL) + +-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) ++# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) ++# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +-#define OCSP_REQUEST_sign(o,pkey,md) \ +- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ +- o->optionalSignature->signatureAlgorithm,NULL,\ +- o->optionalSignature->signature,o->tbsRequest,pkey,md) ++# define OCSP_REQUEST_sign(o,pkey,md) \ ++ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ ++ o->optionalSignature->signatureAlgorithm,NULL,\ ++ o->optionalSignature->signature,o->tbsRequest,pkey,md) + +-#define OCSP_BASICRESP_sign(o,pkey,md,d) \ +- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ +- o->signature,o->tbsResponseData,pkey,md) ++# define OCSP_BASICRESP_sign(o,pkey,md,d) \ ++ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ ++ o->signature,o->tbsResponseData,pkey,md) + +-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ ++# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ + a->optionalSignature->signatureAlgorithm,\ +- a->optionalSignature->signature,a->tbsRequest,r) ++ a->optionalSignature->signature,a->tbsRequest,r) + +-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ +- a->signatureAlgorithm,a->signature,a->tbsResponseData,r) ++# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ ++ a->signatureAlgorithm,a->signature,a->tbsResponseData,r) + +-#define ASN1_BIT_STRING_digest(data,type,md,len) \ +- ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) ++# define ASN1_BIT_STRING_digest(data,type,md,len) \ ++ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) ++# define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid) + +-#define OCSP_CERTSTATUS_dup(cs)\ ++# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ +- (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) ++ (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); + OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, +- int maxline); ++ int maxline); + int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); + + OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); + +-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +- X509_NAME *issuerName, +- ASN1_BIT_STRING* issuerKey, +- ASN1_INTEGER *serialNumber); ++OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, ++ X509_NAME *issuerName, ++ ASN1_BIT_STRING *issuerKey, ++ ASN1_INTEGER *serialNumber); + + OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +@@ -423,12 +416,11 @@ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); + int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +-int OCSP_request_sign(OCSP_REQUEST *req, +- X509 *signer, +- EVP_PKEY *key, +- const EVP_MD *dgst, +- STACK_OF(X509) *certs, +- unsigned long flags); ++int OCSP_request_sign(OCSP_REQUEST *req, ++ X509 *signer, ++ EVP_PKEY *key, ++ const EVP_MD *dgst, ++ STACK_OF(X509) *certs, unsigned long flags); + + int OCSP_response_status(OCSP_RESPONSE *resp); + OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +@@ -437,21 +429,22 @@ int OCSP_resp_count(OCSP_BASICRESP *bs); + OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); + int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +- ASN1_GENERALIZEDTIME **revtime, +- ASN1_GENERALIZEDTIME **thisupd, +- ASN1_GENERALIZEDTIME **nextupd); ++ ASN1_GENERALIZEDTIME **revtime, ++ ASN1_GENERALIZEDTIME **thisupd, ++ ASN1_GENERALIZEDTIME **nextupd); + int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +- int *reason, +- ASN1_GENERALIZEDTIME **revtime, +- ASN1_GENERALIZEDTIME **thisupd, +- ASN1_GENERALIZEDTIME **nextupd); ++ int *reason, ++ ASN1_GENERALIZEDTIME **revtime, ++ ASN1_GENERALIZEDTIME **thisupd, ++ ASN1_GENERALIZEDTIME **nextupd); + int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, +- ASN1_GENERALIZEDTIME *nextupd, +- long sec, long maxsec); ++ ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); ++int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, ++ X509_STORE *store, unsigned long flags); + +-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl); ++int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, ++ int *pssl); + + int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +@@ -460,42 +453,45 @@ int OCSP_request_onereq_count(OCSP_REQUEST *req); + OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); + OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); + int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +- ASN1_OCTET_STRING **pikeyHash, +- ASN1_INTEGER **pserial, OCSP_CERTID *cid); ++ ASN1_OCTET_STRING **pikeyHash, ++ ASN1_INTEGER **pserial, OCSP_CERTID *cid); + int OCSP_request_is_signed(OCSP_REQUEST *req); + OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); + OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, +- OCSP_CERTID *cid, +- int status, int reason, +- ASN1_TIME *revtime, +- ASN1_TIME *thisupd, ASN1_TIME *nextupd); ++ OCSP_CERTID *cid, ++ int status, int reason, ++ ASN1_TIME *revtime, ++ ASN1_TIME *thisupd, ++ ASN1_TIME *nextupd); + int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +-int OCSP_basic_sign(OCSP_BASICRESP *brsp, +- X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +- STACK_OF(X509) *certs, unsigned long flags); ++int OCSP_basic_sign(OCSP_BASICRESP *brsp, ++ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, ++ STACK_OF(X509) *certs, unsigned long flags); + + ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, +- void *data, STACK_OF(ASN1_OBJECT) *sk); +-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ +- ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) ++ void *data, STACK_OF(ASN1_OBJECT) *sk); ++# define ASN1_STRING_encode_of(type,s,i2d,data,sk) \ ++ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk) + + X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); + + X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); ++X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); ++X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls); + + int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); + int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos); ++int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, ++ int lastpos); + int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); + X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); + X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); ++void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, ++ int *idx); + int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, +- unsigned long flags); ++ unsigned long flags); + int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + + int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +@@ -506,29 +502,35 @@ X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); + X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); + void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); + int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, +- unsigned long flags); ++ unsigned long flags); + int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + + int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); + int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos); +-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); ++int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, ++ int lastpos); ++int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, ++ int lastpos); + X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); + X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx); +-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, +- unsigned long flags); ++void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, ++ int *idx); ++int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, ++ int crit, unsigned long flags); + int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + + int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); + int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos); +-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); ++int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, ++ int lastpos); ++int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, ++ int lastpos); + X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); + X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx); +-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, +- unsigned long flags); ++void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, ++ int *idx); ++int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, ++ int crit, unsigned long flags); + int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); + + DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) +@@ -551,14 +553,15 @@ char *OCSP_response_status_str(long s); + char *OCSP_cert_status_str(long s); + char *OCSP_crl_reason_str(long s); + +-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); +-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); ++int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags); ++int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags); + + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +- X509_STORE *st, unsigned long flags); ++ X509_STORE *st, unsigned long flags); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_OCSP_strings(void); +@@ -566,56 +569,56 @@ void ERR_load_OCSP_strings(void); + /* Error codes for the OCSP functions. */ + + /* Function codes. */ +-#define OCSP_F_ASN1_STRING_ENCODE 100 +-#define OCSP_F_D2I_OCSP_NONCE 102 +-#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +-#define OCSP_F_OCSP_BASIC_SIGN 104 +-#define OCSP_F_OCSP_BASIC_VERIFY 105 +-#define OCSP_F_OCSP_CERT_ID_NEW 101 +-#define OCSP_F_OCSP_CHECK_DELEGATED 106 +-#define OCSP_F_OCSP_CHECK_IDS 107 +-#define OCSP_F_OCSP_CHECK_ISSUER 108 +-#define OCSP_F_OCSP_CHECK_VALIDITY 115 +-#define OCSP_F_OCSP_MATCH_ISSUERID 109 +-#define OCSP_F_OCSP_PARSE_URL 114 +-#define OCSP_F_OCSP_REQUEST_SIGN 110 +-#define OCSP_F_OCSP_REQUEST_VERIFY 116 +-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +-#define OCSP_F_OCSP_SENDREQ_BIO 112 +-#define OCSP_F_PARSE_HTTP_LINE1 117 +-#define OCSP_F_REQUEST_VERIFY 113 ++# define OCSP_F_ASN1_STRING_ENCODE 100 ++# define OCSP_F_D2I_OCSP_NONCE 102 ++# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 ++# define OCSP_F_OCSP_BASIC_SIGN 104 ++# define OCSP_F_OCSP_BASIC_VERIFY 105 ++# define OCSP_F_OCSP_CERT_ID_NEW 101 ++# define OCSP_F_OCSP_CHECK_DELEGATED 106 ++# define OCSP_F_OCSP_CHECK_IDS 107 ++# define OCSP_F_OCSP_CHECK_ISSUER 108 ++# define OCSP_F_OCSP_CHECK_VALIDITY 115 ++# define OCSP_F_OCSP_MATCH_ISSUERID 109 ++# define OCSP_F_OCSP_PARSE_URL 114 ++# define OCSP_F_OCSP_REQUEST_SIGN 110 ++# define OCSP_F_OCSP_REQUEST_VERIFY 116 ++# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 ++# define OCSP_F_OCSP_SENDREQ_BIO 112 ++# define OCSP_F_PARSE_HTTP_LINE1 117 ++# define OCSP_F_REQUEST_VERIFY 113 + + /* Reason codes. */ +-#define OCSP_R_BAD_DATA 100 +-#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +-#define OCSP_R_DIGEST_ERR 102 +-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +-#define OCSP_R_ERROR_PARSING_URL 121 +-#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +-#define OCSP_R_NOT_BASIC_RESPONSE 104 +-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +-#define OCSP_R_NO_CONTENT 106 +-#define OCSP_R_NO_PUBLIC_KEY 107 +-#define OCSP_R_NO_RESPONSE_DATA 108 +-#define OCSP_R_NO_REVOKED_TIME 109 +-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +-#define OCSP_R_REQUEST_NOT_SIGNED 128 +-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +-#define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +-#define OCSP_R_SERVER_READ_ERROR 113 +-#define OCSP_R_SERVER_RESPONSE_ERROR 114 +-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +-#define OCSP_R_SERVER_WRITE_ERROR 116 +-#define OCSP_R_SIGNATURE_FAILURE 117 +-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +-#define OCSP_R_STATUS_EXPIRED 125 +-#define OCSP_R_STATUS_NOT_YET_VALID 126 +-#define OCSP_R_STATUS_TOO_OLD 127 +-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +-#define OCSP_R_UNKNOWN_NID 120 +-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 ++# define OCSP_R_BAD_DATA 100 ++# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 ++# define OCSP_R_DIGEST_ERR 102 ++# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 ++# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 ++# define OCSP_R_ERROR_PARSING_URL 121 ++# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 ++# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 ++# define OCSP_R_NOT_BASIC_RESPONSE 104 ++# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 ++# define OCSP_R_NO_CONTENT 106 ++# define OCSP_R_NO_PUBLIC_KEY 107 ++# define OCSP_R_NO_RESPONSE_DATA 108 ++# define OCSP_R_NO_REVOKED_TIME 109 ++# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 ++# define OCSP_R_REQUEST_NOT_SIGNED 128 ++# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 ++# define OCSP_R_ROOT_CA_NOT_TRUSTED 112 ++# define OCSP_R_SERVER_READ_ERROR 113 ++# define OCSP_R_SERVER_RESPONSE_ERROR 114 ++# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 ++# define OCSP_R_SERVER_WRITE_ERROR 116 ++# define OCSP_R_SIGNATURE_FAILURE 117 ++# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 ++# define OCSP_R_STATUS_EXPIRED 125 ++# define OCSP_R_STATUS_NOT_YET_VALID 126 ++# define OCSP_R_STATUS_TOO_OLD 127 ++# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 ++# define OCSP_R_UNKNOWN_NID 120 ++# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h +index e5ab5c4..1c671fd 100644 +--- a/Cryptlib/Include/openssl/opensslv.h ++++ b/Cryptlib/Include/openssl/opensslv.h +@@ -1,19 +1,20 @@ + #ifndef HEADER_OPENSSLV_H +-#define HEADER_OPENSSLV_H ++# define HEADER_OPENSSLV_H + +-/* Numeric release version identifier: ++/*- ++ * Numeric release version identifier: + * MNNFFPPS: major minor fix patch status + * The status nibble has one of the values 0 for development, 1 to e for betas + * 1 to 14, and f for release. The patch level is exactly that. + * For example: +- * 0.9.3-dev 0x00903000 +- * 0.9.3-beta1 0x00903001 ++ * 0.9.3-dev 0x00903000 ++ * 0.9.3-beta1 0x00903001 + * 0.9.3-beta2-dev 0x00903002 + * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) +- * 0.9.3 0x0090300f +- * 0.9.3a 0x0090301f +- * 0.9.4 0x0090400f +- * 1.2.3z 0x102031af ++ * 0.9.3 0x0090300f ++ * 0.9.3a 0x0090301f ++ * 0.9.4 0x0090400f ++ * 1.2.3z 0x102031af + * + * For continuity reasons (because 0.9.5 is already out, and is coded + * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level +@@ -25,16 +26,16 @@ + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-#define OPENSSL_VERSION_NUMBER 0x009081afL +-#ifdef OPENSSL_FIPS +-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" +-#else +-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za 5 Jun 2014" +-#endif +-#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT ++# define OPENSSL_VERSION_NUMBER 0x009081ffL ++# ifdef OPENSSL_FIPS ++# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015" ++# else ++# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015" ++# endif ++# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +- +-/* The macros below are to be used for shared library (.so, .dll, ...) ++/*- ++ * The macros below are to be used for shared library (.so, .dll, ...) + * versioning. That kind of versioning works a bit differently between + * operating systems. The most usual scheme is to set a major and a minor + * number, and have the runtime loader check that the major number is equal +@@ -42,11 +43,11 @@ + * be greater or equal to what it was at application link time. With this + * scheme, the version number is usually part of the file name, like this: + * +- * libcrypto.so.0.9 ++ * libcrypto.so.0.9 + * + * Some unixen also make a softlink with the major verson number only: + * +- * libcrypto.so.0 ++ * libcrypto.so.0 + * + * On Tru64 and IRIX 6.x it works a little bit differently. There, the + * shared library version is stored in the file, and is actually a series +@@ -61,11 +62,11 @@ + * to highest, should be part of the string. Consecutive builds would + * give the following versions strings: + * +- * 3.0 +- * 3.0:3.1 +- * 3.0:3.1:3.2 +- * 4.0 +- * 4.0:4.1 ++ * 3.0 ++ * 3.0:3.1 ++ * 3.0:3.1:3.2 ++ * 4.0 ++ * 4.0:4.1 + * + * Notice how version 4 is completely incompatible with version, and + * therefore give the breach you can see. +@@ -82,8 +83,7 @@ + * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and + * should only keep the versions that are binary compatible with the current. + */ +-#define SHLIB_VERSION_HISTORY "" +-#define SHLIB_VERSION_NUMBER "0.9.8" +- ++# define SHLIB_VERSION_HISTORY "" ++# define SHLIB_VERSION_NUMBER "0.9.8" + +-#endif /* HEADER_OPENSSLV_H */ ++#endif /* HEADER_OPENSSLV_H */ +diff --git a/Cryptlib/Include/openssl/ossl_typ.h b/Cryptlib/Include/openssl/ossl_typ.h +index 0e7a380..bfcb201 100644 +--- a/Cryptlib/Include/openssl/ossl_typ.h ++++ b/Cryptlib/Include/openssl/ossl_typ.h +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,29 +53,29 @@ + */ + + #ifndef HEADER_OPENSSL_TYPES_H +-#define HEADER_OPENSSL_TYPES_H +- +-#include +- +-#ifdef NO_ASN1_TYPEDEFS +-#define ASN1_INTEGER ASN1_STRING +-#define ASN1_ENUMERATED ASN1_STRING +-#define ASN1_BIT_STRING ASN1_STRING +-#define ASN1_OCTET_STRING ASN1_STRING +-#define ASN1_PRINTABLESTRING ASN1_STRING +-#define ASN1_T61STRING ASN1_STRING +-#define ASN1_IA5STRING ASN1_STRING +-#define ASN1_UTCTIME ASN1_STRING +-#define ASN1_GENERALIZEDTIME ASN1_STRING +-#define ASN1_TIME ASN1_STRING +-#define ASN1_GENERALSTRING ASN1_STRING +-#define ASN1_UNIVERSALSTRING ASN1_STRING +-#define ASN1_BMPSTRING ASN1_STRING +-#define ASN1_VISIBLESTRING ASN1_STRING +-#define ASN1_UTF8STRING ASN1_STRING +-#define ASN1_BOOLEAN int +-#define ASN1_NULL int +-#else ++# define HEADER_OPENSSL_TYPES_H ++ ++# include ++ ++# ifdef NO_ASN1_TYPEDEFS ++# define ASN1_INTEGER ASN1_STRING ++# define ASN1_ENUMERATED ASN1_STRING ++# define ASN1_BIT_STRING ASN1_STRING ++# define ASN1_OCTET_STRING ASN1_STRING ++# define ASN1_PRINTABLESTRING ASN1_STRING ++# define ASN1_T61STRING ASN1_STRING ++# define ASN1_IA5STRING ASN1_STRING ++# define ASN1_UTCTIME ASN1_STRING ++# define ASN1_GENERALIZEDTIME ASN1_STRING ++# define ASN1_TIME ASN1_STRING ++# define ASN1_GENERALSTRING ASN1_STRING ++# define ASN1_UNIVERSALSTRING ASN1_STRING ++# define ASN1_BMPSTRING ASN1_STRING ++# define ASN1_VISIBLESTRING ASN1_STRING ++# define ASN1_UTF8STRING ASN1_STRING ++# define ASN1_BOOLEAN int ++# define ASN1_NULL int ++# else + typedef struct asn1_string_st ASN1_INTEGER; + typedef struct asn1_string_st ASN1_ENUMERATED; + typedef struct asn1_string_st ASN1_BIT_STRING; +@@ -93,20 +93,20 @@ typedef struct asn1_string_st ASN1_VISIBLESTRING; + typedef struct asn1_string_st ASN1_UTF8STRING; + typedef int ASN1_BOOLEAN; + typedef int ASN1_NULL; +-#endif +- +-#ifdef OPENSSL_SYS_WIN32 +-#undef X509_NAME +-#undef X509_EXTENSIONS +-#undef X509_CERT_PAIR +-#undef PKCS7_ISSUER_AND_SERIAL +-#undef OCSP_REQUEST +-#undef OCSP_RESPONSE +-#endif +- +-#ifdef BIGNUM +-#undef BIGNUM +-#endif ++# endif ++ ++# ifdef OPENSSL_SYS_WIN32 ++# undef X509_NAME ++# undef X509_EXTENSIONS ++# undef X509_CERT_PAIR ++# undef PKCS7_ISSUER_AND_SERIAL ++# undef OCSP_REQUEST ++# undef OCSP_RESPONSE ++# endif ++ ++# ifdef BIGNUM ++# undef BIGNUM ++# endif + typedef struct bignum_st BIGNUM; + typedef struct bignum_ctx BN_CTX; + typedef struct bn_blinding_st BN_BLINDING; +@@ -164,20 +164,20 @@ typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; + typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + + /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ +-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ +-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ ++# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ ++# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ + + typedef struct crypto_ex_data_st CRYPTO_EX_DATA; + /* Callback types for crypto.h */ +-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +- int idx, long argl, void *argp); +-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +- int idx, long argl, void *argp); +-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +- int idx, long argl, void *argp); ++typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); ++typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); ++typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, ++ void *from_d, int idx, long argl, void *argp); + + typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; + typedef struct ocsp_response_st OCSP_RESPONSE; + typedef struct ocsp_responder_id_st OCSP_RESPID; + +-#endif /* def HEADER_OPENSSL_TYPES_H */ ++#endif /* def HEADER_OPENSSL_TYPES_H */ +diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h +index 6c193f1..5fad903 100644 +--- a/Cryptlib/Include/openssl/pem.h ++++ b/Cryptlib/Include/openssl/pem.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,673 +57,633 @@ + */ + + #ifndef HEADER_PEM_H +-#define HEADER_PEM_H +- +-#include +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#ifndef OPENSSL_NO_STACK +-#include +-#endif +-#include +-#include +-#include ++# define HEADER_PEM_H ++ ++# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# ifndef OPENSSL_NO_STACK ++# include ++# endif ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#define PEM_BUFSIZE 1024 +- +-#define PEM_OBJ_UNDEF 0 +-#define PEM_OBJ_X509 1 +-#define PEM_OBJ_X509_REQ 2 +-#define PEM_OBJ_CRL 3 +-#define PEM_OBJ_SSL_SESSION 4 +-#define PEM_OBJ_PRIV_KEY 10 +-#define PEM_OBJ_PRIV_RSA 11 +-#define PEM_OBJ_PRIV_DSA 12 +-#define PEM_OBJ_PRIV_DH 13 +-#define PEM_OBJ_PUB_RSA 14 +-#define PEM_OBJ_PUB_DSA 15 +-#define PEM_OBJ_PUB_DH 16 +-#define PEM_OBJ_DHPARAMS 17 +-#define PEM_OBJ_DSAPARAMS 18 +-#define PEM_OBJ_PRIV_RSA_PUBLIC 19 +-#define PEM_OBJ_PRIV_ECDSA 20 +-#define PEM_OBJ_PUB_ECDSA 21 +-#define PEM_OBJ_ECPARAMETERS 22 +- +-#define PEM_ERROR 30 +-#define PEM_DEK_DES_CBC 40 +-#define PEM_DEK_IDEA_CBC 45 +-#define PEM_DEK_DES_EDE 50 +-#define PEM_DEK_DES_ECB 60 +-#define PEM_DEK_RSA 70 +-#define PEM_DEK_RSA_MD2 80 +-#define PEM_DEK_RSA_MD5 90 +- +-#define PEM_MD_MD2 NID_md2 +-#define PEM_MD_MD5 NID_md5 +-#define PEM_MD_SHA NID_sha +-#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption +-#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption +-#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption +- +-#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +-#define PEM_STRING_X509 "CERTIFICATE" +-#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" +-#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +-#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +-#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +-#define PEM_STRING_X509_CRL "X509 CRL" +-#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +-#define PEM_STRING_PUBLIC "PUBLIC KEY" +-#define PEM_STRING_RSA "RSA PRIVATE KEY" +-#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +-#define PEM_STRING_DSA "DSA PRIVATE KEY" +-#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +-#define PEM_STRING_PKCS7 "PKCS7" +-#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +-#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +-#define PEM_STRING_PKCS8INF "PRIVATE KEY" +-#define PEM_STRING_DHPARAMS "DH PARAMETERS" +-#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +-#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +-#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +-#define PEM_STRING_CMS "CMS" +- +- /* Note that this structure is initialised by PEM_SealInit and cleaned up +- by PEM_SealFinal (at least for now) */ +-typedef struct PEM_Encode_Seal_st +- { +- EVP_ENCODE_CTX encode; +- EVP_MD_CTX md; +- EVP_CIPHER_CTX cipher; +- } PEM_ENCODE_SEAL_CTX; ++# define PEM_BUFSIZE 1024 ++ ++# define PEM_OBJ_UNDEF 0 ++# define PEM_OBJ_X509 1 ++# define PEM_OBJ_X509_REQ 2 ++# define PEM_OBJ_CRL 3 ++# define PEM_OBJ_SSL_SESSION 4 ++# define PEM_OBJ_PRIV_KEY 10 ++# define PEM_OBJ_PRIV_RSA 11 ++# define PEM_OBJ_PRIV_DSA 12 ++# define PEM_OBJ_PRIV_DH 13 ++# define PEM_OBJ_PUB_RSA 14 ++# define PEM_OBJ_PUB_DSA 15 ++# define PEM_OBJ_PUB_DH 16 ++# define PEM_OBJ_DHPARAMS 17 ++# define PEM_OBJ_DSAPARAMS 18 ++# define PEM_OBJ_PRIV_RSA_PUBLIC 19 ++# define PEM_OBJ_PRIV_ECDSA 20 ++# define PEM_OBJ_PUB_ECDSA 21 ++# define PEM_OBJ_ECPARAMETERS 22 ++ ++# define PEM_ERROR 30 ++# define PEM_DEK_DES_CBC 40 ++# define PEM_DEK_IDEA_CBC 45 ++# define PEM_DEK_DES_EDE 50 ++# define PEM_DEK_DES_ECB 60 ++# define PEM_DEK_RSA 70 ++# define PEM_DEK_RSA_MD2 80 ++# define PEM_DEK_RSA_MD5 90 ++ ++# define PEM_MD_MD2 NID_md2 ++# define PEM_MD_MD5 NID_md5 ++# define PEM_MD_SHA NID_sha ++# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption ++# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption ++# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption ++ ++# define PEM_STRING_X509_OLD "X509 CERTIFICATE" ++# define PEM_STRING_X509 "CERTIFICATE" ++# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" ++# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" ++# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" ++# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" ++# define PEM_STRING_X509_CRL "X509 CRL" ++# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" ++# define PEM_STRING_PUBLIC "PUBLIC KEY" ++# define PEM_STRING_RSA "RSA PRIVATE KEY" ++# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" ++# define PEM_STRING_DSA "DSA PRIVATE KEY" ++# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" ++# define PEM_STRING_PKCS7 "PKCS7" ++# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" ++# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" ++# define PEM_STRING_PKCS8INF "PRIVATE KEY" ++# define PEM_STRING_DHPARAMS "DH PARAMETERS" ++# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" ++# define PEM_STRING_DSAPARAMS "DSA PARAMETERS" ++# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" ++# define PEM_STRING_ECPARAMETERS "EC PARAMETERS" ++# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" ++# define PEM_STRING_CMS "CMS" ++ ++ /* ++ * Note that this structure is initialised by PEM_SealInit and cleaned up ++ * by PEM_SealFinal (at least for now) ++ */ ++typedef struct PEM_Encode_Seal_st { ++ EVP_ENCODE_CTX encode; ++ EVP_MD_CTX md; ++ EVP_CIPHER_CTX cipher; ++} PEM_ENCODE_SEAL_CTX; + + /* enc_type is one off */ +-#define PEM_TYPE_ENCRYPTED 10 +-#define PEM_TYPE_MIC_ONLY 20 +-#define PEM_TYPE_MIC_CLEAR 30 +-#define PEM_TYPE_CLEAR 40 +- +-typedef struct pem_recip_st +- { +- char *name; +- X509_NAME *dn; +- +- int cipher; +- int key_enc; +- /* char iv[8]; unused and wrong size */ +- } PEM_USER; +- +-typedef struct pem_ctx_st +- { +- int type; /* what type of object */ +- +- struct { +- int version; +- int mode; +- } proc_type; +- +- char *domain; +- +- struct { +- int cipher; +- /* unused, and wrong size +- unsigned char iv[8]; */ +- } DEK_info; +- +- PEM_USER *originator; +- +- int num_recipient; +- PEM_USER **recipient; +- +-#ifndef OPENSSL_NO_STACK +- STACK *x509_chain; /* certificate chain */ +-#else +- char *x509_chain; /* certificate chain */ +-#endif +- EVP_MD *md; /* signature type */ +- +- int md_enc; /* is the md encrypted or not? */ +- int md_len; /* length of md_data */ +- char *md_data; /* message digest, could be pkey encrypted */ +- +- EVP_CIPHER *dec; /* date encryption cipher */ +- int key_len; /* key length */ +- unsigned char *key; /* key */ +- /* unused, and wrong size +- unsigned char iv[8]; */ +- +- +- int data_enc; /* is the data encrypted */ +- int data_len; +- unsigned char *data; +- } PEM_CTX; +- +-/* These macros make the PEM_read/PEM_write functions easier to maintain and +- * write. Now they are all implemented with either: +- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) ++# define PEM_TYPE_ENCRYPTED 10 ++# define PEM_TYPE_MIC_ONLY 20 ++# define PEM_TYPE_MIC_CLEAR 30 ++# define PEM_TYPE_CLEAR 40 ++ ++typedef struct pem_recip_st { ++ char *name; ++ X509_NAME *dn; ++ int cipher; ++ int key_enc; ++ /* char iv[8]; unused and wrong size */ ++} PEM_USER; ++ ++typedef struct pem_ctx_st { ++ int type; /* what type of object */ ++ struct { ++ int version; ++ int mode; ++ } proc_type; ++ ++ char *domain; ++ ++ struct { ++ int cipher; ++ /*- ++ unused, and wrong size ++ unsigned char iv[8]; */ ++ } DEK_info; ++ ++ PEM_USER *originator; ++ ++ int num_recipient; ++ PEM_USER **recipient; ++ ++# ifndef OPENSSL_NO_STACK ++ STACK *x509_chain; /* certificate chain */ ++# else ++ char *x509_chain; /* certificate chain */ ++# endif ++ EVP_MD *md; /* signature type */ ++ ++ int md_enc; /* is the md encrypted or not? */ ++ int md_len; /* length of md_data */ ++ char *md_data; /* message digest, could be pkey encrypted */ ++ ++ EVP_CIPHER *dec; /* date encryption cipher */ ++ int key_len; /* key length */ ++ unsigned char *key; /* key */ ++ /*- ++ unused, and wrong size ++ unsigned char iv[8]; */ ++ ++ int data_enc; /* is the data encrypted */ ++ int data_len; ++ unsigned char *data; ++} PEM_CTX; ++ ++/* ++ * These macros make the PEM_read/PEM_write functions easier to maintain and ++ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or ++ * IMPLEMENT_PEM_rw_cb(...) + */ + +-#ifdef OPENSSL_NO_FP_API +- +-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ +-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ +-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ +-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ ++# ifdef OPENSSL_NO_FP_API + +-#else ++# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ ++# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ ++# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/ ++# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ ++# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/ ++# else + +-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ + { \ + return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \ +- str, fp, \ +- CHECKED_PPTR_OF(type, x), \ +- cb, u); \ +-} ++ str, fp, \ ++ CHECKED_PPTR_OF(type, x), \ ++ cb, u); \ ++} + +-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ + int PEM_write_##name(FILE *fp, type *x) \ + { \ + return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++ str, fp, \ ++ CHECKED_PTR_OF(type, x), \ ++ NULL, NULL, 0, NULL, NULL); \ + } + +-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ + int PEM_write_##name(FILE *fp, const type *x) \ + { \ + return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(const type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++ str, fp, \ ++ CHECKED_PTR_OF(const type, x), \ ++ NULL, NULL, 0, NULL, NULL); \ + } + +-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ +- unsigned char *kstr, int klen, pem_password_cb *cb, \ +- void *u) \ +- { \ +- return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(type, x), \ +- enc, kstr, klen, cb, u); \ +- } +- +-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ ++ unsigned char *kstr, int klen, pem_password_cb *cb, \ ++ void *u) \ ++ { \ ++ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \ ++ str, fp, \ ++ CHECKED_PTR_OF(type, x), \ ++ enc, kstr, klen, cb, u); \ ++ } ++ ++# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ +- unsigned char *kstr, int klen, pem_password_cb *cb, \ +- void *u) \ +- { \ +- return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, fp, \ +- CHECKED_PTR_OF(const type, x), \ +- enc, kstr, klen, cb, u); \ +- } +- +-#endif +- +-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ ++ unsigned char *kstr, int klen, pem_password_cb *cb, \ ++ void *u) \ ++ { \ ++ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \ ++ str, fp, \ ++ CHECKED_PTR_OF(const type, x), \ ++ enc, kstr, klen, cb, u); \ ++ } ++ ++# endif ++ ++# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ + { \ + return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \ +- str, bp, \ +- CHECKED_PPTR_OF(type, x), \ +- cb, u); \ ++ str, bp, \ ++ CHECKED_PPTR_OF(type, x), \ ++ cb, u); \ + } + +-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, type *x) \ + { \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++ str, bp, \ ++ CHECKED_PTR_OF(type, x), \ ++ NULL, NULL, 0, NULL, NULL); \ + } + +-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, const type *x) \ + { \ + return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(const type, x), \ +- NULL, NULL, 0, NULL, NULL); \ ++ str, bp, \ ++ CHECKED_PTR_OF(const type, x), \ ++ NULL, NULL, 0, NULL, NULL); \ + } + +-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ ++# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ +- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ +- { \ +- return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(type, x), \ +- enc, kstr, klen, cb, u); \ +- } +- +-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ ++ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ ++ { \ ++ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \ ++ str, bp, \ ++ CHECKED_PTR_OF(type, x), \ ++ enc, kstr, klen, cb, u); \ ++ } ++ ++# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ +- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ +- { \ +- return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ +- str, bp, \ +- CHECKED_PTR_OF(const type, x), \ +- enc, kstr, klen, cb, u); \ +- } +- +-#define IMPLEMENT_PEM_write(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_fp(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_read(name, type, str, asn1) \ +- IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +- IMPLEMENT_PEM_read_fp(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ +- IMPLEMENT_PEM_read(name, type, str, asn1) \ +- IMPLEMENT_PEM_write(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ +- IMPLEMENT_PEM_read(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_const(name, type, str, asn1) +- +-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ +- IMPLEMENT_PEM_read(name, type, str, asn1) \ +- IMPLEMENT_PEM_write_cb(name, type, str, asn1) ++ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ ++ { \ ++ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \ ++ str, bp, \ ++ CHECKED_PTR_OF(const type, x), \ ++ enc, kstr, klen, cb, u); \ ++ } ++ ++# define IMPLEMENT_PEM_write(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_fp(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_read(name, type, str, asn1) \ ++ IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ ++ IMPLEMENT_PEM_read_fp(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_rw(name, type, str, asn1) \ ++ IMPLEMENT_PEM_read(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ ++ IMPLEMENT_PEM_read(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_const(name, type, str, asn1) ++ ++# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ ++ IMPLEMENT_PEM_read(name, type, str, asn1) \ ++ IMPLEMENT_PEM_write_cb(name, type, str, asn1) + + /* These are the same except they are for the declarations */ + +-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) +- +-#define DECLARE_PEM_read_fp(name, type) /**/ +-#define DECLARE_PEM_write_fp(name, type) /**/ +-#define DECLARE_PEM_write_fp_const(name, type) /**/ +-#define DECLARE_PEM_write_cb_fp(name, type) /**/ +- +-#else +- +-#define DECLARE_PEM_read_fp(name, type) \ +- type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); +- +-#define DECLARE_PEM_write_fp(name, type) \ +- int PEM_write_##name(FILE *fp, type *x); +- +-#define DECLARE_PEM_write_fp_const(name, type) \ +- int PEM_write_##name(FILE *fp, const type *x); +- +-#define DECLARE_PEM_write_cb_fp(name, type) \ +- int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ +- unsigned char *kstr, int klen, pem_password_cb *cb, void *u); +- +-#endif +- +-#ifndef OPENSSL_NO_BIO +-#define DECLARE_PEM_read_bio(name, type) \ +- type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); +- +-#define DECLARE_PEM_write_bio(name, type) \ +- int PEM_write_bio_##name(BIO *bp, type *x); +- +-#define DECLARE_PEM_write_bio_const(name, type) \ +- int PEM_write_bio_##name(BIO *bp, const type *x); +- +-#define DECLARE_PEM_write_cb_bio(name, type) \ +- int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ +- unsigned char *kstr, int klen, pem_password_cb *cb, void *u); +- +-#else +- +-#define DECLARE_PEM_read_bio(name, type) /**/ +-#define DECLARE_PEM_write_bio(name, type) /**/ +-#define DECLARE_PEM_write_bio_const(name, type) /**/ +-#define DECLARE_PEM_write_cb_bio(name, type) /**/ +- +-#endif +- +-#define DECLARE_PEM_write(name, type) \ +- DECLARE_PEM_write_bio(name, type) \ +- DECLARE_PEM_write_fp(name, type) +- +-#define DECLARE_PEM_write_const(name, type) \ +- DECLARE_PEM_write_bio_const(name, type) \ +- DECLARE_PEM_write_fp_const(name, type) +- +-#define DECLARE_PEM_write_cb(name, type) \ +- DECLARE_PEM_write_cb_bio(name, type) \ +- DECLARE_PEM_write_cb_fp(name, type) +- +-#define DECLARE_PEM_read(name, type) \ +- DECLARE_PEM_read_bio(name, type) \ +- DECLARE_PEM_read_fp(name, type) +- +-#define DECLARE_PEM_rw(name, type) \ +- DECLARE_PEM_read(name, type) \ +- DECLARE_PEM_write(name, type) +- +-#define DECLARE_PEM_rw_const(name, type) \ +- DECLARE_PEM_read(name, type) \ +- DECLARE_PEM_write_const(name, type) +- +-#define DECLARE_PEM_rw_cb(name, type) \ +- DECLARE_PEM_read(name, type) \ +- DECLARE_PEM_write_cb(name, type) +- +-#ifdef SSLEAY_MACROS +- +-#define PEM_write_SSL_SESSION(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ +- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_X509(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ +- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ +- NULL,NULL,0,NULL,NULL) +-#define PEM_write_X509_CRL(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ +- fp,(char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ +- (char *)x,enc,kstr,klen,cb,u) +-#define PEM_write_RSAPublicKey(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ +- PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) +-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ +- (char *)x,enc,kstr,klen,cb,u) +-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write((int (*)())i2d_PrivateKey,\ +- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define PEM_write_PKCS7(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_DHparams(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ +- (char *)x,NULL,NULL,0,NULL,NULL) +- +-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ ++# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) ++ ++# define DECLARE_PEM_read_fp(name, type) /**/ ++# define DECLARE_PEM_write_fp(name, type) /**/ ++# define DECLARE_PEM_write_fp_const(name, type) /**/ ++# define DECLARE_PEM_write_cb_fp(name, type) /**/ ++# else ++ ++# define DECLARE_PEM_read_fp(name, type) \ ++ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); ++ ++# define DECLARE_PEM_write_fp(name, type) \ ++ int PEM_write_##name(FILE *fp, type *x); ++ ++# define DECLARE_PEM_write_fp_const(name, type) \ ++ int PEM_write_##name(FILE *fp, const type *x); ++ ++# define DECLARE_PEM_write_cb_fp(name, type) \ ++ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ ++ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); ++ ++# endif ++ ++# ifndef OPENSSL_NO_BIO ++# define DECLARE_PEM_read_bio(name, type) \ ++ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); ++ ++# define DECLARE_PEM_write_bio(name, type) \ ++ int PEM_write_bio_##name(BIO *bp, type *x); ++ ++# define DECLARE_PEM_write_bio_const(name, type) \ ++ int PEM_write_bio_##name(BIO *bp, const type *x); ++ ++# define DECLARE_PEM_write_cb_bio(name, type) \ ++ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ ++ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); ++ ++# else ++ ++# define DECLARE_PEM_read_bio(name, type) /**/ ++# define DECLARE_PEM_write_bio(name, type) /**/ ++# define DECLARE_PEM_write_bio_const(name, type) /**/ ++# define DECLARE_PEM_write_cb_bio(name, type) /**/ ++# endif ++# define DECLARE_PEM_write(name, type) \ ++ DECLARE_PEM_write_bio(name, type) \ ++ DECLARE_PEM_write_fp(name, type) ++# define DECLARE_PEM_write_const(name, type) \ ++ DECLARE_PEM_write_bio_const(name, type) \ ++ DECLARE_PEM_write_fp_const(name, type) ++# define DECLARE_PEM_write_cb(name, type) \ ++ DECLARE_PEM_write_cb_bio(name, type) \ ++ DECLARE_PEM_write_cb_fp(name, type) ++# define DECLARE_PEM_read(name, type) \ ++ DECLARE_PEM_read_bio(name, type) \ ++ DECLARE_PEM_read_fp(name, type) ++# define DECLARE_PEM_rw(name, type) \ ++ DECLARE_PEM_read(name, type) \ ++ DECLARE_PEM_write(name, type) ++# define DECLARE_PEM_rw_const(name, type) \ ++ DECLARE_PEM_read(name, type) \ ++ DECLARE_PEM_write_const(name, type) ++# define DECLARE_PEM_rw_cb(name, type) \ ++ DECLARE_PEM_read(name, type) \ ++ DECLARE_PEM_write_cb(name, type) ++# ifdef SSLEAY_MACROS ++# define PEM_write_SSL_SESSION(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ ++ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_X509(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ ++ (char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ ++ (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ ++ NULL,NULL,0,NULL,NULL) ++# define PEM_write_X509_CRL(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ ++ fp,(char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ ++ (char *)x,enc,kstr,klen,cb,u) ++# define PEM_write_RSAPublicKey(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ ++ PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) ++# define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ ++ (char *)x,enc,kstr,klen,cb,u) ++# define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write((int (*)())i2d_PrivateKey,\ ++ (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ ++ bp,(char *)x,enc,kstr,klen,cb,u) ++# define PEM_write_PKCS7(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ ++ (char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_DHparams(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ ++ (char *)x,NULL,NULL,0,NULL,NULL) ++# define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ + PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ +- PEM_STRING_X509,fp, \ ++ PEM_STRING_X509,fp, \ + (char *)x, NULL,NULL,0,NULL,NULL) +- +-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ +- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) +-#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ +- (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) +-#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ +- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) +-#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ +- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) +-#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ +- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) +-#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ +- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) +-#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ +- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) +-#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ +- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) +-#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ +- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) +-#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ +- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) +- +-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ +- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ ++# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ ++ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) ++# define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ ++ (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) ++# define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ ++ (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) ++# define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ ++ (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) ++# define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ ++ (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) ++# define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ ++ (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) ++# define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ ++ (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) ++# define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ ++ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) ++# define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ ++ (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) ++# define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ ++ (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) ++# define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ ++ (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ + (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ +- (char **)x,cb,u) +- +-#define PEM_write_bio_X509(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ +- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ +- NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_X509_CRL(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ +- bp,(char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define PEM_write_bio_RSAPublicKey(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ +- PEM_STRING_RSA_PUBLIC,\ +- bp,(char *)x,NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ +- PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ +- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ +- bp,(char *)x,enc,kstr,klen,cb,u) +-#define PEM_write_bio_PKCS7(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ +- (char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_DHparams(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ +- bp,(char *)x,NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_DSAparams(bp,x) \ +- PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ +- PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) +- +-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ ++ (char **)x,cb,u) ++# define PEM_write_bio_X509(bp,x) \ ++ PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ ++ (char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ ++ (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ ++ NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_X509_CRL(bp,x) \ ++ PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ ++ bp,(char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ ++ bp,(char *)x,enc,kstr,klen,cb,u) ++# define PEM_write_bio_RSAPublicKey(bp,x) \ ++ PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ ++ PEM_STRING_RSA_PUBLIC,\ ++ bp,(char *)x,NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ ++ bp,(char *)x,enc,kstr,klen,cb,u) ++# define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ ++ PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ ++ (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ ++ bp,(char *)x,enc,kstr,klen,cb,u) ++# define PEM_write_bio_PKCS7(bp,x) \ ++ PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ ++ (char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_DHparams(bp,x) \ ++ PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ ++ bp,(char *)x,NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_DSAparams(bp,x) \ ++ PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ ++ PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ + PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ +- PEM_STRING_X509,bp, \ ++ PEM_STRING_X509,bp, \ + (char *)x, NULL,NULL,0,NULL,NULL) +- +-#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) +-#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) +-#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) +-#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) +-#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) +-#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) +-#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) +- +-#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) +-#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) +-#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ +- (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) +- +-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ +- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ ++# define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) ++# define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) ++# define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) ++# define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) ++# define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) ++# define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) ++# define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) ++# define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) ++# define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) ++# define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ ++ (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) ++# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ ++ (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ +- (char **)x,cb,u) +- +-#endif +- +-#if 1 ++ (char **)x,cb,u) ++# endif ++# if 1 + /* "userdata": new with OpenSSL 0.9.4 */ +-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); +-#else ++typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); ++# else + /* OpenSSL 0.9.3, 0.9.3a */ +-typedef int pem_password_cb(char *buf, int size, int rwflag); +-#endif +- +-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +-int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, +- pem_password_cb *callback,void *u); +- +-#ifndef OPENSSL_NO_BIO +-int PEM_read_bio(BIO *bp, char **name, char **header, +- unsigned char **data,long *len); +-int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, +- long len); +-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, +- pem_password_cb *cb, void *u); +-void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, +- void **x, pem_password_cb *cb, void *u); +- +-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ ++typedef int pem_password_cb (char *buf, int size, int rwflag); ++# endif ++ ++int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); ++int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, ++ pem_password_cb *callback, void *u); ++ ++# ifndef OPENSSL_NO_BIO ++int PEM_read_bio(BIO *bp, char **name, char **header, ++ unsigned char **data, long *len); ++int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data, ++ long len); ++int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, ++ const char *name, BIO *bp, pem_password_cb *cb, ++ void *u); ++void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, ++ pem_password_cb *cb, void *u); ++ ++# define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \ + ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \ +- name, bp, \ +- CHECKED_PPTR_OF(type, x), \ +- cb, u)) ++ name, bp, \ ++ CHECKED_PPTR_OF(type, x), \ ++ cb, u)) + +-int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x, +- const EVP_CIPHER *enc,unsigned char *kstr,int klen, +- pem_password_cb *cb, void *u); ++int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, char *x, ++ const EVP_CIPHER *enc, unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u); + +-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ ++# define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \ + (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \ +- name, bp, \ +- CHECKED_PTR_OF(type, x), \ +- enc, kstr, klen, cb, u)) +- +-STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +-int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, +- unsigned char *kstr, int klen, pem_password_cb *cd, void *u); +-#endif +- +-#ifndef OPENSSL_SYS_WIN16 +-int PEM_read(FILE *fp, char **name, char **header, +- unsigned char **data,long *len); +-int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); +-void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, +- pem_password_cb *cb, void *u); +-int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp, +- char *x,const EVP_CIPHER *enc,unsigned char *kstr, +- int klen,pem_password_cb *callback, void *u); +-STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, +- pem_password_cb *cb, void *u); +-#endif +- +-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, +- EVP_MD *md_type, unsigned char **ek, int *ekl, +- unsigned char *iv, EVP_PKEY **pubk, int npubk); +-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, +- unsigned char *in, int inl); +-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, +- unsigned char *out, int *outl, EVP_PKEY *priv); +- +-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +-void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); +-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, +- unsigned int *siglen, EVP_PKEY *pkey); +- +-int PEM_def_callback(char *buf, int num, int w, void *key); +-void PEM_proc_type(char *buf, int type); +-void PEM_dek_info(char *buf, const char *type, int len, char *str); +- +-#ifndef SSLEAY_MACROS +- +-#include ++ name, bp, \ ++ CHECKED_PTR_OF(type, x), \ ++ enc, kstr, klen, cb, u)) ++ ++STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, ++ pem_password_cb *cb, void *u); ++int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cd, void *u); ++# endif ++ ++# ifndef OPENSSL_SYS_WIN16 ++int PEM_read(FILE *fp, char **name, char **header, ++ unsigned char **data, long *len); ++int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len); ++void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, ++ pem_password_cb *cb, void *u); ++int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, ++ char *x, const EVP_CIPHER *enc, unsigned char *kstr, ++ int klen, pem_password_cb *callback, void *u); ++STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, ++ pem_password_cb *cb, void *u); ++# endif ++ ++int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, ++ EVP_MD *md_type, unsigned char **ek, int *ekl, ++ unsigned char *iv, EVP_PKEY **pubk, int npubk); ++void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, ++ unsigned char *in, int inl); ++int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, ++ unsigned char *out, int *outl, EVP_PKEY *priv); ++ ++void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); ++void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); ++int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, ++ unsigned int *siglen, EVP_PKEY *pkey); ++ ++int PEM_def_callback(char *buf, int num, int w, void *key); ++void PEM_proc_type(char *buf, int type); ++void PEM_dek_info(char *buf, const char *type, int len, char *str); ++ ++# ifndef SSLEAY_MACROS ++ ++# include + + DECLARE_PEM_rw(X509, X509) +- + DECLARE_PEM_rw(X509_AUX, X509) +- + DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) +- + DECLARE_PEM_rw(X509_REQ, X509_REQ) + DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +- + DECLARE_PEM_rw(X509_CRL, X509_CRL) +- + DECLARE_PEM_rw(PKCS7, PKCS7) +- + DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +- + DECLARE_PEM_rw(PKCS8, X509_SIG) +- + DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +- +-#ifndef OPENSSL_NO_RSA +- ++# ifndef OPENSSL_NO_RSA + DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) +- + DECLARE_PEM_rw_const(RSAPublicKey, RSA) + DECLARE_PEM_rw(RSA_PUBKEY, RSA) +- +-#endif +- +-#ifndef OPENSSL_NO_DSA +- ++# endif ++# ifndef OPENSSL_NO_DSA + DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +- + DECLARE_PEM_rw(DSA_PUBKEY, DSA) +- + DECLARE_PEM_rw_const(DSAparams, DSA) +- +-#endif +- +-#ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) + DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) + DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +-#endif +- +-#ifndef OPENSSL_NO_DH +- ++# endif ++# ifndef OPENSSL_NO_DH + DECLARE_PEM_rw_const(DHparams, DH) +- +-#endif +- ++# endif + DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +- + DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + + int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u); + int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); + int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u); + int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); +-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u); ++EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, ++ void *u); + + int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u); + int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u); + int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); +- +-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u); + +-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, +- char *kstr,int klen, pem_password_cb *cd, void *u); ++EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, ++ void *u); + +-#endif /* SSLEAY_MACROS */ ++int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, ++ char *kstr, int klen, pem_password_cb *cd, ++ void *u); + ++# endif /* SSLEAY_MACROS */ + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_PEM_strings(void); +@@ -731,50 +691,50 @@ void ERR_load_PEM_strings(void); + /* Error codes for the PEM functions. */ + + /* Function codes. */ +-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +-#define PEM_F_DO_PK8PKEY 126 +-#define PEM_F_DO_PK8PKEY_FP 125 +-#define PEM_F_LOAD_IV 101 +-#define PEM_F_PEM_ASN1_READ 102 +-#define PEM_F_PEM_ASN1_READ_BIO 103 +-#define PEM_F_PEM_ASN1_WRITE 104 +-#define PEM_F_PEM_ASN1_WRITE_BIO 105 +-#define PEM_F_PEM_DEF_CALLBACK 100 +-#define PEM_F_PEM_DO_HEADER 106 +-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 +-#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +-#define PEM_F_PEM_PK8PKEY 119 +-#define PEM_F_PEM_READ 108 +-#define PEM_F_PEM_READ_BIO 109 +-#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +-#define PEM_F_PEM_READ_PRIVATEKEY 124 +-#define PEM_F_PEM_SEALFINAL 110 +-#define PEM_F_PEM_SEALINIT 111 +-#define PEM_F_PEM_SIGNFINAL 112 +-#define PEM_F_PEM_WRITE 113 +-#define PEM_F_PEM_WRITE_BIO 114 +-#define PEM_F_PEM_X509_INFO_READ 115 +-#define PEM_F_PEM_X509_INFO_READ_BIO 116 +-#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 ++# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 ++# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 ++# define PEM_F_DO_PK8PKEY 126 ++# define PEM_F_DO_PK8PKEY_FP 125 ++# define PEM_F_LOAD_IV 101 ++# define PEM_F_PEM_ASN1_READ 102 ++# define PEM_F_PEM_ASN1_READ_BIO 103 ++# define PEM_F_PEM_ASN1_WRITE 104 ++# define PEM_F_PEM_ASN1_WRITE_BIO 105 ++# define PEM_F_PEM_DEF_CALLBACK 100 ++# define PEM_F_PEM_DO_HEADER 106 ++# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 ++# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 ++# define PEM_F_PEM_PK8PKEY 119 ++# define PEM_F_PEM_READ 108 ++# define PEM_F_PEM_READ_BIO 109 ++# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 ++# define PEM_F_PEM_READ_PRIVATEKEY 124 ++# define PEM_F_PEM_SEALFINAL 110 ++# define PEM_F_PEM_SEALINIT 111 ++# define PEM_F_PEM_SIGNFINAL 112 ++# define PEM_F_PEM_WRITE 113 ++# define PEM_F_PEM_WRITE_BIO 114 ++# define PEM_F_PEM_X509_INFO_READ 115 ++# define PEM_F_PEM_X509_INFO_READ_BIO 116 ++# define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + + /* Reason codes. */ +-#define PEM_R_BAD_BASE64_DECODE 100 +-#define PEM_R_BAD_DECRYPT 101 +-#define PEM_R_BAD_END_LINE 102 +-#define PEM_R_BAD_IV_CHARS 103 +-#define PEM_R_BAD_PASSWORD_READ 104 +-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +-#define PEM_R_NOT_DEK_INFO 105 +-#define PEM_R_NOT_ENCRYPTED 106 +-#define PEM_R_NOT_PROC_TYPE 107 +-#define PEM_R_NO_START_LINE 108 +-#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +-#define PEM_R_PUBLIC_KEY_NO_RSA 110 +-#define PEM_R_READ_KEY 111 +-#define PEM_R_SHORT_HEADER 112 +-#define PEM_R_UNSUPPORTED_CIPHER 113 +-#define PEM_R_UNSUPPORTED_ENCRYPTION 114 ++# define PEM_R_BAD_BASE64_DECODE 100 ++# define PEM_R_BAD_DECRYPT 101 ++# define PEM_R_BAD_END_LINE 102 ++# define PEM_R_BAD_IV_CHARS 103 ++# define PEM_R_BAD_PASSWORD_READ 104 ++# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 ++# define PEM_R_NOT_DEK_INFO 105 ++# define PEM_R_NOT_ENCRYPTED 106 ++# define PEM_R_NOT_PROC_TYPE 107 ++# define PEM_R_NO_START_LINE 108 ++# define PEM_R_PROBLEMS_GETTING_PASSWORD 109 ++# define PEM_R_PUBLIC_KEY_NO_RSA 110 ++# define PEM_R_READ_KEY 111 ++# define PEM_R_SHORT_HEADER 112 ++# define PEM_R_UNSUPPORTED_CIPHER 113 ++# define PEM_R_UNSUPPORTED_ENCRYPTION 114 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/pem2.h b/Cryptlib/Include/openssl/pem2.h +index f31790d..84897d5 100644 +--- a/Cryptlib/Include/openssl/pem2.h ++++ b/Cryptlib/Include/openssl/pem2.h +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +diff --git a/Cryptlib/Include/openssl/pkcs12.h b/Cryptlib/Include/openssl/pkcs12.h +index 78317fb..90959f6 100644 +--- a/Cryptlib/Include/openssl/pkcs12.h ++++ b/Cryptlib/Include/openssl/pkcs12.h +@@ -1,6 +1,7 @@ + /* pkcs12.h */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,69 +58,69 @@ + */ + + #ifndef HEADER_PKCS12_H +-#define HEADER_PKCS12_H ++# define HEADER_PKCS12_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#define PKCS12_KEY_ID 1 +-#define PKCS12_IV_ID 2 +-#define PKCS12_MAC_ID 3 ++# define PKCS12_KEY_ID 1 ++# define PKCS12_IV_ID 2 ++# define PKCS12_MAC_ID 3 + + /* Default iteration count */ +-#ifndef PKCS12_DEFAULT_ITER +-#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +-#endif ++# ifndef PKCS12_DEFAULT_ITER ++# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER ++# endif + +-#define PKCS12_MAC_KEY_LENGTH 20 ++# define PKCS12_MAC_KEY_LENGTH 20 + +-#define PKCS12_SALT_LEN 8 ++# define PKCS12_SALT_LEN 8 + + /* Uncomment out next line for unicode password and names, otherwise ASCII */ + +-/*#define PBE_UNICODE*/ ++/* ++ * #define PBE_UNICODE ++ */ + +-#ifdef PBE_UNICODE +-#define PKCS12_key_gen PKCS12_key_gen_uni +-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni +-#else +-#define PKCS12_key_gen PKCS12_key_gen_asc +-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc +-#endif ++# ifdef PBE_UNICODE ++# define PKCS12_key_gen PKCS12_key_gen_uni ++# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni ++# else ++# define PKCS12_key_gen PKCS12_key_gen_asc ++# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc ++# endif + + /* MS key usage constants */ + +-#define KEY_EX 0x10 +-#define KEY_SIG 0x80 ++# define KEY_EX 0x10 ++# define KEY_SIG 0x80 + + typedef struct { +-X509_SIG *dinfo; +-ASN1_OCTET_STRING *salt; +-ASN1_INTEGER *iter; /* defaults to 1 */ ++ X509_SIG *dinfo; ++ ASN1_OCTET_STRING *salt; ++ ASN1_INTEGER *iter; /* defaults to 1 */ + } PKCS12_MAC_DATA; + + typedef struct { +-ASN1_INTEGER *version; +-PKCS12_MAC_DATA *mac; +-PKCS7 *authsafes; ++ ASN1_INTEGER *version; ++ PKCS12_MAC_DATA *mac; ++ PKCS7 *authsafes; + } PKCS12; + +-PREDECLARE_STACK_OF(PKCS12_SAFEBAG) +- +-typedef struct { +-ASN1_OBJECT *type; +-union { +- struct pkcs12_bag_st *bag; /* secret, crl and certbag */ +- struct pkcs8_priv_key_info_st *keybag; /* keybag */ +- X509_SIG *shkeybag; /* shrouded key bag */ +- STACK_OF(PKCS12_SAFEBAG) *safes; +- ASN1_TYPE *other; +-}value; +-STACK_OF(X509_ATTRIBUTE) *attrib; ++PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct { ++ ASN1_OBJECT *type; ++ union { ++ struct pkcs12_bag_st *bag; /* secret, crl and certbag */ ++ struct pkcs8_priv_key_info_st *keybag; /* keybag */ ++ X509_SIG *shkeybag; /* shrouded key bag */ ++ STACK_OF(PKCS12_SAFEBAG) *safes; ++ ASN1_TYPE *other; ++ } value; ++ STACK_OF(X509_ATTRIBUTE) *attrib; + } PKCS12_SAFEBAG; + + DECLARE_STACK_OF(PKCS12_SAFEBAG) +@@ -127,119 +128,127 @@ DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) + DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) + + typedef struct pkcs12_bag_st { +-ASN1_OBJECT *type; +-union { +- ASN1_OCTET_STRING *x509cert; +- ASN1_OCTET_STRING *x509crl; +- ASN1_OCTET_STRING *octet; +- ASN1_IA5STRING *sdsicert; +- ASN1_TYPE *other; /* Secret or other bag */ +-}value; ++ ASN1_OBJECT *type; ++ union { ++ ASN1_OCTET_STRING *x509cert; ++ ASN1_OCTET_STRING *x509crl; ++ ASN1_OCTET_STRING *octet; ++ ASN1_IA5STRING *sdsicert; ++ ASN1_TYPE *other; /* Secret or other bag */ ++ } value; + } PKCS12_BAGS; + +-#define PKCS12_ERROR 0 +-#define PKCS12_OK 1 ++# define PKCS12_ERROR 0 ++# define PKCS12_OK 1 + + /* Compatibility macros */ + +-#define M_PKCS12_x5092certbag PKCS12_x5092certbag +-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag +- +-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509 +-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl ++# define M_PKCS12_x5092certbag PKCS12_x5092certbag ++# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag + +-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data +-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes +-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes +-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata ++# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 ++# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl + +-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey +-#define M_PKCS8_decrypt PKCS8_decrypt ++# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data ++# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes ++# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes ++# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata + +-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) +-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) +-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type ++# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey ++# define M_PKCS8_decrypt PKCS8_decrypt + +-#define PKCS12_get_attr(bag, attr_nid) \ +- PKCS12_get_attr_gen(bag->attrib, attr_nid) ++# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) ++# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) ++# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type + +-#define PKCS8_get_attr(p8, attr_nid) \ +- PKCS12_get_attr_gen(p8->attributes, attr_nid) ++# define PKCS12_get_attr(bag, attr_nid) \ ++ PKCS12_get_attr_gen(bag->attrib, attr_nid) + +-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) ++# define PKCS8_get_attr(p8, attr_nid) \ ++ PKCS12_get_attr_gen(p8->attributes, attr_nid) + ++# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) + + PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); + PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); + X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); + X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); + +-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, +- int nid2); ++PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, ++ int nid1, int nid2); + PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); +-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); +-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, +- int passlen); +-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, +- const char *pass, int passlen, +- unsigned char *salt, int saltlen, int iter, +- PKCS8_PRIV_KEY_INFO *p8); ++PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, ++ int passlen); ++PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, ++ const char *pass, int passlen); ++X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, ++ const char *pass, int passlen, unsigned char *salt, ++ int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); + PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, +- int passlen, unsigned char *salt, +- int saltlen, int iter, +- PKCS8_PRIV_KEY_INFO *p8); ++ int passlen, unsigned char *salt, ++ int saltlen, int iter, ++ PKCS8_PRIV_KEY_INFO *p8); + PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); + STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); + PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, +- unsigned char *salt, int saltlen, int iter, +- STACK_OF(PKCS12_SAFEBAG) *bags); +-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); ++ unsigned char *salt, int saltlen, int iter, ++ STACK_OF(PKCS12_SAFEBAG) *bags); ++STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, ++ int passlen); + + int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); + STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); + +-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); ++int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, ++ int namelen); + int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, +- int namelen); ++ int namelen); + int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, +- int namelen); +-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, +- int namelen); ++ int namelen); ++int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, ++ const unsigned char *name, int namelen); + int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); + ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); + char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); + unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, +- int passlen, unsigned char *in, int inlen, +- unsigned char **data, int *datalen, int en_de); +-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, +- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf); +-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, +- const char *pass, int passlen, +- void *obj, int zbuf); ++ int passlen, unsigned char *in, int inlen, ++ unsigned char **data, int *datalen, ++ int en_de); ++void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, ++ const char *pass, int passlen, ++ ASN1_OCTET_STRING *oct, int zbuf); ++ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, ++ const ASN1_ITEM *it, ++ const char *pass, int passlen, ++ void *obj, int zbuf); + PKCS12 *PKCS12_init(int mode); + int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, +- int saltlen, int id, int iter, int n, +- unsigned char *out, const EVP_MD *md_type); +-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); ++ int saltlen, int id, int iter, int n, ++ unsigned char *out, const EVP_MD *md_type); ++int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, ++ int saltlen, int id, int iter, int n, ++ unsigned char *out, const EVP_MD *md_type); + int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, +- int en_de); ++ ASN1_TYPE *param, const EVP_CIPHER *cipher, ++ const EVP_MD *md_type, int en_de); + int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, +- unsigned char *mac, unsigned int *maclen); ++ unsigned char *mac, unsigned int *maclen); + int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); + int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, +- unsigned char *salt, int saltlen, int iter, +- const EVP_MD *md_type); ++ unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *md_type); + int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, +- int saltlen, const EVP_MD *md_type); +-#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) ++ int saltlen, const EVP_MD *md_type); ++# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE) + /* Rename these functions to avoid name clashes on NetWare OS */ +-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); ++unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, ++ unsigned char **uni, int *unilen); + char *OPENSSL_uni2asc(unsigned char *uni, int unilen); +-#else +-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); ++# else ++unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, ++ int *unilen); + char *uni2asc(unsigned char *uni, int unilen); +-#endif ++# endif + DECLARE_ASN1_FUNCTIONS(PKCS12) + DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) + DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +@@ -250,17 +259,17 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + + void PKCS12_PBE_add(void); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +- STACK_OF(X509) **ca); ++ STACK_OF(X509) **ca); + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, +- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, +- int mac_iter, int keytype); ++ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, ++ int mac_iter, int keytype); + + PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, +- int key_usage, int iter, +- int key_nid, char *pass); ++PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, ++ EVP_PKEY *key, int key_usage, int iter, ++ int key_nid, char *pass); + int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, +- int safe_nid, int iter, char *pass); ++ int safe_nid, int iter, char *pass); + PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + + int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +@@ -270,7 +279,8 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); + int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_PKCS12_strings(void); +@@ -278,59 +288,59 @@ void ERR_load_PKCS12_strings(void); + /* Error codes for the PKCS12 functions. */ + + /* Function codes. */ +-#define PKCS12_F_PARSE_BAG 129 +-#define PKCS12_F_PARSE_BAGS 103 +-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 +-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 +-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 +-#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 +-#define PKCS12_F_PKCS12_CREATE 105 +-#define PKCS12_F_PKCS12_GEN_MAC 107 +-#define PKCS12_F_PKCS12_INIT 109 +-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +-#define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +-#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +-#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 +-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 +-#define PKCS12_F_PKCS12_NEWPASS 128 +-#define PKCS12_F_PKCS12_PACK_P7DATA 114 +-#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +-#define PKCS12_F_PKCS12_PARSE 118 +-#define PKCS12_F_PKCS12_PBE_CRYPT 119 +-#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +-#define PKCS12_F_PKCS12_SETUP_MAC 122 +-#define PKCS12_F_PKCS12_SET_MAC 123 +-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +-#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +-#define PKCS12_F_PKCS12_VERIFY_MAC 126 +-#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 +-#define PKCS12_F_PKCS8_ENCRYPT 125 ++# define PKCS12_F_PARSE_BAG 129 ++# define PKCS12_F_PARSE_BAGS 103 ++# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 ++# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 ++# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 ++# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 ++# define PKCS12_F_PKCS12_CREATE 105 ++# define PKCS12_F_PKCS12_GEN_MAC 107 ++# define PKCS12_F_PKCS12_INIT 109 ++# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 ++# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 ++# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 ++# define PKCS12_F_PKCS12_KEY_GEN_ASC 110 ++# define PKCS12_F_PKCS12_KEY_GEN_UNI 111 ++# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 ++# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 ++# define PKCS12_F_PKCS12_NEWPASS 128 ++# define PKCS12_F_PKCS12_PACK_P7DATA 114 ++# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 ++# define PKCS12_F_PKCS12_PARSE 118 ++# define PKCS12_F_PKCS12_PBE_CRYPT 119 ++# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 ++# define PKCS12_F_PKCS12_SETUP_MAC 122 ++# define PKCS12_F_PKCS12_SET_MAC 123 ++# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 ++# define PKCS12_F_PKCS12_UNPACK_P7DATA 131 ++# define PKCS12_F_PKCS12_VERIFY_MAC 126 ++# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 ++# define PKCS12_F_PKCS8_ENCRYPT 125 + + /* Reason codes. */ +-#define PKCS12_R_CANT_PACK_STRUCTURE 100 +-#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +-#define PKCS12_R_DECODE_ERROR 101 +-#define PKCS12_R_ENCODE_ERROR 102 +-#define PKCS12_R_ENCRYPT_ERROR 103 +-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +-#define PKCS12_R_INVALID_NULL_ARGUMENT 104 +-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +-#define PKCS12_R_IV_GEN_ERROR 106 +-#define PKCS12_R_KEY_GEN_ERROR 107 +-#define PKCS12_R_MAC_ABSENT 108 +-#define PKCS12_R_MAC_GENERATION_ERROR 109 +-#define PKCS12_R_MAC_SETUP_ERROR 110 +-#define PKCS12_R_MAC_STRING_SET_ERROR 111 +-#define PKCS12_R_MAC_VERIFY_ERROR 112 +-#define PKCS12_R_MAC_VERIFY_FAILURE 113 +-#define PKCS12_R_PARSE_ERROR 114 +-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 ++# define PKCS12_R_CANT_PACK_STRUCTURE 100 ++# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 ++# define PKCS12_R_DECODE_ERROR 101 ++# define PKCS12_R_ENCODE_ERROR 102 ++# define PKCS12_R_ENCRYPT_ERROR 103 ++# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 ++# define PKCS12_R_INVALID_NULL_ARGUMENT 104 ++# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 ++# define PKCS12_R_IV_GEN_ERROR 106 ++# define PKCS12_R_KEY_GEN_ERROR 107 ++# define PKCS12_R_MAC_ABSENT 108 ++# define PKCS12_R_MAC_GENERATION_ERROR 109 ++# define PKCS12_R_MAC_SETUP_ERROR 110 ++# define PKCS12_R_MAC_STRING_SET_ERROR 111 ++# define PKCS12_R_MAC_VERIFY_ERROR 112 ++# define PKCS12_R_MAC_VERIFY_FAILURE 113 ++# define PKCS12_R_PARSE_ERROR 114 ++# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 ++# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 ++# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 ++# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 ++# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/pkcs7.h b/Cryptlib/Include/openssl/pkcs7.h +index cc092d2..201f289 100644 +--- a/Cryptlib/Include/openssl/pkcs7.h ++++ b/Cryptlib/Include/openssl/pkcs7.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,241 +57,225 @@ + */ + + #ifndef HEADER_PKCS7_H +-#define HEADER_PKCS7_H ++# define HEADER_PKCS7_H + +-#include +-#include +-#include ++# include ++# include ++# include + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef OPENSSL_SYS_WIN32 ++# ifdef OPENSSL_SYS_WIN32 + /* Under Win32 thes are defined in wincrypt.h */ +-#undef PKCS7_ISSUER_AND_SERIAL +-#undef PKCS7_SIGNER_INFO +-#endif +- +-/* +-Encryption_ID DES-CBC +-Digest_ID MD5 +-Digest_Encryption_ID rsaEncryption +-Key_Encryption_ID rsaEncryption ++# undef PKCS7_ISSUER_AND_SERIAL ++# undef PKCS7_SIGNER_INFO ++# endif ++ ++/*- ++Encryption_ID DES-CBC ++Digest_ID MD5 ++Digest_Encryption_ID rsaEncryption ++Key_Encryption_ID rsaEncryption + */ + +-typedef struct pkcs7_issuer_and_serial_st +- { +- X509_NAME *issuer; +- ASN1_INTEGER *serial; +- } PKCS7_ISSUER_AND_SERIAL; +- +-typedef struct pkcs7_signer_info_st +- { +- ASN1_INTEGER *version; /* version 1 */ +- PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; +- X509_ALGOR *digest_alg; +- STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ +- X509_ALGOR *digest_enc_alg; +- ASN1_OCTET_STRING *enc_digest; +- STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ +- +- /* The private key to sign with */ +- EVP_PKEY *pkey; +- } PKCS7_SIGNER_INFO; ++typedef struct pkcs7_issuer_and_serial_st { ++ X509_NAME *issuer; ++ ASN1_INTEGER *serial; ++} PKCS7_ISSUER_AND_SERIAL; ++ ++typedef struct pkcs7_signer_info_st { ++ ASN1_INTEGER *version; /* version 1 */ ++ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; ++ X509_ALGOR *digest_alg; ++ STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ ++ X509_ALGOR *digest_enc_alg; ++ ASN1_OCTET_STRING *enc_digest; ++ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ ++ /* The private key to sign with */ ++ EVP_PKEY *pkey; ++} PKCS7_SIGNER_INFO; + + DECLARE_STACK_OF(PKCS7_SIGNER_INFO) + DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) + +-typedef struct pkcs7_recip_info_st +- { +- ASN1_INTEGER *version; /* version 0 */ +- PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; +- X509_ALGOR *key_enc_algor; +- ASN1_OCTET_STRING *enc_key; +- X509 *cert; /* get the pub-key from this */ +- } PKCS7_RECIP_INFO; ++typedef struct pkcs7_recip_info_st { ++ ASN1_INTEGER *version; /* version 0 */ ++ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; ++ X509_ALGOR *key_enc_algor; ++ ASN1_OCTET_STRING *enc_key; ++ X509 *cert; /* get the pub-key from this */ ++} PKCS7_RECIP_INFO; + + DECLARE_STACK_OF(PKCS7_RECIP_INFO) + DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) + +-typedef struct pkcs7_signed_st +- { +- ASN1_INTEGER *version; /* version 1 */ +- STACK_OF(X509_ALGOR) *md_algs; /* md used */ +- STACK_OF(X509) *cert; /* [ 0 ] */ +- STACK_OF(X509_CRL) *crl; /* [ 1 ] */ +- STACK_OF(PKCS7_SIGNER_INFO) *signer_info; +- +- struct pkcs7_st *contents; +- } PKCS7_SIGNED; +-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. +- * How about merging the two */ +- +-typedef struct pkcs7_enc_content_st +- { +- ASN1_OBJECT *content_type; +- X509_ALGOR *algorithm; +- ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ +- const EVP_CIPHER *cipher; +- } PKCS7_ENC_CONTENT; +- +-typedef struct pkcs7_enveloped_st +- { +- ASN1_INTEGER *version; /* version 0 */ +- STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +- PKCS7_ENC_CONTENT *enc_data; +- } PKCS7_ENVELOPE; +- +-typedef struct pkcs7_signedandenveloped_st +- { +- ASN1_INTEGER *version; /* version 1 */ +- STACK_OF(X509_ALGOR) *md_algs; /* md used */ +- STACK_OF(X509) *cert; /* [ 0 ] */ +- STACK_OF(X509_CRL) *crl; /* [ 1 ] */ +- STACK_OF(PKCS7_SIGNER_INFO) *signer_info; +- +- PKCS7_ENC_CONTENT *enc_data; +- STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +- } PKCS7_SIGN_ENVELOPE; +- +-typedef struct pkcs7_digest_st +- { +- ASN1_INTEGER *version; /* version 0 */ +- X509_ALGOR *md; /* md used */ +- struct pkcs7_st *contents; +- ASN1_OCTET_STRING *digest; +- } PKCS7_DIGEST; +- +-typedef struct pkcs7_encrypted_st +- { +- ASN1_INTEGER *version; /* version 0 */ +- PKCS7_ENC_CONTENT *enc_data; +- } PKCS7_ENCRYPT; +- +-typedef struct pkcs7_st +- { +- /* The following is non NULL if it contains ASN1 encoding of +- * this structure */ +- unsigned char *asn1; +- long length; +- +-#define PKCS7_S_HEADER 0 +-#define PKCS7_S_BODY 1 +-#define PKCS7_S_TAIL 2 +- int state; /* used during processing */ +- +- int detached; +- +- ASN1_OBJECT *type; +- /* content as defined by the type */ +- /* all encryption/message digests are applied to the 'contents', +- * leaving out the 'type' field. */ +- union { +- char *ptr; +- +- /* NID_pkcs7_data */ +- ASN1_OCTET_STRING *data; +- +- /* NID_pkcs7_signed */ +- PKCS7_SIGNED *sign; +- +- /* NID_pkcs7_enveloped */ +- PKCS7_ENVELOPE *enveloped; +- +- /* NID_pkcs7_signedAndEnveloped */ +- PKCS7_SIGN_ENVELOPE *signed_and_enveloped; +- +- /* NID_pkcs7_digest */ +- PKCS7_DIGEST *digest; +- +- /* NID_pkcs7_encrypted */ +- PKCS7_ENCRYPT *encrypted; +- +- /* Anything else */ +- ASN1_TYPE *other; +- } d; +- } PKCS7; ++typedef struct pkcs7_signed_st { ++ ASN1_INTEGER *version; /* version 1 */ ++ STACK_OF(X509_ALGOR) *md_algs; /* md used */ ++ STACK_OF(X509) *cert; /* [ 0 ] */ ++ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ ++ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; ++ struct pkcs7_st *contents; ++} PKCS7_SIGNED; ++/* ++ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about ++ * merging the two ++ */ ++ ++typedef struct pkcs7_enc_content_st { ++ ASN1_OBJECT *content_type; ++ X509_ALGOR *algorithm; ++ ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ ++ const EVP_CIPHER *cipher; ++} PKCS7_ENC_CONTENT; ++ ++typedef struct pkcs7_enveloped_st { ++ ASN1_INTEGER *version; /* version 0 */ ++ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; ++ PKCS7_ENC_CONTENT *enc_data; ++} PKCS7_ENVELOPE; ++ ++typedef struct pkcs7_signedandenveloped_st { ++ ASN1_INTEGER *version; /* version 1 */ ++ STACK_OF(X509_ALGOR) *md_algs; /* md used */ ++ STACK_OF(X509) *cert; /* [ 0 ] */ ++ STACK_OF(X509_CRL) *crl; /* [ 1 ] */ ++ STACK_OF(PKCS7_SIGNER_INFO) *signer_info; ++ PKCS7_ENC_CONTENT *enc_data; ++ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; ++} PKCS7_SIGN_ENVELOPE; ++ ++typedef struct pkcs7_digest_st { ++ ASN1_INTEGER *version; /* version 0 */ ++ X509_ALGOR *md; /* md used */ ++ struct pkcs7_st *contents; ++ ASN1_OCTET_STRING *digest; ++} PKCS7_DIGEST; ++ ++typedef struct pkcs7_encrypted_st { ++ ASN1_INTEGER *version; /* version 0 */ ++ PKCS7_ENC_CONTENT *enc_data; ++} PKCS7_ENCRYPT; ++ ++typedef struct pkcs7_st { ++ /* ++ * The following is non NULL if it contains ASN1 encoding of this ++ * structure ++ */ ++ unsigned char *asn1; ++ long length; ++# define PKCS7_S_HEADER 0 ++# define PKCS7_S_BODY 1 ++# define PKCS7_S_TAIL 2 ++ int state; /* used during processing */ ++ int detached; ++ ASN1_OBJECT *type; ++ /* content as defined by the type */ ++ /* ++ * all encryption/message digests are applied to the 'contents', leaving ++ * out the 'type' field. ++ */ ++ union { ++ char *ptr; ++ /* NID_pkcs7_data */ ++ ASN1_OCTET_STRING *data; ++ /* NID_pkcs7_signed */ ++ PKCS7_SIGNED *sign; ++ /* NID_pkcs7_enveloped */ ++ PKCS7_ENVELOPE *enveloped; ++ /* NID_pkcs7_signedAndEnveloped */ ++ PKCS7_SIGN_ENVELOPE *signed_and_enveloped; ++ /* NID_pkcs7_digest */ ++ PKCS7_DIGEST *digest; ++ /* NID_pkcs7_encrypted */ ++ PKCS7_ENCRYPT *encrypted; ++ /* Anything else */ ++ ASN1_TYPE *other; ++ } d; ++} PKCS7; + + DECLARE_STACK_OF(PKCS7) + DECLARE_ASN1_SET_OF(PKCS7) + DECLARE_PKCS12_STACK_OF(PKCS7) + +-#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +-#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 ++# define PKCS7_OP_SET_DETACHED_SIGNATURE 1 ++# define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +-#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +-#define PKCS7_get_attributes(si) ((si)->unauth_attr) ++# define PKCS7_get_signed_attributes(si) ((si)->auth_attr) ++# define PKCS7_get_attributes(si) ((si)->unauth_attr) + +-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +-#define PKCS7_type_is_signedAndEnveloped(a) \ +- (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +-#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) ++# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) ++# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) ++# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) ++# define PKCS7_type_is_signedAndEnveloped(a) \ ++ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) ++# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) + +-#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) ++# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) + +-#define PKCS7_set_detached(p,v) \ +- PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +-#define PKCS7_get_detached(p) \ +- PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) ++# define PKCS7_set_detached(p,v) \ ++ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) ++# define PKCS7_get_detached(p) \ ++ PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) ++# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +-#ifdef SSLEAY_MACROS +-#ifndef PKCS7_ISSUER_AND_SERIAL_digest +-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ ++# ifdef SSLEAY_MACROS ++# ifndef PKCS7_ISSUER_AND_SERIAL_digest ++# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ + ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ +- (char *)data,md,len) +-#endif +-#endif ++ (char *)data,md,len) ++# endif ++# endif + + /* S/MIME related flags */ + +-#define PKCS7_TEXT 0x1 +-#define PKCS7_NOCERTS 0x2 +-#define PKCS7_NOSIGS 0x4 +-#define PKCS7_NOCHAIN 0x8 +-#define PKCS7_NOINTERN 0x10 +-#define PKCS7_NOVERIFY 0x20 +-#define PKCS7_DETACHED 0x40 +-#define PKCS7_BINARY 0x80 +-#define PKCS7_NOATTR 0x100 +-#define PKCS7_NOSMIMECAP 0x200 +-#define PKCS7_NOOLDMIMETYPE 0x400 +-#define PKCS7_CRLFEOL 0x800 +-#define PKCS7_STREAM 0x1000 +-#define PKCS7_NOCRL 0x2000 ++# define PKCS7_TEXT 0x1 ++# define PKCS7_NOCERTS 0x2 ++# define PKCS7_NOSIGS 0x4 ++# define PKCS7_NOCHAIN 0x8 ++# define PKCS7_NOINTERN 0x10 ++# define PKCS7_NOVERIFY 0x20 ++# define PKCS7_DETACHED 0x40 ++# define PKCS7_BINARY 0x80 ++# define PKCS7_NOATTR 0x100 ++# define PKCS7_NOSMIMECAP 0x200 ++# define PKCS7_NOOLDMIMETYPE 0x400 ++# define PKCS7_CRLFEOL 0x800 ++# define PKCS7_STREAM 0x1000 ++# define PKCS7_NOCRL 0x2000 + + /* Flags: for compatibility with older code */ + +-#define SMIME_TEXT PKCS7_TEXT +-#define SMIME_NOCERTS PKCS7_NOCERTS +-#define SMIME_NOSIGS PKCS7_NOSIGS +-#define SMIME_NOCHAIN PKCS7_NOCHAIN +-#define SMIME_NOINTERN PKCS7_NOINTERN +-#define SMIME_NOVERIFY PKCS7_NOVERIFY +-#define SMIME_DETACHED PKCS7_DETACHED +-#define SMIME_BINARY PKCS7_BINARY +-#define SMIME_NOATTR PKCS7_NOATTR ++# define SMIME_TEXT PKCS7_TEXT ++# define SMIME_NOCERTS PKCS7_NOCERTS ++# define SMIME_NOSIGS PKCS7_NOSIGS ++# define SMIME_NOCHAIN PKCS7_NOCHAIN ++# define SMIME_NOINTERN PKCS7_NOINTERN ++# define SMIME_NOVERIFY PKCS7_NOVERIFY ++# define SMIME_DETACHED PKCS7_DETACHED ++# define SMIME_BINARY PKCS7_BINARY ++# define SMIME_NOATTR PKCS7_NOATTR + + DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + +-#ifndef SSLEAY_MACROS +-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, +- unsigned char *md,unsigned int *len); +-#ifndef OPENSSL_NO_FP_API +-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); +-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); +-#endif ++# ifndef SSLEAY_MACROS ++int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, ++ const EVP_MD *type, unsigned char *md, ++ unsigned int *len); ++# ifndef OPENSSL_NO_FP_API ++PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); ++int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); ++# endif + PKCS7 *PKCS7_dup(PKCS7 *p7); +-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); +-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); +-#endif ++PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); ++int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); ++# endif + + DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) + DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +@@ -314,23 +298,22 @@ int PKCS7_set_type(PKCS7 *p7, int type); + int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); + int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); + int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, +- const EVP_MD *dgst); ++ const EVP_MD *dgst); + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); + int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); + int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); + int PKCS7_content_new(PKCS7 *p7, int nid); + int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, +- BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); ++ BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); + int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, +- X509 *x509); ++ X509 *x509); + + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); + BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + +- + PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, +- EVP_PKEY *pkey, const EVP_MD *dgst); ++ EVP_PKEY *pkey, const EVP_MD *dgst); + X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); + int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); +@@ -342,28 +325,30 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); + + PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); + ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, +- void *data); +-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, +- void *value); ++int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, ++ void *data); ++int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, ++ void *value); + ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); + ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); + int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, +- STACK_OF(X509_ATTRIBUTE) *sk); +-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); +- ++ STACK_OF(X509_ATTRIBUTE) *sk); ++int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, ++ STACK_OF(X509_ATTRIBUTE) *sk); + + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +- BIO *data, int flags); ++ BIO *data, int flags); + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +- BIO *indata, BIO *out, int flags); +-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); ++ BIO *indata, BIO *out, int flags); ++STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, ++ int flags); + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +- int flags); +-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); ++ int flags); ++int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, ++ int flags); + + int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, +- STACK_OF(X509_ALGOR) *cap); ++ STACK_OF(X509_ALGOR) *cap); + STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); + int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +@@ -373,7 +358,8 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags); + int SMIME_text(BIO *in, BIO *out); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_PKCS7_strings(void); +@@ -381,82 +367,82 @@ void ERR_load_PKCS7_strings(void); + /* Error codes for the PKCS7 functions. */ + + /* Function codes. */ +-#define PKCS7_F_B64_READ_PKCS7 120 +-#define PKCS7_F_B64_WRITE_PKCS7 121 +-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +-#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +-#define PKCS7_F_PKCS7_ADD_CRL 101 +-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +-#define PKCS7_F_PKCS7_ADD_SIGNER 103 +-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +-#define PKCS7_F_PKCS7_CTRL 104 +-#define PKCS7_F_PKCS7_DATADECODE 112 +-#define PKCS7_F_PKCS7_DATAFINAL 128 +-#define PKCS7_F_PKCS7_DATAINIT 105 +-#define PKCS7_F_PKCS7_DATASIGN 106 +-#define PKCS7_F_PKCS7_DATAVERIFY 107 +-#define PKCS7_F_PKCS7_DECRYPT 114 +-#define PKCS7_F_PKCS7_ENCRYPT 115 +-#define PKCS7_F_PKCS7_FIND_DIGEST 127 +-#define PKCS7_F_PKCS7_GET0_SIGNERS 124 +-#define PKCS7_F_PKCS7_SET_CIPHER 108 +-#define PKCS7_F_PKCS7_SET_CONTENT 109 +-#define PKCS7_F_PKCS7_SET_DIGEST 126 +-#define PKCS7_F_PKCS7_SET_TYPE 110 +-#define PKCS7_F_PKCS7_SIGN 116 +-#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +-#define PKCS7_F_PKCS7_VERIFY 117 +-#define PKCS7_F_SMIME_READ_PKCS7 122 +-#define PKCS7_F_SMIME_TEXT 123 ++# define PKCS7_F_B64_READ_PKCS7 120 ++# define PKCS7_F_B64_WRITE_PKCS7 121 ++# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 ++# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 ++# define PKCS7_F_PKCS7_ADD_CRL 101 ++# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 ++# define PKCS7_F_PKCS7_ADD_SIGNER 103 ++# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 ++# define PKCS7_F_PKCS7_CTRL 104 ++# define PKCS7_F_PKCS7_DATADECODE 112 ++# define PKCS7_F_PKCS7_DATAFINAL 128 ++# define PKCS7_F_PKCS7_DATAINIT 105 ++# define PKCS7_F_PKCS7_DATASIGN 106 ++# define PKCS7_F_PKCS7_DATAVERIFY 107 ++# define PKCS7_F_PKCS7_DECRYPT 114 ++# define PKCS7_F_PKCS7_ENCRYPT 115 ++# define PKCS7_F_PKCS7_FIND_DIGEST 127 ++# define PKCS7_F_PKCS7_GET0_SIGNERS 124 ++# define PKCS7_F_PKCS7_SET_CIPHER 108 ++# define PKCS7_F_PKCS7_SET_CONTENT 109 ++# define PKCS7_F_PKCS7_SET_DIGEST 126 ++# define PKCS7_F_PKCS7_SET_TYPE 110 ++# define PKCS7_F_PKCS7_SIGN 116 ++# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 ++# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 ++# define PKCS7_F_PKCS7_VERIFY 117 ++# define PKCS7_F_SMIME_READ_PKCS7 122 ++# define PKCS7_F_SMIME_TEXT 123 + + /* Reason codes. */ +-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +-#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +-#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +-#define PKCS7_R_DECODE_ERROR 130 +-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 +-#define PKCS7_R_DECRYPT_ERROR 119 +-#define PKCS7_R_DIGEST_FAILURE 101 +-#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +-#define PKCS7_R_ERROR_SETTING_CIPHER 121 +-#define PKCS7_R_INVALID_MIME_TYPE 131 +-#define PKCS7_R_INVALID_NULL_POINTER 143 +-#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 +-#define PKCS7_R_MIME_PARSE_ERROR 133 +-#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 +-#define PKCS7_R_MISSING_CERIPEND_INFO 103 +-#define PKCS7_R_NO_CONTENT 122 +-#define PKCS7_R_NO_CONTENT_TYPE 135 +-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 +-#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 +-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 +-#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +-#define PKCS7_R_NO_SIGNERS 142 +-#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 +-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +-#define PKCS7_R_PKCS7_DATAFINAL 126 +-#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 +-#define PKCS7_R_PKCS7_DATASIGN 145 +-#define PKCS7_R_PKCS7_PARSE_ERROR 139 +-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 +-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +-#define PKCS7_R_SIGNATURE_FAILURE 105 +-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +-#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 +-#define PKCS7_R_SMIME_TEXT_ERROR 129 +-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +-#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +-#define PKCS7_R_UNKNOWN_OPERATION 110 +-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +-#define PKCS7_R_WRONG_CONTENT_TYPE 113 +-#define PKCS7_R_WRONG_PKCS7_TYPE 114 ++# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 ++# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 ++# define PKCS7_R_CIPHER_NOT_INITIALIZED 116 ++# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 ++# define PKCS7_R_DECODE_ERROR 130 ++# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 ++# define PKCS7_R_DECRYPT_ERROR 119 ++# define PKCS7_R_DIGEST_FAILURE 101 ++# define PKCS7_R_ERROR_ADDING_RECIPIENT 120 ++# define PKCS7_R_ERROR_SETTING_CIPHER 121 ++# define PKCS7_R_INVALID_MIME_TYPE 131 ++# define PKCS7_R_INVALID_NULL_POINTER 143 ++# define PKCS7_R_MIME_NO_CONTENT_TYPE 132 ++# define PKCS7_R_MIME_PARSE_ERROR 133 ++# define PKCS7_R_MIME_SIG_PARSE_ERROR 134 ++# define PKCS7_R_MISSING_CERIPEND_INFO 103 ++# define PKCS7_R_NO_CONTENT 122 ++# define PKCS7_R_NO_CONTENT_TYPE 135 ++# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 ++# define PKCS7_R_NO_MULTIPART_BOUNDARY 137 ++# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 ++# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 ++# define PKCS7_R_NO_SIGNATURES_ON_DATA 123 ++# define PKCS7_R_NO_SIGNERS 142 ++# define PKCS7_R_NO_SIG_CONTENT_TYPE 138 ++# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 ++# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 ++# define PKCS7_R_PKCS7_DATAFINAL 126 ++# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 ++# define PKCS7_R_PKCS7_DATASIGN 145 ++# define PKCS7_R_PKCS7_PARSE_ERROR 139 ++# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 ++# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 ++# define PKCS7_R_SIGNATURE_FAILURE 105 ++# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 ++# define PKCS7_R_SIG_INVALID_MIME_TYPE 141 ++# define PKCS7_R_SMIME_TEXT_ERROR 129 ++# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 ++# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 ++# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 ++# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 ++# define PKCS7_R_UNKNOWN_OPERATION 110 ++# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 ++# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 ++# define PKCS7_R_WRONG_CONTENT_TYPE 113 ++# define PKCS7_R_WRONG_PKCS7_TYPE 114 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/pq_compat.h b/Cryptlib/Include/openssl/pq_compat.h +index 7b2c327..974cd05 100644 +--- a/Cryptlib/Include/openssl/pq_compat.h ++++ b/Cryptlib/Include/openssl/pq_compat.h +@@ -1,7 +1,7 @@ + /* crypto/pqueue/pqueue_compat.h */ +-/* ++/* + * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ + /* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,12 +58,12 @@ + */ + + #ifndef HEADER_PQ_COMPAT_H +-#define HEADER_PQ_COMPAT_H ++# define HEADER_PQ_COMPAT_H + +-#include +-#include ++# include ++# include + +-/* ++/* + * The purpose of this header file is for supporting 64-bit integer + * manipulation on 32-bit (and lower) machines. Currently the only + * such environment is VMS, Utrix and those with smaller default integer +@@ -75,78 +75,78 @@ + * (2) DTLS, for sequence number manipulation. + */ + +-#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) +- +-#define PQ_64BIT_IS_INTEGER 0 +-#define PQ_64BIT_IS_BIGNUM 1 +- +-#define PQ_64BIT BIGNUM +-#define PQ_64BIT_CTX BN_CTX +- +-#define pq_64bit_init(x) BN_init(x) +-#define pq_64bit_free(x) BN_free(x) +- +-#define pq_64bit_ctx_new(ctx) BN_CTX_new() +-#define pq_64bit_ctx_free(x) BN_CTX_free(x) +- +-#define pq_64bit_assign(x, y) BN_copy(x, y) +-#define pq_64bit_assign_word(x, y) BN_set_word(x, y) +-#define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 +-#define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 +-#define pq_64bit_add_word(x, w) BN_add_word(x, w) +-#define pq_64bit_sub(r, x, y) BN_sub(r, x, y) +-#define pq_64bit_sub_word(x, w) BN_sub_word(x, w) +-#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) +- +-#define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) +-#define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) +-#define pq_64bit_get_word(x) BN_get_word(x) +-#define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) +-#define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) +-#define pq_64bit_set_bit(x, num) BN_set_bit(x, num) +-#define pq_64bit_get_length(x) BN_num_bits((x)) +- +-#else +- +-#define PQ_64BIT_IS_INTEGER 1 +-#define PQ_64BIT_IS_BIGNUM 0 +- +-#if defined(SIXTY_FOUR_BIT) +-#define PQ_64BIT BN_ULONG +-#define PQ_64BIT_PRINT "%lld" +-#elif defined(SIXTY_FOUR_BIT_LONG) +-#define PQ_64BIT BN_ULONG +-#define PQ_64BIT_PRINT "%ld" +-#elif defined(THIRTY_TWO_BIT) +-#define PQ_64BIT BN_ULLONG +-#define PQ_64BIT_PRINT "%lld" +-#endif +- +-#define PQ_64BIT_CTX void +- +-#define pq_64bit_init(x) +-#define pq_64bit_free(x) +-#define pq_64bit_ctx_new(ctx) (ctx) +-#define pq_64bit_ctx_free(x) +- +-#define pq_64bit_assign(x, y) (*(x) = *(y)) +-#define pq_64bit_assign_word(x, y) (*(x) = y) +-#define pq_64bit_gt(x, y) (*(x) > *(y)) +-#define pq_64bit_eq(x, y) (*(x) == *(y)) +-#define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) +-#define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) +-#define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) +-#define pq_64bit_mod(r, x, n, ctx) +- +-#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) +-#define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) +-#define pq_64bit_get_word(x) *(x) +-#define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) +-#define pq_64bit_set_bit(x, num) do { \ ++# if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT) ++ ++# define PQ_64BIT_IS_INTEGER 0 ++# define PQ_64BIT_IS_BIGNUM 1 ++ ++# define PQ_64BIT BIGNUM ++# define PQ_64BIT_CTX BN_CTX ++ ++# define pq_64bit_init(x) BN_init(x) ++# define pq_64bit_free(x) BN_free(x) ++ ++# define pq_64bit_ctx_new(ctx) BN_CTX_new() ++# define pq_64bit_ctx_free(x) BN_CTX_free(x) ++ ++# define pq_64bit_assign(x, y) BN_copy(x, y) ++# define pq_64bit_assign_word(x, y) BN_set_word(x, y) ++# define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0 ++# define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0 ++# define pq_64bit_add_word(x, w) BN_add_word(x, w) ++# define pq_64bit_sub(r, x, y) BN_sub(r, x, y) ++# define pq_64bit_sub_word(x, w) BN_sub_word(x, w) ++# define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx) ++ ++# define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn) ++# define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes) ++# define pq_64bit_get_word(x) BN_get_word(x) ++# define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset) ++# define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift) ++# define pq_64bit_set_bit(x, num) BN_set_bit(x, num) ++# define pq_64bit_get_length(x) BN_num_bits((x)) ++ ++# else ++ ++# define PQ_64BIT_IS_INTEGER 1 ++# define PQ_64BIT_IS_BIGNUM 0 ++ ++# if defined(SIXTY_FOUR_BIT) ++# define PQ_64BIT BN_ULONG ++# define PQ_64BIT_PRINT "%lld" ++# elif defined(SIXTY_FOUR_BIT_LONG) ++# define PQ_64BIT BN_ULONG ++# define PQ_64BIT_PRINT "%ld" ++# elif defined(THIRTY_TWO_BIT) ++# define PQ_64BIT BN_ULLONG ++# define PQ_64BIT_PRINT "%lld" ++# endif ++ ++# define PQ_64BIT_CTX void ++ ++# define pq_64bit_init(x) ++# define pq_64bit_free(x) ++# define pq_64bit_ctx_new(ctx) (ctx) ++# define pq_64bit_ctx_free(x) ++ ++# define pq_64bit_assign(x, y) (*(x) = *(y)) ++# define pq_64bit_assign_word(x, y) (*(x) = y) ++# define pq_64bit_gt(x, y) (*(x) > *(y)) ++# define pq_64bit_eq(x, y) (*(x) == *(y)) ++# define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w))) ++# define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y))) ++# define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w))) ++# define pq_64bit_mod(r, x, n, ctx) ++ ++# define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num) ++# define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes) ++# define pq_64bit_get_word(x) *(x) ++# define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift))) ++# define pq_64bit_set_bit(x, num) do { \ + PQ_64BIT mask = 1; \ + mask = mask << (num); \ + *(x) |= mask; \ + } while(0) +-#endif /* OPENSSL_SYS_VMS */ ++# endif /* OPENSSL_SYS_VMS */ + + #endif +diff --git a/Cryptlib/Include/openssl/pqueue.h b/Cryptlib/Include/openssl/pqueue.h +index 16c4072..7b23580 100644 +--- a/Cryptlib/Include/openssl/pqueue.h ++++ b/Cryptlib/Include/openssl/pqueue.h +@@ -1,7 +1,7 @@ + /* crypto/pqueue/pqueue.h */ +-/* ++/* + * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ + /* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,30 +58,29 @@ + */ + + #ifndef HEADER_PQUEUE_H +-#define HEADER_PQUEUE_H ++# define HEADER_PQUEUE_H + +-#include +-#include +-#include ++# include ++# include ++# include + +-#include ++# include + + typedef struct _pqueue *pqueue; + +-typedef struct _pitem +- { +- PQ_64BIT priority; +- void *data; +- struct _pitem *next; +- } pitem; ++typedef struct _pitem { ++ PQ_64BIT priority; ++ void *data; ++ struct _pitem *next; ++} pitem; + + typedef struct _pitem *piterator; + + pitem *pitem_new(PQ_64BIT priority, void *data); +-void pitem_free(pitem *item); ++void pitem_free(pitem *item); + + pqueue pqueue_new(void); +-void pqueue_free(pqueue pq); ++void pqueue_free(pqueue pq); + + pitem *pqueue_insert(pqueue pq, pitem *item); + pitem *pqueue_peek(pqueue pq); +@@ -90,7 +89,7 @@ pitem *pqueue_find(pqueue pq, PQ_64BIT priority); + pitem *pqueue_iterator(pqueue pq); + pitem *pqueue_next(piterator *iter); + +-void pqueue_print(pqueue pq); +-int pqueue_size(pqueue pq); ++void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); + +-#endif /* ! HEADER_PQUEUE_H */ ++#endif /* ! HEADER_PQUEUE_H */ +diff --git a/Cryptlib/Include/openssl/rand.h b/Cryptlib/Include/openssl/rand.h +index ea89153..ed1f276 100644 +--- a/Cryptlib/Include/openssl/rand.h ++++ b/Cryptlib/Include/openssl/rand.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,79 +57,80 @@ + */ + + #ifndef HEADER_RAND_H +-#define HEADER_RAND_H ++# define HEADER_RAND_H + +-#include +-#include +-#include ++# include ++# include ++# include + +-#if defined(OPENSSL_SYS_WINDOWS) +-#include +-#endif ++# if defined(OPENSSL_SYS_WINDOWS) ++# include ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-#if defined(OPENSSL_FIPS) +-#define FIPS_RAND_SIZE_T int +-#endif ++# if defined(OPENSSL_FIPS) ++# define FIPS_RAND_SIZE_T int ++# endif + + /* Already defined in ossl_typ.h */ + /* typedef struct rand_meth_st RAND_METHOD; */ + +-struct rand_meth_st +- { +- void (*seed)(const void *buf, int num); +- int (*bytes)(unsigned char *buf, int num); +- void (*cleanup)(void); +- void (*add)(const void *buf, int num, double entropy); +- int (*pseudorand)(unsigned char *buf, int num); +- int (*status)(void); +- }; +- +-#ifdef BN_DEBUG ++struct rand_meth_st { ++ void (*seed) (const void *buf, int num); ++ int (*bytes) (unsigned char *buf, int num); ++ void (*cleanup) (void); ++ void (*add) (const void *buf, int num, double entropy); ++ int (*pseudorand) (unsigned char *buf, int num); ++ int (*status) (void); ++}; ++ ++# ifdef BN_DEBUG + extern int rand_predictable; +-#endif ++# endif + + int RAND_set_rand_method(const RAND_METHOD *meth); + const RAND_METHOD *RAND_get_rand_method(void); +-#ifndef OPENSSL_NO_ENGINE ++# ifndef OPENSSL_NO_ENGINE + int RAND_set_rand_engine(ENGINE *engine); +-#endif ++# endif + RAND_METHOD *RAND_SSLeay(void); +-void RAND_cleanup(void ); +-int RAND_bytes(unsigned char *buf,int num); +-int RAND_pseudo_bytes(unsigned char *buf,int num); +-void RAND_seed(const void *buf,int num); +-void RAND_add(const void *buf,int num,double entropy); +-int RAND_load_file(const char *file,long max_bytes); +-int RAND_write_file(const char *file); +-const char *RAND_file_name(char *file,size_t num); ++void RAND_cleanup(void); ++int RAND_bytes(unsigned char *buf, int num); ++int RAND_pseudo_bytes(unsigned char *buf, int num); ++void RAND_seed(const void *buf, int num); ++void RAND_add(const void *buf, int num, double entropy); ++int RAND_load_file(const char *file, long max_bytes); ++int RAND_write_file(const char *file); ++const char *RAND_file_name(char *file, size_t num); + int RAND_status(void); + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); + int RAND_egd(const char *path); +-int RAND_egd_bytes(const char *path,int bytes); ++int RAND_egd_bytes(const char *path, int bytes); + int RAND_poll(void); +-#ifndef OPENSSL_NO_ENGINE +-#ifdef OPENSSL_FIPS ++# ifndef OPENSSL_NO_ENGINE ++# ifdef OPENSSL_FIPS + void int_RAND_init_engine_callbacks(void); +-void int_RAND_set_callbacks( +- int (*set_rand_func)(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth), +- const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth)); +-#endif +-#endif ++void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, ++ const RAND_METHOD **pmeth), ++ const RAND_METHOD *(*get_rand_func) (const ++ RAND_METHOD ++ **pmeth)); ++# endif ++# endif + +-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) + + void RAND_screen(void); + int RAND_event(UINT, WPARAM, LPARAM); + +-#endif ++# endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_RAND_strings(void); +@@ -137,29 +138,29 @@ void ERR_load_RAND_strings(void); + /* Error codes for the RAND functions. */ + + /* Function codes. */ +-#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 +-#define RAND_F_FIPS_RAND 103 +-#define RAND_F_FIPS_RAND_BYTES 102 +-#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 +-#define RAND_F_FIPS_RAND_SET_DT 106 +-#define RAND_F_FIPS_SET_DT 104 +-#define RAND_F_FIPS_SET_PRNG_SEED 107 +-#define RAND_F_FIPS_SET_TEST_MODE 105 +-#define RAND_F_RAND_GET_RAND_METHOD 101 +-#define RAND_F_SSLEAY_RAND_BYTES 100 ++# define RAND_F_ENG_RAND_GET_RAND_METHOD 108 ++# define RAND_F_FIPS_RAND 103 ++# define RAND_F_FIPS_RAND_BYTES 102 ++# define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 ++# define RAND_F_FIPS_RAND_SET_DT 106 ++# define RAND_F_FIPS_SET_DT 104 ++# define RAND_F_FIPS_SET_PRNG_SEED 107 ++# define RAND_F_FIPS_SET_TEST_MODE 105 ++# define RAND_F_RAND_GET_RAND_METHOD 101 ++# define RAND_F_SSLEAY_RAND_BYTES 100 + + /* Reason codes. */ +-#define RAND_R_NON_FIPS_METHOD 105 +-#define RAND_R_NOT_IN_TEST_MODE 106 +-#define RAND_R_NO_KEY_SET 107 +-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 +-#define RAND_R_PRNG_ERROR 108 +-#define RAND_R_PRNG_KEYED 109 +-#define RAND_R_PRNG_NOT_REKEYED 102 +-#define RAND_R_PRNG_NOT_RESEEDED 103 +-#define RAND_R_PRNG_NOT_SEEDED 100 +-#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 +-#define RAND_R_PRNG_STUCK 104 ++# define RAND_R_NON_FIPS_METHOD 105 ++# define RAND_R_NOT_IN_TEST_MODE 106 ++# define RAND_R_NO_KEY_SET 107 ++# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 ++# define RAND_R_PRNG_ERROR 108 ++# define RAND_R_PRNG_KEYED 109 ++# define RAND_R_PRNG_NOT_REKEYED 102 ++# define RAND_R_PRNG_NOT_RESEEDED 103 ++# define RAND_R_PRNG_NOT_SEEDED 100 ++# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 ++# define RAND_R_PRNG_STUCK 104 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/rc2.h b/Cryptlib/Include/openssl/rc2.h +index e542ec9..29d02d7 100644 +--- a/Cryptlib/Include/openssl/rc2.h ++++ b/Cryptlib/Include/openssl/rc2.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,44 +57,44 @@ + */ + + #ifndef HEADER_RC2_H +-#define HEADER_RC2_H ++# define HEADER_RC2_H + +-#include /* OPENSSL_NO_RC2, RC2_INT */ +-#ifdef OPENSSL_NO_RC2 +-#error RC2 is disabled. +-#endif ++# include /* OPENSSL_NO_RC2, RC2_INT */ ++# ifdef OPENSSL_NO_RC2 ++# error RC2 is disabled. ++# endif + +-#define RC2_ENCRYPT 1 +-#define RC2_DECRYPT 0 ++# define RC2_ENCRYPT 1 ++# define RC2_DECRYPT 0 + +-#define RC2_BLOCK 8 +-#define RC2_KEY_LENGTH 16 ++# define RC2_BLOCK 8 ++# define RC2_KEY_LENGTH 16 + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct rc2_key_st +- { +- RC2_INT data[64]; +- } RC2_KEY; ++typedef struct rc2_key_st { ++ RC2_INT data[64]; ++} RC2_KEY; + +-#ifdef OPENSSL_FIPS +-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +-#endif +-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, +- int enc); +-void RC2_encrypt(unsigned long *data,RC2_KEY *key); +-void RC2_decrypt(unsigned long *data,RC2_KEY *key); ++# ifdef OPENSSL_FIPS ++void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, ++ int bits); ++# endif ++void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); ++void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, ++ RC2_KEY *key, int enc); ++void RC2_encrypt(unsigned long *data, RC2_KEY *key); ++void RC2_decrypt(unsigned long *data, RC2_KEY *key); + void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- RC2_KEY *ks, unsigned char *iv, int enc); ++ RC2_KEY *ks, unsigned char *iv, int enc); + void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC2_KEY *schedule, unsigned char *ivec, +- int *num, int enc); ++ long length, RC2_KEY *schedule, unsigned char *ivec, ++ int *num, int enc); + void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC2_KEY *schedule, unsigned char *ivec, +- int *num); ++ long length, RC2_KEY *schedule, unsigned char *ivec, ++ int *num); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/rc4.h b/Cryptlib/Include/openssl/rc4.h +index 2d8620d..006f839 100644 +--- a/Cryptlib/Include/openssl/rc4.h ++++ b/Cryptlib/Include/openssl/rc4.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,31 +57,29 @@ + */ + + #ifndef HEADER_RC4_H +-#define HEADER_RC4_H ++# define HEADER_RC4_H + +-#include /* OPENSSL_NO_RC4, RC4_INT */ +-#ifdef OPENSSL_NO_RC4 +-#error RC4 is disabled. +-#endif ++# include /* OPENSSL_NO_RC4, RC4_INT */ ++# ifdef OPENSSL_NO_RC4 ++# error RC4 is disabled. ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct rc4_key_st +- { +- RC4_INT x,y; +- RC4_INT data[256]; +- } RC4_KEY; ++typedef struct rc4_key_st { ++ RC4_INT x, y; ++ RC4_INT data[256]; ++} RC4_KEY; + +- + const char *RC4_options(void); +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +-#endif ++# endif + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); + void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +- unsigned char *outdata); ++ unsigned char *outdata); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ripemd.h b/Cryptlib/Include/openssl/ripemd.h +index 3b6d043..6cf74b3 100644 +--- a/Cryptlib/Include/openssl/ripemd.h ++++ b/Cryptlib/Include/openssl/ripemd.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,47 +57,45 @@ + */ + + #ifndef HEADER_RIPEMD_H +-#define HEADER_RIPEMD_H ++# define HEADER_RIPEMD_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef OPENSSL_NO_RIPEMD +-#error RIPEMD is disabled. +-#endif ++# ifdef OPENSSL_NO_RIPEMD ++# error RIPEMD is disabled. ++# endif + +-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +-#define RIPEMD160_LONG unsigned long +-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +-#define RIPEMD160_LONG unsigned long +-#define RIPEMD160_LONG_LOG2 3 +-#else +-#define RIPEMD160_LONG unsigned int +-#endif ++# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# define RIPEMD160_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define RIPEMD160_LONG unsigned long ++# define RIPEMD160_LONG_LOG2 3 ++# else ++# define RIPEMD160_LONG unsigned int ++# endif + +-#define RIPEMD160_CBLOCK 64 +-#define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +-#define RIPEMD160_DIGEST_LENGTH 20 ++# define RIPEMD160_CBLOCK 64 ++# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) ++# define RIPEMD160_DIGEST_LENGTH 20 + +-typedef struct RIPEMD160state_st +- { +- RIPEMD160_LONG A,B,C,D,E; +- RIPEMD160_LONG Nl,Nh; +- RIPEMD160_LONG data[RIPEMD160_LBLOCK]; +- unsigned int num; +- } RIPEMD160_CTX; +-#ifdef OPENSSL_FIPS ++typedef struct RIPEMD160state_st { ++ RIPEMD160_LONG A, B, C, D, E; ++ RIPEMD160_LONG Nl, Nh; ++ RIPEMD160_LONG data[RIPEMD160_LBLOCK]; ++ unsigned int num; ++} RIPEMD160_CTX; ++# ifdef OPENSSL_FIPS + int private_RIPEMD160_Init(RIPEMD160_CTX *c); +-#endif ++# endif + int RIPEMD160_Init(RIPEMD160_CTX *c); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); + int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +-unsigned char *RIPEMD160(const unsigned char *d, size_t n, +- unsigned char *md); ++unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); + void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/rsa.h b/Cryptlib/Include/openssl/rsa.h +index 5bb932a..4af5e35 100644 +--- a/Cryptlib/Include/openssl/rsa.h ++++ b/Cryptlib/Include/openssl/rsa.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,41 +57,43 @@ + */ + + #ifndef HEADER_RSA_H +-#define HEADER_RSA_H +- +-#include +- +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#include +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif +- +-#ifdef OPENSSL_NO_RSA +-#error RSA is disabled. +-#endif +- +-/* If this flag is set the RSA method is FIPS compliant and can be used +- * in FIPS mode. This is set in the validated module method. If an +- * application sets this flag in its own methods it is its reposibility +- * to ensure the result is compliant. ++# define HEADER_RSA_H ++ ++# include ++ ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif ++ ++# ifdef OPENSSL_NO_RSA ++# error RSA is disabled. ++# endif ++ ++/* ++ * If this flag is set the RSA method is FIPS compliant and can be used in ++ * FIPS mode. This is set in the validated module method. If an application ++ * sets this flag in its own methods it is its reposibility to ensure the ++ * result is compliant. + */ + +-#define RSA_FLAG_FIPS_METHOD 0x0400 ++# define RSA_FLAG_FIPS_METHOD 0x0400 + +-/* If this flag is set the operations normally disabled in FIPS mode are ++/* ++ * If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +-#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 ++# define RSA_FLAG_NON_FIPS_ALLOW 0x0400 + +-#ifdef OPENSSL_FIPS +-#define FIPS_RSA_SIZE_T int +-#endif ++# ifdef OPENSSL_FIPS ++# define FIPS_RSA_SIZE_T int ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -101,192 +103,209 @@ extern "C" { + /* typedef struct rsa_st RSA; */ + /* typedef struct rsa_meth_st RSA_METHOD; */ + +-struct rsa_meth_st +- { +- const char *name; +- int (*rsa_pub_enc)(int flen,const unsigned char *from, +- unsigned char *to, +- RSA *rsa,int padding); +- int (*rsa_pub_dec)(int flen,const unsigned char *from, +- unsigned char *to, +- RSA *rsa,int padding); +- int (*rsa_priv_enc)(int flen,const unsigned char *from, +- unsigned char *to, +- RSA *rsa,int padding); +- int (*rsa_priv_dec)(int flen,const unsigned char *from, +- unsigned char *to, +- RSA *rsa,int padding); +- int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ +- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); /* Can be null */ +- int (*init)(RSA *rsa); /* called at new */ +- int (*finish)(RSA *rsa); /* called at free */ +- int flags; /* RSA_METHOD_FLAG_* things */ +- char *app_data; /* may be needed! */ +-/* New sign and verify functions: some libraries don't allow arbitrary data +- * to be signed/verified: this allows them to be used. Note: for this to work +- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used +- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards +- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER +- * option is set in 'flags'. +- */ +- int (*rsa_sign)(int type, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +- int (*rsa_verify)(int dtype, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); +-/* If this callback is NULL, the builtin software RSA key-gen will be used. This +- * is for behavioural compatibility whilst the code gets rewired, but one day +- * it would be nice to assume there are no such things as "builtin software" +- * implementations. */ +- int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +- }; +- +-struct rsa_st +- { +- /* The first parameter is used to pickup errors where +- * this is passed instead of aEVP_PKEY, it is set to 0 */ +- int pad; +- long version; +- const RSA_METHOD *meth; +- /* functional reference if 'meth' is ENGINE-provided */ +- ENGINE *engine; +- BIGNUM *n; +- BIGNUM *e; +- BIGNUM *d; +- BIGNUM *p; +- BIGNUM *q; +- BIGNUM *dmp1; +- BIGNUM *dmq1; +- BIGNUM *iqmp; +- /* be careful using this if the RSA structure is shared */ +- CRYPTO_EX_DATA ex_data; +- int references; +- int flags; +- +- /* Used to cache montgomery values */ +- BN_MONT_CTX *_method_mod_n; +- BN_MONT_CTX *_method_mod_p; +- BN_MONT_CTX *_method_mod_q; +- +- /* all BIGNUM values are actually in the following data, if it is not +- * NULL */ +- char *bignum_data; +- BN_BLINDING *blinding; +- BN_BLINDING *mt_blinding; +- }; +- +-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +-# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +-#endif +- +-#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 +- +-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +-# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +-#endif +-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +-# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ +-#endif +- +-#define RSA_3 0x3L +-#define RSA_F4 0x10001L +- +-#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */ +- +-#define RSA_FLAG_CACHE_PUBLIC 0x0002 +-#define RSA_FLAG_CACHE_PRIVATE 0x0004 +-#define RSA_FLAG_BLINDING 0x0008 +-#define RSA_FLAG_THREAD_SAFE 0x0010 +-/* This flag means the private key operations will be handled by rsa_mod_exp ++struct rsa_meth_st { ++ const char *name; ++ int (*rsa_pub_enc) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ int (*rsa_pub_dec) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ int (*rsa_priv_enc) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ int (*rsa_priv_dec) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ /* Can be null */ ++ int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); ++ /* Can be null */ ++ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ /* called at new */ ++ int (*init) (RSA *rsa); ++ /* called at free */ ++ int (*finish) (RSA *rsa); ++ /* RSA_METHOD_FLAG_* things */ ++ int flags; ++ /* may be needed! */ ++ char *app_data; ++ /* ++ * New sign and verify functions: some libraries don't allow arbitrary ++ * data to be signed/verified: this allows them to be used. Note: for ++ * this to work the RSA_public_decrypt() and RSA_private_encrypt() should ++ * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: ++ * for backwards compatibility this functionality is only enabled if the ++ * RSA_FLAG_SIGN_VER option is set in 'flags'. ++ */ ++ int (*rsa_sign) (int type, ++ const unsigned char *m, unsigned int m_length, ++ unsigned char *sigret, unsigned int *siglen, ++ const RSA *rsa); ++ int (*rsa_verify) (int dtype, const unsigned char *m, ++ unsigned int m_length, unsigned char *sigbuf, ++ unsigned int siglen, const RSA *rsa); ++ /* ++ * If this callback is NULL, the builtin software RSA key-gen will be ++ * used. This is for behavioural compatibility whilst the code gets ++ * rewired, but one day it would be nice to assume there are no such ++ * things as "builtin software" implementations. ++ */ ++ int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); ++}; ++ ++struct rsa_st { ++ /* ++ * The first parameter is used to pickup errors where this is passed ++ * instead of aEVP_PKEY, it is set to 0 ++ */ ++ int pad; ++ long version; ++ const RSA_METHOD *meth; ++ /* functional reference if 'meth' is ENGINE-provided */ ++ ENGINE *engine; ++ BIGNUM *n; ++ BIGNUM *e; ++ BIGNUM *d; ++ BIGNUM *p; ++ BIGNUM *q; ++ BIGNUM *dmp1; ++ BIGNUM *dmq1; ++ BIGNUM *iqmp; ++ /* be careful using this if the RSA structure is shared */ ++ CRYPTO_EX_DATA ex_data; ++ int references; ++ int flags; ++ /* Used to cache montgomery values */ ++ BN_MONT_CTX *_method_mod_n; ++ BN_MONT_CTX *_method_mod_p; ++ BN_MONT_CTX *_method_mod_q; ++ /* ++ * all BIGNUM values are actually in the following data, if it is not ++ * NULL ++ */ ++ char *bignum_data; ++ BN_BLINDING *blinding; ++ BN_BLINDING *mt_blinding; ++}; ++ ++# ifndef OPENSSL_RSA_MAX_MODULUS_BITS ++# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 ++# endif ++ ++# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 ++ ++# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS ++# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 ++# endif ++# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS ++ ++/* exponent limit enforced for "large" modulus only */ ++# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 ++# endif ++ ++# define RSA_3 0x3L ++# define RSA_F4 0x10001L ++ ++# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private ++ * match */ ++ ++# define RSA_FLAG_CACHE_PUBLIC 0x0002 ++# define RSA_FLAG_CACHE_PRIVATE 0x0004 ++# define RSA_FLAG_BLINDING 0x0008 ++# define RSA_FLAG_THREAD_SAFE 0x0010 ++/* ++ * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: +- * for example a key stored in external hardware. Without this flag bn_mod_exp +- * gets called when private key components are absent. ++ * for example a key stored in external hardware. Without this flag ++ * bn_mod_exp gets called when private key components are absent. + */ +-#define RSA_FLAG_EXT_PKEY 0x0020 ++# define RSA_FLAG_EXT_PKEY 0x0020 + +-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. ++/* ++ * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify ++ * functions. + */ +-#define RSA_FLAG_SIGN_VER 0x0040 +- +-#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in +- * RSA implementation now uses blinding by +- * default (ignoring RSA_FLAG_BLINDING), +- * but other engines might not need it +- */ +-#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA +- * implementation now uses constant time +- * operations by default in private key operations, +- * e.g., constant time modular exponentiation, +- * modular inverse without leaking branches, +- * division without leaking branches. This +- * flag disables these constant time +- * operations and results in faster RSA +- * private key operations. +- */ +-#ifndef OPENSSL_NO_DEPRECATED +-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ +- /* new with 0.9.7h; the built-in RSA +- * implementation now uses constant time +- * modular exponentiation for secret exponents +- * by default. This flag causes the +- * faster variable sliding window method to +- * be used for all exponents. +- */ +-#endif ++# define RSA_FLAG_SIGN_VER 0x0040 + ++/* ++ * new with 0.9.6j and 0.9.7b; the built-in ++ * RSA implementation now uses blinding by ++ * default (ignoring RSA_FLAG_BLINDING), ++ * but other engines might not need it ++ */ ++# define RSA_FLAG_NO_BLINDING 0x0080 ++/* ++ * new with 0.9.8f; the built-in RSA ++ * implementation now uses constant time ++ * operations by default in private key operations, ++ * e.g., constant time modular exponentiation, ++ * modular inverse without leaking branches, ++ * division without leaking branches. This ++ * flag disables these constant time ++ * operations and results in faster RSA ++ * private key operations. ++ */ ++# define RSA_FLAG_NO_CONSTTIME 0x0100 ++# ifdef OPENSSL_USE_DEPRECATED ++/* deprecated name for the flag*/ ++/* ++ * new with 0.9.7h; the built-in RSA ++ * implementation now uses constant time ++ * modular exponentiation for secret exponents ++ * by default. This flag causes the ++ * faster variable sliding window method to ++ * be used for all exponents. ++ */ ++# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME ++# endif + +-#define RSA_PKCS1_PADDING 1 +-#define RSA_SSLV23_PADDING 2 +-#define RSA_NO_PADDING 3 +-#define RSA_PKCS1_OAEP_PADDING 4 +-#define RSA_X931_PADDING 5 ++# define RSA_PKCS1_PADDING 1 ++# define RSA_SSLV23_PADDING 2 ++# define RSA_NO_PADDING 3 ++# define RSA_PKCS1_OAEP_PADDING 4 ++# define RSA_X931_PADDING 5 + +-#define RSA_PKCS1_PADDING_SIZE 11 ++# define RSA_PKCS1_PADDING_SIZE 11 + +-#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +-#define RSA_get_app_data(s) RSA_get_ex_data(s,0) ++# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) ++# define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +-RSA * RSA_new(void); +-RSA * RSA_new_method(ENGINE *engine); +-int RSA_size(const RSA *); ++RSA *RSA_new(void); ++RSA *RSA_new_method(ENGINE *engine); ++int RSA_size(const RSA *); + + /* Deprecated version */ +-#ifndef OPENSSL_NO_DEPRECATED +-RSA * RSA_generate_key(int bits, unsigned long e,void +- (*callback)(int,int,void *),void *cb_arg); +-#endif /* !defined(OPENSSL_NO_DEPRECATED) */ ++# ifndef OPENSSL_NO_DEPRECATED ++RSA *RSA_generate_key(int bits, unsigned long e, void ++ (*callback) (int, int, void *), void *cb_arg); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* New version */ +-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, +- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, +- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, +- const BIGNUM *e, BN_GENCB *cb); +-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); +- +-int RSA_check_key(const RSA *); +- /* next 4 return -1 on error */ +-int RSA_public_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); +-int RSA_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); +-int RSA_public_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); +-int RSA_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); +-void RSA_free (RSA *r); ++int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); ++int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, ++ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, ++ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, ++ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); ++int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, ++ BN_GENCB *cb); ++ ++int RSA_check_key(const RSA *); ++ /* next 4 return -1 on error */ ++int RSA_public_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++int RSA_private_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++int RSA_public_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++int RSA_private_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++void RSA_free(RSA *r); + /* "up" the RSA object's reference count */ +-int RSA_up_ref(RSA *r); ++int RSA_up_ref(RSA *r); + +-int RSA_flags(const RSA *r); ++int RSA_flags(const RSA *r); + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + RSA *FIPS_rsa_new(void); + void FIPS_rsa_free(RSA *r); +-#endif ++# endif + + void RSA_set_default_method(const RSA_METHOD *meth); + const RSA_METHOD *RSA_get_default_method(void); +@@ -304,96 +323,105 @@ const RSA_METHOD *RSA_null_method(void); + DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) + DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) + +-#ifndef OPENSSL_NO_FP_API +-int RSA_print_fp(FILE *fp, const RSA *r,int offset); +-#endif ++# ifndef OPENSSL_NO_FP_API ++int RSA_print_fp(FILE *fp, const RSA *r, int offset); ++# endif + +-#ifndef OPENSSL_NO_BIO +-int RSA_print(BIO *bp, const RSA *r,int offset); +-#endif ++# ifndef OPENSSL_NO_BIO ++int RSA_print(BIO *bp, const RSA *r, int offset); ++# endif + +-#ifndef OPENSSL_NO_RC4 ++# ifndef OPENSSL_NO_RC4 + int i2d_RSA_NET(const RSA *a, unsigned char **pp, +- int (*cb)(char *buf, int len, const char *prompt, int verify), +- int sgckey); ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey); + RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, +- int (*cb)(char *buf, int len, const char *prompt, int verify), +- int sgckey); ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey); + + int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, +- int (*cb)(char *buf, int len, const char *prompt, +- int verify)); ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)); + RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, +- int (*cb)(char *buf, int len, const char *prompt, +- int verify)); +-#endif ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)); ++# endif + +-/* The following 2 functions sign and verify a X509_SIG ASN1 object +- * inside PKCS#1 padded RSA encryption */ ++/* ++ * The following 2 functions sign and verify a X509_SIG ASN1 object inside ++ * PKCS#1 padded RSA encryption ++ */ + int RSA_sign(int type, const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, RSA *rsa); ++ unsigned char *sigret, unsigned int *siglen, RSA *rsa); + int RSA_verify(int type, const unsigned char *m, unsigned int m_length, +- unsigned char *sigbuf, unsigned int siglen, RSA *rsa); ++ unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +-/* The following 2 function sign and verify a ASN1_OCTET_STRING +- * object inside PKCS#1 padded RSA encryption */ ++/* ++ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside ++ * PKCS#1 padded RSA encryption ++ */ + int RSA_sign_ASN1_OCTET_STRING(int type, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, RSA *rsa); +-int RSA_verify_ASN1_OCTET_STRING(int type, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigbuf, unsigned int siglen, RSA *rsa); ++ const unsigned char *m, unsigned int m_length, ++ unsigned char *sigret, unsigned int *siglen, ++ RSA *rsa); ++int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, ++ unsigned int m_length, unsigned char *sigbuf, ++ unsigned int siglen, RSA *rsa); + + int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); + void RSA_blinding_off(RSA *rsa); + BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, +- const unsigned char *f,int fl); +-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, +- const unsigned char *f,int fl,int rsa_len); +-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, +- const unsigned char *f,int fl); +-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, +- const unsigned char *f,int fl,int rsa_len); +-int PKCS1_MGF1(unsigned char *mask, long len, +- const unsigned char *seed, long seedlen, const EVP_MD *dgst); +-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, +- const unsigned char *f,int fl, +- const unsigned char *p,int pl); +-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, +- const unsigned char *f,int fl,int rsa_len, +- const unsigned char *p,int pl); +-int RSA_padding_add_SSLv23(unsigned char *to,int tlen, +- const unsigned char *f,int fl); +-int RSA_padding_check_SSLv23(unsigned char *to,int tlen, +- const unsigned char *f,int fl,int rsa_len); +-int RSA_padding_add_none(unsigned char *to,int tlen, +- const unsigned char *f,int fl); +-int RSA_padding_check_none(unsigned char *to,int tlen, +- const unsigned char *f,int fl,int rsa_len); +-int RSA_padding_add_X931(unsigned char *to,int tlen, +- const unsigned char *f,int fl); +-int RSA_padding_check_X931(unsigned char *to,int tlen, +- const unsigned char *f,int fl,int rsa_len); ++int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, ++ const unsigned char *f, int fl); ++int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, ++ int rsa_len); ++int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, ++ const unsigned char *f, int fl); ++int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, ++ int rsa_len); ++int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, ++ long seedlen, const EVP_MD *dgst); ++int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, ++ const unsigned char *p, int pl); ++int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, int rsa_len, ++ const unsigned char *p, int pl); ++int RSA_padding_add_SSLv23(unsigned char *to, int tlen, ++ const unsigned char *f, int fl); ++int RSA_padding_check_SSLv23(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, int rsa_len); ++int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, ++ int fl); ++int RSA_padding_check_none(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, int rsa_len); ++int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, ++ int fl); ++int RSA_padding_check_X931(unsigned char *to, int tlen, ++ const unsigned char *f, int fl, int rsa_len); + int RSA_X931_hash_id(int nid); + + int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, +- const EVP_MD *Hash, const unsigned char *EM, int sLen); ++ const EVP_MD *Hash, const unsigned char *EM, ++ int sLen); + int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, +- const unsigned char *mHash, +- const EVP_MD *Hash, int sLen); ++ const unsigned char *mHash, const EVP_MD *Hash, ++ int sLen); + + int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +-int RSA_set_ex_data(RSA *r,int idx,void *arg); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++int RSA_set_ex_data(RSA *r, int idx, void *arg); + void *RSA_get_ex_data(const RSA *r, int idx); + + RSA *RSAPublicKey_dup(RSA *rsa); + RSA *RSAPrivateKey_dup(RSA *rsa); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_RSA_strings(void); +@@ -401,94 +429,95 @@ void ERR_load_RSA_strings(void); + /* Error codes for the RSA functions. */ + + /* Function codes. */ +-#define RSA_F_FIPS_RSA_SIGN 140 +-#define RSA_F_FIPS_RSA_VERIFY 141 +-#define RSA_F_MEMORY_LOCK 100 +-#define RSA_F_RSA_BUILTIN_KEYGEN 129 +-#define RSA_F_RSA_CHECK_KEY 123 +-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +-#define RSA_F_RSA_GENERATE_KEY 105 +-#define RSA_F_RSA_MEMORY_LOCK 130 +-#define RSA_F_RSA_NEW_METHOD 106 +-#define RSA_F_RSA_NULL 124 +-#define RSA_F_RSA_NULL_MOD_EXP 131 +-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +-#define RSA_F_RSA_PADDING_ADD_NONE 107 +-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +-#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +-#define RSA_F_RSA_PADDING_ADD_X931 127 +-#define RSA_F_RSA_PADDING_CHECK_NONE 111 +-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +-#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +-#define RSA_F_RSA_PADDING_CHECK_X931 128 +-#define RSA_F_RSA_PRINT 115 +-#define RSA_F_RSA_PRINT_FP 116 +-#define RSA_F_RSA_PRIVATE_ENCRYPT 137 +-#define RSA_F_RSA_PUBLIC_DECRYPT 138 +-#define RSA_F_RSA_SETUP_BLINDING 136 +-#define RSA_F_RSA_SET_DEFAULT_METHOD 139 +-#define RSA_F_RSA_SET_METHOD 142 +-#define RSA_F_RSA_SIGN 117 +-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +-#define RSA_F_RSA_VERIFY 119 +-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +-#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 ++# define RSA_F_FIPS_RSA_SIGN 140 ++# define RSA_F_FIPS_RSA_VERIFY 141 ++# define RSA_F_MEMORY_LOCK 100 ++# define RSA_F_RSA_BUILTIN_KEYGEN 129 ++# define RSA_F_RSA_CHECK_KEY 123 ++# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 ++# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 ++# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 ++# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 ++# define RSA_F_RSA_GENERATE_KEY 105 ++# define RSA_F_RSA_MEMORY_LOCK 130 ++# define RSA_F_RSA_NEW_METHOD 106 ++# define RSA_F_RSA_NULL 124 ++# define RSA_F_RSA_NULL_MOD_EXP 131 ++# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 ++# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 ++# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 ++# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 ++# define RSA_F_RSA_PADDING_ADD_NONE 107 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 ++# define RSA_F_RSA_PADDING_ADD_SSLV23 110 ++# define RSA_F_RSA_PADDING_ADD_X931 127 ++# define RSA_F_RSA_PADDING_CHECK_NONE 111 ++# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 ++# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 ++# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 ++# define RSA_F_RSA_PADDING_CHECK_SSLV23 114 ++# define RSA_F_RSA_PADDING_CHECK_X931 128 ++# define RSA_F_RSA_PRINT 115 ++# define RSA_F_RSA_PRINT_FP 116 ++# define RSA_F_RSA_PRIVATE_ENCRYPT 137 ++# define RSA_F_RSA_PUBLIC_DECRYPT 138 ++# define RSA_F_RSA_SETUP_BLINDING 136 ++# define RSA_F_RSA_SET_DEFAULT_METHOD 139 ++# define RSA_F_RSA_SET_METHOD 142 ++# define RSA_F_RSA_SIGN 117 ++# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 ++# define RSA_F_RSA_VERIFY 119 ++# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 ++# define RSA_F_RSA_VERIFY_PKCS1_PSS 126 + + /* Reason codes. */ +-#define RSA_R_ALGORITHM_MISMATCH 100 +-#define RSA_R_BAD_E_VALUE 101 +-#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +-#define RSA_R_BAD_PAD_BYTE_COUNT 103 +-#define RSA_R_BAD_SIGNATURE 104 +-#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +-#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +-#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +-#define RSA_R_DATA_TOO_LARGE 109 +-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +-#define RSA_R_DATA_TOO_SMALL 111 +-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +-#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +-#define RSA_R_FIRST_OCTET_INVALID 133 +-#define RSA_R_INVALID_HEADER 137 +-#define RSA_R_INVALID_MESSAGE_LENGTH 131 +-#define RSA_R_INVALID_PADDING 138 +-#define RSA_R_INVALID_TRAILER 139 +-#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +-#define RSA_R_KEY_SIZE_TOO_SMALL 120 +-#define RSA_R_LAST_OCTET_INVALID 134 +-#define RSA_R_MODULUS_TOO_LARGE 105 +-#define RSA_R_NON_FIPS_METHOD 141 +-#define RSA_R_NO_PUBLIC_EXPONENT 140 +-#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +-#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +-#define RSA_R_OAEP_DECODING_ERROR 121 +-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 +-#define RSA_R_PADDING_CHECK_FAILED 114 +-#define RSA_R_P_NOT_PRIME 128 +-#define RSA_R_Q_NOT_PRIME 129 +-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +-#define RSA_R_SLEN_CHECK_FAILED 136 +-#define RSA_R_SLEN_RECOVERY_FAILED 135 +-#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +-#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +-#define RSA_R_UNKNOWN_PADDING_TYPE 118 +-#define RSA_R_WRONG_SIGNATURE_LENGTH 119 ++# define RSA_R_ALGORITHM_MISMATCH 100 ++# define RSA_R_BAD_E_VALUE 101 ++# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 ++# define RSA_R_BAD_PAD_BYTE_COUNT 103 ++# define RSA_R_BAD_SIGNATURE 104 ++# define RSA_R_BLOCK_TYPE_IS_NOT_01 106 ++# define RSA_R_BLOCK_TYPE_IS_NOT_02 107 ++# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 ++# define RSA_R_DATA_TOO_LARGE 109 ++# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 ++# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 ++# define RSA_R_DATA_TOO_SMALL 111 ++# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 ++# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 ++# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 ++# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 ++# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 ++# define RSA_R_FIRST_OCTET_INVALID 133 ++# define RSA_R_INVALID_HEADER 137 ++# define RSA_R_INVALID_MESSAGE_LENGTH 131 ++# define RSA_R_INVALID_PADDING 138 ++# define RSA_R_INVALID_TRAILER 139 ++# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 ++# define RSA_R_KEY_SIZE_TOO_SMALL 120 ++# define RSA_R_LAST_OCTET_INVALID 134 ++# define RSA_R_MODULUS_TOO_LARGE 105 ++# define RSA_R_NON_FIPS_METHOD 141 ++# define RSA_R_NO_PUBLIC_EXPONENT 140 ++# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 ++# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 ++# define RSA_R_OAEP_DECODING_ERROR 121 ++# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 ++# define RSA_R_PADDING_CHECK_FAILED 114 ++# define RSA_R_PKCS_DECODING_ERROR 159 ++# define RSA_R_P_NOT_PRIME 128 ++# define RSA_R_Q_NOT_PRIME 129 ++# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 ++# define RSA_R_SLEN_CHECK_FAILED 136 ++# define RSA_R_SLEN_RECOVERY_FAILED 135 ++# define RSA_R_SSLV3_ROLLBACK_ATTACK 115 ++# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 ++# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 ++# define RSA_R_UNKNOWN_PADDING_TYPE 118 ++# define RSA_R_WRONG_SIGNATURE_LENGTH 119 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/safestack.h b/Cryptlib/Include/openssl/safestack.h +index b59c640..334ce9e 100644 +--- a/Cryptlib/Include/openssl/safestack.h ++++ b/Cryptlib/Include/openssl/safestack.h +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,1934 +53,1940 @@ + */ + + #ifndef HEADER_SAFESTACK_H +-#define HEADER_SAFESTACK_H ++# define HEADER_SAFESTACK_H + +-#include ++# include + +-#ifdef DEBUG_SAFESTACK ++# ifdef DEBUG_SAFESTACK + +-#ifndef CHECKED_PTR_OF +-#define CHECKED_PTR_OF(type, p) \ ++# ifndef CHECKED_PTR_OF ++# define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +-#endif ++# endif + +-#define CHECKED_SK_FREE_FUNC(type, p) \ ++# define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +-#define CHECKED_SK_CMP_FUNC(type, p) \ ++# define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const char * const *, const char * const *)) \ +- ((1 ? p : (int (*)(const type * const *, const type * const *))0))) ++ ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + +-#define STACK_OF(type) struct stack_st_##type +-#define PREDECLARE_STACK_OF(type) STACK_OF(type); ++# define STACK_OF(type) struct stack_st_##type ++# define PREDECLARE_STACK_OF(type) STACK_OF(type); + +-#define DECLARE_STACK_OF(type) \ ++# define DECLARE_STACK_OF(type) \ + STACK_OF(type) \ + { \ + STACK stack; \ + }; + +-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ +- +-/* SKM_sk_... stack macros are internal to safestack.h: +- * never use them directly, use sk__... instead */ +-#define SKM_sk_new(type, cmp) \ +- ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) +-#define SKM_sk_new_null(type) \ +- ((STACK_OF(type) *)sk_new_null()) +-#define SKM_sk_free(type, st) \ +- sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_num(type, st) \ +- sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_value(type, st,i) \ +- ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) +-#define SKM_sk_set(type, st,i,val) \ +- sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) +-#define SKM_sk_zero(type, st) \ +- sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_push(type, st,val) \ +- sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) +-#define SKM_sk_unshift(type, st,val) \ +- sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) +-#define SKM_sk_find(type, st,val) \ +- sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) +-#define SKM_sk_delete(type, st,i) \ +- (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) +-#define SKM_sk_delete_ptr(type, st,ptr) \ +- (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) +-#define SKM_sk_insert(type, st,val,i) \ +- sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) +-#define SKM_sk_set_cmp_func(type, st,cmp) \ +- ((int (*)(const type * const *,const type * const *)) \ +- sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) +-#define SKM_sk_dup(type, st) \ +- (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_pop_free(type, st,free_func) \ +- sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) +-#define SKM_sk_shift(type, st) \ +- (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_pop(type, st) \ +- (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_sort(type, st) \ +- sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) +-#define SKM_sk_is_sorted(type, st) \ +- sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) +- +-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ +- pp, length, \ +- CHECKED_D2I_OF(type, d2i_func), \ +- CHECKED_SK_FREE_FUNC(type, free_func), \ +- ex_tag, ex_class) +- +-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ +- CHECKED_I2D_OF(type, i2d_func), \ +- ex_tag, ex_class, is_set) +- +-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ +- ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ +- CHECKED_I2D_OF(type, i2d_func), buf, len) +- +-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ +- (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) +- +-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ +- (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ +- CHECKED_D2I_OF(type, d2i_func), \ +- CHECKED_SK_FREE_FUNC(type, free_func), \ +- pass, passlen, oct, seq) +- +-#else +- +-#define STACK_OF(type) STACK +-#define PREDECLARE_STACK_OF(type) /* nada */ +-#define DECLARE_STACK_OF(type) /* nada */ +-#define IMPLEMENT_STACK_OF(type) /* nada */ +- +-#define SKM_sk_new(type, cmp) \ +- sk_new((int (*)(const char * const *, const char * const *))(cmp)) +-#define SKM_sk_new_null(type) \ +- sk_new_null() +-#define SKM_sk_free(type, st) \ +- sk_free(st) +-#define SKM_sk_num(type, st) \ +- sk_num(st) +-#define SKM_sk_value(type, st,i) \ +- ((type *)sk_value(st, i)) +-#define SKM_sk_set(type, st,i,val) \ +- ((type *)sk_set(st, i,(char *)val)) +-#define SKM_sk_zero(type, st) \ +- sk_zero(st) +-#define SKM_sk_push(type, st,val) \ +- sk_push(st, (char *)val) +-#define SKM_sk_unshift(type, st,val) \ +- sk_unshift(st, (char *)val) +-#define SKM_sk_find(type, st,val) \ +- sk_find(st, (char *)val) +-#define SKM_sk_delete(type, st,i) \ +- ((type *)sk_delete(st, i)) +-#define SKM_sk_delete_ptr(type, st,ptr) \ +- ((type *)sk_delete_ptr(st,(char *)ptr)) +-#define SKM_sk_insert(type, st,val,i) \ +- sk_insert(st, (char *)val, i) +-#define SKM_sk_set_cmp_func(type, st,cmp) \ +- ((int (*)(const type * const *,const type * const *)) \ +- sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) +-#define SKM_sk_dup(type, st) \ +- sk_dup(st) +-#define SKM_sk_pop_free(type, st,free_func) \ +- sk_pop_free(st, (void (*)(void *))free_func) +-#define SKM_sk_shift(type, st) \ +- ((type *)sk_shift(st)) +-#define SKM_sk_pop(type, st) \ +- ((type *)sk_pop(st)) +-#define SKM_sk_sort(type, st) \ +- sk_sort(st) +-#define SKM_sk_is_sorted(type, st) \ +- sk_is_sorted(st) +- +-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) +-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) +- +-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ +- ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) +-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ +- ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) +- +-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ +- ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) +- +-#endif +- +-/* This block of defines is updated by util/mkstack.pl, please do not touch! */ +-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) +-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) +-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) +-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) +-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) +-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) +-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) +-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) +-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) +-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) +-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) +-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) +-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) +-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) +- +-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) +-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) +-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) +-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) +-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) +-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) +-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) +-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) +-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) +-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) +-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) +-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) +-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) +-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) +- +-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) +-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) +-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) +-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) +-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) +-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) +-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) +-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) +-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) +-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) +-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) +-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) +-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) +-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) +- +-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) +-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) +-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) +-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) +-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) +-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) +-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) +-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) +-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) +-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) +-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) +-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) +-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) +-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) +- +-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) +-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) +-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) +-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) +-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) +-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) +-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) +-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) +-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) +-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) +-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) +-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) +-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) +-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) +- +-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) +-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) +-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) +-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) +-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) +-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) +-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) +-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) +-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) +-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) +-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) +-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) +-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) +-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) +- +-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) +-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) +-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) +-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) +-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) +-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) +-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) +-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) +-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) +-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) +-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) +-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) +-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) +-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) +- +-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) +-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) +-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) +-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) +-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) +-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) +-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) +-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) +-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) +-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) +-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) +-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) +-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) +-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) +- +-#define sk_BIO_new(st) SKM_sk_new(BIO, (st)) +-#define sk_BIO_new_null() SKM_sk_new_null(BIO) +-#define sk_BIO_free(st) SKM_sk_free(BIO, (st)) +-#define sk_BIO_num(st) SKM_sk_num(BIO, (st)) +-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) +-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) +-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) +-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) +-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) +-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) +-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) +-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) +-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) +-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) +-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st) +-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) +-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) +-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) +-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) +-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) +- +-#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) +-#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) +-#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) +-#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) +-#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) +-#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) +-#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) +-#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) +-#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) +-#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) +-#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) +-#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) +-#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +-#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) +-#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) +- +-#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) +-#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) +-#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) +-#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) +-#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) +-#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) +-#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) +-#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) +-#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) +-#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) +-#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) +-#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) +-#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +-#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) +-#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) +- +-#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) +-#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) +-#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) +-#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) +-#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) +-#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) +-#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) +-#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) +-#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) +-#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) +-#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) +-#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) +-#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +-#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) +-#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) +- +-#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) +-#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) +-#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) +-#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) +-#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) +-#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) +-#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) +-#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) +-#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) +-#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) +-#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) +-#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) +-#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +-#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) +-#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) +- +-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) +-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) +-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) +-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) +-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) +-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) +-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) +-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) +-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) +-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) +-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) +-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) +-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) +-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) +- +-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) +-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) +-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) +-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) +-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) +-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) +-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) +-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) +-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) +-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) +-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) +-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) +-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) +-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) +- +-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) +-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) +-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) +-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) +-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) +-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) +-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) +-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) +-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) +-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) +-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) +-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) +-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) +-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) +- +-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) +-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) +-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) +-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) +-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) +-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) +-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) +-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) +-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) +-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) +-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) +-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) +-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) +-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) +- +-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) +-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) +-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) +-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) +-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) +-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) +-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) +-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) +-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) +-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) +-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) +-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) +-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) +-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) +- +-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) +-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) +-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) +-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) +-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) +-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) +-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) +-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) +-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) +-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) +-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) +-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) +-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) +-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) +-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) +-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) +-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) +-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) +-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) +- +-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) +-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) +-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) +-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) +-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) +-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) +-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) +-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) +-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) +-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) +-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) +-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) +-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) +-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) +-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) +-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) +-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) +-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) +-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) +-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) +- +-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) +-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) +-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) +-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) +-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) +-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) +-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) +-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) +-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) +-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) +-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) +-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) +-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) +-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) +- +-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) +-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) +-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) +-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) +-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) +-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) +-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) +-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) +-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) +-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) +-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) +-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) +-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) +- +-#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +-#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +-#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +-#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +-#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +-#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +-#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) +-#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +-#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +-#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +-#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +-#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +-#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +-#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +-#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) +- +-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) +-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) +-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) +- +-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) +-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) +-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) +-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) +-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) +-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) +-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) +-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) +-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) +-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) +-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) +-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) +-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) +-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) +- +-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) +-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) +-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) +-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) +-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) +-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) +-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) +-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) +-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) +-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) +-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) +-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) +-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) +-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) +- +-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) +-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) +-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) +-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) +-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) +-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) +-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) +-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) +-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) +-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) +-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) +-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) +-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) +-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) +-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) +- +-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) +-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) +-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) +-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) +-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) +-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) +-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) +-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) +-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) +-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) +-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) +-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) +-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) +-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) +-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) +- +-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) +-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) +-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) +-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) +-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) +-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) +-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) +-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) +-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) +-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) +-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) +-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) +-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) +-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) +-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) +- +-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) +-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) +-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) +-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) +-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) +-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) +-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) +-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) +-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) +-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) +-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) +-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) +-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) +-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) +-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) +- +-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) +-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) +-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) +-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) +-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) +-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) +-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) +-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) +-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) +-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) +-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) +-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) +-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) +-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) +-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) +- +-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) +-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) +-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) +-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) +-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) +-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) +-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) +-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) +-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) +-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) +-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) +-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) +-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) +-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) +-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) +- +-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) +-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) +-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) +-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) +-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) +-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) +-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) +-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) +-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) +-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) +-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) +-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) +-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) +-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) +-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) +- +-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) +-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) +-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) +-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) +-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) +-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) +-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) +-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) +-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) +-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) +-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) +-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) +-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) +-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) +-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) +- +-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) +-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) +-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) +-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) +-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) +-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) +-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) +-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) +-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) +-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) +-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) +-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) +- +-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) +-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) +-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) +-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) +-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) +-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) +-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) +-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) +-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) +-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) +-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) +-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) +- +-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) +-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) +-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) +-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) +-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) +-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) +-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) +-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) +-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) +-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) +-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) +-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) +-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) +- +-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) +-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) +-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) +-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) +-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) +-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) +-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) +-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) +-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) +-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) +-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) +-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) +-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) +-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) +- +-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) +-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) +-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) +-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) +-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) +-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) +-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) +-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) +-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) +-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) +-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) +-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) +-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) +-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) +- +-#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +-#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +-#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +-#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +-#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +-#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +-#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +-#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +-#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +-#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +-#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +-#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +-#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +-#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +-#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) +- +-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) +-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) +-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) +-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) +-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) +-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) +-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) +-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) +-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) +-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) +-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) +-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) +-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) +-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) +- +-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) +-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) +-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) +-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) +-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) +-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) +-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) +-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) +-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) +-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) +-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) +-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) +-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) +-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) +- +-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) +-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) +-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) +-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) +-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) +-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) +-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) +-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) +-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) +-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) +-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) +-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) +-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) +-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) +-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) +-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) +-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) +-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) +-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) +-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) +- +-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) +-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) +-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) +-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) +-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) +-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) +-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) +-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) +-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) +-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) +-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) +-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) +-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) +-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) +- +-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) +-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) +-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) +-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) +-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) +-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) +-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) +-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) +-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) +-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) +-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) +-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) +-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) +-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) +- +-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) +-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) +-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) +-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) +-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) +-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) +-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) +-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) +-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) +-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) +-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) +-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) +-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) +-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) +-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) +-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) +-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) +-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) +-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) +-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) +- +-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) +-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) +-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) +-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) +-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) +-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) +-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) +-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) +-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) +-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) +-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) +-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) +-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) +- +-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) +-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) +-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) +- +-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) +-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) +-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) +-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) +-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) +-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) +-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) +-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) +-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) +-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) +-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) +-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) +-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) +-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) +- +-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) +-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) +-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) +-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) +-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) +-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) +-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) +-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) +-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) +-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) +-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) +-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) +-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) +-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) +-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) +-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) +-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) +-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) +-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) +- +-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) +-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) +- +-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) +-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) +-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) +-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) +-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) +-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) +-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) +-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) +-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) +-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) +-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) +-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) +-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) +-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) +-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) +-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) +-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) +-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) +-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) +-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) +- +-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) +-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) +-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) +-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) +-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) +-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) +-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) +-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) +-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) +-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) +-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) +-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) +-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) +-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) +-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) +-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) +-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) +-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) +-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) +-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) +- +-#define sk_X509_new(st) SKM_sk_new(X509, (st)) +-#define sk_X509_new_null() SKM_sk_new_null(X509) +-#define sk_X509_free(st) SKM_sk_free(X509, (st)) +-#define sk_X509_num(st) SKM_sk_num(X509, (st)) +-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) +-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) +-#define sk_X509_zero(st) SKM_sk_zero(X509, (st)) +-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) +-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) +-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) +-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) +-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) +-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) +-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) +-#define sk_X509_dup(st) SKM_sk_dup(X509, st) +-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) +-#define sk_X509_shift(st) SKM_sk_shift(X509, (st)) +-#define sk_X509_pop(st) SKM_sk_pop(X509, (st)) +-#define sk_X509_sort(st) SKM_sk_sort(X509, (st)) +-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) +- +-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) +-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) +-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) +-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) +-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) +-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) +-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) +-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) +-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) +-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) +-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) +-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) +-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) +-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) +- +-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) +-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) +-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) +-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) +-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) +-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) +-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) +-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) +-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) +-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) +-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) +-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) +-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) +-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) +- +-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) +-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) +-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) +-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) +-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) +-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) +-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) +-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) +-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) +-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) +-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) +-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) +-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) +-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) +- +-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) +-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) +-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) +-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) +-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) +-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) +-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) +-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) +-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) +-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) +-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) +-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) +-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) +-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) +-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) +-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) +-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) +-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) +-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) +-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) +- +-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) +-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) +-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) +-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) +-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) +-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) +-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) +-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) +-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) +-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) +-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) +-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) +-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) +-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) +- +-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) +-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) +-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) +-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) +-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) +-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) +-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) +-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) +-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) +-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) +-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) +-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) +-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) +-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) +-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) +-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) +-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) +-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) +-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) +-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) +- +-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) +-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) +-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) +-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) +-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) +-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) +-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) +-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) +-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) +-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) +-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) +-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) +-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) +-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) +- +-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) +-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) +-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) +-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) +-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) +-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) +-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) +-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) +-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) +-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) +-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) +-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) +-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) +-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) +-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) +-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) +-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) +-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) +-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) +-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) +- +-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) +-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) +-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) +-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) +-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) +-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) +-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) +-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) +-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) +-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) +-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) +-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) +-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) +-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) +- +-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) +-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) +-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) +-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) +-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) +-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) +-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) +-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) +-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) +-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) +-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) +-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) +-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) +-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) +- +-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) +-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) +-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) +-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) +-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) +-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) +-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) +-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) +-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) +-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) +-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) +-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) +-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) +-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) +-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) +- +-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) +-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) +-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) +-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) +-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) +-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) +-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) +-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) +-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) +-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) +-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) +-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) +-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) +-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) +-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) +- +-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) +-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) +-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) +-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) +-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) +-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) +-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) +-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) +-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) +-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) +-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) +-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) +-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) +-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) +-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) +- +-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) +-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) +-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) +-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) +-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) +-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) +-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) +-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) +-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) +-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) +-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) +-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) +-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) +-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) +- +-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) +-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) +-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) +-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) +-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) +-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) +-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) +-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) +-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) +-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) +-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) +-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) +-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) +-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) +- +-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) +-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) +-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) +-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) +-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) +-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) +-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) +-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) +-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) +-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) +-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) +-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) +-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) +-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) +-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) +-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) +-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) +-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) +-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) +-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) +- +-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) +-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) +-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) +-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) +-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) +-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) +-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) +-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) +-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) +-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) +-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) +-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) +-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) +-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) +- +-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) +- +-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ +- SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) +-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ +- SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) +-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ +- SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) +-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ +- SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) +- +-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ +- SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) +- +-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ +- SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) +-/* End of util/mkstack.pl block, you may now edit :-) */ +- +-#endif /* !defined HEADER_SAFESTACK_H */ ++/* nada (obsolete in new safestack approach)*/ ++# define IMPLEMENT_STACK_OF(type) ++ ++/* ++ * SKM_sk_... stack macros are internal to safestack.h: never use them ++ * directly, use sk__... instead ++ */ ++# define SKM_sk_new(type, cmp) \ ++ ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) ++# define SKM_sk_new_null(type) \ ++ ((STACK_OF(type) *)sk_new_null()) ++# define SKM_sk_free(type, st) \ ++ sk_free(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_num(type, st) \ ++ sk_num(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_value(type, st,i) \ ++ ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i)) ++# define SKM_sk_set(type, st,i,val) \ ++ sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val)) ++# define SKM_sk_zero(type, st) \ ++ sk_zero(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_push(type, st,val) \ ++ sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_unshift(type, st,val) \ ++ sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_find(type, st,val) \ ++ sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_delete(type, st,i) \ ++ (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i) ++# define SKM_sk_delete_ptr(type, st,ptr) \ ++ (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr)) ++# define SKM_sk_insert(type, st,val,i) \ ++ sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i) ++# define SKM_sk_set_cmp_func(type, st,cmp) \ ++ ((int (*)(const type * const *,const type * const *)) \ ++ sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp))) ++# define SKM_sk_dup(type, st) \ ++ (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_pop_free(type, st,free_func) \ ++ sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func)) ++# define SKM_sk_shift(type, st) \ ++ (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_pop(type, st) \ ++ (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_sort(type, st) \ ++ sk_sort(CHECKED_PTR_OF(STACK_OF(type), st)) ++# define SKM_sk_is_sorted(type, st) \ ++ sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st)) ++ ++# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \ ++ pp, length, \ ++ CHECKED_D2I_OF(type, d2i_func), \ ++ CHECKED_SK_FREE_FUNC(type, free_func), \ ++ ex_tag, ex_class) ++ ++# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \ ++ CHECKED_I2D_OF(type, i2d_func), \ ++ ex_tag, ex_class, is_set) ++ ++# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ++ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ ++ CHECKED_I2D_OF(type, i2d_func), buf, len) ++ ++# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ ++ (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) ++ ++# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ ++ CHECKED_D2I_OF(type, d2i_func), \ ++ CHECKED_SK_FREE_FUNC(type, free_func), \ ++ pass, passlen, oct, seq) ++ ++# else ++ ++# define STACK_OF(type) STACK ++# define PREDECLARE_STACK_OF(type) ++ /* nada */ ++# define DECLARE_STACK_OF(type)/* nada */ ++# define IMPLEMENT_STACK_OF(type) ++ /* nada */ ++ ++# define SKM_sk_new(type, cmp) \ ++ sk_new((int (*)(const char * const *, const char * const *))(cmp)) ++# define SKM_sk_new_null(type) \ ++ sk_new_null() ++# define SKM_sk_free(type, st) \ ++ sk_free(st) ++# define SKM_sk_num(type, st) \ ++ sk_num(st) ++# define SKM_sk_value(type, st,i) \ ++ ((type *)sk_value(st, i)) ++# define SKM_sk_set(type, st,i,val) \ ++ ((type *)sk_set(st, i,(char *)val)) ++# define SKM_sk_zero(type, st) \ ++ sk_zero(st) ++# define SKM_sk_push(type, st,val) \ ++ sk_push(st, (char *)val) ++# define SKM_sk_unshift(type, st,val) \ ++ sk_unshift(st, (char *)val) ++# define SKM_sk_find(type, st,val) \ ++ sk_find(st, (char *)val) ++# define SKM_sk_delete(type, st,i) \ ++ ((type *)sk_delete(st, i)) ++# define SKM_sk_delete_ptr(type, st,ptr) \ ++ ((type *)sk_delete_ptr(st,(char *)ptr)) ++# define SKM_sk_insert(type, st,val,i) \ ++ sk_insert(st, (char *)val, i) ++# define SKM_sk_set_cmp_func(type, st,cmp) \ ++ ((int (*)(const type * const *,const type * const *)) \ ++ sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) ++# define SKM_sk_dup(type, st) \ ++ sk_dup(st) ++# define SKM_sk_pop_free(type, st,free_func) \ ++ sk_pop_free(st, (void (*)(void *))free_func) ++# define SKM_sk_shift(type, st) \ ++ ((type *)sk_shift(st)) ++# define SKM_sk_pop(type, st) \ ++ ((type *)sk_pop(st)) ++# define SKM_sk_sort(type, st) \ ++ sk_sort(st) ++# define SKM_sk_is_sorted(type, st) \ ++ sk_is_sorted(st) ++ ++# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) ++# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set) ++ ++# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ++ ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len) ++# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ ++ ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func) ++ ++# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) ++ ++# endif ++ ++/* ++ * This block of defines is updated by util/mkstack.pl, please do not touch! ++ */ ++# define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) ++# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) ++# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) ++# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) ++# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) ++# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) ++# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) ++# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) ++# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) ++# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) ++ ++# define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) ++# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) ++# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) ++# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) ++# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) ++# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) ++# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) ++# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) ++# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) ++# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) ++ ++# define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) ++# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) ++# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) ++# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) ++# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) ++# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) ++# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) ++# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) ++# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) ++# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) ++ ++# define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) ++# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) ++# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) ++# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) ++# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) ++# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) ++# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) ++# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) ++# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) ++# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) ++ ++# define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) ++# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) ++# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) ++# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) ++# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) ++# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) ++# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) ++# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) ++# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) ++# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) ++ ++# define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) ++# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) ++# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) ++# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) ++# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) ++# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) ++# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) ++# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) ++# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) ++# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) ++ ++# define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) ++# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) ++# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) ++# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) ++# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) ++# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) ++# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) ++# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) ++# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) ++# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) ++ ++# define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) ++# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) ++# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) ++# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) ++# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) ++# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) ++# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) ++# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) ++# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) ++# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) ++ ++# define sk_BIO_new(st) SKM_sk_new(BIO, (st)) ++# define sk_BIO_new_null() SKM_sk_new_null(BIO) ++# define sk_BIO_free(st) SKM_sk_free(BIO, (st)) ++# define sk_BIO_num(st) SKM_sk_num(BIO, (st)) ++# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) ++# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) ++# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) ++# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) ++# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) ++# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) ++# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) ++# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) ++# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) ++# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) ++# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) ++# define sk_BIO_dup(st) SKM_sk_dup(BIO, st) ++# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) ++# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) ++# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) ++# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) ++# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) ++ ++# define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) ++# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) ++# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) ++# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) ++# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) ++# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) ++# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) ++# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) ++# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) ++# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) ++ ++# define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) ++# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) ++# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) ++# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) ++# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) ++# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) ++# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) ++# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) ++# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) ++# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) ++ ++# define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) ++# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) ++# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) ++# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) ++# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) ++# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) ++# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) ++# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) ++# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) ++# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) ++ ++# define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) ++# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) ++# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) ++# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) ++# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) ++# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) ++# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) ++# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) ++# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) ++# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) ++ ++# define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) ++# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) ++# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) ++# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) ++# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) ++# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) ++# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) ++# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) ++# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) ++# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) ++ ++# define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) ++# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) ++# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) ++# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) ++# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) ++# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) ++# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) ++# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) ++# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) ++# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) ++ ++# define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) ++# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) ++# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) ++# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) ++# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) ++# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) ++# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) ++# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) ++# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) ++# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) ++ ++# define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) ++# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) ++# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) ++# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) ++# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) ++# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) ++# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) ++# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) ++# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) ++ ++# define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) ++# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) ++# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) ++# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) ++# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) ++# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) ++# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) ++# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) ++# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) ++# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) ++ ++# define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) ++# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) ++# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) ++# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) ++# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) ++# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) ++# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) ++# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) ++# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) ++# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) ++# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) ++# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) ++# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) ++# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) ++# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) ++# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) ++# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) ++ ++# define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) ++# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) ++# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) ++# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) ++# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) ++# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) ++# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) ++# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) ++# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) ++# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) ++# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) ++# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) ++# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) ++# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) ++# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) ++# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) ++# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) ++# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) ++# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) ++# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) ++# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) ++ ++# define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) ++# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) ++# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) ++# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) ++# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) ++# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) ++# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) ++# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) ++# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) ++ ++# define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) ++# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) ++# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) ++# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) ++# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) ++# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) ++# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) ++# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) ++# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ++# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) ++ ++# define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) ++# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) ++# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) ++# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) ++# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) ++# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) ++# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) ++# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) ++# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) ++# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) ++ ++# define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) ++# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) ++# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) ++# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) ++# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) ++# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) ++# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) ++# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) ++# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) ++# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) ++ ++# define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) ++# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) ++# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) ++# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) ++# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) ++# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) ++# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) ++# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) ++# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) ++# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) ++ ++# define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) ++# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) ++# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) ++# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) ++# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) ++# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) ++# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) ++# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) ++# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) ++# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) ++ ++# define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) ++# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) ++# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) ++# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) ++# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) ++# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) ++# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) ++# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) ++# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) ++# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) ++ ++# define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) ++# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) ++# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) ++# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) ++# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) ++# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) ++# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) ++# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) ++# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) ++# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) ++ ++# define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) ++# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) ++# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) ++# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) ++# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) ++# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) ++# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) ++# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) ++# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) ++# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) ++ ++# define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) ++# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) ++# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) ++# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) ++# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) ++# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) ++# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) ++# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) ++# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) ++# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) ++ ++# define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) ++# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) ++# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) ++# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) ++# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) ++# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) ++# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) ++# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) ++# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) ++# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) ++ ++# define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) ++# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) ++# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) ++# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) ++# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) ++# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) ++# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) ++# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) ++# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) ++# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) ++ ++# define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) ++# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) ++# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) ++# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) ++# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) ++# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) ++# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) ++# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) ++# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) ++# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) ++ ++# define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) ++# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) ++# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) ++# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) ++# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) ++# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) ++# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) ++# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) ++# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) ++# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) ++ ++# define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) ++# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) ++# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) ++# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) ++# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) ++# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) ++# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) ++# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) ++# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) ++# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) ++ ++# define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) ++# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) ++# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) ++# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) ++# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) ++# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) ++# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) ++# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) ++# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) ++# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) ++ ++# define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) ++# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) ++# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) ++# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) ++# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) ++# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) ++# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) ++# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) ++# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) ++# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) ++ ++# define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) ++# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) ++# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) ++# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) ++# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) ++# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) ++# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) ++# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) ++# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) ++# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) ++ ++# define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) ++# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) ++# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) ++# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) ++# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) ++# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) ++# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) ++# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) ++# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) ++# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) ++ ++# define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) ++# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) ++# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) ++# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) ++# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) ++# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) ++# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) ++# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) ++# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) ++# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) ++ ++# define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) ++# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) ++# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) ++# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) ++# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) ++# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) ++# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) ++# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) ++# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) ++# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) ++ ++# define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) ++# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) ++# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) ++# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) ++# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) ++# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) ++# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) ++# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) ++# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) ++# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) ++ ++# define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) ++# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) ++# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) ++# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) ++# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) ++# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) ++# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) ++# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) ++# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) ++# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) ++# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) ++# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) ++# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) ++# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) ++# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) ++# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) ++# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) ++# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) ++# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) ++# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) ++# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) ++ ++# define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) ++# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) ++# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) ++# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) ++# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) ++# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) ++# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) ++# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) ++# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) ++# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) ++ ++# define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) ++# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) ++# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) ++# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) ++# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) ++# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) ++# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) ++# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) ++# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) ++# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) ++ ++# define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) ++# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) ++# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) ++# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) ++# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) ++# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) ++# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) ++# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) ++# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) ++# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) ++# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) ++# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) ++# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) ++# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) ++# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) ++# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) ++# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) ++ ++# define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) ++# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) ++# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) ++# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) ++# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) ++# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) ++# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) ++# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) ++# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) ++# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) ++ ++# define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) ++# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) ++# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) ++# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) ++# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) ++# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) ++# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) ++# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) ++# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) ++# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) ++ ++# define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) ++# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) ++# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) ++# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) ++# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) ++# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) ++# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) ++# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) ++# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) ++# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) ++ ++# define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) ++# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) ++# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) ++# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) ++# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) ++# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) ++# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) ++# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) ++# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) ++# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) ++# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) ++# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) ++# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) ++# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) ++# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) ++# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) ++# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) ++ ++# define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) ++# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) ++# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) ++# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) ++# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) ++# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) ++# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) ++# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) ++# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) ++# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) ++ ++# define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) ++# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) ++# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) ++# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) ++# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) ++# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) ++# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) ++# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) ++# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) ++# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) ++# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) ++# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) ++# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) ++# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) ++# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) ++# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) ++# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) ++# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) ++# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) ++# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) ++# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) ++ ++# define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) ++# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) ++# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) ++# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) ++# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) ++# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) ++# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) ++# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) ++# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) ++# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) ++# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) ++# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) ++# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) ++# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) ++# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) ++# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) ++# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) ++# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) ++# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) ++# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) ++# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) ++ ++# define sk_X509_new(st) SKM_sk_new(X509, (st)) ++# define sk_X509_new_null() SKM_sk_new_null(X509) ++# define sk_X509_free(st) SKM_sk_free(X509, (st)) ++# define sk_X509_num(st) SKM_sk_num(X509, (st)) ++# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) ++# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) ++# define sk_X509_zero(st) SKM_sk_zero(X509, (st)) ++# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) ++# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) ++# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) ++# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) ++# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) ++# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) ++# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) ++# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) ++# define sk_X509_dup(st) SKM_sk_dup(X509, st) ++# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) ++# define sk_X509_shift(st) SKM_sk_shift(X509, (st)) ++# define sk_X509_pop(st) SKM_sk_pop(X509, (st)) ++# define sk_X509_sort(st) SKM_sk_sort(X509, (st)) ++# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) ++ ++# define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) ++# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) ++# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) ++# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) ++# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) ++# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) ++# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) ++# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) ++# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) ++# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) ++ ++# define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) ++# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) ++# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) ++# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) ++# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) ++# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) ++# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) ++# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) ++# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) ++# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) ++ ++# define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) ++# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) ++# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) ++# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) ++# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) ++# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) ++# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) ++# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) ++# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) ++# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) ++ ++# define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) ++# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) ++# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) ++# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) ++# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) ++# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) ++# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) ++# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) ++# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) ++# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) ++# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) ++# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) ++# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) ++# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) ++# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) ++# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) ++# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) ++# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) ++# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) ++# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) ++# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) ++ ++# define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) ++# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) ++# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) ++# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) ++# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) ++# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) ++# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) ++# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) ++# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) ++# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) ++ ++# define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) ++# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) ++# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) ++# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) ++# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) ++# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) ++# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) ++# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) ++# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) ++# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) ++# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) ++# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) ++# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) ++# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) ++# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) ++# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) ++# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) ++# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) ++# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) ++# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) ++# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) ++ ++# define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) ++# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) ++# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) ++# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) ++# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) ++# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) ++# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) ++# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) ++# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) ++# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) ++ ++# define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) ++# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) ++# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) ++# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) ++# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) ++# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) ++# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) ++# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) ++# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) ++# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) ++# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) ++# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) ++# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) ++# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) ++# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) ++# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) ++# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) ++# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) ++# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) ++# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) ++# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) ++ ++# define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) ++# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) ++# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) ++# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) ++# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) ++# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) ++# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) ++# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) ++# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) ++# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) ++ ++# define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) ++# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) ++# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) ++# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) ++# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) ++# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) ++# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) ++# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) ++# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) ++# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) ++ ++# define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) ++# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) ++# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) ++# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) ++# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) ++# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) ++# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) ++# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) ++# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) ++# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) ++ ++# define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) ++# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) ++# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) ++# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) ++# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) ++# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) ++# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) ++# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) ++# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) ++# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) ++ ++# define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF) ++# define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i)) ++# define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val)) ++# define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val)) ++# define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val)) ++# define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val)) ++# define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val)) ++# define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i)) ++# define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr)) ++# define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i)) ++# define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp)) ++# define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st) ++# define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func)) ++# define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st)) ++# define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st)) ++ ++# define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) ++# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) ++# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) ++# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) ++# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) ++# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) ++# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) ++# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) ++# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) ++# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) ++ ++# define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) ++# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) ++# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) ++# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) ++# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) ++# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) ++# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) ++# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) ++# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) ++# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) ++ ++# define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) ++# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) ++# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) ++# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) ++# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) ++# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) ++# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) ++# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) ++# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) ++# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) ++# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) ++# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) ++# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) ++# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) ++# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) ++# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) ++# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) ++ ++# define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) ++# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) ++# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) ++# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) ++# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) ++# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) ++# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) ++# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) ++# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) ++# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) ++ ++# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) ++ ++# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) ++ ++# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) ++ ++# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) ++ ++#endif /* !defined HEADER_SAFESTACK_H */ +diff --git a/Cryptlib/Include/openssl/sha.h b/Cryptlib/Include/openssl/sha.h +index 47a2c29..8a50878 100644 +--- a/Cryptlib/Include/openssl/sha.h ++++ b/Cryptlib/Include/openssl/sha.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,144 +57,144 @@ + */ + + #ifndef HEADER_SHA_H +-#define HEADER_SHA_H ++# define HEADER_SHA_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) +-#error SHA is disabled. +-#endif ++# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) ++# error SHA is disabled. ++# endif + +-#if defined(OPENSSL_FIPS) +-#define FIPS_SHA_SIZE_T size_t +-#endif ++# if defined(OPENSSL_FIPS) ++# define FIPS_SHA_SIZE_T size_t ++# endif + +-/* ++/*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! SHA_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +-#define SHA_LONG unsigned long +-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +-#define SHA_LONG unsigned long +-#define SHA_LONG_LOG2 3 +-#else +-#define SHA_LONG unsigned int +-#endif +- +-#define SHA_LBLOCK 16 +-#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a +- * contiguous array of 32 bit +- * wide big-endian values. */ +-#define SHA_LAST_BLOCK (SHA_CBLOCK-8) +-#define SHA_DIGEST_LENGTH 20 +- +-typedef struct SHAstate_st +- { +- SHA_LONG h0,h1,h2,h3,h4; +- SHA_LONG Nl,Nh; +- SHA_LONG data[SHA_LBLOCK]; +- unsigned int num; +- } SHA_CTX; +- +-#ifndef OPENSSL_NO_SHA0 +-#ifdef OPENSSL_FIPS ++# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) ++# define SHA_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define SHA_LONG unsigned long ++# define SHA_LONG_LOG2 3 ++# else ++# define SHA_LONG unsigned int ++# endif ++ ++# define SHA_LBLOCK 16 ++# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a ++ * contiguous array of 32 bit wide ++ * big-endian values. */ ++# define SHA_LAST_BLOCK (SHA_CBLOCK-8) ++# define SHA_DIGEST_LENGTH 20 ++ ++typedef struct SHAstate_st { ++ SHA_LONG h0, h1, h2, h3, h4; ++ SHA_LONG Nl, Nh; ++ SHA_LONG data[SHA_LBLOCK]; ++ unsigned int num; ++} SHA_CTX; ++ ++# ifndef OPENSSL_NO_SHA0 ++# ifdef OPENSSL_FIPS + int private_SHA_Init(SHA_CTX *c); +-#endif ++# endif + int SHA_Init(SHA_CTX *c); + int SHA_Update(SHA_CTX *c, const void *data, size_t len); + int SHA_Final(unsigned char *md, SHA_CTX *c); + unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); + void SHA_Transform(SHA_CTX *c, const unsigned char *data); +-#endif +-#ifndef OPENSSL_NO_SHA1 ++# endif ++# ifndef OPENSSL_NO_SHA1 + int SHA1_Init(SHA_CTX *c); + int SHA1_Update(SHA_CTX *c, const void *data, size_t len); + int SHA1_Final(unsigned char *md, SHA_CTX *c); + unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); + void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +-#endif +- +-#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a +- * contiguous array of 32 bit +- * wide big-endian values. */ +-#define SHA224_DIGEST_LENGTH 28 +-#define SHA256_DIGEST_LENGTH 32 +- +-typedef struct SHA256state_st +- { +- SHA_LONG h[8]; +- SHA_LONG Nl,Nh; +- SHA_LONG data[SHA_LBLOCK]; +- unsigned int num,md_len; +- } SHA256_CTX; +- +-#ifndef OPENSSL_NO_SHA256 ++# endif ++ ++# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a ++ * contiguous array of 32 bit wide ++ * big-endian values. */ ++# define SHA224_DIGEST_LENGTH 28 ++# define SHA256_DIGEST_LENGTH 32 ++ ++typedef struct SHA256state_st { ++ SHA_LONG h[8]; ++ SHA_LONG Nl, Nh; ++ SHA_LONG data[SHA_LBLOCK]; ++ unsigned int num, md_len; ++} SHA256_CTX; ++ ++# ifndef OPENSSL_NO_SHA256 + int SHA224_Init(SHA256_CTX *c); + int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA224_Final(unsigned char *md, SHA256_CTX *c); +-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md); ++unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md); + int SHA256_Init(SHA256_CTX *c); + int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA256_Final(unsigned char *md, SHA256_CTX *c); +-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md); ++unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); + void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +-#endif ++# endif + +-#define SHA384_DIGEST_LENGTH 48 +-#define SHA512_DIGEST_LENGTH 64 ++# define SHA384_DIGEST_LENGTH 48 ++# define SHA512_DIGEST_LENGTH 64 + +-#ifndef OPENSSL_NO_SHA512 ++# ifndef OPENSSL_NO_SHA512 + /* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +-#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a +- * contiguous array of 64 bit +- * wide big-endian values. */ +-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +-#define SHA_LONG64 unsigned __int64 +-#define U64(C) C##UI64 +-#elif defined(__arch64__) +-#define SHA_LONG64 unsigned long +-#define U64(C) C##UL +-#else +-#define SHA_LONG64 unsigned long long +-#define U64(C) C##ULL +-#endif +- +-typedef struct SHA512state_st +- { +- SHA_LONG64 h[8]; +- SHA_LONG64 Nl,Nh; +- union { +- SHA_LONG64 d[SHA_LBLOCK]; +- unsigned char p[SHA512_CBLOCK]; +- } u; +- unsigned int num,md_len; +- } SHA512_CTX; +-#endif +- +-#ifndef OPENSSL_NO_SHA512 ++/* ++ * SHA-512 treats input data as a ++ * contiguous array of 64 bit ++ * wide big-endian values. ++ */ ++# define SHA512_CBLOCK (SHA_LBLOCK*8) ++# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) ++# define SHA_LONG64 unsigned __int64 ++# define U64(C) C##UI64 ++# elif defined(__arch64__) ++# define SHA_LONG64 unsigned long ++# define U64(C) C##UL ++# else ++# define SHA_LONG64 unsigned long long ++# define U64(C) C##ULL ++# endif ++ ++typedef struct SHA512state_st { ++ SHA_LONG64 h[8]; ++ SHA_LONG64 Nl, Nh; ++ union { ++ SHA_LONG64 d[SHA_LBLOCK]; ++ unsigned char p[SHA512_CBLOCK]; ++ } u; ++ unsigned int num, md_len; ++} SHA512_CTX; ++# endif ++ ++# ifndef OPENSSL_NO_SHA512 + int SHA384_Init(SHA512_CTX *c); + int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA384_Final(unsigned char *md, SHA512_CTX *c); +-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md); ++unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md); + int SHA512_Init(SHA512_CTX *c); + int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA512_Final(unsigned char *md, SHA512_CTX *c); +-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md); ++unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); + void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +-#endif ++# endif + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h +index 5f2a04e..ee9944f 100644 +--- a/Cryptlib/Include/openssl/ssl.h ++++ b/Cryptlib/Include/openssl/ssl.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -116,7 +116,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -163,143 +163,146 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECC cipher suite support in OpenSSL originally developed by ++ * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +-#ifndef HEADER_SSL_H +-#define HEADER_SSL_H +- +-#include +- +-#ifndef OPENSSL_NO_COMP +-#include +-#endif +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#ifndef OPENSSL_NO_DEPRECATED +-#ifndef OPENSSL_NO_X509 +-#include +-#endif +-#include +-#include +-#include +-#endif +-#include +-#include +- +-#include +-#include +-#include ++#ifndef HEADER_SSL_H ++# define HEADER_SSL_H ++ ++# include ++ ++# ifndef OPENSSL_NO_COMP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_X509 ++# include ++# endif ++# include ++# include ++# include ++# endif ++# include ++# include ++ ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* SSLeay version number for ASN.1 encoding of the session information */ +-/* Version 0 - initial version ++/*- ++ * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +-#define SSL_SESSION_ASN1_VERSION 0x0001 ++# define SSL_SESSION_ASN1_VERSION 0x0001 + + /* text strings for the ciphers */ +-#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 +-#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 +-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 +-#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 +-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 +-#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 +-#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 +-#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA +-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 +-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA +- +-/* VRS Additional Kerberos5 entries ++# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 ++# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 ++# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 ++# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 ++# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 ++# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 ++# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 ++# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA ++# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 ++# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA ++ ++/* ++ * VRS Additional Kerberos5 entries + */ +-#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +-#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA +-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA +-#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +-#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 +-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 +- +-#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +-#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA +-#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA +-#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +-#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 +-#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 +- +-#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +-#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +-#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +-#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 +- +-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +-#define SSL_MAX_SID_CTX_LENGTH 32 +- +-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +-#define SSL_MAX_KEY_ARG_LENGTH 8 +-#define SSL_MAX_MASTER_KEY_LENGTH 48 ++# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA ++# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA ++# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA ++# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA ++# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 ++# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 ++# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 ++# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 ++ ++# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA ++# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA ++# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA ++# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 ++# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 ++# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 ++ ++# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA ++# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 ++# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA ++# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 ++# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA ++# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 ++# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 ++ ++# define SSL_MAX_SSL_SESSION_ID_LENGTH 32 ++# define SSL_MAX_SID_CTX_LENGTH 32 ++ ++# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) ++# define SSL_MAX_KEY_ARG_LENGTH 8 ++# define SSL_MAX_MASTER_KEY_LENGTH 48 + + /* These are used to specify which ciphers to use and not to use */ +-#define SSL_TXT_LOW "LOW" +-#define SSL_TXT_MEDIUM "MEDIUM" +-#define SSL_TXT_HIGH "HIGH" +-#define SSL_TXT_FIPS "FIPS" +-#define SSL_TXT_kFZA "kFZA" +-#define SSL_TXT_aFZA "aFZA" +-#define SSL_TXT_eFZA "eFZA" +-#define SSL_TXT_FZA "FZA" +- +-#define SSL_TXT_aNULL "aNULL" +-#define SSL_TXT_eNULL "eNULL" +-#define SSL_TXT_NULL "NULL" +- +-#define SSL_TXT_kKRB5 "kKRB5" +-#define SSL_TXT_aKRB5 "aKRB5" +-#define SSL_TXT_KRB5 "KRB5" +- +-#define SSL_TXT_kRSA "kRSA" +-#define SSL_TXT_kDHr "kDHr" +-#define SSL_TXT_kDHd "kDHd" +-#define SSL_TXT_kEDH "kEDH" +-#define SSL_TXT_aRSA "aRSA" +-#define SSL_TXT_aDSS "aDSS" +-#define SSL_TXT_aDH "aDH" +-#define SSL_TXT_DSS "DSS" +-#define SSL_TXT_DH "DH" +-#define SSL_TXT_EDH "EDH" +-#define SSL_TXT_ADH "ADH" +-#define SSL_TXT_RSA "RSA" +-#define SSL_TXT_DES "DES" +-#define SSL_TXT_3DES "3DES" +-#define SSL_TXT_RC4 "RC4" +-#define SSL_TXT_RC2 "RC2" +-#define SSL_TXT_IDEA "IDEA" +-#define SSL_TXT_SEED "SEED" +-#define SSL_TXT_AES "AES" +-#define SSL_TXT_CAMELLIA "CAMELLIA" +-#define SSL_TXT_MD5 "MD5" +-#define SSL_TXT_SHA1 "SHA1" +-#define SSL_TXT_SHA "SHA" +-#define SSL_TXT_EXP "EXP" +-#define SSL_TXT_EXPORT "EXPORT" +-#define SSL_TXT_EXP40 "EXPORT40" +-#define SSL_TXT_EXP56 "EXPORT56" +-#define SSL_TXT_SSLV2 "SSLv2" +-#define SSL_TXT_SSLV3 "SSLv3" +-#define SSL_TXT_TLSV1 "TLSv1" +-#define SSL_TXT_ALL "ALL" +-#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */ +- +-/* ++# define SSL_TXT_LOW "LOW" ++# define SSL_TXT_MEDIUM "MEDIUM" ++# define SSL_TXT_HIGH "HIGH" ++# define SSL_TXT_FIPS "FIPS" ++# define SSL_TXT_kFZA "kFZA" ++# define SSL_TXT_aFZA "aFZA" ++# define SSL_TXT_eFZA "eFZA" ++# define SSL_TXT_FZA "FZA" ++ ++# define SSL_TXT_aNULL "aNULL" ++# define SSL_TXT_eNULL "eNULL" ++# define SSL_TXT_NULL "NULL" ++ ++# define SSL_TXT_kKRB5 "kKRB5" ++# define SSL_TXT_aKRB5 "aKRB5" ++# define SSL_TXT_KRB5 "KRB5" ++ ++# define SSL_TXT_kRSA "kRSA" ++# define SSL_TXT_kDHr "kDHr" ++# define SSL_TXT_kDHd "kDHd" ++# define SSL_TXT_kEDH "kEDH" ++# define SSL_TXT_aRSA "aRSA" ++# define SSL_TXT_aDSS "aDSS" ++# define SSL_TXT_aDH "aDH" ++# define SSL_TXT_DSS "DSS" ++# define SSL_TXT_DH "DH" ++# define SSL_TXT_EDH "EDH" ++# define SSL_TXT_ADH "ADH" ++# define SSL_TXT_RSA "RSA" ++# define SSL_TXT_DES "DES" ++# define SSL_TXT_3DES "3DES" ++# define SSL_TXT_RC4 "RC4" ++# define SSL_TXT_RC2 "RC2" ++# define SSL_TXT_IDEA "IDEA" ++# define SSL_TXT_SEED "SEED" ++# define SSL_TXT_AES "AES" ++# define SSL_TXT_CAMELLIA "CAMELLIA" ++# define SSL_TXT_MD5 "MD5" ++# define SSL_TXT_SHA1 "SHA1" ++# define SSL_TXT_SHA "SHA" ++# define SSL_TXT_EXP "EXP" ++# define SSL_TXT_EXPORT "EXPORT" ++# define SSL_TXT_EXP40 "EXPORT40" ++# define SSL_TXT_EXP56 "EXPORT56" ++# define SSL_TXT_SSLV2 "SSLv2" ++# define SSL_TXT_SSLV3 "SSLv3" ++# define SSL_TXT_TLSV1 "TLSv1" ++# define SSL_TXT_ALL "ALL" ++# define SSL_TXT_ECC "ECCdraft"/* ECC ciphersuites are not yet ++ * official */ ++ ++/*- + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers +@@ -313,17 +316,18 @@ extern "C" { + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +-#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +-#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" ++# define SSL_TXT_CMPALL "COMPLEMENTOFALL" ++# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +-/* The following cipher list is used by default. +- * It also is substituted when an application-defined cipher list string +- * starts with 'DEFAULT'. */ +-#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */ ++/* ++ * The following cipher list is used by default. It also is substituted when ++ * an application-defined cipher list string starts with 'DEFAULT'. ++ */ ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH" + + /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +-#define SSL_SENT_SHUTDOWN 1 +-#define SSL_RECEIVED_SHUTDOWN 2 ++# define SSL_SENT_SHUTDOWN 1 ++# define SSL_RECEIVED_SHUTDOWN 2 + + #ifdef __cplusplus + } +@@ -333,1144 +337,1238 @@ extern "C" { + extern "C" { + #endif + +-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) +-#define OPENSSL_NO_SSL2 +-#endif ++# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) ++# define OPENSSL_NO_SSL2 ++# endif + +-#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +-#define SSL_FILETYPE_PEM X509_FILETYPE_PEM ++# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 ++# define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +-/* This is needed to stop compilers complaining about the +- * 'struct ssl_st *' function parameters used to prototype callbacks +- * in SSL_CTX. */ ++/* ++ * This is needed to stop compilers complaining about the 'struct ssl_st *' ++ * function parameters used to prototype callbacks in SSL_CTX. ++ */ + typedef struct ssl_st *ssl_crock_st; + + /* used to hold info on the particular ciphers used */ +-typedef struct ssl_cipher_st +- { +- int valid; +- const char *name; /* text name */ +- unsigned long id; /* id, 4 bytes, first is version */ +- unsigned long algorithms; /* what ciphers are used */ +- unsigned long algo_strength; /* strength and export flags */ +- unsigned long algorithm2; /* Extra flags */ +- int strength_bits; /* Number of bits really used */ +- int alg_bits; /* Number of bits for algorithm */ +- unsigned long mask; /* used for matching */ +- unsigned long mask_strength; /* also used for matching */ +- } SSL_CIPHER; ++typedef struct ssl_cipher_st { ++ int valid; ++ const char *name; /* text name */ ++ unsigned long id; /* id, 4 bytes, first is version */ ++ unsigned long algorithms; /* what ciphers are used */ ++ unsigned long algo_strength; /* strength and export flags */ ++ unsigned long algorithm2; /* Extra flags */ ++ int strength_bits; /* Number of bits really used */ ++ int alg_bits; /* Number of bits for algorithm */ ++ unsigned long mask; /* used for matching */ ++ unsigned long mask_strength; /* also used for matching */ ++} SSL_CIPHER; + + DECLARE_STACK_OF(SSL_CIPHER) + + /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +-typedef struct ssl_method_st +- { +- int version; +- int (*ssl_new)(SSL *s); +- void (*ssl_clear)(SSL *s); +- void (*ssl_free)(SSL *s); +- int (*ssl_accept)(SSL *s); +- int (*ssl_connect)(SSL *s); +- int (*ssl_read)(SSL *s,void *buf,int len); +- int (*ssl_peek)(SSL *s,void *buf,int len); +- int (*ssl_write)(SSL *s,const void *buf,int len); +- int (*ssl_shutdown)(SSL *s); +- int (*ssl_renegotiate)(SSL *s); +- int (*ssl_renegotiate_check)(SSL *s); +- long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long +- max, int *ok); +- int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, +- int peek); +- int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); +- int (*ssl_dispatch_alert)(SSL *s); +- long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); +- long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); +- SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); +- int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); +- int (*ssl_pending)(const SSL *s); +- int (*num_ciphers)(void); +- SSL_CIPHER *(*get_cipher)(unsigned ncipher); +- struct ssl_method_st *(*get_ssl_method)(int version); +- long (*get_timeout)(void); +- struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ +- int (*ssl_version)(void); +- long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void)); +- long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void)); +- } SSL_METHOD; +- +-/* Lets make this into an ASN.1 type structure as follows ++typedef struct ssl_method_st { ++ int version; ++ int (*ssl_new) (SSL *s); ++ void (*ssl_clear) (SSL *s); ++ void (*ssl_free) (SSL *s); ++ int (*ssl_accept) (SSL *s); ++ int (*ssl_connect) (SSL *s); ++ int (*ssl_read) (SSL *s, void *buf, int len); ++ int (*ssl_peek) (SSL *s, void *buf, int len); ++ int (*ssl_write) (SSL *s, const void *buf, int len); ++ int (*ssl_shutdown) (SSL *s); ++ int (*ssl_renegotiate) (SSL *s); ++ int (*ssl_renegotiate_check) (SSL *s); ++ long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long ++ max, int *ok); ++ int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, ++ int peek); ++ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); ++ int (*ssl_dispatch_alert) (SSL *s); ++ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); ++ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); ++ SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); ++ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); ++ int (*ssl_pending) (const SSL *s); ++ int (*num_ciphers) (void); ++ SSL_CIPHER *(*get_cipher) (unsigned ncipher); ++ struct ssl_method_st *(*get_ssl_method) (int version); ++ long (*get_timeout) (void); ++ struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ ++ int (*ssl_version) (void); ++ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); ++ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); ++} SSL_METHOD; ++ ++/*- ++ * Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { +- * version INTEGER, -- structure version number +- * SSLversion INTEGER, -- SSL version number +- * Cipher OCTET_STRING, -- the 3 byte cipher ID +- * Session_ID OCTET_STRING, -- the Session ID +- * Master_key OCTET_STRING, -- the master key +- * KRB5_principal OCTET_STRING -- optional Kerberos principal +- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument +- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time +- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds +- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate +- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context +- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' +- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX +- * } ++ * version INTEGER, -- structure version number ++ * SSLversion INTEGER, -- SSL version number ++ * Cipher OCTET_STRING, -- the 3 byte cipher ID ++ * Session_ID OCTET_STRING, -- the Session ID ++ * Master_key OCTET_STRING, -- the master key ++ * KRB5_principal OCTET_STRING -- optional Kerberos principal ++ * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument ++ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time ++ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds ++ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate ++ * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context ++ * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' ++ * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX ++ * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +-typedef struct ssl_session_st +- { +- int ssl_version; /* what ssl version session info is +- * being kept in here? */ +- +- /* only really used in SSLv2 */ +- unsigned int key_arg_length; +- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; +- int master_key_length; +- unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; +- /* session_id - valid? */ +- unsigned int session_id_length; +- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; +- /* this is used to determine whether the session is being reused in +- * the appropriate context. It is up to the application to set this, +- * via SSL_new */ +- unsigned int sid_ctx_length; +- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; +- +-#ifndef OPENSSL_NO_KRB5 +- unsigned int krb5_client_princ_len; +- unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; +-#endif /* OPENSSL_NO_KRB5 */ +- +- int not_resumable; +- +- /* The cert is the certificate used to establish this connection */ +- struct sess_cert_st /* SESS_CERT */ *sess_cert; +- +- /* This is the cert for the other end. +- * On clients, it will be the same as sess_cert->peer_key->x509 +- * (the latter is not enough as sess_cert is not retained +- * in the external representation of sessions, see ssl_asn1.c). */ +- X509 *peer; +- /* when app_verify_callback accepts a session where the peer's certificate +- * is not ok, we must remember the error for session reuse: */ +- long verify_result; /* only for servers */ +- +- int references; +- long timeout; +- long time; +- +- int compress_meth; /* Need to lookup the method */ +- +- SSL_CIPHER *cipher; +- unsigned long cipher_id; /* when ASN.1 loaded, this +- * needs to be used to load +- * the 'cipher' structure */ +- +- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ +- +- CRYPTO_EX_DATA ex_data; /* application specific data */ +- +- /* These are used to make removal of session-ids more +- * efficient and to implement a maximum cache size. */ +- struct ssl_session_st *prev,*next; +-#ifndef OPENSSL_NO_TLSEXT +- char *tlsext_hostname; +- /* RFC4507 info */ +- unsigned char *tlsext_tick; /* Session ticket */ +- size_t tlsext_ticklen; /* Session ticket length */ +- long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +-#endif +- } SSL_SESSION; +- +- +-#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L +-#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L ++typedef struct ssl_session_st { ++ int ssl_version; /* what ssl version session info is being ++ * kept in here? */ ++ /* only really used in SSLv2 */ ++ unsigned int key_arg_length; ++ unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; ++ int master_key_length; ++ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; ++ /* session_id - valid? */ ++ unsigned int session_id_length; ++ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; ++ /* ++ * this is used to determine whether the session is being reused in the ++ * appropriate context. It is up to the application to set this, via ++ * SSL_new ++ */ ++ unsigned int sid_ctx_length; ++ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; ++# ifndef OPENSSL_NO_KRB5 ++ unsigned int krb5_client_princ_len; ++ unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; ++# endif /* OPENSSL_NO_KRB5 */ ++ int not_resumable; ++ /* The cert is the certificate used to establish this connection */ ++ struct sess_cert_st /* SESS_CERT */ *sess_cert; ++ /* ++ * This is the cert for the other end. On clients, it will be the same as ++ * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is ++ * not retained in the external representation of sessions, see ++ * ssl_asn1.c). ++ */ ++ X509 *peer; ++ /* ++ * when app_verify_callback accepts a session where the peer's ++ * certificate is not ok, we must remember the error for session reuse: ++ */ ++ long verify_result; /* only for servers */ ++ int references; ++ long timeout; ++ long time; ++ int compress_meth; /* Need to lookup the method */ ++ SSL_CIPHER *cipher; ++ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used ++ * to load the 'cipher' structure */ ++ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ ++ CRYPTO_EX_DATA ex_data; /* application specific data */ ++ /* ++ * These are used to make removal of session-ids more efficient and to ++ * implement a maximum cache size. ++ */ ++ struct ssl_session_st *prev, *next; ++# ifndef OPENSSL_NO_TLSEXT ++ char *tlsext_hostname; ++ /* RFC4507 info */ ++ unsigned char *tlsext_tick; /* Session ticket */ ++ size_t tlsext_ticklen; /* Session ticket length */ ++ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ ++# endif ++} SSL_SESSION; ++ ++# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L ++# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L + /* Allow initial connection to servers that don't support RI */ +-#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L +-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L +-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L +-#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L +-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L +-#define SSL_OP_TLS_D5_BUG 0x00000100L +-#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L ++# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L ++# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L ++# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L ++# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L ++# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L ++# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L ++# define SSL_OP_TLS_D5_BUG 0x00000100L ++# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + + /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ +-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 ++# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 + +-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added +- * in OpenSSL 0.9.6d. Usually (depending on the application protocol) +- * the workaround is not needed. Unfortunately some broken SSL/TLS +- * implementations cannot handle it at all, which is why we include +- * it in SSL_OP_ALL. */ +-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ ++/* ++ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in ++ * OpenSSL 0.9.6d. Usually (depending on the application protocol) the ++ * workaround is not needed. Unfortunately some broken SSL/TLS ++ * implementations cannot handle it at all, which is why we include it in ++ * SSL_OP_ALL. ++ */ ++/* added in 0.9.6e */ ++# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L + +-/* SSL_OP_ALL: various bug workarounds that should be rather harmless. +- * This used to be 0x000FFFFFL before 0.9.7. */ +-#define SSL_OP_ALL 0x00000FFFL ++/* ++ * SSL_OP_ALL: various bug workarounds that should be rather harmless. This ++ * used to be 0x000FFFFFL before 0.9.7. ++ */ ++# define SSL_OP_ALL 0x00000FFFL + + /* DTLS options */ +-#define SSL_OP_NO_QUERY_MTU 0x00001000L ++# define SSL_OP_NO_QUERY_MTU 0x00001000L + /* Turn on Cookie Exchange (on relevant for servers) */ +-#define SSL_OP_COOKIE_EXCHANGE 0x00002000L ++# define SSL_OP_COOKIE_EXCHANGE 0x00002000L + /* Don't use RFC4507 ticket extension */ +-#define SSL_OP_NO_TICKET 0x00004000L ++# define SSL_OP_NO_TICKET 0x00004000L + /* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ +-#define SSL_OP_CISCO_ANYCONNECT 0x00008000L ++# define SSL_OP_CISCO_ANYCONNECT 0x00008000L + + /* As server, disallow session resumption on renegotiation */ +-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L ++# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L + /* Permit unsafe legacy renegotiation */ +-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L ++# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L + /* If set, always create a new key when using tmp_ecdh parameters */ +-#define SSL_OP_SINGLE_ECDH_USE 0x00080000L ++# define SSL_OP_SINGLE_ECDH_USE 0x00080000L + /* If set, always create a new key when using tmp_dh parameters */ +-#define SSL_OP_SINGLE_DH_USE 0x00100000L +-/* Set to always use the tmp_rsa key when doing RSA operations, +- * even when this violates protocol specs */ +-#define SSL_OP_EPHEMERAL_RSA 0x00200000L +-/* Set on servers to choose the cipher according to the server's +- * preferences */ +-#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L +-/* If set, a server will allow a client to issue a SSLv3.0 version number +- * as latest version supported in the premaster secret, even when TLSv1.0 ++# define SSL_OP_SINGLE_DH_USE 0x00100000L ++/* Does nothing: retained for compatibiity */ ++# define SSL_OP_EPHEMERAL_RSA 0x0 ++/* ++ * Set on servers to choose the cipher according to the server's preferences ++ */ ++# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L ++/* ++ * If set, a server will allow a client to issue a SSLv3.0 version number as ++ * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is +- * forbidden to prevent version rollback attacks. */ +-#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L +- +-#define SSL_OP_NO_SSLv2 0x01000000L +-#define SSL_OP_NO_SSLv3 0x02000000L +-#define SSL_OP_NO_TLSv1 0x04000000L +- +-/* The next flag deliberately changes the ciphertest, this is a check +- * for the PKCS#1 attack */ +-#define SSL_OP_PKCS1_CHECK_1 0x08000000L +-#define SSL_OP_PKCS1_CHECK_2 0x10000000L +-#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L +-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L +- +- +-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success +- * when just a single record has been written): */ +-#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +-/* Make it possible to retry SSL_write() with changed buffer location +- * (buffer contents must stay the same!); this is not the default to avoid +- * the misconception that non-blocking SSL_write() behaves like +- * non-blocking write(): */ +-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +-/* Never bother the application with retries if the transport +- * is blocking: */ +-#define SSL_MODE_AUTO_RETRY 0x00000004L +-/* Don't attempt to automatically build certificate chain */ +-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +- +- +-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, +- * they cannot be used to clear bits. */ +- +-#define SSL_CTX_set_options(ctx,op) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +-#define SSL_CTX_clear_options(ctx,op) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +-#define SSL_CTX_get_options(ctx) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) +-#define SSL_set_options(ssl,op) \ +- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) +-#define SSL_clear_options(ssl,op) \ +- SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +-#define SSL_get_options(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) ++ * forbidden to prevent version rollback attacks. ++ */ ++# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L + +-#define SSL_CTX_set_mode(ctx,op) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +-#define SSL_CTX_clear_mode(ctx,op) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +-#define SSL_CTX_get_mode(ctx) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +-#define SSL_clear_mode(ssl,op) \ +- SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +-#define SSL_set_mode(ssl,op) \ +- SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +-#define SSL_get_mode(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +-#define SSL_set_mtu(ssl, mtu) \ +- SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) ++# define SSL_OP_NO_SSLv2 0x01000000L ++# define SSL_OP_NO_SSLv3 0x02000000L ++# define SSL_OP_NO_TLSv1 0x04000000L ++ ++/* ++ * The next flag deliberately changes the ciphertest, this is a check for the ++ * PKCS#1 attack ++ */ ++# define SSL_OP_PKCS1_CHECK_1 0x08000000L ++# define SSL_OP_PKCS1_CHECK_2 0x10000000L ++# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L ++# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L + +-#define SSL_get_secure_renegotiation_support(ssl) \ +- SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) ++/* ++ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success ++ * when just a single record has been written): ++ */ ++# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L ++/* ++ * Make it possible to retry SSL_write() with changed buffer location (buffer ++ * contents must stay the same!); this is not the default to avoid the ++ * misconception that non-blocking SSL_write() behaves like non-blocking ++ * write(): ++ */ ++# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L ++/* ++ * Never bother the application with retries if the transport is blocking: ++ */ ++# define SSL_MODE_AUTO_RETRY 0x00000004L ++/* Don't attempt to automatically build certificate chain */ ++# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L ++/* ++ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications ++ * that reconnect with a downgraded protocol version; see ++ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your ++ * application attempts a normal handshake. Only use this in explicit ++ * fallback retries, following the guidance in ++ * draft-ietf-tls-downgrade-scsv-00. ++ */ ++# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L + +-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) ++/* ++ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they ++ * cannot be used to clear bits. ++ */ + ++# define SSL_CTX_set_options(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++# define SSL_CTX_clear_options(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) ++# define SSL_CTX_get_options(ctx) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) ++# define SSL_set_options(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) ++# define SSL_clear_options(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) ++# define SSL_get_options(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + ++# define SSL_CTX_set_mode(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) ++# define SSL_CTX_clear_mode(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) ++# define SSL_CTX_get_mode(ctx) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) ++# define SSL_clear_mode(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) ++# define SSL_set_mode(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) ++# define SSL_get_mode(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) ++# define SSL_set_mtu(ssl, mtu) \ ++ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) + +-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) +-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ +-#else +-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ +-#endif ++# define SSL_get_secure_renegotiation_support(ssl) \ ++ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) ++ ++void SSL_CTX_set_msg_callback(SSL_CTX *ctx, ++ void (*cb) (int write_p, int version, ++ int content_type, const void *buf, ++ size_t len, SSL *ssl, void *arg)); ++void SSL_set_msg_callback(SSL *ssl, ++ void (*cb) (int write_p, int version, ++ int content_type, const void *buf, ++ size_t len, SSL *ssl, void *arg)); ++# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) ++# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) ++ ++# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) ++# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 ++ /* 30k max cert list :-) */ ++# else ++# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 ++ /* 100k max cert list :-) */ ++# endif ++ ++# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) +- +-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set +- * them. It is used to override the generation of SSL/TLS session IDs in a +- * server. Return value should be zero on an error, non-zero to proceed. Also, +- * callbacks should themselves check if the id they generate is unique otherwise +- * the SSL handshake will fail with an error - callbacks can do this using the +- * 'ssl' value they're passed by; +- * SSL_has_matching_session_id(ssl, id, *id_len) +- * The length value passed in is set at the maximum size the session ID can be. +- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback +- * can alter this length to be less if desired, but under SSLv2 session IDs are +- * supposed to be fixed at 16 bytes so the id will be padded after the callback +- * returns in this case. It is also an error for the callback to set the size to +- * zero. */ +-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, +- unsigned int *id_len); +- +-typedef struct ssl_comp_st +- { +- int id; +- const char *name; +-#ifndef OPENSSL_NO_COMP +- COMP_METHOD *method; +-#else +- char *method; +-#endif +- } SSL_COMP; ++/* ++ * This callback type is used inside SSL_CTX, SSL, and in the functions that ++ * set them. It is used to override the generation of SSL/TLS session IDs in ++ * a server. Return value should be zero on an error, non-zero to proceed. ++ * Also, callbacks should themselves check if the id they generate is unique ++ * otherwise the SSL handshake will fail with an error - callbacks can do ++ * this using the 'ssl' value they're passed by; ++ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in ++ * is set at the maximum size the session ID can be. In SSLv2 this is 16 ++ * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this ++ * length to be less if desired, but under SSLv2 session IDs are supposed to ++ * be fixed at 16 bytes so the id will be padded after the callback returns ++ * in this case. It is also an error for the callback to set the size to ++ * zero. ++ */ ++typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, ++ unsigned int *id_len); ++ ++typedef struct ssl_comp_st { ++ int id; ++ const char *name; ++# ifndef OPENSSL_NO_COMP ++ COMP_METHOD *method; ++# else ++ char *method; ++# endif ++} SSL_COMP; + + DECLARE_STACK_OF(SSL_COMP) + +-struct ssl_ctx_st +- { +- SSL_METHOD *method; +- +- STACK_OF(SSL_CIPHER) *cipher_list; +- /* same as above but sorted for lookup */ +- STACK_OF(SSL_CIPHER) *cipher_list_by_id; +- +- struct x509_store_st /* X509_STORE */ *cert_store; +- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ +- /* Most session-ids that will be cached, default is +- * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ +- unsigned long session_cache_size; +- struct ssl_session_st *session_cache_head; +- struct ssl_session_st *session_cache_tail; +- +- /* This can have one of 2 values, ored together, +- * SSL_SESS_CACHE_CLIENT, +- * SSL_SESS_CACHE_SERVER, +- * Default is SSL_SESSION_CACHE_SERVER, which means only +- * SSL_accept which cache SSL_SESSIONS. */ +- int session_cache_mode; +- +- /* If timeout is not 0, it is the default timeout value set +- * when SSL_new() is called. This has been put in to make +- * life easier to set things up */ +- long session_timeout; +- +- /* If this callback is not null, it will be called each +- * time a session id is added to the cache. If this function +- * returns 1, it means that the callback will do a +- * SSL_SESSION_free() when it has finished using it. Otherwise, +- * on 0, it means the callback has finished with it. +- * If remove_session_cb is not null, it will be called when +- * a session-id is removed from the cache. After the call, +- * OpenSSL will SSL_SESSION_free() it. */ +- int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); +- void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); +- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, +- unsigned char *data,int len,int *copy); +- +- struct +- { +- int sess_connect; /* SSL new conn - started */ +- int sess_connect_renegotiate;/* SSL reneg - requested */ +- int sess_connect_good; /* SSL new conne/reneg - finished */ +- int sess_accept; /* SSL new accept - started */ +- int sess_accept_renegotiate;/* SSL reneg - requested */ +- int sess_accept_good; /* SSL accept/reneg - finished */ +- int sess_miss; /* session lookup misses */ +- int sess_timeout; /* reuse attempt on timeouted session */ +- int sess_cache_full; /* session removed due to full cache */ +- int sess_hit; /* session reuse actually done */ +- int sess_cb_hit; /* session-id that was not +- * in the cache was +- * passed back via the callback. This +- * indicates that the application is +- * supplying session-id's from other +- * processes - spooky :-) */ +- } stats; +- +- int references; +- +- /* if defined, these override the X509_verify_cert() calls */ +- int (*app_verify_callback)(X509_STORE_CTX *, void *); +- void *app_verify_arg; +- /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored +- * ('app_verify_callback' was called with just one argument) */ +- +- /* Default password callback. */ +- pem_password_cb *default_passwd_callback; +- +- /* Default password callback user data. */ +- void *default_passwd_callback_userdata; +- +- /* get client cert callback */ +- int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); ++struct ssl_ctx_st { ++ SSL_METHOD *method; ++ STACK_OF(SSL_CIPHER) *cipher_list; ++ /* same as above but sorted for lookup */ ++ STACK_OF(SSL_CIPHER) *cipher_list_by_id; ++ struct x509_store_st /* X509_STORE */ *cert_store; ++ struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ ++ /* ++ * Most session-ids that will be cached, default is ++ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. ++ */ ++ unsigned long session_cache_size; ++ struct ssl_session_st *session_cache_head; ++ struct ssl_session_st *session_cache_tail; ++ /* ++ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, ++ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which ++ * means only SSL_accept which cache SSL_SESSIONS. ++ */ ++ int session_cache_mode; ++ /* ++ * If timeout is not 0, it is the default timeout value set when ++ * SSL_new() is called. This has been put in to make life easier to set ++ * things up ++ */ ++ long session_timeout; ++ /* ++ * If this callback is not null, it will be called each time a session id ++ * is added to the cache. If this function returns 1, it means that the ++ * callback will do a SSL_SESSION_free() when it has finished using it. ++ * Otherwise, on 0, it means the callback has finished with it. If ++ * remove_session_cb is not null, it will be called when a session-id is ++ * removed from the cache. After the call, OpenSSL will ++ * SSL_SESSION_free() it. ++ */ ++ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); ++ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); ++ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, ++ unsigned char *data, int len, int *copy); ++ struct { ++ int sess_connect; /* SSL new conn - started */ ++ int sess_connect_renegotiate; /* SSL reneg - requested */ ++ int sess_connect_good; /* SSL new conne/reneg - finished */ ++ int sess_accept; /* SSL new accept - started */ ++ int sess_accept_renegotiate; /* SSL reneg - requested */ ++ int sess_accept_good; /* SSL accept/reneg - finished */ ++ int sess_miss; /* session lookup misses */ ++ int sess_timeout; /* reuse attempt on timeouted session */ ++ int sess_cache_full; /* session removed due to full cache */ ++ int sess_hit; /* session reuse actually done */ ++ int sess_cb_hit; /* session-id that was not in the cache was ++ * passed back via the callback. This ++ * indicates that the application is ++ * supplying session-id's from other ++ * processes - spooky :-) */ ++ } stats; ++ ++ int references; ++ ++ /* if defined, these override the X509_verify_cert() calls */ ++ int (*app_verify_callback) (X509_STORE_CTX *, void *); ++ void *app_verify_arg; ++ /* ++ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored ++ * ('app_verify_callback' was called with just one argument) ++ */ ++ ++ /* Default password callback. */ ++ pem_password_cb *default_passwd_callback; ++ ++ /* Default password callback user data. */ ++ void *default_passwd_callback_userdata; ++ ++ /* get client cert callback */ ++ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); + + /* cookie generate callback */ +- int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, +- unsigned int *cookie_len); ++ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, ++ unsigned int *cookie_len); + + /* verify cookie callback */ +- int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, +- unsigned int cookie_len); +- +- CRYPTO_EX_DATA ex_data; +- +- const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ +- const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ +- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ +- +- STACK_OF(X509) *extra_certs; +- STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ +- +- +- /* Default values used when no per-SSL value is defined follow */ +- +- void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ +- +- /* what we put in client cert requests */ +- STACK_OF(X509_NAME) *client_CA; +- +- +- /* Default values to use in SSL structures follow (these are copied by SSL_new) */ +- +- unsigned long options; +- unsigned long mode; +- long max_cert_list; +- +- struct cert_st /* CERT */ *cert; +- int read_ahead; +- +- /* callback that allows applications to peek at protocol messages */ +- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); +- void *msg_callback_arg; +- +- int verify_mode; +- unsigned int sid_ctx_length; +- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; +- int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ +- +- /* Default generate session ID callback. */ +- GEN_SESSION_CB generate_session_id; +- +- X509_VERIFY_PARAM *param; +- +-#if 0 +- int purpose; /* Purpose setting */ +- int trust; /* Trust setting */ +-#endif +- +- int quiet_shutdown; +- +-#ifndef OPENSSL_ENGINE +- /* Engine to pass requests for client certs to +- */ +- ENGINE *client_cert_engine; +-#endif +- +-#ifndef OPENSSL_NO_TLSEXT +- /* TLS extensions servername callback */ +- int (*tlsext_servername_callback)(SSL*, int *, void *); +- void *tlsext_servername_arg; +- /* RFC 4507 session ticket keys */ +- unsigned char tlsext_tick_key_name[16]; +- unsigned char tlsext_tick_hmac_key[16]; +- unsigned char tlsext_tick_aes_key[16]; +- /* Callback to support customisation of ticket key setting */ +- int (*tlsext_ticket_key_cb)(SSL *ssl, +- unsigned char *name, unsigned char *iv, +- EVP_CIPHER_CTX *ectx, +- HMAC_CTX *hctx, int enc); +- +- /* certificate status request info */ +- /* Callback for status request */ +- int (*tlsext_status_cb)(SSL *ssl, void *arg); +- void *tlsext_status_arg; +-#endif +- +- }; +- +-#define SSL_SESS_CACHE_OFF 0x0000 +-#define SSL_SESS_CACHE_CLIENT 0x0001 +-#define SSL_SESS_CACHE_SERVER 0x0002 +-#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +-#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 ++ int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, ++ unsigned int cookie_len); ++ ++ CRYPTO_EX_DATA ex_data; ++ ++ const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ ++ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ ++ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ ++ ++ STACK_OF(X509) *extra_certs; ++ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ ++ ++ /* Default values used when no per-SSL value is defined follow */ ++ ++ /* used if SSL's info_callback is NULL */ ++ void (*info_callback) (const SSL *ssl, int type, int val); ++ ++ /* what we put in client cert requests */ ++ STACK_OF(X509_NAME) *client_CA; ++ ++ /* ++ * Default values to use in SSL structures follow (these are copied by ++ * SSL_new) ++ */ ++ ++ unsigned long options; ++ unsigned long mode; ++ long max_cert_list; ++ ++ struct cert_st /* CERT */ *cert; ++ int read_ahead; ++ ++ /* callback that allows applications to peek at protocol messages */ ++ void (*msg_callback) (int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, void *arg); ++ void *msg_callback_arg; ++ ++ int verify_mode; ++ unsigned int sid_ctx_length; ++ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; ++ /* called 'verify_callback' in the SSL */ ++ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); ++ ++ /* Default generate session ID callback. */ ++ GEN_SESSION_CB generate_session_id; ++ ++ X509_VERIFY_PARAM *param; ++ ++# if 0 ++ int purpose; /* Purpose setting */ ++ int trust; /* Trust setting */ ++# endif ++ ++ int quiet_shutdown; ++ ++# ifndef OPENSSL_ENGINE ++ /* ++ * Engine to pass requests for client certs to ++ */ ++ ENGINE *client_cert_engine; ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++ /* TLS extensions servername callback */ ++ int (*tlsext_servername_callback) (SSL *, int *, void *); ++ void *tlsext_servername_arg; ++ /* RFC 4507 session ticket keys */ ++ unsigned char tlsext_tick_key_name[16]; ++ unsigned char tlsext_tick_hmac_key[16]; ++ unsigned char tlsext_tick_aes_key[16]; ++ /* Callback to support customisation of ticket key setting */ ++ int (*tlsext_ticket_key_cb) (SSL *ssl, ++ unsigned char *name, unsigned char *iv, ++ EVP_CIPHER_CTX *ectx, ++ HMAC_CTX *hctx, int enc); ++ ++ /* certificate status request info */ ++ /* Callback for status request */ ++ int (*tlsext_status_cb) (SSL *ssl, void *arg); ++ void *tlsext_status_arg; ++# endif ++ ++}; ++ ++# define SSL_SESS_CACHE_OFF 0x0000 ++# define SSL_SESS_CACHE_CLIENT 0x0001 ++# define SSL_SESS_CACHE_SERVER 0x0002 ++# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) ++# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 + /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +-#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +-#define SSL_SESS_CACHE_NO_INTERNAL \ +- (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) +- +- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +-#define SSL_CTX_sess_number(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +-#define SSL_CTX_sess_connect(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +-#define SSL_CTX_sess_connect_good(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +-#define SSL_CTX_sess_connect_renegotiate(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +-#define SSL_CTX_sess_accept(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +-#define SSL_CTX_sess_accept_renegotiate(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +-#define SSL_CTX_sess_accept_good(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +-#define SSL_CTX_sess_hits(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +-#define SSL_CTX_sess_cb_hits(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +-#define SSL_CTX_sess_misses(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +-#define SSL_CTX_sess_timeouts(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +-#define SSL_CTX_sess_cache_full(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) +- +-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); +-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); +-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess)); +-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy)); +-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy); +-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val)); +-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); +-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +-#ifndef OPENSSL_NO_ENGINE ++# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 ++# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 ++# define SSL_SESS_CACHE_NO_INTERNAL \ ++ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) ++ ++struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); ++# define SSL_CTX_sess_number(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) ++# define SSL_CTX_sess_connect(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) ++# define SSL_CTX_sess_connect_good(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) ++# define SSL_CTX_sess_connect_renegotiate(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) ++# define SSL_CTX_sess_accept(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) ++# define SSL_CTX_sess_accept_renegotiate(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) ++# define SSL_CTX_sess_accept_good(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) ++# define SSL_CTX_sess_hits(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) ++# define SSL_CTX_sess_cb_hits(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) ++# define SSL_CTX_sess_misses(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) ++# define SSL_CTX_sess_timeouts(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) ++# define SSL_CTX_sess_cache_full(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) ++ ++void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, ++ int (*new_session_cb) (struct ssl_st *ssl, ++ SSL_SESSION *sess)); ++int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, ++ SSL_SESSION *sess); ++void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, ++ void (*remove_session_cb) (struct ssl_ctx_st ++ *ctx, ++ SSL_SESSION ++ *sess)); ++void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, ++ SSL_SESSION *sess); ++void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, ++ SSL_SESSION *(*get_session_cb) (struct ssl_st ++ *ssl, ++ unsigned char ++ *data, int len, ++ int *copy)); ++SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, ++ unsigned char *Data, ++ int len, int *copy); ++void SSL_CTX_set_info_callback(SSL_CTX *ctx, ++ void (*cb) (const SSL *ssl, int type, ++ int val)); ++void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type, ++ int val); ++void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, ++ int (*client_cert_cb) (SSL *ssl, X509 **x509, ++ EVP_PKEY **pkey)); ++int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, ++ EVP_PKEY **pkey); ++# ifndef OPENSSL_NO_ENGINE + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); +-#endif +-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); +-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); +- +-#define SSL_NOTHING 1 +-#define SSL_WRITING 2 +-#define SSL_READING 3 +-#define SSL_X509_LOOKUP 4 ++# endif ++void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, ++ int (*app_gen_cookie_cb) (SSL *ssl, ++ unsigned char ++ *cookie, ++ unsigned int ++ *cookie_len)); ++void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, ++ int (*app_verify_cookie_cb) (SSL *ssl, ++ unsigned char ++ *cookie, ++ unsigned int ++ cookie_len)); ++ ++# define SSL_NOTHING 1 ++# define SSL_WRITING 2 ++# define SSL_READING 3 ++# define SSL_X509_LOOKUP 4 + + /* These will only be used when doing non-blocking IO */ +-#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +-#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +-#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +- +-struct ssl_st +- { +- /* protocol version +- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) +- */ +- int version; +- int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ +- +- SSL_METHOD *method; /* SSLv3 */ +- +- /* There are 2 BIO's even though they are normally both the +- * same. This is so data can be read and written to different +- * handlers */ +- +-#ifndef OPENSSL_NO_BIO +- BIO *rbio; /* used by SSL_read */ +- BIO *wbio; /* used by SSL_write */ +- BIO *bbio; /* used during session-id reuse to concatenate +- * messages */ +-#else +- char *rbio; /* used by SSL_read */ +- char *wbio; /* used by SSL_write */ +- char *bbio; +-#endif +- /* This holds a variable that indicates what we were doing +- * when a 0 or -1 is returned. This is needed for +- * non-blocking IO so we know what request needs re-doing when +- * in SSL_accept or SSL_connect */ +- int rwstate; +- +- /* true when we are actually in SSL_accept() or SSL_connect() */ +- int in_handshake; +- int (*handshake_func)(SSL *); +- +- /* Imagine that here's a boolean member "init" that is +- * switched as soon as SSL_set_{accept/connect}_state +- * is called for the first time, so that "state" and +- * "handshake_func" are properly initialized. But as +- * handshake_func is == 0 until then, we use this +- * test instead of an "init" member. +- */ +- +- int server; /* are we the server side? - mostly used by SSL_clear*/ +- +- int new_session;/* 1 if we are to use a new session. +- * 2 if we are a server and are inside a handshake +- * (i.e. not just sending a HelloRequest) +- * NB: For servers, the 'new' session may actually be a previously +- * cached session or even the previous session unless +- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ +- int quiet_shutdown;/* don't send shutdown packets */ +- int shutdown; /* we have shut things down, 0x01 sent, 0x02 +- * for received */ +- int state; /* where we are */ +- int rstate; /* where we are when reading */ +- +- BUF_MEM *init_buf; /* buffer used during init */ +- void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ +- int init_num; /* amount read/written */ +- int init_off; /* amount read/written */ +- +- /* used internally to point at a raw packet */ +- unsigned char *packet; +- unsigned int packet_length; +- +- struct ssl2_state_st *s2; /* SSLv2 variables */ +- struct ssl3_state_st *s3; /* SSLv3 variables */ +- struct dtls1_state_st *d1; /* DTLSv1 variables */ +- +- int read_ahead; /* Read as many input bytes as possible +- * (for non-blocking reads) */ +- +- /* callback that allows applications to peek at protocol messages */ +- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); +- void *msg_callback_arg; +- +- int hit; /* reusing a previous session */ +- +- X509_VERIFY_PARAM *param; +- +-#if 0 +- int purpose; /* Purpose setting */ +- int trust; /* Trust setting */ +-#endif +- +- /* crypto */ +- STACK_OF(SSL_CIPHER) *cipher_list; +- STACK_OF(SSL_CIPHER) *cipher_list_by_id; +- +- /* These are the ones being used, the ones in SSL_SESSION are +- * the ones to be 'copied' into these ones */ +- +- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ +- const EVP_MD *read_hash; /* used for mac generation */ +-#ifndef OPENSSL_NO_COMP +- COMP_CTX *expand; /* uncompress */ +-#else +- char *expand; +-#endif +- +- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ +- const EVP_MD *write_hash; /* used for mac generation */ +-#ifndef OPENSSL_NO_COMP +- COMP_CTX *compress; /* compression */ +-#else +- char *compress; +-#endif +- +- /* session info */ +- +- /* client cert? */ +- /* This is used to hold the server certificate used */ +- struct cert_st /* CERT */ *cert; +- +- /* the session_id_context is used to ensure sessions are only reused +- * in the appropriate context */ +- unsigned int sid_ctx_length; +- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; +- +- /* This can also be in the session once a session is established */ +- SSL_SESSION *session; +- +- /* Default generate session ID callback. */ +- GEN_SESSION_CB generate_session_id; +- +- /* Used in SSL2 and SSL3 */ +- int verify_mode; /* 0 don't care about verify failure. +- * 1 fail if verify fails */ +- int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ +- +- void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ +- +- int error; /* error bytes to be written */ +- int error_code; /* actual code */ +- +-#ifndef OPENSSL_NO_KRB5 +- KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ +-#endif /* OPENSSL_NO_KRB5 */ +- +- SSL_CTX *ctx; +- /* set this flag to 1 and a sleep(1) is put into all SSL_read() +- * and SSL_write() calls, good for nbio debuging :-) */ +- int debug; +- +- /* extra application data */ +- long verify_result; +- CRYPTO_EX_DATA ex_data; +- +- /* for server side, keep the list of CA_dn we can use */ +- STACK_OF(X509_NAME) *client_CA; +- +- int references; +- unsigned long options; /* protocol behaviour */ +- unsigned long mode; /* API behaviour */ +- long max_cert_list; +- int first_packet; +- int client_version; /* what was passed, used for +- * SSLv3/TLS rollback check */ +-#ifndef OPENSSL_NO_TLSEXT +- /* TLS extension debug callback */ +- void (*tlsext_debug_cb)(SSL *s, int client_server, int type, +- unsigned char *data, int len, +- void *arg); +- void *tlsext_debug_arg; +- char *tlsext_hostname; +- int servername_done; /* no further mod of servername +- 0 : call the servername extension callback. +- 1 : prepare 2, allow last ack just after in server callback. +- 2 : don't call servername callback, no ack in server hello +- */ +- /* certificate status request info */ +- /* Status type or -1 if no status type */ +- int tlsext_status_type; +- /* Expect OCSP CertificateStatus message */ +- int tlsext_status_expected; +- /* OCSP status request only */ +- STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; +- X509_EXTENSIONS *tlsext_ocsp_exts; +- /* OCSP response received or to be sent */ +- unsigned char *tlsext_ocsp_resp; +- int tlsext_ocsp_resplen; +- +- /* RFC4507 session ticket expected to be received or sent */ +- int tlsext_ticket_expected; +- SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ +-#define session_ctx initial_ctx +-#else +-#define session_ctx ctx +-#endif +- }; ++# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) ++# define SSL_want_read(s) (SSL_want(s) == SSL_READING) ++# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) ++# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) ++ ++struct ssl_st { ++ /* ++ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, ++ * DTLS1_VERSION) ++ */ ++ int version; ++ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ ++ int type; ++ /* SSLv3 */ ++ SSL_METHOD *method; ++ /* ++ * There are 2 BIO's even though they are normally both the same. This ++ * is so data can be read and written to different handlers ++ */ ++# ifndef OPENSSL_NO_BIO ++ /* used by SSL_read */ ++ BIO *rbio; ++ /* used by SSL_write */ ++ BIO *wbio; ++ /* used during session-id reuse to concatenate messages */ ++ BIO *bbio; ++# else ++ /* used by SSL_read */ ++ char *rbio; ++ /* used by SSL_write */ ++ char *wbio; ++ char *bbio; ++# endif ++ /* ++ * This holds a variable that indicates what we were doing when a 0 or -1 ++ * is returned. This is needed for non-blocking IO so we know what ++ * request needs re-doing when in SSL_accept or SSL_connect ++ */ ++ int rwstate; ++ /* true when we are actually in SSL_accept() or SSL_connect() */ ++ int in_handshake; ++ int (*handshake_func) (SSL *); ++ /* ++ * Imagine that here's a boolean member "init" that is switched as soon ++ * as SSL_set_{accept/connect}_state is called for the first time, so ++ * that "state" and "handshake_func" are properly initialized. But as ++ * handshake_func is == 0 until then, we use this test instead of an ++ * "init" member. ++ */ ++ /* are we the server side? - mostly used by SSL_clear */ ++ int server; ++ /* ++ * 1 if we are to use a new session. ++ * 2 if we are a server and are inside a handshake ++ * (i.e. not just sending a HelloRequest) ++ * NB: For servers, the 'new' session may actually be a previously ++ * cached session or even the previous session unless ++ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set ++ */ ++ int new_session; ++ /* don't send shutdown packets */ ++ int quiet_shutdown; ++ /* we have shut things down, 0x01 sent, 0x02 for received */ ++ int shutdown; ++ /* where we are */ ++ int state; ++ /* where we are when reading */ ++ int rstate; ++ BUF_MEM *init_buf; /* buffer used during init */ ++ void *init_msg; /* pointer to handshake message body, set by ++ * ssl3_get_message() */ ++ int init_num; /* amount read/written */ ++ int init_off; /* amount read/written */ ++ /* used internally to point at a raw packet */ ++ unsigned char *packet; ++ unsigned int packet_length; ++ struct ssl2_state_st *s2; /* SSLv2 variables */ ++ struct ssl3_state_st *s3; /* SSLv3 variables */ ++ struct dtls1_state_st *d1; /* DTLSv1 variables */ ++ int read_ahead; /* Read as many input bytes as possible (for ++ * non-blocking reads) */ ++ /* callback that allows applications to peek at protocol messages */ ++ void (*msg_callback) (int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, void *arg); ++ void *msg_callback_arg; ++ int hit; /* reusing a previous session */ ++ X509_VERIFY_PARAM *param; ++# if 0 ++ int purpose; /* Purpose setting */ ++ int trust; /* Trust setting */ ++# endif ++ /* crypto */ ++ STACK_OF(SSL_CIPHER) *cipher_list; ++ STACK_OF(SSL_CIPHER) *cipher_list_by_id; ++ /* ++ * These are the ones being used, the ones in SSL_SESSION are the ones to ++ * be 'copied' into these ones ++ */ ++ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ ++ const EVP_MD *read_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP ++ COMP_CTX *expand; /* uncompress */ ++# else ++ char *expand; ++# endif ++ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ ++ const EVP_MD *write_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP ++ COMP_CTX *compress; /* compression */ ++# else ++ char *compress; ++# endif ++ /* session info */ ++ /* client cert? */ ++ /* This is used to hold the server certificate used */ ++ struct cert_st /* CERT */ *cert; ++ /* ++ * the session_id_context is used to ensure sessions are only reused in ++ * the appropriate context ++ */ ++ unsigned int sid_ctx_length; ++ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; ++ /* This can also be in the session once a session is established */ ++ SSL_SESSION *session; ++ /* Default generate session ID callback. */ ++ GEN_SESSION_CB generate_session_id; ++ /* Used in SSL2 and SSL3 */ ++ /* ++ * 0 don't care about verify failure. ++ * 1 fail if verify fails ++ */ ++ int verify_mode; ++ /* fail if callback returns 0 */ ++ int (*verify_callback) (int ok, X509_STORE_CTX *ctx); ++ /* optional informational callback */ ++ void (*info_callback) (const SSL *ssl, int type, int val); ++ /* error bytes to be written */ ++ int error; ++ /* actual code */ ++ int error_code; ++# ifndef OPENSSL_NO_KRB5 ++ /* Kerberos 5 context */ ++ KSSL_CTX *kssl_ctx; ++# endif /* OPENSSL_NO_KRB5 */ ++ SSL_CTX *ctx; ++ /* ++ * set this flag to 1 and a sleep(1) is put into all SSL_read() and ++ * SSL_write() calls, good for nbio debuging :-) ++ */ ++ int debug; ++ /* extra application data */ ++ long verify_result; ++ CRYPTO_EX_DATA ex_data; ++ /* for server side, keep the list of CA_dn we can use */ ++ STACK_OF(X509_NAME) *client_CA; ++ int references; ++ /* protocol behaviour */ ++ unsigned long options; ++ /* API behaviour */ ++ unsigned long mode; ++ long max_cert_list; ++ int first_packet; ++ /* what was passed, used for SSLv3/TLS rollback check */ ++ int client_version; ++# ifndef OPENSSL_NO_TLSEXT ++ /* TLS extension debug callback */ ++ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, ++ unsigned char *data, int len, void *arg); ++ void *tlsext_debug_arg; ++ char *tlsext_hostname; ++ /*- ++ * no further mod of servername ++ * 0 : call the servername extension callback. ++ * 1 : prepare 2, allow last ack just after in server callback. ++ * 2 : don't call servername callback, no ack in server hello ++ */ ++ int servername_done; ++ /* certificate status request info */ ++ /* Status type or -1 if no status type */ ++ int tlsext_status_type; ++ /* Expect OCSP CertificateStatus message */ ++ int tlsext_status_expected; ++ /* OCSP status request only */ ++ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; ++ X509_EXTENSIONS *tlsext_ocsp_exts; ++ /* OCSP response received or to be sent */ ++ unsigned char *tlsext_ocsp_resp; ++ int tlsext_ocsp_resplen; ++ /* RFC4507 session ticket expected to be received or sent */ ++ int tlsext_ticket_expected; ++ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ ++# define session_ctx initial_ctx ++# else ++# define session_ctx ctx ++# endif ++}; + + #ifdef __cplusplus + } + #endif + +-#include +-#include +-#include /* This is mostly sslv3 with a few tweaks */ +-#include /* Datagram TLS */ +-#include ++# include ++# include ++# include /* This is mostly sslv3 with a few tweaks */ ++# include /* Datagram TLS */ ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* compatibility */ +-#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +-#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +-#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) +-#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +-#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +-#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) +- +-/* The following are the possible values for ssl->state are are +- * used to indicate where we are up to in the SSL connection establishment. +- * The macros that follow are about the only things you should need to use +- * and even then, only when using non-blocking IO. +- * It can also be useful to work out where you were when the connection +- * failed */ +- +-#define SSL_ST_CONNECT 0x1000 +-#define SSL_ST_ACCEPT 0x2000 +-#define SSL_ST_MASK 0x0FFF +-#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) +-#define SSL_ST_BEFORE 0x4000 +-#define SSL_ST_OK 0x03 +-#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +- +-#define SSL_CB_LOOP 0x01 +-#define SSL_CB_EXIT 0x02 +-#define SSL_CB_READ 0x04 +-#define SSL_CB_WRITE 0x08 +-#define SSL_CB_ALERT 0x4000 /* used in callback */ +-#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +-#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +-#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +-#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +-#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +-#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +-#define SSL_CB_HANDSHAKE_START 0x10 +-#define SSL_CB_HANDSHAKE_DONE 0x20 ++# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) ++# define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) ++# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) ++# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) ++# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) ++# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) ++ ++/* ++ * The following are the possible values for ssl->state are are used to ++ * indicate where we are up to in the SSL connection establishment. The ++ * macros that follow are about the only things you should need to use and ++ * even then, only when using non-blocking IO. It can also be useful to work ++ * out where you were when the connection failed ++ */ ++ ++# define SSL_ST_CONNECT 0x1000 ++# define SSL_ST_ACCEPT 0x2000 ++# define SSL_ST_MASK 0x0FFF ++# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) ++# define SSL_ST_BEFORE 0x4000 ++# define SSL_ST_OK 0x03 ++# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) ++ ++# define SSL_CB_LOOP 0x01 ++# define SSL_CB_EXIT 0x02 ++# define SSL_CB_READ 0x04 ++# define SSL_CB_WRITE 0x08 ++# define SSL_CB_ALERT 0x4000/* used in callback */ ++# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) ++# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) ++# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) ++# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) ++# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) ++# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) ++# define SSL_CB_HANDSHAKE_START 0x10 ++# define SSL_CB_HANDSHAKE_DONE 0x20 + + /* Is the SSL_connection established? */ +-#define SSL_get_state(a) SSL_state(a) +-#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) +-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) +-#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) +-#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) +-#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) +- +-/* The following 2 states are kept in ssl->rstate when reads fail, +- * you should not need these */ +-#define SSL_ST_READ_HEADER 0xF0 +-#define SSL_ST_READ_BODY 0xF1 +-#define SSL_ST_READ_DONE 0xF2 +- +-/* Obtain latest Finished message ++# define SSL_get_state(a) SSL_state(a) ++# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) ++# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) ++# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) ++# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) ++# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) ++ ++/* ++ * The following 2 states are kept in ssl->rstate when reads fail, you should ++ * not need these ++ */ ++# define SSL_ST_READ_HEADER 0xF0 ++# define SSL_ST_READ_BODY 0xF1 ++# define SSL_ST_READ_DONE 0xF2 ++ ++/*- ++ * Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). +- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ ++ * Returns length (0 == no Finished so far), copies up to 'count' bytes. ++ */ + size_t SSL_get_finished(const SSL *s, void *buf, size_t count); + size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options +- * are 'ored' with SSL_VERIFY_PEER if they are desired */ +-#define SSL_VERIFY_NONE 0x00 +-#define SSL_VERIFY_PEER 0x01 +-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +-#define SSL_VERIFY_CLIENT_ONCE 0x04 ++/* ++ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are ++ * 'ored' with SSL_VERIFY_PEER if they are desired ++ */ ++# define SSL_VERIFY_NONE 0x00 ++# define SSL_VERIFY_PEER 0x01 ++# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 ++# define SSL_VERIFY_CLIENT_ONCE 0x04 + +-#define OpenSSL_add_ssl_algorithms() SSL_library_init() +-#define SSLeay_add_ssl_algorithms() SSL_library_init() ++# define OpenSSL_add_ssl_algorithms() SSL_library_init() ++# define SSLeay_add_ssl_algorithms() SSL_library_init() + + /* this is for backward compatibility */ +-#if 0 /* NEW_SSLEAY */ +-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) +-#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) +-#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) +-#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) +-#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) +-#endif ++# if 0 /* NEW_SSLEAY */ ++# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) ++# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) ++# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) ++# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) ++# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) ++# endif + /* More backward compatibility */ +-#define SSL_get_cipher(s) \ +- SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +-#define SSL_get_cipher_bits(s,np) \ +- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +-#define SSL_get_cipher_version(s) \ +- SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +-#define SSL_get_cipher_name(s) \ +- SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +-#define SSL_get_time(a) SSL_SESSION_get_time(a) +-#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +-#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +-#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) +- +-#if 1 /*SSLEAY_MACROS*/ +-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) +-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ +- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) +-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) +-#define PEM_write_SSL_SESSION(fp,x) \ +- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ +- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) +-#define PEM_write_bio_SSL_SESSION(bp,x) \ +- PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) +-#endif +- +-#define SSL_AD_REASON_OFFSET 1000 ++# define SSL_get_cipher(s) \ ++ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) ++# define SSL_get_cipher_bits(s,np) \ ++ SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) ++# define SSL_get_cipher_version(s) \ ++ SSL_CIPHER_get_version(SSL_get_current_cipher(s)) ++# define SSL_get_cipher_name(s) \ ++ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) ++# define SSL_get_time(a) SSL_SESSION_get_time(a) ++# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) ++# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) ++# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) ++ ++# if 1 /* SSLEAY_MACROS */ ++# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) ++# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) ++# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ ++ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) ++# define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u) ++# define PEM_write_SSL_SESSION(fp,x) \ ++ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ ++ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) ++# define PEM_write_bio_SSL_SESSION(bp,x) \ ++ PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL) ++# endif ++ ++# define SSL_AD_REASON_OFFSET 1000 + /* These alert types are for SSLv3 and TLSv1 */ +-#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY +-#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ +-#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */ +-#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED +-#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW +-#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */ +-#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */ +-#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */ +-#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE +-#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE +-#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED +-#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED +-#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN +-#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */ +-#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */ +-#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ +-#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ +-#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR +-#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ +-#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ +-#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ +-#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ +-#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED +-#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION +-#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION +-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE +-#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME +-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE +-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE +-#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +- +-#define SSL_ERROR_NONE 0 +-#define SSL_ERROR_SSL 1 +-#define SSL_ERROR_WANT_READ 2 +-#define SSL_ERROR_WANT_WRITE 3 +-#define SSL_ERROR_WANT_X509_LOOKUP 4 +-#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ +-#define SSL_ERROR_ZERO_RETURN 6 +-#define SSL_ERROR_WANT_CONNECT 7 +-#define SSL_ERROR_WANT_ACCEPT 8 +- +-#define SSL_CTRL_NEED_TMP_RSA 1 +-#define SSL_CTRL_SET_TMP_RSA 2 +-#define SSL_CTRL_SET_TMP_DH 3 +-#define SSL_CTRL_SET_TMP_ECDH 4 +-#define SSL_CTRL_SET_TMP_RSA_CB 5 +-#define SSL_CTRL_SET_TMP_DH_CB 6 +-#define SSL_CTRL_SET_TMP_ECDH_CB 7 +- +-#define SSL_CTRL_GET_SESSION_REUSED 8 +-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +-#define SSL_CTRL_GET_FLAGS 13 +-#define SSL_CTRL_EXTRA_CHAIN_CERT 14 +- +-#define SSL_CTRL_SET_MSG_CALLBACK 15 +-#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 ++# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY ++/* fatal */ ++# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE ++/* fatal */ ++# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC ++# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED ++# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW ++/* fatal */ ++# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE ++/* fatal */ ++# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE ++/* Not for TLS */ ++# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE ++# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE ++# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE ++# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED ++# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED ++# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN ++/* fatal */ ++# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER ++/* fatal */ ++# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA ++/* fatal */ ++# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED ++/* fatal */ ++# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR ++# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR ++/* fatal */ ++# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION ++/* fatal */ ++# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION ++/* fatal */ ++# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY ++/* fatal */ ++# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR ++# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED ++# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION ++# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION ++# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE ++# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME ++# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE ++# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE ++/* fatal */ ++# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY ++/* fatal */ ++# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK ++ ++# define SSL_ERROR_NONE 0 ++# define SSL_ERROR_SSL 1 ++# define SSL_ERROR_WANT_READ 2 ++# define SSL_ERROR_WANT_WRITE 3 ++# define SSL_ERROR_WANT_X509_LOOKUP 4 ++# define SSL_ERROR_SYSCALL 5/* look at error stack/return ++ * value/errno */ ++# define SSL_ERROR_ZERO_RETURN 6 ++# define SSL_ERROR_WANT_CONNECT 7 ++# define SSL_ERROR_WANT_ACCEPT 8 ++ ++# define SSL_CTRL_NEED_TMP_RSA 1 ++# define SSL_CTRL_SET_TMP_RSA 2 ++# define SSL_CTRL_SET_TMP_DH 3 ++# define SSL_CTRL_SET_TMP_ECDH 4 ++# define SSL_CTRL_SET_TMP_RSA_CB 5 ++# define SSL_CTRL_SET_TMP_DH_CB 6 ++# define SSL_CTRL_SET_TMP_ECDH_CB 7 ++ ++# define SSL_CTRL_GET_SESSION_REUSED 8 ++# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 ++# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 ++# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 ++# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 ++# define SSL_CTRL_GET_FLAGS 13 ++# define SSL_CTRL_EXTRA_CHAIN_CERT 14 ++ ++# define SSL_CTRL_SET_MSG_CALLBACK 15 ++# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 + + /* only applies to datagram connections */ +-#define SSL_CTRL_SET_MTU 17 ++# define SSL_CTRL_SET_MTU 17 + /* Stats */ +-#define SSL_CTRL_SESS_NUMBER 20 +-#define SSL_CTRL_SESS_CONNECT 21 +-#define SSL_CTRL_SESS_CONNECT_GOOD 22 +-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +-#define SSL_CTRL_SESS_ACCEPT 24 +-#define SSL_CTRL_SESS_ACCEPT_GOOD 25 +-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +-#define SSL_CTRL_SESS_HIT 27 +-#define SSL_CTRL_SESS_CB_HIT 28 +-#define SSL_CTRL_SESS_MISSES 29 +-#define SSL_CTRL_SESS_TIMEOUTS 30 +-#define SSL_CTRL_SESS_CACHE_FULL 31 +-#define SSL_CTRL_OPTIONS 32 +-#define SSL_CTRL_MODE 33 +- +-#define SSL_CTRL_GET_READ_AHEAD 40 +-#define SSL_CTRL_SET_READ_AHEAD 41 +-#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +-#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +-#define SSL_CTRL_SET_SESS_CACHE_MODE 44 +-#define SSL_CTRL_GET_SESS_CACHE_MODE 45 +- +-#define SSL_CTRL_GET_MAX_CERT_LIST 50 +-#define SSL_CTRL_SET_MAX_CERT_LIST 51 ++# define SSL_CTRL_SESS_NUMBER 20 ++# define SSL_CTRL_SESS_CONNECT 21 ++# define SSL_CTRL_SESS_CONNECT_GOOD 22 ++# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 ++# define SSL_CTRL_SESS_ACCEPT 24 ++# define SSL_CTRL_SESS_ACCEPT_GOOD 25 ++# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 ++# define SSL_CTRL_SESS_HIT 27 ++# define SSL_CTRL_SESS_CB_HIT 28 ++# define SSL_CTRL_SESS_MISSES 29 ++# define SSL_CTRL_SESS_TIMEOUTS 30 ++# define SSL_CTRL_SESS_CACHE_FULL 31 ++# define SSL_CTRL_OPTIONS 32 ++# define SSL_CTRL_MODE 33 ++ ++# define SSL_CTRL_GET_READ_AHEAD 40 ++# define SSL_CTRL_SET_READ_AHEAD 41 ++# define SSL_CTRL_SET_SESS_CACHE_SIZE 42 ++# define SSL_CTRL_GET_SESS_CACHE_SIZE 43 ++# define SSL_CTRL_SET_SESS_CACHE_MODE 44 ++# define SSL_CTRL_GET_SESS_CACHE_MODE 45 ++ ++# define SSL_CTRL_GET_MAX_CERT_LIST 50 ++# define SSL_CTRL_SET_MAX_CERT_LIST 51 + + /* see tls1.h for macros based on these */ +-#ifndef OPENSSL_NO_TLSEXT +-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +-#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +- +-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +- +-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +-#endif +- +-#define DTLS_CTRL_GET_TIMEOUT 73 +-#define DTLS_CTRL_HANDLE_TIMEOUT 74 +-#define DTLS_CTRL_LISTEN 75 +- +-#define SSL_CTRL_GET_RI_SUPPORT 76 +-#define SSL_CTRL_CLEAR_OPTIONS 77 +-#define SSL_CTRL_CLEAR_MODE 78 +- +-#define DTLSv1_get_timeout(ssl, arg) \ +- SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) +-#define DTLSv1_handle_timeout(ssl) \ +- SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +-#define DTLSv1_listen(ssl, peer) \ +- SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) +- +-#define SSL_session_reused(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) +-#define SSL_num_renegotiations(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +-#define SSL_clear_num_renegotiations(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +-#define SSL_total_renegotiations(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) +- +-#define SSL_CTX_need_tmp_RSA(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +-#define SSL_CTX_set_tmp_dh(ctx,dh) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +- +-#define SSL_need_tmp_RSA(ssl) \ +- SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) +-#define SSL_set_tmp_rsa(ssl,rsa) \ +- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +-#define SSL_set_tmp_dh(ssl,dh) \ +- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +-#define SSL_set_tmp_ecdh(ssl,ecdh) \ +- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +- +-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) +- +-#ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_TLSEXT ++# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 ++# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 ++# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 ++# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 ++# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 ++# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 ++# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 ++ ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 ++ ++# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 ++# endif ++ ++# define DTLS_CTRL_GET_TIMEOUT 73 ++# define DTLS_CTRL_HANDLE_TIMEOUT 74 ++# define DTLS_CTRL_LISTEN 75 ++ ++# define SSL_CTRL_GET_RI_SUPPORT 76 ++# define SSL_CTRL_CLEAR_OPTIONS 77 ++# define SSL_CTRL_CLEAR_MODE 78 ++ ++# define SSL_CTRL_CHECK_PROTO_VERSION 119 ++ ++# define DTLSv1_get_timeout(ssl, arg) \ ++ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) ++# define DTLSv1_handle_timeout(ssl) \ ++ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) ++# define DTLSv1_listen(ssl, peer) \ ++ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) ++ ++# define SSL_session_reused(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) ++# define SSL_num_renegotiations(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) ++# define SSL_clear_num_renegotiations(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) ++# define SSL_total_renegotiations(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) ++ ++# define SSL_CTX_need_tmp_RSA(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) ++# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) ++# define SSL_CTX_set_tmp_dh(ctx,dh) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) ++# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) ++ ++# define SSL_need_tmp_RSA(ssl) \ ++ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) ++# define SSL_set_tmp_rsa(ssl,rsa) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) ++# define SSL_set_tmp_dh(ssl,dh) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) ++# define SSL_set_tmp_ecdh(ssl,ecdh) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) ++ ++# define SSL_CTX_add_extra_chain_cert(ctx,x509) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) ++ ++# ifndef OPENSSL_NO_BIO + BIO_METHOD *BIO_f_ssl(void); +-BIO *BIO_new_ssl(SSL_CTX *ctx,int client); ++BIO *BIO_new_ssl(SSL_CTX *ctx, int client); + BIO *BIO_new_ssl_connect(SSL_CTX *ctx); + BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +-int BIO_ssl_copy_session_id(BIO *to,BIO *from); ++int BIO_ssl_copy_session_id(BIO *to, BIO *from); + void BIO_ssl_shutdown(BIO *ssl_bio); + +-#endif ++# endif + +-int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); ++int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); + SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); +-void SSL_CTX_free(SSL_CTX *); +-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); ++void SSL_CTX_free(SSL_CTX *); ++long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); + long SSL_CTX_get_timeout(const SSL_CTX *ctx); + X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); ++void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); + int SSL_want(const SSL *s); +-int SSL_clear(SSL *s); ++int SSL_clear(SSL *s); + +-void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); ++void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + + SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +-int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); +-char * SSL_CIPHER_get_version(const SSL_CIPHER *c); +-const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); +- +-int SSL_get_fd(const SSL *s); +-int SSL_get_rfd(const SSL *s); +-int SSL_get_wfd(const SSL *s); +-const char * SSL_get_cipher_list(const SSL *s,int n); +-char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +-int SSL_get_read_ahead(const SSL * s); +-int SSL_pending(const SSL *s); +-#ifndef OPENSSL_NO_SOCK +-int SSL_set_fd(SSL *s, int fd); +-int SSL_set_rfd(SSL *s, int fd); +-int SSL_set_wfd(SSL *s, int fd); +-#endif +-#ifndef OPENSSL_NO_BIO +-void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); +-BIO * SSL_get_rbio(const SSL *s); +-BIO * SSL_get_wbio(const SSL *s); +-#endif +-int SSL_set_cipher_list(SSL *s, const char *str); +-void SSL_set_read_ahead(SSL *s, int yes); +-int SSL_get_verify_mode(const SSL *s); +-int SSL_get_verify_depth(const SSL *s); +-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *); +-void SSL_set_verify(SSL *s, int mode, +- int (*callback)(int ok,X509_STORE_CTX *ctx)); +-void SSL_set_verify_depth(SSL *s, int depth); +-#ifndef OPENSSL_NO_RSA +-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +-#endif +-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +-int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); +-int SSL_use_certificate(SSL *ssl, X509 *x); +-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); +- +-#ifndef OPENSSL_NO_STDIO +-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +-int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ ++int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); ++char *SSL_CIPHER_get_version(const SSL_CIPHER *c); ++const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); ++ ++int SSL_get_fd(const SSL *s); ++int SSL_get_rfd(const SSL *s); ++int SSL_get_wfd(const SSL *s); ++const char *SSL_get_cipher_list(const SSL *s, int n); ++char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); ++int SSL_get_read_ahead(const SSL *s); ++int SSL_pending(const SSL *s); ++# ifndef OPENSSL_NO_SOCK ++int SSL_set_fd(SSL *s, int fd); ++int SSL_set_rfd(SSL *s, int fd); ++int SSL_set_wfd(SSL *s, int fd); ++# endif ++# ifndef OPENSSL_NO_BIO ++void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); ++BIO *SSL_get_rbio(const SSL *s); ++BIO *SSL_get_wbio(const SSL *s); ++# endif ++int SSL_set_cipher_list(SSL *s, const char *str); ++void SSL_set_read_ahead(SSL *s, int yes); ++int SSL_get_verify_mode(const SSL *s); ++int SSL_get_verify_depth(const SSL *s); ++int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); ++void SSL_set_verify(SSL *s, int mode, ++ int (*callback) (int ok, X509_STORE_CTX *ctx)); ++void SSL_set_verify_depth(SSL *s, int depth); ++# ifndef OPENSSL_NO_RSA ++int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); ++# endif ++int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); ++int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); ++int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, ++ long len); ++int SSL_use_certificate(SSL *ssl, X509 *x); ++int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); ++ ++# ifndef OPENSSL_NO_STDIO ++int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); ++int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); ++int SSL_use_certificate_file(SSL *ssl, const char *file, int type); ++int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); ++int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); ++int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); ++/* PEM type */ ++int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); + STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, +- const char *file); +-#ifndef OPENSSL_SYS_VMS +-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ +-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, +- const char *dir); +-#endif +-#endif +- +-#endif +- +-void SSL_load_error_strings(void ); ++int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, ++ const char *file); ++# ifndef OPENSSL_SYS_VMS ++/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ ++# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC ++int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, ++ const char *dir); ++# endif ++# endif ++ ++# endif ++ ++void SSL_load_error_strings(void); + const char *SSL_state_string(const SSL *s); + const char *SSL_rstate_string(const SSL *s); + const char *SSL_state_string_long(const SSL *s); + const char *SSL_rstate_string_long(const SSL *s); +-long SSL_SESSION_get_time(const SSL_SESSION *s); +-long SSL_SESSION_set_time(SSL_SESSION *s, long t); +-long SSL_SESSION_get_timeout(const SSL_SESSION *s); +-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +-void SSL_copy_session_id(SSL *to,const SSL *from); ++long SSL_SESSION_get_time(const SSL_SESSION *s); ++long SSL_SESSION_set_time(SSL_SESSION *s, long t); ++long SSL_SESSION_get_timeout(const SSL_SESSION *s); ++long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); ++void SSL_copy_session_id(SSL *to, const SSL *from); + + SSL_SESSION *SSL_SESSION_new(void); + unsigned long SSL_SESSION_hash(const SSL_SESSION *a); +-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b); +-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); +-#ifndef OPENSSL_NO_FP_API +-int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); +-#endif +-#ifndef OPENSSL_NO_BIO +-int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses); +-#endif +-void SSL_SESSION_free(SSL_SESSION *ses); +-int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); +-int SSL_set_session(SSL *to, SSL_SESSION *session); +-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +-int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); +-int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +-int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +- unsigned int id_len); +-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp, +- long length); +- +-#ifdef HEADER_X509_H +-X509 * SSL_get_peer_certificate(const SSL *s); +-#endif ++int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b); ++const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, ++ unsigned int *len); ++# ifndef OPENSSL_NO_FP_API ++int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); ++# endif ++# ifndef OPENSSL_NO_BIO ++int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); ++# endif ++void SSL_SESSION_free(SSL_SESSION *ses); ++int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); ++int SSL_set_session(SSL *to, SSL_SESSION *session); ++int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); ++int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); ++int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); ++int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); ++int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, ++ unsigned int id_len); ++SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ++ long length); ++ ++# ifdef HEADER_X509_H ++X509 *SSL_get_peer_certificate(const SSL *s); ++# endif + + STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + + int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); + int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *); +-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, +- int (*callback)(int, X509_STORE_CTX *)); +-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); +-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); +-#ifndef OPENSSL_NO_RSA ++int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, ++ X509_STORE_CTX *); ++void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, ++ int (*callback) (int, X509_STORE_CTX *)); ++void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); ++void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, ++ int (*cb) (X509_STORE_CTX *, void *), ++ void *arg); ++# ifndef OPENSSL_NO_RSA + int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +-#endif +-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); ++# endif ++int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, ++ long len); + int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, +- const unsigned char *d, long len); ++int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, ++ const unsigned char *d, long len); + int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); ++int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, ++ const unsigned char *d); + + void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); + void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +@@ -1478,54 +1576,54 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + int SSL_CTX_check_private_key(const SSL_CTX *ctx); + int SSL_check_private_key(const SSL *ctx); + +-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, +- unsigned int sid_ctx_len); ++int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len); + +-SSL * SSL_new(SSL_CTX *ctx); +-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, +- unsigned int sid_ctx_len); ++SSL *SSL_new(SSL_CTX *ctx); ++int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, ++ unsigned int sid_ctx_len); + + int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); + int SSL_set_purpose(SSL *s, int purpose); + int SSL_CTX_set_trust(SSL_CTX *s, int trust); + int SSL_set_trust(SSL *s, int trust); + +-void SSL_free(SSL *ssl); +-int SSL_accept(SSL *ssl); +-int SSL_connect(SSL *ssl); +-int SSL_read(SSL *ssl,void *buf,int num); +-int SSL_peek(SSL *ssl,void *buf,int num); +-int SSL_write(SSL *ssl,const void *buf,int num); +-long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); +-long SSL_callback_ctrl(SSL *, int, void (*)(void)); +-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); +-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); +- +-int SSL_get_error(const SSL *s,int ret_code); ++void SSL_free(SSL *ssl); ++int SSL_accept(SSL *ssl); ++int SSL_connect(SSL *ssl); ++int SSL_read(SSL *ssl, void *buf, int num); ++int SSL_peek(SSL *ssl, void *buf, int num); ++int SSL_write(SSL *ssl, const void *buf, int num); ++long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); ++long SSL_callback_ctrl(SSL *, int, void (*)(void)); ++long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); ++long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); ++ ++int SSL_get_error(const SSL *s, int ret_code); + const char *SSL_get_version(const SSL *s); + + /* This sets the 'default' SSL version that SSL_new() will create */ +-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); ++int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth); + +-SSL_METHOD *SSLv2_method(void); /* SSLv2 */ +-SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ +-SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ ++SSL_METHOD *SSLv2_method(void); /* SSLv2 */ ++SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ ++SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ + +-SSL_METHOD *SSLv3_method(void); /* SSLv3 */ +-SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ +-SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ ++SSL_METHOD *SSLv3_method(void); /* SSLv3 */ ++SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ ++SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ + +-SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ +-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ +-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ ++SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */ ++SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */ ++SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */ + +-SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +-SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +-SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ ++SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ ++SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ ++SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +-SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +-SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +-SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ ++SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ ++SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ ++SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + + STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); + +@@ -1535,7 +1633,7 @@ int SSL_renegotiate_pending(SSL *s); + int SSL_shutdown(SSL *s); + + SSL_METHOD *SSL_get_ssl_method(SSL *s); +-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); ++int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); + const char *SSL_alert_type_string_long(int value); + const char *SSL_alert_type_string(int value); + const char *SSL_alert_desc_string_long(int value); +@@ -1545,131 +1643,138 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); + STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); + STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +-int SSL_add_client_CA(SSL *ssl,X509 *x); +-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); ++int SSL_add_client_CA(SSL *ssl, X509 *x); ++int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + + void SSL_set_connect_state(SSL *s); + void SSL_set_accept_state(SSL *s); + + long SSL_get_default_timeout(const SSL *s); + +-int SSL_library_init(void ); ++int SSL_library_init(void); + +-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size); ++char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); + STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); + + SSL *SSL_dup(SSL *ssl); + + X509 *SSL_get_certificate(const SSL *ssl); +-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); ++/* ++ * EVP_PKEY ++ */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); + +-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); ++void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); + int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +-void SSL_set_quiet_shutdown(SSL *ssl,int mode); ++void SSL_set_quiet_shutdown(SSL *ssl, int mode); + int SSL_get_quiet_shutdown(const SSL *ssl); +-void SSL_set_shutdown(SSL *ssl,int mode); ++void SSL_set_shutdown(SSL *ssl, int mode); + int SSL_get_shutdown(const SSL *ssl); + int SSL_version(const SSL *ssl); + int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); + int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +- const char *CApath); +-#define SSL_get0_session SSL_get_session /* just peek at pointer */ ++ const char *CApath); ++# define SSL_get0_session SSL_get_session/* just peek at pointer */ + SSL_SESSION *SSL_get_session(const SSL *ssl); + SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ + SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); ++SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); + void SSL_set_info_callback(SSL *ssl, +- void (*cb)(const SSL *ssl,int type,int val)); +-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val); ++ void (*cb) (const SSL *ssl, int type, int val)); ++void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, ++ int val); + int SSL_state(const SSL *ssl); + +-void SSL_set_verify_result(SSL *ssl,long v); ++void SSL_set_verify_result(SSL *ssl, long v); + long SSL_get_verify_result(const SSL *ssl); + +-int SSL_set_ex_data(SSL *ssl,int idx,void *data); +-void *SSL_get_ex_data(const SSL *ssl,int idx); ++int SSL_set_ex_data(SSL *ssl, int idx, void *data); ++void *SSL_get_ex_data(const SSL *ssl, int idx); + int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); +-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx); +-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); ++void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); ++int SSL_SESSION_get_ex_new_index(long argl, void *argp, ++ CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); + +-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); +-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx); ++int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); ++void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); + int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +- +-int SSL_get_ex_data_X509_STORE_CTX_idx(void ); +- +-#define SSL_CTX_sess_set_cache_size(ctx,t) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +-#define SSL_CTX_sess_get_cache_size(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +-#define SSL_CTX_set_session_cache_mode(ctx,m) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +-#define SSL_CTX_get_session_cache_mode(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) +- +-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +-#define SSL_CTX_get_read_ahead(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +-#define SSL_CTX_set_read_ahead(ctx,m) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +-#define SSL_CTX_get_max_cert_list(ctx) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +-#define SSL_CTX_set_max_cert_list(ctx,m) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +-#define SSL_get_max_cert_list(ssl) \ +- SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +-#define SSL_set_max_cert_list(ssl,m) \ +- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++ ++int SSL_get_ex_data_X509_STORE_CTX_idx(void); ++ ++# define SSL_CTX_sess_set_cache_size(ctx,t) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) ++# define SSL_CTX_sess_get_cache_size(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) ++# define SSL_CTX_set_session_cache_mode(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) ++# define SSL_CTX_get_session_cache_mode(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) ++ ++# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) ++# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) ++# define SSL_CTX_get_read_ahead(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) ++# define SSL_CTX_set_read_ahead(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) ++# define SSL_CTX_get_max_cert_list(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) ++# define SSL_CTX_set_max_cert_list(ctx,m) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) ++# define SSL_get_max_cert_list(ssl) \ ++ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) ++# define SSL_set_max_cert_list(ssl,m) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + + /* NB: the keylength is only applicable when is_export is true */ +-#ifndef OPENSSL_NO_RSA ++# ifndef OPENSSL_NO_RSA + void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, +- RSA *(*cb)(SSL *ssl,int is_export, +- int keylength)); ++ RSA *(*cb) (SSL *ssl, int is_export, ++ int keylength)); + + void SSL_set_tmp_rsa_callback(SSL *ssl, +- RSA *(*cb)(SSL *ssl,int is_export, +- int keylength)); +-#endif +-#ifndef OPENSSL_NO_DH ++ RSA *(*cb) (SSL *ssl, int is_export, ++ int keylength)); ++# endif ++# ifndef OPENSSL_NO_DH + void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +- DH *(*dh)(SSL *ssl,int is_export, +- int keylength)); ++ DH *(*dh) (SSL *ssl, int is_export, ++ int keylength)); + void SSL_set_tmp_dh_callback(SSL *ssl, +- DH *(*dh)(SSL *ssl,int is_export, +- int keylength)); +-#endif +-#ifndef OPENSSL_NO_ECDH ++ DH *(*dh) (SSL *ssl, int is_export, ++ int keylength)); ++# endif ++# ifndef OPENSSL_NO_ECDH + void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, +- EC_KEY *(*ecdh)(SSL *ssl,int is_export, +- int keylength)); ++ EC_KEY *(*ecdh) (SSL *ssl, int is_export, ++ int keylength)); + void SSL_set_tmp_ecdh_callback(SSL *ssl, +- EC_KEY *(*ecdh)(SSL *ssl,int is_export, +- int keylength)); +-#endif ++ EC_KEY *(*ecdh) (SSL *ssl, int is_export, ++ int keylength)); ++# endif + +-#ifndef OPENSSL_NO_COMP ++# ifndef OPENSSL_NO_COMP + const COMP_METHOD *SSL_get_current_compression(SSL *s); + const COMP_METHOD *SSL_get_current_expansion(SSL *s); + const char *SSL_COMP_get_name(const COMP_METHOD *comp); + STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); +-#else ++int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); ++# else + const void *SSL_get_current_compression(SSL *s); + const void *SSL_get_current_expansion(SSL *s); + const char *SSL_COMP_get_name(const void *comp); + void *SSL_COMP_get_compression_methods(void); +-int SSL_COMP_add_compression_method(int id,void *cm); +-#endif ++int SSL_COMP_add_compression_method(int id, void *cm); ++# endif + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_SSL_strings(void); +@@ -1677,458 +1782,460 @@ void ERR_load_SSL_strings(void); + /* Error codes for the SSL functions. */ + + /* Function codes. */ +-#define SSL_F_CLIENT_CERTIFICATE 100 +-#define SSL_F_CLIENT_FINISHED 167 +-#define SSL_F_CLIENT_HELLO 101 +-#define SSL_F_CLIENT_MASTER_KEY 102 +-#define SSL_F_D2I_SSL_SESSION 103 +-#define SSL_F_DO_DTLS1_WRITE 245 +-#define SSL_F_DO_SSL3_WRITE 104 +-#define SSL_F_DTLS1_ACCEPT 246 +-#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 +-#define SSL_F_DTLS1_BUFFER_RECORD 247 +-#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 +-#define SSL_F_DTLS1_CLIENT_HELLO 248 +-#define SSL_F_DTLS1_CONNECT 249 +-#define SSL_F_DTLS1_ENC 250 +-#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +-#define SSL_F_DTLS1_GET_MESSAGE 252 +-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +-#define SSL_F_DTLS1_GET_RECORD 254 +-#define SSL_F_DTLS1_HANDLE_TIMEOUT 282 +-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 +-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +-#define SSL_F_DTLS1_PROCESS_RECORD 257 +-#define SSL_F_DTLS1_READ_BYTES 258 +-#define SSL_F_DTLS1_READ_FAILED 259 +-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +-#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +-#define SSL_F_GET_CLIENT_FINISHED 105 +-#define SSL_F_GET_CLIENT_HELLO 106 +-#define SSL_F_GET_CLIENT_MASTER_KEY 107 +-#define SSL_F_GET_SERVER_FINISHED 108 +-#define SSL_F_GET_SERVER_HELLO 109 +-#define SSL_F_GET_SERVER_VERIFY 110 +-#define SSL_F_I2D_SSL_SESSION 111 +-#define SSL_F_READ_N 112 +-#define SSL_F_REQUEST_CERTIFICATE 113 +-#define SSL_F_SERVER_FINISH 239 +-#define SSL_F_SERVER_HELLO 114 +-#define SSL_F_SERVER_VERIFY 240 +-#define SSL_F_SSL23_ACCEPT 115 +-#define SSL_F_SSL23_CLIENT_HELLO 116 +-#define SSL_F_SSL23_CONNECT 117 +-#define SSL_F_SSL23_GET_CLIENT_HELLO 118 +-#define SSL_F_SSL23_GET_SERVER_HELLO 119 +-#define SSL_F_SSL23_PEEK 237 +-#define SSL_F_SSL23_READ 120 +-#define SSL_F_SSL23_WRITE 121 +-#define SSL_F_SSL2_ACCEPT 122 +-#define SSL_F_SSL2_CONNECT 123 +-#define SSL_F_SSL2_ENC_INIT 124 +-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 +-#define SSL_F_SSL2_PEEK 234 +-#define SSL_F_SSL2_READ 125 +-#define SSL_F_SSL2_READ_INTERNAL 236 +-#define SSL_F_SSL2_SET_CERTIFICATE 126 +-#define SSL_F_SSL2_WRITE 127 +-#define SSL_F_SSL3_ACCEPT 128 +-#define SSL_F_SSL3_ADD_CERT_TO_BUF 281 +-#define SSL_F_SSL3_CALLBACK_CTRL 233 +-#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +-#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 +-#define SSL_F_SSL3_CLIENT_HELLO 131 +-#define SSL_F_SSL3_CONNECT 132 +-#define SSL_F_SSL3_CTRL 213 +-#define SSL_F_SSL3_CTX_CTRL 133 +-#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 +-#define SSL_F_SSL3_ENC 134 +-#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +-#define SSL_F_SSL3_GET_CERT_STATUS 288 +-#define SSL_F_SSL3_GET_CERT_VERIFY 136 +-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +-#define SSL_F_SSL3_GET_CLIENT_HELLO 138 +-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +-#define SSL_F_SSL3_GET_FINISHED 140 +-#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +-#define SSL_F_SSL3_GET_MESSAGE 142 +-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 +-#define SSL_F_SSL3_GET_RECORD 143 +-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +-#define SSL_F_SSL3_GET_SERVER_DONE 145 +-#define SSL_F_SSL3_GET_SERVER_HELLO 146 +-#define SSL_F_SSL3_NEW_SESSION_TICKET 284 +-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +-#define SSL_F_SSL3_PEEK 235 +-#define SSL_F_SSL3_READ_BYTES 148 +-#define SSL_F_SSL3_READ_N 149 +-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +-#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +-#define SSL_F_SSL3_SEND_SERVER_HELLO 242 +-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +-#define SSL_F_SSL3_SETUP_BUFFERS 156 +-#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +-#define SSL_F_SSL3_WRITE_BYTES 158 +-#define SSL_F_SSL3_WRITE_PENDING 159 +-#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 +-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 +-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +-#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 +-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 +-#define SSL_F_SSL_BAD_METHOD 160 +-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +-#define SSL_F_SSL_CERT_DUP 221 +-#define SSL_F_SSL_CERT_INST 222 +-#define SSL_F_SSL_CERT_INSTANTIATE 214 +-#define SSL_F_SSL_CERT_NEW 162 +-#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 +-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +-#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +-#define SSL_F_SSL_CLEAR 164 +-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +-#define SSL_F_SSL_CREATE_CIPHER_LIST 166 +-#define SSL_F_SSL_CTRL 232 +-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +-#define SSL_F_SSL_CTX_NEW 169 +-#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +-#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 +-#define SSL_F_SSL_CTX_SET_PURPOSE 226 +-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +-#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +-#define SSL_F_SSL_CTX_SET_TRUST 229 +-#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 +-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +-#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +-#define SSL_F_SSL_DO_HANDSHAKE 180 +-#define SSL_F_SSL_GET_NEW_SESSION 181 +-#define SSL_F_SSL_GET_PREV_SESSION 217 +-#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +-#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 +-#define SSL_F_SSL_GET_SIGN_PKEY 183 +-#define SSL_F_SSL_INIT_WBIO_BUFFER 184 +-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +-#define SSL_F_SSL_NEW 186 +-#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 +-#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 +-#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 +-#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 +-#define SSL_F_SSL_PEEK 270 +-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 +-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 +-#define SSL_F_SSL_READ 223 +-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 +-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +-#define SSL_F_SSL_SESSION_NEW 189 +-#define SSL_F_SSL_SESSION_PRINT_FP 190 +-#define SSL_F_SSL_SESS_CERT_NEW 225 +-#define SSL_F_SSL_SET_CERT 191 +-#define SSL_F_SSL_SET_CIPHER_LIST 271 +-#define SSL_F_SSL_SET_FD 192 +-#define SSL_F_SSL_SET_PKEY 193 +-#define SSL_F_SSL_SET_PURPOSE 227 +-#define SSL_F_SSL_SET_RFD 194 +-#define SSL_F_SSL_SET_SESSION 195 +-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +-#define SSL_F_SSL_SET_TRUST 228 +-#define SSL_F_SSL_SET_WFD 196 +-#define SSL_F_SSL_SHUTDOWN 224 +-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 +-#define SSL_F_SSL_UNDEFINED_FUNCTION 197 +-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +-#define SSL_F_SSL_USE_CERTIFICATE 198 +-#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +-#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +-#define SSL_F_SSL_USE_PRIVATEKEY 201 +-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +-#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +-#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +-#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +-#define SSL_F_SSL_WRITE 208 +-#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +-#define SSL_F_TLS1_ENC 210 +-#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +-#define SSL_F_WRITE_PENDING 212 ++# define SSL_F_CLIENT_CERTIFICATE 100 ++# define SSL_F_CLIENT_FINISHED 167 ++# define SSL_F_CLIENT_HELLO 101 ++# define SSL_F_CLIENT_MASTER_KEY 102 ++# define SSL_F_D2I_SSL_SESSION 103 ++# define SSL_F_DO_DTLS1_WRITE 245 ++# define SSL_F_DO_SSL3_WRITE 104 ++# define SSL_F_DTLS1_ACCEPT 246 ++# define SSL_F_DTLS1_ADD_CERT_TO_BUF 280 ++# define SSL_F_DTLS1_BUFFER_RECORD 247 ++# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293 ++# define SSL_F_DTLS1_CLIENT_HELLO 248 ++# define SSL_F_DTLS1_CONNECT 249 ++# define SSL_F_DTLS1_ENC 250 ++# define SSL_F_DTLS1_GET_HELLO_VERIFY 251 ++# define SSL_F_DTLS1_GET_MESSAGE 252 ++# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 ++# define SSL_F_DTLS1_GET_RECORD 254 ++# define SSL_F_DTLS1_HANDLE_TIMEOUT 282 ++# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 ++# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277 ++# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 ++# define SSL_F_DTLS1_PROCESS_RECORD 257 ++# define SSL_F_DTLS1_READ_BYTES 258 ++# define SSL_F_DTLS1_READ_FAILED 259 ++# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 ++# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 ++# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 ++# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 ++# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 ++# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 ++# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 ++# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 ++# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 ++# define SSL_F_GET_CLIENT_FINISHED 105 ++# define SSL_F_GET_CLIENT_HELLO 106 ++# define SSL_F_GET_CLIENT_MASTER_KEY 107 ++# define SSL_F_GET_SERVER_FINISHED 108 ++# define SSL_F_GET_SERVER_HELLO 109 ++# define SSL_F_GET_SERVER_VERIFY 110 ++# define SSL_F_I2D_SSL_SESSION 111 ++# define SSL_F_READ_N 112 ++# define SSL_F_REQUEST_CERTIFICATE 113 ++# define SSL_F_SERVER_FINISH 239 ++# define SSL_F_SERVER_HELLO 114 ++# define SSL_F_SERVER_VERIFY 240 ++# define SSL_F_SSL23_ACCEPT 115 ++# define SSL_F_SSL23_CLIENT_HELLO 116 ++# define SSL_F_SSL23_CONNECT 117 ++# define SSL_F_SSL23_GET_CLIENT_HELLO 118 ++# define SSL_F_SSL23_GET_SERVER_HELLO 119 ++# define SSL_F_SSL23_PEEK 237 ++# define SSL_F_SSL23_READ 120 ++# define SSL_F_SSL23_WRITE 121 ++# define SSL_F_SSL2_ACCEPT 122 ++# define SSL_F_SSL2_CONNECT 123 ++# define SSL_F_SSL2_ENC_INIT 124 ++# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 ++# define SSL_F_SSL2_PEEK 234 ++# define SSL_F_SSL2_READ 125 ++# define SSL_F_SSL2_READ_INTERNAL 236 ++# define SSL_F_SSL2_SET_CERTIFICATE 126 ++# define SSL_F_SSL2_WRITE 127 ++# define SSL_F_SSL3_ACCEPT 128 ++# define SSL_F_SSL3_ADD_CERT_TO_BUF 281 ++# define SSL_F_SSL3_CALLBACK_CTRL 233 ++# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 ++# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 ++# define SSL_F_SSL3_CHECK_CLIENT_HELLO 292 ++# define SSL_F_SSL3_CLIENT_HELLO 131 ++# define SSL_F_SSL3_CONNECT 132 ++# define SSL_F_SSL3_CTRL 213 ++# define SSL_F_SSL3_CTX_CTRL 133 ++# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279 ++# define SSL_F_SSL3_ENC 134 ++# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 ++# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 ++# define SSL_F_SSL3_GET_CERT_STATUS 288 ++# define SSL_F_SSL3_GET_CERT_VERIFY 136 ++# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 ++# define SSL_F_SSL3_GET_CLIENT_HELLO 138 ++# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 ++# define SSL_F_SSL3_GET_FINISHED 140 ++# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 ++# define SSL_F_SSL3_GET_MESSAGE 142 ++# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 ++# define SSL_F_SSL3_GET_RECORD 143 ++# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 ++# define SSL_F_SSL3_GET_SERVER_DONE 145 ++# define SSL_F_SSL3_GET_SERVER_HELLO 146 ++# define SSL_F_SSL3_NEW_SESSION_TICKET 284 ++# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 ++# define SSL_F_SSL3_PEEK 235 ++# define SSL_F_SSL3_READ_BYTES 148 ++# define SSL_F_SSL3_READ_N 149 ++# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 ++# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 ++# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 ++# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 ++# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 ++# define SSL_F_SSL3_SEND_SERVER_HELLO 242 ++# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 ++# define SSL_F_SSL3_SETUP_BUFFERS 156 ++# define SSL_F_SSL3_SETUP_KEY_BLOCK 157 ++# define SSL_F_SSL3_WRITE_BYTES 158 ++# define SSL_F_SSL3_WRITE_PENDING 159 ++# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285 ++# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272 ++# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 ++# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 ++# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286 ++# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273 ++# define SSL_F_SSL_BAD_METHOD 160 ++# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 ++# define SSL_F_SSL_CERT_DUP 221 ++# define SSL_F_SSL_CERT_INST 222 ++# define SSL_F_SSL_CERT_INSTANTIATE 214 ++# define SSL_F_SSL_CERT_NEW 162 ++# define SSL_F_SSL_CHECK_PRIVATE_KEY 163 ++# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274 ++# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 ++# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 ++# define SSL_F_SSL_CLEAR 164 ++# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 ++# define SSL_F_SSL_CREATE_CIPHER_LIST 166 ++# define SSL_F_SSL_CTRL 232 ++# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 ++# define SSL_F_SSL_CTX_NEW 169 ++# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 ++# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278 ++# define SSL_F_SSL_CTX_SET_PURPOSE 226 ++# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 ++# define SSL_F_SSL_CTX_SET_SSL_VERSION 170 ++# define SSL_F_SSL_CTX_SET_TRUST 229 ++# define SSL_F_SSL_CTX_USE_CERTIFICATE 171 ++# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 ++# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 ++# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 ++# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 ++# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 ++# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 ++# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 ++# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 ++# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 ++# define SSL_F_SSL_DO_HANDSHAKE 180 ++# define SSL_F_SSL_GET_NEW_SESSION 181 ++# define SSL_F_SSL_GET_PREV_SESSION 217 ++# define SSL_F_SSL_GET_SERVER_SEND_CERT 182 ++# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 ++# define SSL_F_SSL_GET_SIGN_PKEY 183 ++# define SSL_F_SSL_INIT_WBIO_BUFFER 184 ++# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 ++# define SSL_F_SSL_NEW 186 ++# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287 ++# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290 ++# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289 ++# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291 ++# define SSL_F_SSL_PEEK 270 ++# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275 ++# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276 ++# define SSL_F_SSL_READ 223 ++# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 ++# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 ++# define SSL_F_SSL_SESSION_NEW 189 ++# define SSL_F_SSL_SESSION_PRINT_FP 190 ++# define SSL_F_SSL_SESS_CERT_NEW 225 ++# define SSL_F_SSL_SET_CERT 191 ++# define SSL_F_SSL_SET_CIPHER_LIST 271 ++# define SSL_F_SSL_SET_FD 192 ++# define SSL_F_SSL_SET_PKEY 193 ++# define SSL_F_SSL_SET_PURPOSE 227 ++# define SSL_F_SSL_SET_RFD 194 ++# define SSL_F_SSL_SET_SESSION 195 ++# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 ++# define SSL_F_SSL_SET_TRUST 228 ++# define SSL_F_SSL_SET_WFD 196 ++# define SSL_F_SSL_SHUTDOWN 224 ++# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 ++# define SSL_F_SSL_UNDEFINED_FUNCTION 197 ++# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 ++# define SSL_F_SSL_USE_CERTIFICATE 198 ++# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 ++# define SSL_F_SSL_USE_CERTIFICATE_FILE 200 ++# define SSL_F_SSL_USE_PRIVATEKEY 201 ++# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 ++# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 ++# define SSL_F_SSL_USE_RSAPRIVATEKEY 204 ++# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 ++# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 ++# define SSL_F_SSL_VERIFY_CERT_CHAIN 207 ++# define SSL_F_SSL_WRITE 208 ++# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 ++# define SSL_F_TLS1_ENC 210 ++# define SSL_F_TLS1_SETUP_KEY_BLOCK 211 ++# define SSL_F_WRITE_PENDING 212 + + /* Reason codes. */ +-#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +-#define SSL_R_BAD_ALERT_RECORD 101 +-#define SSL_R_BAD_AUTHENTICATION_TYPE 102 +-#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +-#define SSL_R_BAD_CHECKSUM 104 +-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +-#define SSL_R_BAD_DECOMPRESSION 107 +-#define SSL_R_BAD_DH_G_LENGTH 108 +-#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +-#define SSL_R_BAD_DH_P_LENGTH 110 +-#define SSL_R_BAD_DIGEST_LENGTH 111 +-#define SSL_R_BAD_DSA_SIGNATURE 112 +-#define SSL_R_BAD_ECC_CERT 304 +-#define SSL_R_BAD_ECDSA_SIGNATURE 305 +-#define SSL_R_BAD_ECPOINT 306 +-#define SSL_R_BAD_HELLO_REQUEST 105 +-#define SSL_R_BAD_LENGTH 271 +-#define SSL_R_BAD_MAC_DECODE 113 +-#define SSL_R_BAD_MESSAGE_TYPE 114 +-#define SSL_R_BAD_PACKET_LENGTH 115 +-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +-#define SSL_R_BAD_RESPONSE_ARGUMENT 117 +-#define SSL_R_BAD_RSA_DECRYPT 118 +-#define SSL_R_BAD_RSA_ENCRYPT 119 +-#define SSL_R_BAD_RSA_E_LENGTH 120 +-#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 +-#define SSL_R_BAD_RSA_SIGNATURE 122 +-#define SSL_R_BAD_SIGNATURE 123 +-#define SSL_R_BAD_SSL_FILETYPE 124 +-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 +-#define SSL_R_BAD_STATE 126 +-#define SSL_R_BAD_WRITE_RETRY 127 +-#define SSL_R_BIO_NOT_SET 128 +-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +-#define SSL_R_BN_LIB 130 +-#define SSL_R_CA_DN_LENGTH_MISMATCH 131 +-#define SSL_R_CA_DN_TOO_LONG 132 +-#define SSL_R_CCS_RECEIVED_EARLY 133 +-#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +-#define SSL_R_CERT_LENGTH_MISMATCH 135 +-#define SSL_R_CHALLENGE_IS_DIFFERENT 136 +-#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +-#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +-#define SSL_R_CLIENTHELLO_TLSEXT 157 +-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +-#define SSL_R_COMPRESSION_FAILURE 141 +-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +-#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +-#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 +-#define SSL_R_CONNECTION_TYPE_NOT_SET 144 +-#define SSL_R_COOKIE_MISMATCH 308 +-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +-#define SSL_R_DATA_LENGTH_TOO_LONG 146 +-#define SSL_R_DECRYPTION_FAILED 147 +-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +-#define SSL_R_DIGEST_CHECK_FAILED 149 +-#define SSL_R_DTLS_MESSAGE_TOO_BIG 318 +-#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 +-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +-#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +-#define SSL_R_HTTPS_PROXY_REQUEST 155 +-#define SSL_R_HTTP_REQUEST 156 +-#define SSL_R_ILLEGAL_PADDING 283 +-#define SSL_R_INVALID_CHALLENGE_LENGTH 158 +-#define SSL_R_INVALID_COMMAND 280 +-#define SSL_R_INVALID_PURPOSE 278 +-#define SSL_R_INVALID_STATUS_RESPONSE 316 +-#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 +-#define SSL_R_INVALID_TRUST 279 +-#define SSL_R_KEY_ARG_TOO_LONG 284 +-#define SSL_R_KRB5 285 +-#define SSL_R_KRB5_C_CC_PRINC 286 +-#define SSL_R_KRB5_C_GET_CRED 287 +-#define SSL_R_KRB5_C_INIT 288 +-#define SSL_R_KRB5_C_MK_REQ 289 +-#define SSL_R_KRB5_S_BAD_TICKET 290 +-#define SSL_R_KRB5_S_INIT 291 +-#define SSL_R_KRB5_S_RD_REQ 292 +-#define SSL_R_KRB5_S_TKT_EXPIRED 293 +-#define SSL_R_KRB5_S_TKT_NYV 294 +-#define SSL_R_KRB5_S_TKT_SKEW 295 +-#define SSL_R_LENGTH_MISMATCH 159 +-#define SSL_R_LENGTH_TOO_SHORT 160 +-#define SSL_R_LIBRARY_BUG 274 +-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +-#define SSL_R_MESSAGE_TOO_LONG 296 +-#define SSL_R_MISSING_DH_DSA_CERT 162 +-#define SSL_R_MISSING_DH_KEY 163 +-#define SSL_R_MISSING_DH_RSA_CERT 164 +-#define SSL_R_MISSING_DSA_SIGNING_CERT 165 +-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 +-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 +-#define SSL_R_MISSING_RSA_CERTIFICATE 168 +-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +-#define SSL_R_MISSING_RSA_SIGNING_CERT 170 +-#define SSL_R_MISSING_TMP_DH_KEY 171 +-#define SSL_R_MISSING_TMP_ECDH_KEY 311 +-#define SSL_R_MISSING_TMP_RSA_KEY 172 +-#define SSL_R_MISSING_TMP_RSA_PKEY 173 +-#define SSL_R_MISSING_VERIFY_MESSAGE 174 +-#define SSL_R_MULTIPLE_SGC_RESTARTS 325 +-#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 +-#define SSL_R_NO_CERTIFICATES_RETURNED 176 +-#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +-#define SSL_R_NO_CERTIFICATE_RETURNED 178 +-#define SSL_R_NO_CERTIFICATE_SET 179 +-#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 +-#define SSL_R_NO_CIPHERS_AVAILABLE 181 +-#define SSL_R_NO_CIPHERS_PASSED 182 +-#define SSL_R_NO_CIPHERS_SPECIFIED 183 +-#define SSL_R_NO_CIPHER_LIST 184 +-#define SSL_R_NO_CIPHER_MATCH 185 +-#define SSL_R_NO_CLIENT_CERT_METHOD 317 +-#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 +-#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +-#define SSL_R_NO_METHOD_SPECIFIED 188 +-#define SSL_R_NO_PRIVATEKEY 189 +-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +-#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +-#define SSL_R_NO_PUBLICKEY 192 +-#define SSL_R_NO_RENEGOTIATION 319 +-#define SSL_R_NO_SHARED_CIPHER 193 +-#define SSL_R_NO_VERIFY_CALLBACK 194 +-#define SSL_R_NULL_SSL_CTX 195 +-#define SSL_R_NULL_SSL_METHOD_PASSED 196 +-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 +-#define SSL_R_PACKET_LENGTH_TOO_LONG 198 +-#define SSL_R_PARSE_TLSEXT 223 +-#define SSL_R_PATH_TOO_LONG 270 +-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +-#define SSL_R_PEER_ERROR 200 +-#define SSL_R_PEER_ERROR_CERTIFICATE 201 +-#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 +-#define SSL_R_PEER_ERROR_NO_CIPHER 203 +-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 +-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 +-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 +-#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 +-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 +-#define SSL_R_PUBLIC_KEY_NOT_RSA 210 +-#define SSL_R_READ_BIO_NOT_SET 211 +-#define SSL_R_READ_TIMEOUT_EXPIRED 312 +-#define SSL_R_READ_WRONG_PACKET_TYPE 212 +-#define SSL_R_RECORD_LENGTH_MISMATCH 213 +-#define SSL_R_RECORD_TOO_LARGE 214 +-#define SSL_R_RECORD_TOO_SMALL 298 +-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 +-#define SSL_R_RENEGOTIATION_ENCODING_ERR 321 +-#define SSL_R_RENEGOTIATION_MISMATCH 322 +-#define SSL_R_REQUIRED_CIPHER_MISSING 215 +-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 +-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 +-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 +-#define SSL_R_SERVERHELLO_TLSEXT 224 +-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +-#define SSL_R_SHORT_READ 219 +-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 +-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 +-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 +-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +-#define SSL_R_SSL_HANDSHAKE_FAILURE 229 +-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +-#define SSL_R_SSL_SESSION_ID_CONFLICT 302 +-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 +-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +-#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +-#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +-#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +-#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +-#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +-#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +-#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 +-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 +-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 +-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 +-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 +-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 +-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 +-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 +-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +-#define SSL_R_UNEXPECTED_MESSAGE 244 +-#define SSL_R_UNEXPECTED_RECORD 245 +-#define SSL_R_UNINITIALIZED 276 +-#define SSL_R_UNKNOWN_ALERT_TYPE 246 +-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +-#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +-#define SSL_R_UNKNOWN_CIPHER_TYPE 249 +-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +-#define SSL_R_UNKNOWN_PKEY_TYPE 251 +-#define SSL_R_UNKNOWN_PROTOCOL 252 +-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 +-#define SSL_R_UNKNOWN_SSL_VERSION 254 +-#define SSL_R_UNKNOWN_STATE 255 +-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 +-#define SSL_R_UNSUPPORTED_CIPHER 256 +-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +-#define SSL_R_UNSUPPORTED_PROTOCOL 258 +-#define SSL_R_UNSUPPORTED_SSL_VERSION 259 +-#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +-#define SSL_R_WRITE_BIO_NOT_SET 260 +-#define SSL_R_WRONG_CIPHER_RETURNED 261 +-#define SSL_R_WRONG_MESSAGE_TYPE 262 +-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 +-#define SSL_R_WRONG_SIGNATURE_LENGTH 264 +-#define SSL_R_WRONG_SIGNATURE_SIZE 265 +-#define SSL_R_WRONG_SSL_VERSION 266 +-#define SSL_R_WRONG_VERSION_NUMBER 267 +-#define SSL_R_X509_LIB 268 +-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 ++# define SSL_R_APP_DATA_IN_HANDSHAKE 100 ++# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 ++# define SSL_R_BAD_ALERT_RECORD 101 ++# define SSL_R_BAD_AUTHENTICATION_TYPE 102 ++# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 ++# define SSL_R_BAD_CHECKSUM 104 ++# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 ++# define SSL_R_BAD_DECOMPRESSION 107 ++# define SSL_R_BAD_DH_G_LENGTH 108 ++# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 ++# define SSL_R_BAD_DH_P_LENGTH 110 ++# define SSL_R_BAD_DIGEST_LENGTH 111 ++# define SSL_R_BAD_DSA_SIGNATURE 112 ++# define SSL_R_BAD_ECC_CERT 304 ++# define SSL_R_BAD_ECDSA_SIGNATURE 305 ++# define SSL_R_BAD_ECPOINT 306 ++# define SSL_R_BAD_HELLO_REQUEST 105 ++# define SSL_R_BAD_LENGTH 271 ++# define SSL_R_BAD_MAC_DECODE 113 ++# define SSL_R_BAD_MESSAGE_TYPE 114 ++# define SSL_R_BAD_PACKET_LENGTH 115 ++# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 ++# define SSL_R_BAD_RESPONSE_ARGUMENT 117 ++# define SSL_R_BAD_RSA_DECRYPT 118 ++# define SSL_R_BAD_RSA_ENCRYPT 119 ++# define SSL_R_BAD_RSA_E_LENGTH 120 ++# define SSL_R_BAD_RSA_MODULUS_LENGTH 121 ++# define SSL_R_BAD_RSA_SIGNATURE 122 ++# define SSL_R_BAD_SIGNATURE 123 ++# define SSL_R_BAD_SSL_FILETYPE 124 ++# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 ++# define SSL_R_BAD_STATE 126 ++# define SSL_R_BAD_WRITE_RETRY 127 ++# define SSL_R_BIO_NOT_SET 128 ++# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 ++# define SSL_R_BN_LIB 130 ++# define SSL_R_CA_DN_LENGTH_MISMATCH 131 ++# define SSL_R_CA_DN_TOO_LONG 132 ++# define SSL_R_CCS_RECEIVED_EARLY 133 ++# define SSL_R_CERTIFICATE_VERIFY_FAILED 134 ++# define SSL_R_CERT_LENGTH_MISMATCH 135 ++# define SSL_R_CHALLENGE_IS_DIFFERENT 136 ++# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 ++# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 ++# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 ++# define SSL_R_CLIENTHELLO_TLSEXT 157 ++# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 ++# define SSL_R_COMPRESSION_FAILURE 141 ++# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 ++# define SSL_R_COMPRESSION_LIBRARY_ERROR 142 ++# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 ++# define SSL_R_CONNECTION_TYPE_NOT_SET 144 ++# define SSL_R_COOKIE_MISMATCH 308 ++# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 ++# define SSL_R_DATA_LENGTH_TOO_LONG 146 ++# define SSL_R_DECRYPTION_FAILED 147 ++# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 ++# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 ++# define SSL_R_DIGEST_CHECK_FAILED 149 ++# define SSL_R_DTLS_MESSAGE_TOO_BIG 318 ++# define SSL_R_DUPLICATE_COMPRESSION_ID 309 ++# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 ++# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 ++# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 ++# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 ++# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 ++# define SSL_R_EXTRA_DATA_IN_MESSAGE 153 ++# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 ++# define SSL_R_HTTPS_PROXY_REQUEST 155 ++# define SSL_R_HTTP_REQUEST 156 ++# define SSL_R_ILLEGAL_PADDING 283 ++# define SSL_R_INAPPROPRIATE_FALLBACK 373 ++# define SSL_R_INVALID_CHALLENGE_LENGTH 158 ++# define SSL_R_INVALID_COMMAND 280 ++# define SSL_R_INVALID_PURPOSE 278 ++# define SSL_R_INVALID_STATUS_RESPONSE 316 ++# define SSL_R_INVALID_TICKET_KEYS_LENGTH 275 ++# define SSL_R_INVALID_TRUST 279 ++# define SSL_R_KEY_ARG_TOO_LONG 284 ++# define SSL_R_KRB5 285 ++# define SSL_R_KRB5_C_CC_PRINC 286 ++# define SSL_R_KRB5_C_GET_CRED 287 ++# define SSL_R_KRB5_C_INIT 288 ++# define SSL_R_KRB5_C_MK_REQ 289 ++# define SSL_R_KRB5_S_BAD_TICKET 290 ++# define SSL_R_KRB5_S_INIT 291 ++# define SSL_R_KRB5_S_RD_REQ 292 ++# define SSL_R_KRB5_S_TKT_EXPIRED 293 ++# define SSL_R_KRB5_S_TKT_NYV 294 ++# define SSL_R_KRB5_S_TKT_SKEW 295 ++# define SSL_R_LENGTH_MISMATCH 159 ++# define SSL_R_LENGTH_TOO_SHORT 160 ++# define SSL_R_LIBRARY_BUG 274 ++# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 ++# define SSL_R_MESSAGE_TOO_LONG 296 ++# define SSL_R_MISSING_DH_DSA_CERT 162 ++# define SSL_R_MISSING_DH_KEY 163 ++# define SSL_R_MISSING_DH_RSA_CERT 164 ++# define SSL_R_MISSING_DSA_SIGNING_CERT 165 ++# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 ++# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 ++# define SSL_R_MISSING_RSA_CERTIFICATE 168 ++# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 ++# define SSL_R_MISSING_RSA_SIGNING_CERT 170 ++# define SSL_R_MISSING_TMP_DH_KEY 171 ++# define SSL_R_MISSING_TMP_ECDH_KEY 311 ++# define SSL_R_MISSING_TMP_RSA_KEY 172 ++# define SSL_R_MISSING_TMP_RSA_PKEY 173 ++# define SSL_R_MISSING_VERIFY_MESSAGE 174 ++# define SSL_R_MULTIPLE_SGC_RESTARTS 325 ++# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 ++# define SSL_R_NO_CERTIFICATES_RETURNED 176 ++# define SSL_R_NO_CERTIFICATE_ASSIGNED 177 ++# define SSL_R_NO_CERTIFICATE_RETURNED 178 ++# define SSL_R_NO_CERTIFICATE_SET 179 ++# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 ++# define SSL_R_NO_CIPHERS_AVAILABLE 181 ++# define SSL_R_NO_CIPHERS_PASSED 182 ++# define SSL_R_NO_CIPHERS_SPECIFIED 183 ++# define SSL_R_NO_CIPHER_LIST 184 ++# define SSL_R_NO_CIPHER_MATCH 185 ++# define SSL_R_NO_CLIENT_CERT_METHOD 317 ++# define SSL_R_NO_CLIENT_CERT_RECEIVED 186 ++# define SSL_R_NO_COMPRESSION_SPECIFIED 187 ++# define SSL_R_NO_METHOD_SPECIFIED 188 ++# define SSL_R_NO_PRIVATEKEY 189 ++# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 ++# define SSL_R_NO_PROTOCOLS_AVAILABLE 191 ++# define SSL_R_NO_PUBLICKEY 192 ++# define SSL_R_NO_RENEGOTIATION 319 ++# define SSL_R_NO_SHARED_CIPHER 193 ++# define SSL_R_NO_VERIFY_CALLBACK 194 ++# define SSL_R_NULL_SSL_CTX 195 ++# define SSL_R_NULL_SSL_METHOD_PASSED 196 ++# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 ++# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 ++# define SSL_R_PACKET_LENGTH_TOO_LONG 198 ++# define SSL_R_PARSE_TLSEXT 223 ++# define SSL_R_PATH_TOO_LONG 270 ++# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 ++# define SSL_R_PEER_ERROR 200 ++# define SSL_R_PEER_ERROR_CERTIFICATE 201 ++# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 ++# define SSL_R_PEER_ERROR_NO_CIPHER 203 ++# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 ++# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 ++# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 ++# define SSL_R_PROTOCOL_IS_SHUTDOWN 207 ++# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 ++# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 ++# define SSL_R_PUBLIC_KEY_NOT_RSA 210 ++# define SSL_R_READ_BIO_NOT_SET 211 ++# define SSL_R_READ_TIMEOUT_EXPIRED 312 ++# define SSL_R_READ_WRONG_PACKET_TYPE 212 ++# define SSL_R_RECORD_LENGTH_MISMATCH 213 ++# define SSL_R_RECORD_TOO_LARGE 214 ++# define SSL_R_RECORD_TOO_SMALL 298 ++# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320 ++# define SSL_R_RENEGOTIATION_ENCODING_ERR 321 ++# define SSL_R_RENEGOTIATION_MISMATCH 322 ++# define SSL_R_REQUIRED_CIPHER_MISSING 215 ++# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 ++# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 ++# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 ++# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324 ++# define SSL_R_SERVERHELLO_TLSEXT 224 ++# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 ++# define SSL_R_SHORT_READ 219 ++# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 ++# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 ++# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 ++# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225 ++# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226 ++# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 ++# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 ++# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 ++# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 ++# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 ++# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 ++# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 ++# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 ++# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 ++# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 ++# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 ++# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 ++# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 ++# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 ++# define SSL_R_SSL_HANDSHAKE_FAILURE 229 ++# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 ++# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 ++# define SSL_R_SSL_SESSION_ID_CONFLICT 302 ++# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 ++# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 ++# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 ++# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 ++# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 ++# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 ++# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 ++# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 ++# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 ++# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 ++# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 ++# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 ++# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 ++# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 ++# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 ++# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 ++# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 ++# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 ++# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 ++# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 ++# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 ++# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 ++# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227 ++# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 ++# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 ++# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 ++# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 ++# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 ++# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 ++# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 ++# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 ++# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 ++# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 ++# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 ++# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 ++# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 ++# define SSL_R_UNEXPECTED_MESSAGE 244 ++# define SSL_R_UNEXPECTED_RECORD 245 ++# define SSL_R_UNINITIALIZED 276 ++# define SSL_R_UNKNOWN_ALERT_TYPE 246 ++# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 ++# define SSL_R_UNKNOWN_CIPHER_RETURNED 248 ++# define SSL_R_UNKNOWN_CIPHER_TYPE 249 ++# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 ++# define SSL_R_UNKNOWN_PKEY_TYPE 251 ++# define SSL_R_UNKNOWN_PROTOCOL 252 ++# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 ++# define SSL_R_UNKNOWN_SSL_VERSION 254 ++# define SSL_R_UNKNOWN_STATE 255 ++# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323 ++# define SSL_R_UNSUPPORTED_CIPHER 256 ++# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 ++# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 ++# define SSL_R_UNSUPPORTED_PROTOCOL 258 ++# define SSL_R_UNSUPPORTED_SSL_VERSION 259 ++# define SSL_R_UNSUPPORTED_STATUS_TYPE 329 ++# define SSL_R_WRITE_BIO_NOT_SET 260 ++# define SSL_R_WRONG_CIPHER_RETURNED 261 ++# define SSL_R_WRONG_MESSAGE_TYPE 262 ++# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 ++# define SSL_R_WRONG_SIGNATURE_LENGTH 264 ++# define SSL_R_WRONG_SIGNATURE_SIZE 265 ++# define SSL_R_WRONG_SSL_VERSION 266 ++# define SSL_R_WRONG_VERSION_NUMBER 267 ++# define SSL_R_X509_LIB 268 ++# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ssl2.h b/Cryptlib/Include/openssl/ssl2.h +index 99a52ea..d399676 100644 +--- a/Cryptlib/Include/openssl/ssl2.h ++++ b/Cryptlib/Include/openssl/ssl2.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,220 +49,213 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-#ifndef HEADER_SSL2_H +-#define HEADER_SSL2_H ++#ifndef HEADER_SSL2_H ++# define HEADER_SSL2_H + + #ifdef __cplusplus + extern "C" { + #endif + + /* Protocol Version Codes */ +-#define SSL2_VERSION 0x0002 +-#define SSL2_VERSION_MAJOR 0x00 +-#define SSL2_VERSION_MINOR 0x02 +-/* #define SSL2_CLIENT_VERSION 0x0002 */ +-/* #define SSL2_SERVER_VERSION 0x0002 */ ++# define SSL2_VERSION 0x0002 ++# define SSL2_VERSION_MAJOR 0x00 ++# define SSL2_VERSION_MINOR 0x02 ++/* #define SSL2_CLIENT_VERSION 0x0002 */ ++/* #define SSL2_SERVER_VERSION 0x0002 */ + + /* Protocol Message Codes */ +-#define SSL2_MT_ERROR 0 +-#define SSL2_MT_CLIENT_HELLO 1 +-#define SSL2_MT_CLIENT_MASTER_KEY 2 +-#define SSL2_MT_CLIENT_FINISHED 3 +-#define SSL2_MT_SERVER_HELLO 4 +-#define SSL2_MT_SERVER_VERIFY 5 +-#define SSL2_MT_SERVER_FINISHED 6 +-#define SSL2_MT_REQUEST_CERTIFICATE 7 +-#define SSL2_MT_CLIENT_CERTIFICATE 8 ++# define SSL2_MT_ERROR 0 ++# define SSL2_MT_CLIENT_HELLO 1 ++# define SSL2_MT_CLIENT_MASTER_KEY 2 ++# define SSL2_MT_CLIENT_FINISHED 3 ++# define SSL2_MT_SERVER_HELLO 4 ++# define SSL2_MT_SERVER_VERIFY 5 ++# define SSL2_MT_SERVER_FINISHED 6 ++# define SSL2_MT_REQUEST_CERTIFICATE 7 ++# define SSL2_MT_CLIENT_CERTIFICATE 8 + + /* Error Message Codes */ +-#define SSL2_PE_UNDEFINED_ERROR 0x0000 +-#define SSL2_PE_NO_CIPHER 0x0001 +-#define SSL2_PE_NO_CERTIFICATE 0x0002 +-#define SSL2_PE_BAD_CERTIFICATE 0x0004 +-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 ++# define SSL2_PE_UNDEFINED_ERROR 0x0000 ++# define SSL2_PE_NO_CIPHER 0x0001 ++# define SSL2_PE_NO_CERTIFICATE 0x0002 ++# define SSL2_PE_BAD_CERTIFICATE 0x0004 ++# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 + + /* Cipher Kind Values */ +-#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */ +-#define SSL2_CK_RC4_128_WITH_MD5 0x02010080 +-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 +-#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 +-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 +-#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 +-#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 +-#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */ +-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 +-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */ +-#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */ +- +-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */ +-#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */ ++# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */ ++# define SSL2_CK_RC4_128_WITH_MD5 0x02010080 ++# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 ++# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 ++# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 ++# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 ++# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 ++# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */ ++# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 ++# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */ ++# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */ + +-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" +-#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" +-#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" +-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" +-#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" +-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" +-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" +-#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" +-#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" +-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" +-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" +-#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" ++# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */ ++# define SSL2_CK_NULL 0x02ff0810/* SSLeay */ + +-#define SSL2_TXT_NULL "NULL" ++# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" ++# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" ++# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" ++# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" ++# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" ++# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" ++# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" ++# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" ++# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" ++# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" ++# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" ++# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" ++ ++# define SSL2_TXT_NULL "NULL" + + /* Flags for the SSL_CIPHER.algorithm2 field */ +-#define SSL2_CF_5_BYTE_ENC 0x01 +-#define SSL2_CF_8_BYTE_ENC 0x02 ++# define SSL2_CF_5_BYTE_ENC 0x01 ++# define SSL2_CF_8_BYTE_ENC 0x02 + + /* Certificate Type Codes */ +-#define SSL2_CT_X509_CERTIFICATE 0x01 ++# define SSL2_CT_X509_CERTIFICATE 0x01 + + /* Authentication Type Code */ +-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 ++# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 + +-#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 ++# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 + + /* Upper/Lower Bounds */ +-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 +-#ifdef OPENSSL_SYS_MPE +-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u +-#else +-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ +-#endif +-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ +- +-#define SSL2_CHALLENGE_LENGTH 16 +-/*#define SSL2_CHALLENGE_LENGTH 32 */ +-#define SSL2_MIN_CHALLENGE_LENGTH 16 +-#define SSL2_MAX_CHALLENGE_LENGTH 32 +-#define SSL2_CONNECTION_ID_LENGTH 16 +-#define SSL2_MAX_CONNECTION_ID_LENGTH 16 +-#define SSL2_SSL_SESSION_ID_LENGTH 16 +-#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 +-#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 +-#define SSL2_MAX_KEY_MATERIAL_LENGTH 24 +- +-#ifndef HEADER_SSL_LOCL_H +-#define CERT char +-#endif ++# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 ++# ifdef OPENSSL_SYS_MPE ++# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u ++# else ++# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u ++ /* 2^15-1 */ ++# endif ++# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */ + +-typedef struct ssl2_state_st +- { +- int three_byte_header; +- int clear_text; /* clear text */ +- int escape; /* not used in SSLv2 */ +- int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ +- +- /* non-blocking io info, used to make sure the same +- * args were passwd */ +- unsigned int wnum; /* number of bytes sent so far */ +- int wpend_tot; +- const unsigned char *wpend_buf; +- +- int wpend_off; /* offset to data to write */ +- int wpend_len; /* number of bytes passwd to write */ +- int wpend_ret; /* number of bytes to return to caller */ +- +- /* buffer raw data */ +- int rbuf_left; +- int rbuf_offs; +- unsigned char *rbuf; +- unsigned char *wbuf; +- +- unsigned char *write_ptr;/* used to point to the start due to +- * 2/3 byte header. */ +- +- unsigned int padding; +- unsigned int rlength; /* passed to ssl2_enc */ +- int ract_data_length; /* Set when things are encrypted. */ +- unsigned int wlength; /* passed to ssl2_enc */ +- int wact_data_length; /* Set when things are decrypted. */ +- unsigned char *ract_data; +- unsigned char *wact_data; +- unsigned char *mac_data; +- +- unsigned char *read_key; +- unsigned char *write_key; +- +- /* Stuff specifically to do with this SSL session */ +- unsigned int challenge_length; +- unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; +- unsigned int conn_id_length; +- unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; +- unsigned int key_material_length; +- unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2]; ++# define SSL2_CHALLENGE_LENGTH 16 ++/* ++ * #define SSL2_CHALLENGE_LENGTH 32 ++ */ ++# define SSL2_MIN_CHALLENGE_LENGTH 16 ++# define SSL2_MAX_CHALLENGE_LENGTH 32 ++# define SSL2_CONNECTION_ID_LENGTH 16 ++# define SSL2_MAX_CONNECTION_ID_LENGTH 16 ++# define SSL2_SSL_SESSION_ID_LENGTH 16 ++# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 ++# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 ++# define SSL2_MAX_KEY_MATERIAL_LENGTH 24 + +- unsigned long read_sequence; +- unsigned long write_sequence; ++# ifndef HEADER_SSL_LOCL_H ++# define CERT char ++# endif + +- struct { +- unsigned int conn_id_length; +- unsigned int cert_type; +- unsigned int cert_length; +- unsigned int csl; +- unsigned int clear; +- unsigned int enc; +- unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; +- unsigned int cipher_spec_length; +- unsigned int session_id_length; +- unsigned int clen; +- unsigned int rlen; +- } tmp; +- } SSL2_STATE; ++typedef struct ssl2_state_st { ++ int three_byte_header; ++ int clear_text; /* clear text */ ++ int escape; /* not used in SSLv2 */ ++ int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ ++ /* ++ * non-blocking io info, used to make sure the same args were passwd ++ */ ++ unsigned int wnum; /* number of bytes sent so far */ ++ int wpend_tot; ++ const unsigned char *wpend_buf; ++ int wpend_off; /* offset to data to write */ ++ int wpend_len; /* number of bytes passwd to write */ ++ int wpend_ret; /* number of bytes to return to caller */ ++ /* buffer raw data */ ++ int rbuf_left; ++ int rbuf_offs; ++ unsigned char *rbuf; ++ unsigned char *wbuf; ++ unsigned char *write_ptr; /* used to point to the start due to 2/3 byte ++ * header. */ ++ unsigned int padding; ++ unsigned int rlength; /* passed to ssl2_enc */ ++ int ract_data_length; /* Set when things are encrypted. */ ++ unsigned int wlength; /* passed to ssl2_enc */ ++ int wact_data_length; /* Set when things are decrypted. */ ++ unsigned char *ract_data; ++ unsigned char *wact_data; ++ unsigned char *mac_data; ++ unsigned char *read_key; ++ unsigned char *write_key; ++ /* Stuff specifically to do with this SSL session */ ++ unsigned int challenge_length; ++ unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; ++ unsigned int conn_id_length; ++ unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; ++ unsigned int key_material_length; ++ unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2]; ++ unsigned long read_sequence; ++ unsigned long write_sequence; ++ struct { ++ unsigned int conn_id_length; ++ unsigned int cert_type; ++ unsigned int cert_length; ++ unsigned int csl; ++ unsigned int clear; ++ unsigned int enc; ++ unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; ++ unsigned int cipher_spec_length; ++ unsigned int session_id_length; ++ unsigned int clen; ++ unsigned int rlen; ++ } tmp; ++} SSL2_STATE; + + /* SSLv2 */ + /* client */ +-#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) +-#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) +-#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) +-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) +-#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) +-#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) +-#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) +-#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) +-#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) +-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) ++# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) ++# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) + /* server */ +-#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) +-#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) +-#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) +-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) +-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) +-#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) +-#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) +-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) +-#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) +-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) ++# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) ++# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) + + #ifdef __cplusplus + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/ssl23.h b/Cryptlib/Include/openssl/ssl23.h +index d322898..9de4685 100644 +--- a/Cryptlib/Include/openssl/ssl23.h ++++ b/Cryptlib/Include/openssl/ssl23.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,35 +49,36 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-#ifndef HEADER_SSL23_H +-#define HEADER_SSL23_H ++#ifndef HEADER_SSL23_H ++# define HEADER_SSL23_H + + #ifdef __cplusplus + extern "C" { + #endif + +-/*client */ ++/* ++ * client ++ */ + /* write to server */ +-#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) +-#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) ++# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) ++# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) + /* read from server */ +-#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) +-#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) ++# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) ++# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) + + /* server */ + /* read from client */ +-#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) +-#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) ++# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) ++# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) + + #ifdef __cplusplus + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h +index de5e559..761a0e2 100644 +--- a/Cryptlib/Include/openssl/ssl3.h ++++ b/Cryptlib/Include/openssl/ssl3.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -110,486 +110,506 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECC cipher suite support in OpenSSL originally developed by ++ * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +-#ifndef HEADER_SSL3_H +-#define HEADER_SSL3_H ++#ifndef HEADER_SSL3_H ++# define HEADER_SSL3_H + +-#ifndef OPENSSL_NO_COMP +-#include +-#endif +-#include +-#include +-#include +-#include ++# ifndef OPENSSL_NO_COMP ++# include ++# endif ++# include ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +-#define SSL3_CK_SCSV 0x030000FF +- +-#define SSL3_CK_RSA_NULL_MD5 0x03000001 +-#define SSL3_CK_RSA_NULL_SHA 0x03000002 +-#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +-#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +-#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +-#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +-#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +-#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +-#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +-#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A +- +-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 +- +-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 +- +-#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +-#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +-#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +-#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +-#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B +- +-#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C +-#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D +-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe +- to remove according to David Hopwood +- of the ietf-tls list */ +-#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E +-#endif ++/* ++ * Signalling cipher suite value from RFC 5746 ++ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) ++ */ ++# define SSL3_CK_SCSV 0x030000FF + +-/* VRS Additional Kerberos5 entries ++/* ++ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 ++ * (TLS_FALLBACK_SCSV) ++ */ ++# define SSL3_CK_FALLBACK_SCSV 0x03005600 ++ ++# define SSL3_CK_RSA_NULL_MD5 0x03000001 ++# define SSL3_CK_RSA_NULL_SHA 0x03000002 ++# define SSL3_CK_RSA_RC4_40_MD5 0x03000003 ++# define SSL3_CK_RSA_RC4_128_MD5 0x03000004 ++# define SSL3_CK_RSA_RC4_128_SHA 0x03000005 ++# define SSL3_CK_RSA_RC2_40_MD5 0x03000006 ++# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 ++# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 ++# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 ++# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A ++ ++# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B ++# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C ++# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D ++# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E ++# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F ++# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 ++ ++# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 ++# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 ++# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 ++# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 ++# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 ++# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 ++ ++# define SSL3_CK_ADH_RC4_40_MD5 0x03000017 ++# define SSL3_CK_ADH_RC4_128_MD5 0x03000018 ++# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 ++# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A ++# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B ++ ++# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C ++# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D ++# if 0 /* Because it clashes with KRB5, is never ++ * used any more, and is safe to remove ++ * according to David Hopwood ++ * of the ++ * ietf-tls list */ ++# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E ++# endif ++ ++/* ++ * VRS Additional Kerberos5 entries + */ +-#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E +-#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F +-#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 +-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 +-#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 +-#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 +-#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 +-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 +- +-#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 +-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 +-#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 +-#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 +-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A +-#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B +- +-#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +-#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +-#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +-#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +-#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +-#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +-#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +-#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +-#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +-#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" +- +-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" +- +-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" +- +-#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +-#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +-#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +-#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +-#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" +- +-#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" +-#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" +-#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" +- +-#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +-#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" +-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +-#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +-#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" +-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" +- +-#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" +-#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" +-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" +-#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" +- +-#define SSL3_SSL_SESSION_ID_LENGTH 32 +-#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 +- +-#define SSL3_MASTER_SECRET_SIZE 48 +-#define SSL3_RANDOM_SIZE 32 +-#define SSL3_SESSION_ID_SIZE 32 +-#define SSL3_RT_HEADER_LENGTH 5 ++# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E ++# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F ++# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 ++# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 ++# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 ++# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 ++# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 ++# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 ++ ++# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 ++# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 ++# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 ++# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 ++# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A ++# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B ++ ++# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" ++# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" ++# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" ++# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" ++# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" ++# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" ++# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" ++# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" ++# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" ++# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" ++ ++# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" ++# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" ++# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" ++# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" ++# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" ++# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" ++ ++# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" ++# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" ++# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" ++# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" ++# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" ++# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" ++ ++# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" ++# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" ++# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" ++# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" ++# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" ++ ++# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" ++# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" ++# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" ++ ++# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" ++# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" ++# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" ++# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" ++# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" ++# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" ++# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" ++# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" ++ ++# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" ++# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" ++# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" ++# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" ++# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" ++# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" ++ ++# define SSL3_SSL_SESSION_ID_LENGTH 32 ++# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 ++ ++# define SSL3_MASTER_SECRET_SIZE 48 ++# define SSL3_RANDOM_SIZE 32 ++# define SSL3_SESSION_ID_SIZE 32 ++# define SSL3_RT_HEADER_LENGTH 5 + + /* Due to MS stuffing up, this can change.... */ +-#if defined(OPENSSL_SYS_WIN16) || \ +- (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) +-#define SSL3_RT_MAX_EXTRA (14000) +-#else +-#define SSL3_RT_MAX_EXTRA (16384) +-#endif +- +-#define SSL3_RT_MAX_PLAIN_LENGTH 16384 +-#ifdef OPENSSL_NO_COMP +-#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +-#else +-#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) +-#endif +-#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) +-#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) +-#define SSL3_RT_MAX_DATA_SIZE (1024*1024) +- +-#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +-#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" +- +-#define SSL3_VERSION 0x0300 +-#define SSL3_VERSION_MAJOR 0x03 +-#define SSL3_VERSION_MINOR 0x00 +- +-#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +-#define SSL3_RT_ALERT 21 +-#define SSL3_RT_HANDSHAKE 22 +-#define SSL3_RT_APPLICATION_DATA 23 +- +-#define SSL3_AL_WARNING 1 +-#define SSL3_AL_FATAL 2 +- +-#define SSL3_AD_CLOSE_NOTIFY 0 +-#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ +-#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ +-#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ +-#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ +-#define SSL3_AD_NO_CERTIFICATE 41 +-#define SSL3_AD_BAD_CERTIFICATE 42 +-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +-#define SSL3_AD_CERTIFICATE_REVOKED 44 +-#define SSL3_AD_CERTIFICATE_EXPIRED 45 +-#define SSL3_AD_CERTIFICATE_UNKNOWN 46 +-#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ +- +-typedef struct ssl3_record_st +- { +-/*r */ int type; /* type of record */ +-/*rw*/ unsigned int length; /* How many bytes available */ +-/*r */ unsigned int off; /* read/write offset into 'buf' */ +-/*rw*/ unsigned char *data; /* pointer to the record data */ +-/*rw*/ unsigned char *input; /* where the decode bytes are */ +-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ +-/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */ +-/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */ +- } SSL3_RECORD; +- +-typedef struct ssl3_buffer_st +- { +- unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, +- * see ssl3_setup_buffers() */ +- size_t len; /* buffer size */ +- int offset; /* where to 'copy from' */ +- int left; /* how many bytes left */ +- } SSL3_BUFFER; +- +-#define SSL3_CT_RSA_SIGN 1 +-#define SSL3_CT_DSS_SIGN 2 +-#define SSL3_CT_RSA_FIXED_DH 3 +-#define SSL3_CT_DSS_FIXED_DH 4 +-#define SSL3_CT_RSA_EPHEMERAL_DH 5 +-#define SSL3_CT_DSS_EPHEMERAL_DH 6 +-#define SSL3_CT_FORTEZZA_DMS 20 +-/* SSL3_CT_NUMBER is used to size arrays and it must be large +- * enough to contain all of the cert types defined either for +- * SSLv3 and TLSv1. ++# if defined(OPENSSL_SYS_WIN16) || \ ++ (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) ++# define SSL3_RT_MAX_EXTRA (14000) ++# else ++# define SSL3_RT_MAX_EXTRA (16384) ++# endif ++ ++# define SSL3_RT_MAX_PLAIN_LENGTH 16384 ++# ifdef OPENSSL_NO_COMP ++# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH ++# else ++# define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH) ++# endif ++# define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH) ++# define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) ++# define SSL3_RT_MAX_DATA_SIZE (1024*1024) ++ ++# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" ++# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" ++ ++# define SSL3_VERSION 0x0300 ++# define SSL3_VERSION_MAJOR 0x03 ++# define SSL3_VERSION_MINOR 0x00 ++ ++# define SSL3_RT_CHANGE_CIPHER_SPEC 20 ++# define SSL3_RT_ALERT 21 ++# define SSL3_RT_HANDSHAKE 22 ++# define SSL3_RT_APPLICATION_DATA 23 ++ ++# define SSL3_AL_WARNING 1 ++# define SSL3_AL_FATAL 2 ++ ++# define SSL3_AD_CLOSE_NOTIFY 0 ++# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ ++# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ ++# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ ++# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ ++# define SSL3_AD_NO_CERTIFICATE 41 ++# define SSL3_AD_BAD_CERTIFICATE 42 ++# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 ++# define SSL3_AD_CERTIFICATE_REVOKED 44 ++# define SSL3_AD_CERTIFICATE_EXPIRED 45 ++# define SSL3_AD_CERTIFICATE_UNKNOWN 46 ++# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ ++ ++typedef struct ssl3_record_st { ++ /* type of record */ ++ /* ++ * r ++ */ int type; ++ /* How many bytes available */ ++ /* ++ * rw ++ */ unsigned int length; ++ /* read/write offset into 'buf' */ ++ /* ++ * r ++ */ unsigned int off; ++ /* pointer to the record data */ ++ /* ++ * rw ++ */ unsigned char *data; ++ /* where the decode bytes are */ ++ /* ++ * rw ++ */ unsigned char *input; ++ /* only used with decompression - malloc()ed */ ++ /* ++ * r ++ */ unsigned char *comp; ++ /* epoch number, needed by DTLS1 */ ++ /* ++ * r ++ */ unsigned long epoch; ++ /* sequence number, needed by DTLS1 */ ++ /* ++ * r ++ */ PQ_64BIT seq_num; ++} SSL3_RECORD; ++ ++typedef struct ssl3_buffer_st { ++ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ ++ unsigned char *buf; ++ /* buffer size */ ++ size_t len; ++ /* where to 'copy from' */ ++ int offset; ++ /* how many bytes left */ ++ int left; ++} SSL3_BUFFER; ++ ++# define SSL3_CT_RSA_SIGN 1 ++# define SSL3_CT_DSS_SIGN 2 ++# define SSL3_CT_RSA_FIXED_DH 3 ++# define SSL3_CT_DSS_FIXED_DH 4 ++# define SSL3_CT_RSA_EPHEMERAL_DH 5 ++# define SSL3_CT_DSS_EPHEMERAL_DH 6 ++# define SSL3_CT_FORTEZZA_DMS 20 ++/* ++ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to ++ * contain all of the cert types defined either for SSLv3 and TLSv1. + */ +-#define SSL3_CT_NUMBER 7 +- +- +-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 +-#define SSL3_FLAGS_POP_BUFFER 0x0004 +-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 +-#define SSL3_FLAGS_CCS_OK 0x0080 +- +-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we +- * restart a handshake because of MS SGC and so prevents us +- * from restarting the handshake in a loop. It's reset on a +- * renegotiation, so effectively limits the client to one restart +- * per negotiation. This limits the possibility of a DDoS +- * attack where the client handshakes in a loop using SGC to +- * restart. Servers which permit renegotiation can still be +- * effected, but we can't prevent that. ++# define SSL3_CT_NUMBER 7 ++ ++# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 ++# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 ++# define SSL3_FLAGS_POP_BUFFER 0x0004 ++# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 ++# define SSL3_FLAGS_CCS_OK 0x0080 ++ ++/* ++ * SSL3_FLAGS_SGC_RESTART_DONE is set when we restart a handshake because of ++ * MS SGC and so prevents us from restarting the handshake in a loop. It's ++ * reset on a renegotiation, so effectively limits the client to one restart ++ * per negotiation. This limits the possibility of a DDoS attack where the ++ * client handshakes in a loop using SGC to restart. Servers which permit ++ * renegotiation can still be effected, but we can't prevent that. + */ +-#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +- +-typedef struct ssl3_state_st +- { +- long flags; +- int delay_buf_pop_ret; +- +- unsigned char read_sequence[8]; +- unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; +- unsigned char write_sequence[8]; +- unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; +- +- unsigned char server_random[SSL3_RANDOM_SIZE]; +- unsigned char client_random[SSL3_RANDOM_SIZE]; +- +- /* flags for countermeasure against known-IV weakness */ +- int need_empty_fragments; +- int empty_fragment_done; +- +- SSL3_BUFFER rbuf; /* read IO goes into here */ +- SSL3_BUFFER wbuf; /* write IO goes into here */ +- +- SSL3_RECORD rrec; /* each decoded record goes in here */ +- SSL3_RECORD wrec; /* goes out from here */ +- +- /* storage for Alert/Handshake protocol data received but not +- * yet processed by ssl3_read_bytes: */ +- unsigned char alert_fragment[2]; +- unsigned int alert_fragment_len; +- unsigned char handshake_fragment[4]; +- unsigned int handshake_fragment_len; +- +- /* partial write - check the numbers match */ +- unsigned int wnum; /* number of bytes sent so far */ +- int wpend_tot; /* number bytes written */ +- int wpend_type; +- int wpend_ret; /* number of bytes submitted */ +- const unsigned char *wpend_buf; +- +- /* used during startup, digest all incoming/outgoing packets */ +- EVP_MD_CTX finish_dgst1; +- EVP_MD_CTX finish_dgst2; +- +- /* this is set whenerver we see a change_cipher_spec message +- * come in when we are not looking for one */ +- int change_cipher_spec; +- +- int warn_alert; +- int fatal_alert; +- /* we allow one fatal and one warning alert to be outstanding, +- * send close alert via the warning alert */ +- int alert_dispatch; +- unsigned char send_alert[2]; +- +- /* This flag is set when we should renegotiate ASAP, basically when +- * there is no more data in the read or write buffers */ +- int renegotiate; +- int total_renegotiations; +- int num_renegotiations; +- +- int in_read_app_data; +- +- struct { +- /* actually only needs to be 16+20 */ +- unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; +- +- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ +- unsigned char finish_md[EVP_MAX_MD_SIZE*2]; +- int finish_md_len; +- unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; +- int peer_finish_md_len; +- +- unsigned long message_size; +- int message_type; +- +- /* used to hold the new cipher we are going to use */ +- SSL_CIPHER *new_cipher; +-#ifndef OPENSSL_NO_DH +- DH *dh; +-#endif +- +-#ifndef OPENSSL_NO_ECDH +- EC_KEY *ecdh; /* holds short lived ECDH key */ +-#endif +- +- /* used when SSL_ST_FLUSH_DATA is entered */ +- int next_state; +- +- int reuse_message; +- +- /* used for certificate requests */ +- int cert_req; +- int ctype_num; +- char ctype[SSL3_CT_NUMBER]; +- STACK_OF(X509_NAME) *ca_names; +- +- int use_rsa_tmp; +- +- int key_block_length; +- unsigned char *key_block; +- +- const EVP_CIPHER *new_sym_enc; +- const EVP_MD *new_hash; +-#ifndef OPENSSL_NO_COMP +- const SSL_COMP *new_compression; +-#else +- char *new_compression; +-#endif +- int cert_request; +- } tmp; +- +- /* Connection binding to prevent renegotiation attacks */ +- unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; +- unsigned char previous_client_finished_len; +- unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; +- unsigned char previous_server_finished_len; +- int send_connection_binding; /* TODOEKR */ +- +-#ifndef OPENSSL_NO_TLSEXT +-#ifndef OPENSSL_NO_EC +- /* This is set to true if we believe that this is a version of Safari +- * running on OS X 10.6 or newer. We wish to know this because Safari +- * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ +- char is_probably_safari; +-#endif /* !OPENSSL_NO_EC */ +-#endif /* !OPENSSL_NO_TLSEXT */ +- } SSL3_STATE; +- ++# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 ++ ++typedef struct ssl3_state_st { ++ long flags; ++ int delay_buf_pop_ret; ++ unsigned char read_sequence[8]; ++ unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; ++ unsigned char write_sequence[8]; ++ unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; ++ unsigned char server_random[SSL3_RANDOM_SIZE]; ++ unsigned char client_random[SSL3_RANDOM_SIZE]; ++ /* flags for countermeasure against known-IV weakness */ ++ int need_empty_fragments; ++ int empty_fragment_done; ++ SSL3_BUFFER rbuf; /* read IO goes into here */ ++ SSL3_BUFFER wbuf; /* write IO goes into here */ ++ SSL3_RECORD rrec; /* each decoded record goes in here */ ++ SSL3_RECORD wrec; /* goes out from here */ ++ /* ++ * storage for Alert/Handshake protocol data received but not yet ++ * processed by ssl3_read_bytes: ++ */ ++ unsigned char alert_fragment[2]; ++ unsigned int alert_fragment_len; ++ unsigned char handshake_fragment[4]; ++ unsigned int handshake_fragment_len; ++ /* partial write - check the numbers match */ ++ unsigned int wnum; /* number of bytes sent so far */ ++ int wpend_tot; /* number bytes written */ ++ int wpend_type; ++ int wpend_ret; /* number of bytes submitted */ ++ const unsigned char *wpend_buf; ++ /* used during startup, digest all incoming/outgoing packets */ ++ EVP_MD_CTX finish_dgst1; ++ EVP_MD_CTX finish_dgst2; ++ /* ++ * this is set whenerver we see a change_cipher_spec message come in when ++ * we are not looking for one ++ */ ++ int change_cipher_spec; ++ int warn_alert; ++ int fatal_alert; ++ /* ++ * we allow one fatal and one warning alert to be outstanding, send close ++ * alert via the warning alert ++ */ ++ int alert_dispatch; ++ unsigned char send_alert[2]; ++ /* ++ * This flag is set when we should renegotiate ASAP, basically when there ++ * is no more data in the read or write buffers ++ */ ++ int renegotiate; ++ int total_renegotiations; ++ int num_renegotiations; ++ int in_read_app_data; ++ struct { ++ /* actually only needs to be 16+20 */ ++ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; ++ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ ++ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; ++ int finish_md_len; ++ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; ++ int peer_finish_md_len; ++ unsigned long message_size; ++ int message_type; ++ /* used to hold the new cipher we are going to use */ ++ SSL_CIPHER *new_cipher; ++# ifndef OPENSSL_NO_DH ++ DH *dh; ++# endif ++# ifndef OPENSSL_NO_ECDH ++ EC_KEY *ecdh; /* holds short lived ECDH key */ ++# endif ++ /* used when SSL_ST_FLUSH_DATA is entered */ ++ int next_state; ++ int reuse_message; ++ /* used for certificate requests */ ++ int cert_req; ++ int ctype_num; ++ char ctype[SSL3_CT_NUMBER]; ++ STACK_OF(X509_NAME) *ca_names; ++ int use_rsa_tmp; ++ int key_block_length; ++ unsigned char *key_block; ++ const EVP_CIPHER *new_sym_enc; ++ const EVP_MD *new_hash; ++# ifndef OPENSSL_NO_COMP ++ const SSL_COMP *new_compression; ++# else ++ char *new_compression; ++# endif ++ int cert_request; ++ } tmp; ++ ++ /* Connection binding to prevent renegotiation attacks */ ++ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; ++ unsigned char previous_client_finished_len; ++ unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; ++ unsigned char previous_server_finished_len; ++ int send_connection_binding; /* TODOEKR */ ++ ++# ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_EC ++ /* ++ * This is set to true if we believe that this is a version of Safari ++ * running on OS X 10.6 or newer. We wish to know this because Safari on ++ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. ++ */ ++ char is_probably_safari; ++# endif /* !OPENSSL_NO_EC */ ++# endif /* !OPENSSL_NO_TLSEXT */ ++} SSL3_STATE; + + /* SSLv3 */ +-/*client */ ++/* ++ * client ++ */ + /* extra state */ +-#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) ++# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) + /* write to server */ +-#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) + /* read from server */ +-#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) +-#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) +-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) +-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) +-#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) +-#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) +-#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) +-#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) ++# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) ++# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) ++# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) ++# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) + /* write to server */ +-#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) +-#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) +-#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) +-#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +-#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) +-#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) ++# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) ++# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) ++# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) ++# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) + /* read from server */ +-#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) +-#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) +-#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) +-#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) +-#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +-#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) + + /* server */ + /* extra state */ +-#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) + /* read from client */ + /* Do not change the number values, they do matter */ +-#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) + /* write to client */ +-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) +-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) ++# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) ++# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) + /* read from client */ +-#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) +-#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) + /* write to client */ +-#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +-#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) +- +-#define SSL3_MT_HELLO_REQUEST 0 +-#define SSL3_MT_CLIENT_HELLO 1 +-#define SSL3_MT_SERVER_HELLO 2 +-#define SSL3_MT_NEWSESSION_TICKET 4 +-#define SSL3_MT_CERTIFICATE 11 +-#define SSL3_MT_SERVER_KEY_EXCHANGE 12 +-#define SSL3_MT_CERTIFICATE_REQUEST 13 +-#define SSL3_MT_SERVER_DONE 14 +-#define SSL3_MT_CERTIFICATE_VERIFY 15 +-#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +-#define SSL3_MT_FINISHED 20 +-#define SSL3_MT_CERTIFICATE_STATUS 22 +-#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 +- +- +-#define SSL3_MT_CCS 1 ++# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) ++ ++# define SSL3_MT_HELLO_REQUEST 0 ++# define SSL3_MT_CLIENT_HELLO 1 ++# define SSL3_MT_SERVER_HELLO 2 ++# define SSL3_MT_NEWSESSION_TICKET 4 ++# define SSL3_MT_CERTIFICATE 11 ++# define SSL3_MT_SERVER_KEY_EXCHANGE 12 ++# define SSL3_MT_CERTIFICATE_REQUEST 13 ++# define SSL3_MT_SERVER_DONE 14 ++# define SSL3_MT_CERTIFICATE_VERIFY 15 ++# define SSL3_MT_CLIENT_KEY_EXCHANGE 16 ++# define SSL3_MT_FINISHED 20 ++# define SSL3_MT_CERTIFICATE_STATUS 22 ++# define DTLS1_MT_HELLO_VERIFY_REQUEST 3 ++ ++# define SSL3_MT_CCS 1 + + /* These are used when changing over to a new cipher */ +-#define SSL3_CC_READ 0x01 +-#define SSL3_CC_WRITE 0x02 +-#define SSL3_CC_CLIENT 0x10 +-#define SSL3_CC_SERVER 0x20 +-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +-#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +-#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +-#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) ++# define SSL3_CC_READ 0x01 ++# define SSL3_CC_WRITE 0x02 ++# define SSL3_CC_CLIENT 0x10 ++# define SSL3_CC_SERVER 0x20 ++# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) ++# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) ++# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) ++# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) + + #ifdef __cplusplus + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/stack.h b/Cryptlib/Include/openssl/stack.h +index 5cbb116..5ce8250 100644 +--- a/Cryptlib/Include/openssl/stack.h ++++ b/Cryptlib/Include/openssl/stack.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,50 +57,48 @@ + */ + + #ifndef HEADER_STACK_H +-#define HEADER_STACK_H ++# define HEADER_STACK_H + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct stack_st +- { +- int num; +- char **data; +- int sorted; +- +- int num_alloc; +- int (*comp)(const char * const *, const char * const *); +- } STACK; ++typedef struct stack_st { ++ int num; ++ char **data; ++ int sorted; ++ int num_alloc; ++ int (*comp) (const char *const *, const char *const *); ++} STACK; + +-#define M_sk_num(sk) ((sk) ? (sk)->num:-1) +-#define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) ++# define M_sk_num(sk) ((sk) ? (sk)->num:-1) ++# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) + + int sk_num(const STACK *); + char *sk_value(const STACK *, int); + + char *sk_set(STACK *, int, char *); + +-STACK *sk_new(int (*cmp)(const char * const *, const char * const *)); ++STACK *sk_new(int (*cmp) (const char *const *, const char *const *)); + STACK *sk_new_null(void); + void sk_free(STACK *); +-void sk_pop_free(STACK *st, void (*func)(void *)); +-int sk_insert(STACK *sk,char *data,int where); +-char *sk_delete(STACK *st,int loc); +-char *sk_delete_ptr(STACK *st, char *p); +-int sk_find(STACK *st,char *data); +-int sk_find_ex(STACK *st,char *data); +-int sk_push(STACK *st,char *data); +-int sk_unshift(STACK *st,char *data); +-char *sk_shift(STACK *st); +-char *sk_pop(STACK *st); +-void sk_zero(STACK *st); +-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, +- const char * const *))) +- (const char * const *, const char * const *); +-STACK *sk_dup(STACK *st); +-void sk_sort(STACK *st); +-int sk_is_sorted(const STACK *st); ++void sk_pop_free(STACK * st, void (*func) (void *)); ++int sk_insert(STACK * sk, char *data, int where); ++char *sk_delete(STACK * st, int loc); ++char *sk_delete_ptr(STACK * st, char *p); ++int sk_find(STACK * st, char *data); ++int sk_find_ex(STACK * st, char *data); ++int sk_push(STACK * st, char *data); ++int sk_unshift(STACK * st, char *data); ++char *sk_shift(STACK * st); ++char *sk_pop(STACK * st); ++void sk_zero(STACK * st); ++int (*sk_set_cmp_func(STACK * sk, int (*c) (const char *const *, ++ const char *const *))) ++ (const char *const *, const char *const *); ++STACK *sk_dup(STACK * st); ++void sk_sort(STACK * st); ++int sk_is_sorted(const STACK * st); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/store.h b/Cryptlib/Include/openssl/store.h +index 6458337..715d470 100644 +--- a/Cryptlib/Include/openssl/store.h ++++ b/Cryptlib/Include/openssl/store.h +@@ -1,6 +1,7 @@ + /* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. + */ + /* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,14 +58,14 @@ + */ + + #ifndef HEADER_STORE_H +-#define HEADER_STORE_H ++# define HEADER_STORE_H + +-#include +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#include +-#include +-#endif ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# include ++# include ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -74,41 +75,51 @@ extern "C" { + /* typedef struct store_st STORE; */ + /* typedef struct store_method_st STORE_METHOD; */ + +- +-/* All the following functions return 0, a negative number or NULL on error. +- When everything is fine, they return a positive value or a non-NULL +- pointer, all depending on their purpose. */ ++/* ++ * All the following functions return 0, a negative number or NULL on error. ++ * When everything is fine, they return a positive value or a non-NULL ++ * pointer, all depending on their purpose. ++ */ + + /* Creators and destructor. */ + STORE *STORE_new_method(const STORE_METHOD *method); + STORE *STORE_new_engine(ENGINE *engine); + void STORE_free(STORE *ui); + ++/* ++ * Give a user interface parametrised control commands. This can be used to ++ * send down an integer, a data pointer or a function pointer, as well as be ++ * used to get information from a STORE. ++ */ ++int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)); + +-/* Give a user interface parametrised control commands. This can be used to +- send down an integer, a data pointer or a function pointer, as well as +- be used to get information from a STORE. */ +-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)); +- +-/* A control to set the directory with keys and certificates. Used by the +- built-in directory level method. */ +-#define STORE_CTRL_SET_DIRECTORY 0x0001 +-/* A control to set a file to load. Used by the built-in file level method. */ +-#define STORE_CTRL_SET_FILE 0x0002 +-/* A control to set a configuration file to load. Can be used by any method +- that wishes to load a configuration file. */ +-#define STORE_CTRL_SET_CONF_FILE 0x0003 +-/* A control to set a the section of the loaded configuration file. Can be +- used by any method that wishes to load a configuration file. */ +-#define STORE_CTRL_SET_CONF_SECTION 0x0004 +- ++/* ++ * A control to set the directory with keys and certificates. Used by the ++ * built-in directory level method. ++ */ ++# define STORE_CTRL_SET_DIRECTORY 0x0001 ++/* ++ * A control to set a file to load. Used by the built-in file level method. ++ */ ++# define STORE_CTRL_SET_FILE 0x0002 ++/* ++ * A control to set a configuration file to load. Can be used by any method ++ * that wishes to load a configuration file. ++ */ ++# define STORE_CTRL_SET_CONF_FILE 0x0003 ++/* ++ * A control to set a the section of the loaded configuration file. Can be ++ * used by any method that wishes to load a configuration file. ++ */ ++# define STORE_CTRL_SET_CONF_SECTION 0x0004 + + /* Some methods may use extra data */ +-#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) +-#define STORE_get_app_data(s) STORE_get_ex_data(s,0) ++# define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg) ++# define STORE_get_app_data(s) STORE_get_ex_data(s,0) + int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +-int STORE_set_ex_data(STORE *r,int idx,void *arg); ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++int STORE_set_ex_data(STORE *r, int idx, void *arg); + void *STORE_get_ex_data(STORE *r, int idx); + + /* Use specific methods instead of the built-in one */ +@@ -116,264 +127,341 @@ const STORE_METHOD *STORE_get_method(STORE *store); + const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth); + + /* The standard OpenSSL methods. */ +-/* This is the in-memory method. It does everything except revoking and updating, +- and is of course volatile. It's used by other methods that have an in-memory +- cache. */ ++/* ++ * This is the in-memory method. It does everything except revoking and ++ * updating, and is of course volatile. It's used by other methods that have ++ * an in-memory cache. ++ */ + const STORE_METHOD *STORE_Memory(void); +-#if 0 /* Not yet implemented */ +-/* This is the directory store. It does everything except revoking and updating, +- and uses STORE_Memory() to cache things in memory. */ ++# if 0 /* Not yet implemented */ ++/* ++ * This is the directory store. It does everything except revoking and ++ * updating, and uses STORE_Memory() to cache things in memory. ++ */ + const STORE_METHOD *STORE_Directory(void); +-/* This is the file store. It does everything except revoking and updating, +- and uses STORE_Memory() to cache things in memory. Certificates are added +- to it with the store operation, and it will only get cached certificates. */ ++/* ++ * This is the file store. It does everything except revoking and updating, ++ * and uses STORE_Memory() to cache things in memory. Certificates are added ++ * to it with the store operation, and it will only get cached certificates. ++ */ + const STORE_METHOD *STORE_File(void); +-#endif ++# endif + +-/* Store functions take a type code for the type of data they should store +- or fetch */ +-typedef enum STORE_object_types +- { +- STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, /* X509 * */ +- STORE_OBJECT_TYPE_X509_CRL= 0x02, /* X509_CRL * */ +- STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, /* EVP_PKEY * */ +- STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, /* EVP_PKEY * */ +- STORE_OBJECT_TYPE_NUMBER= 0x05, /* BIGNUM * */ +- STORE_OBJECT_TYPE_ARBITRARY= 0x06, /* BUF_MEM * */ +- STORE_OBJECT_TYPE_NUM= 0x06 /* The amount of known +- object types */ +- } STORE_OBJECT_TYPES; ++/* ++ * Store functions take a type code for the type of data they should store or ++ * fetch ++ */ ++typedef enum STORE_object_types { ++ STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */ ++ STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */ ++ STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */ ++ STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */ ++ STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */ ++ STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */ ++ STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */ ++} STORE_OBJECT_TYPES; + /* List of text strings corresponding to the object types. */ +-extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1]; +- +-/* Some store functions take a parameter list. Those parameters come with +- one of the following codes. The comments following the codes below indicate +- what type the value should be a pointer to. */ +-typedef enum STORE_params +- { +- STORE_PARAM_EVP_TYPE= 0x01, /* int */ +- STORE_PARAM_BITS= 0x02, /* size_t */ +- STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */ +- STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */ +- STORE_PARAM_AUTH_PASSPHRASE= 0x05, /* char * */ +- STORE_PARAM_AUTH_KRB5_TICKET= 0x06, /* void * */ +- STORE_PARAM_TYPE_NUM= 0x06 /* The amount of known +- parameter types */ +- } STORE_PARAM_TYPES; +-/* Parameter value sizes. -1 means unknown, anything else is the required size. */ +-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1]; +- +-/* Store functions take attribute lists. Those attributes come with codes. +- The comments following the codes below indicate what type the value should +- be a pointer to. */ +-typedef enum STORE_attribs +- { +- STORE_ATTR_END= 0x00, +- STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */ +- STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */ +- STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */ +- STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */ +- STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */ +- STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */ +- STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */ +- STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */ +- STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */ +- STORE_ATTR_EMAIL= 0x0a, /* C string */ +- STORE_ATTR_FILENAME= 0x0b, /* C string */ +- STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known +- attribute types */ +- STORE_ATTR_OR= 0xff /* This is a special +- separator, which +- expresses the OR +- operation. */ +- } STORE_ATTR_TYPES; +-/* Attribute value sizes. -1 means unknown, anything else is the required size. */ +-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1]; +- +-typedef enum STORE_certificate_status +- { +- STORE_X509_VALID= 0x00, +- STORE_X509_EXPIRED= 0x01, +- STORE_X509_SUSPENDED= 0x02, +- STORE_X509_REVOKED= 0x03 +- } STORE_CERTIFICATE_STATUS; +- +-/* Engine store functions will return a structure that contains all the necessary +- * information, including revokation status for certificates. This is really not +- * needed for application authors, as the ENGINE framework functions will extract +- * the OpenSSL-specific information when at all possible. However, for engine +- * authors, it's crucial to know this structure. */ +-typedef struct STORE_OBJECT_st +- { +- STORE_OBJECT_TYPES type; +- union +- { +- struct +- { +- STORE_CERTIFICATE_STATUS status; +- X509 *certificate; +- } x509; +- X509_CRL *crl; +- EVP_PKEY *key; +- BIGNUM *number; +- BUF_MEM *arbitrary; +- } data; +- } STORE_OBJECT; ++extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1]; ++ ++/* ++ * Some store functions take a parameter list. Those parameters come with ++ * one of the following codes. The comments following the codes below ++ * indicate what type the value should be a pointer to. ++ */ ++typedef enum STORE_params { ++ STORE_PARAM_EVP_TYPE = 0x01, /* int */ ++ STORE_PARAM_BITS = 0x02, /* size_t */ ++ STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */ ++ STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */ ++ STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */ ++ STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */ ++ STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */ ++} STORE_PARAM_TYPES; ++/* ++ * Parameter value sizes. -1 means unknown, anything else is the required ++ * size. ++ */ ++extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1]; ++ ++/* ++ * Store functions take attribute lists. Those attributes come with codes. ++ * The comments following the codes below indicate what type the value should ++ * be a pointer to. ++ */ ++typedef enum STORE_attribs { ++ STORE_ATTR_END = 0x00, ++ STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */ ++ STORE_ATTR_KEYID = 0x02, /* 160 bit string (SHA1) */ ++ STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */ ++ STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */ ++ STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */ ++ STORE_ATTR_ISSUER = 0x06, /* X509_NAME * */ ++ STORE_ATTR_SERIAL = 0x07, /* BIGNUM * */ ++ STORE_ATTR_SUBJECT = 0x08, /* X509_NAME * */ ++ STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */ ++ STORE_ATTR_EMAIL = 0x0a, /* C string */ ++ STORE_ATTR_FILENAME = 0x0b, /* C string */ ++ STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */ ++ STORE_ATTR_OR = 0xff /* This is a special separator, which ++ * expresses the OR operation. */ ++} STORE_ATTR_TYPES; ++/* ++ * Attribute value sizes. -1 means unknown, anything else is the required ++ * size. ++ */ ++extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1]; ++ ++typedef enum STORE_certificate_status { ++ STORE_X509_VALID = 0x00, ++ STORE_X509_EXPIRED = 0x01, ++ STORE_X509_SUSPENDED = 0x02, ++ STORE_X509_REVOKED = 0x03 ++} STORE_CERTIFICATE_STATUS; ++ ++/* ++ * Engine store functions will return a structure that contains all the ++ * necessary information, including revokation status for certificates. This ++ * is really not needed for application authors, as the ENGINE framework ++ * functions will extract the OpenSSL-specific information when at all ++ * possible. However, for engine authors, it's crucial to know this ++ * structure. ++ */ ++typedef struct STORE_OBJECT_st { ++ STORE_OBJECT_TYPES type; ++ union { ++ struct { ++ STORE_CERTIFICATE_STATUS status; ++ X509 *certificate; ++ } x509; ++ X509_CRL *crl; ++ EVP_PKEY *key; ++ BIGNUM *number; ++ BUF_MEM *arbitrary; ++ } data; ++} STORE_OBJECT; + DECLARE_STACK_OF(STORE_OBJECT) + STORE_OBJECT *STORE_OBJECT_new(void); + void STORE_OBJECT_free(STORE_OBJECT *data); + +- +- +-/* The following functions handle the storage. They return 0, a negative number +- or NULL on error, anything else on success. */ ++/* ++ * The following functions handle the storage. They return 0, a negative ++ * number or NULL on error, anything else on success. ++ */ + X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + X509 *STORE_list_certificate_next(STORE *e, void *handle); + int STORE_list_certificate_end(STORE *e, void *handle); + int STORE_list_certificate_endp(STORE *e, void *handle); + EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_store_private_key(STORE *e, EVP_PKEY *data, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); + int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM add_sttributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle); + int STORE_list_private_key_end(STORE *e, void *handle); + int STORE_list_private_key_endp(STORE *e, void *handle); + EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); ++int STORE_store_public_key(STORE *e, EVP_PKEY *data, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); + int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM add_sttributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle); + int STORE_list_public_key_end(STORE *e, void *handle); + int STORE_list_public_key_endp(STORE *e, void *handle); + X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM add_sttributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + X509_CRL *STORE_list_crl_next(STORE *e, void *handle); + int STORE_list_crl_end(STORE *e, void *handle); + int STORE_list_crl_endp(STORE *e, void *handle); + int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM add_sttributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM add_sttributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +- ++ OPENSSL_ITEM parameters[]); + + /* Create and manipulate methods */ + STORE_METHOD *STORE_create_method(char *name); + void STORE_destroy_method(STORE_METHOD *store_method); + + /* These callback types are use for store handlers */ +-typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *); +-typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *); +-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); ++typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *); ++typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *); ++typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, ++ STORE_OBJECT_TYPES ++ type, ++ OPENSSL_ITEM ++ attributes[], ++ OPENSSL_ITEM ++ parameters[]); ++typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, ++ STORE_OBJECT_TYPES type, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); ++typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); + typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle); +-typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle); +-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]); +-typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void)); +- +-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f); +-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f); +-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f); +-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f); +-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f); +-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f); +-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); +-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f); +-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f); +-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f); +-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f); +-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR); +-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f); +- +-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm); ++typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle); ++typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); ++typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, ++ STORE_OBJECT *data, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); ++typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type, ++ OPENSSL_ITEM search_attributes[], ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); ++typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); ++typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p, ++ void (*f) (void)); ++ ++int STORE_method_set_initialise_function(STORE_METHOD *sm, ++ STORE_INITIALISE_FUNC_PTR init_f); ++int STORE_method_set_cleanup_function(STORE_METHOD *sm, ++ STORE_CLEANUP_FUNC_PTR clean_f); ++int STORE_method_set_generate_function(STORE_METHOD *sm, ++ STORE_GENERATE_OBJECT_FUNC_PTR ++ generate_f); ++int STORE_method_set_get_function(STORE_METHOD *sm, ++ STORE_GET_OBJECT_FUNC_PTR get_f); ++int STORE_method_set_store_function(STORE_METHOD *sm, ++ STORE_STORE_OBJECT_FUNC_PTR store_f); ++int STORE_method_set_modify_function(STORE_METHOD *sm, ++ STORE_MODIFY_OBJECT_FUNC_PTR store_f); ++int STORE_method_set_revoke_function(STORE_METHOD *sm, ++ STORE_HANDLE_OBJECT_FUNC_PTR revoke_f); ++int STORE_method_set_delete_function(STORE_METHOD *sm, ++ STORE_HANDLE_OBJECT_FUNC_PTR delete_f); ++int STORE_method_set_list_start_function(STORE_METHOD *sm, ++ STORE_START_OBJECT_FUNC_PTR ++ list_start_f); ++int STORE_method_set_list_next_function(STORE_METHOD *sm, ++ STORE_NEXT_OBJECT_FUNC_PTR ++ list_next_f); ++int STORE_method_set_list_end_function(STORE_METHOD *sm, ++ STORE_END_OBJECT_FUNC_PTR list_end_f); ++int STORE_method_set_update_store_function(STORE_METHOD *sm, ++ STORE_GENERIC_FUNC_PTR); ++int STORE_method_set_lock_store_function(STORE_METHOD *sm, ++ STORE_GENERIC_FUNC_PTR); ++int STORE_method_set_unlock_store_function(STORE_METHOD *sm, ++ STORE_GENERIC_FUNC_PTR); ++int STORE_method_set_ctrl_function(STORE_METHOD *sm, ++ STORE_CTRL_FUNC_PTR ctrl_f); ++ ++STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD ++ *sm); + STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm); +-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm); ++STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD ++ *sm); + STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm); + STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm); +-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm); +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm); +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm); +-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm); +-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm); +-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm); +-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm); ++STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD ++ *sm); ++STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD ++ *sm); ++STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD ++ *sm); ++STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD ++ *sm); ++STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD ++ *sm); ++STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD ++ *sm); ++STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD ++ *sm); + STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm); +-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm); ++STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD ++ *sm); + STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm); + + /* Method helper structures and functions. */ + +-/* This structure is the result of parsing through the information in a list +- of OPENSSL_ITEMs. It stores all the necessary information in a structured +- way.*/ ++/* ++ * This structure is the result of parsing through the information in a list ++ * of OPENSSL_ITEMs. It stores all the necessary information in a structured ++ * way. ++ */ + typedef struct STORE_attr_info_st STORE_ATTR_INFO; + +-/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. +- Note that we do this in the list form, since the list of OPENSSL_ITEMs can +- come in blocks separated with STORE_ATTR_OR. Note that the value returned +- by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */ ++/* ++ * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO. ++ * Note that we do this in the list form, since the list of OPENSSL_ITEMs can ++ * come in blocks separated with STORE_ATTR_OR. Note that the value returned ++ * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). ++ */ + void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes); + STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle); + int STORE_parse_attrs_end(void *handle); +@@ -384,42 +472,51 @@ STORE_ATTR_INFO *STORE_ATTR_INFO_new(void); + int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs); + + /* Manipulators */ +-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); ++char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code); + unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code); +-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); +-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code); ++ STORE_ATTR_TYPES code); ++X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code); ++BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code); + int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size); ++ char *cstr, size_t cstr_size); + int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- unsigned char *sha1str, size_t sha1str_size); ++ unsigned char *sha1str, size_t sha1str_size); + int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn); ++ X509_NAME *dn); + int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- BIGNUM *number); ++ BIGNUM *number); + int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size); +-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- unsigned char *sha1str, size_t sha1str_size); ++ char *cstr, size_t cstr_size); ++int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code, ++ unsigned char *sha1str, ++ size_t sha1str_size); + int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn); +-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- BIGNUM *number); ++ X509_NAME *dn); ++int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code, BIGNUM *number); + +-/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values +- in each contained attribute. */ ++/* ++ * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in ++ * each contained attribute. ++ */ + int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); +-/* Check if the set of attributes in a is within the range of attributes +- set in b. */ ++/* ++ * Check if the set of attributes in a is within the range of attributes set ++ * in b. ++ */ + int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + /* Check if the set of attributes in a are also set in b. */ + int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + /* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */ + int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b); + +- + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_STORE_strings(void); +@@ -427,126 +524,126 @@ void ERR_load_STORE_strings(void); + /* Error codes for the STORE functions. */ + + /* Function codes. */ +-#define STORE_F_MEM_DELETE 134 +-#define STORE_F_MEM_GENERATE 135 +-#define STORE_F_MEM_LIST_END 168 +-#define STORE_F_MEM_LIST_NEXT 136 +-#define STORE_F_MEM_LIST_START 137 +-#define STORE_F_MEM_MODIFY 169 +-#define STORE_F_MEM_STORE 138 +-#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 +-#define STORE_F_STORE_ATTR_INFO_GET0_DN 140 +-#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 +-#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 +-#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 +-#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 +-#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 +-#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 +-#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 +-#define STORE_F_STORE_ATTR_INFO_SET_DN 148 +-#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 +-#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 +-#define STORE_F_STORE_CERTIFICATE 170 +-#define STORE_F_STORE_CTRL 161 +-#define STORE_F_STORE_DELETE_ARBITRARY 158 +-#define STORE_F_STORE_DELETE_CERTIFICATE 102 +-#define STORE_F_STORE_DELETE_CRL 103 +-#define STORE_F_STORE_DELETE_NUMBER 104 +-#define STORE_F_STORE_DELETE_PRIVATE_KEY 105 +-#define STORE_F_STORE_DELETE_PUBLIC_KEY 106 +-#define STORE_F_STORE_GENERATE_CRL 107 +-#define STORE_F_STORE_GENERATE_KEY 108 +-#define STORE_F_STORE_GET_ARBITRARY 159 +-#define STORE_F_STORE_GET_CERTIFICATE 109 +-#define STORE_F_STORE_GET_CRL 110 +-#define STORE_F_STORE_GET_NUMBER 111 +-#define STORE_F_STORE_GET_PRIVATE_KEY 112 +-#define STORE_F_STORE_GET_PUBLIC_KEY 113 +-#define STORE_F_STORE_LIST_CERTIFICATE_END 114 +-#define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 +-#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 +-#define STORE_F_STORE_LIST_CERTIFICATE_START 116 +-#define STORE_F_STORE_LIST_CRL_END 117 +-#define STORE_F_STORE_LIST_CRL_ENDP 154 +-#define STORE_F_STORE_LIST_CRL_NEXT 118 +-#define STORE_F_STORE_LIST_CRL_START 119 +-#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 +-#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 +-#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 +-#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 +-#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 +-#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 +-#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 +-#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 +-#define STORE_F_STORE_MODIFY_ARBITRARY 162 +-#define STORE_F_STORE_MODIFY_CERTIFICATE 163 +-#define STORE_F_STORE_MODIFY_CRL 164 +-#define STORE_F_STORE_MODIFY_NUMBER 165 +-#define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 +-#define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 +-#define STORE_F_STORE_NEW_ENGINE 133 +-#define STORE_F_STORE_NEW_METHOD 132 +-#define STORE_F_STORE_PARSE_ATTRS_END 151 +-#define STORE_F_STORE_PARSE_ATTRS_ENDP 172 +-#define STORE_F_STORE_PARSE_ATTRS_NEXT 152 +-#define STORE_F_STORE_PARSE_ATTRS_START 171 +-#define STORE_F_STORE_REVOKE_CERTIFICATE 129 +-#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 +-#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 +-#define STORE_F_STORE_STORE_ARBITRARY 157 +-#define STORE_F_STORE_STORE_CERTIFICATE 100 +-#define STORE_F_STORE_STORE_CRL 101 +-#define STORE_F_STORE_STORE_NUMBER 126 +-#define STORE_F_STORE_STORE_PRIVATE_KEY 127 +-#define STORE_F_STORE_STORE_PUBLIC_KEY 128 ++# define STORE_F_MEM_DELETE 134 ++# define STORE_F_MEM_GENERATE 135 ++# define STORE_F_MEM_LIST_END 168 ++# define STORE_F_MEM_LIST_NEXT 136 ++# define STORE_F_MEM_LIST_START 137 ++# define STORE_F_MEM_MODIFY 169 ++# define STORE_F_MEM_STORE 138 ++# define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139 ++# define STORE_F_STORE_ATTR_INFO_GET0_DN 140 ++# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141 ++# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142 ++# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143 ++# define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144 ++# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145 ++# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146 ++# define STORE_F_STORE_ATTR_INFO_SET_CSTR 147 ++# define STORE_F_STORE_ATTR_INFO_SET_DN 148 ++# define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149 ++# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150 ++# define STORE_F_STORE_CERTIFICATE 170 ++# define STORE_F_STORE_CTRL 161 ++# define STORE_F_STORE_DELETE_ARBITRARY 158 ++# define STORE_F_STORE_DELETE_CERTIFICATE 102 ++# define STORE_F_STORE_DELETE_CRL 103 ++# define STORE_F_STORE_DELETE_NUMBER 104 ++# define STORE_F_STORE_DELETE_PRIVATE_KEY 105 ++# define STORE_F_STORE_DELETE_PUBLIC_KEY 106 ++# define STORE_F_STORE_GENERATE_CRL 107 ++# define STORE_F_STORE_GENERATE_KEY 108 ++# define STORE_F_STORE_GET_ARBITRARY 159 ++# define STORE_F_STORE_GET_CERTIFICATE 109 ++# define STORE_F_STORE_GET_CRL 110 ++# define STORE_F_STORE_GET_NUMBER 111 ++# define STORE_F_STORE_GET_PRIVATE_KEY 112 ++# define STORE_F_STORE_GET_PUBLIC_KEY 113 ++# define STORE_F_STORE_LIST_CERTIFICATE_END 114 ++# define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153 ++# define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115 ++# define STORE_F_STORE_LIST_CERTIFICATE_START 116 ++# define STORE_F_STORE_LIST_CRL_END 117 ++# define STORE_F_STORE_LIST_CRL_ENDP 154 ++# define STORE_F_STORE_LIST_CRL_NEXT 118 ++# define STORE_F_STORE_LIST_CRL_START 119 ++# define STORE_F_STORE_LIST_PRIVATE_KEY_END 120 ++# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155 ++# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121 ++# define STORE_F_STORE_LIST_PRIVATE_KEY_START 122 ++# define STORE_F_STORE_LIST_PUBLIC_KEY_END 123 ++# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156 ++# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124 ++# define STORE_F_STORE_LIST_PUBLIC_KEY_START 125 ++# define STORE_F_STORE_MODIFY_ARBITRARY 162 ++# define STORE_F_STORE_MODIFY_CERTIFICATE 163 ++# define STORE_F_STORE_MODIFY_CRL 164 ++# define STORE_F_STORE_MODIFY_NUMBER 165 ++# define STORE_F_STORE_MODIFY_PRIVATE_KEY 166 ++# define STORE_F_STORE_MODIFY_PUBLIC_KEY 167 ++# define STORE_F_STORE_NEW_ENGINE 133 ++# define STORE_F_STORE_NEW_METHOD 132 ++# define STORE_F_STORE_PARSE_ATTRS_END 151 ++# define STORE_F_STORE_PARSE_ATTRS_ENDP 172 ++# define STORE_F_STORE_PARSE_ATTRS_NEXT 152 ++# define STORE_F_STORE_PARSE_ATTRS_START 171 ++# define STORE_F_STORE_REVOKE_CERTIFICATE 129 ++# define STORE_F_STORE_REVOKE_PRIVATE_KEY 130 ++# define STORE_F_STORE_REVOKE_PUBLIC_KEY 131 ++# define STORE_F_STORE_STORE_ARBITRARY 157 ++# define STORE_F_STORE_STORE_CERTIFICATE 100 ++# define STORE_F_STORE_STORE_CRL 101 ++# define STORE_F_STORE_STORE_NUMBER 126 ++# define STORE_F_STORE_STORE_PRIVATE_KEY 127 ++# define STORE_F_STORE_STORE_PUBLIC_KEY 128 + + /* Reason codes. */ +-#define STORE_R_ALREADY_HAS_A_VALUE 127 +-#define STORE_R_FAILED_DELETING_ARBITRARY 132 +-#define STORE_R_FAILED_DELETING_CERTIFICATE 100 +-#define STORE_R_FAILED_DELETING_KEY 101 +-#define STORE_R_FAILED_DELETING_NUMBER 102 +-#define STORE_R_FAILED_GENERATING_CRL 103 +-#define STORE_R_FAILED_GENERATING_KEY 104 +-#define STORE_R_FAILED_GETTING_ARBITRARY 133 +-#define STORE_R_FAILED_GETTING_CERTIFICATE 105 +-#define STORE_R_FAILED_GETTING_KEY 106 +-#define STORE_R_FAILED_GETTING_NUMBER 107 +-#define STORE_R_FAILED_LISTING_CERTIFICATES 108 +-#define STORE_R_FAILED_LISTING_KEYS 109 +-#define STORE_R_FAILED_MODIFYING_ARBITRARY 138 +-#define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 +-#define STORE_R_FAILED_MODIFYING_CRL 140 +-#define STORE_R_FAILED_MODIFYING_NUMBER 141 +-#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 +-#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 +-#define STORE_R_FAILED_REVOKING_CERTIFICATE 110 +-#define STORE_R_FAILED_REVOKING_KEY 111 +-#define STORE_R_FAILED_STORING_ARBITRARY 134 +-#define STORE_R_FAILED_STORING_CERTIFICATE 112 +-#define STORE_R_FAILED_STORING_KEY 113 +-#define STORE_R_FAILED_STORING_NUMBER 114 +-#define STORE_R_NOT_IMPLEMENTED 128 +-#define STORE_R_NO_CONTROL_FUNCTION 144 +-#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 +-#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 +-#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 +-#define STORE_R_NO_GENERATE_CRL_FUNCTION 117 +-#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 +-#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 +-#define STORE_R_NO_GET_OBJECT_FUNCTION 119 +-#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 +-#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 +-#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 +-#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 +-#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 +-#define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 +-#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 +-#define STORE_R_NO_STORE 129 +-#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 +-#define STORE_R_NO_STORE_OBJECT_FUNCTION 125 +-#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 +-#define STORE_R_NO_VALUE 130 ++# define STORE_R_ALREADY_HAS_A_VALUE 127 ++# define STORE_R_FAILED_DELETING_ARBITRARY 132 ++# define STORE_R_FAILED_DELETING_CERTIFICATE 100 ++# define STORE_R_FAILED_DELETING_KEY 101 ++# define STORE_R_FAILED_DELETING_NUMBER 102 ++# define STORE_R_FAILED_GENERATING_CRL 103 ++# define STORE_R_FAILED_GENERATING_KEY 104 ++# define STORE_R_FAILED_GETTING_ARBITRARY 133 ++# define STORE_R_FAILED_GETTING_CERTIFICATE 105 ++# define STORE_R_FAILED_GETTING_KEY 106 ++# define STORE_R_FAILED_GETTING_NUMBER 107 ++# define STORE_R_FAILED_LISTING_CERTIFICATES 108 ++# define STORE_R_FAILED_LISTING_KEYS 109 ++# define STORE_R_FAILED_MODIFYING_ARBITRARY 138 ++# define STORE_R_FAILED_MODIFYING_CERTIFICATE 139 ++# define STORE_R_FAILED_MODIFYING_CRL 140 ++# define STORE_R_FAILED_MODIFYING_NUMBER 141 ++# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142 ++# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143 ++# define STORE_R_FAILED_REVOKING_CERTIFICATE 110 ++# define STORE_R_FAILED_REVOKING_KEY 111 ++# define STORE_R_FAILED_STORING_ARBITRARY 134 ++# define STORE_R_FAILED_STORING_CERTIFICATE 112 ++# define STORE_R_FAILED_STORING_KEY 113 ++# define STORE_R_FAILED_STORING_NUMBER 114 ++# define STORE_R_NOT_IMPLEMENTED 128 ++# define STORE_R_NO_CONTROL_FUNCTION 144 ++# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135 ++# define STORE_R_NO_DELETE_NUMBER_FUNCTION 115 ++# define STORE_R_NO_DELETE_OBJECT_FUNCTION 116 ++# define STORE_R_NO_GENERATE_CRL_FUNCTION 117 ++# define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118 ++# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136 ++# define STORE_R_NO_GET_OBJECT_FUNCTION 119 ++# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120 ++# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131 ++# define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121 ++# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122 ++# define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123 ++# define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145 ++# define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124 ++# define STORE_R_NO_STORE 129 ++# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137 ++# define STORE_R_NO_STORE_OBJECT_FUNCTION 125 ++# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126 ++# define STORE_R_NO_VALUE 130 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h +index c540771..b8a6ddf 100644 +--- a/Cryptlib/Include/openssl/symhacks.h ++++ b/Cryptlib/Include/openssl/symhacks.h +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,375 +53,386 @@ + */ + + #ifndef HEADER_SYMHACKS_H +-#define HEADER_SYMHACKS_H ++# define HEADER_SYMHACKS_H + +-#include ++# include + +-/* Hacks to solve the problem with linkers incapable of handling very long +- symbol names. In the case of VMS, the limit is 31 characters on VMS for +- VAX. */ +-/* Note that this affects util/libeay.num and util/ssleay.num... you may +- change those manually, but that's not recommended, as those files are +- controlled centrally and updated on Unix, and the central definition +- may disagree with yours, which in turn may come with shareable library +- incompatibilities. */ +-#ifdef OPENSSL_SYS_VMS ++/* ++ * Hacks to solve the problem with linkers incapable of handling very long ++ * symbol names. In the case of VMS, the limit is 31 characters on VMS for ++ * VAX. ++ */ ++/* ++ * Note that this affects util/libeay.num and util/ssleay.num... you may ++ * change those manually, but that's not recommended, as those files are ++ * controlled centrally and updated on Unix, and the central definition may ++ * disagree with yours, which in turn may come with shareable library ++ * incompatibilities. ++ */ ++# ifdef OPENSSL_SYS_VMS + + /* Hack a long name in crypto/cryptlib.c */ +-#undef int_CRYPTO_set_do_dynlock_callback +-#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb ++# undef int_CRYPTO_set_do_dynlock_callback ++# define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb + + /* Hack a long name in crypto/ex_data.c */ +-#undef CRYPTO_get_ex_data_implementation +-#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl +-#undef CRYPTO_set_ex_data_implementation +-#define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl ++# undef CRYPTO_get_ex_data_implementation ++# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl ++# undef CRYPTO_set_ex_data_implementation ++# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl + + /* Hack a long name in crypto/asn1/a_mbstr.c */ +-#undef ASN1_STRING_set_default_mask_asc +-#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc ++# undef ASN1_STRING_set_default_mask_asc ++# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc + +-#if 0 /* No longer needed, since safestack macro magic does the job */ ++# if 0 /* No longer needed, since safestack macro ++ * magic does the job */ + /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ +-#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO +-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF +-#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO +-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF +-#endif +- +-#if 0 /* No longer needed, since safestack macro magic does the job */ ++# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO ++# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF ++# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO ++# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF ++# endif ++ ++# if 0 /* No longer needed, since safestack macro ++ * magic does the job */ + /* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ +-#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO +-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF +-#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO +-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF +-#endif +- +-#if 0 /* No longer needed, since safestack macro magic does the job */ ++# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO ++# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF ++# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO ++# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF ++# endif ++ ++# if 0 /* No longer needed, since safestack macro ++ * magic does the job */ + /* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ +-#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION +-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC +-#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION +-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC +-#endif ++# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION ++# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC ++# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION ++# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC ++# endif + + /* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ +-#undef PEM_read_NETSCAPE_CERT_SEQUENCE +-#define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ +-#undef PEM_write_NETSCAPE_CERT_SEQUENCE +-#define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ +-#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE +-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ +-#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE +-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ +-#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE +-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ ++# undef PEM_read_NETSCAPE_CERT_SEQUENCE ++# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ ++# undef PEM_write_NETSCAPE_CERT_SEQUENCE ++# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ ++# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE ++# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ ++# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE ++# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ ++# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE ++# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ + + /* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ +-#undef PEM_read_PKCS8_PRIV_KEY_INFO +-#define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO +-#undef PEM_write_PKCS8_PRIV_KEY_INFO +-#define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO +-#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO +-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO +-#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO +-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO +-#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO +-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO ++# undef PEM_read_PKCS8_PRIV_KEY_INFO ++# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO ++# undef PEM_write_PKCS8_PRIV_KEY_INFO ++# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO ++# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO ++# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO ++# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO ++# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO ++# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO ++# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO + + /* Hack other PEM names */ +-#undef PEM_write_bio_PKCS8PrivateKey_nid +-#define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid ++# undef PEM_write_bio_PKCS8PrivateKey_nid ++# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid + + /* Hack some long X509 names */ +-#undef X509_REVOKED_get_ext_by_critical +-#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic +-#undef X509_policy_tree_get0_user_policies +-#define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies +-#undef X509_policy_node_get0_qualifiers +-#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers +-#undef X509_STORE_CTX_get_explicit_policy +-#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy +-#undef X509_STORE_CTX_get0_current_issuer +-#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer ++# undef X509_REVOKED_get_ext_by_critical ++# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic ++# undef X509_policy_tree_get0_user_policies ++# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies ++# undef X509_policy_node_get0_qualifiers ++# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers ++# undef X509_STORE_CTX_get_explicit_policy ++# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy ++# undef X509_STORE_CTX_get0_current_issuer ++# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer + + /* Hack some long CRYPTO names */ +-#undef CRYPTO_set_dynlock_destroy_callback +-#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb +-#undef CRYPTO_set_dynlock_create_callback +-#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb +-#undef CRYPTO_set_dynlock_lock_callback +-#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb +-#undef CRYPTO_get_dynlock_lock_callback +-#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb +-#undef CRYPTO_get_dynlock_destroy_callback +-#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb +-#undef CRYPTO_get_dynlock_create_callback +-#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb +-#undef CRYPTO_set_locked_mem_ex_functions +-#define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs +-#undef CRYPTO_get_locked_mem_ex_functions +-#define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs ++# undef CRYPTO_set_dynlock_destroy_callback ++# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb ++# undef CRYPTO_set_dynlock_create_callback ++# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb ++# undef CRYPTO_set_dynlock_lock_callback ++# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb ++# undef CRYPTO_get_dynlock_lock_callback ++# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb ++# undef CRYPTO_get_dynlock_destroy_callback ++# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb ++# undef CRYPTO_get_dynlock_create_callback ++# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb ++# undef CRYPTO_set_locked_mem_ex_functions ++# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs ++# undef CRYPTO_get_locked_mem_ex_functions ++# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs + + /* Hack some long SSL names */ +-#undef SSL_CTX_set_default_verify_paths +-#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths +-#undef SSL_get_ex_data_X509_STORE_CTX_idx +-#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx +-#undef SSL_add_file_cert_subjects_to_stack +-#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk +-#undef SSL_add_dir_cert_subjects_to_stack +-#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk +-#undef SSL_CTX_use_certificate_chain_file +-#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file +-#undef SSL_CTX_set_cert_verify_callback +-#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb +-#undef SSL_CTX_set_default_passwd_cb_userdata +-#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud +-#undef SSL_COMP_get_compression_methods +-#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods +- +-#undef ssl_add_clienthello_renegotiate_ext +-#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext +-#undef ssl_add_serverhello_renegotiate_ext +-#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext +-#undef ssl_parse_clienthello_renegotiate_ext +-#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext +-#undef ssl_parse_serverhello_renegotiate_ext +-#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext ++# undef SSL_CTX_set_default_verify_paths ++# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths ++# undef SSL_get_ex_data_X509_STORE_CTX_idx ++# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx ++# undef SSL_add_file_cert_subjects_to_stack ++# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk ++# undef SSL_add_dir_cert_subjects_to_stack ++# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk ++# undef SSL_CTX_use_certificate_chain_file ++# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file ++# undef SSL_CTX_set_cert_verify_callback ++# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb ++# undef SSL_CTX_set_default_passwd_cb_userdata ++# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud ++# undef SSL_COMP_get_compression_methods ++# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods ++ ++# undef ssl_add_clienthello_renegotiate_ext ++# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext ++# undef ssl_add_serverhello_renegotiate_ext ++# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext ++# undef ssl_parse_clienthello_renegotiate_ext ++# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext ++# undef ssl_parse_serverhello_renegotiate_ext ++# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext ++ ++# undef ssl3_cbc_record_digest_supported ++# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support ++# undef ssl_check_clienthello_tlsext_late ++# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late ++# undef ssl_check_clienthello_tlsext_early ++# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early + + /* Hack some long ENGINE names */ +-#undef ENGINE_get_default_BN_mod_exp_crt +-#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt +-#undef ENGINE_set_default_BN_mod_exp_crt +-#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt +-#undef ENGINE_set_load_privkey_function +-#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn +-#undef ENGINE_get_load_privkey_function +-#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +-#undef ENGINE_set_load_ssl_client_cert_function +-#define ENGINE_set_load_ssl_client_cert_function \ +- ENGINE_set_ld_ssl_clnt_cert_fn +-#undef ENGINE_get_ssl_client_cert_function +-#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn ++# undef ENGINE_get_default_BN_mod_exp_crt ++# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt ++# undef ENGINE_set_default_BN_mod_exp_crt ++# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt ++# undef ENGINE_set_load_privkey_function ++# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn ++# undef ENGINE_get_load_privkey_function ++# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn ++# undef ENGINE_set_load_ssl_client_cert_function ++# define ENGINE_set_load_ssl_client_cert_function \ ++ ENGINE_set_ld_ssl_clnt_cert_fn ++# undef ENGINE_get_ssl_client_cert_function ++# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn + + /* Hack some long OCSP names */ +-#undef OCSP_REQUEST_get_ext_by_critical +-#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit +-#undef OCSP_BASICRESP_get_ext_by_critical +-#define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit +-#undef OCSP_SINGLERESP_get_ext_by_critical +-#define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit ++# undef OCSP_REQUEST_get_ext_by_critical ++# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit ++# undef OCSP_BASICRESP_get_ext_by_critical ++# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit ++# undef OCSP_SINGLERESP_get_ext_by_critical ++# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit + + /* Hack some long DES names */ +-#undef _ossl_old_des_ede3_cfb64_encrypt +-#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt +-#undef _ossl_old_des_ede3_ofb64_encrypt +-#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt ++# undef _ossl_old_des_ede3_cfb64_encrypt ++# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt ++# undef _ossl_old_des_ede3_ofb64_encrypt ++# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt + + /* Hack some long EVP names */ +-#undef OPENSSL_add_all_algorithms_noconf +-#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf +-#undef OPENSSL_add_all_algorithms_conf +-#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf ++# undef OPENSSL_add_all_algorithms_noconf ++# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf ++# undef OPENSSL_add_all_algorithms_conf ++# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf + + /* Hack some long EC names */ +-#undef EC_GROUP_set_point_conversion_form +-#define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form +-#undef EC_GROUP_get_point_conversion_form +-#define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form +-#undef EC_GROUP_clear_free_all_extra_data +-#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data +-#undef EC_POINT_set_Jprojective_coordinates_GFp +-#define EC_POINT_set_Jprojective_coordinates_GFp \ ++# undef EC_GROUP_set_point_conversion_form ++# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form ++# undef EC_GROUP_get_point_conversion_form ++# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form ++# undef EC_GROUP_clear_free_all_extra_data ++# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data ++# undef EC_POINT_set_Jprojective_coordinates_GFp ++# define EC_POINT_set_Jprojective_coordinates_GFp \ + EC_POINT_set_Jproj_coords_GFp +-#undef EC_POINT_get_Jprojective_coordinates_GFp +-#define EC_POINT_get_Jprojective_coordinates_GFp \ ++# undef EC_POINT_get_Jprojective_coordinates_GFp ++# define EC_POINT_get_Jprojective_coordinates_GFp \ + EC_POINT_get_Jproj_coords_GFp +-#undef EC_POINT_set_affine_coordinates_GFp +-#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp +-#undef EC_POINT_get_affine_coordinates_GFp +-#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp +-#undef EC_POINT_set_compressed_coordinates_GFp +-#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp +-#undef EC_POINT_set_affine_coordinates_GF2m +-#define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m +-#undef EC_POINT_get_affine_coordinates_GF2m +-#define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m +-#undef EC_POINT_set_compressed_coordinates_GF2m +-#define EC_POINT_set_compressed_coordinates_GF2m \ ++# undef EC_POINT_set_affine_coordinates_GFp ++# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp ++# undef EC_POINT_get_affine_coordinates_GFp ++# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp ++# undef EC_POINT_set_compressed_coordinates_GFp ++# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp ++# undef EC_POINT_set_affine_coordinates_GF2m ++# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m ++# undef EC_POINT_get_affine_coordinates_GF2m ++# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m ++# undef EC_POINT_set_compressed_coordinates_GF2m ++# define EC_POINT_set_compressed_coordinates_GF2m \ + EC_POINT_set_compr_coords_GF2m +-#undef ec_GF2m_simple_group_clear_finish +-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish +-#undef ec_GF2m_simple_group_check_discriminant +-#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim +-#undef ec_GF2m_simple_point_clear_finish +-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish +-#undef ec_GF2m_simple_point_set_to_infinity +-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf +-#undef ec_GF2m_simple_points_make_affine +-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine +-#undef ec_GF2m_simple_point_set_affine_coordinates +-#define ec_GF2m_simple_point_set_affine_coordinates \ ++# undef ec_GF2m_simple_group_clear_finish ++# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish ++# undef ec_GF2m_simple_group_check_discriminant ++# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim ++# undef ec_GF2m_simple_point_clear_finish ++# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish ++# undef ec_GF2m_simple_point_set_to_infinity ++# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf ++# undef ec_GF2m_simple_points_make_affine ++# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine ++# undef ec_GF2m_simple_point_set_affine_coordinates ++# define ec_GF2m_simple_point_set_affine_coordinates \ + ec_GF2m_smp_pt_set_af_coords +-#undef ec_GF2m_simple_point_get_affine_coordinates +-#define ec_GF2m_simple_point_get_affine_coordinates \ ++# undef ec_GF2m_simple_point_get_affine_coordinates ++# define ec_GF2m_simple_point_get_affine_coordinates \ + ec_GF2m_smp_pt_get_af_coords +-#undef ec_GF2m_simple_set_compressed_coordinates +-#define ec_GF2m_simple_set_compressed_coordinates \ ++# undef ec_GF2m_simple_set_compressed_coordinates ++# define ec_GF2m_simple_set_compressed_coordinates \ + ec_GF2m_smp_set_compr_coords +-#undef ec_GFp_simple_group_set_curve_GFp +-#define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp +-#undef ec_GFp_simple_group_get_curve_GFp +-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp +-#undef ec_GFp_simple_group_clear_finish +-#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish +-#undef ec_GFp_simple_group_set_generator +-#define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator +-#undef ec_GFp_simple_group_get0_generator +-#define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator +-#undef ec_GFp_simple_group_get_cofactor +-#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor +-#undef ec_GFp_simple_point_clear_finish +-#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish +-#undef ec_GFp_simple_point_set_to_infinity +-#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf +-#undef ec_GFp_simple_points_make_affine +-#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine +-#undef ec_GFp_simple_set_Jprojective_coordinates_GFp +-#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ ++# undef ec_GFp_simple_group_set_curve_GFp ++# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp ++# undef ec_GFp_simple_group_get_curve_GFp ++# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp ++# undef ec_GFp_simple_group_clear_finish ++# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish ++# undef ec_GFp_simple_group_set_generator ++# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator ++# undef ec_GFp_simple_group_get0_generator ++# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator ++# undef ec_GFp_simple_group_get_cofactor ++# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor ++# undef ec_GFp_simple_point_clear_finish ++# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish ++# undef ec_GFp_simple_point_set_to_infinity ++# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf ++# undef ec_GFp_simple_points_make_affine ++# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine ++# undef ec_GFp_simple_set_Jprojective_coordinates_GFp ++# define ec_GFp_simple_set_Jprojective_coordinates_GFp \ + ec_GFp_smp_set_Jproj_coords_GFp +-#undef ec_GFp_simple_get_Jprojective_coordinates_GFp +-#define ec_GFp_simple_get_Jprojective_coordinates_GFp \ ++# undef ec_GFp_simple_get_Jprojective_coordinates_GFp ++# define ec_GFp_simple_get_Jprojective_coordinates_GFp \ + ec_GFp_smp_get_Jproj_coords_GFp +-#undef ec_GFp_simple_point_set_affine_coordinates_GFp +-#define ec_GFp_simple_point_set_affine_coordinates_GFp \ ++# undef ec_GFp_simple_point_set_affine_coordinates_GFp ++# define ec_GFp_simple_point_set_affine_coordinates_GFp \ + ec_GFp_smp_pt_set_af_coords_GFp +-#undef ec_GFp_simple_point_get_affine_coordinates_GFp +-#define ec_GFp_simple_point_get_affine_coordinates_GFp \ ++# undef ec_GFp_simple_point_get_affine_coordinates_GFp ++# define ec_GFp_simple_point_get_affine_coordinates_GFp \ + ec_GFp_smp_pt_get_af_coords_GFp +-#undef ec_GFp_simple_set_compressed_coordinates_GFp +-#define ec_GFp_simple_set_compressed_coordinates_GFp \ ++# undef ec_GFp_simple_set_compressed_coordinates_GFp ++# define ec_GFp_simple_set_compressed_coordinates_GFp \ + ec_GFp_smp_set_compr_coords_GFp +-#undef ec_GFp_simple_point_set_affine_coordinates +-#define ec_GFp_simple_point_set_affine_coordinates \ ++# undef ec_GFp_simple_point_set_affine_coordinates ++# define ec_GFp_simple_point_set_affine_coordinates \ + ec_GFp_smp_pt_set_af_coords +-#undef ec_GFp_simple_point_get_affine_coordinates +-#define ec_GFp_simple_point_get_affine_coordinates \ ++# undef ec_GFp_simple_point_get_affine_coordinates ++# define ec_GFp_simple_point_get_affine_coordinates \ + ec_GFp_smp_pt_get_af_coords +-#undef ec_GFp_simple_set_compressed_coordinates +-#define ec_GFp_simple_set_compressed_coordinates \ ++# undef ec_GFp_simple_set_compressed_coordinates ++# define ec_GFp_simple_set_compressed_coordinates \ + ec_GFp_smp_set_compr_coords +-#undef ec_GFp_simple_group_check_discriminant +-#define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim ++# undef ec_GFp_simple_group_check_discriminant ++# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim + + /* Hack som long STORE names */ +-#undef STORE_method_set_initialise_function +-#define STORE_method_set_initialise_function STORE_meth_set_initialise_fn +-#undef STORE_method_set_cleanup_function +-#define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn +-#undef STORE_method_set_generate_function +-#define STORE_method_set_generate_function STORE_meth_set_generate_fn +-#undef STORE_method_set_modify_function +-#define STORE_method_set_modify_function STORE_meth_set_modify_fn +-#undef STORE_method_set_revoke_function +-#define STORE_method_set_revoke_function STORE_meth_set_revoke_fn +-#undef STORE_method_set_delete_function +-#define STORE_method_set_delete_function STORE_meth_set_delete_fn +-#undef STORE_method_set_list_start_function +-#define STORE_method_set_list_start_function STORE_meth_set_list_start_fn +-#undef STORE_method_set_list_next_function +-#define STORE_method_set_list_next_function STORE_meth_set_list_next_fn +-#undef STORE_method_set_list_end_function +-#define STORE_method_set_list_end_function STORE_meth_set_list_end_fn +-#undef STORE_method_set_update_store_function +-#define STORE_method_set_update_store_function STORE_meth_set_update_store_fn +-#undef STORE_method_set_lock_store_function +-#define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn +-#undef STORE_method_set_unlock_store_function +-#define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn +-#undef STORE_method_get_initialise_function +-#define STORE_method_get_initialise_function STORE_meth_get_initialise_fn +-#undef STORE_method_get_cleanup_function +-#define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn +-#undef STORE_method_get_generate_function +-#define STORE_method_get_generate_function STORE_meth_get_generate_fn +-#undef STORE_method_get_modify_function +-#define STORE_method_get_modify_function STORE_meth_get_modify_fn +-#undef STORE_method_get_revoke_function +-#define STORE_method_get_revoke_function STORE_meth_get_revoke_fn +-#undef STORE_method_get_delete_function +-#define STORE_method_get_delete_function STORE_meth_get_delete_fn +-#undef STORE_method_get_list_start_function +-#define STORE_method_get_list_start_function STORE_meth_get_list_start_fn +-#undef STORE_method_get_list_next_function +-#define STORE_method_get_list_next_function STORE_meth_get_list_next_fn +-#undef STORE_method_get_list_end_function +-#define STORE_method_get_list_end_function STORE_meth_get_list_end_fn +-#undef STORE_method_get_update_store_function +-#define STORE_method_get_update_store_function STORE_meth_get_update_store_fn +-#undef STORE_method_get_lock_store_function +-#define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn +-#undef STORE_method_get_unlock_store_function +-#define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn ++# undef STORE_method_set_initialise_function ++# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn ++# undef STORE_method_set_cleanup_function ++# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn ++# undef STORE_method_set_generate_function ++# define STORE_method_set_generate_function STORE_meth_set_generate_fn ++# undef STORE_method_set_modify_function ++# define STORE_method_set_modify_function STORE_meth_set_modify_fn ++# undef STORE_method_set_revoke_function ++# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn ++# undef STORE_method_set_delete_function ++# define STORE_method_set_delete_function STORE_meth_set_delete_fn ++# undef STORE_method_set_list_start_function ++# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn ++# undef STORE_method_set_list_next_function ++# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn ++# undef STORE_method_set_list_end_function ++# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn ++# undef STORE_method_set_update_store_function ++# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn ++# undef STORE_method_set_lock_store_function ++# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn ++# undef STORE_method_set_unlock_store_function ++# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn ++# undef STORE_method_get_initialise_function ++# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn ++# undef STORE_method_get_cleanup_function ++# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn ++# undef STORE_method_get_generate_function ++# define STORE_method_get_generate_function STORE_meth_get_generate_fn ++# undef STORE_method_get_modify_function ++# define STORE_method_get_modify_function STORE_meth_get_modify_fn ++# undef STORE_method_get_revoke_function ++# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn ++# undef STORE_method_get_delete_function ++# define STORE_method_get_delete_function STORE_meth_get_delete_fn ++# undef STORE_method_get_list_start_function ++# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn ++# undef STORE_method_get_list_next_function ++# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn ++# undef STORE_method_get_list_end_function ++# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn ++# undef STORE_method_get_update_store_function ++# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn ++# undef STORE_method_get_lock_store_function ++# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn ++# undef STORE_method_get_unlock_store_function ++# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn + + /* Hack some long CMS names */ +-#undef CMS_RecipientInfo_ktri_get0_algs +-#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs +-#undef CMS_RecipientInfo_ktri_get0_signer_id +-#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id +-#undef CMS_OtherRevocationInfoFormat_it +-#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it +-#undef CMS_KeyAgreeRecipientIdentifier_it +-#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it +-#undef CMS_OriginatorIdentifierOrKey_it +-#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it +-#undef cms_SignerIdentifier_get0_signer_id +-#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id ++# undef CMS_RecipientInfo_ktri_get0_algs ++# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs ++# undef CMS_RecipientInfo_ktri_get0_signer_id ++# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id ++# undef CMS_OtherRevocationInfoFormat_it ++# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it ++# undef CMS_KeyAgreeRecipientIdentifier_it ++# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it ++# undef CMS_OriginatorIdentifierOrKey_it ++# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it ++# undef cms_SignerIdentifier_get0_signer_id ++# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id + + /* Hack some long DTLS1 names */ +-#undef dtls1_retransmit_buffered_messages +-#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs +- +-#endif /* defined OPENSSL_SYS_VMS */ ++# undef dtls1_retransmit_buffered_messages ++# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs + ++# endif /* defined OPENSSL_SYS_VMS */ + + /* Case insensiteve linking causes problems.... */ +-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) +-#undef ERR_load_CRYPTO_strings +-#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings +-#undef OCSP_crlID_new +-#define OCSP_crlID_new OCSP_crlID2_new +- +-#undef d2i_ECPARAMETERS +-#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS +-#undef i2d_ECPARAMETERS +-#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS +-#undef d2i_ECPKPARAMETERS +-#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS +-#undef i2d_ECPKPARAMETERS +-#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS +- +-/* These functions do not seem to exist! However, I'm paranoid... +- Original command in x509v3.h: +- These functions are being redefined in another directory, +- and clash when the linker is case-insensitive, so let's +- hide them a little, by giving them an extra 'o' at the +- beginning of the name... */ +-#undef X509v3_cleanup_extensions +-#define X509v3_cleanup_extensions oX509v3_cleanup_extensions +-#undef X509v3_add_extension +-#define X509v3_add_extension oX509v3_add_extension +-#undef X509v3_add_netscape_extensions +-#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions +-#undef X509v3_add_standard_extensions +-#define X509v3_add_standard_extensions oX509v3_add_standard_extensions +- +- +-#endif +- +- +-#endif /* ! defined HEADER_VMS_IDHACKS_H */ ++# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) ++# undef ERR_load_CRYPTO_strings ++# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings ++# undef OCSP_crlID_new ++# define OCSP_crlID_new OCSP_crlID2_new ++ ++# undef d2i_ECPARAMETERS ++# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS ++# undef i2d_ECPARAMETERS ++# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS ++# undef d2i_ECPKPARAMETERS ++# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS ++# undef i2d_ECPKPARAMETERS ++# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS ++ ++/* ++ * These functions do not seem to exist! However, I'm paranoid... Original ++ * command in x509v3.h: These functions are being redefined in another ++ * directory, and clash when the linker is case-insensitive, so let's hide ++ * them a little, by giving them an extra 'o' at the beginning of the name... ++ */ ++# undef X509v3_cleanup_extensions ++# define X509v3_cleanup_extensions oX509v3_cleanup_extensions ++# undef X509v3_add_extension ++# define X509v3_add_extension oX509v3_add_extension ++# undef X509v3_add_netscape_extensions ++# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions ++# undef X509v3_add_standard_extensions ++# define X509v3_add_standard_extensions oX509v3_add_standard_extensions ++ ++# endif ++ ++#endif /* ! defined HEADER_VMS_IDHACKS_H */ + /* This one clashes with CMS_data_create */ + #undef cms_Data_create +-#define cms_Data_create priv_cms_Data_create ++#define cms_Data_create priv_cms_Data_create +diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h +index 47f25af..fd8a034 100644 +--- a/Cryptlib/Include/openssl/tls1.h ++++ b/Cryptlib/Include/openssl/tls1.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,7 +58,7 @@ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +- * Portions of the attached software ("Contribution") are developed by ++ * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source +@@ -69,356 +69,398 @@ + * + */ + +-#ifndef HEADER_TLS1_H +-#define HEADER_TLS1_H ++#ifndef HEADER_TLS1_H ++# define HEADER_TLS1_H + +-#include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +- +-#define TLS1_2_VERSION 0x0303 +-#define TLS1_2_VERSION_MAJOR 0x03 +-#define TLS1_2_VERSION_MINOR 0x03 +- +-#define TLS1_1_VERSION 0x0302 +-#define TLS1_1_VERSION_MAJOR 0x03 +-#define TLS1_1_VERSION_MINOR 0x02 +- +-#define TLS1_VERSION 0x0301 +-#define TLS1_VERSION_MAJOR 0x03 +-#define TLS1_VERSION_MINOR 0x01 +- +-#define TLS1_get_version(s) \ +- ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) +- +-#define TLS1_get_client_version(s) \ +- ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) +- +-#define TLS1_AD_DECRYPTION_FAILED 21 +-#define TLS1_AD_RECORD_OVERFLOW 22 +-#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +-#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ +-#define TLS1_AD_DECODE_ERROR 50 /* fatal */ +-#define TLS1_AD_DECRYPT_ERROR 51 +-#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ +-#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ +-#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ +-#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +-#define TLS1_AD_USER_CANCELLED 90 +-#define TLS1_AD_NO_RENEGOTIATION 100 ++# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 ++ ++# define TLS1_VERSION 0x0301 ++# define TLS1_1_VERSION 0x0302 ++# define TLS1_2_VERSION 0x0303 ++/* ++ * TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so ++ * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above definitions. ++ * (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() check that would catch ++ * the error if TLS_MAX_VERSION was too low.) ++ */ ++# define TLS_MAX_VERSION TLS1_VERSION ++ ++# define TLS1_VERSION_MAJOR 0x03 ++# define TLS1_VERSION_MINOR 0x01 ++ ++# define TLS1_1_VERSION_MAJOR 0x03 ++# define TLS1_1_VERSION_MINOR 0x02 ++ ++# define TLS1_2_VERSION_MAJOR 0x03 ++# define TLS1_2_VERSION_MINOR 0x03 ++ ++# define TLS1_get_version(s) \ ++ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) ++ ++# define TLS1_get_client_version(s) \ ++ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) ++ ++# define TLS1_AD_DECRYPTION_FAILED 21 ++# define TLS1_AD_RECORD_OVERFLOW 22 ++# define TLS1_AD_UNKNOWN_CA 48/* fatal */ ++# define TLS1_AD_ACCESS_DENIED 49/* fatal */ ++# define TLS1_AD_DECODE_ERROR 50/* fatal */ ++# define TLS1_AD_DECRYPT_ERROR 51 ++# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ ++# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ ++# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ ++# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ ++# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ ++# define TLS1_AD_USER_CANCELLED 90 ++# define TLS1_AD_NO_RENEGOTIATION 100 + /* codes 110-114 are from RFC3546 */ +-#define TLS1_AD_UNSUPPORTED_EXTENSION 110 +-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +-#define TLS1_AD_UNRECOGNIZED_NAME 112 +-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +-#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ ++# define TLS1_AD_UNSUPPORTED_EXTENSION 110 ++# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 ++# define TLS1_AD_UNRECOGNIZED_NAME 112 ++# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 ++# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 ++# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ + + /* ExtensionType values from RFC 3546 */ +-#define TLSEXT_TYPE_server_name 0 +-#define TLSEXT_TYPE_max_fragment_length 1 +-#define TLSEXT_TYPE_client_certificate_url 2 +-#define TLSEXT_TYPE_trusted_ca_keys 3 +-#define TLSEXT_TYPE_truncated_hmac 4 +-#define TLSEXT_TYPE_status_request 5 +-#define TLSEXT_TYPE_elliptic_curves 10 +-#define TLSEXT_TYPE_ec_point_formats 11 +-#define TLSEXT_TYPE_session_ticket 35 ++# define TLSEXT_TYPE_server_name 0 ++# define TLSEXT_TYPE_max_fragment_length 1 ++# define TLSEXT_TYPE_client_certificate_url 2 ++# define TLSEXT_TYPE_trusted_ca_keys 3 ++# define TLSEXT_TYPE_truncated_hmac 4 ++# define TLSEXT_TYPE_status_request 5 ++# define TLSEXT_TYPE_elliptic_curves 10 ++# define TLSEXT_TYPE_ec_point_formats 11 ++# define TLSEXT_TYPE_session_ticket 35 + + /* Temporary extension type */ +-#define TLSEXT_TYPE_renegotiate 0xff01 ++# define TLSEXT_TYPE_renegotiate 0xff01 + + /* NameType value from RFC 3546 */ +-#define TLSEXT_NAMETYPE_host_name 0 ++# define TLSEXT_NAMETYPE_host_name 0 + /* status request value from RFC 3546 */ +-#define TLSEXT_STATUSTYPE_ocsp 1 ++# define TLSEXT_STATUSTYPE_ocsp 1 + +-#ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_TLSEXT + +-#define TLSEXT_MAXLEN_host_name 255 ++# define TLSEXT_MAXLEN_host_name 255 + +-const char *SSL_get_servername(const SSL *s, const int type) ; +-int SSL_get_servername_type(const SSL *s) ; ++const char *SSL_get_servername(const SSL *s, const int type); ++int SSL_get_servername_type(const SSL *s); + +-#define SSL_set_tlsext_host_name(s,name) \ ++# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +-#define SSL_set_tlsext_debug_callback(ssl, cb) \ ++# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +-#define SSL_set_tlsext_debug_arg(ssl, arg) \ ++# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +-#define SSL_set_tlsext_status_type(ssl, type) \ ++# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +-#define SSL_get_tlsext_status_exts(ssl, arg) \ ++# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +-#define SSL_set_tlsext_status_exts(ssl, arg) \ ++# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +-#define SSL_get_tlsext_status_ids(ssl, arg) \ ++# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +-#define SSL_set_tlsext_status_ids(ssl, arg) \ ++# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +-#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ ++# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ ++# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ ++# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +-#define SSL_TLSEXT_ERR_OK 0 +-#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +-#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +-#define SSL_TLSEXT_ERR_NOACK 3 ++# define SSL_TLSEXT_ERR_OK 0 ++# define SSL_TLSEXT_ERR_ALERT_WARNING 1 ++# define SSL_TLSEXT_ERR_ALERT_FATAL 2 ++# define SSL_TLSEXT_ERR_NOACK 3 + +-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ ++# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) +-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ +- SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) ++# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) ++# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + +-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ ++# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ ++# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ ++# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +-#endif ++# endif + +-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt ++/* ++ * Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt + * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see + * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably +- * shouldn't. */ +-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 +-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 +-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 +-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 +-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 +-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 +-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 ++ * shouldn't. ++ */ ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 ++# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 ++# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 ++# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 ++# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + + /* AES ciphersuites from RFC3268 */ + +-#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +-#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 ++# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F ++# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 ++# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 ++# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 ++# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 ++# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 + +-#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +-#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A ++# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 ++# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 ++# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 ++# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 ++# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 ++# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + + /* Camellia ciphersuites from RFC4132 */ +-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 +- +-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 ++# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 ++# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 ++# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 ++# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 ++# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 ++# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 ++ ++# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 ++# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 ++# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 ++# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 ++# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 ++# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + + /* SEED ciphersuites from RFC4162 */ +-#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +-#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +-#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +-#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B +- +-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */ +-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 +- +-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A +- +-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F +- +-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 +- +-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 +- +-/* XXX +- * Inconsistency alert: +- * The OpenSSL names of ciphers with ephemeral DH here include the string +- * "DHE", while elsewhere it has always been "EDH". +- * (The alias for the list of all such ciphers also is "EDH".) +- * The specifications speak of "EDH"; maybe we should allow both forms +- * for everything. */ +-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" +-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" +-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" +-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" +-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" +-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" +-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" ++# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 ++# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 ++# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 ++# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 ++# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A ++# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B ++ ++/* ++ * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in ++ * draft 13 ++ */ ++# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 ++# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 ++# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 ++# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 ++# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 ++ ++# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 ++# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 ++# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 ++# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 ++# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A ++ ++# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B ++# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C ++# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D ++# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E ++# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F ++ ++# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 ++# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 ++# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 ++# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 ++# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 ++ ++# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 ++# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 ++# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 ++# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 ++# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 ++ ++/* ++ * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH ++ * here include the string "DHE", while elsewhere it has always been "EDH". ++ * (The alias for the list of all such ciphers also is "EDH".) The ++ * specifications speak of "EDH"; maybe we should allow both forms for ++ * everything. ++ */ ++# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" ++# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" ++# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" ++# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" ++# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" ++# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" ++# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + + /* AES ciphersuites from RFC3268 */ +-#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +-#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" +- +-#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +-#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" ++# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" ++# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" ++# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" ++# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" ++# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" ++# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" ++ ++# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" ++# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" ++# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" ++# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" ++# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" ++# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + + /* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" +- +-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" +- +-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" +- +-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" +- +-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" ++# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" ++# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" ++# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" ++# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" ++# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" ++ ++# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" ++# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" ++# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" ++# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" ++# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" ++ ++# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" ++# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" ++# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" ++# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" ++# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" ++ ++# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" ++# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" ++# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" ++# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" ++# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" ++ ++# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" ++# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" ++# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" ++# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" ++# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + + /* Camellia ciphersuites from RFC4132 */ +-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" +- +-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" ++# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" ++# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" ++# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" ++# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" ++# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" ++# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" ++ ++# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" ++# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" ++# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" ++# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" ++# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" ++# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + + /* SEED ciphersuites from RFC4162 */ +-#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +-#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" +- +-#define TLS_CT_RSA_SIGN 1 +-#define TLS_CT_DSS_SIGN 2 +-#define TLS_CT_RSA_FIXED_DH 3 +-#define TLS_CT_DSS_FIXED_DH 4 +-#define TLS_CT_ECDSA_SIGN 64 +-#define TLS_CT_RSA_FIXED_ECDH 65 +-#define TLS_CT_ECDSA_FIXED_ECDH 66 +-#define TLS_CT_NUMBER 7 +- +-#define TLS1_FINISH_MAC_LENGTH 12 +- +-#define TLS_MD_MAX_CONST_SIZE 20 +-#define TLS_MD_CLIENT_FINISH_CONST "client finished" +-#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +-#define TLS_MD_SERVER_FINISH_CONST "server finished" +-#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +-#define TLS_MD_KEY_EXPANSION_CONST "key expansion" +-#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +-#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +-#define TLS_MD_IV_BLOCK_CONST "IV block" +-#define TLS_MD_IV_BLOCK_CONST_SIZE 8 +-#define TLS_MD_MASTER_SECRET_CONST "master secret" +-#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +- +-#ifdef CHARSET_EBCDIC +-#undef TLS_MD_CLIENT_FINISH_CONST +-#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ +-#undef TLS_MD_SERVER_FINISH_CONST +-#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ +-#undef TLS_MD_SERVER_WRITE_KEY_CONST +-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +-#undef TLS_MD_KEY_EXPANSION_CONST +-#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ +-#undef TLS_MD_CLIENT_WRITE_KEY_CONST +-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ +-#undef TLS_MD_SERVER_WRITE_KEY_CONST +-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ +-#undef TLS_MD_IV_BLOCK_CONST +-#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ +-#undef TLS_MD_MASTER_SECRET_CONST +-#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ +-#endif ++# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" ++# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" ++# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" ++# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" ++# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" ++# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" ++ ++# define TLS_CT_RSA_SIGN 1 ++# define TLS_CT_DSS_SIGN 2 ++# define TLS_CT_RSA_FIXED_DH 3 ++# define TLS_CT_DSS_FIXED_DH 4 ++# define TLS_CT_ECDSA_SIGN 64 ++# define TLS_CT_RSA_FIXED_ECDH 65 ++# define TLS_CT_ECDSA_FIXED_ECDH 66 ++# define TLS_CT_NUMBER 7 ++ ++# define TLS1_FINISH_MAC_LENGTH 12 ++ ++# define TLS_MD_MAX_CONST_SIZE 20 ++# define TLS_MD_CLIENT_FINISH_CONST "client finished" ++# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 ++# define TLS_MD_SERVER_FINISH_CONST "server finished" ++# define TLS_MD_SERVER_FINISH_CONST_SIZE 15 ++# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" ++# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 ++# define TLS_MD_KEY_EXPANSION_CONST "key expansion" ++# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 ++# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" ++# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 ++# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" ++# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 ++# define TLS_MD_IV_BLOCK_CONST "IV block" ++# define TLS_MD_IV_BLOCK_CONST_SIZE 8 ++# define TLS_MD_MASTER_SECRET_CONST "master secret" ++# define TLS_MD_MASTER_SECRET_CONST_SIZE 13 ++ ++# ifdef CHARSET_EBCDIC ++# undef TLS_MD_CLIENT_FINISH_CONST ++/* ++ * client finished ++ */ ++# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" ++ ++# undef TLS_MD_SERVER_FINISH_CONST ++/* ++ * server finished ++ */ ++# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" ++ ++# undef TLS_MD_SERVER_WRITE_KEY_CONST ++/* ++ * server write key ++ */ ++# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" ++ ++# undef TLS_MD_KEY_EXPANSION_CONST ++/* ++ * key expansion ++ */ ++# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" ++ ++# undef TLS_MD_CLIENT_WRITE_KEY_CONST ++/* ++ * client write key ++ */ ++# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" ++ ++# undef TLS_MD_SERVER_WRITE_KEY_CONST ++/* ++ * server write key ++ */ ++# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" ++ ++# undef TLS_MD_IV_BLOCK_CONST ++/* ++ * IV block ++ */ ++# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" ++ ++# undef TLS_MD_MASTER_SECRET_CONST ++/* ++ * master secret ++ */ ++# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" ++# endif + + #ifdef __cplusplus + } + #endif + #endif +- +- +- +diff --git a/Cryptlib/Include/openssl/tmdiff.h b/Cryptlib/Include/openssl/tmdiff.h +index af5c41c..33c901e 100644 +--- a/Cryptlib/Include/openssl/tmdiff.h ++++ b/Cryptlib/Include/openssl/tmdiff.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,29 +49,28 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* Header for dynamic hash table routines +- * Author - Eric Young ++/* ++ * Header for dynamic hash table routines Author - Eric Young + */ +-/* ... erm yeah, "dynamic hash tables" you say? +- * +- * And what would dynamic hash tables have to do with any of this code *now*? +- * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused +- * file that I doubt compiles any more. speed.c is the only thing that could +- * use this (and it has nothing to do with hash tables), yet it instead has its +- * own duplication of all this stuff and looks, if anything, more complete. See +- * the corresponding note in apps/speed.c. +- * The Bemused - Geoff ++/* ++ * ... erm yeah, "dynamic hash tables" you say? And what would dynamic hash ++ * tables have to do with any of this code *now*? AFAICS, this code is only ++ * referenced by crypto/bn/exp.c which is an unused file that I doubt ++ * compiles any more. speed.c is the only thing that could use this (and it ++ * has nothing to do with hash tables), yet it instead has its own ++ * duplication of all this stuff and looks, if anything, more complete. See ++ * the corresponding note in apps/speed.c. The Bemused - Geoff + */ + + #ifndef HEADER_TMDIFF_H +-#define HEADER_TMDIFF_H ++# define HEADER_TMDIFF_H + + #ifdef __cplusplus + extern "C" { +@@ -79,15 +78,14 @@ extern "C" { + + typedef struct ms_tm MS_TM; + +-MS_TM *ms_time_new(void ); +-void ms_time_free(MS_TM *a); +-void ms_time_get(MS_TM *a); +-double ms_time_diff(MS_TM *start, MS_TM *end); +-int ms_time_cmp(const MS_TM *ap, const MS_TM *bp); ++MS_TM *ms_time_new(void); ++void ms_time_free(MS_TM * a); ++void ms_time_get(MS_TM * a); ++double ms_time_diff(MS_TM * start, MS_TM * end); ++int ms_time_cmp(const MS_TM * ap, const MS_TM * bp); + + #ifdef __cplusplus + } + #endif + + #endif +- +diff --git a/Cryptlib/Include/openssl/txt_db.h b/Cryptlib/Include/openssl/txt_db.h +index 307e1ba..f1145a7 100644 +--- a/Cryptlib/Include/openssl/txt_db.h ++++ b/Cryptlib/Include/openssl/txt_db.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,50 +57,49 @@ + */ + + #ifndef HEADER_TXT_DB_H +-#define HEADER_TXT_DB_H ++# define HEADER_TXT_DB_H + +-#include +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#include +-#include ++# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include + +-#define DB_ERROR_OK 0 +-#define DB_ERROR_MALLOC 1 +-#define DB_ERROR_INDEX_CLASH 2 +-#define DB_ERROR_INDEX_OUT_OF_RANGE 3 +-#define DB_ERROR_NO_INDEX 4 +-#define DB_ERROR_INSERT_INDEX_CLASH 5 ++# define DB_ERROR_OK 0 ++# define DB_ERROR_MALLOC 1 ++# define DB_ERROR_INDEX_CLASH 2 ++# define DB_ERROR_INDEX_OUT_OF_RANGE 3 ++# define DB_ERROR_NO_INDEX 4 ++# define DB_ERROR_INSERT_INDEX_CLASH 5 + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct txt_db_st +- { +- int num_fields; +- STACK /* char ** */ *data; +- LHASH **index; +- int (**qual)(char **); +- long error; +- long arg1; +- long arg2; +- char **arg_row; +- } TXT_DB; ++typedef struct txt_db_st { ++ int num_fields; ++ STACK /* char ** */ * data; ++ LHASH **index; ++ int (**qual) (char **); ++ long error; ++ long arg1; ++ long arg2; ++ char **arg_row; ++} TXT_DB; + +-#ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_BIO + TXT_DB *TXT_DB_read(BIO *in, int num); + long TXT_DB_write(BIO *out, TXT_DB *db); +-#else ++# else + TXT_DB *TXT_DB_read(char *in, int num); + long TXT_DB_write(char *out, TXT_DB *db); +-#endif +-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **), +- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); ++# endif ++int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), ++ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); + void TXT_DB_free(TXT_DB *db); + char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); +-int TXT_DB_insert(TXT_DB *db,char **value); ++int TXT_DB_insert(TXT_DB *db, char **value); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ui.h b/Cryptlib/Include/openssl/ui.h +index 0182964..1f0c2ea 100644 +--- a/Cryptlib/Include/openssl/ui.h ++++ b/Cryptlib/Include/openssl/ui.h +@@ -1,6 +1,7 @@ + /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,13 +58,13 @@ + */ + + #ifndef HEADER_UI_H +-#define HEADER_UI_H ++# define HEADER_UI_H + +-#ifndef OPENSSL_NO_DEPRECATED +-#include +-#endif +-#include +-#include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif ++# include ++# include + + #ifdef __cplusplus + extern "C" { +@@ -73,41 +74,42 @@ extern "C" { + /* typedef struct ui_st UI; */ + /* typedef struct ui_method_st UI_METHOD; */ + +- +-/* All the following functions return -1 or NULL on error and in some cases +- (UI_process()) -2 if interrupted or in some other way cancelled. +- When everything is fine, they return 0, a positive value or a non-NULL +- pointer, all depending on their purpose. */ ++/* ++ * All the following functions return -1 or NULL on error and in some cases ++ * (UI_process()) -2 if interrupted or in some other way cancelled. When ++ * everything is fine, they return 0, a positive value or a non-NULL pointer, ++ * all depending on their purpose. ++ */ + + /* Creators and destructor. */ + UI *UI_new(void); + UI *UI_new_method(const UI_METHOD *method); + void UI_free(UI *ui); + +-/* The following functions are used to add strings to be printed and prompt ++/*- ++ The following functions are used to add strings to be printed and prompt + strings to prompt for data. The names are UI_{add,dup}__string + and UI_{add,dup}_input_boolean. + + UI_{add,dup}__string have the following meanings: +- add add a text or prompt string. The pointers given to these +- functions are used verbatim, no copying is done. +- dup make a copy of the text or prompt string, then add the copy +- to the collection of strings in the user interface. +- +- The function is a name for the functionality that the given +- string shall be used for. It can be one of: +- input use the string as data prompt. +- verify use the string as verification prompt. This +- is used to verify a previous input. +- info use the string for informational output. +- error use the string for error output. ++ add add a text or prompt string. The pointers given to these ++ functions are used verbatim, no copying is done. ++ dup make a copy of the text or prompt string, then add the copy ++ to the collection of strings in the user interface. ++ ++ The function is a name for the functionality that the given ++ string shall be used for. It can be one of: ++ input use the string as data prompt. ++ verify use the string as verification prompt. This ++ is used to verify a previous input. ++ info use the string for informational output. ++ error use the string for error output. + Honestly, there's currently no difference between info and error for the + moment. + + UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + and are typically used when one wants to prompt for a yes/no response. + +- + All of the functions in this group take a UI and a prompt string. + The string input and verify addition functions also take a flag argument, + a buffer for the result to end up with, a minimum input size and a maximum +@@ -128,19 +130,21 @@ void UI_free(UI *ui); + On success, the all return an index of the added information. That index + is usefull when retrieving results with UI_get0_result(). */ + int UI_add_input_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize); ++ char *result_buf, int minsize, int maxsize); + int UI_dup_input_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize); ++ char *result_buf, int minsize, int maxsize); + int UI_add_verify_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize, const char *test_buf); ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf); + int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize, const char *test_buf); ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf); + int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +- const char *ok_chars, const char *cancel_chars, +- int flags, char *result_buf); ++ const char *ok_chars, const char *cancel_chars, ++ int flags, char *result_buf); + int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +- const char *ok_chars, const char *cancel_chars, +- int flags, char *result_buf); ++ const char *ok_chars, const char *cancel_chars, ++ int flags, char *result_buf); + int UI_add_info_string(UI *ui, const char *text); + int UI_dup_info_string(UI *ui, const char *text); + int UI_add_error_string(UI *ui, const char *text); +@@ -148,56 +152,60 @@ int UI_dup_error_string(UI *ui, const char *text); + + /* These are the possible flags. They can be or'ed together. */ + /* Use to have echoing of input */ +-#define UI_INPUT_FLAG_ECHO 0x01 +-/* Use a default password. Where that password is found is completely +- up to the application, it might for example be in the user data set +- with UI_add_user_data(). It is not recommended to have more than +- one input in each UI being marked with this flag, or the application +- might get confused. */ +-#define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +- +-/* The user of these routines may want to define flags of their own. The core +- UI won't look at those, but will pass them on to the method routines. They +- must use higher bits so they don't get confused with the UI bits above. +- UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good +- example of use is this: +- +- #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) +- ++# define UI_INPUT_FLAG_ECHO 0x01 ++/* ++ * Use a default password. Where that password is found is completely up to ++ * the application, it might for example be in the user data set with ++ * UI_add_user_data(). It is not recommended to have more than one input in ++ * each UI being marked with this flag, or the application might get ++ * confused. ++ */ ++# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 ++ ++/*- ++ * The user of these routines may want to define flags of their own. The core ++ * UI won't look at those, but will pass them on to the method routines. They ++ * must use higher bits so they don't get confused with the UI bits above. ++ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good ++ * example of use is this: ++ * ++ * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) ++ * + */ +-#define UI_INPUT_FLAG_USER_BASE 16 +- +- +-/* The following function helps construct a prompt. object_desc is a +- textual short description of the object, for example "pass phrase", +- and object_name is the name of the object (might be a card name or +- a file name. +- The returned string shall always be allocated on the heap with +- OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). +- +- If the ui_method doesn't contain a pointer to a user-defined prompt +- constructor, a default string is built, looking like this: +- +- "Enter {object_desc} for {object_name}:" +- +- So, if object_desc has the value "pass phrase" and object_name has +- the value "foo.key", the resulting string is: +- +- "Enter pass phrase for foo.key:" ++# define UI_INPUT_FLAG_USER_BASE 16 ++ ++/*- ++ * The following function helps construct a prompt. object_desc is a ++ * textual short description of the object, for example "pass phrase", ++ * and object_name is the name of the object (might be a card name or ++ * a file name. ++ * The returned string shall always be allocated on the heap with ++ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). ++ * ++ * If the ui_method doesn't contain a pointer to a user-defined prompt ++ * constructor, a default string is built, looking like this: ++ * ++ * "Enter {object_desc} for {object_name}:" ++ * ++ * So, if object_desc has the value "pass phrase" and object_name has ++ * the value "foo.key", the resulting string is: ++ * ++ * "Enter pass phrase for foo.key:" + */ + char *UI_construct_prompt(UI *ui_method, +- const char *object_desc, const char *object_name); +- ++ const char *object_desc, const char *object_name); + +-/* The following function is used to store a pointer to user-specific data. +- Any previous such pointer will be returned and replaced. +- +- For callback purposes, this function makes a lot more sense than using +- ex_data, since the latter requires that different parts of OpenSSL or +- applications share the same ex_data index. +- +- Note that the UI_OpenSSL() method completely ignores the user data. +- Other methods may not, however. */ ++/* ++ * The following function is used to store a pointer to user-specific data. ++ * Any previous such pointer will be returned and replaced. ++ * ++ * For callback purposes, this function makes a lot more sense than using ++ * ex_data, since the latter requires that different parts of OpenSSL or ++ * applications share the same ex_data index. ++ * ++ * Note that the UI_OpenSSL() method completely ignores the user data. Other ++ * methods may not, however. ++ */ + void *UI_add_user_data(UI *ui, void *user_data); + /* We need a user data retrieving function as well. */ + void *UI_get0_user_data(UI *ui); +@@ -208,28 +216,33 @@ const char *UI_get0_result(UI *ui, int i); + /* When all strings have been added, process the whole thing. */ + int UI_process(UI *ui); + +-/* Give a user interface parametrised control commands. This can be used to +- send down an integer, a data pointer or a function pointer, as well as +- be used to get information from a UI. */ +-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); ++/* ++ * Give a user interface parametrised control commands. This can be used to ++ * send down an integer, a data pointer or a function pointer, as well as be ++ * used to get information from a UI. ++ */ ++int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + + /* The commands */ +-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the +- OpenSSL error stack before printing any info or added error messages and +- before any prompting. */ +-#define UI_CTRL_PRINT_ERRORS 1 +-/* Check if a UI_process() is possible to do again with the same instance of +- a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 +- if not. */ +-#define UI_CTRL_IS_REDOABLE 2 +- ++/* ++ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the ++ * OpenSSL error stack before printing any info or added error messages and ++ * before any prompting. ++ */ ++# define UI_CTRL_PRINT_ERRORS 1 ++/* ++ * Check if a UI_process() is possible to do again with the same instance of ++ * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 ++ * if not. ++ */ ++# define UI_CTRL_IS_REDOABLE 2 + + /* Some methods may use extra data */ +-#define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +-#define UI_get_app_data(s) UI_get_ex_data(s,0) ++# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) ++# define UI_get_app_data(s) UI_get_ex_data(s,0) + int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +-int UI_set_ex_data(UI *r,int idx,void *arg); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++int UI_set_ex_data(UI *r, int idx, void *arg); + void *UI_get_ex_data(UI *r, int idx); + + /* Use specific methods instead of the built-in one */ +@@ -241,34 +254,34 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + /* The method with all the built-in thingies */ + UI_METHOD *UI_OpenSSL(void); + +- + /* ---------- For method writers ---------- */ +-/* A method contains a number of functions that implement the low level ++/*- ++ A method contains a number of functions that implement the low level + of the User Interface. The functions are: + +- an opener This function starts a session, maybe by opening +- a channel to a tty, or by opening a window. +- a writer This function is called to write a given string, +- maybe to the tty, maybe as a field label in a +- window. +- a flusher This function is called to flush everything that +- has been output so far. It can be used to actually +- display a dialog box after it has been built. +- a reader This function is called to read a given prompt, +- maybe from the tty, maybe from a field in a +- window. Note that it's called wth all string +- structures, not only the prompt ones, so it must +- check such things itself. +- a closer This function closes the session, maybe by closing +- the channel to the tty, or closing the window. ++ an opener This function starts a session, maybe by opening ++ a channel to a tty, or by opening a window. ++ a writer This function is called to write a given string, ++ maybe to the tty, maybe as a field label in a ++ window. ++ a flusher This function is called to flush everything that ++ has been output so far. It can be used to actually ++ display a dialog box after it has been built. ++ a reader This function is called to read a given prompt, ++ maybe from the tty, maybe from a field in a ++ window. Note that it's called wth all string ++ structures, not only the prompt ones, so it must ++ check such things itself. ++ a closer This function closes the session, maybe by closing ++ the channel to the tty, or closing the window. + + All these functions are expected to return: + +- 0 on error. +- 1 on success. +- -1 on out-of-band events, for example if some prompting has +- been canceled (by pressing Ctrl-C, for example). This is +- only checked when returned by the flusher or the reader. ++ 0 on error. ++ 1 on success. ++ -1 on out-of-band events, for example if some prompting has ++ been canceled (by pressing Ctrl-C, for example). This is ++ only checked when returned by the flusher or the reader. + + The way this is used, the opener is first called, then the writer for all + strings, then the flusher, then the reader for all strings and finally the +@@ -284,40 +297,46 @@ UI_METHOD *UI_OpenSSL(void); + the reader take a UI_STRING. + */ + +-/* The UI_STRING type is the data structure that contains all the needed info +- about a string or a prompt, including test data for a verification prompt. +-*/ ++/* ++ * The UI_STRING type is the data structure that contains all the needed info ++ * about a string or a prompt, including test data for a verification prompt. ++ */ + DECLARE_STACK_OF(UI_STRING) + typedef struct ui_string_st UI_STRING; + +-/* The different types of strings that are currently supported. +- This is only needed by method authors. */ +-enum UI_string_types +- { +- UIT_NONE=0, +- UIT_PROMPT, /* Prompt for a string */ +- UIT_VERIFY, /* Prompt for a string and verify */ +- UIT_BOOLEAN, /* Prompt for a yes/no response */ +- UIT_INFO, /* Send info to the user */ +- UIT_ERROR /* Send an error message to the user */ +- }; ++/* ++ * The different types of strings that are currently supported. This is only ++ * needed by method authors. ++ */ ++enum UI_string_types { ++ UIT_NONE = 0, ++ UIT_PROMPT, /* Prompt for a string */ ++ UIT_VERIFY, /* Prompt for a string and verify */ ++ UIT_BOOLEAN, /* Prompt for a yes/no response */ ++ UIT_INFO, /* Send info to the user */ ++ UIT_ERROR /* Send an error message to the user */ ++}; + + /* Create and manipulate methods */ + UI_METHOD *UI_create_method(char *name); + void UI_destroy_method(UI_METHOD *ui_method); +-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); +-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)); +-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); +-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)); +-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); +-int (*UI_method_get_opener(UI_METHOD *method))(UI*); +-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*); +-int (*UI_method_get_flusher(UI_METHOD *method))(UI*); +-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*); +-int (*UI_method_get_closer(UI_METHOD *method))(UI*); +- +-/* The following functions are helpers for method writers to access relevant +- data from a UI_STRING. */ ++int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); ++int UI_method_set_writer(UI_METHOD *method, ++ int (*writer) (UI *ui, UI_STRING *uis)); ++int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); ++int UI_method_set_reader(UI_METHOD *method, ++ int (*reader) (UI *ui, UI_STRING *uis)); ++int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); ++int (*UI_method_get_opener(UI_METHOD *method)) (UI *); ++int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *); ++int (*UI_method_get_flusher(UI_METHOD *method)) (UI *); ++int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *); ++int (*UI_method_get_closer(UI_METHOD *method)) (UI *); ++ ++/* ++ * The following functions are helpers for method writers to access relevant ++ * data from a UI_STRING. ++ */ + + /* Return type of the UI_STRING */ + enum UI_string_types UI_get_string_type(UI_STRING *uis); +@@ -325,11 +344,16 @@ enum UI_string_types UI_get_string_type(UI_STRING *uis); + int UI_get_input_flags(UI_STRING *uis); + /* Return the actual string to output (the prompt, info or error) */ + const char *UI_get0_output_string(UI_STRING *uis); +-/* Return the optional action string to output (the boolean promtp instruction) */ ++/* ++ * Return the optional action string to output (the boolean promtp ++ * instruction) ++ */ + const char *UI_get0_action_string(UI_STRING *uis); + /* Return the result of a prompt */ + const char *UI_get0_result_string(UI_STRING *uis); +-/* Return the string to test the result against. Only useful with verifies. */ ++/* ++ * Return the string to test the result against. Only useful with verifies. ++ */ + const char *UI_get0_test_string(UI_STRING *uis); + /* Return the required minimum size of the result */ + int UI_get_result_minsize(UI_STRING *uis); +@@ -338,14 +362,15 @@ int UI_get_result_maxsize(UI_STRING *uis); + /* Set the result of a UI_STRING. */ + int UI_set_result(UI *ui, UI_STRING *uis, const char *result); + +- + /* A couple of popular utility functions */ +-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify); +-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); +- ++int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, ++ int verify); ++int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_UI_strings(void); +@@ -353,27 +378,27 @@ void ERR_load_UI_strings(void); + /* Error codes for the UI functions. */ + + /* Function codes. */ +-#define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +-#define UI_F_GENERAL_ALLOCATE_PROMPT 109 +-#define UI_F_GENERAL_ALLOCATE_STRING 100 +-#define UI_F_UI_CTRL 111 +-#define UI_F_UI_DUP_ERROR_STRING 101 +-#define UI_F_UI_DUP_INFO_STRING 102 +-#define UI_F_UI_DUP_INPUT_BOOLEAN 110 +-#define UI_F_UI_DUP_INPUT_STRING 103 +-#define UI_F_UI_DUP_VERIFY_STRING 106 +-#define UI_F_UI_GET0_RESULT 107 +-#define UI_F_UI_NEW_METHOD 104 +-#define UI_F_UI_SET_RESULT 105 ++# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 ++# define UI_F_GENERAL_ALLOCATE_PROMPT 109 ++# define UI_F_GENERAL_ALLOCATE_STRING 100 ++# define UI_F_UI_CTRL 111 ++# define UI_F_UI_DUP_ERROR_STRING 101 ++# define UI_F_UI_DUP_INFO_STRING 102 ++# define UI_F_UI_DUP_INPUT_BOOLEAN 110 ++# define UI_F_UI_DUP_INPUT_STRING 103 ++# define UI_F_UI_DUP_VERIFY_STRING 106 ++# define UI_F_UI_GET0_RESULT 107 ++# define UI_F_UI_NEW_METHOD 104 ++# define UI_F_UI_SET_RESULT 105 + + /* Reason codes. */ +-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +-#define UI_R_INDEX_TOO_LARGE 102 +-#define UI_R_INDEX_TOO_SMALL 103 +-#define UI_R_NO_RESULT_BUFFER 105 +-#define UI_R_RESULT_TOO_LARGE 100 +-#define UI_R_RESULT_TOO_SMALL 101 +-#define UI_R_UNKNOWN_CONTROL_COMMAND 106 ++# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 ++# define UI_R_INDEX_TOO_LARGE 102 ++# define UI_R_INDEX_TOO_SMALL 103 ++# define UI_R_NO_RESULT_BUFFER 105 ++# define UI_R_RESULT_TOO_LARGE 100 ++# define UI_R_RESULT_TOO_SMALL 101 ++# define UI_R_UNKNOWN_CONTROL_COMMAND 106 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ui_compat.h b/Cryptlib/Include/openssl/ui_compat.h +index b35c9bb..42fb9ff 100644 +--- a/Cryptlib/Include/openssl/ui_compat.h ++++ b/Cryptlib/Include/openssl/ui_compat.h +@@ -1,6 +1,7 @@ + /* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,25 +58,29 @@ + */ + + #ifndef HEADER_UI_COMPAT_H +-#define HEADER_UI_COMPAT_H ++# define HEADER_UI_COMPAT_H + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* The following functions were previously part of the DES section, +- and are provided here for backward compatibility reasons. */ ++/* ++ * The following functions were previously part of the DES section, and are ++ * provided here for backward compatibility reasons. ++ */ + +-#define des_read_pw_string(b,l,p,v) \ +- _ossl_old_des_read_pw_string((b),(l),(p),(v)) +-#define des_read_pw(b,bf,s,p,v) \ +- _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) ++# define des_read_pw_string(b,l,p,v) \ ++ _ossl_old_des_read_pw_string((b),(l),(p),(v)) ++# define des_read_pw(b,bf,s,p,v) \ ++ _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) + +-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify); +-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); ++int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, ++ int verify); ++int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h +index c34689a..51cccbf 100644 +--- a/Cryptlib/Include/openssl/x509.h ++++ b/Cryptlib/Include/openssl/x509.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,153 +57,145 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + + #ifndef HEADER_X509_H +-#define HEADER_X509_H +- +-#include +-#include +-#ifndef OPENSSL_NO_BUFFER +-#include +-#endif +-#ifndef OPENSSL_NO_EVP +-#include +-#endif +-#ifndef OPENSSL_NO_BIO +-#include +-#endif +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_EC +-#include +-#endif +- +-#ifndef OPENSSL_NO_ECDSA +-#include +-#endif +- +-#ifndef OPENSSL_NO_ECDH +-#include +-#endif +- +-#ifndef OPENSSL_NO_DEPRECATED +-#ifndef OPENSSL_NO_RSA +-#include +-#endif +-#ifndef OPENSSL_NO_DSA +-#include +-#endif +-#ifndef OPENSSL_NO_DH +-#include +-#endif +-#endif +- +-#ifndef OPENSSL_NO_SHA +-#include +-#endif +-#include ++# define HEADER_X509_H ++ ++# include ++# include ++# ifndef OPENSSL_NO_BUFFER ++# include ++# endif ++# ifndef OPENSSL_NO_EVP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# include ++# include ++ ++# ifndef OPENSSL_NO_EC ++# include ++# endif ++ ++# ifndef OPENSSL_NO_ECDSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_ECDH ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++# endif ++ ++# ifndef OPENSSL_NO_SHA ++# include ++# endif ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef OPENSSL_SYS_WIN32 ++# ifdef OPENSSL_SYS_WIN32 + /* Under Win32 these are defined in wincrypt.h */ +-#undef X509_NAME +-#undef X509_CERT_PAIR +-#undef X509_EXTENSIONS +-#endif +- +-#define X509_FILETYPE_PEM 1 +-#define X509_FILETYPE_ASN1 2 +-#define X509_FILETYPE_DEFAULT 3 +- +-#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +-#define X509v3_KU_NON_REPUDIATION 0x0040 +-#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +-#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +-#define X509v3_KU_KEY_AGREEMENT 0x0008 +-#define X509v3_KU_KEY_CERT_SIGN 0x0004 +-#define X509v3_KU_CRL_SIGN 0x0002 +-#define X509v3_KU_ENCIPHER_ONLY 0x0001 +-#define X509v3_KU_DECIPHER_ONLY 0x8000 +-#define X509v3_KU_UNDEF 0xffff +- +-typedef struct X509_objects_st +- { +- int nid; +- int (*a2i)(void); +- int (*i2a)(void); +- } X509_OBJECTS; +- +-struct X509_algor_st +- { +- ASN1_OBJECT *algorithm; +- ASN1_TYPE *parameter; +- } /* X509_ALGOR */; ++# undef X509_NAME ++# undef X509_CERT_PAIR ++# undef X509_EXTENSIONS ++# endif ++ ++# define X509_FILETYPE_PEM 1 ++# define X509_FILETYPE_ASN1 2 ++# define X509_FILETYPE_DEFAULT 3 ++ ++# define X509v3_KU_DIGITAL_SIGNATURE 0x0080 ++# define X509v3_KU_NON_REPUDIATION 0x0040 ++# define X509v3_KU_KEY_ENCIPHERMENT 0x0020 ++# define X509v3_KU_DATA_ENCIPHERMENT 0x0010 ++# define X509v3_KU_KEY_AGREEMENT 0x0008 ++# define X509v3_KU_KEY_CERT_SIGN 0x0004 ++# define X509v3_KU_CRL_SIGN 0x0002 ++# define X509v3_KU_ENCIPHER_ONLY 0x0001 ++# define X509v3_KU_DECIPHER_ONLY 0x8000 ++# define X509v3_KU_UNDEF 0xffff ++ ++typedef struct X509_objects_st { ++ int nid; ++ int (*a2i) (void); ++ int (*i2a) (void); ++} X509_OBJECTS; ++ ++struct X509_algor_st { ++ ASN1_OBJECT *algorithm; ++ ASN1_TYPE *parameter; ++} /* X509_ALGOR */ ; + + DECLARE_ASN1_SET_OF(X509_ALGOR) + + typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +-typedef struct X509_val_st +- { +- ASN1_TIME *notBefore; +- ASN1_TIME *notAfter; +- } X509_VAL; +- +-typedef struct X509_pubkey_st +- { +- X509_ALGOR *algor; +- ASN1_BIT_STRING *public_key; +- EVP_PKEY *pkey; +- } X509_PUBKEY; +- +-typedef struct X509_sig_st +- { +- X509_ALGOR *algor; +- ASN1_OCTET_STRING *digest; +- } X509_SIG; +- +-typedef struct X509_name_entry_st +- { +- ASN1_OBJECT *object; +- ASN1_STRING *value; +- int set; +- int size; /* temp variable */ +- } X509_NAME_ENTRY; ++typedef struct X509_val_st { ++ ASN1_TIME *notBefore; ++ ASN1_TIME *notAfter; ++} X509_VAL; ++ ++typedef struct X509_pubkey_st { ++ X509_ALGOR *algor; ++ ASN1_BIT_STRING *public_key; ++ EVP_PKEY *pkey; ++} X509_PUBKEY; ++ ++typedef struct X509_sig_st { ++ X509_ALGOR *algor; ++ ASN1_OCTET_STRING *digest; ++} X509_SIG; ++ ++typedef struct X509_name_entry_st { ++ ASN1_OBJECT *object; ++ ASN1_STRING *value; ++ int set; ++ int size; /* temp variable */ ++} X509_NAME_ENTRY; + + DECLARE_STACK_OF(X509_NAME_ENTRY) + DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) + + /* we always keep X509_NAMEs in 2 forms. */ +-struct X509_name_st +- { +- STACK_OF(X509_NAME_ENTRY) *entries; +- int modified; /* true if 'bytes' needs to be built */ +-#ifndef OPENSSL_NO_BUFFER +- BUF_MEM *bytes; +-#else +- char *bytes; +-#endif +- unsigned long hash; /* Keep the hash around for lookups */ +- } /* X509_NAME */; ++struct X509_name_st { ++ STACK_OF(X509_NAME_ENTRY) *entries; ++ int modified; /* true if 'bytes' needs to be built */ ++# ifndef OPENSSL_NO_BUFFER ++ BUF_MEM *bytes; ++# else ++ char *bytes; ++# endif ++ unsigned long hash; /* Keep the hash around for lookups */ ++} /* X509_NAME */ ; + + DECLARE_STACK_OF(X509_NAME) + +-#define X509_EX_V_NETSCAPE_HACK 0x8000 +-#define X509_EX_V_INIT 0x0001 +-typedef struct X509_extension_st +- { +- ASN1_OBJECT *object; +- ASN1_BOOLEAN critical; +- ASN1_OCTET_STRING *value; +- } X509_EXTENSION; ++# define X509_EX_V_NETSCAPE_HACK 0x8000 ++# define X509_EX_V_INIT 0x0001 ++typedef struct X509_extension_st { ++ ASN1_OBJECT *object; ++ ASN1_BOOLEAN critical; ++ ASN1_OCTET_STRING *value; ++} X509_EXTENSION; + + typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +@@ -211,97 +203,95 @@ DECLARE_STACK_OF(X509_EXTENSION) + DECLARE_ASN1_SET_OF(X509_EXTENSION) + + /* a sequence of these are used */ +-typedef struct x509_attributes_st +- { +- ASN1_OBJECT *object; +- int single; /* 0 for a set, 1 for a single item (which is wrong) */ +- union { +- char *ptr; +-/* 0 */ STACK_OF(ASN1_TYPE) *set; +-/* 1 */ ASN1_TYPE *single; +- } value; +- } X509_ATTRIBUTE; ++typedef struct x509_attributes_st { ++ ASN1_OBJECT *object; ++ int single; /* 0 for a set, 1 for a single item (which is ++ * wrong) */ ++ union { ++ char *ptr; ++ /* ++ * 0 ++ */ STACK_OF(ASN1_TYPE) *set; ++ /* ++ * 1 ++ */ ASN1_TYPE *single; ++ } value; ++} X509_ATTRIBUTE; + + DECLARE_STACK_OF(X509_ATTRIBUTE) + DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) + +- +-typedef struct X509_req_info_st +- { +- ASN1_ENCODING enc; +- ASN1_INTEGER *version; +- X509_NAME *subject; +- X509_PUBKEY *pubkey; +- /* d=2 hl=2 l= 0 cons: cont: 00 */ +- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +- } X509_REQ_INFO; +- +-typedef struct X509_req_st +- { +- X509_REQ_INFO *req_info; +- X509_ALGOR *sig_alg; +- ASN1_BIT_STRING *signature; +- int references; +- } X509_REQ; +- +-typedef struct x509_cinf_st +- { +- ASN1_INTEGER *version; /* [ 0 ] default of v1 */ +- ASN1_INTEGER *serialNumber; +- X509_ALGOR *signature; +- X509_NAME *issuer; +- X509_VAL *validity; +- X509_NAME *subject; +- X509_PUBKEY *key; +- ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ +- ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ +- STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ +- ASN1_ENCODING enc; +- } X509_CINF; +- +-/* This stuff is certificate "auxiliary info" +- * it contains details which are useful in certificate +- * stores and databases. When used this is tagged onto ++typedef struct X509_req_info_st { ++ ASN1_ENCODING enc; ++ ASN1_INTEGER *version; ++ X509_NAME *subject; ++ X509_PUBKEY *pubkey; ++ /* d=2 hl=2 l= 0 cons: cont: 00 */ ++ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ ++} X509_REQ_INFO; ++ ++typedef struct X509_req_st { ++ X509_REQ_INFO *req_info; ++ X509_ALGOR *sig_alg; ++ ASN1_BIT_STRING *signature; ++ int references; ++} X509_REQ; ++ ++typedef struct x509_cinf_st { ++ ASN1_INTEGER *version; /* [ 0 ] default of v1 */ ++ ASN1_INTEGER *serialNumber; ++ X509_ALGOR *signature; ++ X509_NAME *issuer; ++ X509_VAL *validity; ++ X509_NAME *subject; ++ X509_PUBKEY *key; ++ ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ++ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ ++ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ ++ ASN1_ENCODING enc; ++} X509_CINF; ++ ++/* ++ * This stuff is certificate "auxiliary info" it contains details which are ++ * useful in certificate stores and databases. When used this is tagged onto + * the end of the certificate itself + */ + +-typedef struct x509_cert_aux_st +- { +- STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ +- STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ +- ASN1_UTF8STRING *alias; /* "friendly name" */ +- ASN1_OCTET_STRING *keyid; /* key id of private key */ +- STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +- } X509_CERT_AUX; +- +-struct x509_st +- { +- X509_CINF *cert_info; +- X509_ALGOR *sig_alg; +- ASN1_BIT_STRING *signature; +- int valid; +- int references; +- char *name; +- CRYPTO_EX_DATA ex_data; +- /* These contain copies of various extension values */ +- long ex_pathlen; +- long ex_pcpathlen; +- unsigned long ex_flags; +- unsigned long ex_kusage; +- unsigned long ex_xkusage; +- unsigned long ex_nscert; +- ASN1_OCTET_STRING *skid; +- struct AUTHORITY_KEYID_st *akid; +- X509_POLICY_CACHE *policy_cache; +-#ifndef OPENSSL_NO_RFC3779 +- STACK_OF(IPAddressFamily) *rfc3779_addr; +- struct ASIdentifiers_st *rfc3779_asid; +-#endif +-#ifndef OPENSSL_NO_SHA +- unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +-#endif +- X509_CERT_AUX *aux; +- } /* X509 */; ++typedef struct x509_cert_aux_st { ++ STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ ++ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ ++ ASN1_UTF8STRING *alias; /* "friendly name" */ ++ ASN1_OCTET_STRING *keyid; /* key id of private key */ ++ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ ++} X509_CERT_AUX; ++ ++struct x509_st { ++ X509_CINF *cert_info; ++ X509_ALGOR *sig_alg; ++ ASN1_BIT_STRING *signature; ++ int valid; ++ int references; ++ char *name; ++ CRYPTO_EX_DATA ex_data; ++ /* These contain copies of various extension values */ ++ long ex_pathlen; ++ long ex_pcpathlen; ++ unsigned long ex_flags; ++ unsigned long ex_kusage; ++ unsigned long ex_xkusage; ++ unsigned long ex_nscert; ++ ASN1_OCTET_STRING *skid; ++ struct AUTHORITY_KEYID_st *akid; ++ X509_POLICY_CACHE *policy_cache; ++# ifndef OPENSSL_NO_RFC3779 ++ STACK_OF(IPAddressFamily) *rfc3779_addr; ++ struct ASIdentifiers_st *rfc3779_asid; ++# endif ++# ifndef OPENSSL_NO_SHA ++ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; ++# endif ++ X509_CERT_AUX *aux; ++} /* X509 */ ; + + DECLARE_STACK_OF(X509) + DECLARE_ASN1_SET_OF(X509) +@@ -309,557 +299,548 @@ DECLARE_ASN1_SET_OF(X509) + /* This is used for a table of trust checking functions */ + + typedef struct x509_trust_st { +- int trust; +- int flags; +- int (*check_trust)(struct x509_trust_st *, X509 *, int); +- char *name; +- int arg1; +- void *arg2; ++ int trust; ++ int flags; ++ int (*check_trust) (struct x509_trust_st *, X509 *, int); ++ char *name; ++ int arg1; ++ void *arg2; + } X509_TRUST; + + DECLARE_STACK_OF(X509_TRUST) + + typedef struct x509_cert_pair_st { +- X509 *forward; +- X509 *reverse; ++ X509 *forward; ++ X509 *reverse; + } X509_CERT_PAIR; + + /* standard trust ids */ + +-#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ ++# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ + +-#define X509_TRUST_COMPAT 1 +-#define X509_TRUST_SSL_CLIENT 2 +-#define X509_TRUST_SSL_SERVER 3 +-#define X509_TRUST_EMAIL 4 +-#define X509_TRUST_OBJECT_SIGN 5 +-#define X509_TRUST_OCSP_SIGN 6 +-#define X509_TRUST_OCSP_REQUEST 7 ++# define X509_TRUST_COMPAT 1 ++# define X509_TRUST_SSL_CLIENT 2 ++# define X509_TRUST_SSL_SERVER 3 ++# define X509_TRUST_EMAIL 4 ++# define X509_TRUST_OBJECT_SIGN 5 ++# define X509_TRUST_OCSP_SIGN 6 ++# define X509_TRUST_OCSP_REQUEST 7 + + /* Keep these up to date! */ +-#define X509_TRUST_MIN 1 +-#define X509_TRUST_MAX 7 +- ++# define X509_TRUST_MIN 1 ++# define X509_TRUST_MAX 7 + + /* trust_flags values */ +-#define X509_TRUST_DYNAMIC 1 +-#define X509_TRUST_DYNAMIC_NAME 2 ++# define X509_TRUST_DYNAMIC 1 ++# define X509_TRUST_DYNAMIC_NAME 2 + + /* check_trust return codes */ + +-#define X509_TRUST_TRUSTED 1 +-#define X509_TRUST_REJECTED 2 +-#define X509_TRUST_UNTRUSTED 3 ++# define X509_TRUST_TRUSTED 1 ++# define X509_TRUST_REJECTED 2 ++# define X509_TRUST_UNTRUSTED 3 + + /* Flags for X509_print_ex() */ + +-#define X509_FLAG_COMPAT 0 +-#define X509_FLAG_NO_HEADER 1L +-#define X509_FLAG_NO_VERSION (1L << 1) +-#define X509_FLAG_NO_SERIAL (1L << 2) +-#define X509_FLAG_NO_SIGNAME (1L << 3) +-#define X509_FLAG_NO_ISSUER (1L << 4) +-#define X509_FLAG_NO_VALIDITY (1L << 5) +-#define X509_FLAG_NO_SUBJECT (1L << 6) +-#define X509_FLAG_NO_PUBKEY (1L << 7) +-#define X509_FLAG_NO_EXTENSIONS (1L << 8) +-#define X509_FLAG_NO_SIGDUMP (1L << 9) +-#define X509_FLAG_NO_AUX (1L << 10) +-#define X509_FLAG_NO_ATTRIBUTES (1L << 11) +- +-/* Flags specific to X509_NAME_print_ex() */ ++# define X509_FLAG_COMPAT 0 ++# define X509_FLAG_NO_HEADER 1L ++# define X509_FLAG_NO_VERSION (1L << 1) ++# define X509_FLAG_NO_SERIAL (1L << 2) ++# define X509_FLAG_NO_SIGNAME (1L << 3) ++# define X509_FLAG_NO_ISSUER (1L << 4) ++# define X509_FLAG_NO_VALIDITY (1L << 5) ++# define X509_FLAG_NO_SUBJECT (1L << 6) ++# define X509_FLAG_NO_PUBKEY (1L << 7) ++# define X509_FLAG_NO_EXTENSIONS (1L << 8) ++# define X509_FLAG_NO_SIGDUMP (1L << 9) ++# define X509_FLAG_NO_AUX (1L << 10) ++# define X509_FLAG_NO_ATTRIBUTES (1L << 11) ++ ++/* Flags specific to X509_NAME_print_ex() */ + + /* The field separator information */ + +-#define XN_FLAG_SEP_MASK (0xf << 16) ++# define XN_FLAG_SEP_MASK (0xf << 16) + +-#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ +-#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ +-#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ +-#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ +-#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ ++# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old ++ * X509_NAME_print */ ++# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ ++# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ ++# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ ++# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */ + +-#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ ++# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */ + + /* How the field name is shown */ + +-#define XN_FLAG_FN_MASK (0x3 << 21) ++# define XN_FLAG_FN_MASK (0x3 << 21) + +-#define XN_FLAG_FN_SN 0 /* Object short name */ +-#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ +-#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ +-#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ ++# define XN_FLAG_FN_SN 0/* Object short name */ ++# define XN_FLAG_FN_LN (1 << 21)/* Object long name */ ++# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */ ++# define XN_FLAG_FN_NONE (3 << 21)/* No field names */ + +-#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ ++# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */ + +-/* This determines if we dump fields we don't recognise: +- * RFC2253 requires this. ++/* ++ * This determines if we dump fields we don't recognise: RFC2253 requires ++ * this. + */ + +-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) ++# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +-#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ ++# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20 ++ * characters */ + + /* Complete set of RFC2253 flags */ + +-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ +- XN_FLAG_SEP_COMMA_PLUS | \ +- XN_FLAG_DN_REV | \ +- XN_FLAG_FN_SN | \ +- XN_FLAG_DUMP_UNKNOWN_FIELDS) ++# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ ++ XN_FLAG_SEP_COMMA_PLUS | \ ++ XN_FLAG_DN_REV | \ ++ XN_FLAG_FN_SN | \ ++ XN_FLAG_DUMP_UNKNOWN_FIELDS) + + /* readable oneline form */ + +-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ +- ASN1_STRFLGS_ESC_QUOTE | \ +- XN_FLAG_SEP_CPLUS_SPC | \ +- XN_FLAG_SPC_EQ | \ +- XN_FLAG_FN_SN) ++# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ ++ ASN1_STRFLGS_ESC_QUOTE | \ ++ XN_FLAG_SEP_CPLUS_SPC | \ ++ XN_FLAG_SPC_EQ | \ ++ XN_FLAG_FN_SN) + + /* readable multiline form */ + +-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ +- ASN1_STRFLGS_ESC_MSB | \ +- XN_FLAG_SEP_MULTILINE | \ +- XN_FLAG_SPC_EQ | \ +- XN_FLAG_FN_LN | \ +- XN_FLAG_FN_ALIGN) +- +-typedef struct X509_revoked_st +- { +- ASN1_INTEGER *serialNumber; +- ASN1_TIME *revocationDate; +- STACK_OF(X509_EXTENSION) /* optional */ *extensions; +- int sequence; /* load sequence */ +- } X509_REVOKED; ++# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ ++ ASN1_STRFLGS_ESC_MSB | \ ++ XN_FLAG_SEP_MULTILINE | \ ++ XN_FLAG_SPC_EQ | \ ++ XN_FLAG_FN_LN | \ ++ XN_FLAG_FN_ALIGN) ++ ++typedef struct X509_revoked_st { ++ ASN1_INTEGER *serialNumber; ++ ASN1_TIME *revocationDate; ++ STACK_OF(X509_EXTENSION) /* optional */ *extensions; ++ int sequence; /* load sequence */ ++} X509_REVOKED; + + DECLARE_STACK_OF(X509_REVOKED) + DECLARE_ASN1_SET_OF(X509_REVOKED) + +-typedef struct X509_crl_info_st +- { +- ASN1_INTEGER *version; +- X509_ALGOR *sig_alg; +- X509_NAME *issuer; +- ASN1_TIME *lastUpdate; +- ASN1_TIME *nextUpdate; +- STACK_OF(X509_REVOKED) *revoked; +- STACK_OF(X509_EXTENSION) /* [0] */ *extensions; +- ASN1_ENCODING enc; +- } X509_CRL_INFO; +- +-struct X509_crl_st +- { +- /* actual signature */ +- X509_CRL_INFO *crl; +- X509_ALGOR *sig_alg; +- ASN1_BIT_STRING *signature; +- int references; +- } /* X509_CRL */; ++typedef struct X509_crl_info_st { ++ ASN1_INTEGER *version; ++ X509_ALGOR *sig_alg; ++ X509_NAME *issuer; ++ ASN1_TIME *lastUpdate; ++ ASN1_TIME *nextUpdate; ++ STACK_OF(X509_REVOKED) *revoked; ++ STACK_OF(X509_EXTENSION) /* [0] */ *extensions; ++ ASN1_ENCODING enc; ++} X509_CRL_INFO; ++ ++struct X509_crl_st { ++ /* actual signature */ ++ X509_CRL_INFO *crl; ++ X509_ALGOR *sig_alg; ++ ASN1_BIT_STRING *signature; ++ int references; ++} /* X509_CRL */ ; + + DECLARE_STACK_OF(X509_CRL) + DECLARE_ASN1_SET_OF(X509_CRL) + +-typedef struct private_key_st +- { +- int version; +- /* The PKCS#8 data types */ +- X509_ALGOR *enc_algor; +- ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ +- +- /* When decrypted, the following will not be NULL */ +- EVP_PKEY *dec_pkey; +- +- /* used to encrypt and decrypt */ +- int key_length; +- char *key_data; +- int key_free; /* true if we should auto free key_data */ +- +- /* expanded version of 'enc_algor' */ +- EVP_CIPHER_INFO cipher; +- +- int references; +- } X509_PKEY; +- +-#ifndef OPENSSL_NO_EVP +-typedef struct X509_info_st +- { +- X509 *x509; +- X509_CRL *crl; +- X509_PKEY *x_pkey; +- +- EVP_CIPHER_INFO enc_cipher; +- int enc_len; +- char *enc_data; +- +- int references; +- } X509_INFO; ++typedef struct private_key_st { ++ int version; ++ /* The PKCS#8 data types */ ++ X509_ALGOR *enc_algor; ++ ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ ++ /* When decrypted, the following will not be NULL */ ++ EVP_PKEY *dec_pkey; ++ /* used to encrypt and decrypt */ ++ int key_length; ++ char *key_data; ++ int key_free; /* true if we should auto free key_data */ ++ /* expanded version of 'enc_algor' */ ++ EVP_CIPHER_INFO cipher; ++ int references; ++} X509_PKEY; ++ ++# ifndef OPENSSL_NO_EVP ++typedef struct X509_info_st { ++ X509 *x509; ++ X509_CRL *crl; ++ X509_PKEY *x_pkey; ++ EVP_CIPHER_INFO enc_cipher; ++ int enc_len; ++ char *enc_data; ++ int references; ++} X509_INFO; + + DECLARE_STACK_OF(X509_INFO) +-#endif ++# endif + +-/* The next 2 structures and their 8 routines were sent to me by +- * Pat Richard and are used to manipulate +- * Netscapes spki structures - useful if you are writing a CA web page ++/* ++ * The next 2 structures and their 8 routines were sent to me by Pat Richard ++ * and are used to manipulate Netscapes spki structures - ++ * useful if you are writing a CA web page + */ +-typedef struct Netscape_spkac_st +- { +- X509_PUBKEY *pubkey; +- ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +- } NETSCAPE_SPKAC; +- +-typedef struct Netscape_spki_st +- { +- NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ +- X509_ALGOR *sig_algor; +- ASN1_BIT_STRING *signature; +- } NETSCAPE_SPKI; ++typedef struct Netscape_spkac_st { ++ X509_PUBKEY *pubkey; ++ ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ ++} NETSCAPE_SPKAC; ++ ++typedef struct Netscape_spki_st { ++ NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ ++ X509_ALGOR *sig_algor; ++ ASN1_BIT_STRING *signature; ++} NETSCAPE_SPKI; + + /* Netscape certificate sequence structure */ +-typedef struct Netscape_certificate_sequence +- { +- ASN1_OBJECT *type; +- STACK_OF(X509) *certs; +- } NETSCAPE_CERT_SEQUENCE; ++typedef struct Netscape_certificate_sequence { ++ ASN1_OBJECT *type; ++ STACK_OF(X509) *certs; ++} NETSCAPE_CERT_SEQUENCE; + +-/* Unused (and iv length is wrong) ++/*- Unused (and iv length is wrong) + typedef struct CBCParameter_st +- { +- unsigned char iv[8]; +- } CBC_PARAM; ++ { ++ unsigned char iv[8]; ++ } CBC_PARAM; + */ + + /* Password based encryption structure */ + + typedef struct PBEPARAM_st { +-ASN1_OCTET_STRING *salt; +-ASN1_INTEGER *iter; ++ ASN1_OCTET_STRING *salt; ++ ASN1_INTEGER *iter; + } PBEPARAM; + + /* Password based encryption V2 structures */ + + typedef struct PBE2PARAM_st { +-X509_ALGOR *keyfunc; +-X509_ALGOR *encryption; ++ X509_ALGOR *keyfunc; ++ X509_ALGOR *encryption; + } PBE2PARAM; + + typedef struct PBKDF2PARAM_st { +-ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ +-ASN1_INTEGER *iter; +-ASN1_INTEGER *keylength; +-X509_ALGOR *prf; ++/* Usually OCTET STRING but could be anything */ ++ ASN1_TYPE *salt; ++ ASN1_INTEGER *iter; ++ ASN1_INTEGER *keylength; ++ X509_ALGOR *prf; + } PBKDF2PARAM; + +- + /* PKCS#8 private key info structure */ + +-typedef struct pkcs8_priv_key_info_st +- { +- int broken; /* Flag for various broken formats */ +-#define PKCS8_OK 0 +-#define PKCS8_NO_OCTET 1 +-#define PKCS8_EMBEDDED_PARAM 2 +-#define PKCS8_NS_DB 3 +- ASN1_INTEGER *version; +- X509_ALGOR *pkeyalg; +- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ +- STACK_OF(X509_ATTRIBUTE) *attributes; +- } PKCS8_PRIV_KEY_INFO; ++typedef struct pkcs8_priv_key_info_st { ++ /* Flag for various broken formats */ ++ int broken; ++# define PKCS8_OK 0 ++# define PKCS8_NO_OCTET 1 ++# define PKCS8_EMBEDDED_PARAM 2 ++# define PKCS8_NS_DB 3 ++ ASN1_INTEGER *version; ++ X509_ALGOR *pkeyalg; ++ /* Should be OCTET STRING but some are broken */ ++ ASN1_TYPE *pkey; ++ STACK_OF(X509_ATTRIBUTE) *attributes; ++} PKCS8_PRIV_KEY_INFO; + + #ifdef __cplusplus + } + #endif + +-#include +-#include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-#ifdef SSLEAY_MACROS +-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ +- a->signature,(char *)a->cert_info,r) +-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ +- a->sig_alg,a->signature,(char *)a->req_info,r) +-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ +- a->sig_alg, a->signature,(char *)a->crl,r) +- +-#define X509_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ +- x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) +-#define X509_REQ_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ +- x->signature, (char *)x->req_info,pkey,md) +-#define X509_CRL_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ +- x->signature, (char *)x->crl,pkey,md) +-#define NETSCAPE_SPKI_sign(x,pkey,md) \ +- ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ +- x->signature, (char *)x->spkac,pkey,md) +- +-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ +- (char *(*)())d2i_X509,(char *)x509) +-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ +- (int (*)())i2d_X509_ATTRIBUTE, \ +- (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) +-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ +- (int (*)())i2d_X509_EXTENSION, \ +- (char *(*)())d2i_X509_EXTENSION,(char *)ex) +-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ +- (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) +-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) +-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ +- (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) +-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) +- +-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ +- (char *(*)())d2i_X509_CRL,(char *)crl) +-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ +- X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ +- (unsigned char **)(crl)) +-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ +- (unsigned char *)crl) +-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ +- X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ +- (unsigned char **)(crl)) +-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ +- (unsigned char *)crl) +- +-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ +- (char *(*)())d2i_PKCS7,(char *)p7) +-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ +- PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ +- (unsigned char **)(p7)) +-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ +- (unsigned char *)p7) +-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ +- PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ +- (unsigned char **)(p7)) +-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ +- (unsigned char *)p7) +- +-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ +- (char *(*)())d2i_X509_REQ,(char *)req) +-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ +- X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ +- (unsigned char **)(req)) +-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ +- (unsigned char *)req) +-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ +- X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ +- (unsigned char **)(req)) +-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ +- (unsigned char *)req) +- +-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ +- (char *(*)())d2i_RSAPublicKey,(char *)rsa) +-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ +- (char *(*)())d2i_RSAPrivateKey,(char *)rsa) +- +-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ +- (unsigned char **)(rsa)) +-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ +- (unsigned char *)rsa) +-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ +- (unsigned char **)(rsa)) +-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ +- (unsigned char *)rsa) +- +-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ +- (unsigned char **)(rsa)) +-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ +- (unsigned char *)rsa) +-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ +- RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ +- (unsigned char **)(rsa)) +-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ +- (unsigned char *)rsa) +- +-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ +- DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ +- (unsigned char **)(dsa)) +-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ +- (unsigned char *)dsa) +-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ +- DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ +- (unsigned char **)(dsa)) +-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ +- (unsigned char *)dsa) +- +-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ +- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ +- (unsigned char **)(ecdsa)) +-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ +- (unsigned char *)ecdsa) +-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ +- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ +- (unsigned char **)(ecdsa)) +-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ +- (unsigned char *)ecdsa) +- +-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ +- (char *(*)())d2i_X509_ALGOR,(char *)xn) +- +-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ +- (char *(*)())d2i_X509_NAME,(char *)xn) +-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ +- (int (*)())i2d_X509_NAME_ENTRY, \ +- (char *(*)())d2i_X509_NAME_ENTRY,\ +- (char *)ne) +- +-#define X509_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) +-#define X509_NAME_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) +-#ifndef PKCS7_ISSUER_AND_SERIAL_digest +-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ +- ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ +- (char *)data,md,len) +-#endif +-#endif +- +-#define X509_EXT_PACK_UNKNOWN 1 +-#define X509_EXT_PACK_STRING 2 +- +-#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) +-/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ +-#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) +-#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) +-#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +-#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) +-#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) +-#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +-#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) +-#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) +- +-#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) +-#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) +-#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) +-#define X509_CRL_get_issuer(x) ((x)->crl->issuer) +-#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) +- +-/* This one is only used so that a binary form can output, as in +- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ +-#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) +- ++# ifdef SSLEAY_MACROS ++# define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ ++ a->signature,(char *)a->cert_info,r) ++# define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ ++ a->sig_alg,a->signature,(char *)a->req_info,r) ++# define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ ++ a->sig_alg, a->signature,(char *)a->crl,r) ++ ++# define X509_sign(x,pkey,md) \ ++ ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ ++ x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) ++# define X509_REQ_sign(x,pkey,md) \ ++ ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ ++ x->signature, (char *)x->req_info,pkey,md) ++# define X509_CRL_sign(x,pkey,md) \ ++ ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ ++ x->signature, (char *)x->crl,pkey,md) ++# define NETSCAPE_SPKI_sign(x,pkey,md) \ ++ ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ ++ x->signature, (char *)x->spkac,pkey,md) ++ ++# define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ ++ (char *(*)())d2i_X509,(char *)x509) ++# define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ ++ (int (*)())i2d_X509_ATTRIBUTE, \ ++ (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) ++# define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ ++ (int (*)())i2d_X509_EXTENSION, \ ++ (char *(*)())d2i_X509_EXTENSION,(char *)ex) ++# define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ ++ (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) ++# define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) ++# define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ ++ (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) ++# define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) ++ ++# define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ ++ (char *(*)())d2i_X509_CRL,(char *)crl) ++# define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ ++ X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ ++ (unsigned char **)(crl)) ++# define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ ++ (unsigned char *)crl) ++# define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ ++ X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ ++ (unsigned char **)(crl)) ++# define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ ++ (unsigned char *)crl) ++ ++# define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ ++ (char *(*)())d2i_PKCS7,(char *)p7) ++# define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ ++ PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ ++ (unsigned char **)(p7)) ++# define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ ++ (unsigned char *)p7) ++# define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ ++ PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ ++ (unsigned char **)(p7)) ++# define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ ++ (unsigned char *)p7) ++ ++# define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ ++ (char *(*)())d2i_X509_REQ,(char *)req) ++# define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ ++ X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ ++ (unsigned char **)(req)) ++# define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ ++ (unsigned char *)req) ++# define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ ++ X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ ++ (unsigned char **)(req)) ++# define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ ++ (unsigned char *)req) ++ ++# define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ ++ (char *(*)())d2i_RSAPublicKey,(char *)rsa) ++# define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ ++ (char *(*)())d2i_RSAPrivateKey,(char *)rsa) ++ ++# define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ ++ RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ ++ (unsigned char **)(rsa)) ++# define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ ++ (unsigned char *)rsa) ++# define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ ++ RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ ++ (unsigned char **)(rsa)) ++# define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ ++ (unsigned char *)rsa) ++ ++# define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ ++ RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ ++ (unsigned char **)(rsa)) ++# define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ ++ (unsigned char *)rsa) ++# define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ ++ RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ ++ (unsigned char **)(rsa)) ++# define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ ++ (unsigned char *)rsa) ++ ++# define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ ++ DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ ++ (unsigned char **)(dsa)) ++# define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ ++ (unsigned char *)dsa) ++# define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ ++ DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ ++ (unsigned char **)(dsa)) ++# define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ ++ (unsigned char *)dsa) ++ ++# define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\ ++ EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \ ++ (unsigned char **)(ecdsa)) ++# define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \ ++ (unsigned char *)ecdsa) ++# define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\ ++ EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \ ++ (unsigned char **)(ecdsa)) ++# define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \ ++ (unsigned char *)ecdsa) ++ ++# define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ ++ (char *(*)())d2i_X509_ALGOR,(char *)xn) ++ ++# define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ ++ (char *(*)())d2i_X509_NAME,(char *)xn) ++# define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ ++ (int (*)())i2d_X509_NAME_ENTRY, \ ++ (char *(*)())d2i_X509_NAME_ENTRY,\ ++ (char *)ne) ++ ++# define X509_digest(data,type,md,len) \ ++ ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) ++# define X509_NAME_digest(data,type,md,len) \ ++ ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) ++# ifndef PKCS7_ISSUER_AND_SERIAL_digest ++# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ ++ ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ ++ (char *)data,md,len) ++# endif ++# endif ++ ++# define X509_EXT_PACK_UNKNOWN 1 ++# define X509_EXT_PACK_STRING 2 ++ ++# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) ++/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ ++# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) ++# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) ++# define X509_extract_key(x) X509_get_pubkey(x)/*****/ ++# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) ++# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) ++# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) ++# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) ++# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) ++ ++# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) ++# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) ++# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) ++# define X509_CRL_get_issuer(x) ((x)->crl->issuer) ++# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) ++ ++/* ++ * This one is only used so that a binary form can output, as in ++ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) ++ */ ++# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) + + const char *X509_verify_cert_error_string(long n); + +-#ifndef SSLEAY_MACROS +-#ifndef OPENSSL_NO_EVP ++# ifndef SSLEAY_MACROS ++# ifndef OPENSSL_NO_EVP + int X509_verify(X509 *a, EVP_PKEY *r); + + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); + int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); + int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); +-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); ++NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len); ++char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); + EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); + int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + + int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig); ++int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); + + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +-int X509_pubkey_digest(const X509 *data,const EVP_MD *type, +- unsigned char *md, unsigned int *len); +-int X509_digest(const X509 *data,const EVP_MD *type, +- unsigned char *md, unsigned int *len); +-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, +- unsigned char *md, unsigned int *len); +-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, +- unsigned char *md, unsigned int *len); +-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, +- unsigned char *md, unsigned int *len); +-#endif +- +-#ifndef OPENSSL_NO_FP_API ++int X509_pubkey_digest(const X509 *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len); ++int X509_digest(const X509 *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len); ++int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len); ++int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len); ++int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len); ++# endif ++ ++# ifndef OPENSSL_NO_FP_API + X509 *d2i_X509_fp(FILE *fp, X509 **x509); +-int i2d_X509_fp(FILE *fp,X509 *x509); +-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); +-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); +-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); +-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); +-#ifndef OPENSSL_NO_RSA +-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); +-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); +-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); +-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); +-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); +-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); +-#endif +-#ifndef OPENSSL_NO_DSA ++int i2d_X509_fp(FILE *fp, X509 *x509); ++X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); ++int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl); ++X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req); ++int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req); ++# ifndef OPENSSL_NO_RSA ++RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa); ++int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa); ++RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa); ++int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa); ++RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa); ++int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa); ++# endif ++# ifndef OPENSSL_NO_DSA + DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); + int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); + DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); + int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +-#endif +-#ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); ++int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); + EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +-#endif +-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); +-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); ++int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); ++# endif ++X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8); ++int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8); + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, +- PKCS8_PRIV_KEY_INFO **p8inf); +-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); ++ PKCS8_PRIV_KEY_INFO **p8inf); ++int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf); + int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); + int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); + int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +-#endif +- +-#ifndef OPENSSL_NO_BIO +-X509 *d2i_X509_bio(BIO *bp,X509 **x509); +-int i2d_X509_bio(BIO *bp,X509 *x509); +-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); +-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); +-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); +-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); +-#ifndef OPENSSL_NO_RSA +-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); +-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); +-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); +-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); +-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); +-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); +-#endif +-#ifndef OPENSSL_NO_DSA ++# endif ++ ++# ifndef OPENSSL_NO_BIO ++X509 *d2i_X509_bio(BIO *bp, X509 **x509); ++int i2d_X509_bio(BIO *bp, X509 *x509); ++X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); ++int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl); ++X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req); ++int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req); ++# ifndef OPENSSL_NO_RSA ++RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa); ++int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa); ++RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa); ++int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa); ++RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa); ++int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa); ++# endif ++# ifndef OPENSSL_NO_DSA + DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); + int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); + DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); + int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +-#endif +-#ifndef OPENSSL_NO_EC ++# endif ++# ifndef OPENSSL_NO_EC + EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); ++int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); + EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +-#endif +-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); +-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); ++int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); ++# endif ++X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8); ++int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8); + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, +- PKCS8_PRIV_KEY_INFO **p8inf); +-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); ++ PKCS8_PRIV_KEY_INFO **p8inf); ++int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf); + int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); + int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); + int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +-#endif ++# endif + + X509 *X509_dup(X509 *x509); + X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +@@ -867,29 +848,31 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); + X509_CRL *X509_CRL_dup(X509_CRL *crl); + X509_REQ *X509_REQ_dup(X509_REQ *req); + X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); ++int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, ++ void *pval); + void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, +- X509_ALGOR *algor); ++ X509_ALGOR *algor); ++int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + + X509_NAME *X509_NAME_dup(X509_NAME *xn); + X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +-#endif /* !SSLEAY_MACROS */ ++# endif /* !SSLEAY_MACROS */ + +-int X509_cmp_time(ASN1_TIME *s, time_t *t); +-int X509_cmp_current_time(ASN1_TIME *s); +-ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +-ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); ++int X509_cmp_time(ASN1_TIME *s, time_t *t); ++int X509_cmp_current_time(ASN1_TIME *s); ++ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t); ++ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj); + +-const char * X509_get_default_cert_area(void ); +-const char * X509_get_default_cert_dir(void ); +-const char * X509_get_default_cert_file(void ); +-const char * X509_get_default_cert_dir_env(void ); +-const char * X509_get_default_cert_file_env(void ); +-const char * X509_get_default_private_dir(void ); ++const char *X509_get_default_cert_area(void); ++const char *X509_get_default_cert_dir(void); ++const char *X509_get_default_cert_file(void); ++const char *X509_get_default_cert_dir_env(void); ++const char *X509_get_default_cert_file_env(void); ++const char *X509_get_default_private_dir(void); + +-X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +-X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); ++X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); ++X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey); + + DECLARE_ASN1_FUNCTIONS(X509_ALGOR) + DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS) +@@ -897,28 +880,23 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) + + DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + +-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +-EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); +-int X509_get_pubkey_parameters(EVP_PKEY *pkey, +- STACK_OF(X509) *chain); +-int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); +-EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, +- long length); +-#ifndef OPENSSL_NO_RSA +-int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); +-RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, +- long length); +-#endif +-#ifndef OPENSSL_NO_DSA +-int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); +-DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, +- long length); +-#endif +-#ifndef OPENSSL_NO_EC +-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, +- long length); +-#endif ++int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); ++EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); ++int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); ++int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); ++EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); ++# ifndef OPENSSL_NO_RSA ++int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); ++RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length); ++# endif ++# ifndef OPENSSL_NO_DSA ++int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp); ++DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); ++# endif ++# ifndef OPENSSL_NO_EC ++int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); ++EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); ++# endif + + DECLARE_ASN1_FUNCTIONS(X509_SIG) + DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) +@@ -934,7 +912,7 @@ DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) + + DECLARE_ASN1_FUNCTIONS(X509_NAME) + +-int X509_NAME_set(X509_NAME **xn, X509_NAME *name); ++int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + + DECLARE_ASN1_FUNCTIONS(X509_CINF) + +@@ -944,17 +922,18 @@ DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) + + int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int X509_set_ex_data(X509 *r, int idx, void *arg); + void *X509_get_ex_data(X509 *r, int idx); +-int i2d_X509_AUX(X509 *a,unsigned char **pp); +-X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); ++int i2d_X509_AUX(X509 *a, unsigned char **pp); ++X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + + int X509_alias_set1(X509 *x, unsigned char *name, int len); + int X509_keyid_set1(X509 *x, unsigned char *id, int len); +-unsigned char * X509_alias_get0(X509 *x, int *len); +-unsigned char * X509_keyid_get0(X509 *x, int *len); +-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); ++unsigned char *X509_alias_get0(X509 *x, int *len); ++unsigned char *X509_keyid_get0(X509 *x, int *len); ++int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, ++ int); + int X509_TRUST_set(int *t, int trust); + int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); + int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); +@@ -967,83 +946,83 @@ DECLARE_ASN1_FUNCTIONS(X509_CRL) + + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); + +-X509_PKEY * X509_PKEY_new(void ); +-void X509_PKEY_free(X509_PKEY *a); +-int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); +-X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length); ++X509_PKEY *X509_PKEY_new(void); ++void X509_PKEY_free(X509_PKEY *a); ++int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp); ++X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, ++ long length); + + DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) + DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) + DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + +-#ifndef OPENSSL_NO_EVP +-X509_INFO * X509_INFO_new(void); +-void X509_INFO_free(X509_INFO *a); +-char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); ++# ifndef OPENSSL_NO_EVP ++X509_INFO *X509_INFO_new(void); ++void X509_INFO_free(X509_INFO *a); ++char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); + + int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, +- ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); ++ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); + +-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data, +- unsigned char *md,unsigned int *len); ++int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, ++ unsigned char *md, unsigned int *len); + + int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, +- X509_ALGOR *algor2, ASN1_BIT_STRING *signature, +- char *data,EVP_PKEY *pkey, const EVP_MD *type); ++ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, ++ char *data, EVP_PKEY *pkey, const EVP_MD *type); + +-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, +- unsigned char *md,unsigned int *len); ++int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data, ++ unsigned char *md, unsigned int *len); + + int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, +- ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); +- +-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, +- ASN1_BIT_STRING *signature, +- void *data, EVP_PKEY *pkey, const EVP_MD *type); +-#endif +- +-int X509_set_version(X509 *x,long version); +-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +-ASN1_INTEGER * X509_get_serialNumber(X509 *x); +-int X509_set_issuer_name(X509 *x, X509_NAME *name); +-X509_NAME * X509_get_issuer_name(X509 *a); +-int X509_set_subject_name(X509 *x, X509_NAME *name); +-X509_NAME * X509_get_subject_name(X509 *a); +-int X509_set_notBefore(X509 *x, ASN1_TIME *tm); +-int X509_set_notAfter(X509 *x, ASN1_TIME *tm); +-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +-EVP_PKEY * X509_get_pubkey(X509 *x); +-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); +-int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); +- +-int X509_REQ_set_version(X509_REQ *x,long version); +-int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +-EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); +-int X509_REQ_extension_nid(int nid); +-int * X509_REQ_get_extension_nids(void); +-void X509_REQ_set_extension_nids(int *nids); ++ ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey); ++ ++int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, ++ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, ++ EVP_PKEY *pkey, const EVP_MD *type); ++# endif ++ ++int X509_set_version(X509 *x, long version); ++int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); ++ASN1_INTEGER *X509_get_serialNumber(X509 *x); ++int X509_set_issuer_name(X509 *x, X509_NAME *name); ++X509_NAME *X509_get_issuer_name(X509 *a); ++int X509_set_subject_name(X509 *x, X509_NAME *name); ++X509_NAME *X509_get_subject_name(X509 *a); ++int X509_set_notBefore(X509 *x, ASN1_TIME *tm); ++int X509_set_notAfter(X509 *x, ASN1_TIME *tm); ++int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); ++EVP_PKEY *X509_get_pubkey(X509 *x); ++ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); ++int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); ++ ++int X509_REQ_set_version(X509_REQ *x, long version); ++int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); ++int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); ++EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); ++int X509_REQ_extension_nid(int nid); ++int *X509_REQ_get_extension_nids(void); ++void X509_REQ_set_extension_nids(int *nids); + STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); + int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, +- int nid); ++ int nid); + int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); + int X509_REQ_get_attr_count(const X509_REQ *req); +-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, +- int lastpos); ++int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); + int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, +- int lastpos); ++ int lastpos); + X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); + int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); + int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, +- const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len); ++ const ASN1_OBJECT *obj, int type, ++ const unsigned char *bytes, int len); + int X509_REQ_add1_attr_by_NID(X509_REQ *req, +- int nid, int type, +- const unsigned char *bytes, int len); ++ int nid, int type, ++ const unsigned char *bytes, int len); + int X509_REQ_add1_attr_by_txt(X509_REQ *req, +- const char *attrname, int type, +- const unsigned char *bytes, int len); ++ const char *attrname, int type, ++ const unsigned char *bytes, int len); + + int X509_CRL_set_version(X509_CRL *x, long version); + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +@@ -1054,202 +1033,227 @@ int X509_CRL_sort(X509_CRL *crl); + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); + int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); + +-int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); +- +-int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); +- +-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +-unsigned long X509_issuer_and_serial_hash(X509 *a); +- +-int X509_issuer_name_cmp(const X509 *a, const X509 *b); +-unsigned long X509_issuer_name_hash(X509 *a); +- +-int X509_subject_name_cmp(const X509 *a, const X509 *b); +-unsigned long X509_subject_name_hash(X509 *x); +- +-int X509_cmp(const X509 *a, const X509 *b); +-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +-unsigned long X509_NAME_hash(X509_NAME *x); +- +-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +-#ifndef OPENSSL_NO_FP_API +-int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); +-int X509_print_fp(FILE *bp,X509 *x); +-int X509_CRL_print_fp(FILE *bp,X509_CRL *x); +-int X509_REQ_print_fp(FILE *bp,X509_REQ *req); +-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); +-#endif +- +-#ifndef OPENSSL_NO_BIO +-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +-int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); +-int X509_print(BIO *bp,X509 *x); +-int X509_ocspid_print(BIO *bp,X509 *x); +-int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); +-int X509_CRL_print(BIO *bp,X509_CRL *x); +-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); +-int X509_REQ_print(BIO *bp,X509_REQ *req); +-#endif +- +-int X509_NAME_entry_count(X509_NAME *name); +-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, +- char *buf,int len); +-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, +- char *buf,int len); +- +-/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use +- * lastpos, search after that position on. */ +-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, +- int lastpos); ++int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); ++ ++int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); ++ ++int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); ++unsigned long X509_issuer_and_serial_hash(X509 *a); ++ ++int X509_issuer_name_cmp(const X509 *a, const X509 *b); ++unsigned long X509_issuer_name_hash(X509 *a); ++ ++int X509_subject_name_cmp(const X509 *a, const X509 *b); ++unsigned long X509_subject_name_hash(X509 *x); ++ ++int X509_cmp(const X509 *a, const X509 *b); ++int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); ++unsigned long X509_NAME_hash(X509_NAME *x); ++ ++int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); ++# ifndef OPENSSL_NO_FP_API ++int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, ++ unsigned long cflag); ++int X509_print_fp(FILE *bp, X509 *x); ++int X509_CRL_print_fp(FILE *bp, X509_CRL *x); ++int X509_REQ_print_fp(FILE *bp, X509_REQ *req); ++int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, ++ unsigned long flags); ++# endif ++ ++# ifndef OPENSSL_NO_BIO ++int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); ++int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, ++ unsigned long flags); ++int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, ++ unsigned long cflag); ++int X509_print(BIO *bp, X509 *x); ++int X509_ocspid_print(BIO *bp, X509 *x); ++int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); ++int X509_CRL_print(BIO *bp, X509_CRL *x); ++int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, ++ unsigned long cflag); ++int X509_REQ_print(BIO *bp, X509_REQ *req); ++# endif ++ ++int X509_NAME_entry_count(X509_NAME *name); ++int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); ++int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, ++ char *buf, int len); ++ ++/* ++ * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use ++ * lastpos, search after that position on. ++ */ ++int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); ++int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, ++ int lastpos); + X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, +- int loc, int set); ++int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, ++ int loc, int set); + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, +- unsigned char *bytes, int len, int loc, int set); ++ unsigned char *bytes, int len, int loc, ++ int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +- unsigned char *bytes, int len, int loc, int set); ++ unsigned char *bytes, int len, int loc, ++ int set); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, +- const char *field, int type, const unsigned char *bytes, int len); ++ const char *field, int type, ++ const unsigned char *bytes, ++ int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +- int type,unsigned char *bytes, int len); ++ int type, unsigned char *bytes, ++ int len); + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +- const unsigned char *bytes, int len, int loc, int set); ++ const unsigned char *bytes, int len, int loc, ++ int set); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +- ASN1_OBJECT *obj, int type,const unsigned char *bytes, +- int len); +-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, +- ASN1_OBJECT *obj); +-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +- const unsigned char *bytes, int len); +-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +- +-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, +- int nid, int lastpos); +-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +- ASN1_OBJECT *obj,int lastpos); +-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, +- int crit, int lastpos); ++ ASN1_OBJECT *obj, int type, ++ const unsigned char *bytes, ++ int len); ++int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); ++int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, ++ const unsigned char *bytes, int len); ++ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ++ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); ++ ++int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); ++int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, ++ int nid, int lastpos); ++int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, ++ ASN1_OBJECT *obj, int lastpos); ++int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, ++ int crit, int lastpos); + X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); + X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); + STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +- X509_EXTENSION *ex, int loc); ++ X509_EXTENSION *ex, int loc); + +-int X509_get_ext_count(X509 *x); +-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); +-int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); +-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); ++int X509_get_ext_count(X509 *x); ++int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); ++int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); ++int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); + X509_EXTENSION *X509_get_ext(X509 *x, int loc); + X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +-void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +- unsigned long flags); +- +-int X509_CRL_get_ext_count(X509_CRL *x); +-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); +-int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); +-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); ++int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); ++void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); ++int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, ++ unsigned long flags); ++ ++int X509_CRL_get_ext_count(X509_CRL *x); ++int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); ++int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos); ++int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); + X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +-void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); +-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, +- unsigned long flags); +- +-int X509_REVOKED_get_ext_count(X509_REVOKED *x); +-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); +-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); +-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); ++int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); ++void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); ++int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, ++ unsigned long flags); ++ ++int X509_REVOKED_get_ext_count(X509_REVOKED *x); ++int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); ++int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, ++ int lastpos); ++int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); + X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); + X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +-void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); +-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, +- unsigned long flags); ++int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); ++void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); ++int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, ++ unsigned long flags); + + X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, +- int nid, int crit, ASN1_OCTET_STRING *data); ++ int nid, int crit, ++ ASN1_OCTET_STRING *data); + X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +- ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); +-int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); +-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +-int X509_EXTENSION_set_data(X509_EXTENSION *ex, +- ASN1_OCTET_STRING *data); +-ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); ++ ASN1_OBJECT *obj, int crit, ++ ASN1_OCTET_STRING *data); ++int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj); ++int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); ++int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); ++ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); + ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +-int X509_EXTENSION_get_critical(X509_EXTENSION *ex); ++int X509_EXTENSION_get_critical(X509_EXTENSION *ex); + + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); + int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, +- int lastpos); +-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, +- int lastpos); ++ int lastpos); ++int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ++ ASN1_OBJECT *obj, int lastpos); + X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); + X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, +- X509_ATTRIBUTE *attr); +-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, +- const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len); +-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, +- int nid, int type, +- const unsigned char *bytes, int len); +-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, +- const char *attrname, int type, +- const unsigned char *bytes, int len); +-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +- ASN1_OBJECT *obj, int lastpos, int type); ++ X509_ATTRIBUTE *attr); ++STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) ++ **x, const ASN1_OBJECT *obj, ++ int type, ++ const unsigned char *bytes, ++ int len); ++STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) ++ **x, int nid, int type, ++ const unsigned char *bytes, ++ int len); ++STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) ++ **x, const char *attrname, ++ int type, ++ const unsigned char *bytes, ++ int len); ++void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, ++ int lastpos, int type); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, +- int atrtype, const void *data, int len); ++ int atrtype, const void *data, ++ int len); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, +- const ASN1_OBJECT *obj, int atrtype, const void *data, int len); ++ const ASN1_OBJECT *obj, ++ int atrtype, const void *data, ++ int len); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, +- const char *atrname, int type, const unsigned char *bytes, int len); ++ const char *atrname, int type, ++ const unsigned char *bytes, ++ int len); + int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); +-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, +- int atrtype, void *data); ++int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, ++ const void *data, int len); ++void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, ++ void *data); + int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); + ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); + ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, +- int lastpos); ++int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); + int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, +- int lastpos); ++ int lastpos); + X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); + X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); + int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); + int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, +- const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len); ++ const ASN1_OBJECT *obj, int type, ++ const unsigned char *bytes, int len); + int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, +- int nid, int type, +- const unsigned char *bytes, int len); ++ int nid, int type, ++ const unsigned char *bytes, int len); + int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, +- const char *attrname, int type, +- const unsigned char *bytes, int len); ++ const char *attrname, int type, ++ const unsigned char *bytes, int len); + +-int X509_verify_cert(X509_STORE_CTX *ctx); ++int X509_verify_cert(X509_STORE_CTX *ctx); + + /* lookup a cert from a X509 STACK */ +-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, +- ASN1_INTEGER *serial); +-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); ++X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, ++ ASN1_INTEGER *serial); ++X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name); + + DECLARE_ASN1_FUNCTIONS(PBEPARAM) + DECLARE_ASN1_FUNCTIONS(PBE2PARAM) + DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) + +-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); ++X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, ++ int saltlen); + X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, +- unsigned char *salt, int saltlen); ++ unsigned char *salt, int saltlen); + + /* PKCS#8 utilities */ + +@@ -1262,17 +1266,18 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + + int X509_check_trust(X509 *x, int id, int flags); + int X509_TRUST_get_count(void); +-X509_TRUST * X509_TRUST_get0(int idx); ++X509_TRUST *X509_TRUST_get0(int idx); + int X509_TRUST_get_by_id(int id); +-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), +- char *name, int arg1, void *arg2); ++int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), ++ char *name, int arg1, void *arg2); + void X509_TRUST_cleanup(void); + int X509_TRUST_get_flags(X509_TRUST *xp); + char *X509_TRUST_get0_name(X509_TRUST *xp); + int X509_TRUST_get_trust(X509_TRUST *xp); + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_X509_strings(void); +@@ -1280,76 +1285,76 @@ void ERR_load_X509_strings(void); + /* Error codes for the X509 functions. */ + + /* Function codes. */ +-#define X509_F_ADD_CERT_DIR 100 +-#define X509_F_BY_FILE_CTRL 101 +-#define X509_F_CHECK_POLICY 145 +-#define X509_F_DIR_CTRL 102 +-#define X509_F_GET_CERT_BY_SUBJECT 103 +-#define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +-#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +-#define X509_F_X509AT_ADD1_ATTR 135 +-#define X509_F_X509V3_ADD_EXT 104 +-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +-#define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +-#define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +-#define X509_F_X509_CHECK_PRIVATE_KEY 128 +-#define X509_F_X509_CRL_PRINT_FP 147 +-#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +-#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +-#define X509_F_X509_LOAD_CERT_CRL_FILE 132 +-#define X509_F_X509_LOAD_CERT_FILE 111 +-#define X509_F_X509_LOAD_CRL_FILE 112 +-#define X509_F_X509_NAME_ADD_ENTRY 113 +-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +-#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +-#define X509_F_X509_NAME_ONELINE 116 +-#define X509_F_X509_NAME_PRINT 117 +-#define X509_F_X509_PRINT_EX_FP 118 +-#define X509_F_X509_PUBKEY_GET 119 +-#define X509_F_X509_PUBKEY_SET 120 +-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +-#define X509_F_X509_REQ_PRINT_EX 121 +-#define X509_F_X509_REQ_PRINT_FP 122 +-#define X509_F_X509_REQ_TO_X509 123 +-#define X509_F_X509_STORE_ADD_CERT 124 +-#define X509_F_X509_STORE_ADD_CRL 125 +-#define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +-#define X509_F_X509_STORE_CTX_INIT 143 +-#define X509_F_X509_STORE_CTX_NEW 142 +-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +-#define X509_F_X509_TO_X509_REQ 126 +-#define X509_F_X509_TRUST_ADD 133 +-#define X509_F_X509_TRUST_SET 141 +-#define X509_F_X509_VERIFY_CERT 127 ++# define X509_F_ADD_CERT_DIR 100 ++# define X509_F_BY_FILE_CTRL 101 ++# define X509_F_CHECK_POLICY 145 ++# define X509_F_DIR_CTRL 102 ++# define X509_F_GET_CERT_BY_SUBJECT 103 ++# define X509_F_NETSCAPE_SPKI_B64_DECODE 129 ++# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 ++# define X509_F_X509AT_ADD1_ATTR 135 ++# define X509_F_X509V3_ADD_EXT 104 ++# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 ++# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 ++# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 ++# define X509_F_X509_ATTRIBUTE_GET0_DATA 139 ++# define X509_F_X509_ATTRIBUTE_SET1_DATA 138 ++# define X509_F_X509_CHECK_PRIVATE_KEY 128 ++# define X509_F_X509_CRL_PRINT_FP 147 ++# define X509_F_X509_EXTENSION_CREATE_BY_NID 108 ++# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 ++# define X509_F_X509_GET_PUBKEY_PARAMETERS 110 ++# define X509_F_X509_LOAD_CERT_CRL_FILE 132 ++# define X509_F_X509_LOAD_CERT_FILE 111 ++# define X509_F_X509_LOAD_CRL_FILE 112 ++# define X509_F_X509_NAME_ADD_ENTRY 113 ++# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 ++# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 ++# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 ++# define X509_F_X509_NAME_ONELINE 116 ++# define X509_F_X509_NAME_PRINT 117 ++# define X509_F_X509_PRINT_EX_FP 118 ++# define X509_F_X509_PUBKEY_GET 119 ++# define X509_F_X509_PUBKEY_SET 120 ++# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 ++# define X509_F_X509_REQ_PRINT_EX 121 ++# define X509_F_X509_REQ_PRINT_FP 122 ++# define X509_F_X509_REQ_TO_X509 123 ++# define X509_F_X509_STORE_ADD_CERT 124 ++# define X509_F_X509_STORE_ADD_CRL 125 ++# define X509_F_X509_STORE_CTX_GET1_ISSUER 146 ++# define X509_F_X509_STORE_CTX_INIT 143 ++# define X509_F_X509_STORE_CTX_NEW 142 ++# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 ++# define X509_F_X509_TO_X509_REQ 126 ++# define X509_F_X509_TRUST_ADD 133 ++# define X509_F_X509_TRUST_SET 141 ++# define X509_F_X509_VERIFY_CERT 127 + + /* Reason codes. */ +-#define X509_R_BAD_X509_FILETYPE 100 +-#define X509_R_BASE64_DECODE_ERROR 118 +-#define X509_R_CANT_CHECK_DH_KEY 114 +-#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +-#define X509_R_ERR_ASN1_LIB 102 +-#define X509_R_INVALID_DIRECTORY 113 +-#define X509_R_INVALID_FIELD_NAME 119 +-#define X509_R_INVALID_TRUST 123 +-#define X509_R_KEY_TYPE_MISMATCH 115 +-#define X509_R_KEY_VALUES_MISMATCH 116 +-#define X509_R_LOADING_CERT_DIR 103 +-#define X509_R_LOADING_DEFAULTS 104 +-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +-#define X509_R_SHOULD_RETRY 106 +-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +-#define X509_R_UNKNOWN_KEY_TYPE 117 +-#define X509_R_UNKNOWN_NID 109 +-#define X509_R_UNKNOWN_PURPOSE_ID 121 +-#define X509_R_UNKNOWN_TRUST_ID 120 +-#define X509_R_UNSUPPORTED_ALGORITHM 111 +-#define X509_R_WRONG_LOOKUP_TYPE 112 +-#define X509_R_WRONG_TYPE 122 ++# define X509_R_BAD_X509_FILETYPE 100 ++# define X509_R_BASE64_DECODE_ERROR 118 ++# define X509_R_CANT_CHECK_DH_KEY 114 ++# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 ++# define X509_R_ERR_ASN1_LIB 102 ++# define X509_R_INVALID_DIRECTORY 113 ++# define X509_R_INVALID_FIELD_NAME 119 ++# define X509_R_INVALID_TRUST 123 ++# define X509_R_KEY_TYPE_MISMATCH 115 ++# define X509_R_KEY_VALUES_MISMATCH 116 ++# define X509_R_LOADING_CERT_DIR 103 ++# define X509_R_LOADING_DEFAULTS 104 ++# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 ++# define X509_R_SHOULD_RETRY 106 ++# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 ++# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 ++# define X509_R_UNKNOWN_KEY_TYPE 117 ++# define X509_R_UNKNOWN_NID 109 ++# define X509_R_UNKNOWN_PURPOSE_ID 121 ++# define X509_R_UNKNOWN_TRUST_ID 120 ++# define X509_R_UNSUPPORTED_ALGORITHM 111 ++# define X509_R_WRONG_LOOKUP_TYPE 112 ++# define X509_R_WRONG_TYPE 122 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/x509_vfy.h b/Cryptlib/Include/openssl/x509_vfy.h +index 86ae35f..69fab69 100644 +--- a/Cryptlib/Include/openssl/x509_vfy.h ++++ b/Cryptlib/Include/openssl/x509_vfy.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,53 +57,53 @@ + */ + + #ifndef HEADER_X509_H +-#include +-/* openssl/x509.h ends up #include-ing this file at about the only +- * appropriate moment. */ ++# include ++/* ++ * openssl/x509.h ends up #include-ing this file at about the only ++ * appropriate moment. ++ */ + #endif + + #ifndef HEADER_X509_VFY_H +-#define HEADER_X509_VFY_H ++# define HEADER_X509_VFY_H + +-#include +-#ifndef OPENSSL_NO_LHASH +-#include +-#endif +-#include +-#include +-#include ++# include ++# ifndef OPENSSL_NO_LHASH ++# include ++# endif ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + + /* Outer object */ +-typedef struct x509_hash_dir_st +- { +- int num_dirs; +- char **dirs; +- int *dirs_type; +- int num_dirs_alloced; +- } X509_HASH_DIR_CTX; +- +-typedef struct x509_file_st +- { +- int num_paths; /* number of paths to files or directories */ +- int num_alloced; +- char **paths; /* the list of paths or directories */ +- int *path_type; +- } X509_CERT_FILE_CTX; ++typedef struct x509_hash_dir_st { ++ int num_dirs; ++ char **dirs; ++ int *dirs_type; ++ int num_dirs_alloced; ++} X509_HASH_DIR_CTX; ++ ++typedef struct x509_file_st { ++ int num_paths; /* number of paths to files or directories */ ++ int num_alloced; ++ char **paths; /* the list of paths or directories */ ++ int *path_type; ++} X509_CERT_FILE_CTX; + + /*******************************/ +-/* +-SSL_CTX -> X509_STORE +- -> X509_LOOKUP +- ->X509_LOOKUP_METHOD +- -> X509_LOOKUP +- ->X509_LOOKUP_METHOD +- +-SSL -> X509_STORE_CTX +- ->X509_STORE ++/*- ++SSL_CTX -> X509_STORE ++ -> X509_LOOKUP ++ ->X509_LOOKUP_METHOD ++ -> X509_LOOKUP ++ ->X509_LOOKUP_METHOD ++ ++SSL -> X509_STORE_CTX ++ ->X509_STORE + + The X509_STORE holds the tables etc for verification stuff. + A X509_STORE_CTX is used while validating a single certificate. +@@ -112,23 +112,22 @@ The X509_STORE then calls a function to actually verify the + certificate chain. + */ + +-#define X509_LU_RETRY -1 +-#define X509_LU_FAIL 0 +-#define X509_LU_X509 1 +-#define X509_LU_CRL 2 +-#define X509_LU_PKEY 3 +- +-typedef struct x509_object_st +- { +- /* one of the above types */ +- int type; +- union { +- char *ptr; +- X509 *x509; +- X509_CRL *crl; +- EVP_PKEY *pkey; +- } data; +- } X509_OBJECT; ++# define X509_LU_RETRY -1 ++# define X509_LU_FAIL 0 ++# define X509_LU_X509 1 ++# define X509_LU_CRL 2 ++# define X509_LU_PKEY 3 ++ ++typedef struct x509_object_st { ++ /* one of the above types */ ++ int type; ++ union { ++ char *ptr; ++ X509 *x509; ++ X509_CRL *crl; ++ EVP_PKEY *pkey; ++ } data; ++} X509_OBJECT; + + typedef struct x509_lookup_st X509_LOOKUP; + +@@ -136,255 +135,273 @@ DECLARE_STACK_OF(X509_LOOKUP) + DECLARE_STACK_OF(X509_OBJECT) + + /* This is a static that defines the function interface */ +-typedef struct x509_lookup_method_st +- { +- const char *name; +- int (*new_item)(X509_LOOKUP *ctx); +- void (*free)(X509_LOOKUP *ctx); +- int (*init)(X509_LOOKUP *ctx); +- int (*shutdown)(X509_LOOKUP *ctx); +- int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, +- char **ret); +- int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, +- X509_OBJECT *ret); +- int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, +- ASN1_INTEGER *serial,X509_OBJECT *ret); +- int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, +- unsigned char *bytes,int len, +- X509_OBJECT *ret); +- int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, +- X509_OBJECT *ret); +- } X509_LOOKUP_METHOD; +- +-/* This structure hold all parameters associated with a verify operation +- * by including an X509_VERIFY_PARAM structure in related structures the ++typedef struct x509_lookup_method_st { ++ const char *name; ++ int (*new_item) (X509_LOOKUP *ctx); ++ void (*free) (X509_LOOKUP *ctx); ++ int (*init) (X509_LOOKUP *ctx); ++ int (*shutdown) (X509_LOOKUP *ctx); ++ int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, ++ char **ret); ++ int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name, ++ X509_OBJECT *ret); ++ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name, ++ ASN1_INTEGER *serial, X509_OBJECT *ret); ++ int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type, ++ unsigned char *bytes, int len, ++ X509_OBJECT *ret); ++ int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len, ++ X509_OBJECT *ret); ++} X509_LOOKUP_METHOD; ++ ++/* ++ * This structure hold all parameters associated with a verify operation by ++ * including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +-typedef struct X509_VERIFY_PARAM_st +- { +- char *name; +- time_t check_time; /* Time to use */ +- unsigned long inh_flags; /* Inheritance flags */ +- unsigned long flags; /* Various verify flags */ +- int purpose; /* purpose to check untrusted certificates */ +- int trust; /* trust setting to check */ +- int depth; /* Verify depth */ +- STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ +- } X509_VERIFY_PARAM; ++typedef struct X509_VERIFY_PARAM_st { ++ char *name; ++ time_t check_time; /* Time to use */ ++ unsigned long inh_flags; /* Inheritance flags */ ++ unsigned long flags; /* Various verify flags */ ++ int purpose; /* purpose to check untrusted certificates */ ++ int trust; /* trust setting to check */ ++ int depth; /* Verify depth */ ++ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ ++} X509_VERIFY_PARAM; + + DECLARE_STACK_OF(X509_VERIFY_PARAM) + +-/* This is used to hold everything. It is used for all certificate +- * validation. Once we have a certificate chain, the 'verify' +- * function is then called to actually check the cert chain. */ +-struct x509_store_st +- { +- /* The following is a cache of trusted certs */ +- int cache; /* if true, stash any hits */ +- STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ +- +- /* These are external lookup methods */ +- STACK_OF(X509_LOOKUP) *get_cert_methods; +- +- X509_VERIFY_PARAM *param; +- +- /* Callbacks for various operations */ +- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ +- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ +- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ +- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ +- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ +- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ +- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ +- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ +- int (*cleanup)(X509_STORE_CTX *ctx); +- +- CRYPTO_EX_DATA ex_data; +- int references; +- } /* X509_STORE */; ++/* ++ * This is used to hold everything. It is used for all certificate ++ * validation. Once we have a certificate chain, the 'verify' function is ++ * then called to actually check the cert chain. ++ */ ++struct x509_store_st { ++ /* The following is a cache of trusted certs */ ++ int cache; /* if true, stash any hits */ ++ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ ++ /* These are external lookup methods */ ++ STACK_OF(X509_LOOKUP) *get_cert_methods; ++ X509_VERIFY_PARAM *param; ++ /* Callbacks for various operations */ ++ /* called to verify a certificate */ ++ int (*verify) (X509_STORE_CTX *ctx); ++ /* error callback */ ++ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); ++ /* get issuers cert from ctx */ ++ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); ++ /* check issued */ ++ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); ++ /* Check revocation status of chain */ ++ int (*check_revocation) (X509_STORE_CTX *ctx); ++ /* retrieve CRL */ ++ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); ++ /* Check CRL validity */ ++ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); ++ /* Check certificate against CRL */ ++ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); ++ int (*cleanup) (X509_STORE_CTX *ctx); ++ CRYPTO_EX_DATA ex_data; ++ int references; ++} /* X509_STORE */ ; + + int X509_STORE_set_depth(X509_STORE *store, int depth); + +-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) +-#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) ++# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) ++# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) + + /* This is the functions plus an instance of the local variables. */ +-struct x509_lookup_st +- { +- int init; /* have we been started */ +- int skip; /* don't use us. */ +- X509_LOOKUP_METHOD *method; /* the functions */ +- char *method_data; /* method data */ +- +- X509_STORE *store_ctx; /* who owns us */ +- } /* X509_LOOKUP */; +- +-/* This is a used when verifying cert chains. Since the +- * gathering of the cert chain can take some time (and have to be +- * 'retried', this needs to be kept and passed around. */ +-struct x509_store_ctx_st /* X509_STORE_CTX */ +- { +- X509_STORE *ctx; +- int current_method; /* used when looking up certs */ +- +- /* The following are set by the caller */ +- X509 *cert; /* The cert to check */ +- STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ +- STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ +- +- X509_VERIFY_PARAM *param; +- void *other_ctx; /* Other info for use with get_issuer() */ +- +- /* Callbacks for various operations */ +- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ +- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ +- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ +- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ +- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ +- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ +- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ +- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ +- int (*check_policy)(X509_STORE_CTX *ctx); +- int (*cleanup)(X509_STORE_CTX *ctx); +- +- /* The following is built up */ +- int valid; /* if 0, rebuild chain */ +- int last_untrusted; /* index of last untrusted cert */ +- STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ +- X509_POLICY_TREE *tree; /* Valid policy tree */ +- +- int explicit_policy; /* Require explicit policy value */ +- +- /* When something goes wrong, this is why */ +- int error_depth; +- int error; +- X509 *current_cert; +- X509 *current_issuer; /* cert currently being tested as valid issuer */ +- X509_CRL *current_crl; /* current CRL */ +- +- CRYPTO_EX_DATA ex_data; +- } /* X509_STORE_CTX */; ++struct x509_lookup_st { ++ int init; /* have we been started */ ++ int skip; /* don't use us. */ ++ X509_LOOKUP_METHOD *method; /* the functions */ ++ char *method_data; /* method data */ ++ X509_STORE *store_ctx; /* who owns us */ ++} /* X509_LOOKUP */ ; ++ ++/* ++ * This is a used when verifying cert chains. Since the gathering of the ++ * cert chain can take some time (and have to be 'retried', this needs to be ++ * kept and passed around. ++ */ ++struct x509_store_ctx_st { /* X509_STORE_CTX */ ++ X509_STORE *ctx; ++ /* used when looking up certs */ ++ int current_method; ++ /* The following are set by the caller */ ++ /* The cert to check */ ++ X509 *cert; ++ /* chain of X509s - untrusted - passed in */ ++ STACK_OF(X509) *untrusted; ++ /* set of CRLs passed in */ ++ STACK_OF(X509_CRL) *crls; ++ X509_VERIFY_PARAM *param; ++ /* Other info for use with get_issuer() */ ++ void *other_ctx; ++ /* Callbacks for various operations */ ++ /* called to verify a certificate */ ++ int (*verify) (X509_STORE_CTX *ctx); ++ /* error callback */ ++ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); ++ /* get issuers cert from ctx */ ++ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); ++ /* check issued */ ++ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); ++ /* Check revocation status of chain */ ++ int (*check_revocation) (X509_STORE_CTX *ctx); ++ /* retrieve CRL */ ++ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); ++ /* Check CRL validity */ ++ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); ++ /* Check certificate against CRL */ ++ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); ++ int (*check_policy) (X509_STORE_CTX *ctx); ++ int (*cleanup) (X509_STORE_CTX *ctx); ++ /* The following is built up */ ++ /* if 0, rebuild chain */ ++ int valid; ++ /* index of last untrusted cert */ ++ int last_untrusted; ++ /* chain of X509s - built up and trusted */ ++ STACK_OF(X509) *chain; ++ /* Valid policy tree */ ++ X509_POLICY_TREE *tree; ++ /* Require explicit policy value */ ++ int explicit_policy; ++ /* When something goes wrong, this is why */ ++ int error_depth; ++ int error; ++ X509 *current_cert; ++ /* cert currently being tested as valid issuer */ ++ X509 *current_issuer; ++ /* current CRL */ ++ X509_CRL *current_crl; ++ CRYPTO_EX_DATA ex_data; ++} /* X509_STORE_CTX */ ; + + void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +-#define X509_STORE_CTX_set_app_data(ctx,data) \ +- X509_STORE_CTX_set_ex_data(ctx,0,data) +-#define X509_STORE_CTX_get_app_data(ctx) \ +- X509_STORE_CTX_get_ex_data(ctx,0) ++# define X509_STORE_CTX_set_app_data(ctx,data) \ ++ X509_STORE_CTX_set_ex_data(ctx,0,data) ++# define X509_STORE_CTX_get_app_data(ctx) \ ++ X509_STORE_CTX_get_ex_data(ctx,0) + +-#define X509_L_FILE_LOAD 1 +-#define X509_L_ADD_DIR 2 ++# define X509_L_FILE_LOAD 1 ++# define X509_L_ADD_DIR 2 + +-#define X509_LOOKUP_load_file(x,name,type) \ +- X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) ++# define X509_LOOKUP_load_file(x,name,type) \ ++ X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +-#define X509_LOOKUP_add_dir(x,name,type) \ +- X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) ++# define X509_LOOKUP_add_dir(x,name,type) \ ++ X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +-#define X509_V_OK 0 ++# define X509_V_OK 0 + /* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ + +-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +-#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +-#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +-#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +-#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +-#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +-#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +-#define X509_V_ERR_CERT_NOT_YET_VALID 9 +-#define X509_V_ERR_CERT_HAS_EXPIRED 10 +-#define X509_V_ERR_CRL_NOT_YET_VALID 11 +-#define X509_V_ERR_CRL_HAS_EXPIRED 12 +-#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +-#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +-#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +-#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +-#define X509_V_ERR_OUT_OF_MEM 17 +-#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +-#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +-#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +-#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +-#define X509_V_ERR_CERT_REVOKED 23 +-#define X509_V_ERR_INVALID_CA 24 +-#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +-#define X509_V_ERR_INVALID_PURPOSE 26 +-#define X509_V_ERR_CERT_UNTRUSTED 27 +-#define X509_V_ERR_CERT_REJECTED 28 ++# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 ++# define X509_V_ERR_UNABLE_TO_GET_CRL 3 ++# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 ++# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 ++# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 ++# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 ++# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 ++# define X509_V_ERR_CERT_NOT_YET_VALID 9 ++# define X509_V_ERR_CERT_HAS_EXPIRED 10 ++# define X509_V_ERR_CRL_NOT_YET_VALID 11 ++# define X509_V_ERR_CRL_HAS_EXPIRED 12 ++# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 ++# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 ++# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 ++# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 ++# define X509_V_ERR_OUT_OF_MEM 17 ++# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 ++# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 ++# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 ++# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 ++# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 ++# define X509_V_ERR_CERT_REVOKED 23 ++# define X509_V_ERR_INVALID_CA 24 ++# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 ++# define X509_V_ERR_INVALID_PURPOSE 26 ++# define X509_V_ERR_CERT_UNTRUSTED 27 ++# define X509_V_ERR_CERT_REJECTED 28 + /* These are 'informational' when looking for issuer cert */ +-#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +-#define X509_V_ERR_AKID_SKID_MISMATCH 30 +-#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +-#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 +- +-#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +-#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +-#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +-#define X509_V_ERR_INVALID_NON_CA 37 +-#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +-#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +-#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 +- +-#define X509_V_ERR_INVALID_EXTENSION 41 +-#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +-#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +- +-#define X509_V_ERR_UNNESTED_RESOURCE 44 ++# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 ++# define X509_V_ERR_AKID_SKID_MISMATCH 30 ++# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 ++# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 ++ ++# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 ++# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 ++# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 ++# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 ++# define X509_V_ERR_INVALID_NON_CA 37 ++# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 ++# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 ++# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 ++ ++# define X509_V_ERR_INVALID_EXTENSION 41 ++# define X509_V_ERR_INVALID_POLICY_EXTENSION 42 ++# define X509_V_ERR_NO_EXPLICIT_POLICY 43 ++ ++# define X509_V_ERR_UNNESTED_RESOURCE 44 + + /* The application is not happy */ +-#define X509_V_ERR_APPLICATION_VERIFICATION 50 ++# define X509_V_ERR_APPLICATION_VERIFICATION 50 + + /* Certificate verify flags */ + + /* Send issuer+subject checks to verify_cb */ +-#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 ++# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 + /* Use check time instead of current time */ +-#define X509_V_FLAG_USE_CHECK_TIME 0x2 ++# define X509_V_FLAG_USE_CHECK_TIME 0x2 + /* Lookup CRLs */ +-#define X509_V_FLAG_CRL_CHECK 0x4 ++# define X509_V_FLAG_CRL_CHECK 0x4 + /* Lookup CRLs for whole chain */ +-#define X509_V_FLAG_CRL_CHECK_ALL 0x8 ++# define X509_V_FLAG_CRL_CHECK_ALL 0x8 + /* Ignore unhandled critical extensions */ +-#define X509_V_FLAG_IGNORE_CRITICAL 0x10 ++# define X509_V_FLAG_IGNORE_CRITICAL 0x10 + /* Disable workarounds for broken certificates */ +-#define X509_V_FLAG_X509_STRICT 0x20 ++# define X509_V_FLAG_X509_STRICT 0x20 + /* Enable proxy certificate validation */ +-#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 ++# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 + /* Enable policy checking */ +-#define X509_V_FLAG_POLICY_CHECK 0x80 ++# define X509_V_FLAG_POLICY_CHECK 0x80 + /* Policy variable require-explicit-policy */ +-#define X509_V_FLAG_EXPLICIT_POLICY 0x100 ++# define X509_V_FLAG_EXPLICIT_POLICY 0x100 + /* Policy variable inhibit-any-policy */ +-#define X509_V_FLAG_INHIBIT_ANY 0x200 ++# define X509_V_FLAG_INHIBIT_ANY 0x200 + /* Policy variable inhibit-policy-mapping */ +-#define X509_V_FLAG_INHIBIT_MAP 0x400 ++# define X509_V_FLAG_INHIBIT_MAP 0x400 + /* Notify callback that policy is OK */ +-#define X509_V_FLAG_NOTIFY_POLICY 0x800 ++# define X509_V_FLAG_NOTIFY_POLICY 0x800 + + /* Check selfsigned CA signature */ +-#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 ++# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + +-#define X509_VP_FLAG_DEFAULT 0x1 +-#define X509_VP_FLAG_OVERWRITE 0x2 +-#define X509_VP_FLAG_RESET_FLAGS 0x4 +-#define X509_VP_FLAG_LOCKED 0x8 +-#define X509_VP_FLAG_ONCE 0x10 ++# define X509_VP_FLAG_DEFAULT 0x1 ++# define X509_VP_FLAG_OVERWRITE 0x2 ++# define X509_VP_FLAG_RESET_FLAGS 0x4 ++# define X509_VP_FLAG_LOCKED 0x8 ++# define X509_VP_FLAG_ONCE 0x10 + + /* Internal use: mask of policy related options */ +-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ +- | X509_V_FLAG_EXPLICIT_POLICY \ +- | X509_V_FLAG_INHIBIT_ANY \ +- | X509_V_FLAG_INHIBIT_MAP) ++# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ ++ | X509_V_FLAG_EXPLICIT_POLICY \ ++ | X509_V_FLAG_INHIBIT_ANY \ ++ | X509_V_FLAG_INHIBIT_MAP) + + int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, +- X509_NAME *name); +-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); +-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); ++ X509_NAME *name); ++X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, ++ int type, X509_NAME *name); ++X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, ++ X509_OBJECT *x); + void X509_OBJECT_up_ref_count(X509_OBJECT *a); + void X509_OBJECT_free_contents(X509_OBJECT *a); +-X509_STORE *X509_STORE_new(void ); ++X509_STORE *X509_STORE_new(void); + void X509_STORE_free(X509_STORE *v); + + int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +@@ -398,7 +415,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + + void X509_STORE_CTX_free(X509_STORE_CTX *ctx); + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +- X509 *x509, STACK_OF(X509) *chain); ++ X509 *x509, STACK_OF(X509) *chain); + void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +@@ -410,61 +427,63 @@ X509_LOOKUP_METHOD *X509_LOOKUP_file(void); + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); + int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, +- X509_OBJECT *ret); ++int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, ++ X509_OBJECT *ret); + + int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +- long argl, char **ret); ++ long argl, char **ret); + +-#ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_STDIO + int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +-#endif +- ++# endif + + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); + void X509_LOOKUP_free(X509_LOOKUP *ctx); + int X509_LOOKUP_init(X509_LOOKUP *ctx); + int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, +- X509_OBJECT *ret); ++ X509_OBJECT *ret); + int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, +- ASN1_INTEGER *serial, X509_OBJECT *ret); ++ ASN1_INTEGER *serial, X509_OBJECT *ret); + int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, +- unsigned char *bytes, int len, X509_OBJECT *ret); +-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, +- int len, X509_OBJECT *ret); ++ unsigned char *bytes, int len, ++ X509_OBJECT *ret); ++int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, ++ X509_OBJECT *ret); + int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + +-#ifndef OPENSSL_NO_STDIO +-int X509_STORE_load_locations (X509_STORE *ctx, +- const char *file, const char *dir); +-int X509_STORE_set_default_paths(X509_STORE *ctx); +-#endif +- +-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); +-void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); +-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); +-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +-X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); ++# ifndef OPENSSL_NO_STDIO ++int X509_STORE_load_locations(X509_STORE *ctx, ++ const char *file, const char *dir); ++int X509_STORE_set_default_paths(X509_STORE *ctx); ++# endif ++ ++int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, ++ CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); ++void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); ++int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); ++void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); ++int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); ++X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +-void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); +-void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); +-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); ++void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); ++void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); ++void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); + int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, +- int purpose, int trust); ++ int purpose, int trust); + void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); + void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, +- time_t t); ++ time_t t); + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +- int (*verify_cb)(int, X509_STORE_CTX *)); +- ++ int (*verify_cb) (int, X509_STORE_CTX *)); ++ + X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); + +@@ -477,22 +496,23 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); + void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); + int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, +- const X509_VERIFY_PARAM *from); +-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, +- const X509_VERIFY_PARAM *from); ++ const X509_VERIFY_PARAM *from); ++int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, ++ const X509_VERIFY_PARAM *from); + int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); ++int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, ++ unsigned long flags); + int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +- unsigned long flags); ++ unsigned long flags); + unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); + int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +- ASN1_OBJECT *policy); +-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +- STACK_OF(ASN1_OBJECT) *policies); ++ ASN1_OBJECT *policy); ++int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, ++ STACK_OF(ASN1_OBJECT) *policies); + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); + + int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +@@ -500,35 +520,37 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); + void X509_VERIFY_PARAM_table_cleanup(void); + + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, +- STACK_OF(X509) *certs, +- STACK_OF(ASN1_OBJECT) *policy_oids, +- unsigned int flags); ++ STACK_OF(X509) *certs, ++ STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); + + void X509_policy_tree_free(X509_POLICY_TREE *tree); + + int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +-X509_POLICY_LEVEL * +- X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); ++X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, ++ int i); + +-STACK_OF(X509_POLICY_NODE) * +- X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); ++STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const ++ X509_POLICY_TREE ++ *tree); + +-STACK_OF(X509_POLICY_NODE) * +- X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); ++STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const ++ X509_POLICY_TREE ++ *tree); + + int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); ++X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, ++ int i); + + const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +-STACK_OF(POLICYQUALINFO) * +- X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +-const X509_POLICY_NODE * +- X509_policy_node_get0_parent(const X509_POLICY_NODE *node); ++STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const ++ X509_POLICY_NODE ++ *node); ++const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE ++ *node); + + #ifdef __cplusplus + } + #endif + #endif +- +diff --git a/Cryptlib/Include/openssl/x509v3.h b/Cryptlib/Include/openssl/x509v3.h +index 9ef83da..0eeaa50 100644 +--- a/Cryptlib/Include/openssl/x509v3.h ++++ b/Cryptlib/Include/openssl/x509v3.h +@@ -1,6 +1,7 @@ + /* x509v3.h */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,11 +57,11 @@ + * + */ + #ifndef HEADER_X509V3_H +-#define HEADER_X509V3_H ++# define HEADER_X509V3_H + +-#include +-#include +-#include ++# include ++# include ++# include + + #ifdef __cplusplus + extern "C" { +@@ -72,62 +73,66 @@ struct v3_ext_ctx; + + /* Useful typedefs */ + +-typedef void * (*X509V3_EXT_NEW)(void); +-typedef void (*X509V3_EXT_FREE)(void *); +-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); +-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); +-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); +-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); +-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); +-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); +-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); +-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str); ++typedef void *(*X509V3_EXT_NEW)(void); ++typedef void (*X509V3_EXT_FREE) (void *); ++typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long); ++typedef int (*X509V3_EXT_I2D) (void *, unsigned char **); ++typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (struct v3_ext_method *method, ++ void *ext, ++ STACK_OF(CONF_VALUE) ++ *extlist); ++typedef void *(*X509V3_EXT_V2I)(struct v3_ext_method *method, ++ struct v3_ext_ctx *ctx, ++ STACK_OF(CONF_VALUE) *values); ++typedef char *(*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); ++typedef void *(*X509V3_EXT_S2I)(struct v3_ext_method *method, ++ struct v3_ext_ctx *ctx, const char *str); ++typedef int (*X509V3_EXT_I2R) (struct v3_ext_method *method, void *ext, ++ BIO *out, int indent); ++typedef void *(*X509V3_EXT_R2I)(struct v3_ext_method *method, ++ struct v3_ext_ctx *ctx, const char *str); + + /* V3 extension structure */ + + struct v3_ext_method { +-int ext_nid; +-int ext_flags; ++ int ext_nid; ++ int ext_flags; + /* If this is set the following four fields are ignored */ +-ASN1_ITEM_EXP *it; ++ ASN1_ITEM_EXP *it; + /* Old style ASN1 calls */ +-X509V3_EXT_NEW ext_new; +-X509V3_EXT_FREE ext_free; +-X509V3_EXT_D2I d2i; +-X509V3_EXT_I2D i2d; +- ++ X509V3_EXT_NEW ext_new; ++ X509V3_EXT_FREE ext_free; ++ X509V3_EXT_D2I d2i; ++ X509V3_EXT_I2D i2d; + /* The following pair is used for string extensions */ +-X509V3_EXT_I2S i2s; +-X509V3_EXT_S2I s2i; +- ++ X509V3_EXT_I2S i2s; ++ X509V3_EXT_S2I s2i; + /* The following pair is used for multi-valued extensions */ +-X509V3_EXT_I2V i2v; +-X509V3_EXT_V2I v2i; +- ++ X509V3_EXT_I2V i2v; ++ X509V3_EXT_V2I v2i; + /* The following are used for raw extensions */ +-X509V3_EXT_I2R i2r; +-X509V3_EXT_R2I r2i; +- +-void *usr_data; /* Any extension specific data */ ++ X509V3_EXT_I2R i2r; ++ X509V3_EXT_R2I r2i; ++ void *usr_data; /* Any extension specific data */ + }; + + typedef struct X509V3_CONF_METHOD_st { +-char * (*get_string)(void *db, char *section, char *value); +-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); +-void (*free_string)(void *db, char * string); +-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); ++ char *(*get_string) (void *db, char *section, char *value); ++ STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section); ++ void (*free_string) (void *db, char *string); ++ void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); + } X509V3_CONF_METHOD; + + /* Context specific info */ + struct v3_ext_ctx { +-#define CTX_TEST 0x1 +-int flags; +-X509 *issuer_cert; +-X509 *subject_cert; +-X509_REQ *subject_req; +-X509_CRL *crl; +-X509V3_CONF_METHOD *db_meth; +-void *db; ++# define CTX_TEST 0x1 ++ int flags; ++ X509 *issuer_cert; ++ X509 *subject_cert; ++ X509_REQ *subject_req; ++ X509_CRL *crl; ++ X509V3_CONF_METHOD *db_meth; ++ void *db; + /* Maybe more here */ + }; + +@@ -136,72 +141,69 @@ typedef struct v3_ext_method X509V3_EXT_METHOD; + DECLARE_STACK_OF(X509V3_EXT_METHOD) + + /* ext_flags values */ +-#define X509V3_EXT_DYNAMIC 0x1 +-#define X509V3_EXT_CTX_DEP 0x2 +-#define X509V3_EXT_MULTILINE 0x4 ++# define X509V3_EXT_DYNAMIC 0x1 ++# define X509V3_EXT_CTX_DEP 0x2 ++# define X509V3_EXT_MULTILINE 0x4 + + typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + + typedef struct BASIC_CONSTRAINTS_st { +-int ca; +-ASN1_INTEGER *pathlen; ++ int ca; ++ ASN1_INTEGER *pathlen; + } BASIC_CONSTRAINTS; + +- + typedef struct PKEY_USAGE_PERIOD_st { +-ASN1_GENERALIZEDTIME *notBefore; +-ASN1_GENERALIZEDTIME *notAfter; ++ ASN1_GENERALIZEDTIME *notBefore; ++ ASN1_GENERALIZEDTIME *notAfter; + } PKEY_USAGE_PERIOD; + + typedef struct otherName_st { +-ASN1_OBJECT *type_id; +-ASN1_TYPE *value; ++ ASN1_OBJECT *type_id; ++ ASN1_TYPE *value; + } OTHERNAME; + + typedef struct EDIPartyName_st { +- ASN1_STRING *nameAssigner; +- ASN1_STRING *partyName; ++ ASN1_STRING *nameAssigner; ++ ASN1_STRING *partyName; + } EDIPARTYNAME; + + typedef struct GENERAL_NAME_st { +- +-#define GEN_OTHERNAME 0 +-#define GEN_EMAIL 1 +-#define GEN_DNS 2 +-#define GEN_X400 3 +-#define GEN_DIRNAME 4 +-#define GEN_EDIPARTY 5 +-#define GEN_URI 6 +-#define GEN_IPADD 7 +-#define GEN_RID 8 +- +-int type; +-union { +- char *ptr; +- OTHERNAME *otherName; /* otherName */ +- ASN1_IA5STRING *rfc822Name; +- ASN1_IA5STRING *dNSName; +- ASN1_TYPE *x400Address; +- X509_NAME *directoryName; +- EDIPARTYNAME *ediPartyName; +- ASN1_IA5STRING *uniformResourceIdentifier; +- ASN1_OCTET_STRING *iPAddress; +- ASN1_OBJECT *registeredID; +- +- /* Old names */ +- ASN1_OCTET_STRING *ip; /* iPAddress */ +- X509_NAME *dirn; /* dirn */ +- ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ +- ASN1_OBJECT *rid; /* registeredID */ +- ASN1_TYPE *other; /* x400Address */ +-} d; ++# define GEN_OTHERNAME 0 ++# define GEN_EMAIL 1 ++# define GEN_DNS 2 ++# define GEN_X400 3 ++# define GEN_DIRNAME 4 ++# define GEN_EDIPARTY 5 ++# define GEN_URI 6 ++# define GEN_IPADD 7 ++# define GEN_RID 8 ++ int type; ++ union { ++ char *ptr; ++ OTHERNAME *otherName; /* otherName */ ++ ASN1_IA5STRING *rfc822Name; ++ ASN1_IA5STRING *dNSName; ++ ASN1_TYPE *x400Address; ++ X509_NAME *directoryName; ++ EDIPARTYNAME *ediPartyName; ++ ASN1_IA5STRING *uniformResourceIdentifier; ++ ASN1_OCTET_STRING *iPAddress; ++ ASN1_OBJECT *registeredID; ++ /* Old names */ ++ ASN1_OCTET_STRING *ip; /* iPAddress */ ++ X509_NAME *dirn; /* dirn */ ++ ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, ++ * uniformResourceIdentifier */ ++ ASN1_OBJECT *rid; /* registeredID */ ++ ASN1_TYPE *other; /* x400Address */ ++ } d; + } GENERAL_NAME; + + typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; + + typedef struct ACCESS_DESCRIPTION_st { +- ASN1_OBJECT *method; +- GENERAL_NAME *location; ++ ASN1_OBJECT *method; ++ GENERAL_NAME *location; + } ACCESS_DESCRIPTION; + + typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; +@@ -215,17 +217,17 @@ DECLARE_STACK_OF(ACCESS_DESCRIPTION) + DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) + + typedef struct DIST_POINT_NAME_st { +-int type; +-union { +- GENERAL_NAMES *fullname; +- STACK_OF(X509_NAME_ENTRY) *relativename; +-} name; ++ int type; ++ union { ++ GENERAL_NAMES *fullname; ++ STACK_OF(X509_NAME_ENTRY) *relativename; ++ } name; + } DIST_POINT_NAME; + + typedef struct DIST_POINT_st { +-DIST_POINT_NAME *distpoint; +-ASN1_BIT_STRING *reasons; +-GENERAL_NAMES *CRLissuer; ++ DIST_POINT_NAME *distpoint; ++ ASN1_BIT_STRING *reasons; ++ GENERAL_NAMES *CRLissuer; + } DIST_POINT; + + typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; +@@ -234,51 +236,51 @@ DECLARE_STACK_OF(DIST_POINT) + DECLARE_ASN1_SET_OF(DIST_POINT) + + typedef struct AUTHORITY_KEYID_st { +-ASN1_OCTET_STRING *keyid; +-GENERAL_NAMES *issuer; +-ASN1_INTEGER *serial; ++ ASN1_OCTET_STRING *keyid; ++ GENERAL_NAMES *issuer; ++ ASN1_INTEGER *serial; + } AUTHORITY_KEYID; + + /* Strong extranet structures */ + + typedef struct SXNET_ID_st { +- ASN1_INTEGER *zone; +- ASN1_OCTET_STRING *user; ++ ASN1_INTEGER *zone; ++ ASN1_OCTET_STRING *user; + } SXNETID; + + DECLARE_STACK_OF(SXNETID) + DECLARE_ASN1_SET_OF(SXNETID) + + typedef struct SXNET_st { +- ASN1_INTEGER *version; +- STACK_OF(SXNETID) *ids; ++ ASN1_INTEGER *version; ++ STACK_OF(SXNETID) *ids; + } SXNET; + + typedef struct NOTICEREF_st { +- ASN1_STRING *organization; +- STACK_OF(ASN1_INTEGER) *noticenos; ++ ASN1_STRING *organization; ++ STACK_OF(ASN1_INTEGER) *noticenos; + } NOTICEREF; + + typedef struct USERNOTICE_st { +- NOTICEREF *noticeref; +- ASN1_STRING *exptext; ++ NOTICEREF *noticeref; ++ ASN1_STRING *exptext; + } USERNOTICE; + + typedef struct POLICYQUALINFO_st { +- ASN1_OBJECT *pqualid; +- union { +- ASN1_IA5STRING *cpsuri; +- USERNOTICE *usernotice; +- ASN1_TYPE *other; +- } d; ++ ASN1_OBJECT *pqualid; ++ union { ++ ASN1_IA5STRING *cpsuri; ++ USERNOTICE *usernotice; ++ ASN1_TYPE *other; ++ } d; + } POLICYQUALINFO; + + DECLARE_STACK_OF(POLICYQUALINFO) + DECLARE_ASN1_SET_OF(POLICYQUALINFO) + + typedef struct POLICYINFO_st { +- ASN1_OBJECT *policyid; +- STACK_OF(POLICYQUALINFO) *qualifiers; ++ ASN1_OBJECT *policyid; ++ STACK_OF(POLICYQUALINFO) *qualifiers; + } POLICYINFO; + + typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; +@@ -287,8 +289,8 @@ DECLARE_STACK_OF(POLICYINFO) + DECLARE_ASN1_SET_OF(POLICYINFO) + + typedef struct POLICY_MAPPING_st { +- ASN1_OBJECT *issuerDomainPolicy; +- ASN1_OBJECT *subjectDomainPolicy; ++ ASN1_OBJECT *issuerDomainPolicy; ++ ASN1_OBJECT *subjectDomainPolicy; + } POLICY_MAPPING; + + DECLARE_STACK_OF(POLICY_MAPPING) +@@ -296,160 +298,155 @@ DECLARE_STACK_OF(POLICY_MAPPING) + typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + + typedef struct GENERAL_SUBTREE_st { +- GENERAL_NAME *base; +- ASN1_INTEGER *minimum; +- ASN1_INTEGER *maximum; ++ GENERAL_NAME *base; ++ ASN1_INTEGER *minimum; ++ ASN1_INTEGER *maximum; + } GENERAL_SUBTREE; + + DECLARE_STACK_OF(GENERAL_SUBTREE) + + typedef struct NAME_CONSTRAINTS_st { +- STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; +- STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; ++ STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; ++ STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; + } NAME_CONSTRAINTS; + + typedef struct POLICY_CONSTRAINTS_st { +- ASN1_INTEGER *requireExplicitPolicy; +- ASN1_INTEGER *inhibitPolicyMapping; ++ ASN1_INTEGER *requireExplicitPolicy; ++ ASN1_INTEGER *inhibitPolicyMapping; + } POLICY_CONSTRAINTS; + + /* Proxy certificate structures, see RFC 3820 */ +-typedef struct PROXY_POLICY_st +- { +- ASN1_OBJECT *policyLanguage; +- ASN1_OCTET_STRING *policy; +- } PROXY_POLICY; +- +-typedef struct PROXY_CERT_INFO_EXTENSION_st +- { +- ASN1_INTEGER *pcPathLengthConstraint; +- PROXY_POLICY *proxyPolicy; +- } PROXY_CERT_INFO_EXTENSION; ++typedef struct PROXY_POLICY_st { ++ ASN1_OBJECT *policyLanguage; ++ ASN1_OCTET_STRING *policy; ++} PROXY_POLICY; ++ ++typedef struct PROXY_CERT_INFO_EXTENSION_st { ++ ASN1_INTEGER *pcPathLengthConstraint; ++ PROXY_POLICY *proxyPolicy; ++} PROXY_CERT_INFO_EXTENSION; + + DECLARE_ASN1_FUNCTIONS(PROXY_POLICY) + DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) + +- +-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ++# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ + ",name:", val->name, ",value:", val->value); + +-#define X509V3_set_ctx_test(ctx) \ +- X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; +- +-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ +- 0,0,0,0, \ +- 0,0, \ +- (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ +- (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ +- NULL, NULL, \ +- table} ++# define X509V3_set_ctx_test(ctx) \ ++ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) ++# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ +- 0,0,0,0, \ +- (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ +- (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ +- 0,0,0,0, \ +- NULL} ++# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ ++ 0,0,0,0, \ ++ 0,0, \ ++ (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ ++ (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ ++ NULL, NULL, \ ++ table} + +-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} ++# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ ++ 0,0,0,0, \ ++ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ ++ (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ ++ 0,0,0,0, \ ++ NULL} + ++# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} + + /* X509_PURPOSE stuff */ + +-#define EXFLAG_BCONS 0x1 +-#define EXFLAG_KUSAGE 0x2 +-#define EXFLAG_XKUSAGE 0x4 +-#define EXFLAG_NSCERT 0x8 ++# define EXFLAG_BCONS 0x1 ++# define EXFLAG_KUSAGE 0x2 ++# define EXFLAG_XKUSAGE 0x4 ++# define EXFLAG_NSCERT 0x8 + +-#define EXFLAG_CA 0x10 ++# define EXFLAG_CA 0x10 + /* Really self issued not necessarily self signed */ +-#define EXFLAG_SI 0x20 +-#define EXFLAG_SS 0x20 +-#define EXFLAG_V1 0x40 +-#define EXFLAG_INVALID 0x80 +-#define EXFLAG_SET 0x100 +-#define EXFLAG_CRITICAL 0x200 +-#define EXFLAG_PROXY 0x400 +- +-#define EXFLAG_INVALID_POLICY 0x800 +- +-#define KU_DIGITAL_SIGNATURE 0x0080 +-#define KU_NON_REPUDIATION 0x0040 +-#define KU_KEY_ENCIPHERMENT 0x0020 +-#define KU_DATA_ENCIPHERMENT 0x0010 +-#define KU_KEY_AGREEMENT 0x0008 +-#define KU_KEY_CERT_SIGN 0x0004 +-#define KU_CRL_SIGN 0x0002 +-#define KU_ENCIPHER_ONLY 0x0001 +-#define KU_DECIPHER_ONLY 0x8000 +- +-#define NS_SSL_CLIENT 0x80 +-#define NS_SSL_SERVER 0x40 +-#define NS_SMIME 0x20 +-#define NS_OBJSIGN 0x10 +-#define NS_SSL_CA 0x04 +-#define NS_SMIME_CA 0x02 +-#define NS_OBJSIGN_CA 0x01 +-#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) +- +-#define XKU_SSL_SERVER 0x1 +-#define XKU_SSL_CLIENT 0x2 +-#define XKU_SMIME 0x4 +-#define XKU_CODE_SIGN 0x8 +-#define XKU_SGC 0x10 +-#define XKU_OCSP_SIGN 0x20 +-#define XKU_TIMESTAMP 0x40 +-#define XKU_DVCS 0x80 +- +-#define X509_PURPOSE_DYNAMIC 0x1 +-#define X509_PURPOSE_DYNAMIC_NAME 0x2 ++# define EXFLAG_SI 0x20 ++# define EXFLAG_SS 0x20 ++# define EXFLAG_V1 0x40 ++# define EXFLAG_INVALID 0x80 ++# define EXFLAG_SET 0x100 ++# define EXFLAG_CRITICAL 0x200 ++# define EXFLAG_PROXY 0x400 ++ ++# define EXFLAG_INVALID_POLICY 0x800 ++ ++# define KU_DIGITAL_SIGNATURE 0x0080 ++# define KU_NON_REPUDIATION 0x0040 ++# define KU_KEY_ENCIPHERMENT 0x0020 ++# define KU_DATA_ENCIPHERMENT 0x0010 ++# define KU_KEY_AGREEMENT 0x0008 ++# define KU_KEY_CERT_SIGN 0x0004 ++# define KU_CRL_SIGN 0x0002 ++# define KU_ENCIPHER_ONLY 0x0001 ++# define KU_DECIPHER_ONLY 0x8000 ++ ++# define NS_SSL_CLIENT 0x80 ++# define NS_SSL_SERVER 0x40 ++# define NS_SMIME 0x20 ++# define NS_OBJSIGN 0x10 ++# define NS_SSL_CA 0x04 ++# define NS_SMIME_CA 0x02 ++# define NS_OBJSIGN_CA 0x01 ++# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) ++ ++# define XKU_SSL_SERVER 0x1 ++# define XKU_SSL_CLIENT 0x2 ++# define XKU_SMIME 0x4 ++# define XKU_CODE_SIGN 0x8 ++# define XKU_SGC 0x10 ++# define XKU_OCSP_SIGN 0x20 ++# define XKU_TIMESTAMP 0x40 ++# define XKU_DVCS 0x80 ++ ++# define X509_PURPOSE_DYNAMIC 0x1 ++# define X509_PURPOSE_DYNAMIC_NAME 0x2 + + typedef struct x509_purpose_st { +- int purpose; +- int trust; /* Default trust ID */ +- int flags; +- int (*check_purpose)(const struct x509_purpose_st *, +- const X509 *, int); +- char *name; +- char *sname; +- void *usr_data; ++ int purpose; ++ int trust; /* Default trust ID */ ++ int flags; ++ int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int); ++ char *name; ++ char *sname; ++ void *usr_data; + } X509_PURPOSE; + +-#define X509_PURPOSE_SSL_CLIENT 1 +-#define X509_PURPOSE_SSL_SERVER 2 +-#define X509_PURPOSE_NS_SSL_SERVER 3 +-#define X509_PURPOSE_SMIME_SIGN 4 +-#define X509_PURPOSE_SMIME_ENCRYPT 5 +-#define X509_PURPOSE_CRL_SIGN 6 +-#define X509_PURPOSE_ANY 7 +-#define X509_PURPOSE_OCSP_HELPER 8 ++# define X509_PURPOSE_SSL_CLIENT 1 ++# define X509_PURPOSE_SSL_SERVER 2 ++# define X509_PURPOSE_NS_SSL_SERVER 3 ++# define X509_PURPOSE_SMIME_SIGN 4 ++# define X509_PURPOSE_SMIME_ENCRYPT 5 ++# define X509_PURPOSE_CRL_SIGN 6 ++# define X509_PURPOSE_ANY 7 ++# define X509_PURPOSE_OCSP_HELPER 8 + +-#define X509_PURPOSE_MIN 1 +-#define X509_PURPOSE_MAX 8 ++# define X509_PURPOSE_MIN 1 ++# define X509_PURPOSE_MAX 8 + + /* Flags for X509V3_EXT_print() */ + +-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) ++# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) + /* Return error for unknown extensions */ +-#define X509V3_EXT_DEFAULT 0 ++# define X509V3_EXT_DEFAULT 0 + /* Print error for unknown extensions */ +-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) ++# define X509V3_EXT_ERROR_UNKNOWN (1L << 16) + /* ASN1 parse unknown extensions */ +-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) ++# define X509V3_EXT_PARSE_UNKNOWN (2L << 16) + /* BIO_dump unknown extensions */ +-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) ++# define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + + /* Flags for X509V3_add1_i2d */ + +-#define X509V3_ADD_OP_MASK 0xfL +-#define X509V3_ADD_DEFAULT 0L +-#define X509V3_ADD_APPEND 1L +-#define X509V3_ADD_REPLACE 2L +-#define X509V3_ADD_REPLACE_EXISTING 3L +-#define X509V3_ADD_KEEP_EXISTING 4L +-#define X509V3_ADD_DELETE 5L +-#define X509V3_ADD_SILENT 0x10 ++# define X509V3_ADD_OP_MASK 0xfL ++# define X509V3_ADD_DEFAULT 0L ++# define X509V3_ADD_APPEND 1L ++# define X509V3_ADD_REPLACE 2L ++# define X509V3_ADD_REPLACE_EXISTING 3L ++# define X509V3_ADD_KEEP_EXISTING 4L ++# define X509V3_ADD_DELETE 5L ++# define X509V3_ADD_SILENT 0x10 + + DECLARE_STACK_OF(X509_PURPOSE) + +@@ -458,9 +455,11 @@ DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + DECLARE_ASN1_FUNCTIONS(SXNET) + DECLARE_ASN1_FUNCTIONS(SXNETID) + +-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); +-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); +-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); ++int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); ++int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, ++ int userlen); ++int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, ++ int userlen); + + ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); + ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +@@ -472,31 +471,36 @@ DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + + DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) + +- + ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, +- ASN1_BIT_STRING *bits, +- STACK_OF(CONF_VALUE) *extlist); ++ ASN1_BIT_STRING *bits, ++ STACK_OF(CONF_VALUE) *extlist); + +-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); ++STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, ++ GENERAL_NAME *gen, ++ STACK_OF(CONF_VALUE) *ret); + int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + + DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) + + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, +- GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); +-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++ GENERAL_NAMES *gen, ++ STACK_OF(CONF_VALUE) *extlist); ++GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); + + DECLARE_ASN1_FUNCTIONS(OTHERNAME) + DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) + +-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); +-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); ++char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ++ ASN1_OCTET_STRING *ia5); ++ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, char *str); + + DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); ++int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); + + DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) + DECLARE_ASN1_FUNCTIONS(POLICYINFO) +@@ -524,53 +528,66 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + +-#ifdef HEADER_CONF_H ++# ifdef HEADER_CONF_H + GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf); +-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); ++ CONF_VALUE *cnf); ++GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, ++ X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ CONF_VALUE *cnf, int is_nc); + void X509V3_conf_free(CONF_VALUE *val); + +-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); +-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); +-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); +-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); +-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); +-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); +- +-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); +-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); +-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); +-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); +-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); ++X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, ++ char *value); ++X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, ++ char *value); ++int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, ++ STACK_OF(X509_EXTENSION) **sk); ++int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, ++ X509 *cert); ++int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, ++ X509_REQ *req); ++int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, ++ X509_CRL *crl); ++ ++X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, ++ char *value); ++X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, ++ char *value); ++int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, ++ X509 *cert); ++int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, ++ X509_REQ *req); ++int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, ++ X509_CRL *crl); + + int X509V3_add_value_bool_nf(char *name, int asn1_bool, +- STACK_OF(CONF_VALUE) **extlist); ++ STACK_OF(CONF_VALUE) **extlist); + int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); + int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); + void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); + void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); +-#endif ++# endif + +-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); +-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); ++char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); ++STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section); + void X509V3_string_free(X509V3_CTX *ctx, char *str); +-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); ++void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); + void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, +- X509_REQ *req, X509_CRL *crl, int flags); ++ X509_REQ *req, X509_CRL *crl, int flags); + + int X509V3_add_value(const char *name, const char *value, +- STACK_OF(CONF_VALUE) **extlist); ++ STACK_OF(CONF_VALUE) **extlist); + int X509V3_add_value_uchar(const char *name, const unsigned char *value, +- STACK_OF(CONF_VALUE) **extlist); ++ STACK_OF(CONF_VALUE) **extlist); + int X509V3_add_value_bool(const char *name, int asn1_bool, +- STACK_OF(CONF_VALUE) **extlist); ++ STACK_OF(CONF_VALUE) **extlist); + int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, +- STACK_OF(CONF_VALUE) **extlist); +-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); +-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); +-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); +-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); ++ STACK_OF(CONF_VALUE) **extlist); ++char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); ++ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); ++char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); ++char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ++ ASN1_ENUMERATED *aint); + int X509V3_EXT_add(X509V3_EXT_METHOD *ext); + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); + int X509V3_EXT_add_alias(int nid_to, int nid_from); +@@ -581,22 +598,26 @@ X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); + int X509V3_add_standard_extensions(void); + STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); + void *X509V3_EXT_d2i(X509_EXTENSION *ext); +-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); +- ++void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, ++ int *idx); + + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); ++int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, ++ int crit, unsigned long flags); + + char *hex_to_string(unsigned char *buffer, long len); + unsigned char *string_to_hex(char *str, long *len); + int name_cmp(const char *name, const char *cmp); + + void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, +- int ml); +-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); ++ int ml); ++int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, ++ int indent); + int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + +-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); ++int X509V3_extensions_print(BIO *out, char *title, ++ STACK_OF(X509_EXTENSION) *exts, ++ unsigned long flag, int indent); + + int X509_check_ca(X509 *x); + int X509_check_purpose(X509 *x, int id, int ca); +@@ -604,12 +625,12 @@ int X509_supported_extension(X509_EXTENSION *ex); + int X509_PURPOSE_set(int *p, int purpose); + int X509_check_issued(X509 *issuer, X509 *subject); + int X509_PURPOSE_get_count(void); +-X509_PURPOSE * X509_PURPOSE_get0(int idx); ++X509_PURPOSE *X509_PURPOSE_get0(int idx); + int X509_PURPOSE_get_by_sname(char *sname); + int X509_PURPOSE_get_by_id(int id); + int X509_PURPOSE_add(int id, int trust, int flags, +- int (*ck)(const X509_PURPOSE *, const X509 *, int), +- char *name, char *sname, void *arg); ++ int (*ck) (const X509_PURPOSE *, const X509 *, int), ++ char *name, char *sname, void *arg); + char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); + char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); + int X509_PURPOSE_get_trust(X509_PURPOSE *xp); +@@ -618,50 +639,50 @@ int X509_PURPOSE_get_id(X509_PURPOSE *); + + STACK *X509_get1_email(X509 *x); + STACK *X509_REQ_get1_email(X509_REQ *x); +-void X509_email_free(STACK *sk); ++void X509_email_free(STACK * sk); + STACK *X509_get1_ocsp(X509 *x); + + ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); + ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); + int a2i_ipadd(unsigned char *ipout, const char *ipasc); +-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, +- unsigned long chtype); ++int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, ++ unsigned long chtype); + + void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); + +-#ifndef OPENSSL_NO_RFC3779 ++# ifndef OPENSSL_NO_RFC3779 + + typedef struct ASRange_st { +- ASN1_INTEGER *min, *max; ++ ASN1_INTEGER *min, *max; + } ASRange; + +-#define ASIdOrRange_id 0 +-#define ASIdOrRange_range 1 ++# define ASIdOrRange_id 0 ++# define ASIdOrRange_range 1 + + typedef struct ASIdOrRange_st { +- int type; +- union { +- ASN1_INTEGER *id; +- ASRange *range; +- } u; ++ int type; ++ union { ++ ASN1_INTEGER *id; ++ ASRange *range; ++ } u; + } ASIdOrRange; + + typedef STACK_OF(ASIdOrRange) ASIdOrRanges; + DECLARE_STACK_OF(ASIdOrRange) + +-#define ASIdentifierChoice_inherit 0 +-#define ASIdentifierChoice_asIdsOrRanges 1 ++# define ASIdentifierChoice_inherit 0 ++# define ASIdentifierChoice_asIdsOrRanges 1 + + typedef struct ASIdentifierChoice_st { +- int type; +- union { +- ASN1_NULL *inherit; +- ASIdOrRanges *asIdsOrRanges; +- } u; ++ int type; ++ union { ++ ASN1_NULL *inherit; ++ ASIdOrRanges *asIdsOrRanges; ++ } u; + } ASIdentifierChoice; + + typedef struct ASIdentifiers_st { +- ASIdentifierChoice *asnum, *rdi; ++ ASIdentifierChoice *asnum, *rdi; + } ASIdentifiers; + + DECLARE_ASN1_FUNCTIONS(ASRange) +@@ -669,39 +690,38 @@ DECLARE_ASN1_FUNCTIONS(ASIdOrRange) + DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice) + DECLARE_ASN1_FUNCTIONS(ASIdentifiers) + +- + typedef struct IPAddressRange_st { +- ASN1_BIT_STRING *min, *max; ++ ASN1_BIT_STRING *min, *max; + } IPAddressRange; + +-#define IPAddressOrRange_addressPrefix 0 +-#define IPAddressOrRange_addressRange 1 ++# define IPAddressOrRange_addressPrefix 0 ++# define IPAddressOrRange_addressRange 1 + + typedef struct IPAddressOrRange_st { +- int type; +- union { +- ASN1_BIT_STRING *addressPrefix; +- IPAddressRange *addressRange; +- } u; ++ int type; ++ union { ++ ASN1_BIT_STRING *addressPrefix; ++ IPAddressRange *addressRange; ++ } u; + } IPAddressOrRange; + + typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; + DECLARE_STACK_OF(IPAddressOrRange) + +-#define IPAddressChoice_inherit 0 +-#define IPAddressChoice_addressesOrRanges 1 ++# define IPAddressChoice_inherit 0 ++# define IPAddressChoice_addressesOrRanges 1 + + typedef struct IPAddressChoice_st { +- int type; +- union { +- ASN1_NULL *inherit; +- IPAddressOrRanges *addressesOrRanges; +- } u; ++ int type; ++ union { ++ ASN1_NULL *inherit; ++ IPAddressOrRanges *addressesOrRanges; ++ } u; + } IPAddressChoice; + + typedef struct IPAddressFamily_st { +- ASN1_OCTET_STRING *addressFamily; +- IPAddressChoice *ipAddressChoice; ++ ASN1_OCTET_STRING *addressFamily; ++ IPAddressChoice *ipAddressChoice; + } IPAddressFamily; + + typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +@@ -715,8 +735,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + /* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +-#define V3_ASID_ASNUM 0 +-#define V3_ASID_RDI 1 ++# define V3_ASID_ASNUM 0 ++# define V3_ASID_RDI 1 + + /* + * AFI values, assigned by IANA. It'd be nice to make the AFI +@@ -724,8 +744,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +-#define IANA_AFI_IPV4 1 +-#define IANA_AFI_IPV6 2 ++# define IANA_AFI_IPV4 1 ++# define IANA_AFI_IPV6 2 + + /* + * Utilities to construct and extract values from RFC3779 extensions, +@@ -734,19 +754,19 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + */ + int v3_asid_add_inherit(ASIdentifiers *asid, int which); + int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, +- ASN1_INTEGER *min, ASN1_INTEGER *max); ++ ASN1_INTEGER *min, ASN1_INTEGER *max); + int v3_addr_add_inherit(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi); ++ const unsigned afi, const unsigned *safi); + int v3_addr_add_prefix(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi, +- unsigned char *a, const int prefixlen); ++ const unsigned afi, const unsigned *safi, ++ unsigned char *a, const int prefixlen); + int v3_addr_add_range(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi, +- unsigned char *min, unsigned char *max); ++ const unsigned afi, const unsigned *safi, ++ unsigned char *min, unsigned char *max); + unsigned v3_addr_get_afi(const IPAddressFamily *f); + int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, +- unsigned char *min, unsigned char *max, +- const int length); ++ unsigned char *min, unsigned char *max, ++ const int length); + + /* + * Canonical forms. +@@ -770,16 +790,15 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + int v3_asid_validate_path(X509_STORE_CTX *); + int v3_addr_validate_path(X509_STORE_CTX *); + int v3_asid_validate_resource_set(STACK_OF(X509) *chain, +- ASIdentifiers *ext, +- int allow_inheritance); ++ ASIdentifiers *ext, int allow_inheritance); + int v3_addr_validate_resource_set(STACK_OF(X509) *chain, +- IPAddrBlocks *ext, +- int allow_inheritance); ++ IPAddrBlocks *ext, int allow_inheritance); + +-#endif /* OPENSSL_NO_RFC3779 */ ++# endif /* OPENSSL_NO_RFC3779 */ + + /* BEGIN ERROR CODES */ +-/* The following lines are auto generated by the script mkerr.pl. Any changes ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + void ERR_load_X509V3_strings(void); +@@ -787,134 +806,134 @@ void ERR_load_X509V3_strings(void); + /* Error codes for the X509V3 functions. */ + + /* Function codes. */ +-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 +-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 +-#define X509V3_F_COPY_EMAIL 122 +-#define X509V3_F_COPY_ISSUER 123 +-#define X509V3_F_DO_DIRNAME 144 +-#define X509V3_F_DO_EXT_CONF 124 +-#define X509V3_F_DO_EXT_I2D 135 +-#define X509V3_F_DO_EXT_NCONF 151 +-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +-#define X509V3_F_HEX_TO_STRING 111 +-#define X509V3_F_I2S_ASN1_ENUMERATED 121 +-#define X509V3_F_I2S_ASN1_IA5STRING 149 +-#define X509V3_F_I2S_ASN1_INTEGER 120 +-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +-#define X509V3_F_NOTICE_SECTION 132 +-#define X509V3_F_NREF_NOS 133 +-#define X509V3_F_POLICY_SECTION 131 +-#define X509V3_F_PROCESS_PCI_VALUE 150 +-#define X509V3_F_R2I_CERTPOL 130 +-#define X509V3_F_R2I_PCI 155 +-#define X509V3_F_S2I_ASN1_IA5STRING 100 +-#define X509V3_F_S2I_ASN1_INTEGER 108 +-#define X509V3_F_S2I_ASN1_OCTET_STRING 112 +-#define X509V3_F_S2I_ASN1_SKEY_ID 114 +-#define X509V3_F_S2I_SKEY_ID 115 +-#define X509V3_F_STRING_TO_HEX 113 +-#define X509V3_F_SXNET_ADD_ID_ASC 125 +-#define X509V3_F_SXNET_ADD_ID_INTEGER 126 +-#define X509V3_F_SXNET_ADD_ID_ULONG 127 +-#define X509V3_F_SXNET_GET_ID_ASC 128 +-#define X509V3_F_SXNET_GET_ID_ULONG 129 +-#define X509V3_F_V2I_ASIDENTIFIERS 158 +-#define X509V3_F_V2I_ASN1_BIT_STRING 101 +-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +-#define X509V3_F_V2I_AUTHORITY_KEYID 119 +-#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +-#define X509V3_F_V2I_CRLD 134 +-#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +-#define X509V3_F_V2I_GENERAL_NAMES 118 +-#define X509V3_F_V2I_GENERAL_NAME_EX 117 +-#define X509V3_F_V2I_IPADDRBLOCKS 159 +-#define X509V3_F_V2I_ISSUER_ALT 153 +-#define X509V3_F_V2I_NAME_CONSTRAINTS 147 +-#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +-#define X509V3_F_V2I_POLICY_MAPPINGS 145 +-#define X509V3_F_V2I_SUBJECT_ALT 154 +-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 +-#define X509V3_F_V3_GENERIC_EXTENSION 116 +-#define X509V3_F_X509V3_ADD1_I2D 140 +-#define X509V3_F_X509V3_ADD_VALUE 105 +-#define X509V3_F_X509V3_EXT_ADD 104 +-#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +-#define X509V3_F_X509V3_EXT_CONF 107 +-#define X509V3_F_X509V3_EXT_I2D 136 +-#define X509V3_F_X509V3_EXT_NCONF 152 +-#define X509V3_F_X509V3_GET_SECTION 142 +-#define X509V3_F_X509V3_GET_STRING 143 +-#define X509V3_F_X509V3_GET_VALUE_BOOL 110 +-#define X509V3_F_X509V3_PARSE_LIST 109 +-#define X509V3_F_X509_PURPOSE_ADD 137 +-#define X509V3_F_X509_PURPOSE_SET 141 ++# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156 ++# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157 ++# define X509V3_F_COPY_EMAIL 122 ++# define X509V3_F_COPY_ISSUER 123 ++# define X509V3_F_DO_DIRNAME 144 ++# define X509V3_F_DO_EXT_CONF 124 ++# define X509V3_F_DO_EXT_I2D 135 ++# define X509V3_F_DO_EXT_NCONF 151 ++# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 ++# define X509V3_F_HEX_TO_STRING 111 ++# define X509V3_F_I2S_ASN1_ENUMERATED 121 ++# define X509V3_F_I2S_ASN1_IA5STRING 149 ++# define X509V3_F_I2S_ASN1_INTEGER 120 ++# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 ++# define X509V3_F_NOTICE_SECTION 132 ++# define X509V3_F_NREF_NOS 133 ++# define X509V3_F_POLICY_SECTION 131 ++# define X509V3_F_PROCESS_PCI_VALUE 150 ++# define X509V3_F_R2I_CERTPOL 130 ++# define X509V3_F_R2I_PCI 155 ++# define X509V3_F_S2I_ASN1_IA5STRING 100 ++# define X509V3_F_S2I_ASN1_INTEGER 108 ++# define X509V3_F_S2I_ASN1_OCTET_STRING 112 ++# define X509V3_F_S2I_ASN1_SKEY_ID 114 ++# define X509V3_F_S2I_SKEY_ID 115 ++# define X509V3_F_STRING_TO_HEX 113 ++# define X509V3_F_SXNET_ADD_ID_ASC 125 ++# define X509V3_F_SXNET_ADD_ID_INTEGER 126 ++# define X509V3_F_SXNET_ADD_ID_ULONG 127 ++# define X509V3_F_SXNET_GET_ID_ASC 128 ++# define X509V3_F_SXNET_GET_ID_ULONG 129 ++# define X509V3_F_V2I_ASIDENTIFIERS 158 ++# define X509V3_F_V2I_ASN1_BIT_STRING 101 ++# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 ++# define X509V3_F_V2I_AUTHORITY_KEYID 119 ++# define X509V3_F_V2I_BASIC_CONSTRAINTS 102 ++# define X509V3_F_V2I_CRLD 134 ++# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 ++# define X509V3_F_V2I_GENERAL_NAMES 118 ++# define X509V3_F_V2I_GENERAL_NAME_EX 117 ++# define X509V3_F_V2I_IPADDRBLOCKS 159 ++# define X509V3_F_V2I_ISSUER_ALT 153 ++# define X509V3_F_V2I_NAME_CONSTRAINTS 147 ++# define X509V3_F_V2I_POLICY_CONSTRAINTS 146 ++# define X509V3_F_V2I_POLICY_MAPPINGS 145 ++# define X509V3_F_V2I_SUBJECT_ALT 154 ++# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 ++# define X509V3_F_V3_GENERIC_EXTENSION 116 ++# define X509V3_F_X509V3_ADD1_I2D 140 ++# define X509V3_F_X509V3_ADD_VALUE 105 ++# define X509V3_F_X509V3_EXT_ADD 104 ++# define X509V3_F_X509V3_EXT_ADD_ALIAS 106 ++# define X509V3_F_X509V3_EXT_CONF 107 ++# define X509V3_F_X509V3_EXT_I2D 136 ++# define X509V3_F_X509V3_EXT_NCONF 152 ++# define X509V3_F_X509V3_GET_SECTION 142 ++# define X509V3_F_X509V3_GET_STRING 143 ++# define X509V3_F_X509V3_GET_VALUE_BOOL 110 ++# define X509V3_F_X509V3_PARSE_LIST 109 ++# define X509V3_F_X509_PURPOSE_ADD 137 ++# define X509V3_F_X509_PURPOSE_SET 141 + + /* Reason codes. */ +-#define X509V3_R_BAD_IP_ADDRESS 118 +-#define X509V3_R_BAD_OBJECT 119 +-#define X509V3_R_BN_DEC2BN_ERROR 100 +-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +-#define X509V3_R_DIRNAME_ERROR 149 +-#define X509V3_R_DUPLICATE_ZONE_ID 133 +-#define X509V3_R_ERROR_CONVERTING_ZONE 131 +-#define X509V3_R_ERROR_CREATING_EXTENSION 144 +-#define X509V3_R_ERROR_IN_EXTENSION 128 +-#define X509V3_R_EXPECTED_A_SECTION_NAME 137 +-#define X509V3_R_EXTENSION_EXISTS 145 +-#define X509V3_R_EXTENSION_NAME_ERROR 115 +-#define X509V3_R_EXTENSION_NOT_FOUND 102 +-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +-#define X509V3_R_EXTENSION_VALUE_ERROR 116 +-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +-#define X509V3_R_ILLEGAL_HEX_DIGIT 113 +-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +-#define X509V3_R_INVALID_ASNUMBER 160 +-#define X509V3_R_INVALID_ASRANGE 161 +-#define X509V3_R_INVALID_BOOLEAN_STRING 104 +-#define X509V3_R_INVALID_EXTENSION_STRING 105 +-#define X509V3_R_INVALID_INHERITANCE 162 +-#define X509V3_R_INVALID_IPADDRESS 163 +-#define X509V3_R_INVALID_NAME 106 +-#define X509V3_R_INVALID_NULL_ARGUMENT 107 +-#define X509V3_R_INVALID_NULL_NAME 108 +-#define X509V3_R_INVALID_NULL_VALUE 109 +-#define X509V3_R_INVALID_NUMBER 140 +-#define X509V3_R_INVALID_NUMBERS 141 +-#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +-#define X509V3_R_INVALID_OPTION 138 +-#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +-#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +-#define X509V3_R_INVALID_PURPOSE 146 +-#define X509V3_R_INVALID_SAFI 164 +-#define X509V3_R_INVALID_SECTION 135 +-#define X509V3_R_INVALID_SYNTAX 143 +-#define X509V3_R_ISSUER_DECODE_ERROR 126 +-#define X509V3_R_MISSING_VALUE 124 +-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +-#define X509V3_R_NO_CONFIG_DATABASE 136 +-#define X509V3_R_NO_ISSUER_CERTIFICATE 121 +-#define X509V3_R_NO_ISSUER_DETAILS 127 +-#define X509V3_R_NO_POLICY_IDENTIFIER 139 +-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +-#define X509V3_R_NO_PUBLIC_KEY 114 +-#define X509V3_R_NO_SUBJECT_DETAILS 125 +-#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +-#define X509V3_R_OPERATION_NOT_DEFINED 148 +-#define X509V3_R_OTHERNAME_ERROR 147 +-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 +-#define X509V3_R_POLICY_PATH_LENGTH 156 +-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 +-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 +-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +-#define X509V3_R_SECTION_NOT_FOUND 150 +-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +-#define X509V3_R_UNKNOWN_EXTENSION 129 +-#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +-#define X509V3_R_UNKNOWN_OPTION 120 +-#define X509V3_R_UNSUPPORTED_OPTION 117 +-#define X509V3_R_USER_TOO_LONG 132 ++# define X509V3_R_BAD_IP_ADDRESS 118 ++# define X509V3_R_BAD_OBJECT 119 ++# define X509V3_R_BN_DEC2BN_ERROR 100 ++# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 ++# define X509V3_R_DIRNAME_ERROR 149 ++# define X509V3_R_DUPLICATE_ZONE_ID 133 ++# define X509V3_R_ERROR_CONVERTING_ZONE 131 ++# define X509V3_R_ERROR_CREATING_EXTENSION 144 ++# define X509V3_R_ERROR_IN_EXTENSION 128 ++# define X509V3_R_EXPECTED_A_SECTION_NAME 137 ++# define X509V3_R_EXTENSION_EXISTS 145 ++# define X509V3_R_EXTENSION_NAME_ERROR 115 ++# define X509V3_R_EXTENSION_NOT_FOUND 102 ++# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 ++# define X509V3_R_EXTENSION_VALUE_ERROR 116 ++# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 ++# define X509V3_R_ILLEGAL_HEX_DIGIT 113 ++# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 ++# define X509V3_R_INVALID_ASNUMBER 160 ++# define X509V3_R_INVALID_ASRANGE 161 ++# define X509V3_R_INVALID_BOOLEAN_STRING 104 ++# define X509V3_R_INVALID_EXTENSION_STRING 105 ++# define X509V3_R_INVALID_INHERITANCE 162 ++# define X509V3_R_INVALID_IPADDRESS 163 ++# define X509V3_R_INVALID_NAME 106 ++# define X509V3_R_INVALID_NULL_ARGUMENT 107 ++# define X509V3_R_INVALID_NULL_NAME 108 ++# define X509V3_R_INVALID_NULL_VALUE 109 ++# define X509V3_R_INVALID_NUMBER 140 ++# define X509V3_R_INVALID_NUMBERS 141 ++# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 ++# define X509V3_R_INVALID_OPTION 138 ++# define X509V3_R_INVALID_POLICY_IDENTIFIER 134 ++# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 ++# define X509V3_R_INVALID_PURPOSE 146 ++# define X509V3_R_INVALID_SAFI 164 ++# define X509V3_R_INVALID_SECTION 135 ++# define X509V3_R_INVALID_SYNTAX 143 ++# define X509V3_R_ISSUER_DECODE_ERROR 126 ++# define X509V3_R_MISSING_VALUE 124 ++# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 ++# define X509V3_R_NO_CONFIG_DATABASE 136 ++# define X509V3_R_NO_ISSUER_CERTIFICATE 121 ++# define X509V3_R_NO_ISSUER_DETAILS 127 ++# define X509V3_R_NO_POLICY_IDENTIFIER 139 ++# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 ++# define X509V3_R_NO_PUBLIC_KEY 114 ++# define X509V3_R_NO_SUBJECT_DETAILS 125 ++# define X509V3_R_ODD_NUMBER_OF_DIGITS 112 ++# define X509V3_R_OPERATION_NOT_DEFINED 148 ++# define X509V3_R_OTHERNAME_ERROR 147 ++# define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155 ++# define X509V3_R_POLICY_PATH_LENGTH 156 ++# define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157 ++# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 ++# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 ++# define X509V3_R_SECTION_NOT_FOUND 150 ++# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 ++# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 ++# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 ++# define X509V3_R_UNKNOWN_EXTENSION 129 ++# define X509V3_R_UNKNOWN_EXTENSION_NAME 130 ++# define X509V3_R_UNKNOWN_OPTION 120 ++# define X509V3_R_UNSUPPORTED_OPTION 117 ++# define X509V3_R_USER_TOO_LONG 132 + + #ifdef __cplusplus + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +index 373864c..dff5cd8 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,73 +61,74 @@ + + #if !defined(OPENSSL_FIPS_AES_ASM) + void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, const int enc) { ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, const int enc) ++{ + +- unsigned long n; +- unsigned long len = length; +- unsigned char tmp[AES_BLOCK_SIZE]; +- const unsigned char *iv = ivec; ++ unsigned long n; ++ unsigned long len = length; ++ unsigned char tmp[AES_BLOCK_SIZE]; ++ const unsigned char *iv = ivec; + +- assert(in && out && key && ivec); +- assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); ++ assert(in && out && key && ivec); ++ assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); + +- if (AES_ENCRYPT == enc) { +- while (len >= AES_BLOCK_SIZE) { +- for(n=0; n < AES_BLOCK_SIZE; ++n) +- out[n] = in[n] ^ iv[n]; +- AES_encrypt(out, out, key); +- iv = out; +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- if (len) { +- for(n=0; n < len; ++n) +- out[n] = in[n] ^ iv[n]; +- for(n=len; n < AES_BLOCK_SIZE; ++n) +- out[n] = iv[n]; +- AES_encrypt(out, out, key); +- iv = out; +- } +- memcpy(ivec,iv,AES_BLOCK_SIZE); +- } else if (in != out) { +- while (len >= AES_BLOCK_SIZE) { +- AES_decrypt(in, out, key); +- for(n=0; n < AES_BLOCK_SIZE; ++n) +- out[n] ^= iv[n]; +- iv = in; +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- if (len) { +- AES_decrypt(in,tmp,key); +- for(n=0; n < len; ++n) +- out[n] = tmp[n] ^ iv[n]; +- iv = in; +- } +- memcpy(ivec,iv,AES_BLOCK_SIZE); +- } else { +- while (len >= AES_BLOCK_SIZE) { +- memcpy(tmp, in, AES_BLOCK_SIZE); +- AES_decrypt(in, out, key); +- for(n=0; n < AES_BLOCK_SIZE; ++n) +- out[n] ^= ivec[n]; +- memcpy(ivec, tmp, AES_BLOCK_SIZE); +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- if (len) { +- memcpy(tmp, in, AES_BLOCK_SIZE); +- AES_decrypt(tmp, out, key); +- for(n=0; n < len; ++n) +- out[n] ^= ivec[n]; +- for(n=len; n < AES_BLOCK_SIZE; ++n) +- out[n] = tmp[n]; +- memcpy(ivec, tmp, AES_BLOCK_SIZE); +- } +- } ++ if (AES_ENCRYPT == enc) { ++ while (len >= AES_BLOCK_SIZE) { ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] = in[n] ^ iv[n]; ++ AES_encrypt(out, out, key); ++ iv = out; ++ len -= AES_BLOCK_SIZE; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ if (len) { ++ for (n = 0; n < len; ++n) ++ out[n] = in[n] ^ iv[n]; ++ for (n = len; n < AES_BLOCK_SIZE; ++n) ++ out[n] = iv[n]; ++ AES_encrypt(out, out, key); ++ iv = out; ++ } ++ memcpy(ivec, iv, AES_BLOCK_SIZE); ++ } else if (in != out) { ++ while (len >= AES_BLOCK_SIZE) { ++ AES_decrypt(in, out, key); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= iv[n]; ++ iv = in; ++ len -= AES_BLOCK_SIZE; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ if (len) { ++ AES_decrypt(in, tmp, key); ++ for (n = 0; n < len; ++n) ++ out[n] = tmp[n] ^ iv[n]; ++ iv = in; ++ } ++ memcpy(ivec, iv, AES_BLOCK_SIZE); ++ } else { ++ while (len >= AES_BLOCK_SIZE) { ++ memcpy(tmp, in, AES_BLOCK_SIZE); ++ AES_decrypt(in, out, key); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= ivec[n]; ++ memcpy(ivec, tmp, AES_BLOCK_SIZE); ++ len -= AES_BLOCK_SIZE; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ if (len) { ++ memcpy(tmp, in, AES_BLOCK_SIZE); ++ AES_decrypt(tmp, out, key); ++ for (n = 0; n < len; ++n) ++ out[n] ^= ivec[n]; ++ for (n = len; n < AES_BLOCK_SIZE; ++n) ++ out[n] = tmp[n]; ++ memcpy(ivec, tmp, AES_BLOCK_SIZE); ++ } ++ } + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +index 9384ba6..ded1aa0 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,21 +54,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -83,10 +83,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -98,7 +98,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -116,109 +116,113 @@ + #include "aes_locl.h" + #include "e_os.h" + +-/* The input and output encrypted as though 128bit cfb mode is being +- * used. The extra state information to record how much of the +- * 128bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 128bit cfb mode is being used. ++ * The extra state information to record how much of the 128bit block we have ++ * used is contained in *num; + */ + + void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num, const int enc) { +- +- unsigned int n; +- unsigned long l = length; +- unsigned char c; +- +- assert(in && out && key && ivec && num); +- +- n = *num; +- +- if (enc) { +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ivec, key); +- } +- ivec[n] = *(out++) = *(in++) ^ ivec[n]; +- n = (n+1) % AES_BLOCK_SIZE; +- } +- } else { +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ivec, key); +- } +- c = *(in); +- *(out++) = *(in++) ^ ivec[n]; +- ivec[n] = c; +- n = (n+1) % AES_BLOCK_SIZE; +- } +- } +- +- *num=n; ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num, const int enc) ++{ ++ ++ unsigned int n; ++ unsigned long l = length; ++ unsigned char c; ++ ++ assert(in && out && key && ivec && num); ++ ++ n = *num; ++ ++ if (enc) { ++ while (l--) { ++ if (n == 0) { ++ AES_encrypt(ivec, ivec, key); ++ } ++ ivec[n] = *(out++) = *(in++) ^ ivec[n]; ++ n = (n + 1) % AES_BLOCK_SIZE; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ AES_encrypt(ivec, ivec, key); ++ } ++ c = *(in); ++ *(out++) = *(in++) ^ ivec[n]; ++ ivec[n] = c; ++ n = (n + 1) % AES_BLOCK_SIZE; ++ } ++ } ++ ++ *num = n; + } + +-/* This expects a single block of size nbits for both in and out. Note that +- it corrupts any extra bits in the last byte of out */ +-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out, +- const int nbits,const AES_KEY *key, +- unsigned char *ivec,const int enc) +- { +- int n,rem,num; +- unsigned char ovec[AES_BLOCK_SIZE*2]; +- +- if (nbits<=0 || nbits>128) return; +- +- /* fill in the first half of the new IV with the current IV */ +- memcpy(ovec,ivec,AES_BLOCK_SIZE); +- /* construct the new IV */ +- AES_encrypt(ivec,ivec,key); +- num = (nbits+7)/8; +- if (enc) /* encrypt the input */ +- for(n=0 ; n < num ; ++n) +- out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]); +- else /* decrypt the input */ +- for(n=0 ; n < num ; ++n) +- out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n]; +- /* shift ovec left... */ +- rem = nbits%8; +- num = nbits/8; +- if(rem==0) +- memcpy(ivec,ovec+num,AES_BLOCK_SIZE); +- else +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- ivec[n] = ovec[n+num]<>(8-rem); ++/* ++ * This expects a single block of size nbits for both in and out. Note that ++ * it corrupts any extra bits in the last byte of out ++ */ ++void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out, ++ const int nbits, const AES_KEY *key, ++ unsigned char *ivec, const int enc) ++{ ++ int n, rem, num; ++ unsigned char ovec[AES_BLOCK_SIZE * 2]; ++ ++ if (nbits <= 0 || nbits > 128) ++ return; ++ ++ /* fill in the first half of the new IV with the current IV */ ++ memcpy(ovec, ivec, AES_BLOCK_SIZE); ++ /* construct the new IV */ ++ AES_encrypt(ivec, ivec, key); ++ num = (nbits + 7) / 8; ++ if (enc) /* encrypt the input */ ++ for (n = 0; n < num; ++n) ++ out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n] ^ ivec[n]); ++ else /* decrypt the input */ ++ for (n = 0; n < num; ++n) ++ out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n]) ^ ivec[n]; ++ /* shift ovec left... */ ++ rem = nbits % 8; ++ num = nbits / 8; ++ if (rem == 0) ++ memcpy(ivec, ovec + num, AES_BLOCK_SIZE); ++ else ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); + + /* it is not necessary to cleanse ovec, since the IV is not secret */ +- } ++} + + /* N.B. This expects the input to be packed, MS bit first */ + void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num, const int enc) +- { ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num, const int enc) ++{ + unsigned int n; +- unsigned char c[1],d[1]; ++ unsigned char c[1], d[1]; + + assert(in && out && key && ivec && num); + assert(*num == 0); + +- for(n=0 ; n < length ; ++n) +- { +- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; +- AES_cfbr_encrypt_block(c,d,1,key,ivec,enc); +- out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8)); +- } ++ for (n = 0; n < length; ++n) { ++ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; ++ AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc); ++ out[n / 8] = ++ (out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8)); + } ++} + + void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num, const int enc) +- { ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num, const int enc) ++{ + unsigned int n; + + assert(in && out && key && ivec && num); + assert(*num == 0); + +- for(n=0 ; n < length ; ++n) +- AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc); +- } +- ++ for (n = 0; n < length; ++n) ++ AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc); ++} +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +index cffdd4d..cf73de8 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +@@ -43,7 +43,7 @@ + + #include "aes_locl.h" + +-/* ++/*- + Te0[x] = S [x].[02, 01, 01, 03]; + Te1[x] = S [x].[03, 02, 01, 01]; + Te2[x] = S [x].[01, 03, 02, 01]; +@@ -620,165 +620,166 @@ static const u8 Td4[256] = { + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, + }; + static const u32 rcon[] = { +- 0x01000000, 0x02000000, 0x04000000, 0x08000000, +- 0x10000000, 0x20000000, 0x40000000, 0x80000000, +- 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ ++ 0x01000000, 0x02000000, 0x04000000, 0x08000000, ++ 0x10000000, 0x20000000, 0x40000000, 0x80000000, ++ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ + }; + + /** + * Expand the cipher key into the encryption key schedule. + */ + int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) { +- +- u32 *rk; +- int i = 0; +- u32 temp; ++ AES_KEY *key) ++{ ++ u32 *rk; ++ int i = 0; ++ u32 temp; + + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ FIPS_selftest_check(); + #endif + +- if (!userKey || !key) +- return -1; +- if (bits != 128 && bits != 192 && bits != 256) +- return -2; ++ if (!userKey || !key) ++ return -1; ++ if (bits != 128 && bits != 192 && bits != 256) ++ return -2; + +- rk = key->rd_key; ++ rk = key->rd_key; + +- if (bits==128) +- key->rounds = 10; +- else if (bits==192) +- key->rounds = 12; +- else +- key->rounds = 14; ++ if (bits==128) ++ key->rounds = 10; ++ else if (bits==192) ++ key->rounds = 12; ++ else ++ key->rounds = 14; + +- rk[0] = GETU32(userKey ); +- rk[1] = GETU32(userKey + 4); +- rk[2] = GETU32(userKey + 8); +- rk[3] = GETU32(userKey + 12); +- if (bits == 128) { +- while (1) { +- temp = rk[3]; +- rk[4] = rk[0] ^ +- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ +- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ +- (Te0[(temp ) & 0xff] & 0x0000ff00) ^ +- (Te1[(temp >> 24) ] & 0x000000ff) ^ +- rcon[i]; +- rk[5] = rk[1] ^ rk[4]; +- rk[6] = rk[2] ^ rk[5]; +- rk[7] = rk[3] ^ rk[6]; +- if (++i == 10) { +- return 0; +- } +- rk += 4; +- } +- } +- rk[4] = GETU32(userKey + 16); +- rk[5] = GETU32(userKey + 20); +- if (bits == 192) { +- while (1) { +- temp = rk[ 5]; +- rk[ 6] = rk[ 0] ^ +- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ +- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ +- (Te0[(temp ) & 0xff] & 0x0000ff00) ^ +- (Te1[(temp >> 24) ] & 0x000000ff) ^ +- rcon[i]; +- rk[ 7] = rk[ 1] ^ rk[ 6]; +- rk[ 8] = rk[ 2] ^ rk[ 7]; +- rk[ 9] = rk[ 3] ^ rk[ 8]; +- if (++i == 8) { +- return 0; +- } +- rk[10] = rk[ 4] ^ rk[ 9]; +- rk[11] = rk[ 5] ^ rk[10]; +- rk += 6; +- } +- } +- rk[6] = GETU32(userKey + 24); +- rk[7] = GETU32(userKey + 28); +- if (bits == 256) { +- while (1) { +- temp = rk[ 7]; +- rk[ 8] = rk[ 0] ^ +- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ +- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ +- (Te0[(temp ) & 0xff] & 0x0000ff00) ^ +- (Te1[(temp >> 24) ] & 0x000000ff) ^ +- rcon[i]; +- rk[ 9] = rk[ 1] ^ rk[ 8]; +- rk[10] = rk[ 2] ^ rk[ 9]; +- rk[11] = rk[ 3] ^ rk[10]; +- if (++i == 7) { +- return 0; +- } +- temp = rk[11]; +- rk[12] = rk[ 4] ^ +- (Te2[(temp >> 24) ] & 0xff000000) ^ +- (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ +- (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ +- (Te1[(temp ) & 0xff] & 0x000000ff); +- rk[13] = rk[ 5] ^ rk[12]; +- rk[14] = rk[ 6] ^ rk[13]; +- rk[15] = rk[ 7] ^ rk[14]; ++ rk[0] = GETU32(userKey ); ++ rk[1] = GETU32(userKey + 4); ++ rk[2] = GETU32(userKey + 8); ++ rk[3] = GETU32(userKey + 12); ++ if (bits == 128) { ++ while (1) { ++ temp = rk[3]; ++ rk[4] = rk[0] ^ ++ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ ++ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp >> 24) ] & 0x000000ff) ^ ++ rcon[i]; ++ rk[5] = rk[1] ^ rk[4]; ++ rk[6] = rk[2] ^ rk[5]; ++ rk[7] = rk[3] ^ rk[6]; ++ if (++i == 10) { ++ return 0; ++ } ++ rk += 4; ++ } ++ } ++ rk[4] = GETU32(userKey + 16); ++ rk[5] = GETU32(userKey + 20); ++ if (bits == 192) { ++ while (1) { ++ temp = rk[ 5]; ++ rk[ 6] = rk[ 0] ^ ++ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ ++ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp >> 24) ] & 0x000000ff) ^ ++ rcon[i]; ++ rk[ 7] = rk[ 1] ^ rk[ 6]; ++ rk[ 8] = rk[ 2] ^ rk[ 7]; ++ rk[ 9] = rk[ 3] ^ rk[ 8]; ++ if (++i == 8) { ++ return 0; ++ } ++ rk[10] = rk[ 4] ^ rk[ 9]; ++ rk[11] = rk[ 5] ^ rk[10]; ++ rk += 6; ++ } ++ } ++ rk[6] = GETU32(userKey + 24); ++ rk[7] = GETU32(userKey + 28); ++ if (bits == 256) { ++ while (1) { ++ temp = rk[ 7]; ++ rk[ 8] = rk[ 0] ^ ++ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ ++ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp ) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp >> 24) ] & 0x000000ff) ^ ++ rcon[i]; ++ rk[ 9] = rk[ 1] ^ rk[ 8]; ++ rk[10] = rk[ 2] ^ rk[ 9]; ++ rk[11] = rk[ 3] ^ rk[10]; ++ if (++i == 7) { ++ return 0; ++ } ++ temp = rk[11]; ++ rk[12] = rk[ 4] ^ ++ (Te2[(temp >> 24) ] & 0xff000000) ^ ++ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(temp ) & 0xff] & 0x000000ff); ++ rk[13] = rk[ 5] ^ rk[12]; ++ rk[14] = rk[ 6] ^ rk[13]; ++ rk[15] = rk[ 7] ^ rk[14]; + +- rk += 8; +- } +- } +- return 0; ++ rk += 8; ++ } ++ } ++ return 0; + } + + /** + * Expand the cipher key into the decryption key schedule. + */ + int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) { ++ AES_KEY *key) ++{ + +- u32 *rk; +- int i, j, status; +- u32 temp; ++ u32 *rk; ++ int i, j, status; ++ u32 temp; + +- /* first, start with an encryption schedule */ +- status = AES_set_encrypt_key(userKey, bits, key); +- if (status < 0) +- return status; ++ /* first, start with an encryption schedule */ ++ status = AES_set_encrypt_key(userKey, bits, key); ++ if (status < 0) ++ return status; + +- rk = key->rd_key; ++ rk = key->rd_key; + +- /* invert the order of the round keys: */ +- for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { +- temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; +- temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; +- temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; +- temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; +- } +- /* apply the inverse MixColumn transform to all round keys but the first and the last: */ +- for (i = 1; i < (key->rounds); i++) { +- rk += 4; +- rk[0] = +- Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ +- Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ +- Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ +- Td3[Te1[(rk[0] ) & 0xff] & 0xff]; +- rk[1] = +- Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ +- Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ +- Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ +- Td3[Te1[(rk[1] ) & 0xff] & 0xff]; +- rk[2] = +- Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ +- Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ +- Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ +- Td3[Te1[(rk[2] ) & 0xff] & 0xff]; +- rk[3] = +- Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ +- Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ +- Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ +- Td3[Te1[(rk[3] ) & 0xff] & 0xff]; +- } +- return 0; ++ /* invert the order of the round keys: */ ++ for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { ++ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; ++ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; ++ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; ++ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; ++ } ++ /* apply the inverse MixColumn transform to all round keys but the first and the last: */ ++ for (i = 1; i < (key->rounds); i++) { ++ rk += 4; ++ rk[0] = ++ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[0] ) & 0xff] & 0xff]; ++ rk[1] = ++ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[1] ) & 0xff] & 0xff]; ++ rk[2] = ++ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[2] ) & 0xff] & 0xff]; ++ rk[3] = ++ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ ++ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ ++ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ ++ Td3[Te1[(rk[3] ) & 0xff] & 0xff]; ++ } ++ return 0; + } + + #ifndef AES_ASM +@@ -787,71 +788,71 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + * in and out can overlap + */ + void AES_encrypt(const unsigned char *in, unsigned char *out, +- const AES_KEY *key) { ++ const AES_KEY *key) { + +- const u32 *rk; +- u32 s0, s1, s2, s3, t0, t1, t2, t3; ++ const u32 *rk; ++ u32 s0, s1, s2, s3, t0, t1, t2, t3; + #ifndef FULL_UNROLL +- int r; ++ int r; + #endif /* ?FULL_UNROLL */ + +- assert(in && out && key); +- rk = key->rd_key; ++ assert(in && out && key); ++ rk = key->rd_key; + +- /* +- * map byte array block to cipher state +- * and add initial round key: +- */ +- s0 = GETU32(in ) ^ rk[0]; +- s1 = GETU32(in + 4) ^ rk[1]; +- s2 = GETU32(in + 8) ^ rk[2]; +- s3 = GETU32(in + 12) ^ rk[3]; ++ /* ++ * map byte array block to cipher state ++ * and add initial round key: ++ */ ++ s0 = GETU32(in ) ^ rk[0]; ++ s1 = GETU32(in + 4) ^ rk[1]; ++ s2 = GETU32(in + 8) ^ rk[2]; ++ s3 = GETU32(in + 12) ^ rk[3]; + #ifdef FULL_UNROLL +- /* round 1: */ +- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; +- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; +- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; +- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; +- /* round 2: */ +- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; +- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; +- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; +- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; +- /* round 3: */ +- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; +- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; +- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; +- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; +- /* round 4: */ +- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; +- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; +- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; +- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; +- /* round 5: */ +- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; +- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; +- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; +- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; +- /* round 6: */ +- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; +- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; +- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; +- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; +- /* round 7: */ +- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; +- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; +- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; +- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; +- /* round 8: */ +- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; +- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; +- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; +- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; +- /* round 9: */ +- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; +- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; +- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; +- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; ++ /* round 1: */ ++ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; ++ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; ++ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; ++ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; ++ /* round 2: */ ++ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; ++ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; ++ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; ++ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; ++ /* round 3: */ ++ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; ++ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; ++ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; ++ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; ++ /* round 4: */ ++ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; ++ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; ++ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; ++ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; ++ /* round 5: */ ++ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; ++ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; ++ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; ++ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; ++ /* round 6: */ ++ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; ++ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; ++ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; ++ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; ++ /* round 7: */ ++ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; ++ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; ++ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; ++ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; ++ /* round 8: */ ++ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; ++ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; ++ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; ++ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; ++ /* round 9: */ ++ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; ++ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; ++ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; ++ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + if (key->rounds > 10) { + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; +@@ -940,37 +941,37 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, + } + #endif /* ?FULL_UNROLL */ + /* +- * apply last round and +- * map cipher state to byte array block: +- */ +- s0 = +- (Te2[(t0 >> 24) ] & 0xff000000) ^ +- (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te1[(t3 ) & 0xff] & 0x000000ff) ^ +- rk[0]; +- PUTU32(out , s0); +- s1 = +- (Te2[(t1 >> 24) ] & 0xff000000) ^ +- (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te1[(t0 ) & 0xff] & 0x000000ff) ^ +- rk[1]; +- PUTU32(out + 4, s1); +- s2 = +- (Te2[(t2 >> 24) ] & 0xff000000) ^ +- (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te1[(t1 ) & 0xff] & 0x000000ff) ^ +- rk[2]; +- PUTU32(out + 8, s2); +- s3 = +- (Te2[(t3 >> 24) ] & 0xff000000) ^ +- (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ +- (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ +- (Te1[(t2 ) & 0xff] & 0x000000ff) ^ +- rk[3]; +- PUTU32(out + 12, s3); ++ * apply last round and ++ * map cipher state to byte array block: ++ */ ++ s0 = ++ (Te2[(t0 >> 24) ] & 0xff000000) ^ ++ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t3 ) & 0xff] & 0x000000ff) ^ ++ rk[0]; ++ PUTU32(out , s0); ++ s1 = ++ (Te2[(t1 >> 24) ] & 0xff000000) ^ ++ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t0 ) & 0xff] & 0x000000ff) ^ ++ rk[1]; ++ PUTU32(out + 4, s1); ++ s2 = ++ (Te2[(t2 >> 24) ] & 0xff000000) ^ ++ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t1 ) & 0xff] & 0x000000ff) ^ ++ rk[2]; ++ PUTU32(out + 8, s2); ++ s3 = ++ (Te2[(t3 >> 24) ] & 0xff000000) ^ ++ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ ++ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ ++ (Te1[(t2 ) & 0xff] & 0x000000ff) ^ ++ rk[3]; ++ PUTU32(out + 12, s3); + } + + /* +@@ -978,21 +979,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, + * in and out can overlap + */ + void AES_decrypt(const unsigned char *in, unsigned char *out, +- const AES_KEY *key) { ++ const AES_KEY *key) ++{ + +- const u32 *rk; +- u32 s0, s1, s2, s3, t0, t1, t2, t3; ++ const u32 *rk; ++ u32 s0, s1, s2, s3, t0, t1, t2, t3; + #ifndef FULL_UNROLL +- int r; ++ int r; + #endif /* ?FULL_UNROLL */ + +- assert(in && out && key); +- rk = key->rd_key; ++ assert(in && out && key); ++ rk = key->rd_key; + +- /* +- * map byte array block to cipher state +- * and add initial round key: +- */ ++ /* ++ * map byte array block to cipher state ++ * and add initial round key: ++ */ + s0 = GETU32(in ) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; +@@ -1067,7 +1069,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } +- rk += key->rounds << 2; ++ rk += key->rounds << 2; + #else /* !FULL_UNROLL */ + /* + * Nr - 1 full rounds: +@@ -1131,37 +1133,37 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, + } + #endif /* ?FULL_UNROLL */ + /* +- * apply last round and +- * map cipher state to byte array block: +- */ +- s0 = +- (Td4[(t0 >> 24) ] << 24) ^ +- (Td4[(t3 >> 16) & 0xff] << 16) ^ +- (Td4[(t2 >> 8) & 0xff] << 8) ^ +- (Td4[(t1 ) & 0xff]) ^ +- rk[0]; +- PUTU32(out , s0); +- s1 = +- (Td4[(t1 >> 24) ] << 24) ^ +- (Td4[(t0 >> 16) & 0xff] << 16) ^ +- (Td4[(t3 >> 8) & 0xff] << 8) ^ +- (Td4[(t2 ) & 0xff]) ^ +- rk[1]; +- PUTU32(out + 4, s1); +- s2 = +- (Td4[(t2 >> 24) ] << 24) ^ +- (Td4[(t1 >> 16) & 0xff] << 16) ^ +- (Td4[(t0 >> 8) & 0xff] << 8) ^ +- (Td4[(t3 ) & 0xff]) ^ +- rk[2]; +- PUTU32(out + 8, s2); +- s3 = +- (Td4[(t3 >> 24) ] << 24) ^ +- (Td4[(t2 >> 16) & 0xff] << 16) ^ +- (Td4[(t1 >> 8) & 0xff] << 8) ^ +- (Td4[(t0 ) & 0xff]) ^ +- rk[3]; +- PUTU32(out + 12, s3); ++ * apply last round and ++ * map cipher state to byte array block: ++ */ ++ s0 = ++ (Td4[(t0 >> 24) ] << 24) ^ ++ (Td4[(t3 >> 16) & 0xff] << 16) ^ ++ (Td4[(t2 >> 8) & 0xff] << 8) ^ ++ (Td4[(t1 ) & 0xff]) ^ ++ rk[0]; ++ PUTU32(out , s0); ++ s1 = ++ (Td4[(t1 >> 24) ] << 24) ^ ++ (Td4[(t0 >> 16) & 0xff] << 16) ^ ++ (Td4[(t3 >> 8) & 0xff] << 8) ^ ++ (Td4[(t2 ) & 0xff]) ^ ++ rk[1]; ++ PUTU32(out + 4, s1); ++ s2 = ++ (Td4[(t2 >> 24) ] << 24) ^ ++ (Td4[(t1 >> 16) & 0xff] << 16) ^ ++ (Td4[(t0 >> 8) & 0xff] << 8) ^ ++ (Td4[(t3 ) & 0xff]) ^ ++ rk[2]; ++ PUTU32(out + 8, s2); ++ s3 = ++ (Td4[(t3 >> 24) ] << 24) ^ ++ (Td4[(t2 >> 16) & 0xff] << 16) ^ ++ (Td4[(t1 >> 8) & 0xff] << 8) ^ ++ (Td4[(t0 ) & 0xff]) ^ ++ rk[3]; ++ PUTU32(out + 12, s3); + } + + #endif /* AES_ASM */ +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +index f36982b..fa82b2c 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -59,81 +59,87 @@ + #include + #include "aes_locl.h" + +-/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code +- * is endian-neutral. */ ++/* ++ * NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code is ++ * endian-neutral. ++ */ + + /* increment counter (128-bit int) by 1 */ +-static void AES_ctr128_inc(unsigned char *counter) { +- unsigned long c; +- +- /* Grab bottom dword of counter and increment */ +- c = GETU32(counter + 12); +- c++; c &= 0xFFFFFFFF; +- PUTU32(counter + 12, c); +- +- /* if no overflow, we're done */ +- if (c) +- return; +- +- /* Grab 1st dword of counter and increment */ +- c = GETU32(counter + 8); +- c++; c &= 0xFFFFFFFF; +- PUTU32(counter + 8, c); +- +- /* if no overflow, we're done */ +- if (c) +- return; +- +- /* Grab 2nd dword of counter and increment */ +- c = GETU32(counter + 4); +- c++; c &= 0xFFFFFFFF; +- PUTU32(counter + 4, c); +- +- /* if no overflow, we're done */ +- if (c) +- return; +- +- /* Grab top dword of counter and increment */ +- c = GETU32(counter + 0); +- c++; c &= 0xFFFFFFFF; +- PUTU32(counter + 0, c); ++static void AES_ctr128_inc(unsigned char *counter) ++{ ++ unsigned long c; ++ ++ /* Grab bottom dword of counter and increment */ ++ c = GETU32(counter + 12); ++ c++; ++ c &= 0xFFFFFFFF; ++ PUTU32(counter + 12, c); ++ ++ /* if no overflow, we're done */ ++ if (c) ++ return; ++ ++ /* Grab 1st dword of counter and increment */ ++ c = GETU32(counter + 8); ++ c++; ++ c &= 0xFFFFFFFF; ++ PUTU32(counter + 8, c); ++ ++ /* if no overflow, we're done */ ++ if (c) ++ return; ++ ++ /* Grab 2nd dword of counter and increment */ ++ c = GETU32(counter + 4); ++ c++; ++ c &= 0xFFFFFFFF; ++ PUTU32(counter + 4, c); ++ ++ /* if no overflow, we're done */ ++ if (c) ++ return; ++ ++ /* Grab top dword of counter and increment */ ++ c = GETU32(counter + 0); ++ c++; ++ c &= 0xFFFFFFFF; ++ PUTU32(counter + 0, c); + } + +-/* The input encrypted as though 128bit counter mode is being +- * used. The extra state information to record how much of the +- * 128bit block we have used is contained in *num, and the +- * encrypted counter is kept in ecount_buf. Both *num and +- * ecount_buf must be initialised with zeros before the first +- * call to AES_ctr128_encrypt(). +- * +- * This algorithm assumes that the counter is in the x lower bits +- * of the IV (ivec), and that the application has full control over +- * overflow and the rest of the IV. This implementation takes NO +- * responsability for checking that the counter doesn't overflow +- * into the rest of the IV when incremented. ++/* ++ * The input encrypted as though 128bit counter mode is being used. The ++ * extra state information to record how much of the 128bit block we have ++ * used is contained in *num, and the encrypted counter is kept in ++ * ecount_buf. Both *num and ecount_buf must be initialised with zeros ++ * before the first call to AES_ctr128_encrypt(). This algorithm assumes ++ * that the counter is in the x lower bits of the IV (ivec), and that the ++ * application has full control over overflow and the rest of the IV. This ++ * implementation takes NO responsability for checking that the counter ++ * doesn't overflow into the rest of the IV when incremented. + */ + void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char ivec[AES_BLOCK_SIZE], +- unsigned char ecount_buf[AES_BLOCK_SIZE], +- unsigned int *num) { +- +- unsigned int n; +- unsigned long l=length; +- +- assert(in && out && key && counter && num); +- assert(*num < AES_BLOCK_SIZE); +- +- n = *num; +- +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ecount_buf, key); +- AES_ctr128_inc(ivec); +- } +- *(out++) = *(in++) ^ ecount_buf[n]; +- n = (n+1) % AES_BLOCK_SIZE; +- } +- +- *num=n; ++ const unsigned long length, const AES_KEY *key, ++ unsigned char ivec[AES_BLOCK_SIZE], ++ unsigned char ecount_buf[AES_BLOCK_SIZE], ++ unsigned int *num) ++{ ++ ++ unsigned int n; ++ unsigned long l = length; ++ ++ assert(in && out && key && counter && num); ++ assert(*num < AES_BLOCK_SIZE); ++ ++ n = *num; ++ ++ while (l--) { ++ if (n == 0) { ++ AES_encrypt(ivec, ecount_buf, key); ++ AES_ctr128_inc(ivec); ++ } ++ *(out++) = *(in++) ^ ecount_buf[n]; ++ n = (n + 1) % AES_BLOCK_SIZE; ++ } ++ ++ *num = n; + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c +index 28aa561..2e0d20c 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,14 +60,14 @@ + #include "aes_locl.h" + + void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const AES_KEY *key, const int enc) { ++ const AES_KEY *key, const int enc) ++{ + +- assert(in && out && key); +- assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); ++ assert(in && out && key); ++ assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); + +- if (AES_ENCRYPT == enc) +- AES_encrypt(in, out, key); +- else +- AES_decrypt(in, out, key); ++ if (AES_ENCRYPT == enc) ++ AES_encrypt(in, out, key); ++ else ++ AES_decrypt(in, out, key); + } +- +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +index 45d7096..0fa28c3 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,152 +56,147 @@ + + #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) + typedef struct { +- unsigned long data[N_WORDS]; ++ unsigned long data[N_WORDS]; + } aes_block_t; + + /* XXX: probably some better way to do this */ + #if defined(__i386__) || defined(__x86_64__) +-#define UNALIGNED_MEMOPS_ARE_FAST 1 ++# define UNALIGNED_MEMOPS_ARE_FAST 1 + #else +-#define UNALIGNED_MEMOPS_ARE_FAST 0 ++# define UNALIGNED_MEMOPS_ARE_FAST 0 + #endif + + #if UNALIGNED_MEMOPS_ARE_FAST +-#define load_block(d, s) (d) = *(const aes_block_t *)(s) +-#define store_block(d, s) *(aes_block_t *)(d) = (s) ++# define load_block(d, s) (d) = *(const aes_block_t *)(s) ++# define store_block(d, s) *(aes_block_t *)(d) = (s) + #else +-#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) +-#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) ++# define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) ++# define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) + #endif + + /* N.B. The IV for this mode is _twice_ the block size */ + + void AES_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, const int enc) +- { +- unsigned long n; +- unsigned long len; ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, const int enc) ++{ ++ unsigned long n; ++ unsigned long len; + +- OPENSSL_assert(in && out && key && ivec); +- OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); +- OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); ++ OPENSSL_assert(in && out && key && ivec); ++ OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); ++ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); + +- len = length / AES_BLOCK_SIZE; ++ len = length / AES_BLOCK_SIZE; + +- if (AES_ENCRYPT == enc) +- { +- if (in != out && +- (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) +- { +- aes_block_t *ivp = (aes_block_t *)ivec; +- aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); ++ if (AES_ENCRYPT == enc) { ++ if (in != out && ++ (UNALIGNED_MEMOPS_ARE_FAST ++ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == ++ 0)) { ++ aes_block_t *ivp = (aes_block_t *) ivec; ++ aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); + +- while (len) +- { +- aes_block_t *inp = (aes_block_t *)in; +- aes_block_t *outp = (aes_block_t *)out; ++ while (len) { ++ aes_block_t *inp = (aes_block_t *) in; ++ aes_block_t *outp = (aes_block_t *) out; + +- for(n=0 ; n < N_WORDS; ++n) +- outp->data[n] = inp->data[n] ^ ivp->data[n]; +- AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); +- for(n=0 ; n < N_WORDS; ++n) +- outp->data[n] ^= iv2p->data[n]; +- ivp = outp; +- iv2p = inp; +- --len; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- memcpy(ivec, ivp->data, AES_BLOCK_SIZE); +- memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); +- } +- else +- { +- aes_block_t tmp, tmp2; +- aes_block_t iv; +- aes_block_t iv2; ++ for (n = 0; n < N_WORDS; ++n) ++ outp->data[n] = inp->data[n] ^ ivp->data[n]; ++ AES_encrypt((unsigned char *)outp->data, ++ (unsigned char *)outp->data, key); ++ for (n = 0; n < N_WORDS; ++n) ++ outp->data[n] ^= iv2p->data[n]; ++ ivp = outp; ++ iv2p = inp; ++ --len; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ memcpy(ivec, ivp->data, AES_BLOCK_SIZE); ++ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); ++ } else { ++ aes_block_t tmp, tmp2; ++ aes_block_t iv; ++ aes_block_t iv2; + +- load_block(iv, ivec); +- load_block(iv2, ivec + AES_BLOCK_SIZE); ++ load_block(iv, ivec); ++ load_block(iv2, ivec + AES_BLOCK_SIZE); + +- while (len) +- { +- load_block(tmp, in); +- for(n=0 ; n < N_WORDS; ++n) +- tmp2.data[n] = tmp.data[n] ^ iv.data[n]; +- AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); +- for(n=0 ; n < N_WORDS; ++n) +- tmp2.data[n] ^= iv2.data[n]; +- store_block(out, tmp2); +- iv = tmp2; +- iv2 = tmp; +- --len; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- memcpy(ivec, iv.data, AES_BLOCK_SIZE); +- memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); +- } +- } +- else +- { +- if (in != out && +- (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) +- { +- aes_block_t *ivp = (aes_block_t *)ivec; +- aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); ++ while (len) { ++ load_block(tmp, in); ++ for (n = 0; n < N_WORDS; ++n) ++ tmp2.data[n] = tmp.data[n] ^ iv.data[n]; ++ AES_encrypt((unsigned char *)tmp2.data, ++ (unsigned char *)tmp2.data, key); ++ for (n = 0; n < N_WORDS; ++n) ++ tmp2.data[n] ^= iv2.data[n]; ++ store_block(out, tmp2); ++ iv = tmp2; ++ iv2 = tmp; ++ --len; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ memcpy(ivec, iv.data, AES_BLOCK_SIZE); ++ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); ++ } ++ } else { ++ if (in != out && ++ (UNALIGNED_MEMOPS_ARE_FAST ++ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == ++ 0)) { ++ aes_block_t *ivp = (aes_block_t *) ivec; ++ aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); + +- while (len) +- { +- aes_block_t tmp; +- aes_block_t *inp = (aes_block_t *)in; +- aes_block_t *outp = (aes_block_t *)out; ++ while (len) { ++ aes_block_t tmp; ++ aes_block_t *inp = (aes_block_t *) in; ++ aes_block_t *outp = (aes_block_t *) out; + +- for(n=0 ; n < N_WORDS; ++n) +- tmp.data[n] = inp->data[n] ^ iv2p->data[n]; +- AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key); +- for(n=0 ; n < N_WORDS; ++n) +- outp->data[n] ^= ivp->data[n]; +- ivp = inp; +- iv2p = outp; +- --len; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- memcpy(ivec, ivp->data, AES_BLOCK_SIZE); +- memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); +- } +- else +- { +- aes_block_t tmp, tmp2; +- aes_block_t iv; +- aes_block_t iv2; ++ for (n = 0; n < N_WORDS; ++n) ++ tmp.data[n] = inp->data[n] ^ iv2p->data[n]; ++ AES_decrypt((unsigned char *)tmp.data, ++ (unsigned char *)outp->data, key); ++ for (n = 0; n < N_WORDS; ++n) ++ outp->data[n] ^= ivp->data[n]; ++ ivp = inp; ++ iv2p = outp; ++ --len; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ memcpy(ivec, ivp->data, AES_BLOCK_SIZE); ++ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); ++ } else { ++ aes_block_t tmp, tmp2; ++ aes_block_t iv; ++ aes_block_t iv2; + +- load_block(iv, ivec); +- load_block(iv2, ivec + AES_BLOCK_SIZE); ++ load_block(iv, ivec); ++ load_block(iv2, ivec + AES_BLOCK_SIZE); + +- while (len) +- { +- load_block(tmp, in); +- tmp2 = tmp; +- for(n=0 ; n < N_WORDS; ++n) +- tmp.data[n] ^= iv2.data[n]; +- AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); +- for(n=0 ; n < N_WORDS; ++n) +- tmp.data[n] ^= iv.data[n]; +- store_block(out, tmp); +- iv = tmp2; +- iv2 = tmp; +- --len; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- memcpy(ivec, iv.data, AES_BLOCK_SIZE); +- memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); +- } +- } +- } ++ while (len) { ++ load_block(tmp, in); ++ tmp2 = tmp; ++ for (n = 0; n < N_WORDS; ++n) ++ tmp.data[n] ^= iv2.data[n]; ++ AES_decrypt((unsigned char *)tmp.data, ++ (unsigned char *)tmp.data, key); ++ for (n = 0; n < N_WORDS; ++n) ++ tmp.data[n] ^= iv.data[n]; ++ store_block(out, tmp); ++ iv = tmp2; ++ iv2 = tmp; ++ --len; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ memcpy(ivec, iv.data, AES_BLOCK_SIZE); ++ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); ++ } ++ } ++} + + /* + * Note that its effectively impossible to do biIGE in anything other +@@ -211,113 +206,118 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + /* N.B. The IV for this mode is _four times_ the block size */ + + void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- const AES_KEY *key2, const unsigned char *ivec, +- const int enc) +- { +- unsigned long n; +- unsigned long len = length; +- unsigned char tmp[AES_BLOCK_SIZE]; +- unsigned char tmp2[AES_BLOCK_SIZE]; +- unsigned char tmp3[AES_BLOCK_SIZE]; +- unsigned char prev[AES_BLOCK_SIZE]; +- const unsigned char *iv; +- const unsigned char *iv2; ++ const unsigned long length, const AES_KEY *key, ++ const AES_KEY *key2, const unsigned char *ivec, ++ const int enc) ++{ ++ unsigned long n; ++ unsigned long len = length; ++ unsigned char tmp[AES_BLOCK_SIZE]; ++ unsigned char tmp2[AES_BLOCK_SIZE]; ++ unsigned char tmp3[AES_BLOCK_SIZE]; ++ unsigned char prev[AES_BLOCK_SIZE]; ++ const unsigned char *iv; ++ const unsigned char *iv2; + +- OPENSSL_assert(in && out && key && ivec); +- OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); +- OPENSSL_assert((length%AES_BLOCK_SIZE) == 0); ++ OPENSSL_assert(in && out && key && ivec); ++ OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); ++ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); + +- if (AES_ENCRYPT == enc) +- { +- /* XXX: Do a separate case for when in != out (strictly should +- check for overlap, too) */ ++ if (AES_ENCRYPT == enc) { ++ /* ++ * XXX: Do a separate case for when in != out (strictly should check ++ * for overlap, too) ++ */ + +- /* First the forward pass */ +- iv = ivec; +- iv2 = ivec + AES_BLOCK_SIZE; +- while (len >= AES_BLOCK_SIZE) +- { +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- out[n] = in[n] ^ iv[n]; +- AES_encrypt(out, out, key); +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- out[n] ^= iv2[n]; +- iv = out; +- memcpy(prev, in, AES_BLOCK_SIZE); +- iv2 = prev; +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } ++ /* First the forward pass */ ++ iv = ivec; ++ iv2 = ivec + AES_BLOCK_SIZE; ++ while (len >= AES_BLOCK_SIZE) { ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] = in[n] ^ iv[n]; ++ AES_encrypt(out, out, key); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= iv2[n]; ++ iv = out; ++ memcpy(prev, in, AES_BLOCK_SIZE); ++ iv2 = prev; ++ len -= AES_BLOCK_SIZE; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } + +- /* And now backwards */ +- iv = ivec + AES_BLOCK_SIZE*2; +- iv2 = ivec + AES_BLOCK_SIZE*3; +- len = length; +- while(len >= AES_BLOCK_SIZE) +- { +- out -= AES_BLOCK_SIZE; +- /* XXX: reduce copies by alternating between buffers */ +- memcpy(tmp, out, AES_BLOCK_SIZE); +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- out[n] ^= iv[n]; +- /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */ +- AES_encrypt(out, out, key); +- /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ +- /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- out[n] ^= iv2[n]; +- /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ +- iv = out; +- memcpy(prev, tmp, AES_BLOCK_SIZE); +- iv2 = prev; +- len -= AES_BLOCK_SIZE; +- } +- } +- else +- { +- /* First backwards */ +- iv = ivec + AES_BLOCK_SIZE*2; +- iv2 = ivec + AES_BLOCK_SIZE*3; +- in += length; +- out += length; +- while (len >= AES_BLOCK_SIZE) +- { +- in -= AES_BLOCK_SIZE; +- out -= AES_BLOCK_SIZE; +- memcpy(tmp, in, AES_BLOCK_SIZE); +- memcpy(tmp2, in, AES_BLOCK_SIZE); +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- tmp[n] ^= iv2[n]; +- AES_decrypt(tmp, out, key); +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- out[n] ^= iv[n]; +- memcpy(tmp3, tmp2, AES_BLOCK_SIZE); +- iv = tmp3; +- iv2 = out; +- len -= AES_BLOCK_SIZE; +- } ++ /* And now backwards */ ++ iv = ivec + AES_BLOCK_SIZE * 2; ++ iv2 = ivec + AES_BLOCK_SIZE * 3; ++ len = length; ++ while (len >= AES_BLOCK_SIZE) { ++ out -= AES_BLOCK_SIZE; ++ /* ++ * XXX: reduce copies by alternating between buffers ++ */ ++ memcpy(tmp, out, AES_BLOCK_SIZE); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= iv[n]; ++ /* ++ * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); ++ */ ++ AES_encrypt(out, out, key); ++ /* ++ * hexdump(stdout,"enc", out, AES_BLOCK_SIZE); ++ */ ++ /* ++ * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); ++ */ ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= iv2[n]; ++ /* ++ * hexdump(stdout,"out", out, AES_BLOCK_SIZE); ++ */ ++ iv = out; ++ memcpy(prev, tmp, AES_BLOCK_SIZE); ++ iv2 = prev; ++ len -= AES_BLOCK_SIZE; ++ } ++ } else { ++ /* First backwards */ ++ iv = ivec + AES_BLOCK_SIZE * 2; ++ iv2 = ivec + AES_BLOCK_SIZE * 3; ++ in += length; ++ out += length; ++ while (len >= AES_BLOCK_SIZE) { ++ in -= AES_BLOCK_SIZE; ++ out -= AES_BLOCK_SIZE; ++ memcpy(tmp, in, AES_BLOCK_SIZE); ++ memcpy(tmp2, in, AES_BLOCK_SIZE); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ tmp[n] ^= iv2[n]; ++ AES_decrypt(tmp, out, key); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= iv[n]; ++ memcpy(tmp3, tmp2, AES_BLOCK_SIZE); ++ iv = tmp3; ++ iv2 = out; ++ len -= AES_BLOCK_SIZE; ++ } + +- /* And now forwards */ +- iv = ivec; +- iv2 = ivec + AES_BLOCK_SIZE; +- len = length; +- while (len >= AES_BLOCK_SIZE) +- { +- memcpy(tmp, out, AES_BLOCK_SIZE); +- memcpy(tmp2, out, AES_BLOCK_SIZE); +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- tmp[n] ^= iv2[n]; +- AES_decrypt(tmp, out, key); +- for(n=0 ; n < AES_BLOCK_SIZE ; ++n) +- out[n] ^= iv[n]; +- memcpy(tmp3, tmp2, AES_BLOCK_SIZE); +- iv = tmp3; +- iv2 = out; +- len -= AES_BLOCK_SIZE; +- in += AES_BLOCK_SIZE; +- out += AES_BLOCK_SIZE; +- } +- } +- } ++ /* And now forwards */ ++ iv = ivec; ++ iv2 = ivec + AES_BLOCK_SIZE; ++ len = length; ++ while (len >= AES_BLOCK_SIZE) { ++ memcpy(tmp, out, AES_BLOCK_SIZE); ++ memcpy(tmp2, out, AES_BLOCK_SIZE); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ tmp[n] ^= iv2[n]; ++ AES_decrypt(tmp, out, key); ++ for (n = 0; n < AES_BLOCK_SIZE; ++n) ++ out[n] ^= iv[n]; ++ memcpy(tmp3, tmp2, AES_BLOCK_SIZE); ++ iv = tmp3; ++ iv2 = out; ++ len -= AES_BLOCK_SIZE; ++ in += AES_BLOCK_SIZE; ++ out += AES_BLOCK_SIZE; ++ } ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +index 4fead1b..68a48ba 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,12 +53,13 @@ + #include + #include "aes_locl.h" + +-const char AES_version[]="AES" OPENSSL_VERSION_PTEXT; ++const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT; + +-const char *AES_options(void) { ++const char *AES_options(void) ++{ + #ifdef FULL_UNROLL +- return "aes(full)"; +-#else +- return "aes(partial)"; ++ return "aes(full)"; ++#else ++ return "aes(partial)"; + #endif + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +index f358bb3..07b2610 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,21 +54,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -83,10 +83,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -98,7 +98,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -115,28 +115,30 @@ + #include + #include "aes_locl.h" + +-/* The input and output encrypted as though 128bit ofb mode is being +- * used. The extra state information to record how much of the +- * 128bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 128bit ofb mode is being used. ++ * The extra state information to record how much of the 128bit block we have ++ * used is contained in *num; + */ + void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, +- const unsigned long length, const AES_KEY *key, +- unsigned char *ivec, int *num) { ++ const unsigned long length, const AES_KEY *key, ++ unsigned char *ivec, int *num) ++{ + +- unsigned int n; +- unsigned long l=length; ++ unsigned int n; ++ unsigned long l = length; + +- assert(in && out && key && ivec && num); ++ assert(in && out && key && ivec && num); + +- n = *num; ++ n = *num; + +- while (l--) { +- if (n == 0) { +- AES_encrypt(ivec, ivec, key); +- } +- *(out++) = *(in++) ^ ivec[n]; +- n = (n+1) % AES_BLOCK_SIZE; +- } ++ while (l--) { ++ if (n == 0) { ++ AES_encrypt(ivec, ivec, key); ++ } ++ *(out++) = *(in++) ^ ivec[n]; ++ n = (n + 1) % AES_BLOCK_SIZE; ++ } + +- *num=n; ++ *num = n; + } +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +index e2d73d3..b1ab8e2 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +@@ -1,5 +1,6 @@ + /* crypto/aes/aes_wrap.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,204 +57,194 @@ + #include + + static const unsigned char default_iv[] = { +- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, ++ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, + }; + + int AES_wrap_key(AES_KEY *key, const unsigned char *iv, +- unsigned char *out, +- const unsigned char *in, unsigned int inlen) +- { +- unsigned char *A, B[16], *R; +- unsigned int i, j, t; +- if ((inlen & 0x7) || (inlen < 8)) +- return -1; +- A = B; +- t = 1; +- memcpy(out + 8, in, inlen); +- if (!iv) +- iv = default_iv; +- +- memcpy(A, iv, 8); +- +- for (j = 0; j < 6; j++) +- { +- R = out + 8; +- for (i = 0; i < inlen; i += 8, t++, R += 8) +- { +- memcpy(B + 8, R, 8); +- AES_encrypt(B, B, key); +- A[7] ^= (unsigned char)(t & 0xff); +- if (t > 0xff) +- { +- A[6] ^= (unsigned char)((t >> 8) & 0xff); +- A[5] ^= (unsigned char)((t >> 16) & 0xff); +- A[4] ^= (unsigned char)((t >> 24) & 0xff); +- } +- memcpy(R, B + 8, 8); +- } +- } +- memcpy(out, A, 8); +- return inlen + 8; +- } ++ unsigned char *out, ++ const unsigned char *in, unsigned int inlen) ++{ ++ unsigned char *A, B[16], *R; ++ unsigned int i, j, t; ++ if ((inlen & 0x7) || (inlen < 8)) ++ return -1; ++ A = B; ++ t = 1; ++ memcpy(out + 8, in, inlen); ++ if (!iv) ++ iv = default_iv; ++ ++ memcpy(A, iv, 8); ++ ++ for (j = 0; j < 6; j++) { ++ R = out + 8; ++ for (i = 0; i < inlen; i += 8, t++, R += 8) { ++ memcpy(B + 8, R, 8); ++ AES_encrypt(B, B, key); ++ A[7] ^= (unsigned char)(t & 0xff); ++ if (t > 0xff) { ++ A[6] ^= (unsigned char)((t >> 8) & 0xff); ++ A[5] ^= (unsigned char)((t >> 16) & 0xff); ++ A[4] ^= (unsigned char)((t >> 24) & 0xff); ++ } ++ memcpy(R, B + 8, 8); ++ } ++ } ++ memcpy(out, A, 8); ++ return inlen + 8; ++} + + int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, +- unsigned char *out, +- const unsigned char *in, unsigned int inlen) +- { +- unsigned char *A, B[16], *R; +- unsigned int i, j, t; +- inlen -= 8; +- if (inlen & 0x7) +- return -1; +- if (inlen < 8) +- return -1; +- A = B; +- t = 6 * (inlen >> 3); +- memcpy(A, in, 8); +- memcpy(out, in + 8, inlen); +- for (j = 0; j < 6; j++) +- { +- R = out + inlen - 8; +- for (i = 0; i < inlen; i += 8, t--, R -= 8) +- { +- A[7] ^= (unsigned char)(t & 0xff); +- if (t > 0xff) +- { +- A[6] ^= (unsigned char)((t >> 8) & 0xff); +- A[5] ^= (unsigned char)((t >> 16) & 0xff); +- A[4] ^= (unsigned char)((t >> 24) & 0xff); +- } +- memcpy(B + 8, R, 8); +- AES_decrypt(B, B, key); +- memcpy(R, B + 8, 8); +- } +- } +- if (!iv) +- iv = default_iv; +- if (memcmp(A, iv, 8)) +- { +- OPENSSL_cleanse(out, inlen); +- return 0; +- } +- return inlen; +- } ++ unsigned char *out, ++ const unsigned char *in, unsigned int inlen) ++{ ++ unsigned char *A, B[16], *R; ++ unsigned int i, j, t; ++ inlen -= 8; ++ if (inlen & 0x7) ++ return -1; ++ if (inlen < 8) ++ return -1; ++ A = B; ++ t = 6 * (inlen >> 3); ++ memcpy(A, in, 8); ++ memcpy(out, in + 8, inlen); ++ for (j = 0; j < 6; j++) { ++ R = out + inlen - 8; ++ for (i = 0; i < inlen; i += 8, t--, R -= 8) { ++ A[7] ^= (unsigned char)(t & 0xff); ++ if (t > 0xff) { ++ A[6] ^= (unsigned char)((t >> 8) & 0xff); ++ A[5] ^= (unsigned char)((t >> 16) & 0xff); ++ A[4] ^= (unsigned char)((t >> 24) & 0xff); ++ } ++ memcpy(B + 8, R, 8); ++ AES_decrypt(B, B, key); ++ memcpy(R, B + 8, 8); ++ } ++ } ++ if (!iv) ++ iv = default_iv; ++ if (memcmp(A, iv, 8)) { ++ OPENSSL_cleanse(out, inlen); ++ return 0; ++ } ++ return inlen; ++} + + #ifdef AES_WRAP_TEST + + int AES_wrap_unwrap_test(const unsigned char *kek, int keybits, +- const unsigned char *iv, +- const unsigned char *eout, +- const unsigned char *key, int keylen) +- { +- unsigned char *otmp = NULL, *ptmp = NULL; +- int r, ret = 0; +- AES_KEY wctx; +- otmp = OPENSSL_malloc(keylen + 8); +- ptmp = OPENSSL_malloc(keylen); +- if (!otmp || !ptmp) +- return 0; +- if (AES_set_encrypt_key(kek, keybits, &wctx)) +- goto err; +- r = AES_wrap_key(&wctx, iv, otmp, key, keylen); +- if (r <= 0) +- goto err; +- +- if (eout && memcmp(eout, otmp, keylen)) +- goto err; +- +- if (AES_set_decrypt_key(kek, keybits, &wctx)) +- goto err; +- r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); +- +- if (memcmp(key, ptmp, keylen)) +- goto err; +- +- ret = 1; +- +- err: +- if (otmp) +- OPENSSL_free(otmp); +- if (ptmp) +- OPENSSL_free(ptmp); +- +- return ret; +- +- } +- ++ const unsigned char *iv, ++ const unsigned char *eout, ++ const unsigned char *key, int keylen) ++{ ++ unsigned char *otmp = NULL, *ptmp = NULL; ++ int r, ret = 0; ++ AES_KEY wctx; ++ otmp = OPENSSL_malloc(keylen + 8); ++ ptmp = OPENSSL_malloc(keylen); ++ if (!otmp || !ptmp) ++ return 0; ++ if (AES_set_encrypt_key(kek, keybits, &wctx)) ++ goto err; ++ r = AES_wrap_key(&wctx, iv, otmp, key, keylen); ++ if (r <= 0) ++ goto err; ++ ++ if (eout && memcmp(eout, otmp, keylen)) ++ goto err; ++ ++ if (AES_set_decrypt_key(kek, keybits, &wctx)) ++ goto err; ++ r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r); ++ ++ if (memcmp(key, ptmp, keylen)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (otmp) ++ OPENSSL_free(otmp); ++ if (ptmp) ++ OPENSSL_free(ptmp); ++ ++ return ret; + ++} + + int main(int argc, char **argv) + { + +-static const unsigned char kek[] = { +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f +-}; +- +-static const unsigned char key[] = { +- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, +- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +-}; +- +-static const unsigned char e1[] = { +- 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, +- 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, +- 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 +-}; +- +-static const unsigned char e2[] = { +- 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, +- 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, +- 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d +-}; +- +-static const unsigned char e3[] = { +- 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, +- 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, +- 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 +-}; +- +-static const unsigned char e4[] = { +- 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, +- 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, +- 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, +- 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 +-}; +- +-static const unsigned char e5[] = { +- 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, +- 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, +- 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, +- 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 +-}; +- +-static const unsigned char e6[] = { +- 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, +- 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, +- 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, +- 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, +- 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 +-}; +- +- AES_KEY wctx, xctx; +- int ret; +- ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); +- fprintf(stderr, "Key test result %d\n", ret); +- ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); +- fprintf(stderr, "Key test result %d\n", ret); ++ static const unsigned char kek[] = { ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, ++ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, ++ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f ++ }; ++ ++ static const unsigned char key[] = { ++ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, ++ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, ++ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, ++ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f ++ }; ++ ++ static const unsigned char e1[] = { ++ 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47, ++ 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82, ++ 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5 ++ }; ++ ++ static const unsigned char e2[] = { ++ 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35, ++ 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2, ++ 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d ++ }; ++ ++ static const unsigned char e3[] = { ++ 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2, ++ 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a, ++ 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7 ++ }; ++ ++ static const unsigned char e4[] = { ++ 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32, ++ 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc, ++ 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93, ++ 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2 ++ }; ++ ++ static const unsigned char e5[] = { ++ 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f, ++ 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4, ++ 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95, ++ 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1 ++ }; ++ ++ static const unsigned char e6[] = { ++ 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4, ++ 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26, ++ 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26, ++ 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b, ++ 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21 ++ }; ++ ++ AES_KEY wctx, xctx; ++ int ret; ++ ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16); ++ fprintf(stderr, "Key test result %d\n", ret); ++ ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16); ++ fprintf(stderr, "Key test result %d\n", ret); ++ ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16); ++ fprintf(stderr, "Key test result %d\n", ret); ++ ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24); ++ fprintf(stderr, "Key test result %d\n", ret); ++ ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24); ++ fprintf(stderr, "Key test result %d\n", ret); ++ ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32); ++ fprintf(stderr, "Key test result %d\n", ret); + } +- +- ++ + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +index 0fb9ce0..ef1caa4 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,165 +61,176 @@ + #include + + int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) +-{ return M_ASN1_BIT_STRING_set(x, d, len); } ++{ ++ return M_ASN1_BIT_STRING_set(x, d, len); ++} + + int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) +- { +- int ret,j,bits,len; +- unsigned char *p,*d; +- +- if (a == NULL) return(0); +- +- len=a->length; +- +- if (len > 0) +- { +- if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) +- { +- bits=(int)a->flags&0x07; +- } +- else +- { +- for ( ; len > 0; len--) +- { +- if (a->data[len-1]) break; +- } +- j=a->data[len-1]; +- if (j & 0x01) bits=0; +- else if (j & 0x02) bits=1; +- else if (j & 0x04) bits=2; +- else if (j & 0x08) bits=3; +- else if (j & 0x10) bits=4; +- else if (j & 0x20) bits=5; +- else if (j & 0x40) bits=6; +- else if (j & 0x80) bits=7; +- else bits=0; /* should not happen */ +- } +- } +- else +- bits=0; +- +- ret=1+len; +- if (pp == NULL) return(ret); +- +- p= *pp; +- +- *(p++)=(unsigned char)bits; +- d=a->data; +- memcpy(p,d,len); +- p+=len; +- if (len > 0) p[-1]&=(0xff<length; ++ ++ if (len > 0) { ++ if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) { ++ bits = (int)a->flags & 0x07; ++ } else { ++ for (; len > 0; len--) { ++ if (a->data[len - 1]) ++ break; ++ } ++ j = a->data[len - 1]; ++ if (j & 0x01) ++ bits = 0; ++ else if (j & 0x02) ++ bits = 1; ++ else if (j & 0x04) ++ bits = 2; ++ else if (j & 0x08) ++ bits = 3; ++ else if (j & 0x10) ++ bits = 4; ++ else if (j & 0x20) ++ bits = 5; ++ else if (j & 0x40) ++ bits = 6; ++ else if (j & 0x80) ++ bits = 7; ++ else ++ bits = 0; /* should not happen */ ++ } ++ } else ++ bits = 0; ++ ++ ret = 1 + len; ++ if (pp == NULL) ++ return (ret); ++ ++ p = *pp; ++ ++ *(p++) = (unsigned char)bits; ++ d = a->data; ++ memcpy(p, d, len); ++ p += len; ++ if (len > 0) ++ p[-1] &= (0xff << bits); ++ *pp = p; ++ return (ret); ++} + + ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, +- const unsigned char **pp, long len) +- { +- ASN1_BIT_STRING *ret=NULL; +- const unsigned char *p; +- unsigned char *s; +- int i; +- +- if (len < 1) +- { +- i=ASN1_R_STRING_TOO_SHORT; +- goto err; +- } +- +- if ((a == NULL) || ((*a) == NULL)) +- { +- if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); +- } +- else +- ret=(*a); +- +- p= *pp; +- i= *(p++); +- /* We do this to preserve the settings. If we modify +- * the settings, via the _set_bit function, we will recalculate +- * on output */ +- ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ +- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ +- +- if (len-- > 1) /* using one because of the bits left byte */ +- { +- s=(unsigned char *)OPENSSL_malloc((int)len); +- if (s == NULL) +- { +- i=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- memcpy(s,p,(int)len); +- s[len-1]&=(0xff<length=(int)len; +- if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->data=s; +- ret->type=V_ASN1_BIT_STRING; +- if (a != NULL) (*a)=ret; +- *pp=p; +- return(ret); +-err: +- ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- M_ASN1_BIT_STRING_free(ret); +- return(NULL); +- } +- +-/* These next 2 functions from Goetz Babin-Ebell ++ const unsigned char **pp, long len) ++{ ++ ASN1_BIT_STRING *ret = NULL; ++ const unsigned char *p; ++ unsigned char *s; ++ int i; ++ ++ if (len < 1) { ++ i = ASN1_R_STRING_TOO_SHORT; ++ goto err; ++ } ++ ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = M_ASN1_BIT_STRING_new()) == NULL) ++ return (NULL); ++ } else ++ ret = (*a); ++ ++ p = *pp; ++ i = *(p++); ++ if (i > 7) { ++ i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT; ++ goto err; ++ } ++ /* ++ * We do this to preserve the settings. If we modify the settings, via ++ * the _set_bit function, we will recalculate on output ++ */ ++ ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ ++ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ ++ ++ if (len-- > 1) { /* using one because of the bits left byte */ ++ s = (unsigned char *)OPENSSL_malloc((int)len); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ memcpy(s, p, (int)len); ++ s[len - 1] &= (0xff << i); ++ p += len; ++ } else ++ s = NULL; ++ ++ ret->length = (int)len; ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->data = s; ++ ret->type = V_ASN1_BIT_STRING; ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_BIT_STRING_free(ret); ++ return (NULL); ++} ++ ++/* ++ * These next 2 functions from Goetz Babin-Ebell + */ + int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) +- { +- int w,v,iv; +- unsigned char *c; +- +- w=n/8; +- v=1<<(7-(n&0x07)); +- iv= ~v; +- if (!value) v=0; +- +- if (a == NULL) +- return 0; +- +- a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ +- +- if ((a->length < (w+1)) || (a->data == NULL)) +- { +- if (!value) return(1); /* Don't need to set */ +- if (a->data == NULL) +- c=(unsigned char *)OPENSSL_malloc(w+1); +- else +- c=(unsigned char *)OPENSSL_realloc_clean(a->data, +- a->length, +- w+1); +- if (c == NULL) +- { +- ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); +- a->data=c; +- a->length=w+1; +- } +- a->data[w]=((a->data[w])&iv)|v; +- while ((a->length > 0) && (a->data[a->length-1] == 0)) +- a->length--; +- return(1); +- } ++{ ++ int w, v, iv; ++ unsigned char *c; ++ ++ w = n / 8; ++ v = 1 << (7 - (n & 0x07)); ++ iv = ~v; ++ if (!value) ++ v = 0; ++ ++ if (a == NULL) ++ return 0; ++ ++ a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ ++ ++ if ((a->length < (w + 1)) || (a->data == NULL)) { ++ if (!value) ++ return (1); /* Don't need to set */ ++ if (a->data == NULL) ++ c = (unsigned char *)OPENSSL_malloc(w + 1); ++ else ++ c = (unsigned char *)OPENSSL_realloc_clean(a->data, ++ a->length, w + 1); ++ if (c == NULL) { ++ ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (w + 1 - a->length > 0) ++ memset(c + a->length, 0, w + 1 - a->length); ++ a->data = c; ++ a->length = w + 1; ++ } ++ a->data[w] = ((a->data[w]) & iv) | v; ++ while ((a->length > 0) && (a->data[a->length - 1] == 0)) ++ a->length--; ++ return (1); ++} + + int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) +- { +- int w,v; +- +- w=n/8; +- v=1<<(7-(n&0x07)); +- if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL)) +- return(0); +- return((a->data[w]&v) != 0); +- } +- ++{ ++ int w, v; ++ ++ w = n / 8; ++ v = 1 << (7 - (n & 0x07)); ++ if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) ++ return (0); ++ return ((a->data[w] & v) != 0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c +index 331acdf..1b85bc9 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,54 +61,51 @@ + #include + + int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) +- { +- int r; +- unsigned char *p; ++{ ++ int r; ++ unsigned char *p; + +- r=ASN1_object_size(0,1,V_ASN1_BOOLEAN); +- if (pp == NULL) return(r); +- p= *pp; ++ r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); ++ if (pp == NULL) ++ return (r); ++ p = *pp; + +- ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL); +- *(p++)= (unsigned char)a; +- *pp=p; +- return(r); +- } ++ ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); ++ *(p++) = (unsigned char)a; ++ *pp = p; ++ return (r); ++} + + int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) +- { +- int ret= -1; +- const unsigned char *p; +- long len; +- int inf,tag,xclass; +- int i=0; +- +- p= *pp; +- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); +- if (inf & 0x80) +- { +- i=ASN1_R_BAD_OBJECT_HEADER; +- goto err; +- } +- +- if (tag != V_ASN1_BOOLEAN) +- { +- i=ASN1_R_EXPECTING_A_BOOLEAN; +- goto err; +- } ++{ ++ int ret = -1; ++ const unsigned char *p; ++ long len; ++ int inf, tag, xclass; ++ int i = 0; + +- if (len != 1) +- { +- i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH; +- goto err; +- } +- ret= (int)*(p++); +- if (a != NULL) (*a)=ret; +- *pp=p; +- return(ret); +-err: +- ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i); +- return(ret); +- } ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) { ++ i = ASN1_R_BAD_OBJECT_HEADER; ++ goto err; ++ } + ++ if (tag != V_ASN1_BOOLEAN) { ++ i = ASN1_R_EXPECTING_A_BOOLEAN; ++ goto err; ++ } + ++ if (len != 1) { ++ i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; ++ goto err; ++ } ++ ret = (int)*(p++); ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c +index 92d630c..12715a7 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,254 +61,246 @@ + #include + + static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c); +-/* type is a 'bitmap' of acceptable string types. ++/* ++ * type is a 'bitmap' of acceptable string types. + */ + ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, +- long length, int type) +- { +- ASN1_STRING *ret=NULL; +- const unsigned char *p; +- unsigned char *s; +- long len; +- int inf,tag,xclass; +- int i=0; ++ long length, int type) ++{ ++ ASN1_STRING *ret = NULL; ++ const unsigned char *p; ++ unsigned char *s; ++ long len; ++ int inf, tag, xclass; ++ int i = 0; + +- p= *pp; +- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); +- if (inf & 0x80) goto err; ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) ++ goto err; + +- if (tag >= 32) +- { +- i=ASN1_R_TAG_VALUE_TOO_HIGH; +- goto err; +- } +- if (!(ASN1_tag2bit(tag) & type)) +- { +- i=ASN1_R_WRONG_TYPE; +- goto err; +- } ++ if (tag >= 32) { ++ i = ASN1_R_TAG_VALUE_TOO_HIGH; ++ goto err; ++ } ++ if (!(ASN1_tag2bit(tag) & type)) { ++ i = ASN1_R_WRONG_TYPE; ++ goto err; ++ } + +- /* If a bit-string, exit early */ +- if (tag == V_ASN1_BIT_STRING) +- return(d2i_ASN1_BIT_STRING(a,pp,length)); ++ /* If a bit-string, exit early */ ++ if (tag == V_ASN1_BIT_STRING) ++ return (d2i_ASN1_BIT_STRING(a, pp, length)); + +- if ((a == NULL) || ((*a) == NULL)) +- { +- if ((ret=ASN1_STRING_new()) == NULL) return(NULL); +- } +- else +- ret=(*a); ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = ASN1_STRING_new()) == NULL) ++ return (NULL); ++ } else ++ ret = (*a); + +- if (len != 0) +- { +- s=(unsigned char *)OPENSSL_malloc((int)len+1); +- if (s == NULL) +- { +- i=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- memcpy(s,p,(int)len); +- s[len]='\0'; +- p+=len; +- } +- else +- s=NULL; ++ if (len != 0) { ++ s = (unsigned char *)OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ memcpy(s, p, (int)len); ++ s[len] = '\0'; ++ p += len; ++ } else ++ s = NULL; + +- if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->length=(int)len; +- ret->data=s; +- ret->type=tag; +- if (a != NULL) (*a)=ret; +- *pp=p; +- return(ret); +-err: +- ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- ASN1_STRING_free(ret); +- return(NULL); +- } ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->length = (int)len; ++ ret->data = s; ++ ret->type = tag; ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ ASN1_STRING_free(ret); ++ return (NULL); ++} + + int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) +- { +- int ret,r,constructed; +- unsigned char *p; ++{ ++ int ret, r, constructed; ++ unsigned char *p; + +- if (a == NULL) return(0); ++ if (a == NULL) ++ return (0); + +- if (tag == V_ASN1_BIT_STRING) +- return(i2d_ASN1_BIT_STRING(a,pp)); +- +- ret=a->length; +- r=ASN1_object_size(0,ret,tag); +- if (pp == NULL) return(r); +- p= *pp; ++ if (tag == V_ASN1_BIT_STRING) ++ return (i2d_ASN1_BIT_STRING(a, pp)); + +- if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) +- constructed=1; +- else +- constructed=0; +- ASN1_put_object(&p,constructed,ret,tag,xclass); +- memcpy(p,a->data,a->length); +- p+=a->length; +- *pp= p; +- return(r); +- } ++ ret = a->length; ++ r = ASN1_object_size(0, ret, tag); ++ if (pp == NULL) ++ return (r); ++ p = *pp; + +-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, +- long length, int Ptag, int Pclass) +- { +- ASN1_STRING *ret=NULL; +- const unsigned char *p; +- unsigned char *s; +- long len; +- int inf,tag,xclass; +- int i=0; ++ if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) ++ constructed = 1; ++ else ++ constructed = 0; ++ ASN1_put_object(&p, constructed, ret, tag, xclass); ++ memcpy(p, a->data, a->length); ++ p += a->length; ++ *pp = p; ++ return (r); ++} + +- if ((a == NULL) || ((*a) == NULL)) +- { +- if ((ret=ASN1_STRING_new()) == NULL) return(NULL); +- } +- else +- ret=(*a); ++ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, ++ long length, int Ptag, int Pclass) ++{ ++ ASN1_STRING *ret = NULL; ++ const unsigned char *p; ++ unsigned char *s; ++ long len; ++ int inf, tag, xclass; ++ int i = 0; + +- p= *pp; +- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); +- if (inf & 0x80) +- { +- i=ASN1_R_BAD_OBJECT_HEADER; +- goto err; +- } ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = ASN1_STRING_new()) == NULL) ++ return (NULL); ++ } else ++ ret = (*a); + +- if (tag != Ptag) +- { +- i=ASN1_R_WRONG_TAG; +- goto err; +- } ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) { ++ i = ASN1_R_BAD_OBJECT_HEADER; ++ goto err; ++ } + +- if (inf & V_ASN1_CONSTRUCTED) +- { +- ASN1_const_CTX c; ++ if (tag != Ptag) { ++ i = ASN1_R_WRONG_TAG; ++ goto err; ++ } + +- c.pp=pp; +- c.p=p; +- c.inf=inf; +- c.slen=len; +- c.tag=Ptag; +- c.xclass=Pclass; +- c.max=(length == 0)?0:(p+length); +- if (!asn1_collate_primitive(ret,&c)) +- goto err; +- else +- { +- p=c.p; +- } +- } +- else +- { +- if (len != 0) +- { +- if ((ret->length < len) || (ret->data == NULL)) +- { +- if (ret->data != NULL) OPENSSL_free(ret->data); +- s=(unsigned char *)OPENSSL_malloc((int)len + 1); +- if (s == NULL) +- { +- i=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- } +- else +- s=ret->data; +- memcpy(s,p,(int)len); +- s[len] = '\0'; +- p+=len; +- } +- else +- { +- s=NULL; +- if (ret->data != NULL) OPENSSL_free(ret->data); +- } ++ if (inf & V_ASN1_CONSTRUCTED) { ++ ASN1_const_CTX c; + +- ret->length=(int)len; +- ret->data=s; +- ret->type=Ptag; +- } ++ c.pp = pp; ++ c.p = p; ++ c.inf = inf; ++ c.slen = len; ++ c.tag = Ptag; ++ c.xclass = Pclass; ++ c.max = (length == 0) ? 0 : (p + length); ++ if (!asn1_collate_primitive(ret, &c)) ++ goto err; ++ else { ++ p = c.p; ++ } ++ } else { ++ if (len != 0) { ++ if ((ret->length < len) || (ret->data == NULL)) { ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ s = (unsigned char *)OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ } else ++ s = ret->data; ++ memcpy(s, p, (int)len); ++ s[len] = '\0'; ++ p += len; ++ } else { ++ s = NULL; ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ } + +- if (a != NULL) (*a)=ret; +- *pp=p; +- return(ret); +-err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- ASN1_STRING_free(ret); +- ASN1err(ASN1_F_D2I_ASN1_BYTES,i); +- return(NULL); +- } ++ ret->length = (int)len; ++ ret->data = s; ++ ret->type = Ptag; ++ } + ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ ASN1_STRING_free(ret); ++ ASN1err(ASN1_F_D2I_ASN1_BYTES, i); ++ return (NULL); ++} + +-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse +- * them into the one structure that is then returned */ +-/* There have been a few bug fixes for this function from +- * Paul Keogh , many thanks to him */ ++/* ++ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them ++ * into the one structure that is then returned ++ */ ++/* ++ * There have been a few bug fixes for this function from Paul Keogh ++ * , many thanks to him ++ */ + static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c) +- { +- ASN1_STRING *os=NULL; +- BUF_MEM b; +- int num; +- +- b.length=0; +- b.max=0; +- b.data=NULL; ++{ ++ ASN1_STRING *os = NULL; ++ BUF_MEM b; ++ int num; + +- if (a == NULL) +- { +- c->error=ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } ++ b.length = 0; ++ b.max = 0; ++ b.data = NULL; + +- num=0; +- for (;;) +- { +- if (c->inf & 1) +- { +- c->eos=ASN1_const_check_infinite_end(&c->p, +- (long)(c->max-c->p)); +- if (c->eos) break; +- } +- else +- { +- if (c->slen <= 0) break; +- } ++ if (a == NULL) { ++ c->error = ERR_R_PASSED_NULL_PARAMETER; ++ goto err; ++ } + +- c->q=c->p; +- if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) +- == NULL) +- { +- c->error=ERR_R_ASN1_LIB; +- goto err; +- } ++ num = 0; ++ for (;;) { ++ if (c->inf & 1) { ++ c->eos = ASN1_const_check_infinite_end(&c->p, ++ (long)(c->max - c->p)); ++ if (c->eos) ++ break; ++ } else { ++ if (c->slen <= 0) ++ break; ++ } + +- if (!BUF_MEM_grow_clean(&b,num+os->length)) +- { +- c->error=ERR_R_BUF_LIB; +- goto err; +- } +- memcpy(&(b.data[num]),os->data,os->length); +- if (!(c->inf & 1)) +- c->slen-=(c->p-c->q); +- num+=os->length; +- } ++ c->q = c->p; ++ if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass) ++ == NULL) { ++ c->error = ERR_R_ASN1_LIB; ++ goto err; ++ } + +- if (!asn1_const_Finish(c)) goto err; ++ if (!BUF_MEM_grow_clean(&b, num + os->length)) { ++ c->error = ERR_R_BUF_LIB; ++ goto err; ++ } ++ memcpy(&(b.data[num]), os->data, os->length); ++ if (!(c->inf & 1)) ++ c->slen -= (c->p - c->q); ++ num += os->length; ++ } + +- a->length=num; +- if (a->data != NULL) OPENSSL_free(a->data); +- a->data=(unsigned char *)b.data; +- if (os != NULL) ASN1_STRING_free(os); +- return(1); +-err: +- ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error); +- if (os != NULL) ASN1_STRING_free(os); +- if (b.data != NULL) OPENSSL_free(b.data); +- return(0); +- } ++ if (!asn1_const_Finish(c)) ++ goto err; + ++ a->length = num; ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ a->data = (unsigned char *)b.data; ++ if (os != NULL) ++ ASN1_STRING_free(os); ++ return (1); ++ err: ++ ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error); ++ if (os != NULL) ++ ASN1_STRING_free(os); ++ if (b.data != NULL) ++ OPENSSL_free(b.data); ++ return (0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c +index 52b2ebd..a1864b4 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,222 +65,204 @@ + static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + + #ifndef NO_OLD_ASN1 +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + +-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) +- { +- BIO *b; +- void *ret; ++void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) ++{ ++ BIO *b; ++ void *ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); +- return(NULL); +- } +- BIO_set_fp(b,in,BIO_NOCLOSE); +- ret=ASN1_d2i_bio(xnew,d2i,b,x); +- BIO_free(b); +- return(ret); +- } +-#endif ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB); ++ return (NULL); ++ } ++ BIO_set_fp(b, in, BIO_NOCLOSE); ++ ret = ASN1_d2i_bio(xnew, d2i, b, x); ++ BIO_free(b); ++ return (ret); ++} ++# endif + +-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) +- { +- BUF_MEM *b = NULL; +- const unsigned char *p; +- void *ret=NULL; +- int len; ++void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) ++{ ++ BUF_MEM *b = NULL; ++ const unsigned char *p; ++ void *ret = NULL; ++ int len; + +- len = asn1_d2i_read_bio(in, &b); +- if(len < 0) goto err; ++ len = asn1_d2i_read_bio(in, &b); ++ if (len < 0) ++ goto err; + +- p=(unsigned char *)b->data; +- ret=d2i(x,&p,len); +-err: +- if (b != NULL) BUF_MEM_free(b); +- return(ret); +- } ++ p = (unsigned char *)b->data; ++ ret = d2i(x, &p, len); ++ err: ++ if (b != NULL) ++ BUF_MEM_free(b); ++ return (ret); ++} + + #endif + + void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +- { +- BUF_MEM *b = NULL; +- const unsigned char *p; +- void *ret=NULL; +- int len; ++{ ++ BUF_MEM *b = NULL; ++ const unsigned char *p; ++ void *ret = NULL; ++ int len; + +- len = asn1_d2i_read_bio(in, &b); +- if(len < 0) goto err; ++ len = asn1_d2i_read_bio(in, &b); ++ if (len < 0) ++ goto err; + +- p=(const unsigned char *)b->data; +- ret=ASN1_item_d2i(x,&p,len, it); +-err: +- if (b != NULL) BUF_MEM_free(b); +- return(ret); +- } ++ p = (const unsigned char *)b->data; ++ ret = ASN1_item_d2i(x, &p, len, it); ++ err: ++ if (b != NULL) ++ BUF_MEM_free(b); ++ return (ret); ++} + + #ifndef OPENSSL_NO_FP_API + void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +- { +- BIO *b; +- char *ret; ++{ ++ BIO *b; ++ char *ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB); +- return(NULL); +- } +- BIO_set_fp(b,in,BIO_NOCLOSE); +- ret=ASN1_item_d2i_bio(it,b,x); +- BIO_free(b); +- return(ret); +- } ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB); ++ return (NULL); ++ } ++ BIO_set_fp(b, in, BIO_NOCLOSE); ++ ret = ASN1_item_d2i_bio(it, b, x); ++ BIO_free(b); ++ return (ret); ++} + #endif + + #define HEADER_SIZE 8 + static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) +- { +- BUF_MEM *b; +- unsigned char *p; +- int i; +- ASN1_const_CTX c; +- size_t want=HEADER_SIZE; +- int eos=0; +- size_t off=0; +- size_t len=0; ++{ ++ BUF_MEM *b; ++ unsigned char *p; ++ int i; ++ ASN1_const_CTX c; ++ size_t want = HEADER_SIZE; ++ int eos = 0; ++ size_t off = 0; ++ size_t len = 0; + +- b=BUF_MEM_new(); +- if (b == NULL) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); +- return -1; +- } ++ b = BUF_MEM_new(); ++ if (b == NULL) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } + +- ERR_clear_error(); +- for (;;) +- { +- if (want >= (len-off)) +- { +- want-=(len-off); ++ ERR_clear_error(); ++ for (;;) { ++ if (want >= (len - off)) { ++ want -= (len - off); + +- if (len + want < len || !BUF_MEM_grow_clean(b,len+want)) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- i=BIO_read(in,&(b->data[len]),want); +- if ((i < 0) && ((len-off) == 0)) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA); +- goto err; +- } +- if (i > 0) +- { +- if (len+i < len) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +- goto err; +- } +- len+=i; +- } +- } +- /* else data already loaded */ ++ if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ i = BIO_read(in, &(b->data[len]), want); ++ if ((i < 0) && ((len - off) == 0)) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); ++ goto err; ++ } ++ if (i > 0) { ++ if (len + i < len) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ++ goto err; ++ } ++ len += i; ++ } ++ } ++ /* else data already loaded */ + +- p=(unsigned char *)&(b->data[off]); +- c.p=p; +- c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass), +- len-off); +- if (c.inf & 0x80) +- { +- unsigned long e; ++ p = (unsigned char *)&(b->data[off]); ++ c.p = p; ++ c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass), ++ len - off); ++ if (c.inf & 0x80) { ++ unsigned long e; + +- e=ERR_GET_REASON(ERR_peek_error()); +- if (e != ASN1_R_TOO_LONG) +- goto err; +- else +- ERR_clear_error(); /* clear error */ +- } +- i=c.p-p;/* header length */ +- off+=i; /* end of data */ ++ e = ERR_GET_REASON(ERR_peek_error()); ++ if (e != ASN1_R_TOO_LONG) ++ goto err; ++ else ++ ERR_clear_error(); /* clear error */ ++ } ++ i = c.p - p; /* header length */ ++ off += i; /* end of data */ + +- if (c.inf & 1) +- { +- /* no data body so go round again */ +- eos++; +- if (eos < 0) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG); +- goto err; +- } +- want=HEADER_SIZE; +- } +- else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) +- { +- /* eos value, so go back and read another header */ +- eos--; +- if (eos <= 0) +- break; +- else +- want=HEADER_SIZE; +- } +- else +- { +- /* suck in c.slen bytes of data */ +- want=c.slen; +- if (want > (len-off)) +- { +- want-=(len-off); +- if (want > INT_MAX /* BIO_read takes an int length */ || +- len+want < len) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +- goto err; +- } +- if (!BUF_MEM_grow_clean(b,len+want)) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- while (want > 0) +- { +- i=BIO_read(in,&(b->data[len]),want); +- if (i <= 0) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO, +- ASN1_R_NOT_ENOUGH_DATA); +- goto err; +- } +- /* This can't overflow because +- * |len+want| didn't overflow. */ +- len+=i; +- want-=i; +- } +- } +- if (off + c.slen < off) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +- goto err; +- } +- off+=c.slen; +- if (eos <= 0) +- { +- break; +- } +- else +- want=HEADER_SIZE; +- } +- } ++ if (c.inf & 1) { ++ /* no data body so go round again */ ++ eos++; ++ if (eos < 0) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); ++ goto err; ++ } ++ want = HEADER_SIZE; ++ } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) { ++ /* eos value, so go back and read another header */ ++ eos--; ++ if (eos <= 0) ++ break; ++ else ++ want = HEADER_SIZE; ++ } else { ++ /* suck in c.slen bytes of data */ ++ want = c.slen; ++ if (want > (len - off)) { ++ want -= (len - off); ++ if (want > INT_MAX /* BIO_read takes an int length */ || ++ len + want < len) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ++ goto err; ++ } ++ if (!BUF_MEM_grow_clean(b, len + want)) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ while (want > 0) { ++ i = BIO_read(in, &(b->data[len]), want); ++ if (i <= 0) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ++ ASN1_R_NOT_ENOUGH_DATA); ++ goto err; ++ } ++ /* ++ * This can't overflow because |len+want| didn't ++ * overflow. ++ */ ++ len += i; ++ want -= i; ++ } ++ } ++ if (off + c.slen < off) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ++ goto err; ++ } ++ off += c.slen; ++ if (eos <= 0) { ++ break; ++ } else ++ want = HEADER_SIZE; ++ } ++ } + +- if (off > INT_MAX) +- { +- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG); +- goto err; +- } ++ if (off > INT_MAX) { ++ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); ++ goto err; ++ } + +- *pb = b; +- return off; +-err: +- if (b != NULL) BUF_MEM_free(b); +- return -1; +- } ++ *pb = b; ++ return off; ++ err: ++ if (b != NULL) ++ BUF_MEM_free(b); ++ return -1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +index d00d9e2..2c0a9ba 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -73,39 +73,37 @@ + #ifndef NO_ASN1_OLD + + int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, +- unsigned char *md, unsigned int *len) +- { +- int i; +- unsigned char *str,*p; ++ unsigned char *md, unsigned int *len) ++{ ++ int i; ++ unsigned char *str, *p; + +- i=i2d(data,NULL); +- if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) +- { +- ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- p=str; +- i2d(data,&p); ++ i = i2d(data, NULL); ++ if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) { ++ ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ p = str; ++ i2d(data, &p); + +- EVP_Digest(str, i, md, len, type, NULL); +- OPENSSL_free(str); +- return(1); +- } ++ EVP_Digest(str, i, md, len, type, NULL); ++ OPENSSL_free(str); ++ return (1); ++} + + #endif + +- + int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, +- unsigned char *md, unsigned int *len) +- { +- int i; +- unsigned char *str = NULL; +- +- i=ASN1_item_i2d(asn,&str, it); +- if (!str) return(0); ++ unsigned char *md, unsigned int *len) ++{ ++ int i; ++ unsigned char *str = NULL; + +- EVP_Digest(str, i, md, len, type, NULL); +- OPENSSL_free(str); +- return(1); +- } ++ i = ASN1_item_i2d(asn, &str, it); ++ if (!str) ++ return (0); + ++ EVP_Digest(str, i, md, len, type, NULL); ++ OPENSSL_free(str); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +index 199d50f..35e6540 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,47 +63,55 @@ + #ifndef NO_OLD_ASN1 + + void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x) +- { +- unsigned char *b,*p; +- const unsigned char *p2; +- int i; +- char *ret; ++{ ++ unsigned char *b, *p; ++ const unsigned char *p2; ++ int i; ++ char *ret; + +- if (x == NULL) return(NULL); ++ if (x == NULL) ++ return (NULL); + +- i=i2d(x,NULL); +- b=OPENSSL_malloc(i+10); +- if (b == NULL) +- { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } +- p= b; +- i=i2d(x,&p); +- p2= b; +- ret=d2i(NULL,&p2,i); +- OPENSSL_free(b); +- return(ret); +- } ++ i = i2d(x, NULL); ++ b = OPENSSL_malloc(i + 10); ++ if (b == NULL) { ++ ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ p = b; ++ i = i2d(x, &p); ++ p2 = b; ++ ret = d2i(NULL, &p2, i); ++ OPENSSL_free(b); ++ return (ret); ++} + + #endif + +-/* ASN1_ITEM version of dup: this follows the model above except we don't need +- * to allocate the buffer. At some point this could be rewritten to directly dup +- * the underlying structure instead of doing and encode and decode. ++/* ++ * ASN1_ITEM version of dup: this follows the model above except we don't ++ * need to allocate the buffer. At some point this could be rewritten to ++ * directly dup the underlying structure instead of doing and encode and ++ * decode. + */ + + void *ASN1_item_dup(const ASN1_ITEM *it, void *x) +- { +- unsigned char *b = NULL; +- const unsigned char *p; +- long i; +- void *ret; ++{ ++ unsigned char *b = NULL; ++ const unsigned char *p; ++ long i; ++ void *ret; + +- if (x == NULL) return(NULL); ++ if (x == NULL) ++ return (NULL); + +- i=ASN1_item_i2d(x,&b,it); +- if (b == NULL) +- { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } +- p= b; +- ret=ASN1_item_d2i(NULL,&p,i, it); +- OPENSSL_free(b); +- return(ret); +- } ++ i = ASN1_item_i2d(x, &b, it); ++ if (b == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ p = b; ++ ret = ASN1_item_d2i(NULL, &p, i, it); ++ OPENSSL_free(b); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c +index fe9aa13..c3498ac 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,122 +61,121 @@ + #include + #include + +-/* ++/* + * Code for ENUMERATED type: identical to INTEGER apart from a different tag. + * for comments on encoding see a_int.c + */ + + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) +- { +- int j,k; +- unsigned int i; +- unsigned char buf[sizeof(long)+1]; +- long d; ++{ ++ int j, k; ++ unsigned int i; ++ unsigned char buf[sizeof(long) + 1]; ++ long d; + +- a->type=V_ASN1_ENUMERATED; +- if (a->length < (int)(sizeof(long)+1)) +- { +- if (a->data != NULL) +- OPENSSL_free(a->data); +- if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) +- memset((char *)a->data,0,sizeof(long)+1); +- } +- if (a->data == NULL) +- { +- ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- d=v; +- if (d < 0) +- { +- d= -d; +- a->type=V_ASN1_NEG_ENUMERATED; +- } ++ a->type = V_ASN1_ENUMERATED; ++ if (a->length < (int)(sizeof(long) + 1)) { ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ if ((a->data = ++ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) ++ memset((char *)a->data, 0, sizeof(long) + 1); ++ } ++ if (a->data == NULL) { ++ ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ d = v; ++ if (d < 0) { ++ d = -d; ++ a->type = V_ASN1_NEG_ENUMERATED; ++ } + +- for (i=0; i>=8; +- } +- j=0; +- for (k=i-1; k >=0; k--) +- a->data[j++]=buf[k]; +- a->length=j; +- return(1); +- } ++ for (i = 0; i < sizeof(long); i++) { ++ if (d == 0) ++ break; ++ buf[i] = (int)d & 0xff; ++ d >>= 8; ++ } ++ j = 0; ++ for (k = i - 1; k >= 0; k--) ++ a->data[j++] = buf[k]; ++ a->length = j; ++ return (1); ++} + + long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) +- { +- int neg=0,i; +- long r=0; ++{ ++ int neg = 0, i; ++ long r = 0; ++ ++ if (a == NULL) ++ return (0L); ++ i = a->type; ++ if (i == V_ASN1_NEG_ENUMERATED) ++ neg = 1; ++ else if (i != V_ASN1_ENUMERATED) ++ return -1; + +- if (a == NULL) return(0L); +- i=a->type; +- if (i == V_ASN1_NEG_ENUMERATED) +- neg=1; +- else if (i != V_ASN1_ENUMERATED) +- return -1; +- +- if (a->length > (int)sizeof(long)) +- { +- /* hmm... a bit ugly */ +- return(0xffffffffL); +- } +- if (a->data == NULL) +- return 0; ++ if (a->length > (int)sizeof(long)) { ++ /* hmm... a bit ugly */ ++ return (0xffffffffL); ++ } ++ if (a->data == NULL) ++ return 0; + +- for (i=0; ilength; i++) +- { +- r<<=8; +- r|=(unsigned char)a->data[i]; +- } +- if (neg) r= -r; +- return(r); +- } ++ for (i = 0; i < a->length; i++) { ++ r <<= 8; ++ r |= (unsigned char)a->data[i]; ++ } ++ if (neg) ++ r = -r; ++ return (r); ++} + + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) +- { +- ASN1_ENUMERATED *ret; +- int len,j; ++{ ++ ASN1_ENUMERATED *ret; ++ int len, j; + +- if (ai == NULL) +- ret=M_ASN1_ENUMERATED_new(); +- else +- ret=ai; +- if (ret == NULL) +- { +- ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED; +- else ret->type=V_ASN1_ENUMERATED; +- j=BN_num_bits(bn); +- len=((j == 0)?0:((j/8)+1)); +- if (ret->length < len+4) +- { +- unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); +- if (!new_data) +- { +- ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ret->data=new_data; +- } ++ if (ai == NULL) ++ ret = M_ASN1_ENUMERATED_new(); ++ else ++ ret = ai; ++ if (ret == NULL) { ++ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ if (BN_is_negative(bn)) ++ ret->type = V_ASN1_NEG_ENUMERATED; ++ else ++ ret->type = V_ASN1_ENUMERATED; ++ j = BN_num_bits(bn); ++ len = ((j == 0) ? 0 : ((j / 8) + 1)); ++ if (ret->length < len + 4) { ++ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); ++ if (!new_data) { ++ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ret->data = new_data; ++ } + +- ret->length=BN_bn2bin(bn,ret->data); +- return(ret); +-err: +- if (ret != ai) M_ASN1_ENUMERATED_free(ret); +- return(NULL); +- } ++ ret->length = BN_bn2bin(bn, ret->data); ++ return (ret); ++ err: ++ if (ret != ai) ++ M_ASN1_ENUMERATED_free(ret); ++ return (NULL); ++} + + BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) +- { +- BIGNUM *ret; ++{ ++ BIGNUM *ret; + +- if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) +- ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); +- else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1); +- return(ret); +- } ++ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) ++ ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); ++ else if (ai->type == V_ASN1_NEG_ENUMERATED) ++ BN_set_negative(ret, 1); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +index def7906..b504f2e 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,14 +49,16 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ ++/* ++ * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME ++ */ + + #include + #include +@@ -67,180 +69,187 @@ + #if 0 + + int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) +- { +-#ifdef CHARSET_EBCDIC +- /* KLUDGE! We convert to ascii before writing DER */ +- int len; +- char tmp[24]; +- ASN1_STRING tmpstr = *(ASN1_STRING *)a; +- +- len = tmpstr.length; +- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); +- tmpstr.data = tmp; +- +- a = (ASN1_GENERALIZEDTIME *) &tmpstr; +-#endif +- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, +- V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL)); +- } +- ++{ ++# ifdef CHARSET_EBCDIC ++ /* KLUDGE! We convert to ascii before writing DER */ ++ int len; ++ char tmp[24]; ++ ASN1_STRING tmpstr = *(ASN1_STRING *)a; ++ ++ len = tmpstr.length; ++ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ++ tmpstr.data = tmp; ++ ++ a = (ASN1_GENERALIZEDTIME *)&tmpstr; ++# endif ++ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, ++ V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); ++} + + ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, +- unsigned char **pp, long length) +- { +- ASN1_GENERALIZEDTIME *ret=NULL; +- +- ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, +- V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); +- if (ret == NULL) +- { +- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR); +- return(NULL); +- } +-#ifdef CHARSET_EBCDIC +- ascii2ebcdic(ret->data, ret->data, ret->length); +-#endif +- if (!ASN1_GENERALIZEDTIME_check(ret)) +- { +- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT); +- goto err; +- } +- +- return(ret); +-err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- M_ASN1_GENERALIZEDTIME_free(ret); +- return(NULL); +- } ++ unsigned char **pp, ++ long length) ++{ ++ ASN1_GENERALIZEDTIME *ret = NULL; ++ ++ ret = ++ (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, ++ V_ASN1_GENERALIZEDTIME, ++ V_ASN1_UNIVERSAL); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); ++ return (NULL); ++ } ++# ifdef CHARSET_EBCDIC ++ ascii2ebcdic(ret->data, ret->data, ret->length); ++# endif ++ if (!ASN1_GENERALIZEDTIME_check(ret)) { ++ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); ++ goto err; ++ } ++ ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_GENERALIZEDTIME_free(ret); ++ return (NULL); ++} + + #endif + + int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) +- { +- static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; +- static int max[9]={99, 99,12,31,23,59,59,12,59}; +- char *a; +- int n,i,l,o; +- +- if (d->type != V_ASN1_GENERALIZEDTIME) return(0); +- l=d->length; +- a=(char *)d->data; +- o=0; +- /* GENERALIZEDTIME is similar to UTCTIME except the year is +- * represented as YYYY. This stuff treats everything as a two digit +- * field so make first two fields 00 to 99 +- */ +- if (l < 13) goto err; +- for (i=0; i<7; i++) +- { +- if ((i == 6) && ((a[o] == 'Z') || +- (a[o] == '+') || (a[o] == '-'))) +- { i++; break; } +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n= a[o]-'0'; +- if (++o > l) goto err; +- +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n=(n*10)+ a[o]-'0'; +- if (++o > l) goto err; +- +- if ((n < min[i]) || (n > max[i])) goto err; +- } +- /* Optional fractional seconds: decimal point followed by one +- * or more digits. +- */ +- if (a[o] == '.') +- { +- if (++o > l) goto err; +- i = o; +- while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) +- o++; +- /* Must have at least one digit after decimal point */ +- if (i == o) goto err; +- } +- +- if (a[o] == 'Z') +- o++; +- else if ((a[o] == '+') || (a[o] == '-')) +- { +- o++; +- if (o+4 > l) goto err; +- for (i=7; i<9; i++) +- { +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n= a[o]-'0'; +- o++; +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n=(n*10)+ a[o]-'0'; +- if ((n < min[i]) || (n > max[i])) goto err; +- o++; +- } +- } +- return(o == l); +-err: +- return(0); +- } ++{ ++ static int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; ++ static int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; ++ char *a; ++ int n, i, l, o; ++ ++ if (d->type != V_ASN1_GENERALIZEDTIME) ++ return (0); ++ l = d->length; ++ a = (char *)d->data; ++ o = 0; ++ /* ++ * GENERALIZEDTIME is similar to UTCTIME except the year is represented ++ * as YYYY. This stuff treats everything as a two digit field so make ++ * first two fields 00 to 99 ++ */ ++ if (l < 13) ++ goto err; ++ for (i = 0; i < 7; i++) { ++ if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { ++ i++; ++ break; ++ } ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = a[o] - '0'; ++ if (++o > l) ++ goto err; ++ ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = (n * 10) + a[o] - '0'; ++ if (++o > l) ++ goto err; ++ ++ if ((n < min[i]) || (n > max[i])) ++ goto err; ++ } ++ /* ++ * Optional fractional seconds: decimal point followed by one or more ++ * digits. ++ */ ++ if (a[o] == '.') { ++ if (++o > l) ++ goto err; ++ i = o; ++ while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) ++ o++; ++ /* Must have at least one digit after decimal point */ ++ if (i == o) ++ goto err; ++ } ++ ++ if (a[o] == 'Z') ++ o++; ++ else if ((a[o] == '+') || (a[o] == '-')) { ++ o++; ++ if (o + 4 > l) ++ goto err; ++ for (i = 7; i < 9; i++) { ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = a[o] - '0'; ++ o++; ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = (n * 10) + a[o] - '0'; ++ if ((n < min[i]) || (n > max[i])) ++ goto err; ++ o++; ++ } ++ } ++ return (o == l); ++ err: ++ return (0); ++} + + int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) +- { +- ASN1_GENERALIZEDTIME t; +- +- t.type=V_ASN1_GENERALIZEDTIME; +- t.length=strlen(str); +- t.data=(unsigned char *)str; +- if (ASN1_GENERALIZEDTIME_check(&t)) +- { +- if (s != NULL) +- { +- if (!ASN1_STRING_set((ASN1_STRING *)s, +- (unsigned char *)str,t.length)) +- return 0; +- s->type=V_ASN1_GENERALIZEDTIME; +- } +- return(1); +- } +- else +- return(0); +- } ++{ ++ ASN1_GENERALIZEDTIME t; ++ ++ t.type = V_ASN1_GENERALIZEDTIME; ++ t.length = strlen(str); ++ t.data = (unsigned char *)str; ++ if (ASN1_GENERALIZEDTIME_check(&t)) { ++ if (s != NULL) { ++ if (!ASN1_STRING_set((ASN1_STRING *)s, ++ (unsigned char *)str, t.length)) ++ return 0; ++ s->type = V_ASN1_GENERALIZEDTIME; ++ } ++ return (1); ++ } else ++ return (0); ++} + + ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +- time_t t) +- { +- char *p; +- struct tm *ts; +- struct tm data; +- size_t len = 20; +- +- if (s == NULL) +- s=M_ASN1_GENERALIZEDTIME_new(); +- if (s == NULL) +- return(NULL); +- +- ts=OPENSSL_gmtime(&t, &data); +- if (ts == NULL) +- return(NULL); +- +- p=(char *)s->data; +- if ((p == NULL) || ((size_t)s->length < len)) +- { +- p=OPENSSL_malloc(len); +- if (p == NULL) +- { +- ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- if (s->data != NULL) +- OPENSSL_free(s->data); +- s->data=(unsigned char *)p; +- } +- +- BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, +- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); +- s->length=strlen(p); +- s->type=V_ASN1_GENERALIZEDTIME; ++ time_t t) ++{ ++ char *p; ++ struct tm *ts; ++ struct tm data; ++ size_t len = 20; ++ ++ if (s == NULL) ++ s = M_ASN1_GENERALIZEDTIME_new(); ++ if (s == NULL) ++ return (NULL); ++ ++ ts = OPENSSL_gmtime(&t, &data); ++ if (ts == NULL) ++ return (NULL); ++ ++ p = (char *)s->data; ++ if ((p == NULL) || ((size_t)s->length < len)) { ++ p = OPENSSL_malloc(len); ++ if (p == NULL) { ++ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ if (s->data != NULL) ++ OPENSSL_free(s->data); ++ s->data = (unsigned char *)p; ++ } ++ ++ BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, ++ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ++ ts->tm_sec); ++ s->length = strlen(p); ++ s->type = V_ASN1_GENERALIZEDTIME; + #ifdef CHARSET_EBCDIC_not +- ebcdic2ascii(s->data, s->data, s->length); ++ ebcdic2ascii(s->data, s->data, s->length); + #endif +- return(s); +- } ++ return (s); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c +index d1c2a7b..e67afdc 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,59 +61,58 @@ + #include + #include + +-int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp) +- { +- M_ASN1_I2D_vars(a); ++int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp) ++{ ++ M_ASN1_I2D_vars(a); + +- M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING); +- M_ASN1_I2D_len(a->data, a->meth->i2d); ++ M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING); ++ M_ASN1_I2D_len(a->data, a->meth->i2d); + +- M_ASN1_I2D_seq_total(); ++ M_ASN1_I2D_seq_total(); + +- M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING); +- M_ASN1_I2D_put(a->data, a->meth->i2d); ++ M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING); ++ M_ASN1_I2D_put(a->data, a->meth->i2d); + +- M_ASN1_I2D_finish(); +- } ++ M_ASN1_I2D_finish(); ++} + +-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp, +- long length) +- { +- M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new); ++ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp, ++ long length) ++{ ++ M_ASN1_D2I_vars(a, ASN1_HEADER *, ASN1_HEADER_new); + +- M_ASN1_D2I_Init(); +- M_ASN1_D2I_start_sequence(); +- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING); +- if (ret->meth != NULL) +- { +- M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i); +- } +- else +- { +- if (a != NULL) (*a)=ret; +- return(ret); +- } +- M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER); +- } ++ M_ASN1_D2I_Init(); ++ M_ASN1_D2I_start_sequence(); ++ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING); ++ if (ret->meth != NULL) { ++ M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i); ++ } else { ++ if (a != NULL) ++ (*a) = ret; ++ return (ret); ++ } ++ M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER); ++} + + ASN1_HEADER *ASN1_HEADER_new(void) +- { +- ASN1_HEADER *ret=NULL; +- ASN1_CTX c; ++{ ++ ASN1_HEADER *ret = NULL; ++ ASN1_CTX c; + +- M_ASN1_New_Malloc(ret,ASN1_HEADER); +- M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new); +- ret->meth=NULL; +- ret->data=NULL; +- return(ret); +- M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW); +- } ++ M_ASN1_New_Malloc(ret, ASN1_HEADER); ++ M_ASN1_New(ret->header, M_ASN1_OCTET_STRING_new); ++ ret->meth = NULL; ++ ret->data = NULL; ++ return (ret); ++ M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW); ++} + +-void ASN1_HEADER_free(ASN1_HEADER *a) +- { +- if (a == NULL) return; +- M_ASN1_OCTET_STRING_free(a->header); +- if (a->meth != NULL) +- a->meth->destroy(a->data); +- OPENSSL_free(a); +- } ++void ASN1_HEADER_free(ASN1_HEADER * a) ++{ ++ if (a == NULL) ++ return; ++ M_ASN1_OCTET_STRING_free(a->header); ++ if (a->meth != NULL) ++ a->meth->destroy(a->data); ++ OPENSSL_free(a); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c +index a3ad76d..0f56cd4 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,101 +63,95 @@ + + #ifndef NO_OLD_ASN1 + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) +- { +- BIO *b; +- int ret; ++{ ++ BIO *b; ++ int ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,out,BIO_NOCLOSE); +- ret=ASN1_i2d_bio(i2d,b,x); +- BIO_free(b); +- return(ret); +- } +-#endif ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, out, BIO_NOCLOSE); ++ ret = ASN1_i2d_bio(i2d, b, x); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) +- { +- char *b; +- unsigned char *p; +- int i,j=0,n,ret=1; ++{ ++ char *b; ++ unsigned char *p; ++ int i, j = 0, n, ret = 1; ++ ++ n = i2d(x, NULL); ++ b = (char *)OPENSSL_malloc(n); ++ if (b == NULL) { ++ ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } + +- n=i2d(x,NULL); +- b=(char *)OPENSSL_malloc(n); +- if (b == NULL) +- { +- ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); +- return(0); +- } ++ p = (unsigned char *)b; ++ i2d(x, &p); + +- p=(unsigned char *)b; +- i2d(x,&p); +- +- for (;;) +- { +- i=BIO_write(out,&(b[j]),n); +- if (i == n) break; +- if (i <= 0) +- { +- ret=0; +- break; +- } +- j+=i; +- n-=i; +- } +- OPENSSL_free(b); +- return(ret); +- } ++ for (;;) { ++ i = BIO_write(out, &(b[j]), n); ++ if (i == n) ++ break; ++ if (i <= 0) { ++ ret = 0; ++ break; ++ } ++ j += i; ++ n -= i; ++ } ++ OPENSSL_free(b); ++ return (ret); ++} + + #endif + + #ifndef OPENSSL_NO_FP_API + int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) +- { +- BIO *b; +- int ret; ++{ ++ BIO *b; ++ int ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,out,BIO_NOCLOSE); +- ret=ASN1_item_i2d_bio(it,b,x); +- BIO_free(b); +- return(ret); +- } ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, out, BIO_NOCLOSE); ++ ret = ASN1_item_i2d_bio(it, b, x); ++ BIO_free(b); ++ return (ret); ++} + #endif + + int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) +- { +- unsigned char *b = NULL; +- int i,j=0,n,ret=1; ++{ ++ unsigned char *b = NULL; ++ int i, j = 0, n, ret = 1; + +- n = ASN1_item_i2d(x, &b, it); +- if (b == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE); +- return(0); +- } ++ n = ASN1_item_i2d(x, &b, it); ++ if (b == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } + +- for (;;) +- { +- i=BIO_write(out,&(b[j]),n); +- if (i == n) break; +- if (i <= 0) +- { +- ret=0; +- break; +- } +- j+=i; +- n-=i; +- } +- OPENSSL_free(b); +- return(ret); +- } ++ for (;;) { ++ i = BIO_write(out, &(b[j]), n); ++ if (i == n) ++ break; ++ if (i <= 0) { ++ ret = 0; ++ break; ++ } ++ j += i; ++ n -= i; ++ } ++ OPENSSL_free(b); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +index ee26c31..b788617 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,45 +62,45 @@ + #include + + ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) +-{ return M_ASN1_INTEGER_dup(x);} ++{ ++ return M_ASN1_INTEGER_dup(x); ++} + + int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) +- { +- int neg, ret; +- /* Compare signs */ +- neg = x->type & V_ASN1_NEG; +- if (neg != (y->type & V_ASN1_NEG)) +- { +- if (neg) +- return -1; +- else +- return 1; +- } +- +- ret = ASN1_STRING_cmp(x, y); +- +- if (neg) +- return -ret; +- else +- return ret; +- } +- +- +-/* ++{ ++ int neg, ret; ++ /* Compare signs */ ++ neg = x->type & V_ASN1_NEG; ++ if (neg != (y->type & V_ASN1_NEG)) { ++ if (neg) ++ return -1; ++ else ++ return 1; ++ } ++ ++ ret = ASN1_STRING_cmp(x, y); ++ ++ if (neg) ++ return -ret; ++ else ++ return ret; ++} ++ ++/*- + * This converts an ASN1 INTEGER into its content encoding. + * The internal representation is an ASN1_STRING whose data is a big endian + * representation of the value, ignoring the sign. The sign is determined by +- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. ++ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * + * Positive integers are no problem: they are almost the same as the DER + * encoding, except if the first byte is >= 0x80 we need to add a zero pad. + * + * Negative integers are a bit trickier... + * The DER representation of negative integers is in 2s complement form. +- * The internal form is converted by complementing each octet and finally ++ * The internal form is converted by complementing each octet and finally + * adding one to the result. This can be done less messily with a little trick. + * If the internal form has trailing zeroes then they will become FF by the +- * complement and 0 by the add one (due to carry) so just copy as many trailing ++ * complement and 0 by the add one (due to carry) so just copy as many trailing + * zeros to the destination as there are in the source. The carry will add one + * to the last none zero octet: so complement this octet and add one and finally + * complement any left over until you get to the start of the string. +@@ -112,347 +112,351 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) + */ + + int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +- { +- int pad=0,ret,i,neg; +- unsigned char *p,*n,pb=0; +- +- if (a == NULL) return(0); +- neg=a->type & V_ASN1_NEG; +- if (a->length == 0) +- ret=1; +- else +- { +- ret=a->length; +- i=a->data[0]; +- if (!neg && (i > 127)) { +- pad=1; +- pb=0; +- } else if(neg) { +- if(i>128) { +- pad=1; +- pb=0xFF; +- } else if(i == 128) { +- /* +- * Special case: if any other bytes non zero we pad: +- * otherwise we don't. +- */ +- for(i = 1; i < a->length; i++) if(a->data[i]) { +- pad=1; +- pb=0xFF; +- break; +- } +- } +- } +- ret+=pad; +- } +- if (pp == NULL) return(ret); +- p= *pp; +- +- if (pad) *(p++)=pb; +- if (a->length == 0) *(p++)=0; +- else if (!neg) memcpy(p,a->data,(unsigned int)a->length); +- else { +- /* Begin at the end of the encoding */ +- n=a->data + a->length - 1; +- p += a->length - 1; +- i = a->length; +- /* Copy zeros to destination as long as source is zero */ +- while(!*n) { +- *(p--) = 0; +- n--; +- i--; +- } +- /* Complement and increment next octet */ +- *(p--) = ((*(n--)) ^ 0xff) + 1; +- i--; +- /* Complement any octets left */ +- for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; +- } +- +- *pp+=ret; +- return(ret); +- } ++{ ++ int pad = 0, ret, i, neg; ++ unsigned char *p, *n, pb = 0; ++ ++ if (a == NULL) ++ return (0); ++ neg = a->type & V_ASN1_NEG; ++ if (a->length == 0) ++ ret = 1; ++ else { ++ ret = a->length; ++ i = a->data[0]; ++ if (!neg && (i > 127)) { ++ pad = 1; ++ pb = 0; ++ } else if (neg) { ++ if (i > 128) { ++ pad = 1; ++ pb = 0xFF; ++ } else if (i == 128) { ++ /* ++ * Special case: if any other bytes non zero we pad: ++ * otherwise we don't. ++ */ ++ for (i = 1; i < a->length; i++) ++ if (a->data[i]) { ++ pad = 1; ++ pb = 0xFF; ++ break; ++ } ++ } ++ } ++ ret += pad; ++ } ++ if (pp == NULL) ++ return (ret); ++ p = *pp; ++ ++ if (pad) ++ *(p++) = pb; ++ if (a->length == 0) ++ *(p++) = 0; ++ else if (!neg) ++ memcpy(p, a->data, (unsigned int)a->length); ++ else { ++ /* Begin at the end of the encoding */ ++ n = a->data + a->length - 1; ++ p += a->length - 1; ++ i = a->length; ++ /* Copy zeros to destination as long as source is zero */ ++ while (!*n) { ++ *(p--) = 0; ++ n--; ++ i--; ++ } ++ /* Complement and increment next octet */ ++ *(p--) = ((*(n--)) ^ 0xff) + 1; ++ i--; ++ /* Complement any octets left */ ++ for (; i > 0; i--) ++ *(p--) = *(n--) ^ 0xff; ++ } ++ ++ *pp += ret; ++ return (ret); ++} + + /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ + + ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, +- long len) +- { +- ASN1_INTEGER *ret=NULL; +- const unsigned char *p, *pend; +- unsigned char *to,*s; +- int i; +- +- if ((a == NULL) || ((*a) == NULL)) +- { +- if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); +- ret->type=V_ASN1_INTEGER; +- } +- else +- ret=(*a); +- +- p= *pp; +- pend = p + len; +- +- /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it +- * signifies a missing NULL parameter. */ +- s=(unsigned char *)OPENSSL_malloc((int)len+1); +- if (s == NULL) +- { +- i=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- to=s; +- if(!len) { +- /* Strictly speaking this is an illegal INTEGER but we +- * tolerate it. +- */ +- ret->type=V_ASN1_INTEGER; +- } else if (*p & 0x80) /* a negative number */ +- { +- ret->type=V_ASN1_NEG_INTEGER; +- if ((*p == 0xff) && (len != 1)) { +- p++; +- len--; +- } +- i = len; +- p += i - 1; +- to += i - 1; +- while((!*p) && i) { +- *(to--) = 0; +- i--; +- p--; +- } +- /* Special case: if all zeros then the number will be of +- * the form FF followed by n zero bytes: this corresponds to +- * 1 followed by n zero bytes. We've already written n zeros +- * so we just append an extra one and set the first byte to +- * a 1. This is treated separately because it is the only case +- * where the number of bytes is larger than len. +- */ +- if(!i) { +- *s = 1; +- s[len] = 0; +- len++; +- } else { +- *(to--) = (*(p--) ^ 0xff) + 1; +- i--; +- for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; +- } +- } else { +- ret->type=V_ASN1_INTEGER; +- if ((*p == 0) && (len != 1)) +- { +- p++; +- len--; +- } +- memcpy(s,p,(int)len); +- } +- +- if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->data=s; +- ret->length=(int)len; +- if (a != NULL) (*a)=ret; +- *pp=pend; +- return(ret); +-err: +- ASN1err(ASN1_F_C2I_ASN1_INTEGER,i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- M_ASN1_INTEGER_free(ret); +- return(NULL); +- } +- +- +-/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of +- * ASN1 integers: some broken software can encode a positive INTEGER +- * with its MSB set as negative (it doesn't add a padding zero). ++ long len) ++{ ++ ASN1_INTEGER *ret = NULL; ++ const unsigned char *p, *pend; ++ unsigned char *to, *s; ++ int i; ++ ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = M_ASN1_INTEGER_new()) == NULL) ++ return (NULL); ++ ret->type = V_ASN1_INTEGER; ++ } else ++ ret = (*a); ++ ++ p = *pp; ++ pend = p + len; ++ ++ /* ++ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies ++ * a missing NULL parameter. ++ */ ++ s = (unsigned char *)OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ to = s; ++ if (!len) { ++ /* ++ * Strictly speaking this is an illegal INTEGER but we tolerate it. ++ */ ++ ret->type = V_ASN1_INTEGER; ++ } else if (*p & 0x80) { /* a negative number */ ++ ret->type = V_ASN1_NEG_INTEGER; ++ if ((*p == 0xff) && (len != 1)) { ++ p++; ++ len--; ++ } ++ i = len; ++ p += i - 1; ++ to += i - 1; ++ while ((!*p) && i) { ++ *(to--) = 0; ++ i--; ++ p--; ++ } ++ /* ++ * Special case: if all zeros then the number will be of the form FF ++ * followed by n zero bytes: this corresponds to 1 followed by n zero ++ * bytes. We've already written n zeros so we just append an extra ++ * one and set the first byte to a 1. This is treated separately ++ * because it is the only case where the number of bytes is larger ++ * than len. ++ */ ++ if (!i) { ++ *s = 1; ++ s[len] = 0; ++ len++; ++ } else { ++ *(to--) = (*(p--) ^ 0xff) + 1; ++ i--; ++ for (; i > 0; i--) ++ *(to--) = *(p--) ^ 0xff; ++ } ++ } else { ++ ret->type = V_ASN1_INTEGER; ++ if ((*p == 0) && (len != 1)) { ++ p++; ++ len--; ++ } ++ memcpy(s, p, (int)len); ++ } ++ ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->data = s; ++ ret->length = (int)len; ++ if (a != NULL) ++ (*a) = ret; ++ *pp = pend; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_INTEGER_free(ret); ++ return (NULL); ++} ++ ++/* ++ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1 ++ * integers: some broken software can encode a positive INTEGER with its MSB ++ * set as negative (it doesn't add a padding zero). + */ + + ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, +- long length) +- { +- ASN1_INTEGER *ret=NULL; +- const unsigned char *p; +- unsigned char *s; +- long len; +- int inf,tag,xclass; +- int i; +- +- if ((a == NULL) || ((*a) == NULL)) +- { +- if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); +- ret->type=V_ASN1_INTEGER; +- } +- else +- ret=(*a); +- +- p= *pp; +- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); +- if (inf & 0x80) +- { +- i=ASN1_R_BAD_OBJECT_HEADER; +- goto err; +- } +- +- if (tag != V_ASN1_INTEGER) +- { +- i=ASN1_R_EXPECTING_AN_INTEGER; +- goto err; +- } +- +- /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it +- * signifies a missing NULL parameter. */ +- s=(unsigned char *)OPENSSL_malloc((int)len+1); +- if (s == NULL) +- { +- i=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- ret->type=V_ASN1_INTEGER; +- if(len) { +- if ((*p == 0) && (len != 1)) +- { +- p++; +- len--; +- } +- memcpy(s,p,(int)len); +- p+=len; +- } +- +- if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->data=s; +- ret->length=(int)len; +- if (a != NULL) (*a)=ret; +- *pp=p; +- return(ret); +-err: +- ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- M_ASN1_INTEGER_free(ret); +- return(NULL); +- } ++ long length) ++{ ++ ASN1_INTEGER *ret = NULL; ++ const unsigned char *p; ++ unsigned char *s; ++ long len; ++ int inf, tag, xclass; ++ int i; ++ ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = M_ASN1_INTEGER_new()) == NULL) ++ return (NULL); ++ ret->type = V_ASN1_INTEGER; ++ } else ++ ret = (*a); ++ ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) { ++ i = ASN1_R_BAD_OBJECT_HEADER; ++ goto err; ++ } ++ ++ if (tag != V_ASN1_INTEGER) { ++ i = ASN1_R_EXPECTING_AN_INTEGER; ++ goto err; ++ } ++ ++ /* ++ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies ++ * a missing NULL parameter. ++ */ ++ s = (unsigned char *)OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ret->type = V_ASN1_INTEGER; ++ if (len) { ++ if ((*p == 0) && (len != 1)) { ++ p++; ++ len--; ++ } ++ memcpy(s, p, (int)len); ++ p += len; ++ } ++ ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->data = s; ++ ret->length = (int)len; ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_INTEGER_free(ret); ++ return (NULL); ++} + + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +- { +- int j,k; +- unsigned int i; +- unsigned char buf[sizeof(long)+1]; +- long d; +- +- a->type=V_ASN1_INTEGER; +- if (a->length < (int)(sizeof(long)+1)) +- { +- if (a->data != NULL) +- OPENSSL_free(a->data); +- if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) +- memset((char *)a->data,0,sizeof(long)+1); +- } +- if (a->data == NULL) +- { +- ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- d=v; +- if (d < 0) +- { +- d= -d; +- a->type=V_ASN1_NEG_INTEGER; +- } +- +- for (i=0; i>=8; +- } +- j=0; +- for (k=i-1; k >=0; k--) +- a->data[j++]=buf[k]; +- a->length=j; +- return(1); +- } ++{ ++ int j, k; ++ unsigned int i; ++ unsigned char buf[sizeof(long) + 1]; ++ long d; ++ ++ a->type = V_ASN1_INTEGER; ++ if (a->length < (int)(sizeof(long) + 1)) { ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ if ((a->data = ++ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) ++ memset((char *)a->data, 0, sizeof(long) + 1); ++ } ++ if (a->data == NULL) { ++ ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ d = v; ++ if (d < 0) { ++ d = -d; ++ a->type = V_ASN1_NEG_INTEGER; ++ } ++ ++ for (i = 0; i < sizeof(long); i++) { ++ if (d == 0) ++ break; ++ buf[i] = (int)d & 0xff; ++ d >>= 8; ++ } ++ j = 0; ++ for (k = i - 1; k >= 0; k--) ++ a->data[j++] = buf[k]; ++ a->length = j; ++ return (1); ++} + + long ASN1_INTEGER_get(ASN1_INTEGER *a) +- { +- int neg=0,i; +- long r=0; +- +- if (a == NULL) return(0L); +- i=a->type; +- if (i == V_ASN1_NEG_INTEGER) +- neg=1; +- else if (i != V_ASN1_INTEGER) +- return -1; +- +- if (a->length > (int)sizeof(long)) +- { +- /* hmm... a bit ugly */ +- return(0xffffffffL); +- } +- if (a->data == NULL) +- return 0; +- +- for (i=0; ilength; i++) +- { +- r<<=8; +- r|=(unsigned char)a->data[i]; +- } +- if (neg) r= -r; +- return(r); +- } ++{ ++ int neg = 0, i; ++ long r = 0; ++ ++ if (a == NULL) ++ return (0L); ++ i = a->type; ++ if (i == V_ASN1_NEG_INTEGER) ++ neg = 1; ++ else if (i != V_ASN1_INTEGER) ++ return -1; ++ ++ if (a->length > (int)sizeof(long)) { ++ /* hmm... a bit ugly */ ++ return (0xffffffffL); ++ } ++ if (a->data == NULL) ++ return 0; ++ ++ for (i = 0; i < a->length; i++) { ++ r <<= 8; ++ r |= (unsigned char)a->data[i]; ++ } ++ if (neg) ++ r = -r; ++ return (r); ++} + + ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) +- { +- ASN1_INTEGER *ret; +- int len,j; +- +- if (ai == NULL) +- ret=M_ASN1_INTEGER_new(); +- else +- ret=ai; +- if (ret == NULL) +- { +- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- if (BN_is_negative(bn)) +- ret->type = V_ASN1_NEG_INTEGER; +- else ret->type=V_ASN1_INTEGER; +- j=BN_num_bits(bn); +- len=((j == 0)?0:((j/8)+1)); +- if (ret->length < len+4) +- { +- unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); +- if (!new_data) +- { +- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ret->data=new_data; +- } +- ret->length=BN_bn2bin(bn,ret->data); +- /* Correct zero case */ +- if(!ret->length) +- { +- ret->data[0] = 0; +- ret->length = 1; +- } +- return(ret); +-err: +- if (ret != ai) M_ASN1_INTEGER_free(ret); +- return(NULL); +- } ++{ ++ ASN1_INTEGER *ret; ++ int len, j; ++ ++ if (ai == NULL) ++ ret = M_ASN1_INTEGER_new(); ++ else ++ ret = ai; ++ if (ret == NULL) { ++ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ if (BN_is_negative(bn)) ++ ret->type = V_ASN1_NEG_INTEGER; ++ else ++ ret->type = V_ASN1_INTEGER; ++ j = BN_num_bits(bn); ++ len = ((j == 0) ? 0 : ((j / 8) + 1)); ++ if (ret->length < len + 4) { ++ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); ++ if (!new_data) { ++ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ret->data = new_data; ++ } ++ ret->length = BN_bn2bin(bn, ret->data); ++ /* Correct zero case */ ++ if (!ret->length) { ++ ret->data[0] = 0; ++ ret->length = 1; ++ } ++ return (ret); ++ err: ++ if (ret != ai) ++ M_ASN1_INTEGER_free(ret); ++ return (NULL); ++} + + BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) +- { +- BIGNUM *ret; ++{ ++ BIGNUM *ret; + +- if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) +- ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); +- else if(ai->type == V_ASN1_NEG_INTEGER) +- BN_set_negative(ret, 1); +- return(ret); +- } ++ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) ++ ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB); ++ else if (ai->type == V_ASN1_NEG_INTEGER) ++ BN_set_negative(ret, 1); ++ return (ret); ++} + + IMPLEMENT_STACK_OF(ASN1_INTEGER) ++ + IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c +index 1538e0a..6935efe 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c +@@ -1,6 +1,7 @@ + /* a_mbstr.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,7 +63,8 @@ + #include + + static int traverse_string(const unsigned char *p, int len, int inform, +- int (*rfunc)(unsigned long value, void *in), void *arg); ++ int (*rfunc) (unsigned long value, void *in), ++ void *arg); + static int in_utf8(unsigned long value, void *arg); + static int out_utf8(unsigned long value, void *arg); + static int type_str(unsigned long value, void *arg); +@@ -72,212 +74,221 @@ static int cpy_univ(unsigned long value, void *arg); + static int cpy_utf8(unsigned long value, void *arg); + static int is_printable(unsigned long value); + +-/* These functions take a string in UTF8, ASCII or multibyte form and +- * a mask of permissible ASN1 string types. It then works out the minimal +- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) +- * and creates a string of the correct type with the supplied data. +- * Yes this is horrible: it has to be :-( +- * The 'ncopy' form checks minimum and maximum size limits too. ++/* ++ * These functions take a string in UTF8, ASCII or multibyte form and a mask ++ * of permissible ASN1 string types. It then works out the minimal type ++ * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and ++ * creates a string of the correct type with the supplied data. Yes this is ++ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum ++ * size limits too. + */ + + int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, +- int inform, unsigned long mask) ++ int inform, unsigned long mask) + { +- return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); ++ return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); + } + + int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, +- int inform, unsigned long mask, +- long minsize, long maxsize) ++ int inform, unsigned long mask, ++ long minsize, long maxsize) + { +- int str_type; +- int ret; +- char free_out; +- int outform, outlen = 0; +- ASN1_STRING *dest; +- unsigned char *p; +- int nchar; +- char strbuf[32]; +- int (*cpyfunc)(unsigned long,void *) = NULL; +- if(len == -1) len = strlen((const char *)in); +- if(!mask) mask = DIRSTRING_TYPE; +- +- /* First do a string check and work out the number of characters */ +- switch(inform) { +- +- case MBSTRING_BMP: +- if(len & 1) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, +- ASN1_R_INVALID_BMPSTRING_LENGTH); +- return -1; +- } +- nchar = len >> 1; +- break; +- +- case MBSTRING_UNIV: +- if(len & 3) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, +- ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); +- return -1; +- } +- nchar = len >> 2; +- break; +- +- case MBSTRING_UTF8: +- nchar = 0; +- /* This counts the characters and does utf8 syntax checking */ +- ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); +- if(ret < 0) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, +- ASN1_R_INVALID_UTF8STRING); +- return -1; +- } +- break; +- +- case MBSTRING_ASC: +- nchar = len; +- break; +- +- default: +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); +- return -1; +- } +- +- if((minsize > 0) && (nchar < minsize)) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); +- BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); +- ERR_add_error_data(2, "minsize=", strbuf); +- return -1; +- } +- +- if((maxsize > 0) && (nchar > maxsize)) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); +- BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); +- ERR_add_error_data(2, "maxsize=", strbuf); +- return -1; +- } +- +- /* Now work out minimal type (if any) */ +- if(traverse_string(in, len, inform, type_str, &mask) < 0) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); +- return -1; +- } +- +- +- /* Now work out output format and string type */ +- outform = MBSTRING_ASC; +- if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; +- else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; +- else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; +- else if(mask & B_ASN1_BMPSTRING) { +- str_type = V_ASN1_BMPSTRING; +- outform = MBSTRING_BMP; +- } else if(mask & B_ASN1_UNIVERSALSTRING) { +- str_type = V_ASN1_UNIVERSALSTRING; +- outform = MBSTRING_UNIV; +- } else { +- str_type = V_ASN1_UTF8STRING; +- outform = MBSTRING_UTF8; +- } +- if(!out) return str_type; +- if(*out) { +- free_out = 0; +- dest = *out; +- if(dest->data) { +- dest->length = 0; +- OPENSSL_free(dest->data); +- dest->data = NULL; +- } +- dest->type = str_type; +- } else { +- free_out = 1; +- dest = ASN1_STRING_type_new(str_type); +- if(!dest) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, +- ERR_R_MALLOC_FAILURE); +- return -1; +- } +- *out = dest; +- } +- /* If both the same type just copy across */ +- if(inform == outform) { +- if(!ASN1_STRING_set(dest, in, len)) { +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); +- return -1; +- } +- return str_type; +- } +- +- /* Work out how much space the destination will need */ +- switch(outform) { +- case MBSTRING_ASC: +- outlen = nchar; +- cpyfunc = cpy_asc; +- break; +- +- case MBSTRING_BMP: +- outlen = nchar << 1; +- cpyfunc = cpy_bmp; +- break; +- +- case MBSTRING_UNIV: +- outlen = nchar << 2; +- cpyfunc = cpy_univ; +- break; +- +- case MBSTRING_UTF8: +- outlen = 0; +- traverse_string(in, len, inform, out_utf8, &outlen); +- cpyfunc = cpy_utf8; +- break; +- } +- if(!(p = OPENSSL_malloc(outlen + 1))) { +- if(free_out) ASN1_STRING_free(dest); +- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE); +- return -1; +- } +- dest->length = outlen; +- dest->data = p; +- p[outlen] = 0; +- traverse_string(in, len, inform, cpyfunc, &p); +- return str_type; ++ int str_type; ++ int ret; ++ char free_out; ++ int outform, outlen = 0; ++ ASN1_STRING *dest; ++ unsigned char *p; ++ int nchar; ++ char strbuf[32]; ++ int (*cpyfunc) (unsigned long, void *) = NULL; ++ if (len == -1) ++ len = strlen((const char *)in); ++ if (!mask) ++ mask = DIRSTRING_TYPE; ++ ++ /* First do a string check and work out the number of characters */ ++ switch (inform) { ++ ++ case MBSTRING_BMP: ++ if (len & 1) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ++ ASN1_R_INVALID_BMPSTRING_LENGTH); ++ return -1; ++ } ++ nchar = len >> 1; ++ break; ++ ++ case MBSTRING_UNIV: ++ if (len & 3) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ++ ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); ++ return -1; ++ } ++ nchar = len >> 2; ++ break; ++ ++ case MBSTRING_UTF8: ++ nchar = 0; ++ /* This counts the characters and does utf8 syntax checking */ ++ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); ++ if (ret < 0) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); ++ return -1; ++ } ++ break; ++ ++ case MBSTRING_ASC: ++ nchar = len; ++ break; ++ ++ default: ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); ++ return -1; ++ } ++ ++ if ((minsize > 0) && (nchar < minsize)) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); ++ BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize); ++ ERR_add_error_data(2, "minsize=", strbuf); ++ return -1; ++ } ++ ++ if ((maxsize > 0) && (nchar > maxsize)) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); ++ BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize); ++ ERR_add_error_data(2, "maxsize=", strbuf); ++ return -1; ++ } ++ ++ /* Now work out minimal type (if any) */ ++ if (traverse_string(in, len, inform, type_str, &mask) < 0) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); ++ return -1; ++ } ++ ++ /* Now work out output format and string type */ ++ outform = MBSTRING_ASC; ++ if (mask & B_ASN1_PRINTABLESTRING) ++ str_type = V_ASN1_PRINTABLESTRING; ++ else if (mask & B_ASN1_IA5STRING) ++ str_type = V_ASN1_IA5STRING; ++ else if (mask & B_ASN1_T61STRING) ++ str_type = V_ASN1_T61STRING; ++ else if (mask & B_ASN1_BMPSTRING) { ++ str_type = V_ASN1_BMPSTRING; ++ outform = MBSTRING_BMP; ++ } else if (mask & B_ASN1_UNIVERSALSTRING) { ++ str_type = V_ASN1_UNIVERSALSTRING; ++ outform = MBSTRING_UNIV; ++ } else { ++ str_type = V_ASN1_UTF8STRING; ++ outform = MBSTRING_UTF8; ++ } ++ if (!out) ++ return str_type; ++ if (*out) { ++ free_out = 0; ++ dest = *out; ++ if (dest->data) { ++ dest->length = 0; ++ OPENSSL_free(dest->data); ++ dest->data = NULL; ++ } ++ dest->type = str_type; ++ } else { ++ free_out = 1; ++ dest = ASN1_STRING_type_new(str_type); ++ if (!dest) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ *out = dest; ++ } ++ /* If both the same type just copy across */ ++ if (inform == outform) { ++ if (!ASN1_STRING_set(dest, in, len)) { ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ return str_type; ++ } ++ ++ /* Work out how much space the destination will need */ ++ switch (outform) { ++ case MBSTRING_ASC: ++ outlen = nchar; ++ cpyfunc = cpy_asc; ++ break; ++ ++ case MBSTRING_BMP: ++ outlen = nchar << 1; ++ cpyfunc = cpy_bmp; ++ break; ++ ++ case MBSTRING_UNIV: ++ outlen = nchar << 2; ++ cpyfunc = cpy_univ; ++ break; ++ ++ case MBSTRING_UTF8: ++ outlen = 0; ++ traverse_string(in, len, inform, out_utf8, &outlen); ++ cpyfunc = cpy_utf8; ++ break; ++ } ++ if (!(p = OPENSSL_malloc(outlen + 1))) { ++ if (free_out) ++ ASN1_STRING_free(dest); ++ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ dest->length = outlen; ++ dest->data = p; ++ p[outlen] = 0; ++ traverse_string(in, len, inform, cpyfunc, &p); ++ return str_type; + } + +-/* This function traverses a string and passes the value of each character +- * to an optional function along with a void * argument. ++/* ++ * This function traverses a string and passes the value of each character to ++ * an optional function along with a void * argument. + */ + + static int traverse_string(const unsigned char *p, int len, int inform, +- int (*rfunc)(unsigned long value, void *in), void *arg) ++ int (*rfunc) (unsigned long value, void *in), ++ void *arg) + { +- unsigned long value; +- int ret; +- while(len) { +- if(inform == MBSTRING_ASC) { +- value = *p++; +- len--; +- } else if(inform == MBSTRING_BMP) { +- value = *p++ << 8; +- value |= *p++; +- len -= 2; +- } else if(inform == MBSTRING_UNIV) { +- value = ((unsigned long)*p++) << 24; +- value |= ((unsigned long)*p++) << 16; +- value |= *p++ << 8; +- value |= *p++; +- len -= 4; +- } else { +- ret = UTF8_getc(p, len, &value); +- if(ret < 0) return -1; +- len -= ret; +- p += ret; +- } +- if(rfunc) { +- ret = rfunc(value, arg); +- if(ret <= 0) return ret; +- } +- } +- return 1; ++ unsigned long value; ++ int ret; ++ while (len) { ++ if (inform == MBSTRING_ASC) { ++ value = *p++; ++ len--; ++ } else if (inform == MBSTRING_BMP) { ++ value = *p++ << 8; ++ value |= *p++; ++ len -= 2; ++ } else if (inform == MBSTRING_UNIV) { ++ value = ((unsigned long)*p++) << 24; ++ value |= ((unsigned long)*p++) << 16; ++ value |= *p++ << 8; ++ value |= *p++; ++ len -= 4; ++ } else { ++ ret = UTF8_getc(p, len, &value); ++ if (ret < 0) ++ return -1; ++ len -= ret; ++ p += ret; ++ } ++ if (rfunc) { ++ ret = rfunc(value, arg); ++ if (ret <= 0) ++ return ret; ++ } ++ } ++ return 1; + } + + /* Various utility functions for traverse_string */ +@@ -286,115 +297,127 @@ static int traverse_string(const unsigned char *p, int len, int inform, + + static int in_utf8(unsigned long value, void *arg) + { +- int *nchar; +- nchar = arg; +- (*nchar)++; +- return 1; ++ int *nchar; ++ nchar = arg; ++ (*nchar)++; ++ return 1; + } + + /* Determine size of output as a UTF8 String */ + + static int out_utf8(unsigned long value, void *arg) + { +- int *outlen; +- outlen = arg; +- *outlen += UTF8_putc(NULL, -1, value); +- return 1; ++ int *outlen; ++ outlen = arg; ++ *outlen += UTF8_putc(NULL, -1, value); ++ return 1; + } + +-/* Determine the "type" of a string: check each character against a +- * supplied "mask". ++/* ++ * Determine the "type" of a string: check each character against a supplied ++ * "mask". + */ + + static int type_str(unsigned long value, void *arg) + { +- unsigned long types; +- types = *((unsigned long *)arg); +- if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) +- types &= ~B_ASN1_PRINTABLESTRING; +- if((types & B_ASN1_IA5STRING) && (value > 127)) +- types &= ~B_ASN1_IA5STRING; +- if((types & B_ASN1_T61STRING) && (value > 0xff)) +- types &= ~B_ASN1_T61STRING; +- if((types & B_ASN1_BMPSTRING) && (value > 0xffff)) +- types &= ~B_ASN1_BMPSTRING; +- if(!types) return -1; +- *((unsigned long *)arg) = types; +- return 1; ++ unsigned long types; ++ types = *((unsigned long *)arg); ++ if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) ++ types &= ~B_ASN1_PRINTABLESTRING; ++ if ((types & B_ASN1_IA5STRING) && (value > 127)) ++ types &= ~B_ASN1_IA5STRING; ++ if ((types & B_ASN1_T61STRING) && (value > 0xff)) ++ types &= ~B_ASN1_T61STRING; ++ if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) ++ types &= ~B_ASN1_BMPSTRING; ++ if (!types) ++ return -1; ++ *((unsigned long *)arg) = types; ++ return 1; + } + + /* Copy one byte per character ASCII like strings */ + + static int cpy_asc(unsigned long value, void *arg) + { +- unsigned char **p, *q; +- p = arg; +- q = *p; +- *q = (unsigned char) value; +- (*p)++; +- return 1; ++ unsigned char **p, *q; ++ p = arg; ++ q = *p; ++ *q = (unsigned char)value; ++ (*p)++; ++ return 1; + } + + /* Copy two byte per character BMPStrings */ + + static int cpy_bmp(unsigned long value, void *arg) + { +- unsigned char **p, *q; +- p = arg; +- q = *p; +- *q++ = (unsigned char) ((value >> 8) & 0xff); +- *q = (unsigned char) (value & 0xff); +- *p += 2; +- return 1; ++ unsigned char **p, *q; ++ p = arg; ++ q = *p; ++ *q++ = (unsigned char)((value >> 8) & 0xff); ++ *q = (unsigned char)(value & 0xff); ++ *p += 2; ++ return 1; + } + + /* Copy four byte per character UniversalStrings */ + + static int cpy_univ(unsigned long value, void *arg) + { +- unsigned char **p, *q; +- p = arg; +- q = *p; +- *q++ = (unsigned char) ((value >> 24) & 0xff); +- *q++ = (unsigned char) ((value >> 16) & 0xff); +- *q++ = (unsigned char) ((value >> 8) & 0xff); +- *q = (unsigned char) (value & 0xff); +- *p += 4; +- return 1; ++ unsigned char **p, *q; ++ p = arg; ++ q = *p; ++ *q++ = (unsigned char)((value >> 24) & 0xff); ++ *q++ = (unsigned char)((value >> 16) & 0xff); ++ *q++ = (unsigned char)((value >> 8) & 0xff); ++ *q = (unsigned char)(value & 0xff); ++ *p += 4; ++ return 1; + } + + /* Copy to a UTF8String */ + + static int cpy_utf8(unsigned long value, void *arg) + { +- unsigned char **p; +- int ret; +- p = arg; +- /* We already know there is enough room so pass 0xff as the length */ +- ret = UTF8_putc(*p, 0xff, value); +- *p += ret; +- return 1; ++ unsigned char **p; ++ int ret; ++ p = arg; ++ /* We already know there is enough room so pass 0xff as the length */ ++ ret = UTF8_putc(*p, 0xff, value); ++ *p += ret; ++ return 1; + } + + /* Return 1 if the character is permitted in a PrintableString */ + static int is_printable(unsigned long value) + { +- int ch; +- if(value > 0x7f) return 0; +- ch = (int) value; +- /* Note: we can't use 'isalnum' because certain accented +- * characters may count as alphanumeric in some environments. +- */ ++ int ch; ++ if (value > 0x7f) ++ return 0; ++ ch = (int)value; ++ /* ++ * Note: we can't use 'isalnum' because certain accented characters may ++ * count as alphanumeric in some environments. ++ */ + #ifndef CHARSET_EBCDIC +- if((ch >= 'a') && (ch <= 'z')) return 1; +- if((ch >= 'A') && (ch <= 'Z')) return 1; +- if((ch >= '0') && (ch <= '9')) return 1; +- if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; +-#else /*CHARSET_EBCDIC*/ +- if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; +- if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; +- if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; +- if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; +-#endif /*CHARSET_EBCDIC*/ +- return 0; ++ if ((ch >= 'a') && (ch <= 'z')) ++ return 1; ++ if ((ch >= 'A') && (ch <= 'Z')) ++ return 1; ++ if ((ch >= '0') && (ch <= '9')) ++ return 1; ++ if ((ch == ' ') || strchr("'()+,-./:=?", ch)) ++ return 1; ++#else /* CHARSET_EBCDIC */ ++ if ((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) ++ return 1; ++ if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) ++ return 1; ++ if ((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) ++ return 1; ++ if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) ++ return 1; ++#endif /* CHARSET_EBCDIC */ ++ return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c +index 50bea91..9c5efab 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,24 +61,26 @@ + #include + #include + +-static ASN1_METHOD ia5string_meth={ +- (I2D_OF(void)) i2d_ASN1_IA5STRING, +- (D2I_OF(void)) d2i_ASN1_IA5STRING, +- (void *(*)(void))ASN1_STRING_new, +- (void (*)(void *))ASN1_STRING_free}; ++static ASN1_METHOD ia5string_meth = { ++ (I2D_OF(void)) i2d_ASN1_IA5STRING, ++ (D2I_OF(void)) d2i_ASN1_IA5STRING, ++ (void *(*)(void))ASN1_STRING_new, ++ (void (*)(void *))ASN1_STRING_free ++}; + +-static ASN1_METHOD bit_string_meth={ +- (I2D_OF(void)) i2d_ASN1_BIT_STRING, +- (D2I_OF(void)) d2i_ASN1_BIT_STRING, +- (void *(*)(void))ASN1_STRING_new, +- (void (*)(void *))ASN1_STRING_free}; ++static ASN1_METHOD bit_string_meth = { ++ (I2D_OF(void)) i2d_ASN1_BIT_STRING, ++ (D2I_OF(void)) d2i_ASN1_BIT_STRING, ++ (void *(*)(void))ASN1_STRING_new, ++ (void (*)(void *))ASN1_STRING_free ++}; + + ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) +- { +- return(&ia5string_meth); +- } ++{ ++ return (&ia5string_meth); ++} + + ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void) +- { +- return(&bit_string_meth); +- } ++{ ++ return (&bit_string_meth); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +index e50501a..aa1847c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,345 +65,332 @@ + #include + + int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) +- { +- unsigned char *p; +- int objsize; ++{ ++ unsigned char *p; ++ int objsize; + +- if ((a == NULL) || (a->data == NULL)) return(0); ++ if ((a == NULL) || (a->data == NULL)) ++ return (0); + +- objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT); +- if (pp == NULL) return objsize; ++ objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); ++ if (pp == NULL) ++ return objsize; + +- p= *pp; +- ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); +- memcpy(p,a->data,a->length); +- p+=a->length; ++ p = *pp; ++ ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); ++ memcpy(p, a->data, a->length); ++ p += a->length; + +- *pp=p; +- return(objsize); +- } ++ *pp = p; ++ return (objsize); ++} + + int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) +- { +- int i,first,len=0,c, use_bn; +- char ftmp[24], *tmp = ftmp; +- int tmpsize = sizeof ftmp; +- const char *p; +- unsigned long l; +- BIGNUM *bl = NULL; ++{ ++ int i, first, len = 0, c, use_bn; ++ char ftmp[24], *tmp = ftmp; ++ int tmpsize = sizeof ftmp; ++ const char *p; ++ unsigned long l; ++ BIGNUM *bl = NULL; + +- if (num == 0) +- return(0); +- else if (num == -1) +- num=strlen(buf); ++ if (num == 0) ++ return (0); ++ else if (num == -1) ++ num = strlen(buf); + +- p=buf; +- c= *(p++); +- num--; +- if ((c >= '0') && (c <= '2')) +- { +- first= c-'0'; +- } +- else +- { +- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE); +- goto err; +- } ++ p = buf; ++ c = *(p++); ++ num--; ++ if ((c >= '0') && (c <= '2')) { ++ first = c - '0'; ++ } else { ++ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE); ++ goto err; ++ } + +- if (num <= 0) +- { +- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER); +- goto err; +- } +- c= *(p++); +- num--; +- for (;;) +- { +- if (num <= 0) break; +- if ((c != '.') && (c != ' ')) +- { +- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR); +- goto err; +- } +- l=0; +- use_bn = 0; +- for (;;) +- { +- if (num <= 0) break; +- num--; +- c= *(p++); +- if ((c == ' ') || (c == '.')) +- break; +- if ((c < '0') || (c > '9')) +- { +- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); +- goto err; +- } +- if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) +- { +- use_bn = 1; +- if (!bl) +- bl = BN_new(); +- if (!bl || !BN_set_word(bl, l)) +- goto err; +- } +- if (use_bn) +- { +- if (!BN_mul_word(bl, 10L) +- || !BN_add_word(bl, c-'0')) +- goto err; +- } +- else +- l=l*10L+(long)(c-'0'); +- } +- if (len == 0) +- { +- if ((first < 2) && (l >= 40)) +- { +- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); +- goto err; +- } +- if (use_bn) +- { +- if (!BN_add_word(bl, first * 40)) +- goto err; +- } +- else +- l+=(long)first*40; +- } +- i=0; +- if (use_bn) +- { +- int blsize; +- blsize = BN_num_bits(bl); +- blsize = (blsize + 6)/7; +- if (blsize > tmpsize) +- { +- if (tmp != ftmp) +- OPENSSL_free(tmp); +- tmpsize = blsize + 32; +- tmp = OPENSSL_malloc(tmpsize); +- if (!tmp) +- goto err; +- } +- while(blsize--) +- tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); +- } +- else +- { +- +- for (;;) +- { +- tmp[i++]=(unsigned char)l&0x7f; +- l>>=7L; +- if (l == 0L) break; +- } ++ if (num <= 0) { ++ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER); ++ goto err; ++ } ++ c = *(p++); ++ num--; ++ for (;;) { ++ if (num <= 0) ++ break; ++ if ((c != '.') && (c != ' ')) { ++ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR); ++ goto err; ++ } ++ l = 0; ++ use_bn = 0; ++ for (;;) { ++ if (num <= 0) ++ break; ++ num--; ++ c = *(p++); ++ if ((c == ' ') || (c == '.')) ++ break; ++ if ((c < '0') || (c > '9')) { ++ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); ++ goto err; ++ } ++ if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { ++ use_bn = 1; ++ if (!bl) ++ bl = BN_new(); ++ if (!bl || !BN_set_word(bl, l)) ++ goto err; ++ } ++ if (use_bn) { ++ if (!BN_mul_word(bl, 10L) ++ || !BN_add_word(bl, c - '0')) ++ goto err; ++ } else ++ l = l * 10L + (long)(c - '0'); ++ } ++ if (len == 0) { ++ if ((first < 2) && (l >= 40)) { ++ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ++ ASN1_R_SECOND_NUMBER_TOO_LARGE); ++ goto err; ++ } ++ if (use_bn) { ++ if (!BN_add_word(bl, first * 40)) ++ goto err; ++ } else ++ l += (long)first *40; ++ } ++ i = 0; ++ if (use_bn) { ++ int blsize; ++ blsize = BN_num_bits(bl); ++ blsize = (blsize + 6) / 7; ++ if (blsize > tmpsize) { ++ if (tmp != ftmp) ++ OPENSSL_free(tmp); ++ tmpsize = blsize + 32; ++ tmp = OPENSSL_malloc(tmpsize); ++ if (!tmp) ++ goto err; ++ } ++ while (blsize--) ++ tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); ++ } else { + +- } +- if (out != NULL) +- { +- if (len+i > olen) +- { +- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL); +- goto err; +- } +- while (--i > 0) +- out[len++]=tmp[i]|0x80; +- out[len++]=tmp[0]; +- } +- else +- len+=i; +- } +- if (tmp != ftmp) +- OPENSSL_free(tmp); +- if (bl) +- BN_free(bl); +- return(len); +-err: +- if (tmp != ftmp) +- OPENSSL_free(tmp); +- if (bl) +- BN_free(bl); +- return(0); +- } ++ for (;;) { ++ tmp[i++] = (unsigned char)l & 0x7f; ++ l >>= 7L; ++ if (l == 0L) ++ break; ++ } ++ ++ } ++ if (out != NULL) { ++ if (len + i > olen) { ++ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL); ++ goto err; ++ } ++ while (--i > 0) ++ out[len++] = tmp[i] | 0x80; ++ out[len++] = tmp[0]; ++ } else ++ len += i; ++ } ++ if (tmp != ftmp) ++ OPENSSL_free(tmp); ++ if (bl) ++ BN_free(bl); ++ return (len); ++ err: ++ if (tmp != ftmp) ++ OPENSSL_free(tmp); ++ if (bl) ++ BN_free(bl); ++ return (0); ++} + + int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) + { +- return OBJ_obj2txt(buf, buf_len, a, 0); ++ return OBJ_obj2txt(buf, buf_len, a, 0); + } + + int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) +- { +- char buf[80], *p = buf; +- int i; ++{ ++ char buf[80], *p = buf; ++ int i; + +- if ((a == NULL) || (a->data == NULL)) +- return(BIO_write(bp,"NULL",4)); +- i=i2t_ASN1_OBJECT(buf,sizeof buf,a); +- if (i > (int)(sizeof(buf) - 1)) +- { +- p = OPENSSL_malloc(i + 1); +- if (!p) +- return -1; +- i2t_ASN1_OBJECT(p,i + 1,a); +- } +- if (i <= 0) +- return BIO_write(bp, "", 9); +- BIO_write(bp,p,i); +- if (p != buf) +- OPENSSL_free(p); +- return(i); +- } ++ if ((a == NULL) || (a->data == NULL)) ++ return (BIO_write(bp, "NULL", 4)); ++ i = i2t_ASN1_OBJECT(buf, sizeof buf, a); ++ if (i > (int)(sizeof(buf) - 1)) { ++ p = OPENSSL_malloc(i + 1); ++ if (!p) ++ return -1; ++ i2t_ASN1_OBJECT(p, i + 1, a); ++ } ++ if (i <= 0) ++ return BIO_write(bp, "", 9); ++ BIO_write(bp, p, i); ++ if (p != buf) ++ OPENSSL_free(p); ++ return (i); ++} + + ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, +- long length) ++ long length) + { +- const unsigned char *p; +- long len; +- int tag,xclass; +- int inf,i; +- ASN1_OBJECT *ret = NULL; +- p= *pp; +- inf=ASN1_get_object(&p,&len,&tag,&xclass,length); +- if (inf & 0x80) +- { +- i=ASN1_R_BAD_OBJECT_HEADER; +- goto err; +- } ++ const unsigned char *p; ++ long len; ++ int tag, xclass; ++ int inf, i; ++ ASN1_OBJECT *ret = NULL; ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) { ++ i = ASN1_R_BAD_OBJECT_HEADER; ++ goto err; ++ } + +- if (tag != V_ASN1_OBJECT) +- { +- i=ASN1_R_EXPECTING_AN_OBJECT; +- goto err; +- } +- ret = c2i_ASN1_OBJECT(a, &p, len); +- if(ret) *pp = p; +- return ret; +-err: +- ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- ASN1_OBJECT_free(ret); +- return(NULL); ++ if (tag != V_ASN1_OBJECT) { ++ i = ASN1_R_EXPECTING_AN_OBJECT; ++ goto err; ++ } ++ ret = c2i_ASN1_OBJECT(a, &p, len); ++ if (ret) ++ *pp = p; ++ return ret; ++ err: ++ ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ ASN1_OBJECT_free(ret); ++ return (NULL); + } + + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, +- long len) +- { +- ASN1_OBJECT *ret=NULL; +- const unsigned char *p; +- int i, length; ++ long len) ++{ ++ ASN1_OBJECT *ret = NULL; ++ const unsigned char *p; ++ int i, length; + +- /* Sanity check OID encoding. +- * Need at least one content octet. +- * MSB must be clear in the last octet. +- * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 +- */ +- if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || +- p[len - 1] & 0x80) +- { +- ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); +- return NULL; +- } +- /* Now 0 < len <= INT_MAX, so the cast is safe. */ +- length = (int)len; +- for (i = 0; i < length; i++, p++) +- { +- if (*p == 0x80 && (!i || !(p[-1] & 0x80))) +- { +- ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING); +- return NULL; +- } +- } ++ /* ++ * Sanity check OID encoding. Need at least one content octet. MSB must ++ * be clear in the last octet. can't have leading 0x80 in subidentifiers, ++ * see: X.690 8.19.2 ++ */ ++ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || ++ p[len - 1] & 0x80) { ++ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); ++ return NULL; ++ } ++ /* Now 0 < len <= INT_MAX, so the cast is safe. */ ++ length = (int)len; ++ for (i = 0; i < length; i++, p++) { ++ if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { ++ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); ++ return NULL; ++ } ++ } + +- /* only the ASN1_OBJECTs from the 'table' will have values +- * for ->sn or ->ln */ +- if ((a == NULL) || ((*a) == NULL) || +- !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) +- { +- if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); +- } +- else ret=(*a); ++ /* ++ * only the ASN1_OBJECTs from the 'table' will have values for ->sn or ++ * ->ln ++ */ ++ if ((a == NULL) || ((*a) == NULL) || ++ !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { ++ if ((ret = ASN1_OBJECT_new()) == NULL) ++ return (NULL); ++ } else ++ ret = (*a); + +- p= *pp; +- if ((ret->data == NULL) || (ret->length < length)) +- { +- if (ret->data != NULL) OPENSSL_free(ret->data); +- ret->data=(unsigned char *)OPENSSL_malloc(length); +- ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; +- if (ret->data == NULL) +- { i=ERR_R_MALLOC_FAILURE; goto err; } +- } +- memcpy(ret->data,p,length); +- ret->length=length; +- ret->sn=NULL; +- ret->ln=NULL; +- /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ +- p+=length; ++ p = *pp; ++ if ((ret->data == NULL) || (ret->length < length)) { ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->data = (unsigned char *)OPENSSL_malloc(length); ++ ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; ++ if (ret->data == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ } ++ memcpy(ret->data, p, length); ++ ret->length = length; ++ ret->sn = NULL; ++ ret->ln = NULL; ++ /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ ++ p += length; + +- if (a != NULL) (*a)=ret; +- *pp=p; +- return(ret); +-err: +- ASN1err(ASN1_F_C2I_ASN1_OBJECT,i); +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- ASN1_OBJECT_free(ret); +- return(NULL); +- } ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ ASN1_OBJECT_free(ret); ++ return (NULL); ++} + + ASN1_OBJECT *ASN1_OBJECT_new(void) +- { +- ASN1_OBJECT *ret; ++{ ++ ASN1_OBJECT *ret; + +- ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); +- if (ret == NULL) +- { +- ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- ret->length=0; +- ret->data=NULL; +- ret->nid=0; +- ret->sn=NULL; +- ret->ln=NULL; +- ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; +- return(ret); +- } ++ ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ret->length = 0; ++ ret->data = NULL; ++ ret->nid = 0; ++ ret->sn = NULL; ++ ret->ln = NULL; ++ ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; ++ return (ret); ++} + + void ASN1_OBJECT_free(ASN1_OBJECT *a) +- { +- if (a == NULL) return; +- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) +- { +-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ +- if (a->sn != NULL) OPENSSL_free((void *)a->sn); +- if (a->ln != NULL) OPENSSL_free((void *)a->ln); ++{ ++ if (a == NULL) ++ return; ++ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { ++#ifndef CONST_STRICT /* disable purely for compile-time strict ++ * const checking. Doing this on a "real" ++ * compile will cause memory leaks */ ++ if (a->sn != NULL) ++ OPENSSL_free((void *)a->sn); ++ if (a->ln != NULL) ++ OPENSSL_free((void *)a->ln); + #endif +- a->sn=a->ln=NULL; +- } +- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) +- { +- if (a->data != NULL) OPENSSL_free(a->data); +- a->data=NULL; +- a->length=0; +- } +- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) +- OPENSSL_free(a); +- } ++ a->sn = a->ln = NULL; ++ } ++ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ a->data = NULL; ++ a->length = 0; ++ } ++ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) ++ OPENSSL_free(a); ++} + + ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, +- const char *sn, const char *ln) +- { +- ASN1_OBJECT o; ++ const char *sn, const char *ln) ++{ ++ ASN1_OBJECT o; + +- o.sn=sn; +- o.ln=ln; +- o.data=data; +- o.nid=nid; +- o.length=len; +- o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| +- ASN1_OBJECT_FLAG_DYNAMIC_DATA; +- return(OBJ_dup(&o)); +- } ++ o.sn = sn; ++ o.ln = ln; ++ o.data = data; ++ o.nid = nid; ++ o.length = len; ++ o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ++ ASN1_OBJECT_FLAG_DYNAMIC_DATA; ++ return (OBJ_dup(&o)); ++} + + IMPLEMENT_STACK_OF(ASN1_OBJECT) ++ + IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +index 24fd0f8..6ea1950 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,11 +61,17 @@ + #include + + ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) +-{ return M_ASN1_OCTET_STRING_dup(x); } ++{ ++ return M_ASN1_OCTET_STRING_dup(x); ++} + + int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) +-{ return M_ASN1_OCTET_STRING_cmp(a, b); } +- +-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) +-{ return M_ASN1_OCTET_STRING_set(x, d, len); } ++{ ++ return M_ASN1_OCTET_STRING_cmp(a, b); ++} + ++int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, ++ int len) ++{ ++ return M_ASN1_OCTET_STRING_set(x, d, len); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c +index d18e772..d83e4ad 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_print.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_print.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,67 +61,69 @@ + #include + + int ASN1_PRINTABLE_type(const unsigned char *s, int len) +- { +- int c; +- int ia5=0; +- int t61=0; ++{ ++ int c; ++ int ia5 = 0; ++ int t61 = 0; + +- if (len <= 0) len= -1; +- if (s == NULL) return(V_ASN1_PRINTABLESTRING); ++ if (len <= 0) ++ len = -1; ++ if (s == NULL) ++ return (V_ASN1_PRINTABLESTRING); + +- while ((*s) && (len-- != 0)) +- { +- c= *(s++); ++ while ((*s) && (len-- != 0)) { ++ c = *(s++); + #ifndef CHARSET_EBCDIC +- if (!( ((c >= 'a') && (c <= 'z')) || +- ((c >= 'A') && (c <= 'Z')) || +- (c == ' ') || +- ((c >= '0') && (c <= '9')) || +- (c == ' ') || (c == '\'') || +- (c == '(') || (c == ')') || +- (c == '+') || (c == ',') || +- (c == '-') || (c == '.') || +- (c == '/') || (c == ':') || +- (c == '=') || (c == '?'))) +- ia5=1; +- if (c&0x80) +- t61=1; ++ if (!(((c >= 'a') && (c <= 'z')) || ++ ((c >= 'A') && (c <= 'Z')) || ++ (c == ' ') || ++ ((c >= '0') && (c <= '9')) || ++ (c == ' ') || (c == '\'') || ++ (c == '(') || (c == ')') || ++ (c == '+') || (c == ',') || ++ (c == '-') || (c == '.') || ++ (c == '/') || (c == ':') || (c == '=') || (c == '?'))) ++ ia5 = 1; ++ if (c & 0x80) ++ t61 = 1; + #else +- if (!isalnum(c) && (c != ' ') && +- strchr("'()+,-./:=?", c) == NULL) +- ia5=1; +- if (os_toascii[c] & 0x80) +- t61=1; ++ if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL) ++ ia5 = 1; ++ if (os_toascii[c] & 0x80) ++ t61 = 1; + #endif +- } +- if (t61) return(V_ASN1_T61STRING); +- if (ia5) return(V_ASN1_IA5STRING); +- return(V_ASN1_PRINTABLESTRING); +- } ++ } ++ if (t61) ++ return (V_ASN1_T61STRING); ++ if (ia5) ++ return (V_ASN1_IA5STRING); ++ return (V_ASN1_PRINTABLESTRING); ++} + + int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) +- { +- int i; +- unsigned char *p; ++{ ++ int i; ++ unsigned char *p; + +- if (s->type != V_ASN1_UNIVERSALSTRING) return(0); +- if ((s->length%4) != 0) return(0); +- p=s->data; +- for (i=0; ilength; i+=4) +- { +- if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) +- break; +- else +- p+=4; +- } +- if (i < s->length) return(0); +- p=s->data; +- for (i=3; ilength; i+=4) +- { +- *(p++)=s->data[i]; +- } +- *(p)='\0'; +- s->length/=4; +- s->type=ASN1_PRINTABLE_type(s->data,s->length); +- return(1); +- } ++ if (s->type != V_ASN1_UNIVERSALSTRING) ++ return (0); ++ if ((s->length % 4) != 0) ++ return (0); ++ p = s->data; ++ for (i = 0; i < s->length; i += 4) { ++ if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) ++ break; ++ else ++ p += 4; ++ } ++ if (i < s->length) ++ return (0); ++ p = s->data; ++ for (i = 3; i < s->length; i += 4) { ++ *(p++) = s->data[i]; ++ } ++ *(p) = '\0'; ++ s->length /= 4; ++ s->type = ASN1_PRINTABLE_type(s->data, s->length); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +index 958558c..18bb408 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_set.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,177 +62,175 @@ + + #ifndef NO_ASN1_OLD + +-typedef struct +- { ++typedef struct { + unsigned char *pbData; + int cbData; +- } MYBLOB; ++} MYBLOB; + +-/* SetBlobCmp +- * This function compares two elements of SET_OF block ++/* ++ * SetBlobCmp This function compares two elements of SET_OF block + */ +-static int SetBlobCmp(const void *elem1, const void *elem2 ) +- { ++static int SetBlobCmp(const void *elem1, const void *elem2) ++{ + const MYBLOB *b1 = (const MYBLOB *)elem1; + const MYBLOB *b2 = (const MYBLOB *)elem2; + int r; + + r = memcmp(b1->pbData, b2->pbData, +- b1->cbData < b2->cbData ? b1->cbData : b2->cbData); +- if(r != 0) +- return r; +- return b1->cbData-b2->cbData; ++ b1->cbData < b2->cbData ? b1->cbData : b2->cbData); ++ if (r != 0) ++ return r; ++ return b1->cbData - b2->cbData; ++} ++ ++/* ++ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) ++ */ ++int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, ++ int ex_class, int is_set) ++{ ++ int ret = 0, r; ++ int i; ++ unsigned char *p; ++ unsigned char *pStart, *pTempMem; ++ MYBLOB *rgSetBlob; ++ int totSize; ++ ++ if (a == NULL) ++ return (0); ++ for (i = sk_num(a) - 1; i >= 0; i--) ++ ret += i2d(sk_value(a, i), NULL); ++ r = ASN1_object_size(1, ret, ex_tag); ++ if (pp == NULL) ++ return (r); ++ ++ p = *pp; ++ ASN1_put_object(&p, 1, ret, ex_tag, ex_class); ++ ++/* Modified by gp@nsj.co.jp */ ++ /* And then again by Ben */ ++ /* And again by Steve */ ++ ++ if (!is_set || (sk_num(a) < 2)) { ++ for (i = 0; i < sk_num(a); i++) ++ i2d(sk_value(a, i), &p); ++ ++ *pp = p; ++ return (r); + } + +-/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ +-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag, +- int ex_class, int is_set) +- { +- int ret=0,r; +- int i; +- unsigned char *p; +- unsigned char *pStart, *pTempMem; +- MYBLOB *rgSetBlob; +- int totSize; +- +- if (a == NULL) return(0); +- for (i=sk_num(a)-1; i>=0; i--) +- ret+=i2d(sk_value(a,i),NULL); +- r=ASN1_object_size(1,ret,ex_tag); +- if (pp == NULL) return(r); +- +- p= *pp; +- ASN1_put_object(&p,1,ret,ex_tag,ex_class); ++ pStart = p; /* Catch the beg of Setblobs */ ++ /* In this array we will store the SET blobs */ ++ rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB)); ++ if (rgSetBlob == NULL) { ++ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } + +-/* Modified by gp@nsj.co.jp */ +- /* And then again by Ben */ +- /* And again by Steve */ +- +- if(!is_set || (sk_num(a) < 2)) +- { +- for (i=0; i c.max) +- { +- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR); +- goto err; +- } +- /* check for infinite constructed - it can be as long +- * as the amount of data passed to us */ +- if (c.inf == (V_ASN1_CONSTRUCTED+1)) +- c.slen=length+ *pp-c.p; +- c.max=c.p+c.slen; +- +- while (c.p < c.max) +- { +- char *s; +- +- if (M_ASN1_D2I_end_sequence()) break; +- /* XXX: This was called with 4 arguments, incorrectly, it seems +- if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */ +- if ((s=d2i(NULL,&c.p,c.slen)) == NULL) +- { +- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); +- asn1_add_error(*pp,(int)(c.q- *pp)); +- goto err; +- } +- if (!sk_push(ret,s)) goto err; +- } +- if (a != NULL) (*a)=ret; +- *pp=c.p; +- return(ret); +-err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- { +- if (free_func != NULL) +- sk_pop_free(ret,free_func); +- else +- sk_free(ret); +- } +- return(NULL); +- } ++ } else ++ ret = (*a); ++ ++ c.p = *pp; ++ c.max = (length == 0) ? 0 : (c.p + length); ++ ++ c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p); ++ if (c.inf & 0x80) ++ goto err; ++ if (ex_class != c.xclass) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS); ++ goto err; ++ } ++ if (ex_tag != c.tag) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG); ++ goto err; ++ } ++ if ((c.slen + c.p) > c.max) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR); ++ goto err; ++ } ++ /* ++ * check for infinite constructed - it can be as long as the amount of ++ * data passed to us ++ */ ++ if (c.inf == (V_ASN1_CONSTRUCTED + 1)) ++ c.slen = length + *pp - c.p; ++ c.max = c.p + c.slen; ++ ++ while (c.p < c.max) { ++ char *s; ++ ++ if (M_ASN1_D2I_end_sequence()) ++ break; ++ /* ++ * XXX: This was called with 4 arguments, incorrectly, it seems if ++ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) ++ */ ++ if ((s = d2i(NULL, &c.p, c.slen)) == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); ++ asn1_add_error(*pp, (int)(c.q - *pp)); ++ goto err; ++ } ++ if (!sk_push(ret, s)) ++ goto err; ++ } ++ if (a != NULL) ++ (*a) = ret; ++ *pp = c.p; ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) { ++ if (free_func != NULL) ++ sk_pop_free(ret, free_func); ++ else ++ sk_free(ret); ++ } ++ return (NULL); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +index 4dee45f..92a5a6c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -127,174 +127,179 @@ + #ifndef NO_ASN1_OLD + + int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, +- ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, +- const EVP_MD *type) +- { +- EVP_MD_CTX ctx; +- unsigned char *p,*buf_in=NULL,*buf_out=NULL; +- int i,inl=0,outl=0,outll=0; +- X509_ALGOR *a; ++ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, ++ const EVP_MD *type) ++{ ++ EVP_MD_CTX ctx; ++ unsigned char *p, *buf_in = NULL, *buf_out = NULL; ++ int i, inl = 0, outl = 0, outll = 0; ++ X509_ALGOR *a; + +- EVP_MD_CTX_init(&ctx); +- for (i=0; i<2; i++) +- { +- if (i == 0) +- a=algor1; +- else +- a=algor2; +- if (a == NULL) continue; +- if (type->pkey_type == NID_dsaWithSHA1) +- { +- /* special case: RFC 2459 tells us to omit 'parameters' +- * with id-dsa-with-sha1 */ +- ASN1_TYPE_free(a->parameter); +- a->parameter = NULL; +- } +- else if ((a->parameter == NULL) || +- (a->parameter->type != V_ASN1_NULL)) +- { +- ASN1_TYPE_free(a->parameter); +- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; +- a->parameter->type=V_ASN1_NULL; +- } +- ASN1_OBJECT_free(a->algorithm); +- a->algorithm=OBJ_nid2obj(type->pkey_type); +- if (a->algorithm == NULL) +- { +- ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); +- goto err; +- } +- if (a->algorithm->length == 0) +- { +- ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); +- goto err; +- } +- } +- inl=i2d(data,NULL); +- buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); +- outll=outl=EVP_PKEY_size(pkey); +- buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); +- if ((buf_in == NULL) || (buf_out == NULL)) +- { +- outl=0; +- ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p=buf_in; ++ EVP_MD_CTX_init(&ctx); ++ for (i = 0; i < 2; i++) { ++ if (i == 0) ++ a = algor1; ++ else ++ a = algor2; ++ if (a == NULL) ++ continue; ++ if (type->pkey_type == NID_dsaWithSHA1) { ++ /* ++ * special case: RFC 2459 tells us to omit 'parameters' with ++ * id-dsa-with-sha1 ++ */ ++ ASN1_TYPE_free(a->parameter); ++ a->parameter = NULL; ++ } else if ((a->parameter == NULL) || ++ (a->parameter->type != V_ASN1_NULL)) { ++ ASN1_TYPE_free(a->parameter); ++ if ((a->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ a->parameter->type = V_ASN1_NULL; ++ } ++ ASN1_OBJECT_free(a->algorithm); ++ a->algorithm = OBJ_nid2obj(type->pkey_type); ++ if (a->algorithm == NULL) { ++ ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); ++ goto err; ++ } ++ if (a->algorithm->length == 0) { ++ ASN1err(ASN1_F_ASN1_SIGN, ++ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ++ goto err; ++ } ++ } ++ inl = i2d(data, NULL); ++ buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); ++ outll = outl = EVP_PKEY_size(pkey); ++ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); ++ if ((buf_in == NULL) || (buf_out == NULL)) { ++ outl = 0; ++ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = buf_in; + +- i2d(data,&p); +- EVP_SignInit_ex(&ctx,type, NULL); +- EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); +- if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, +- (unsigned int *)&outl,pkey)) +- { +- outl=0; +- ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); +- goto err; +- } +- if (signature->data != NULL) OPENSSL_free(signature->data); +- signature->data=buf_out; +- buf_out=NULL; +- signature->length=outl; +- /* In the interests of compatibility, I'll make sure that +- * the bit string has a 'not-used bits' value of 0 +- */ +- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +- signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; +-err: +- EVP_MD_CTX_cleanup(&ctx); +- if (buf_in != NULL) +- { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } +- if (buf_out != NULL) +- { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } +- return(outl); +- } ++ i2d(data, &p); ++ EVP_SignInit_ex(&ctx, type, NULL); ++ EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); ++ if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, ++ (unsigned int *)&outl, pkey)) { ++ outl = 0; ++ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); ++ goto err; ++ } ++ if (signature->data != NULL) ++ OPENSSL_free(signature->data); ++ signature->data = buf_out; ++ buf_out = NULL; ++ signature->length = outl; ++ /* ++ * In the interests of compatibility, I'll make sure that the bit string ++ * has a 'not-used bits' value of 0 ++ */ ++ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ err: ++ EVP_MD_CTX_cleanup(&ctx); ++ if (buf_in != NULL) { ++ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ } ++ if (buf_out != NULL) { ++ OPENSSL_cleanse((char *)buf_out, outll); ++ OPENSSL_free(buf_out); ++ } ++ return (outl); ++} + + #endif + +-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, +- ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, +- const EVP_MD *type) +- { +- EVP_MD_CTX ctx; +- unsigned char *buf_in=NULL,*buf_out=NULL; +- int i,inl=0,outl=0,outll=0; +- X509_ALGOR *a; ++int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, ++ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, ++ EVP_PKEY *pkey, const EVP_MD *type) ++{ ++ EVP_MD_CTX ctx; ++ unsigned char *buf_in = NULL, *buf_out = NULL; ++ int i, inl = 0, outl = 0, outll = 0; ++ X509_ALGOR *a; + +- EVP_MD_CTX_init(&ctx); +- for (i=0; i<2; i++) +- { +- if (i == 0) +- a=algor1; +- else +- a=algor2; +- if (a == NULL) continue; +- if (type->pkey_type == NID_dsaWithSHA1 || +- type->pkey_type == NID_ecdsa_with_SHA1) +- { +- /* special case: RFC 3279 tells us to omit 'parameters' +- * with id-dsa-with-sha1 and ecdsa-with-SHA1 */ +- ASN1_TYPE_free(a->parameter); +- a->parameter = NULL; +- } +- else if ((a->parameter == NULL) || +- (a->parameter->type != V_ASN1_NULL)) +- { +- ASN1_TYPE_free(a->parameter); +- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; +- a->parameter->type=V_ASN1_NULL; +- } +- ASN1_OBJECT_free(a->algorithm); +- a->algorithm=OBJ_nid2obj(type->pkey_type); +- if (a->algorithm == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); +- goto err; +- } +- if (a->algorithm->length == 0) +- { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); +- goto err; +- } +- } +- inl=ASN1_item_i2d(asn,&buf_in, it); +- outll=outl=EVP_PKEY_size(pkey); +- buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); +- if ((buf_in == NULL) || (buf_out == NULL)) +- { +- outl=0; +- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ EVP_MD_CTX_init(&ctx); ++ for (i = 0; i < 2; i++) { ++ if (i == 0) ++ a = algor1; ++ else ++ a = algor2; ++ if (a == NULL) ++ continue; ++ if (type->pkey_type == NID_dsaWithSHA1 || ++ type->pkey_type == NID_ecdsa_with_SHA1) { ++ /* ++ * special case: RFC 3279 tells us to omit 'parameters' with ++ * id-dsa-with-sha1 and ecdsa-with-SHA1 ++ */ ++ ASN1_TYPE_free(a->parameter); ++ a->parameter = NULL; ++ } else if ((a->parameter == NULL) || ++ (a->parameter->type != V_ASN1_NULL)) { ++ ASN1_TYPE_free(a->parameter); ++ if ((a->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ a->parameter->type = V_ASN1_NULL; ++ } ++ ASN1_OBJECT_free(a->algorithm); ++ a->algorithm = OBJ_nid2obj(type->pkey_type); ++ if (a->algorithm == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); ++ goto err; ++ } ++ if (a->algorithm->length == 0) { ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ++ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ++ goto err; ++ } ++ } ++ inl = ASN1_item_i2d(asn, &buf_in, it); ++ outll = outl = EVP_PKEY_size(pkey); ++ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); ++ if ((buf_in == NULL) || (buf_out == NULL)) { ++ outl = 0; ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if (!EVP_SignInit_ex(&ctx,type, NULL)) +- { +- outl=0; +- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); +- goto err; +- } +- EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); +- if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, +- (unsigned int *)&outl,pkey)) +- { +- outl=0; +- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); +- goto err; +- } +- if (signature->data != NULL) OPENSSL_free(signature->data); +- signature->data=buf_out; +- buf_out=NULL; +- signature->length=outl; +- /* In the interests of compatibility, I'll make sure that +- * the bit string has a 'not-used bits' value of 0 +- */ +- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +- signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; +-err: +- EVP_MD_CTX_cleanup(&ctx); +- if (buf_in != NULL) +- { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); } +- if (buf_out != NULL) +- { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); } +- return(outl); +- } ++ if (!EVP_SignInit_ex(&ctx, type, NULL)) { ++ outl = 0; ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); ++ goto err; ++ } ++ EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl); ++ if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out, ++ (unsigned int *)&outl, pkey)) { ++ outl = 0; ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB); ++ goto err; ++ } ++ if (signature->data != NULL) ++ OPENSSL_free(signature->data); ++ signature->data = buf_out; ++ buf_out = NULL; ++ signature->length = outl; ++ /* ++ * In the interests of compatibility, I'll make sure that the bit string ++ * has a 'not-used bits' value of 0 ++ */ ++ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ err: ++ EVP_MD_CTX_cleanup(&ctx); ++ if (buf_in != NULL) { ++ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ } ++ if (buf_out != NULL) { ++ OPENSSL_cleanse((char *)buf_out, outll); ++ OPENSSL_free(buf_out); ++ } ++ return (outl); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +index ead37ac..f650708 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +@@ -1,6 +1,7 @@ + /* a_strex.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,511 +66,583 @@ + + #include "charmap.h" + +-/* ASN1_STRING_print_ex() and X509_NAME_print_ex(). +- * Enhanced string and name printing routines handling +- * multibyte characters, RFC2253 and a host of other +- * options. ++/* ++ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name ++ * printing routines handling multibyte characters, RFC2253 and a host of ++ * other options. + */ + +- +-#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) ++#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) + + #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ +- ASN1_STRFLGS_ESC_QUOTE | \ +- ASN1_STRFLGS_ESC_CTRL | \ +- ASN1_STRFLGS_ESC_MSB) +- ++ ASN1_STRFLGS_ESC_QUOTE | \ ++ ASN1_STRFLGS_ESC_CTRL | \ ++ ASN1_STRFLGS_ESC_MSB) + +-/* Three IO functions for sending data to memory, a BIO and +- * and a FILE pointer. ++/* ++ * Three IO functions for sending data to memory, a BIO and and a FILE ++ * pointer. + */ +-#if 0 /* never used */ ++#if 0 /* never used */ + static int send_mem_chars(void *arg, const void *buf, int len) + { +- unsigned char **out = arg; +- if(!out) return 1; +- memcpy(*out, buf, len); +- *out += len; +- return 1; ++ unsigned char **out = arg; ++ if (!out) ++ return 1; ++ memcpy(*out, buf, len); ++ *out += len; ++ return 1; + } + #endif + + static int send_bio_chars(void *arg, const void *buf, int len) + { +- if(!arg) return 1; +- if(BIO_write(arg, buf, len) != len) return 0; +- return 1; ++ if (!arg) ++ return 1; ++ if (BIO_write(arg, buf, len) != len) ++ return 0; ++ return 1; + } + + static int send_fp_chars(void *arg, const void *buf, int len) + { +- if(!arg) return 1; +- if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; +- return 1; ++ if (!arg) ++ return 1; ++ if (fwrite(buf, 1, len, arg) != (unsigned int)len) ++ return 0; ++ return 1; + } + +-typedef int char_io(void *arg, const void *buf, int len); ++typedef int char_io (void *arg, const void *buf, int len); + +-/* This function handles display of +- * strings, one character at a time. +- * It is passed an unsigned long for each +- * character because it could come from 2 or even +- * 4 byte forms. ++/* ++ * This function handles display of strings, one character at a time. It is ++ * passed an unsigned long for each character because it could come from 2 or ++ * even 4 byte forms. + */ + +-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) ++static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ++ char_io *io_ch, void *arg) + { +- unsigned char chflgs, chtmp; +- char tmphex[HEX_SIZE(long)+3]; +- +- if(c > 0xffffffffL) +- return -1; +- if(c > 0xffff) { +- BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); +- if(!io_ch(arg, tmphex, 10)) return -1; +- return 10; +- } +- if(c > 0xff) { +- BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); +- if(!io_ch(arg, tmphex, 6)) return -1; +- return 6; +- } +- chtmp = (unsigned char)c; +- if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; +- else chflgs = char_type[chtmp] & flags; +- if(chflgs & CHARTYPE_BS_ESC) { +- /* If we don't escape with quotes, signal we need quotes */ +- if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { +- if(do_quotes) *do_quotes = 1; +- if(!io_ch(arg, &chtmp, 1)) return -1; +- return 1; +- } +- if(!io_ch(arg, "\\", 1)) return -1; +- if(!io_ch(arg, &chtmp, 1)) return -1; +- return 2; +- } +- if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { +- BIO_snprintf(tmphex, 11, "\\%02X", chtmp); +- if(!io_ch(arg, tmphex, 3)) return -1; +- return 3; +- } +- /* If we get this far and do any escaping at all must escape +- * the escape character itself: backslash. +- */ +- if (chtmp == '\\' && flags & ESC_FLAGS) { +- if(!io_ch(arg, "\\\\", 2)) return -1; +- return 2; +- } +- if(!io_ch(arg, &chtmp, 1)) return -1; +- return 1; ++ unsigned char chflgs, chtmp; ++ char tmphex[HEX_SIZE(long) + 3]; ++ ++ if (c > 0xffffffffL) ++ return -1; ++ if (c > 0xffff) { ++ BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); ++ if (!io_ch(arg, tmphex, 10)) ++ return -1; ++ return 10; ++ } ++ if (c > 0xff) { ++ BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); ++ if (!io_ch(arg, tmphex, 6)) ++ return -1; ++ return 6; ++ } ++ chtmp = (unsigned char)c; ++ if (chtmp > 0x7f) ++ chflgs = flags & ASN1_STRFLGS_ESC_MSB; ++ else ++ chflgs = char_type[chtmp] & flags; ++ if (chflgs & CHARTYPE_BS_ESC) { ++ /* If we don't escape with quotes, signal we need quotes */ ++ if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { ++ if (do_quotes) ++ *do_quotes = 1; ++ if (!io_ch(arg, &chtmp, 1)) ++ return -1; ++ return 1; ++ } ++ if (!io_ch(arg, "\\", 1)) ++ return -1; ++ if (!io_ch(arg, &chtmp, 1)) ++ return -1; ++ return 2; ++ } ++ if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) { ++ BIO_snprintf(tmphex, 11, "\\%02X", chtmp); ++ if (!io_ch(arg, tmphex, 3)) ++ return -1; ++ return 3; ++ } ++ /* ++ * If we get this far and do any escaping at all must escape the escape ++ * character itself: backslash. ++ */ ++ if (chtmp == '\\' && flags & ESC_FLAGS) { ++ if (!io_ch(arg, "\\\\", 2)) ++ return -1; ++ return 2; ++ } ++ if (!io_ch(arg, &chtmp, 1)) ++ return -1; ++ return 1; + } + +-#define BUF_TYPE_WIDTH_MASK 0x7 +-#define BUF_TYPE_CONVUTF8 0x8 ++#define BUF_TYPE_WIDTH_MASK 0x7 ++#define BUF_TYPE_CONVUTF8 0x8 + +-/* This function sends each character in a buffer to +- * do_esc_char(). It interprets the content formats +- * and converts to or from UTF8 as appropriate. ++/* ++ * This function sends each character in a buffer to do_esc_char(). It ++ * interprets the content formats and converts to or from UTF8 as ++ * appropriate. + */ + + static int do_buf(unsigned char *buf, int buflen, +- int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) ++ int type, unsigned char flags, char *quotes, char_io *io_ch, ++ void *arg) + { +- int i, outlen, len; +- unsigned char orflags, *p, *q; +- unsigned long c; +- p = buf; +- q = buf + buflen; +- outlen = 0; +- while(p != q) { +- if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253; +- else orflags = 0; +- switch(type & BUF_TYPE_WIDTH_MASK) { +- case 4: +- c = ((unsigned long)*p++) << 24; +- c |= ((unsigned long)*p++) << 16; +- c |= ((unsigned long)*p++) << 8; +- c |= *p++; +- break; +- +- case 2: +- c = ((unsigned long)*p++) << 8; +- c |= *p++; +- break; +- +- case 1: +- c = *p++; +- break; +- +- case 0: +- i = UTF8_getc(p, buflen, &c); +- if(i < 0) return -1; /* Invalid UTF8String */ +- p += i; +- break; +- default: +- return -1; /* invalid width */ +- } +- if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253; +- if(type & BUF_TYPE_CONVUTF8) { +- unsigned char utfbuf[6]; +- int utflen; +- utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); +- for(i = 0; i < utflen; i++) { +- /* We don't need to worry about setting orflags correctly +- * because if utflen==1 its value will be correct anyway +- * otherwise each character will be > 0x7f and so the +- * character will never be escaped on first and last. +- */ +- len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); +- if(len < 0) return -1; +- outlen += len; +- } +- } else { +- len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); +- if(len < 0) return -1; +- outlen += len; +- } +- } +- return outlen; ++ int i, outlen, len; ++ unsigned char orflags, *p, *q; ++ unsigned long c; ++ p = buf; ++ q = buf + buflen; ++ outlen = 0; ++ while (p != q) { ++ if (p == buf && flags & ASN1_STRFLGS_ESC_2253) ++ orflags = CHARTYPE_FIRST_ESC_2253; ++ else ++ orflags = 0; ++ switch (type & BUF_TYPE_WIDTH_MASK) { ++ case 4: ++ c = ((unsigned long)*p++) << 24; ++ c |= ((unsigned long)*p++) << 16; ++ c |= ((unsigned long)*p++) << 8; ++ c |= *p++; ++ break; ++ ++ case 2: ++ c = ((unsigned long)*p++) << 8; ++ c |= *p++; ++ break; ++ ++ case 1: ++ c = *p++; ++ break; ++ ++ case 0: ++ i = UTF8_getc(p, buflen, &c); ++ if (i < 0) ++ return -1; /* Invalid UTF8String */ ++ p += i; ++ break; ++ default: ++ return -1; /* invalid width */ ++ } ++ if (p == q && flags & ASN1_STRFLGS_ESC_2253) ++ orflags = CHARTYPE_LAST_ESC_2253; ++ if (type & BUF_TYPE_CONVUTF8) { ++ unsigned char utfbuf[6]; ++ int utflen; ++ utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); ++ for (i = 0; i < utflen; i++) { ++ /* ++ * We don't need to worry about setting orflags correctly ++ * because if utflen==1 its value will be correct anyway ++ * otherwise each character will be > 0x7f and so the ++ * character will never be escaped on first and last. ++ */ ++ len = ++ do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), ++ quotes, io_ch, arg); ++ if (len < 0) ++ return -1; ++ outlen += len; ++ } ++ } else { ++ len = ++ do_esc_char(c, (unsigned char)(flags | orflags), quotes, ++ io_ch, arg); ++ if (len < 0) ++ return -1; ++ outlen += len; ++ } ++ } ++ return outlen; + } + + /* This function hex dumps a buffer of characters */ + +-static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) ++static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, ++ int buflen) + { +- static const char hexdig[] = "0123456789ABCDEF"; +- unsigned char *p, *q; +- char hextmp[2]; +- if(arg) { +- p = buf; +- q = buf + buflen; +- while(p != q) { +- hextmp[0] = hexdig[*p >> 4]; +- hextmp[1] = hexdig[*p & 0xf]; +- if(!io_ch(arg, hextmp, 2)) return -1; +- p++; +- } +- } +- return buflen << 1; ++ static const char hexdig[] = "0123456789ABCDEF"; ++ unsigned char *p, *q; ++ char hextmp[2]; ++ if (arg) { ++ p = buf; ++ q = buf + buflen; ++ while (p != q) { ++ hextmp[0] = hexdig[*p >> 4]; ++ hextmp[1] = hexdig[*p & 0xf]; ++ if (!io_ch(arg, hextmp, 2)) ++ return -1; ++ p++; ++ } ++ } ++ return buflen << 1; + } + +-/* "dump" a string. This is done when the type is unknown, +- * or the flags request it. We can either dump the content +- * octets or the entire DER encoding. This uses the RFC2253 +- * #01234 format. ++/* ++ * "dump" a string. This is done when the type is unknown, or the flags ++ * request it. We can either dump the content octets or the entire DER ++ * encoding. This uses the RFC2253 #01234 format. + */ + +-static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) ++static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ++ ASN1_STRING *str) + { +- /* Placing the ASN1_STRING in a temp ASN1_TYPE allows +- * the DER encoding to readily obtained +- */ +- ASN1_TYPE t; +- unsigned char *der_buf, *p; +- int outlen, der_len; +- +- if(!io_ch(arg, "#", 1)) return -1; +- /* If we don't dump DER encoding just dump content octets */ +- if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { +- outlen = do_hex_dump(io_ch, arg, str->data, str->length); +- if(outlen < 0) return -1; +- return outlen + 1; +- } +- t.type = str->type; +- t.value.ptr = (char *)str; +- der_len = i2d_ASN1_TYPE(&t, NULL); +- der_buf = OPENSSL_malloc(der_len); +- if(!der_buf) return -1; +- p = der_buf; +- i2d_ASN1_TYPE(&t, &p); +- outlen = do_hex_dump(io_ch, arg, der_buf, der_len); +- OPENSSL_free(der_buf); +- if(outlen < 0) return -1; +- return outlen + 1; ++ /* ++ * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to ++ * readily obtained ++ */ ++ ASN1_TYPE t; ++ unsigned char *der_buf, *p; ++ int outlen, der_len; ++ ++ if (!io_ch(arg, "#", 1)) ++ return -1; ++ /* If we don't dump DER encoding just dump content octets */ ++ if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { ++ outlen = do_hex_dump(io_ch, arg, str->data, str->length); ++ if (outlen < 0) ++ return -1; ++ return outlen + 1; ++ } ++ t.type = str->type; ++ t.value.ptr = (char *)str; ++ der_len = i2d_ASN1_TYPE(&t, NULL); ++ der_buf = OPENSSL_malloc(der_len); ++ if (!der_buf) ++ return -1; ++ p = der_buf; ++ i2d_ASN1_TYPE(&t, &p); ++ outlen = do_hex_dump(io_ch, arg, der_buf, der_len); ++ OPENSSL_free(der_buf); ++ if (outlen < 0) ++ return -1; ++ return outlen + 1; + } + +-/* Lookup table to convert tags to character widths, +- * 0 = UTF8 encoded, -1 is used for non string types +- * otherwise it is the number of bytes per character ++/* ++ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is ++ * used for non string types otherwise it is the number of bytes per ++ * character + */ + + static const signed char tag2nbyte[] = { +- -1, -1, -1, -1, -1, /* 0-4 */ +- -1, -1, -1, -1, -1, /* 5-9 */ +- -1, -1, 0, -1, /* 10-13 */ +- -1, -1, -1, -1, /* 15-17 */ +- -1, 1, 1, /* 18-20 */ +- -1, 1, 1, 1, /* 21-24 */ +- -1, 1, -1, /* 25-27 */ +- 4, -1, 2 /* 28-30 */ ++ -1, -1, -1, -1, -1, /* 0-4 */ ++ -1, -1, -1, -1, -1, /* 5-9 */ ++ -1, -1, 0, -1, /* 10-13 */ ++ -1, -1, -1, -1, /* 15-17 */ ++ -1, 1, 1, /* 18-20 */ ++ -1, 1, 1, 1, /* 21-24 */ ++ -1, 1, -1, /* 25-27 */ ++ 4, -1, 2 /* 28-30 */ + }; + +-/* This is the main function, print out an +- * ASN1_STRING taking note of various escape +- * and display options. Returns number of +- * characters written or -1 if an error +- * occurred. ++/* ++ * This is the main function, print out an ASN1_STRING taking note of various ++ * escape and display options. Returns number of characters written or -1 if ++ * an error occurred. + */ + +-static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) ++static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ++ ASN1_STRING *str) + { +- int outlen, len; +- int type; +- char quotes; +- unsigned char flags; +- quotes = 0; +- /* Keep a copy of escape flags */ +- flags = (unsigned char)(lflags & ESC_FLAGS); +- +- type = str->type; +- +- outlen = 0; +- +- +- if(lflags & ASN1_STRFLGS_SHOW_TYPE) { +- const char *tagname; +- tagname = ASN1_tag2str(type); +- outlen += strlen(tagname); +- if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; +- outlen++; +- } +- +- /* Decide what to do with type, either dump content or display it */ +- +- /* Dump everything */ +- if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; +- /* Ignore the string type */ +- else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; +- else { +- /* Else determine width based on type */ +- if((type > 0) && (type < 31)) type = tag2nbyte[type]; +- else type = -1; +- if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; +- } +- +- if(type == -1) { +- len = do_dump(lflags, io_ch, arg, str); +- if(len < 0) return -1; +- outlen += len; +- return outlen; +- } +- +- if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { +- /* Note: if string is UTF8 and we want +- * to convert to UTF8 then we just interpret +- * it as 1 byte per character to avoid converting +- * twice. +- */ +- if(!type) type = 1; +- else type |= BUF_TYPE_CONVUTF8; +- } +- +- len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); +- if(len < 0) return -1; +- outlen += len; +- if(quotes) outlen += 2; +- if(!arg) return outlen; +- if(quotes && !io_ch(arg, "\"", 1)) return -1; +- if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) +- return -1; +- if(quotes && !io_ch(arg, "\"", 1)) return -1; +- return outlen; ++ int outlen, len; ++ int type; ++ char quotes; ++ unsigned char flags; ++ quotes = 0; ++ /* Keep a copy of escape flags */ ++ flags = (unsigned char)(lflags & ESC_FLAGS); ++ ++ type = str->type; ++ ++ outlen = 0; ++ ++ if (lflags & ASN1_STRFLGS_SHOW_TYPE) { ++ const char *tagname; ++ tagname = ASN1_tag2str(type); ++ outlen += strlen(tagname); ++ if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) ++ return -1; ++ outlen++; ++ } ++ ++ /* Decide what to do with type, either dump content or display it */ ++ ++ /* Dump everything */ ++ if (lflags & ASN1_STRFLGS_DUMP_ALL) ++ type = -1; ++ /* Ignore the string type */ ++ else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) ++ type = 1; ++ else { ++ /* Else determine width based on type */ ++ if ((type > 0) && (type < 31)) ++ type = tag2nbyte[type]; ++ else ++ type = -1; ++ if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) ++ type = 1; ++ } ++ ++ if (type == -1) { ++ len = do_dump(lflags, io_ch, arg, str); ++ if (len < 0) ++ return -1; ++ outlen += len; ++ return outlen; ++ } ++ ++ if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { ++ /* ++ * Note: if string is UTF8 and we want to convert to UTF8 then we ++ * just interpret it as 1 byte per character to avoid converting ++ * twice. ++ */ ++ if (!type) ++ type = 1; ++ else ++ type |= BUF_TYPE_CONVUTF8; ++ } ++ ++ len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); ++ if (len < 0) ++ return -1; ++ outlen += len; ++ if (quotes) ++ outlen += 2; ++ if (!arg) ++ return outlen; ++ if (quotes && !io_ch(arg, "\"", 1)) ++ return -1; ++ if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) ++ return -1; ++ if (quotes && !io_ch(arg, "\"", 1)) ++ return -1; ++ return outlen; + } + + /* Used for line indenting: print 'indent' spaces */ + + static int do_indent(char_io *io_ch, void *arg, int indent) + { +- int i; +- for(i = 0; i < indent; i++) +- if(!io_ch(arg, " ", 1)) return 0; +- return 1; ++ int i; ++ for (i = 0; i < indent; i++) ++ if (!io_ch(arg, " ", 1)) ++ return 0; ++ return 1; + } + +-#define FN_WIDTH_LN 25 +-#define FN_WIDTH_SN 10 ++#define FN_WIDTH_LN 25 ++#define FN_WIDTH_SN 10 + + static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, +- int indent, unsigned long flags) ++ int indent, unsigned long flags) + { +- int i, prev = -1, orflags, cnt; +- int fn_opt, fn_nid; +- ASN1_OBJECT *fn; +- ASN1_STRING *val; +- X509_NAME_ENTRY *ent; +- char objtmp[80]; +- const char *objbuf; +- int outlen, len; +- char *sep_dn, *sep_mv, *sep_eq; +- int sep_dn_len, sep_mv_len, sep_eq_len; +- if(indent < 0) indent = 0; +- outlen = indent; +- if(!do_indent(io_ch, arg, indent)) return -1; +- switch (flags & XN_FLAG_SEP_MASK) +- { +- case XN_FLAG_SEP_MULTILINE: +- sep_dn = "\n"; +- sep_dn_len = 1; +- sep_mv = " + "; +- sep_mv_len = 3; +- break; +- +- case XN_FLAG_SEP_COMMA_PLUS: +- sep_dn = ","; +- sep_dn_len = 1; +- sep_mv = "+"; +- sep_mv_len = 1; +- indent = 0; +- break; +- +- case XN_FLAG_SEP_CPLUS_SPC: +- sep_dn = ", "; +- sep_dn_len = 2; +- sep_mv = " + "; +- sep_mv_len = 3; +- indent = 0; +- break; +- +- case XN_FLAG_SEP_SPLUS_SPC: +- sep_dn = "; "; +- sep_dn_len = 2; +- sep_mv = " + "; +- sep_mv_len = 3; +- indent = 0; +- break; +- +- default: +- return -1; +- } +- +- if(flags & XN_FLAG_SPC_EQ) { +- sep_eq = " = "; +- sep_eq_len = 3; +- } else { +- sep_eq = "="; +- sep_eq_len = 1; +- } +- +- fn_opt = flags & XN_FLAG_FN_MASK; +- +- cnt = X509_NAME_entry_count(n); +- for(i = 0; i < cnt; i++) { +- if(flags & XN_FLAG_DN_REV) +- ent = X509_NAME_get_entry(n, cnt - i - 1); +- else ent = X509_NAME_get_entry(n, i); +- if(prev != -1) { +- if(prev == ent->set) { +- if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; +- outlen += sep_mv_len; +- } else { +- if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; +- outlen += sep_dn_len; +- if(!do_indent(io_ch, arg, indent)) return -1; +- outlen += indent; +- } +- } +- prev = ent->set; +- fn = X509_NAME_ENTRY_get_object(ent); +- val = X509_NAME_ENTRY_get_data(ent); +- fn_nid = OBJ_obj2nid(fn); +- if(fn_opt != XN_FLAG_FN_NONE) { +- int objlen, fld_len; +- if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { +- OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); +- fld_len = 0; /* XXX: what should this be? */ +- objbuf = objtmp; +- } else { +- if(fn_opt == XN_FLAG_FN_SN) { +- fld_len = FN_WIDTH_SN; +- objbuf = OBJ_nid2sn(fn_nid); +- } else if(fn_opt == XN_FLAG_FN_LN) { +- fld_len = FN_WIDTH_LN; +- objbuf = OBJ_nid2ln(fn_nid); +- } else { +- fld_len = 0; /* XXX: what should this be? */ +- objbuf = ""; +- } +- } +- objlen = strlen(objbuf); +- if(!io_ch(arg, objbuf, objlen)) return -1; +- if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { +- if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; +- outlen += fld_len - objlen; +- } +- if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; +- outlen += objlen + sep_eq_len; +- } +- /* If the field name is unknown then fix up the DER dump +- * flag. We might want to limit this further so it will +- * DER dump on anything other than a few 'standard' fields. +- */ +- if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) +- orflags = ASN1_STRFLGS_DUMP_ALL; +- else orflags = 0; +- +- len = do_print_ex(io_ch, arg, flags | orflags, val); +- if(len < 0) return -1; +- outlen += len; +- } +- return outlen; ++ int i, prev = -1, orflags, cnt; ++ int fn_opt, fn_nid; ++ ASN1_OBJECT *fn; ++ ASN1_STRING *val; ++ X509_NAME_ENTRY *ent; ++ char objtmp[80]; ++ const char *objbuf; ++ int outlen, len; ++ char *sep_dn, *sep_mv, *sep_eq; ++ int sep_dn_len, sep_mv_len, sep_eq_len; ++ if (indent < 0) ++ indent = 0; ++ outlen = indent; ++ if (!do_indent(io_ch, arg, indent)) ++ return -1; ++ switch (flags & XN_FLAG_SEP_MASK) { ++ case XN_FLAG_SEP_MULTILINE: ++ sep_dn = "\n"; ++ sep_dn_len = 1; ++ sep_mv = " + "; ++ sep_mv_len = 3; ++ break; ++ ++ case XN_FLAG_SEP_COMMA_PLUS: ++ sep_dn = ","; ++ sep_dn_len = 1; ++ sep_mv = "+"; ++ sep_mv_len = 1; ++ indent = 0; ++ break; ++ ++ case XN_FLAG_SEP_CPLUS_SPC: ++ sep_dn = ", "; ++ sep_dn_len = 2; ++ sep_mv = " + "; ++ sep_mv_len = 3; ++ indent = 0; ++ break; ++ ++ case XN_FLAG_SEP_SPLUS_SPC: ++ sep_dn = "; "; ++ sep_dn_len = 2; ++ sep_mv = " + "; ++ sep_mv_len = 3; ++ indent = 0; ++ break; ++ ++ default: ++ return -1; ++ } ++ ++ if (flags & XN_FLAG_SPC_EQ) { ++ sep_eq = " = "; ++ sep_eq_len = 3; ++ } else { ++ sep_eq = "="; ++ sep_eq_len = 1; ++ } ++ ++ fn_opt = flags & XN_FLAG_FN_MASK; ++ ++ cnt = X509_NAME_entry_count(n); ++ for (i = 0; i < cnt; i++) { ++ if (flags & XN_FLAG_DN_REV) ++ ent = X509_NAME_get_entry(n, cnt - i - 1); ++ else ++ ent = X509_NAME_get_entry(n, i); ++ if (prev != -1) { ++ if (prev == ent->set) { ++ if (!io_ch(arg, sep_mv, sep_mv_len)) ++ return -1; ++ outlen += sep_mv_len; ++ } else { ++ if (!io_ch(arg, sep_dn, sep_dn_len)) ++ return -1; ++ outlen += sep_dn_len; ++ if (!do_indent(io_ch, arg, indent)) ++ return -1; ++ outlen += indent; ++ } ++ } ++ prev = ent->set; ++ fn = X509_NAME_ENTRY_get_object(ent); ++ val = X509_NAME_ENTRY_get_data(ent); ++ fn_nid = OBJ_obj2nid(fn); ++ if (fn_opt != XN_FLAG_FN_NONE) { ++ int objlen, fld_len; ++ if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { ++ OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); ++ fld_len = 0; /* XXX: what should this be? */ ++ objbuf = objtmp; ++ } else { ++ if (fn_opt == XN_FLAG_FN_SN) { ++ fld_len = FN_WIDTH_SN; ++ objbuf = OBJ_nid2sn(fn_nid); ++ } else if (fn_opt == XN_FLAG_FN_LN) { ++ fld_len = FN_WIDTH_LN; ++ objbuf = OBJ_nid2ln(fn_nid); ++ } else { ++ fld_len = 0; /* XXX: what should this be? */ ++ objbuf = ""; ++ } ++ } ++ objlen = strlen(objbuf); ++ if (!io_ch(arg, objbuf, objlen)) ++ return -1; ++ if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { ++ if (!do_indent(io_ch, arg, fld_len - objlen)) ++ return -1; ++ outlen += fld_len - objlen; ++ } ++ if (!io_ch(arg, sep_eq, sep_eq_len)) ++ return -1; ++ outlen += objlen + sep_eq_len; ++ } ++ /* ++ * If the field name is unknown then fix up the DER dump flag. We ++ * might want to limit this further so it will DER dump on anything ++ * other than a few 'standard' fields. ++ */ ++ if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) ++ orflags = ASN1_STRFLGS_DUMP_ALL; ++ else ++ orflags = 0; ++ ++ len = do_print_ex(io_ch, arg, flags | orflags, val); ++ if (len < 0) ++ return -1; ++ outlen += len; ++ } ++ return outlen; + } + + /* Wrappers round the main functions */ + +-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) ++int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, ++ unsigned long flags) + { +- if(flags == XN_FLAG_COMPAT) +- return X509_NAME_print(out, nm, indent); +- return do_name_ex(send_bio_chars, out, nm, indent, flags); ++ if (flags == XN_FLAG_COMPAT) ++ return X509_NAME_print(out, nm, indent); ++ return do_name_ex(send_bio_chars, out, nm, indent, flags); + } + + #ifndef OPENSSL_NO_FP_API +-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) ++int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, ++ unsigned long flags) + { +- if(flags == XN_FLAG_COMPAT) +- { +- BIO *btmp; +- int ret; +- btmp = BIO_new_fp(fp, BIO_NOCLOSE); +- if(!btmp) return -1; +- ret = X509_NAME_print(btmp, nm, indent); +- BIO_free(btmp); +- return ret; +- } +- return do_name_ex(send_fp_chars, fp, nm, indent, flags); ++ if (flags == XN_FLAG_COMPAT) { ++ BIO *btmp; ++ int ret; ++ btmp = BIO_new_fp(fp, BIO_NOCLOSE); ++ if (!btmp) ++ return -1; ++ ret = X509_NAME_print(btmp, nm, indent); ++ BIO_free(btmp); ++ return ret; ++ } ++ return do_name_ex(send_fp_chars, fp, nm, indent, flags); + } + #endif + + int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) + { +- return do_print_ex(send_bio_chars, out, flags, str); ++ return do_print_ex(send_bio_chars, out, flags, str); + } + + #ifndef OPENSSL_NO_FP_API + int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) + { +- return do_print_ex(send_fp_chars, fp, flags, str); ++ return do_print_ex(send_fp_chars, fp, flags, str); + } + #endif + +-/* Utility function: convert any string type to UTF8, returns number of bytes ++/* ++ * Utility function: convert any string type to UTF8, returns number of bytes + * in output string or a negative error code + */ + + int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) + { +- ASN1_STRING stmp, *str = &stmp; +- int mbflag, type, ret; +- if(!in) return -1; +- type = in->type; +- if((type < 0) || (type > 30)) return -1; +- mbflag = tag2nbyte[type]; +- if(mbflag == -1) return -1; +- mbflag |= MBSTRING_FLAG; +- stmp.data = NULL; +- stmp.length = 0; +- ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); +- if(ret < 0) return ret; +- *out = stmp.data; +- return stmp.length; ++ ASN1_STRING stmp, *str = &stmp; ++ int mbflag, type, ret; ++ if (!in) ++ return -1; ++ type = in->type; ++ if ((type < 0) || (type > 30)) ++ return -1; ++ mbflag = tag2nbyte[type]; ++ if (mbflag == -1) ++ return -1; ++ mbflag |= MBSTRING_FLAG; ++ stmp.data = NULL; ++ stmp.length = 0; ++ ret = ++ ASN1_mbstring_copy(&str, in->data, in->length, mbflag, ++ B_ASN1_UTF8STRING); ++ if (ret < 0) ++ return ret; ++ *out = stmp.data; ++ return stmp.length; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +index 9b7d688..1796fba 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +@@ -1,6 +1,7 @@ + /* a_strnid.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,32 +63,32 @@ + #include + #include + +- + static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; + static void st_free(ASN1_STRING_TABLE *tbl); +-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, +- const ASN1_STRING_TABLE * const *b); ++static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, ++ const ASN1_STRING_TABLE *const *b); + static int table_cmp(const void *a, const void *b); + +- +-/* This is the global mask for the mbstring functions: this is use to +- * mask out certain types (such as BMPString and UTF8String) because +- * certain software (e.g. Netscape) has problems with them. ++/* ++ * This is the global mask for the mbstring functions: this is use to mask ++ * out certain types (such as BMPString and UTF8String) because certain ++ * software (e.g. Netscape) has problems with them. + */ + + static unsigned long global_mask = B_ASN1_UTF8STRING; + + void ASN1_STRING_set_default_mask(unsigned long mask) + { +- global_mask = mask; ++ global_mask = mask; + } + + unsigned long ASN1_STRING_get_default_mask(void) + { +- return global_mask; ++ return global_mask; + } + +-/* This function sets the default to various "flavours" of configuration. ++/*- ++ * This function sets the default to various "flavours" of configuration. + * based on an ASCII string. Currently this is: + * MASK:XXXX : a numerical mask value. + * nobmp : Don't use BMPStrings (just Printable, T61). +@@ -98,159 +99,185 @@ unsigned long ASN1_STRING_get_default_mask(void) + + int ASN1_STRING_set_default_mask_asc(const char *p) + { +- unsigned long mask; +- char *end; +- if(!strncmp(p, "MASK:", 5)) { +- if(!p[5]) return 0; +- mask = strtoul(p + 5, &end, 0); +- if(*end) return 0; +- } else if(!strcmp(p, "nombstr")) +- mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); +- else if(!strcmp(p, "pkix")) +- mask = ~((unsigned long)B_ASN1_T61STRING); +- else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; +- else if(!strcmp(p, "default")) +- mask = 0xFFFFFFFFL; +- else return 0; +- ASN1_STRING_set_default_mask(mask); +- return 1; ++ unsigned long mask; ++ char *end; ++ if (!strncmp(p, "MASK:", 5)) { ++ if (!p[5]) ++ return 0; ++ mask = strtoul(p + 5, &end, 0); ++ if (*end) ++ return 0; ++ } else if (!strcmp(p, "nombstr")) ++ mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); ++ else if (!strcmp(p, "pkix")) ++ mask = ~((unsigned long)B_ASN1_T61STRING); ++ else if (!strcmp(p, "utf8only")) ++ mask = B_ASN1_UTF8STRING; ++ else if (!strcmp(p, "default")) ++ mask = 0xFFFFFFFFL; ++ else ++ return 0; ++ ASN1_STRING_set_default_mask(mask); ++ return 1; + } + +-/* The following function generates an ASN1_STRING based on limits in a table. +- * Frequently the types and length of an ASN1_STRING are restricted by a +- * corresponding OID. For example certificates and certificate requests. ++/* ++ * The following function generates an ASN1_STRING based on limits in a ++ * table. Frequently the types and length of an ASN1_STRING are restricted by ++ * a corresponding OID. For example certificates and certificate requests. + */ + +-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, +- int inlen, int inform, int nid) ++ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, ++ const unsigned char *in, int inlen, ++ int inform, int nid) + { +- ASN1_STRING_TABLE *tbl; +- ASN1_STRING *str = NULL; +- unsigned long mask; +- int ret; +- if(!out) out = &str; +- tbl = ASN1_STRING_TABLE_get(nid); +- if(tbl) { +- mask = tbl->mask; +- if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; +- ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, +- tbl->minsize, tbl->maxsize); +- } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); +- if(ret <= 0) return NULL; +- return *out; ++ ASN1_STRING_TABLE *tbl; ++ ASN1_STRING *str = NULL; ++ unsigned long mask; ++ int ret; ++ if (!out) ++ out = &str; ++ tbl = ASN1_STRING_TABLE_get(nid); ++ if (tbl) { ++ mask = tbl->mask; ++ if (!(tbl->flags & STABLE_NO_MASK)) ++ mask &= global_mask; ++ ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, ++ tbl->minsize, tbl->maxsize); ++ } else ++ ret = ++ ASN1_mbstring_copy(out, in, inlen, inform, ++ DIRSTRING_TYPE & global_mask); ++ if (ret <= 0) ++ return NULL; ++ return *out; + } + +-/* Now the tables and helper functions for the string table: ++/* ++ * Now the tables and helper functions for the string table: + */ + + /* size limits: this stuff is taken straight from RFC3280 */ + +-#define ub_name 32768 +-#define ub_common_name 64 +-#define ub_locality_name 128 +-#define ub_state_name 128 +-#define ub_organization_name 64 +-#define ub_organization_unit_name 64 +-#define ub_title 64 +-#define ub_email_address 128 +-#define ub_serial_number 64 +- ++#define ub_name 32768 ++#define ub_common_name 64 ++#define ub_locality_name 128 ++#define ub_state_name 128 ++#define ub_organization_name 64 ++#define ub_organization_unit_name 64 ++#define ub_title 64 ++#define ub_email_address 128 ++#define ub_serial_number 64 + + /* This table must be kept in NID order */ + + static ASN1_STRING_TABLE tbl_standard[] = { +-{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, +-{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +-{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, +-{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, +-{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, +-{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, +-{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, +-{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, +-{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, +-{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, +-{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, +-{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, +-{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, +-{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +-{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, +-{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, +-{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, +-{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, +-{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} ++ {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, ++ {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, ++ {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, ++ {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, ++ {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, ++ {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, ++ 0}, ++ {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, ++ STABLE_NO_MASK}, ++ {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, ++ {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, ++ {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, ++ {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, ++ {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, ++ {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, ++ {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, ++ STABLE_NO_MASK}, ++ {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, ++ {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, ++ {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, ++ {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, ++ {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + }; + +-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, +- const ASN1_STRING_TABLE * const *b) ++static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, ++ const ASN1_STRING_TABLE *const *b) + { +- return (*a)->nid - (*b)->nid; ++ return (*a)->nid - (*b)->nid; + } + + static int table_cmp(const void *a, const void *b) + { +- const ASN1_STRING_TABLE *sa = a, *sb = b; +- return sa->nid - sb->nid; ++ const ASN1_STRING_TABLE *sa = a, *sb = b; ++ return sa->nid - sb->nid; + } + + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) + { +- int idx; +- ASN1_STRING_TABLE *ttmp; +- ASN1_STRING_TABLE fnd; +- fnd.nid = nid; +- ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, +- (char *)tbl_standard, +- sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), +- sizeof(ASN1_STRING_TABLE), table_cmp); +- if(ttmp) return ttmp; +- if(!stable) return NULL; +- idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); +- if(idx < 0) return NULL; +- return sk_ASN1_STRING_TABLE_value(stable, idx); ++ int idx; ++ ASN1_STRING_TABLE *ttmp; ++ ASN1_STRING_TABLE fnd; ++ fnd.nid = nid; ++ ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd, ++ (char *)tbl_standard, ++ sizeof(tbl_standard) / ++ sizeof(ASN1_STRING_TABLE), ++ sizeof(ASN1_STRING_TABLE), ++ table_cmp); ++ if (ttmp) ++ return ttmp; ++ if (!stable) ++ return NULL; ++ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); ++ if (idx < 0) ++ return NULL; ++ return sk_ASN1_STRING_TABLE_value(stable, idx); + } +- ++ + int ASN1_STRING_TABLE_add(int nid, +- long minsize, long maxsize, unsigned long mask, +- unsigned long flags) ++ long minsize, long maxsize, unsigned long mask, ++ unsigned long flags) + { +- ASN1_STRING_TABLE *tmp; +- char new_nid = 0; +- flags &= ~STABLE_FLAGS_MALLOC; +- if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); +- if(!stable) { +- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if(!(tmp = ASN1_STRING_TABLE_get(nid))) { +- tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); +- if(!tmp) { +- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- tmp->flags = flags | STABLE_FLAGS_MALLOC; +- tmp->nid = nid; +- new_nid = 1; +- } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; +- if(minsize != -1) tmp->minsize = minsize; +- if(maxsize != -1) tmp->maxsize = maxsize; +- tmp->mask = mask; +- if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); +- return 1; ++ ASN1_STRING_TABLE *tmp; ++ char new_nid = 0; ++ flags &= ~STABLE_FLAGS_MALLOC; ++ if (!stable) ++ stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); ++ if (!stable) { ++ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!(tmp = ASN1_STRING_TABLE_get(nid))) { ++ tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); ++ if (!tmp) { ++ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ tmp->flags = flags | STABLE_FLAGS_MALLOC; ++ tmp->nid = nid; ++ new_nid = 1; ++ } else ++ tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; ++ if (minsize != -1) ++ tmp->minsize = minsize; ++ if (maxsize != -1) ++ tmp->maxsize = maxsize; ++ tmp->mask = mask; ++ if (new_nid) ++ sk_ASN1_STRING_TABLE_push(stable, tmp); ++ return 1; + } + + void ASN1_STRING_TABLE_cleanup(void) + { +- STACK_OF(ASN1_STRING_TABLE) *tmp; +- tmp = stable; +- if(!tmp) return; +- stable = NULL; +- sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); ++ STACK_OF(ASN1_STRING_TABLE) *tmp; ++ tmp = stable; ++ if (!tmp) ++ return; ++ stable = NULL; ++ sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); + } + + static void st_free(ASN1_STRING_TABLE *tbl) + { +- if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); ++ if (tbl->flags & STABLE_FLAGS_MALLOC) ++ OPENSSL_free(tbl); + } + + +@@ -260,30 +287,27 @@ IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) + + main() + { +- ASN1_STRING_TABLE *tmp; +- int i, last_nid = -1; +- +- for (tmp = tbl_standard, i = 0; +- i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) +- { +- if (tmp->nid < last_nid) +- { +- last_nid = 0; +- break; +- } +- last_nid = tmp->nid; +- } +- +- if (last_nid != 0) +- { +- printf("Table order OK\n"); +- exit(0); +- } +- +- for (tmp = tbl_standard, i = 0; +- i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++) +- printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, +- OBJ_nid2ln(tmp->nid)); ++ ASN1_STRING_TABLE *tmp; ++ int i, last_nid = -1; ++ ++ for (tmp = tbl_standard, i = 0; ++ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) { ++ if (tmp->nid < last_nid) { ++ last_nid = 0; ++ break; ++ } ++ last_nid = tmp->nid; ++ } ++ ++ if (last_nid != 0) { ++ printf("Table order OK\n"); ++ exit(0); ++ } ++ ++ for (tmp = tbl_standard, i = 0; ++ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) ++ printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, ++ OBJ_nid2ln(tmp->nid)); + + } + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +index 159681f..34ac720 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_time.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,8 +53,8 @@ + * + */ + +- +-/* This is an implementation of the ASN1 Time structure which is: ++/*- ++ * This is an implementation of the ASN1 Time structure which is: + * Time ::= CHOICE { + * utcTime UTCTime, + * generalTime GeneralizedTime } +@@ -73,92 +73,94 @@ IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) + + #if 0 + int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) +- { +-#ifdef CHARSET_EBCDIC +- /* KLUDGE! We convert to ascii before writing DER */ +- char tmp[24]; +- ASN1_STRING tmpstr; +- +- if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { +- int len; +- +- tmpstr = *(ASN1_STRING *)a; +- len = tmpstr.length; +- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); +- tmpstr.data = tmp; +- a = (ASN1_GENERALIZEDTIME *) &tmpstr; +- } +-#endif +- if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) +- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, +- a->type ,V_ASN1_UNIVERSAL)); +- ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); +- return -1; +- } ++{ ++# ifdef CHARSET_EBCDIC ++ /* KLUDGE! We convert to ascii before writing DER */ ++ char tmp[24]; ++ ASN1_STRING tmpstr; ++ ++ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { ++ int len; ++ ++ tmpstr = *(ASN1_STRING *)a; ++ len = tmpstr.length; ++ ebcdic2ascii(tmp, tmpstr.data, ++ (len >= sizeof tmp) ? sizeof tmp : len); ++ tmpstr.data = tmp; ++ a = (ASN1_GENERALIZEDTIME *)&tmpstr; ++ } ++# endif ++ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) ++ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, ++ a->type, V_ASN1_UNIVERSAL)); ++ ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); ++ return -1; ++} + #endif + +- + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) +- { +- struct tm *ts; +- struct tm data; +- +- ts=OPENSSL_gmtime(&t,&data); +- if (ts == NULL) +- { +- ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); +- return NULL; +- } +- if((ts->tm_year >= 50) && (ts->tm_year < 150)) +- return ASN1_UTCTIME_set(s, t); +- return ASN1_GENERALIZEDTIME_set(s,t); +- } ++{ ++ struct tm *ts; ++ struct tm data; ++ ++ ts = OPENSSL_gmtime(&t, &data); ++ if (ts == NULL) { ++ ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); ++ return NULL; ++ } ++ if ((ts->tm_year >= 50) && (ts->tm_year < 150)) ++ return ASN1_UTCTIME_set(s, t); ++ return ASN1_GENERALIZEDTIME_set(s, t); ++} + + int ASN1_TIME_check(ASN1_TIME *t) +- { +- if (t->type == V_ASN1_GENERALIZEDTIME) +- return ASN1_GENERALIZEDTIME_check(t); +- else if (t->type == V_ASN1_UTCTIME) +- return ASN1_UTCTIME_check(t); +- return 0; +- } ++{ ++ if (t->type == V_ASN1_GENERALIZEDTIME) ++ return ASN1_GENERALIZEDTIME_check(t); ++ else if (t->type == V_ASN1_UTCTIME) ++ return ASN1_UTCTIME_check(t); ++ return 0; ++} + + /* Convert an ASN1_TIME structure to GeneralizedTime */ +-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) +- { +- ASN1_GENERALIZEDTIME *ret; +- char *str; +- int newlen; +- +- if (!ASN1_TIME_check(t)) return NULL; +- +- if (!out || !*out) +- { +- if (!(ret = ASN1_GENERALIZEDTIME_new ())) +- return NULL; +- if (out) *out = ret; +- } +- else ret = *out; +- +- /* If already GeneralizedTime just copy across */ +- if (t->type == V_ASN1_GENERALIZEDTIME) +- { +- if(!ASN1_STRING_set(ret, t->data, t->length)) +- return NULL; +- return ret; +- } +- +- /* grow the string */ +- if (!ASN1_STRING_set(ret, NULL, t->length + 2)) +- return NULL; +- /* ASN1_STRING_set() allocated 'len + 1' bytes. */ +- newlen = t->length + 2 + 1; +- str = (char *)ret->data; +- /* Work out the century and prepend */ +- if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen); +- else BUF_strlcpy(str, "20", newlen); +- +- BUF_strlcat(str, (char *)t->data, newlen); +- +- return ret; +- } ++ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ++ ASN1_GENERALIZEDTIME **out) ++{ ++ ASN1_GENERALIZEDTIME *ret; ++ char *str; ++ int newlen; ++ ++ if (!ASN1_TIME_check(t)) ++ return NULL; ++ ++ if (!out || !*out) { ++ if (!(ret = ASN1_GENERALIZEDTIME_new())) ++ return NULL; ++ if (out) ++ *out = ret; ++ } else ++ ret = *out; ++ ++ /* If already GeneralizedTime just copy across */ ++ if (t->type == V_ASN1_GENERALIZEDTIME) { ++ if (!ASN1_STRING_set(ret, t->data, t->length)) ++ return NULL; ++ return ret; ++ } ++ ++ /* grow the string */ ++ if (!ASN1_STRING_set(ret, NULL, t->length + 2)) ++ return NULL; ++ /* ASN1_STRING_set() allocated 'len + 1' bytes. */ ++ newlen = t->length + 2 + 1; ++ str = (char *)ret->data; ++ /* Work out the century and prepend */ ++ if (t->data[0] >= '5') ++ BUF_strlcpy(str, "19", newlen); ++ else ++ BUF_strlcpy(str, "20", newlen); ++ ++ BUF_strlcat(str, (char *)t->data, newlen); ++ ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +index 36becea..69a5cf6 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_type.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,49 +62,93 @@ + #include + + int ASN1_TYPE_get(ASN1_TYPE *a) +- { +- if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) +- return(a->type); +- else +- return(0); +- } ++{ ++ if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) ++ return (a->type); ++ else ++ return (0); ++} + + void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) +- { +- if (a->value.ptr != NULL) +- { +- ASN1_TYPE **tmp_a = &a; +- ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); +- } +- a->type=type; +- a->value.ptr=value; +- } ++{ ++ if (a->value.ptr != NULL) { ++ ASN1_TYPE **tmp_a = &a; ++ ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); ++ } ++ a->type = type; ++ a->value.ptr = value; ++} + + int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) +- { +- if (!value || (type == V_ASN1_BOOLEAN)) +- { +- void *p = (void *)value; +- ASN1_TYPE_set(a, type, p); +- } +- else if (type == V_ASN1_OBJECT) +- { +- ASN1_OBJECT *odup; +- odup = OBJ_dup(value); +- if (!odup) +- return 0; +- ASN1_TYPE_set(a, type, odup); +- } +- else +- { +- ASN1_STRING *sdup; +- sdup = ASN1_STRING_dup((ASN1_STRING *)value); +- if (!sdup) +- return 0; +- ASN1_TYPE_set(a, type, sdup); +- } +- return 1; +- } ++{ ++ if (!value || (type == V_ASN1_BOOLEAN)) { ++ void *p = (void *)value; ++ ASN1_TYPE_set(a, type, p); ++ } else if (type == V_ASN1_OBJECT) { ++ ASN1_OBJECT *odup; ++ odup = OBJ_dup(value); ++ if (!odup) ++ return 0; ++ ASN1_TYPE_set(a, type, odup); ++ } else { ++ ASN1_STRING *sdup; ++ sdup = ASN1_STRING_dup((ASN1_STRING *)value); ++ if (!sdup) ++ return 0; ++ ASN1_TYPE_set(a, type, sdup); ++ } ++ return 1; ++} + + IMPLEMENT_STACK_OF(ASN1_TYPE) ++ + IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) ++ ++/* Returns 0 if they are equal, != 0 otherwise. */ ++int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) ++{ ++ int result = -1; ++ ++ if (!a || !b || a->type != b->type) ++ return -1; ++ ++ switch (a->type) { ++ case V_ASN1_OBJECT: ++ result = OBJ_cmp(a->value.object, b->value.object); ++ break; ++ case V_ASN1_BOOLEAN: ++ result = a->value.boolean - b->value.boolean; ++ break; ++ case V_ASN1_NULL: ++ result = 0; /* They do not have content. */ ++ break; ++ case V_ASN1_INTEGER: ++ case V_ASN1_NEG_INTEGER: ++ case V_ASN1_ENUMERATED: ++ case V_ASN1_NEG_ENUMERATED: ++ case V_ASN1_BIT_STRING: ++ case V_ASN1_OCTET_STRING: ++ case V_ASN1_SEQUENCE: ++ case V_ASN1_SET: ++ case V_ASN1_NUMERICSTRING: ++ case V_ASN1_PRINTABLESTRING: ++ case V_ASN1_T61STRING: ++ case V_ASN1_VIDEOTEXSTRING: ++ case V_ASN1_IA5STRING: ++ case V_ASN1_UTCTIME: ++ case V_ASN1_GENERALIZEDTIME: ++ case V_ASN1_GRAPHICSTRING: ++ case V_ASN1_VISIBLESTRING: ++ case V_ASN1_GENERALSTRING: ++ case V_ASN1_UNIVERSALSTRING: ++ case V_ASN1_BMPSTRING: ++ case V_ASN1_UTF8STRING: ++ case V_ASN1_OTHER: ++ default: ++ result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, ++ (ASN1_STRING *)b->value.ptr); ++ break; ++ } ++ ++ return result; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +index d31c028..2aabc67 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,240 +64,241 @@ + + #if 0 + int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) +- { +-#ifndef CHARSET_EBCDIC +- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, +- V_ASN1_UTCTIME,V_ASN1_UNIVERSAL)); +-#else +- /* KLUDGE! We convert to ascii before writing DER */ +- int len; +- char tmp[24]; +- ASN1_STRING x = *(ASN1_STRING *)a; +- +- len = x.length; +- ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); +- x.data = tmp; +- return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); +-#endif +- } +- ++{ ++# ifndef CHARSET_EBCDIC ++ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, ++ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); ++# else ++ /* KLUDGE! We convert to ascii before writing DER */ ++ int len; ++ char tmp[24]; ++ ASN1_STRING x = *(ASN1_STRING *)a; ++ ++ len = x.length; ++ ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); ++ x.data = tmp; ++ return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); ++# endif ++} + + ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, +- long length) +- { +- ASN1_UTCTIME *ret=NULL; +- +- ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, +- V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); +- if (ret == NULL) +- { +- ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR); +- return(NULL); +- } +-#ifdef CHARSET_EBCDIC +- ascii2ebcdic(ret->data, ret->data, ret->length); +-#endif +- if (!ASN1_UTCTIME_check(ret)) +- { +- ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT); +- goto err; +- } +- +- return(ret); +-err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) +- M_ASN1_UTCTIME_free(ret); +- return(NULL); +- } ++ long length) ++{ ++ ASN1_UTCTIME *ret = NULL; ++ ++ ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, ++ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); ++ return (NULL); ++ } ++# ifdef CHARSET_EBCDIC ++ ascii2ebcdic(ret->data, ret->data, ret->length); ++# endif ++ if (!ASN1_UTCTIME_check(ret)) { ++ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); ++ goto err; ++ } ++ ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_UTCTIME_free(ret); ++ return (NULL); ++} + + #endif + + int ASN1_UTCTIME_check(ASN1_UTCTIME *d) +- { +- static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; +- static int max[8]={99,12,31,23,59,59,12,59}; +- char *a; +- int n,i,l,o; +- +- if (d->type != V_ASN1_UTCTIME) return(0); +- l=d->length; +- a=(char *)d->data; +- o=0; +- +- if (l < 11) goto err; +- for (i=0; i<6; i++) +- { +- if ((i == 5) && ((a[o] == 'Z') || +- (a[o] == '+') || (a[o] == '-'))) +- { i++; break; } +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n= a[o]-'0'; +- if (++o > l) goto err; +- +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n=(n*10)+ a[o]-'0'; +- if (++o > l) goto err; +- +- if ((n < min[i]) || (n > max[i])) goto err; +- } +- if (a[o] == 'Z') +- o++; +- else if ((a[o] == '+') || (a[o] == '-')) +- { +- o++; +- if (o+4 > l) goto err; +- for (i=6; i<8; i++) +- { +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n= a[o]-'0'; +- o++; +- if ((a[o] < '0') || (a[o] > '9')) goto err; +- n=(n*10)+ a[o]-'0'; +- if ((n < min[i]) || (n > max[i])) goto err; +- o++; +- } +- } +- return(o == l); +-err: +- return(0); +- } ++{ ++ static int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; ++ static int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 }; ++ char *a; ++ int n, i, l, o; ++ ++ if (d->type != V_ASN1_UTCTIME) ++ return (0); ++ l = d->length; ++ a = (char *)d->data; ++ o = 0; ++ ++ if (l < 11) ++ goto err; ++ for (i = 0; i < 6; i++) { ++ if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) { ++ i++; ++ break; ++ } ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = a[o] - '0'; ++ if (++o > l) ++ goto err; ++ ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = (n * 10) + a[o] - '0'; ++ if (++o > l) ++ goto err; ++ ++ if ((n < min[i]) || (n > max[i])) ++ goto err; ++ } ++ if (a[o] == 'Z') ++ o++; ++ else if ((a[o] == '+') || (a[o] == '-')) { ++ o++; ++ if (o + 4 > l) ++ goto err; ++ for (i = 6; i < 8; i++) { ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = a[o] - '0'; ++ o++; ++ if ((a[o] < '0') || (a[o] > '9')) ++ goto err; ++ n = (n * 10) + a[o] - '0'; ++ if ((n < min[i]) || (n > max[i])) ++ goto err; ++ o++; ++ } ++ } ++ return (o == l); ++ err: ++ return (0); ++} + + int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) +- { +- ASN1_UTCTIME t; +- +- t.type=V_ASN1_UTCTIME; +- t.length=strlen(str); +- t.data=(unsigned char *)str; +- if (ASN1_UTCTIME_check(&t)) +- { +- if (s != NULL) +- { +- if (!ASN1_STRING_set((ASN1_STRING *)s, +- (unsigned char *)str,t.length)) +- return 0; +- s->type = V_ASN1_UTCTIME; +- } +- return(1); +- } +- else +- return(0); +- } ++{ ++ ASN1_UTCTIME t; ++ ++ t.type = V_ASN1_UTCTIME; ++ t.length = strlen(str); ++ t.data = (unsigned char *)str; ++ if (ASN1_UTCTIME_check(&t)) { ++ if (s != NULL) { ++ if (!ASN1_STRING_set((ASN1_STRING *)s, ++ (unsigned char *)str, t.length)) ++ return 0; ++ s->type = V_ASN1_UTCTIME; ++ } ++ return (1); ++ } else ++ return (0); ++} + + ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) +- { +- char *p; +- struct tm *ts; +- struct tm data; +- size_t len = 20; +- +- if (s == NULL) +- s=M_ASN1_UTCTIME_new(); +- if (s == NULL) +- return(NULL); +- +- ts=OPENSSL_gmtime(&t, &data); +- if (ts == NULL) +- return(NULL); +- +- p=(char *)s->data; +- if ((p == NULL) || ((size_t)s->length < len)) +- { +- p=OPENSSL_malloc(len); +- if (p == NULL) +- { +- ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- if (s->data != NULL) +- OPENSSL_free(s->data); +- s->data=(unsigned char *)p; +- } +- +- BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, +- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); +- s->length=strlen(p); +- s->type=V_ASN1_UTCTIME; ++{ ++ char *p; ++ struct tm *ts; ++ struct tm data; ++ size_t len = 20; ++ ++ if (s == NULL) ++ s = M_ASN1_UTCTIME_new(); ++ if (s == NULL) ++ return (NULL); ++ ++ ts = OPENSSL_gmtime(&t, &data); ++ if (ts == NULL) ++ return (NULL); ++ ++ p = (char *)s->data; ++ if ((p == NULL) || ((size_t)s->length < len)) { ++ p = OPENSSL_malloc(len); ++ if (p == NULL) { ++ ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ if (s->data != NULL) ++ OPENSSL_free(s->data); ++ s->data = (unsigned char *)p; ++ } ++ ++ BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, ++ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ++ ts->tm_sec); ++ s->length = strlen(p); ++ s->type = V_ASN1_UTCTIME; + #ifdef CHARSET_EBCDIC_not +- ebcdic2ascii(s->data, s->data, s->length); ++ ebcdic2ascii(s->data, s->data, s->length); + #endif +- return(s); +- } +- ++ return (s); ++} + + int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) +- { +- struct tm *tm; +- struct tm data; +- int offset; +- int year; ++{ ++ struct tm *tm; ++ struct tm data; ++ int offset; ++ int year; + + #define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') + +- if (s->data[12] == 'Z') +- offset=0; +- else +- { +- offset = g2(s->data+13)*60+g2(s->data+15); +- if (s->data[12] == '-') +- offset = -offset; +- } ++ if (s->data[12] == 'Z') ++ offset = 0; ++ else { ++ offset = g2(s->data + 13) * 60 + g2(s->data + 15); ++ if (s->data[12] == '-') ++ offset = -offset; ++ } + +- t -= offset*60; /* FIXME: may overflow in extreme cases */ ++ t -= offset * 60; /* FIXME: may overflow in extreme cases */ ++ ++ tm = OPENSSL_gmtime(&t, &data); + +- tm = OPENSSL_gmtime(&t, &data); +- + #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 +- year = g2(s->data); +- if (year < 50) +- year += 100; +- return_cmp(year, tm->tm_year); +- return_cmp(g2(s->data+2) - 1, tm->tm_mon); +- return_cmp(g2(s->data+4), tm->tm_mday); +- return_cmp(g2(s->data+6), tm->tm_hour); +- return_cmp(g2(s->data+8), tm->tm_min); +- return_cmp(g2(s->data+10), tm->tm_sec); ++ year = g2(s->data); ++ if (year < 50) ++ year += 100; ++ return_cmp(year, tm->tm_year); ++ return_cmp(g2(s->data + 2) - 1, tm->tm_mon); ++ return_cmp(g2(s->data + 4), tm->tm_mday); ++ return_cmp(g2(s->data + 6), tm->tm_hour); ++ return_cmp(g2(s->data + 8), tm->tm_min); ++ return_cmp(g2(s->data + 10), tm->tm_sec); + #undef g2 + #undef return_cmp + +- return 0; +- } +- ++ return 0; ++} + + #if 0 + time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) +- { +- struct tm tm; +- int offset; +- +- memset(&tm,'\0',sizeof tm); +- +-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') +- tm.tm_year=g2(s->data); +- if(tm.tm_year < 50) +- tm.tm_year+=100; +- tm.tm_mon=g2(s->data+2)-1; +- tm.tm_mday=g2(s->data+4); +- tm.tm_hour=g2(s->data+6); +- tm.tm_min=g2(s->data+8); +- tm.tm_sec=g2(s->data+10); +- if(s->data[12] == 'Z') +- offset=0; +- else +- { +- offset=g2(s->data+13)*60+g2(s->data+15); +- if(s->data[12] == '-') +- offset= -offset; +- } +-#undef g2 +- +- return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone +- * instead of UTC, and unless we rewrite OpenSSL +- * in Lisp we cannot locally change the timezone +- * without possibly interfering with other parts +- * of the program. timegm, which uses UTC, is +- * non-standard. +- * Also time_t is inappropriate for general +- * UTC times because it may a 32 bit type. */ +- } ++{ ++ struct tm tm; ++ int offset; ++ ++ memset(&tm, '\0', sizeof tm); ++ ++# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') ++ tm.tm_year = g2(s->data); ++ if (tm.tm_year < 50) ++ tm.tm_year += 100; ++ tm.tm_mon = g2(s->data + 2) - 1; ++ tm.tm_mday = g2(s->data + 4); ++ tm.tm_hour = g2(s->data + 6); ++ tm.tm_min = g2(s->data + 8); ++ tm.tm_sec = g2(s->data + 10); ++ if (s->data[12] == 'Z') ++ offset = 0; ++ else { ++ offset = g2(s->data + 13) * 60 + g2(s->data + 15); ++ if (s->data[12] == '-') ++ offset = -offset; ++ } ++# undef g2 ++ ++ /* ++ * FIXME: mktime assumes the current timezone ++ * instead of UTC, and unless we rewrite OpenSSL ++ * in Lisp we cannot locally change the timezone ++ * without possibly interfering with other parts ++ * of the program. timegm, which uses UTC, is ++ * non-standard. ++ * Also time_t is inappropriate for general ++ * UTC times because it may a 32 bit type. ++ */ ++ return mktime(&tm) - offset * 60; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c +index 508e11e..23dc2e8 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,10 +60,10 @@ + #include "cryptlib.h" + #include + +- + /* UTF8 utilities */ + +-/* This parses a UTF8 string one character at a time. It is passed a pointer ++/*- ++ * This parses a UTF8 string one character at a time. It is passed a pointer + * to the string and the length of the string. It sets 'value' to the value of + * the current character. It returns the number of characters read or a + * negative error code: +@@ -75,137 +75,163 @@ + + int UTF8_getc(const unsigned char *str, int len, unsigned long *val) + { +- const unsigned char *p; +- unsigned long value; +- int ret; +- if(len <= 0) return 0; +- p = str; ++ const unsigned char *p; ++ unsigned long value; ++ int ret; ++ if (len <= 0) ++ return 0; ++ p = str; + +- /* Check syntax and work out the encoded value (if correct) */ +- if((*p & 0x80) == 0) { +- value = *p++ & 0x7f; +- ret = 1; +- } else if((*p & 0xe0) == 0xc0) { +- if(len < 2) return -1; +- if((p[1] & 0xc0) != 0x80) return -3; +- value = (*p++ & 0x1f) << 6; +- value |= *p++ & 0x3f; +- if(value < 0x80) return -4; +- ret = 2; +- } else if((*p & 0xf0) == 0xe0) { +- if(len < 3) return -1; +- if( ((p[1] & 0xc0) != 0x80) +- || ((p[2] & 0xc0) != 0x80) ) return -3; +- value = (*p++ & 0xf) << 12; +- value |= (*p++ & 0x3f) << 6; +- value |= *p++ & 0x3f; +- if(value < 0x800) return -4; +- ret = 3; +- } else if((*p & 0xf8) == 0xf0) { +- if(len < 4) return -1; +- if( ((p[1] & 0xc0) != 0x80) +- || ((p[2] & 0xc0) != 0x80) +- || ((p[3] & 0xc0) != 0x80) ) return -3; +- value = ((unsigned long)(*p++ & 0x7)) << 18; +- value |= (*p++ & 0x3f) << 12; +- value |= (*p++ & 0x3f) << 6; +- value |= *p++ & 0x3f; +- if(value < 0x10000) return -4; +- ret = 4; +- } else if((*p & 0xfc) == 0xf8) { +- if(len < 5) return -1; +- if( ((p[1] & 0xc0) != 0x80) +- || ((p[2] & 0xc0) != 0x80) +- || ((p[3] & 0xc0) != 0x80) +- || ((p[4] & 0xc0) != 0x80) ) return -3; +- value = ((unsigned long)(*p++ & 0x3)) << 24; +- value |= ((unsigned long)(*p++ & 0x3f)) << 18; +- value |= ((unsigned long)(*p++ & 0x3f)) << 12; +- value |= (*p++ & 0x3f) << 6; +- value |= *p++ & 0x3f; +- if(value < 0x200000) return -4; +- ret = 5; +- } else if((*p & 0xfe) == 0xfc) { +- if(len < 6) return -1; +- if( ((p[1] & 0xc0) != 0x80) +- || ((p[2] & 0xc0) != 0x80) +- || ((p[3] & 0xc0) != 0x80) +- || ((p[4] & 0xc0) != 0x80) +- || ((p[5] & 0xc0) != 0x80) ) return -3; +- value = ((unsigned long)(*p++ & 0x1)) << 30; +- value |= ((unsigned long)(*p++ & 0x3f)) << 24; +- value |= ((unsigned long)(*p++ & 0x3f)) << 18; +- value |= ((unsigned long)(*p++ & 0x3f)) << 12; +- value |= (*p++ & 0x3f) << 6; +- value |= *p++ & 0x3f; +- if(value < 0x4000000) return -4; +- ret = 6; +- } else return -2; +- *val = value; +- return ret; ++ /* Check syntax and work out the encoded value (if correct) */ ++ if ((*p & 0x80) == 0) { ++ value = *p++ & 0x7f; ++ ret = 1; ++ } else if ((*p & 0xe0) == 0xc0) { ++ if (len < 2) ++ return -1; ++ if ((p[1] & 0xc0) != 0x80) ++ return -3; ++ value = (*p++ & 0x1f) << 6; ++ value |= *p++ & 0x3f; ++ if (value < 0x80) ++ return -4; ++ ret = 2; ++ } else if ((*p & 0xf0) == 0xe0) { ++ if (len < 3) ++ return -1; ++ if (((p[1] & 0xc0) != 0x80) ++ || ((p[2] & 0xc0) != 0x80)) ++ return -3; ++ value = (*p++ & 0xf) << 12; ++ value |= (*p++ & 0x3f) << 6; ++ value |= *p++ & 0x3f; ++ if (value < 0x800) ++ return -4; ++ ret = 3; ++ } else if ((*p & 0xf8) == 0xf0) { ++ if (len < 4) ++ return -1; ++ if (((p[1] & 0xc0) != 0x80) ++ || ((p[2] & 0xc0) != 0x80) ++ || ((p[3] & 0xc0) != 0x80)) ++ return -3; ++ value = ((unsigned long)(*p++ & 0x7)) << 18; ++ value |= (*p++ & 0x3f) << 12; ++ value |= (*p++ & 0x3f) << 6; ++ value |= *p++ & 0x3f; ++ if (value < 0x10000) ++ return -4; ++ ret = 4; ++ } else if ((*p & 0xfc) == 0xf8) { ++ if (len < 5) ++ return -1; ++ if (((p[1] & 0xc0) != 0x80) ++ || ((p[2] & 0xc0) != 0x80) ++ || ((p[3] & 0xc0) != 0x80) ++ || ((p[4] & 0xc0) != 0x80)) ++ return -3; ++ value = ((unsigned long)(*p++ & 0x3)) << 24; ++ value |= ((unsigned long)(*p++ & 0x3f)) << 18; ++ value |= ((unsigned long)(*p++ & 0x3f)) << 12; ++ value |= (*p++ & 0x3f) << 6; ++ value |= *p++ & 0x3f; ++ if (value < 0x200000) ++ return -4; ++ ret = 5; ++ } else if ((*p & 0xfe) == 0xfc) { ++ if (len < 6) ++ return -1; ++ if (((p[1] & 0xc0) != 0x80) ++ || ((p[2] & 0xc0) != 0x80) ++ || ((p[3] & 0xc0) != 0x80) ++ || ((p[4] & 0xc0) != 0x80) ++ || ((p[5] & 0xc0) != 0x80)) ++ return -3; ++ value = ((unsigned long)(*p++ & 0x1)) << 30; ++ value |= ((unsigned long)(*p++ & 0x3f)) << 24; ++ value |= ((unsigned long)(*p++ & 0x3f)) << 18; ++ value |= ((unsigned long)(*p++ & 0x3f)) << 12; ++ value |= (*p++ & 0x3f) << 6; ++ value |= *p++ & 0x3f; ++ if (value < 0x4000000) ++ return -4; ++ ret = 6; ++ } else ++ return -2; ++ *val = value; ++ return ret; + } + +-/* This takes a character 'value' and writes the UTF8 encoded value in +- * 'str' where 'str' is a buffer containing 'len' characters. Returns +- * the number of characters written or -1 if 'len' is too small. 'str' can +- * be set to NULL in which case it just returns the number of characters. +- * It will need at most 6 characters. ++/* ++ * This takes a character 'value' and writes the UTF8 encoded value in 'str' ++ * where 'str' is a buffer containing 'len' characters. Returns the number of ++ * characters written or -1 if 'len' is too small. 'str' can be set to NULL ++ * in which case it just returns the number of characters. It will need at ++ * most 6 characters. + */ + + int UTF8_putc(unsigned char *str, int len, unsigned long value) + { +- if(!str) len = 6; /* Maximum we will need */ +- else if(len <= 0) return -1; +- if(value < 0x80) { +- if(str) *str = (unsigned char)value; +- return 1; +- } +- if(value < 0x800) { +- if(len < 2) return -1; +- if(str) { +- *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); +- *str = (unsigned char)((value & 0x3f) | 0x80); +- } +- return 2; +- } +- if(value < 0x10000) { +- if(len < 3) return -1; +- if(str) { +- *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); +- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); +- *str = (unsigned char)((value & 0x3f) | 0x80); +- } +- return 3; +- } +- if(value < 0x200000) { +- if(len < 4) return -1; +- if(str) { +- *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); +- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); +- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); +- *str = (unsigned char)((value & 0x3f) | 0x80); +- } +- return 4; +- } +- if(value < 0x4000000) { +- if(len < 5) return -1; +- if(str) { +- *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); +- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); +- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); +- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); +- *str = (unsigned char)((value & 0x3f) | 0x80); +- } +- return 5; +- } +- if(len < 6) return -1; +- if(str) { +- *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); +- *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); +- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); +- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); +- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); +- *str = (unsigned char)((value & 0x3f) | 0x80); +- } +- return 6; ++ if (!str) ++ len = 6; /* Maximum we will need */ ++ else if (len <= 0) ++ return -1; ++ if (value < 0x80) { ++ if (str) ++ *str = (unsigned char)value; ++ return 1; ++ } ++ if (value < 0x800) { ++ if (len < 2) ++ return -1; ++ if (str) { ++ *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); ++ *str = (unsigned char)((value & 0x3f) | 0x80); ++ } ++ return 2; ++ } ++ if (value < 0x10000) { ++ if (len < 3) ++ return -1; ++ if (str) { ++ *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); ++ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); ++ *str = (unsigned char)((value & 0x3f) | 0x80); ++ } ++ return 3; ++ } ++ if (value < 0x200000) { ++ if (len < 4) ++ return -1; ++ if (str) { ++ *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); ++ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); ++ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); ++ *str = (unsigned char)((value & 0x3f) | 0x80); ++ } ++ return 4; ++ } ++ if (value < 0x4000000) { ++ if (len < 5) ++ return -1; ++ if (str) { ++ *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); ++ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); ++ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); ++ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); ++ *str = (unsigned char)((value & 0x3f) | 0x80); ++ } ++ return 5; ++ } ++ if (len < 6) ++ return -1; ++ if (str) { ++ *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); ++ *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); ++ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); ++ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); ++ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); ++ *str = (unsigned char)((value & 0x3f) | 0x80); ++ } ++ return 6; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +index 7ded69b..afbfa02 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -74,119 +74,122 @@ + #ifndef NO_ASN1_OLD + + int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, +- char *data, EVP_PKEY *pkey) +- { +- EVP_MD_CTX ctx; +- const EVP_MD *type; +- unsigned char *p,*buf_in=NULL; +- int ret= -1,i,inl; +- +- EVP_MD_CTX_init(&ctx); +- i=OBJ_obj2nid(a->algorithm); +- type=EVP_get_digestbyname(OBJ_nid2sn(i)); +- if (type == NULL) +- { +- ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); +- goto err; +- } +- +- inl=i2d(data,NULL); +- buf_in=OPENSSL_malloc((unsigned int)inl); +- if (buf_in == NULL) +- { +- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p=buf_in; +- +- i2d(data,&p); +- if (!EVP_VerifyInit_ex(&ctx,type, NULL)) +- { +- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); +- ret=0; +- goto err; +- } +- EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); +- +- OPENSSL_cleanse(buf_in,(unsigned int)inl); +- OPENSSL_free(buf_in); +- +- if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, +- (unsigned int)signature->length,pkey) <= 0) +- { +- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); +- ret=0; +- goto err; +- } +- /* we don't need to zero the 'ctx' because we just checked +- * public information */ +- /* memset(&ctx,0,sizeof(ctx)); */ +- ret=1; +-err: +- EVP_MD_CTX_cleanup(&ctx); +- return(ret); +- } ++ char *data, EVP_PKEY *pkey) ++{ ++ EVP_MD_CTX ctx; ++ const EVP_MD *type; ++ unsigned char *p, *buf_in = NULL; ++ int ret = -1, i, inl; ++ ++ EVP_MD_CTX_init(&ctx); ++ i = OBJ_obj2nid(a->algorithm); ++ type = EVP_get_digestbyname(OBJ_nid2sn(i)); ++ if (type == NULL) { ++ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; ++ } ++ ++ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ++ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); ++ goto err; ++ } ++ ++ inl = i2d(data, NULL); ++ buf_in = OPENSSL_malloc((unsigned int)inl); ++ if (buf_in == NULL) { ++ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = buf_in; ++ ++ i2d(data, &p); ++ if (!EVP_VerifyInit_ex(&ctx, type, NULL)) { ++ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; ++ goto err; ++ } ++ EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); ++ ++ OPENSSL_cleanse(buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ ++ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, ++ (unsigned int)signature->length, pkey) <= 0) { ++ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; ++ goto err; ++ } ++ /* ++ * we don't need to zero the 'ctx' because we just checked public ++ * information ++ */ ++ /* memset(&ctx,0,sizeof(ctx)); */ ++ ret = 1; ++ err: ++ EVP_MD_CTX_cleanup(&ctx); ++ return (ret); ++} + + #endif + +- +-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, +- void *asn, EVP_PKEY *pkey) +- { +- EVP_MD_CTX ctx; +- const EVP_MD *type; +- unsigned char *buf_in=NULL; +- int ret= -1,i,inl; +- +- if (!pkey) +- { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); +- return -1; +- } +- +- EVP_MD_CTX_init(&ctx); +- i=OBJ_obj2nid(a->algorithm); +- type=EVP_get_digestbyname(OBJ_nid2sn(i)); +- if (type == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); +- goto err; +- } +- +- if (!EVP_VerifyInit_ex(&ctx,type, NULL)) +- { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); +- ret=0; +- goto err; +- } +- +- inl = ASN1_item_i2d(asn, &buf_in, it); +- +- if (buf_in == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); +- +- OPENSSL_cleanse(buf_in,(unsigned int)inl); +- OPENSSL_free(buf_in); +- +- if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, +- (unsigned int)signature->length,pkey) <= 0) +- { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB); +- ret=0; +- goto err; +- } +- /* we don't need to zero the 'ctx' because we just checked +- * public information */ +- /* memset(&ctx,0,sizeof(ctx)); */ +- ret=1; +-err: +- EVP_MD_CTX_cleanup(&ctx); +- return(ret); +- } +- +- ++int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ++ ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) ++{ ++ EVP_MD_CTX ctx; ++ const EVP_MD *type; ++ unsigned char *buf_in = NULL; ++ int ret = -1, i, inl; ++ ++ if (!pkey) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ ++ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); ++ return -1; ++ } ++ ++ EVP_MD_CTX_init(&ctx); ++ i = OBJ_obj2nid(a->algorithm); ++ type = EVP_get_digestbyname(OBJ_nid2sn(i)); ++ if (type == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ++ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); ++ goto err; ++ } ++ ++ if (!EVP_VerifyInit_ex(&ctx, type, NULL)) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; ++ goto err; ++ } ++ ++ inl = ASN1_item_i2d(asn, &buf_in, it); ++ ++ if (buf_in == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl); ++ ++ OPENSSL_cleanse(buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ ++ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, ++ (unsigned int)signature->length, pkey) <= 0) { ++ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; ++ goto err; ++ } ++ /* ++ * we don't need to zero the 'ctx' because we just checked public ++ * information ++ */ ++ /* memset(&ctx,0,sizeof(ctx)); */ ++ ret = 1; ++ err: ++ EVP_MD_CTX_cleanup(&ctx); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +index ba88eb3..43e4c19 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +@@ -1,13 +1,13 @@ + /* crypto/asn1/asn1_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,254 +66,273 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) + +-static ERR_STRING_DATA ASN1_str_functs[]= +- { +-{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, +-{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, +-{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, +-{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, +-{ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, +-{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, +-{ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, +-{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, +-{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, +-{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, +-{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, +-{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, +-{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, +-{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, +-{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, +-{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, +-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, +-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, +-{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, +-{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, +-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, +-{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, +-{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, +-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, +-{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, +-{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, +-{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, +-{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, +-{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, +-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, +-{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, +-{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, +-{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, +-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, +-{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, +-{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, +-{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, +-{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, +-{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, +-{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, +-{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, +-{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, +-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, +-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, +-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, +-{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, +-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"}, +-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, +-{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, +-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, +-{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, +-{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, +-{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, +-{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, +-{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, +-{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, +-{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, +-{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, +-{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, +-{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, +-{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, +-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, +-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, +-{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, +-{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, +-{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, +-{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, +-{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, +-{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, +-{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, +-{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, +-{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, +-{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, +-{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, +-{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, +-{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, +-{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, +-{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, +-{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, +-{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, +-{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, +-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, +-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, +-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, +-{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, +-{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, +-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, +-{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, +-{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, +-{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, +-{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, +-{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, +-{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ASN1_str_functs[] = { ++ {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, ++ {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, ++ {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, ++ {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, ++ {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, ++ {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, ++ {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, ++ {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, ++ {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, ++ {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, ++ {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, ++ {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, ++ {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, ++ {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, ++ {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, ++ {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, ++ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, ++ {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, ++ {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, ++ {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, ++ {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"}, ++ {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, ++ {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, ++ {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, ++ {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, ++ {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, ++ {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, ++ {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, ++ {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"}, ++ {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, ++ {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, ++ {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, ++ {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, ++ {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, ++ {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, ++ {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, ++ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, ++ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), ++ "ASN1_TYPE_get_int_octetstring"}, ++ {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, ++ {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, ++ {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, ++ {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, ++ {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, ++ {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, ++ {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, ++ {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, ++ {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, ++ {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, ++ {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, ++ {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, ++ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, ++ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, ++ {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, ++ {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, ++ {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, ++ {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, ++ {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, ++ {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, ++ {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, ++ {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, ++ {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, ++ {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, ++ {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, ++ {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, ++ {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, ++ {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, ++ {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, ++ {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, ++ {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, ++ {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, ++ {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"}, ++ {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, ++ {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, ++ {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, ++ {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, ++ {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, ++ {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, ++ {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, ++ {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, ++ {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, ++ {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, ++ {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA ASN1_str_reasons[]= +- { +-{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"}, +-{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"}, +-{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"}, +-{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, +-{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, +-{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, +-{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, +-{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, +-{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, +-{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"}, +-{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"}, +-{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"}, +-{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, +-{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"}, +-{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"}, +-{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"}, +-{ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"}, +-{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"}, +-{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"}, +-{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"}, +-{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"}, +-{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"}, +-{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"}, +-{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"}, +-{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"}, +-{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"}, +-{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"}, +-{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"}, +-{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"}, +-{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"}, +-{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"}, +-{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"}, +-{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) ,"illegal boolean"}, +-{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"}, +-{ERR_REASON(ASN1_R_ILLEGAL_FORMAT) ,"illegal format"}, +-{ERR_REASON(ASN1_R_ILLEGAL_HEX) ,"illegal hex"}, +-{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"}, +-{ERR_REASON(ASN1_R_ILLEGAL_INTEGER) ,"illegal integer"}, +-{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"}, +-{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"}, +-{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) ,"illegal null value"}, +-{ERR_REASON(ASN1_R_ILLEGAL_OBJECT) ,"illegal object"}, +-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"}, +-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"}, +-{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"}, +-{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, +-{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, +-{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +-{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, +-{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, +-{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, +-{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"}, +-{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"}, +-{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"}, +-{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"}, +-{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"}, +-{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"}, +-{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"}, +-{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"}, +-{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"}, +-{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"}, +-{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"}, +-{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"}, +-{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"}, +-{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"}, +-{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"}, +-{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"}, +-{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"}, +-{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"}, +-{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"}, +-{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"}, +-{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"}, +-{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"}, +-{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"}, +-{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"}, +-{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, +-{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, +-{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, +-{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"}, +-{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"}, +-{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"}, +-{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"}, +-{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"}, +-{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"}, +-{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"}, +-{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"}, +-{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"}, +-{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, +-{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"}, +-{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"}, +-{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"}, +-{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"}, +-{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, +-{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, +-{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, +-{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, +-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, +-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, +-{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, +-{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"}, +-{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"}, +-{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"}, +-{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"}, +-{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"}, +-{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"}, +-{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"}, +-{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"}, +-{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +-{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"}, +-{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"}, +-{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"}, +-{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"}, +-{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ASN1_str_reasons[] = { ++ {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"}, ++ {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, ++ {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"}, ++ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, ++ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, ++ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, ++ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, ++ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, ++ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), ++ "bmpstring is wrong length"}, ++ {ERR_REASON(ASN1_R_BN_LIB), "bn lib"}, ++ {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"}, ++ {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, ++ {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), ++ "cipher has no object identifier"}, ++ {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, ++ {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, ++ {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"}, ++ {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, ++ {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, ++ {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, ++ {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, ++ {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT), ++ "error parsing set element"}, ++ {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), ++ "error setting cipher params"}, ++ {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"}, ++ {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"}, ++ {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"}, ++ {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"}, ++ {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, ++ {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), ++ "explicit tag not constructed"}, ++ {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"}, ++ {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"}, ++ {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), ++ "illegal options on item template"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, ++ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, ++ {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, ++ {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), ++ "integer too large for long"}, ++ {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT), ++ "invalid bit string bits left"}, ++ {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"}, ++ {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"}, ++ {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, ++ {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"}, ++ {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"}, ++ {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, ++ {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, ++ {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"}, ++ {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), ++ "invalid universalstring length"}, ++ {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, ++ {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"}, ++ {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"}, ++ {ERR_REASON(ASN1_R_LIST_ERROR), "list error"}, ++ {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, ++ {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, ++ {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, ++ {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"}, ++ {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"}, ++ {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"}, ++ {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, ++ {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, ++ {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"}, ++ {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"}, ++ {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, ++ {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, ++ {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, ++ {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, ++ {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), ++ "no multipart body failure"}, ++ {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, ++ {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, ++ {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"}, ++ {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, ++ {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"}, ++ {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING), ++ "private key header missing"}, ++ {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, ++ {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, ++ {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, ++ {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), ++ "sequence or set needs config"}, ++ {ERR_REASON(ASN1_R_SHORT_LINE), "short line"}, ++ {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, ++ {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, ++ {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"}, ++ {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"}, ++ {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"}, ++ {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), ++ "the asn1 object identifier is not known for this md"}, ++ {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, ++ {ERR_REASON(ASN1_R_TOO_LONG), "too long"}, ++ {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, ++ {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, ++ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, ++ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), ++ "unable to decode rsa private key"}, ++ {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, ++ {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), ++ "universalstring is wrong length"}, ++ {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"}, ++ {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), ++ "unknown message digest algorithm"}, ++ {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"}, ++ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"}, ++ {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, ++ {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), ++ "unsupported any defined by type"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), ++ "unsupported encryption algorithm"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), ++ "unsupported public key type"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, ++ {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, ++ {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_ASN1_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,ASN1_str_functs); +- ERR_load_strings(0,ASN1_str_reasons); +- } ++ if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, ASN1_str_functs); ++ ERR_load_strings(0, ASN1_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +index 213a8e9..596b656 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +@@ -1,6 +1,7 @@ + /* asn1_gen.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2002. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2002. + */ + /* ==================================================================== + * Copyright (c) 2002 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,796 +61,742 @@ + #include + #include + +-#define ASN1_GEN_FLAG 0x10000 +-#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) +-#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) +-#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) +-#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) +-#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) +-#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) +-#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) +-#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) ++#define ASN1_GEN_FLAG 0x10000 ++#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) ++#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) ++#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) ++#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) ++#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) ++#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) ++#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) ++#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) + +-#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} ++#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} + +-#define ASN1_FLAG_EXP_MAX 20 ++#define ASN1_FLAG_EXP_MAX 20 + + /* Input formats */ + + /* ASCII: default */ +-#define ASN1_GEN_FORMAT_ASCII 1 ++#define ASN1_GEN_FORMAT_ASCII 1 + /* UTF8 */ +-#define ASN1_GEN_FORMAT_UTF8 2 ++#define ASN1_GEN_FORMAT_UTF8 2 + /* Hex */ +-#define ASN1_GEN_FORMAT_HEX 3 ++#define ASN1_GEN_FORMAT_HEX 3 + /* List of bits */ +-#define ASN1_GEN_FORMAT_BITLIST 4 +- +- +-struct tag_name_st +- { +- const char *strnam; +- int len; +- int tag; +- }; +- +-typedef struct +- { +- int exp_tag; +- int exp_class; +- int exp_constructed; +- int exp_pad; +- long exp_len; +- } tag_exp_type; +- +-typedef struct +- { +- int imp_tag; +- int imp_class; +- int utype; +- int format; +- const char *str; +- tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; +- int exp_count; +- } tag_exp_arg; ++#define ASN1_GEN_FORMAT_BITLIST 4 ++ ++struct tag_name_st { ++ const char *strnam; ++ int len; ++ int tag; ++}; ++ ++typedef struct { ++ int exp_tag; ++ int exp_class; ++ int exp_constructed; ++ int exp_pad; ++ long exp_len; ++} tag_exp_type; ++ ++typedef struct { ++ int imp_tag; ++ int imp_class; ++ int utype; ++ int format; ++ const char *str; ++ tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; ++ int exp_count; ++} tag_exp_arg; + + static int bitstr_cb(const char *elem, int len, void *bitstr); + static int asn1_cb(const char *elem, int len, void *bitstr); +-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); +-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); ++static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, ++ int exp_constructed, int exp_pad, int imp_ok); ++static int parse_tagging(const char *vstart, int vlen, int *ptag, ++ int *pclass); + static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); + static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); + static int asn1_str2tag(const char *tagstr, int len); + + ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) +- { +- X509V3_CTX cnf; ++{ ++ X509V3_CTX cnf; + +- if (!nconf) +- return ASN1_generate_v3(str, NULL); ++ if (!nconf) ++ return ASN1_generate_v3(str, NULL); + +- X509V3_set_nconf(&cnf, nconf); +- return ASN1_generate_v3(str, &cnf); +- } ++ X509V3_set_nconf(&cnf, nconf); ++ return ASN1_generate_v3(str, &cnf); ++} + + ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) +- { +- ASN1_TYPE *ret; +- tag_exp_arg asn1_tags; +- tag_exp_type *etmp; +- +- int i, len; +- +- unsigned char *orig_der = NULL, *new_der = NULL; +- const unsigned char *cpy_start; +- unsigned char *p; +- const unsigned char *cp; +- int cpy_len; +- long hdr_len; +- int hdr_constructed = 0, hdr_tag, hdr_class; +- int r; +- +- asn1_tags.imp_tag = -1; +- asn1_tags.imp_class = -1; +- asn1_tags.format = ASN1_GEN_FORMAT_ASCII; +- asn1_tags.exp_count = 0; +- if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) +- return NULL; +- +- if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) +- { +- if (!cnf) +- { +- ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); +- return NULL; +- } +- ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); +- } +- else +- ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); +- +- if (!ret) +- return NULL; +- +- /* If no tagging return base type */ +- if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) +- return ret; +- +- /* Generate the encoding */ +- cpy_len = i2d_ASN1_TYPE(ret, &orig_der); +- ASN1_TYPE_free(ret); +- ret = NULL; +- /* Set point to start copying for modified encoding */ +- cpy_start = orig_der; +- +- /* Do we need IMPLICIT tagging? */ +- if (asn1_tags.imp_tag != -1) +- { +- /* If IMPLICIT we will replace the underlying tag */ +- /* Skip existing tag+len */ +- r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len); +- if (r & 0x80) +- goto err; +- /* Update copy length */ +- cpy_len -= cpy_start - orig_der; +- /* For IMPLICIT tagging the length should match the +- * original length and constructed flag should be +- * consistent. +- */ +- if (r & 0x1) +- { +- /* Indefinite length constructed */ +- hdr_constructed = 2; +- hdr_len = 0; +- } +- else +- /* Just retain constructed flag */ +- hdr_constructed = r & V_ASN1_CONSTRUCTED; +- /* Work out new length with IMPLICIT tag: ignore constructed +- * because it will mess up if indefinite length +- */ +- len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); +- } +- else +- len = cpy_len; +- +- /* Work out length in any EXPLICIT, starting from end */ +- +- for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--) +- { +- /* Content length: number of content octets + any padding */ +- len += etmp->exp_pad; +- etmp->exp_len = len; +- /* Total object length: length including new header */ +- len = ASN1_object_size(0, len, etmp->exp_tag); +- } +- +- /* Allocate buffer for new encoding */ +- +- new_der = OPENSSL_malloc(len); +- if (!new_der) +- goto err; +- +- /* Generate tagged encoding */ +- +- p = new_der; +- +- /* Output explicit tags first */ +- +- for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++) +- { +- ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, +- etmp->exp_tag, etmp->exp_class); +- if (etmp->exp_pad) +- *p++ = 0; +- } +- +- /* If IMPLICIT, output tag */ +- +- if (asn1_tags.imp_tag != -1) +- ASN1_put_object(&p, hdr_constructed, hdr_len, +- asn1_tags.imp_tag, asn1_tags.imp_class); +- +- /* Copy across original encoding */ +- memcpy(p, cpy_start, cpy_len); +- +- cp = new_der; +- +- /* Obtain new ASN1_TYPE structure */ +- ret = d2i_ASN1_TYPE(NULL, &cp, len); +- +- err: +- if (orig_der) +- OPENSSL_free(orig_der); +- if (new_der) +- OPENSSL_free(new_der); +- +- return ret; +- +- } ++{ ++ ASN1_TYPE *ret; ++ tag_exp_arg asn1_tags; ++ tag_exp_type *etmp; ++ ++ int i, len; ++ ++ unsigned char *orig_der = NULL, *new_der = NULL; ++ const unsigned char *cpy_start; ++ unsigned char *p; ++ const unsigned char *cp; ++ int cpy_len; ++ long hdr_len; ++ int hdr_constructed = 0, hdr_tag, hdr_class; ++ int r; ++ ++ asn1_tags.imp_tag = -1; ++ asn1_tags.imp_class = -1; ++ asn1_tags.format = ASN1_GEN_FORMAT_ASCII; ++ asn1_tags.exp_count = 0; ++ if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) ++ return NULL; ++ ++ if ((asn1_tags.utype == V_ASN1_SEQUENCE) ++ || (asn1_tags.utype == V_ASN1_SET)) { ++ if (!cnf) { ++ ASN1err(ASN1_F_ASN1_GENERATE_V3, ++ ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); ++ return NULL; ++ } ++ ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); ++ } else ++ ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); ++ ++ if (!ret) ++ return NULL; ++ ++ /* If no tagging return base type */ ++ if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) ++ return ret; ++ ++ /* Generate the encoding */ ++ cpy_len = i2d_ASN1_TYPE(ret, &orig_der); ++ ASN1_TYPE_free(ret); ++ ret = NULL; ++ /* Set point to start copying for modified encoding */ ++ cpy_start = orig_der; ++ ++ /* Do we need IMPLICIT tagging? */ ++ if (asn1_tags.imp_tag != -1) { ++ /* If IMPLICIT we will replace the underlying tag */ ++ /* Skip existing tag+len */ ++ r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, ++ cpy_len); ++ if (r & 0x80) ++ goto err; ++ /* Update copy length */ ++ cpy_len -= cpy_start - orig_der; ++ /* ++ * For IMPLICIT tagging the length should match the original length ++ * and constructed flag should be consistent. ++ */ ++ if (r & 0x1) { ++ /* Indefinite length constructed */ ++ hdr_constructed = 2; ++ hdr_len = 0; ++ } else ++ /* Just retain constructed flag */ ++ hdr_constructed = r & V_ASN1_CONSTRUCTED; ++ /* ++ * Work out new length with IMPLICIT tag: ignore constructed because ++ * it will mess up if indefinite length ++ */ ++ len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); ++ } else ++ len = cpy_len; ++ ++ /* Work out length in any EXPLICIT, starting from end */ ++ ++ for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; ++ i < asn1_tags.exp_count; i++, etmp--) { ++ /* Content length: number of content octets + any padding */ ++ len += etmp->exp_pad; ++ etmp->exp_len = len; ++ /* Total object length: length including new header */ ++ len = ASN1_object_size(0, len, etmp->exp_tag); ++ } ++ ++ /* Allocate buffer for new encoding */ ++ ++ new_der = OPENSSL_malloc(len); ++ if (!new_der) ++ goto err; ++ ++ /* Generate tagged encoding */ ++ ++ p = new_der; ++ ++ /* Output explicit tags first */ ++ ++ for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; ++ i++, etmp++) { ++ ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, ++ etmp->exp_tag, etmp->exp_class); ++ if (etmp->exp_pad) ++ *p++ = 0; ++ } ++ ++ /* If IMPLICIT, output tag */ ++ ++ if (asn1_tags.imp_tag != -1) ++ ASN1_put_object(&p, hdr_constructed, hdr_len, ++ asn1_tags.imp_tag, asn1_tags.imp_class); ++ ++ /* Copy across original encoding */ ++ memcpy(p, cpy_start, cpy_len); ++ ++ cp = new_der; ++ ++ /* Obtain new ASN1_TYPE structure */ ++ ret = d2i_ASN1_TYPE(NULL, &cp, len); ++ ++ err: ++ if (orig_der) ++ OPENSSL_free(orig_der); ++ if (new_der) ++ OPENSSL_free(new_der); ++ ++ return ret; ++ ++} + + static int asn1_cb(const char *elem, int len, void *bitstr) +- { +- tag_exp_arg *arg = bitstr; +- int i; +- int utype; +- int vlen = 0; +- const char *p, *vstart = NULL; +- +- int tmp_tag, tmp_class; +- +- for(i = 0, p = elem; i < len; p++, i++) +- { +- /* Look for the ':' in name value pairs */ +- if (*p == ':') +- { +- vstart = p + 1; +- vlen = len - (vstart - elem); +- len = p - elem; +- break; +- } +- } +- +- utype = asn1_str2tag(elem, len); +- +- if (utype == -1) +- { +- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); +- ERR_add_error_data(2, "tag=", elem); +- return -1; +- } +- +- /* If this is not a modifier mark end of string and exit */ +- if (!(utype & ASN1_GEN_FLAG)) +- { +- arg->utype = utype; +- arg->str = vstart; +- /* If no value and not end of string, error */ +- if (!vstart && elem[len]) +- { +- ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); +- return -1; +- } +- return 0; +- } +- +- switch(utype) +- { +- +- case ASN1_GEN_FLAG_IMP: +- /* Check for illegal multiple IMPLICIT tagging */ +- if (arg->imp_tag != -1) +- { +- ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); +- return -1; +- } +- if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) +- return -1; +- break; +- +- case ASN1_GEN_FLAG_EXP: +- +- if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) +- return -1; +- if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) +- return -1; +- break; +- +- case ASN1_GEN_FLAG_SEQWRAP: +- if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) +- return -1; +- break; +- +- case ASN1_GEN_FLAG_SETWRAP: +- if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) +- return -1; +- break; +- +- case ASN1_GEN_FLAG_BITWRAP: +- if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) +- return -1; +- break; +- +- case ASN1_GEN_FLAG_OCTWRAP: +- if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) +- return -1; +- break; +- +- case ASN1_GEN_FLAG_FORMAT: +- if (!strncmp(vstart, "ASCII", 5)) +- arg->format = ASN1_GEN_FORMAT_ASCII; +- else if (!strncmp(vstart, "UTF8", 4)) +- arg->format = ASN1_GEN_FORMAT_UTF8; +- else if (!strncmp(vstart, "HEX", 3)) +- arg->format = ASN1_GEN_FORMAT_HEX; +- else if (!strncmp(vstart, "BITLIST", 3)) +- arg->format = ASN1_GEN_FORMAT_BITLIST; +- else +- { +- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); +- return -1; +- } +- break; +- +- } +- +- return 1; +- +- } ++{ ++ tag_exp_arg *arg = bitstr; ++ int i; ++ int utype; ++ int vlen = 0; ++ const char *p, *vstart = NULL; ++ ++ int tmp_tag, tmp_class; ++ ++ for (i = 0, p = elem; i < len; p++, i++) { ++ /* Look for the ':' in name value pairs */ ++ if (*p == ':') { ++ vstart = p + 1; ++ vlen = len - (vstart - elem); ++ len = p - elem; ++ break; ++ } ++ } ++ ++ utype = asn1_str2tag(elem, len); ++ ++ if (utype == -1) { ++ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); ++ ERR_add_error_data(2, "tag=", elem); ++ return -1; ++ } ++ ++ /* If this is not a modifier mark end of string and exit */ ++ if (!(utype & ASN1_GEN_FLAG)) { ++ arg->utype = utype; ++ arg->str = vstart; ++ /* If no value and not end of string, error */ ++ if (!vstart && elem[len]) { ++ ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); ++ return -1; ++ } ++ return 0; ++ } ++ ++ switch (utype) { ++ ++ case ASN1_GEN_FLAG_IMP: ++ /* Check for illegal multiple IMPLICIT tagging */ ++ if (arg->imp_tag != -1) { ++ ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); ++ return -1; ++ } ++ if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) ++ return -1; ++ break; ++ ++ case ASN1_GEN_FLAG_EXP: ++ ++ if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) ++ return -1; ++ if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) ++ return -1; ++ break; ++ ++ case ASN1_GEN_FLAG_SEQWRAP: ++ if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) ++ return -1; ++ break; ++ ++ case ASN1_GEN_FLAG_SETWRAP: ++ if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) ++ return -1; ++ break; ++ ++ case ASN1_GEN_FLAG_BITWRAP: ++ if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) ++ return -1; ++ break; ++ ++ case ASN1_GEN_FLAG_OCTWRAP: ++ if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) ++ return -1; ++ break; ++ ++ case ASN1_GEN_FLAG_FORMAT: ++ if (!strncmp(vstart, "ASCII", 5)) ++ arg->format = ASN1_GEN_FORMAT_ASCII; ++ else if (!strncmp(vstart, "UTF8", 4)) ++ arg->format = ASN1_GEN_FORMAT_UTF8; ++ else if (!strncmp(vstart, "HEX", 3)) ++ arg->format = ASN1_GEN_FORMAT_HEX; ++ else if (!strncmp(vstart, "BITLIST", 3)) ++ arg->format = ASN1_GEN_FORMAT_BITLIST; ++ else { ++ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); ++ return -1; ++ } ++ break; ++ ++ } ++ ++ return 1; ++ ++} + + static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) +- { +- char erch[2]; +- long tag_num; +- char *eptr; +- if (!vstart) +- return 0; +- tag_num = strtoul(vstart, &eptr, 10); +- /* Check we haven't gone past max length: should be impossible */ +- if (eptr && *eptr && (eptr > vstart + vlen)) +- return 0; +- if (tag_num < 0) +- { +- ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); +- return 0; +- } +- *ptag = tag_num; +- /* If we have non numeric characters, parse them */ +- if (eptr) +- vlen -= eptr - vstart; +- else +- vlen = 0; +- if (vlen) +- { +- switch (*eptr) +- { +- +- case 'U': +- *pclass = V_ASN1_UNIVERSAL; +- break; +- +- case 'A': +- *pclass = V_ASN1_APPLICATION; +- break; +- +- case 'P': +- *pclass = V_ASN1_PRIVATE; +- break; +- +- case 'C': +- *pclass = V_ASN1_CONTEXT_SPECIFIC; +- break; +- +- default: +- erch[0] = *eptr; +- erch[1] = 0; +- ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); +- ERR_add_error_data(2, "Char=", erch); +- return 0; +- break; +- +- } +- } +- else +- *pclass = V_ASN1_CONTEXT_SPECIFIC; +- +- return 1; +- +- } ++{ ++ char erch[2]; ++ long tag_num; ++ char *eptr; ++ if (!vstart) ++ return 0; ++ tag_num = strtoul(vstart, &eptr, 10); ++ /* Check we haven't gone past max length: should be impossible */ ++ if (eptr && *eptr && (eptr > vstart + vlen)) ++ return 0; ++ if (tag_num < 0) { ++ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); ++ return 0; ++ } ++ *ptag = tag_num; ++ /* If we have non numeric characters, parse them */ ++ if (eptr) ++ vlen -= eptr - vstart; ++ else ++ vlen = 0; ++ if (vlen) { ++ switch (*eptr) { ++ ++ case 'U': ++ *pclass = V_ASN1_UNIVERSAL; ++ break; ++ ++ case 'A': ++ *pclass = V_ASN1_APPLICATION; ++ break; ++ ++ case 'P': ++ *pclass = V_ASN1_PRIVATE; ++ break; ++ ++ case 'C': ++ *pclass = V_ASN1_CONTEXT_SPECIFIC; ++ break; ++ ++ default: ++ erch[0] = *eptr; ++ erch[1] = 0; ++ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); ++ ERR_add_error_data(2, "Char=", erch); ++ return 0; ++ break; ++ ++ } ++ } else ++ *pclass = V_ASN1_CONTEXT_SPECIFIC; ++ ++ return 1; ++ ++} + + /* Handle multiple types: SET and SEQUENCE */ + + static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) +- { +- ASN1_TYPE *ret = NULL, *typ = NULL; +- STACK_OF(ASN1_TYPE) *sk = NULL; +- STACK_OF(CONF_VALUE) *sect = NULL; +- unsigned char *der = NULL, *p; +- int derlen; +- int i, is_set; +- sk = sk_ASN1_TYPE_new_null(); +- if (!sk) +- goto bad; +- if (section) +- { +- if (!cnf) +- goto bad; +- sect = X509V3_get_section(cnf, (char *)section); +- if (!sect) +- goto bad; +- for (i = 0; i < sk_CONF_VALUE_num(sect); i++) +- { +- typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); +- if (!typ) +- goto bad; +- if (!sk_ASN1_TYPE_push(sk, typ)) +- goto bad; +- typ = NULL; +- } +- } +- +- /* Now we has a STACK of the components, convert to the correct form */ +- +- if (utype == V_ASN1_SET) +- is_set = 1; +- else +- is_set = 0; +- +- +- derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, +- V_ASN1_UNIVERSAL, is_set); +- der = OPENSSL_malloc(derlen); +- if (!der) +- goto bad; +- p = der; +- i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, +- V_ASN1_UNIVERSAL, is_set); +- +- if (!(ret = ASN1_TYPE_new())) +- goto bad; +- +- if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) +- goto bad; +- +- ret->type = utype; +- +- ret->value.asn1_string->data = der; +- ret->value.asn1_string->length = derlen; +- +- der = NULL; +- +- bad: +- +- if (der) +- OPENSSL_free(der); +- +- if (sk) +- sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); +- if (typ) +- ASN1_TYPE_free(typ); +- if (sect) +- X509V3_section_free(cnf, sect); +- +- return ret; +- } +- +-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok) +- { +- tag_exp_type *exp_tmp; +- /* Can only have IMPLICIT if permitted */ +- if ((arg->imp_tag != -1) && !imp_ok) +- { +- ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); +- return 0; +- } +- +- if (arg->exp_count == ASN1_FLAG_EXP_MAX) +- { +- ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); +- return 0; +- } +- +- exp_tmp = &arg->exp_list[arg->exp_count++]; +- +- /* If IMPLICIT set tag to implicit value then +- * reset implicit tag since it has been used. +- */ +- if (arg->imp_tag != -1) +- { +- exp_tmp->exp_tag = arg->imp_tag; +- exp_tmp->exp_class = arg->imp_class; +- arg->imp_tag = -1; +- arg->imp_class = -1; +- } +- else +- { +- exp_tmp->exp_tag = exp_tag; +- exp_tmp->exp_class = exp_class; +- } +- exp_tmp->exp_constructed = exp_constructed; +- exp_tmp->exp_pad = exp_pad; +- +- return 1; +- } +- ++{ ++ ASN1_TYPE *ret = NULL, *typ = NULL; ++ STACK_OF(ASN1_TYPE) *sk = NULL; ++ STACK_OF(CONF_VALUE) *sect = NULL; ++ unsigned char *der = NULL, *p; ++ int derlen; ++ int i, is_set; ++ sk = sk_ASN1_TYPE_new_null(); ++ if (!sk) ++ goto bad; ++ if (section) { ++ if (!cnf) ++ goto bad; ++ sect = X509V3_get_section(cnf, (char *)section); ++ if (!sect) ++ goto bad; ++ for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { ++ typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); ++ if (!typ) ++ goto bad; ++ if (!sk_ASN1_TYPE_push(sk, typ)) ++ goto bad; ++ typ = NULL; ++ } ++ } ++ ++ /* ++ * Now we has a STACK of the components, convert to the correct form ++ */ ++ ++ if (utype == V_ASN1_SET) ++ is_set = 1; ++ else ++ is_set = 0; ++ ++ derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype, ++ V_ASN1_UNIVERSAL, is_set); ++ der = OPENSSL_malloc(derlen); ++ if (!der) ++ goto bad; ++ p = der; ++ i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype, ++ V_ASN1_UNIVERSAL, is_set); ++ ++ if (!(ret = ASN1_TYPE_new())) ++ goto bad; ++ ++ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) ++ goto bad; ++ ++ ret->type = utype; ++ ++ ret->value.asn1_string->data = der; ++ ret->value.asn1_string->length = derlen; ++ ++ der = NULL; ++ ++ bad: ++ ++ if (der) ++ OPENSSL_free(der); ++ ++ if (sk) ++ sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); ++ if (typ) ++ ASN1_TYPE_free(typ); ++ if (sect) ++ X509V3_section_free(cnf, sect); ++ ++ return ret; ++} ++ ++static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, ++ int exp_constructed, int exp_pad, int imp_ok) ++{ ++ tag_exp_type *exp_tmp; ++ /* Can only have IMPLICIT if permitted */ ++ if ((arg->imp_tag != -1) && !imp_ok) { ++ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); ++ return 0; ++ } ++ ++ if (arg->exp_count == ASN1_FLAG_EXP_MAX) { ++ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); ++ return 0; ++ } ++ ++ exp_tmp = &arg->exp_list[arg->exp_count++]; ++ ++ /* ++ * If IMPLICIT set tag to implicit value then reset implicit tag since it ++ * has been used. ++ */ ++ if (arg->imp_tag != -1) { ++ exp_tmp->exp_tag = arg->imp_tag; ++ exp_tmp->exp_class = arg->imp_class; ++ arg->imp_tag = -1; ++ arg->imp_class = -1; ++ } else { ++ exp_tmp->exp_tag = exp_tag; ++ exp_tmp->exp_class = exp_class; ++ } ++ exp_tmp->exp_constructed = exp_constructed; ++ exp_tmp->exp_pad = exp_pad; ++ ++ return 1; ++} + + static int asn1_str2tag(const char *tagstr, int len) +- { +- unsigned int i; +- static struct tag_name_st *tntmp, tnst [] = { +- ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), +- ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), +- ASN1_GEN_STR("NULL", V_ASN1_NULL), +- ASN1_GEN_STR("INT", V_ASN1_INTEGER), +- ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), +- ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), +- ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), +- ASN1_GEN_STR("OID", V_ASN1_OBJECT), +- ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), +- ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), +- ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), +- ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), +- ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), +- ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), +- ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), +- ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), +- ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), +- ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), +- ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), +- ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), +- ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), +- ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), +- ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), +- ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), +- ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), +- ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), +- ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), +- ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), +- ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), +- ASN1_GEN_STR("T61", V_ASN1_T61STRING), +- ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), +- ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), +- ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), +- ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), +- +- /* Special cases */ +- ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), +- ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), +- ASN1_GEN_STR("SET", V_ASN1_SET), +- /* type modifiers */ +- /* Explicit tag */ +- ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), +- ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), +- /* Implicit tag */ +- ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), +- ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), +- /* OCTET STRING wrapper */ +- ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), +- /* SEQUENCE wrapper */ +- ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), +- /* SET wrapper */ +- ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), +- /* BIT STRING wrapper */ +- ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), +- ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), +- ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), +- }; +- +- if (len == -1) +- len = strlen(tagstr); +- +- tntmp = tnst; +- for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) +- { +- if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) +- return tntmp->tag; +- } +- +- return -1; +- } ++{ ++ unsigned int i; ++ static struct tag_name_st *tntmp, tnst[] = { ++ ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), ++ ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), ++ ASN1_GEN_STR("NULL", V_ASN1_NULL), ++ ASN1_GEN_STR("INT", V_ASN1_INTEGER), ++ ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), ++ ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), ++ ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), ++ ASN1_GEN_STR("OID", V_ASN1_OBJECT), ++ ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), ++ ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), ++ ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), ++ ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), ++ ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), ++ ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), ++ ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), ++ ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), ++ ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), ++ ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), ++ ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), ++ ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), ++ ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), ++ ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), ++ ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), ++ ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), ++ ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), ++ ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), ++ ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), ++ ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), ++ ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), ++ ASN1_GEN_STR("T61", V_ASN1_T61STRING), ++ ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), ++ ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), ++ ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), ++ ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), ++ ++ /* Special cases */ ++ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), ++ ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), ++ ASN1_GEN_STR("SET", V_ASN1_SET), ++ /* type modifiers */ ++ /* Explicit tag */ ++ ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), ++ ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), ++ /* Implicit tag */ ++ ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), ++ ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), ++ /* OCTET STRING wrapper */ ++ ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), ++ /* SEQUENCE wrapper */ ++ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), ++ /* SET wrapper */ ++ ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), ++ /* BIT STRING wrapper */ ++ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), ++ ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), ++ ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), ++ }; ++ ++ if (len == -1) ++ len = strlen(tagstr); ++ ++ tntmp = tnst; ++ for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { ++ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) ++ return tntmp->tag; ++ } ++ ++ return -1; ++} + + static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) +- { +- ASN1_TYPE *atmp = NULL; +- +- CONF_VALUE vtmp; +- +- unsigned char *rdata; +- long rdlen; +- +- int no_unused = 1; +- +- if (!(atmp = ASN1_TYPE_new())) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if (!str) +- str = ""; +- +- switch(utype) +- { +- +- case V_ASN1_NULL: +- if (str && *str) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); +- goto bad_form; +- } +- break; +- +- case V_ASN1_BOOLEAN: +- if (format != ASN1_GEN_FORMAT_ASCII) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); +- goto bad_form; +- } +- vtmp.name = NULL; +- vtmp.section = NULL; +- vtmp.value = (char *)str; +- if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); +- goto bad_str; +- } +- break; +- +- case V_ASN1_INTEGER: +- case V_ASN1_ENUMERATED: +- if (format != ASN1_GEN_FORMAT_ASCII) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); +- goto bad_form; +- } +- if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); +- goto bad_str; +- } +- break; +- +- case V_ASN1_OBJECT: +- if (format != ASN1_GEN_FORMAT_ASCII) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); +- goto bad_form; +- } +- if (!(atmp->value.object = OBJ_txt2obj(str, 0))) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); +- goto bad_str; +- } +- break; +- +- case V_ASN1_UTCTIME: +- case V_ASN1_GENERALIZEDTIME: +- if (format != ASN1_GEN_FORMAT_ASCII) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); +- goto bad_form; +- } +- if (!(atmp->value.asn1_string = ASN1_STRING_new())) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); +- goto bad_str; +- } +- if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); +- goto bad_str; +- } +- atmp->value.asn1_string->type = utype; +- if (!ASN1_TIME_check(atmp->value.asn1_string)) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); +- goto bad_str; +- } +- +- break; +- +- case V_ASN1_BMPSTRING: +- case V_ASN1_PRINTABLESTRING: +- case V_ASN1_IA5STRING: +- case V_ASN1_T61STRING: +- case V_ASN1_UTF8STRING: +- case V_ASN1_VISIBLESTRING: +- case V_ASN1_UNIVERSALSTRING: +- case V_ASN1_GENERALSTRING: +- +- if (format == ASN1_GEN_FORMAT_ASCII) +- format = MBSTRING_ASC; +- else if (format == ASN1_GEN_FORMAT_UTF8) +- format = MBSTRING_UTF8; +- else +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); +- goto bad_form; +- } +- +- +- if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, +- -1, format, ASN1_tag2bit(utype)) <= 0) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); +- goto bad_str; +- } +- +- +- break; +- +- case V_ASN1_BIT_STRING: +- +- case V_ASN1_OCTET_STRING: +- +- if (!(atmp->value.asn1_string = ASN1_STRING_new())) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); +- goto bad_form; +- } +- +- if (format == ASN1_GEN_FORMAT_HEX) +- { +- +- if (!(rdata = string_to_hex((char *)str, &rdlen))) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); +- goto bad_str; +- } +- +- atmp->value.asn1_string->data = rdata; +- atmp->value.asn1_string->length = rdlen; +- atmp->value.asn1_string->type = utype; +- +- } +- else if (format == ASN1_GEN_FORMAT_ASCII) +- ASN1_STRING_set(atmp->value.asn1_string, str, -1); +- else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING)) +- { +- if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); +- goto bad_str; +- } +- no_unused = 0; +- +- } +- else +- { +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); +- goto bad_form; +- } +- +- if ((utype == V_ASN1_BIT_STRING) && no_unused) +- { +- atmp->value.asn1_string->flags +- &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +- atmp->value.asn1_string->flags +- |= ASN1_STRING_FLAG_BITS_LEFT; +- } +- +- +- break; +- +- default: +- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); +- goto bad_str; +- break; +- } +- +- +- atmp->type = utype; +- return atmp; +- +- +- bad_str: +- ERR_add_error_data(2, "string=", str); +- bad_form: +- +- ASN1_TYPE_free(atmp); +- return NULL; +- +- } ++{ ++ ASN1_TYPE *atmp = NULL; ++ ++ CONF_VALUE vtmp; ++ ++ unsigned char *rdata; ++ long rdlen; ++ ++ int no_unused = 1; ++ ++ if (!(atmp = ASN1_TYPE_new())) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (!str) ++ str = ""; ++ ++ switch (utype) { ++ ++ case V_ASN1_NULL: ++ if (str && *str) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); ++ goto bad_form; ++ } ++ break; ++ ++ case V_ASN1_BOOLEAN: ++ if (format != ASN1_GEN_FORMAT_ASCII) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); ++ goto bad_form; ++ } ++ vtmp.name = NULL; ++ vtmp.section = NULL; ++ vtmp.value = (char *)str; ++ if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); ++ goto bad_str; ++ } ++ break; ++ ++ case V_ASN1_INTEGER: ++ case V_ASN1_ENUMERATED: ++ if (format != ASN1_GEN_FORMAT_ASCII) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); ++ goto bad_form; ++ } ++ if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); ++ goto bad_str; ++ } ++ break; ++ ++ case V_ASN1_OBJECT: ++ if (format != ASN1_GEN_FORMAT_ASCII) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); ++ goto bad_form; ++ } ++ if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); ++ goto bad_str; ++ } ++ break; ++ ++ case V_ASN1_UTCTIME: ++ case V_ASN1_GENERALIZEDTIME: ++ if (format != ASN1_GEN_FORMAT_ASCII) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); ++ goto bad_form; ++ } ++ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ++ goto bad_str; ++ } ++ if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ++ goto bad_str; ++ } ++ atmp->value.asn1_string->type = utype; ++ if (!ASN1_TIME_check(atmp->value.asn1_string)) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); ++ goto bad_str; ++ } ++ ++ break; ++ ++ case V_ASN1_BMPSTRING: ++ case V_ASN1_PRINTABLESTRING: ++ case V_ASN1_IA5STRING: ++ case V_ASN1_T61STRING: ++ case V_ASN1_UTF8STRING: ++ case V_ASN1_VISIBLESTRING: ++ case V_ASN1_UNIVERSALSTRING: ++ case V_ASN1_GENERALSTRING: ++ ++ if (format == ASN1_GEN_FORMAT_ASCII) ++ format = MBSTRING_ASC; ++ else if (format == ASN1_GEN_FORMAT_UTF8) ++ format = MBSTRING_UTF8; ++ else { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); ++ goto bad_form; ++ } ++ ++ if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, ++ -1, format, ASN1_tag2bit(utype)) <= 0) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ++ goto bad_str; ++ } ++ ++ break; ++ ++ case V_ASN1_BIT_STRING: ++ ++ case V_ASN1_OCTET_STRING: ++ ++ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); ++ goto bad_form; ++ } ++ ++ if (format == ASN1_GEN_FORMAT_HEX) { ++ ++ if (!(rdata = string_to_hex((char *)str, &rdlen))) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); ++ goto bad_str; ++ } ++ ++ atmp->value.asn1_string->data = rdata; ++ atmp->value.asn1_string->length = rdlen; ++ atmp->value.asn1_string->type = utype; ++ ++ } else if (format == ASN1_GEN_FORMAT_ASCII) ++ ASN1_STRING_set(atmp->value.asn1_string, str, -1); ++ else if ((format == ASN1_GEN_FORMAT_BITLIST) ++ && (utype == V_ASN1_BIT_STRING)) { ++ if (!CONF_parse_list ++ (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); ++ goto bad_str; ++ } ++ no_unused = 0; ++ ++ } else { ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); ++ goto bad_form; ++ } ++ ++ if ((utype == V_ASN1_BIT_STRING) && no_unused) { ++ atmp->value.asn1_string->flags ++ &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ } ++ ++ break; ++ ++ default: ++ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); ++ goto bad_str; ++ break; ++ } ++ ++ atmp->type = utype; ++ return atmp; ++ ++ bad_str: ++ ERR_add_error_data(2, "string=", str); ++ bad_form: ++ ++ ASN1_TYPE_free(atmp); ++ return NULL; ++ ++} + + static int bitstr_cb(const char *elem, int len, void *bitstr) +- { +- long bitnum; +- char *eptr; +- if (!elem) +- return 0; +- bitnum = strtoul(elem, &eptr, 10); +- if (eptr && *eptr && (eptr != elem + len)) +- return 0; +- if (bitnum < 0) +- { +- ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); +- return 0; +- } +- if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) +- { +- ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- return 1; +- } +- ++{ ++ long bitnum; ++ char *eptr; ++ if (!elem) ++ return 0; ++ bitnum = strtoul(elem, &eptr, 10); ++ if (eptr && *eptr && (eptr != elem + len)) ++ return 0; ++ if (bitnum < 0) { ++ ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); ++ return 0; ++ } ++ if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { ++ ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +index d345155..dd667f2 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,412 +62,405 @@ + #include + #include + +-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max); ++static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, ++ int max); + static void asn1_put_length(unsigned char **pp, int length); +-const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT; ++const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; + + static int _asn1_check_infinite_end(const unsigned char **p, long len) +- { +- /* If there is 0 or 1 byte left, the length check should pick +- * things up */ +- if (len <= 0) +- return(1); +- else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) +- { +- (*p)+=2; +- return(1); +- } +- return(0); +- } ++{ ++ /* ++ * If there is 0 or 1 byte left, the length check should pick things up ++ */ ++ if (len <= 0) ++ return (1); ++ else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { ++ (*p) += 2; ++ return (1); ++ } ++ return (0); ++} + + int ASN1_check_infinite_end(unsigned char **p, long len) +- { +- return _asn1_check_infinite_end((const unsigned char **)p, len); +- } ++{ ++ return _asn1_check_infinite_end((const unsigned char **)p, len); ++} + + int ASN1_const_check_infinite_end(const unsigned char **p, long len) +- { +- return _asn1_check_infinite_end(p, len); +- } +- ++{ ++ return _asn1_check_infinite_end(p, len); ++} + + int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, +- int *pclass, long omax) +- { +- int i,ret; +- long l; +- const unsigned char *p= *pp; +- int tag,xclass,inf; +- long max=omax; +- +- if (!max) goto err; +- ret=(*p&V_ASN1_CONSTRUCTED); +- xclass=(*p&V_ASN1_PRIVATE); +- i= *p&V_ASN1_PRIMITIVE_TAG; +- if (i == V_ASN1_PRIMITIVE_TAG) +- { /* high-tag */ +- p++; +- if (--max == 0) goto err; +- l=0; +- while (*p&0x80) +- { +- l<<=7L; +- l|= *(p++)&0x7f; +- if (--max == 0) goto err; +- if (l > (INT_MAX >> 7L)) goto err; +- } +- l<<=7L; +- l|= *(p++)&0x7f; +- tag=(int)l; +- if (--max == 0) goto err; +- } +- else +- { +- tag=i; +- p++; +- if (--max == 0) goto err; +- } +- *ptag=tag; +- *pclass=xclass; +- if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; +- +- if (inf && !(ret & V_ASN1_CONSTRUCTED)) +- goto err; ++ int *pclass, long omax) ++{ ++ int i, ret; ++ long l; ++ const unsigned char *p = *pp; ++ int tag, xclass, inf; ++ long max = omax; ++ ++ if (!max) ++ goto err; ++ ret = (*p & V_ASN1_CONSTRUCTED); ++ xclass = (*p & V_ASN1_PRIVATE); ++ i = *p & V_ASN1_PRIMITIVE_TAG; ++ if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */ ++ p++; ++ if (--max == 0) ++ goto err; ++ l = 0; ++ while (*p & 0x80) { ++ l <<= 7L; ++ l |= *(p++) & 0x7f; ++ if (--max == 0) ++ goto err; ++ if (l > (INT_MAX >> 7L)) ++ goto err; ++ } ++ l <<= 7L; ++ l |= *(p++) & 0x7f; ++ tag = (int)l; ++ if (--max == 0) ++ goto err; ++ } else { ++ tag = i; ++ p++; ++ if (--max == 0) ++ goto err; ++ } ++ *ptag = tag; ++ *pclass = xclass; ++ if (!asn1_get_length(&p, &inf, plength, (int)max)) ++ goto err; ++ ++ if (inf && !(ret & V_ASN1_CONSTRUCTED)) ++ goto err; + + #if 0 +- fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", +- (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), +- (int)(omax+ *pp)); ++ fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", ++ (int)p, *plength, omax, (int)*pp, (int)(p + *plength), ++ (int)(omax + *pp)); + + #endif +- if (*plength > (omax - (p - *pp))) +- { +- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); +- /* Set this so that even if things are not long enough +- * the values are set correctly */ +- ret|=0x80; +- } +- *pp=p; +- return(ret|inf); +-err: +- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG); +- return(0x80); +- } +- +-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) +- { +- const unsigned char *p= *pp; +- unsigned long ret=0; +- unsigned int i; +- +- if (max-- < 1) return(0); +- if (*p == 0x80) +- { +- *inf=1; +- ret=0; +- p++; +- } +- else +- { +- *inf=0; +- i= *p&0x7f; +- if (*(p++) & 0x80) +- { +- if (i > sizeof(long)) +- return 0; +- if (max-- == 0) return(0); +- while (i-- > 0) +- { +- ret<<=8L; +- ret|= *(p++); +- if (max-- == 0) return(0); +- } +- } +- else +- ret=i; +- } +- if (ret > LONG_MAX) +- return 0; +- *pp=p; +- *rl=(long)ret; +- return(1); +- } +- +-/* class 0 is constructed +- * constructed == 2 for indefinite length constructed */ ++ if (*plength > (omax - (p - *pp))) { ++ ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); ++ /* ++ * Set this so that even if things are not long enough the values are ++ * set correctly ++ */ ++ ret |= 0x80; ++ } ++ *pp = p; ++ return (ret | inf); ++ err: ++ ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG); ++ return (0x80); ++} ++ ++static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, ++ int max) ++{ ++ const unsigned char *p = *pp; ++ unsigned long ret = 0; ++ unsigned int i; ++ ++ if (max-- < 1) ++ return (0); ++ if (*p == 0x80) { ++ *inf = 1; ++ ret = 0; ++ p++; ++ } else { ++ *inf = 0; ++ i = *p & 0x7f; ++ if (*(p++) & 0x80) { ++ if (i > sizeof(long)) ++ return 0; ++ if (max-- == 0) ++ return (0); ++ while (i-- > 0) { ++ ret <<= 8L; ++ ret |= *(p++); ++ if (max-- == 0) ++ return (0); ++ } ++ } else ++ ret = i; ++ } ++ if (ret > LONG_MAX) ++ return 0; ++ *pp = p; ++ *rl = (long)ret; ++ return (1); ++} ++ ++/* ++ * class 0 is constructed constructed == 2 for indefinite length constructed ++ */ + void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, +- int xclass) +- { +- unsigned char *p= *pp; +- int i, ttag; +- +- i=(constructed)?V_ASN1_CONSTRUCTED:0; +- i|=(xclass&V_ASN1_PRIVATE); +- if (tag < 31) +- *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG); +- else +- { +- *(p++)=i|V_ASN1_PRIMITIVE_TAG; +- for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7; +- ttag = i; +- while(i-- > 0) +- { +- p[i] = tag & 0x7f; +- if(i != (ttag - 1)) p[i] |= 0x80; +- tag >>= 7; +- } +- p += ttag; +- } +- if (constructed == 2) +- *(p++)=0x80; +- else +- asn1_put_length(&p,length); +- *pp=p; +- } ++ int xclass) ++{ ++ unsigned char *p = *pp; ++ int i, ttag; ++ ++ i = (constructed) ? V_ASN1_CONSTRUCTED : 0; ++ i |= (xclass & V_ASN1_PRIVATE); ++ if (tag < 31) ++ *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); ++ else { ++ *(p++) = i | V_ASN1_PRIMITIVE_TAG; ++ for (i = 0, ttag = tag; ttag > 0; i++) ++ ttag >>= 7; ++ ttag = i; ++ while (i-- > 0) { ++ p[i] = tag & 0x7f; ++ if (i != (ttag - 1)) ++ p[i] |= 0x80; ++ tag >>= 7; ++ } ++ p += ttag; ++ } ++ if (constructed == 2) ++ *(p++) = 0x80; ++ else ++ asn1_put_length(&p, length); ++ *pp = p; ++} + + int ASN1_put_eoc(unsigned char **pp) +- { +- unsigned char *p = *pp; +- *p++ = 0; +- *p++ = 0; +- *pp = p; +- return 2; +- } ++{ ++ unsigned char *p = *pp; ++ *p++ = 0; ++ *p++ = 0; ++ *pp = p; ++ return 2; ++} + + static void asn1_put_length(unsigned char **pp, int length) +- { +- unsigned char *p= *pp; +- int i,l; +- if (length <= 127) +- *(p++)=(unsigned char)length; +- else +- { +- l=length; +- for (i=0; l > 0; i++) +- l>>=8; +- *(p++)=i|0x80; +- l=i; +- while (i-- > 0) +- { +- p[i]=length&0xff; +- length>>=8; +- } +- p+=l; +- } +- *pp=p; +- } ++{ ++ unsigned char *p = *pp; ++ int i, l; ++ if (length <= 127) ++ *(p++) = (unsigned char)length; ++ else { ++ l = length; ++ for (i = 0; l > 0; i++) ++ l >>= 8; ++ *(p++) = i | 0x80; ++ l = i; ++ while (i-- > 0) { ++ p[i] = length & 0xff; ++ length >>= 8; ++ } ++ p += l; ++ } ++ *pp = p; ++} + + int ASN1_object_size(int constructed, int length, int tag) +- { +- int ret; +- +- ret=length; +- ret++; +- if (tag >= 31) +- { +- while (tag > 0) +- { +- tag>>=7; +- ret++; +- } +- } +- if (constructed == 2) +- return ret + 3; +- ret++; +- if (length > 127) +- { +- while (length > 0) +- { +- length>>=8; +- ret++; +- } +- } +- return(ret); +- } ++{ ++ int ret; ++ ++ ret = length; ++ ret++; ++ if (tag >= 31) { ++ while (tag > 0) { ++ tag >>= 7; ++ ret++; ++ } ++ } ++ if (constructed == 2) ++ return ret + 3; ++ ret++; ++ if (length > 127) { ++ while (length > 0) { ++ length >>= 8; ++ ret++; ++ } ++ } ++ return (ret); ++} + + static int _asn1_Finish(ASN1_const_CTX *c) +- { +- if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) +- { +- if (!ASN1_const_check_infinite_end(&c->p,c->slen)) +- { +- c->error=ERR_R_MISSING_ASN1_EOS; +- return(0); +- } +- } +- if ( ((c->slen != 0) && !(c->inf & 1)) || +- ((c->slen < 0) && (c->inf & 1))) +- { +- c->error=ERR_R_ASN1_LENGTH_MISMATCH; +- return(0); +- } +- return(1); +- } ++{ ++ if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) { ++ if (!ASN1_const_check_infinite_end(&c->p, c->slen)) { ++ c->error = ERR_R_MISSING_ASN1_EOS; ++ return (0); ++ } ++ } ++ if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) { ++ c->error = ERR_R_ASN1_LENGTH_MISMATCH; ++ return (0); ++ } ++ return (1); ++} + + int asn1_Finish(ASN1_CTX *c) +- { +- return _asn1_Finish((ASN1_const_CTX *)c); +- } ++{ ++ return _asn1_Finish((ASN1_const_CTX *)c); ++} + + int asn1_const_Finish(ASN1_const_CTX *c) +- { +- return _asn1_Finish(c); +- } ++{ ++ return _asn1_Finish(c); ++} + + int asn1_GetSequence(ASN1_const_CTX *c, long *length) +- { +- const unsigned char *q; +- +- q=c->p; +- c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), +- *length); +- if (c->inf & 0x80) +- { +- c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL; +- return(0); +- } +- if (c->tag != V_ASN1_SEQUENCE) +- { +- c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE; +- return(0); +- } +- (*length)-=(c->p-q); +- if (c->max && (*length < 0)) +- { +- c->error=ERR_R_ASN1_LENGTH_MISMATCH; +- return(0); +- } +- if (c->inf == (1|V_ASN1_CONSTRUCTED)) +- c->slen= *length+ *(c->pp)-c->p; +- c->eos=0; +- return(1); +- } ++{ ++ const unsigned char *q; ++ ++ q = c->p; ++ c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass), ++ *length); ++ if (c->inf & 0x80) { ++ c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL; ++ return (0); ++ } ++ if (c->tag != V_ASN1_SEQUENCE) { ++ c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE; ++ return (0); ++ } ++ (*length) -= (c->p - q); ++ if (c->max && (*length < 0)) { ++ c->error = ERR_R_ASN1_LENGTH_MISMATCH; ++ return (0); ++ } ++ if (c->inf == (1 | V_ASN1_CONSTRUCTED)) ++ c->slen = *length + *(c->pp) - c->p; ++ c->eos = 0; ++ return (1); ++} + + ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) +- { +- ASN1_STRING *ret; +- +- if (str == NULL) return(NULL); +- if ((ret=ASN1_STRING_type_new(str->type)) == NULL) +- return(NULL); +- if (!ASN1_STRING_set(ret,str->data,str->length)) +- { +- ASN1_STRING_free(ret); +- return(NULL); +- } +- ret->flags = str->flags; +- return(ret); +- } ++{ ++ ASN1_STRING *ret; ++ ++ if (str == NULL) ++ return (NULL); ++ if ((ret = ASN1_STRING_type_new(str->type)) == NULL) ++ return (NULL); ++ if (!ASN1_STRING_set(ret, str->data, str->length)) { ++ ASN1_STRING_free(ret); ++ return (NULL); ++ } ++ ret->flags = str->flags; ++ return (ret); ++} + + int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) +- { +- unsigned char *c; +- const char *data=_data; +- +- if (len < 0) +- { +- if (data == NULL) +- return(0); +- else +- len=strlen(data); +- } +- if ((str->length < len) || (str->data == NULL)) +- { +- c=str->data; +- if (c == NULL) +- str->data=OPENSSL_malloc(len+1); +- else +- str->data=OPENSSL_realloc(c,len+1); +- +- if (str->data == NULL) +- { +- ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE); +- str->data=c; +- return(0); +- } +- } +- str->length=len; +- if (data != NULL) +- { +- memcpy(str->data,data,len); +- /* an allowance for strings :-) */ +- str->data[len]='\0'; +- } +- return(1); +- } ++{ ++ unsigned char *c; ++ const char *data = _data; ++ ++ if (len < 0) { ++ if (data == NULL) ++ return (0); ++ else ++ len = strlen(data); ++ } ++ if ((str->length < len) || (str->data == NULL)) { ++ c = str->data; ++ if (c == NULL) ++ str->data = OPENSSL_malloc(len + 1); ++ else ++ str->data = OPENSSL_realloc(c, len + 1); ++ ++ if (str->data == NULL) { ++ ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); ++ str->data = c; ++ return (0); ++ } ++ } ++ str->length = len; ++ if (data != NULL) { ++ memcpy(str->data, data, len); ++ /* an allowance for strings :-) */ ++ str->data[len] = '\0'; ++ } ++ return (1); ++} + + void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) +- { +- if (str->data) +- OPENSSL_free(str->data); +- str->data = data; +- str->length = len; +- } ++{ ++ if (str->data) ++ OPENSSL_free(str->data); ++ str->data = data; ++ str->length = len; ++} + + ASN1_STRING *ASN1_STRING_new(void) +- { +- return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); +- } +- ++{ ++ return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); ++} + + ASN1_STRING *ASN1_STRING_type_new(int type) +- { +- ASN1_STRING *ret; +- +- ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); +- if (ret == NULL) +- { +- ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- ret->length=0; +- ret->type=type; +- ret->data=NULL; +- ret->flags=0; +- return(ret); +- } ++{ ++ ASN1_STRING *ret; ++ ++ ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ret->length = 0; ++ ret->type = type; ++ ret->data = NULL; ++ ret->flags = 0; ++ return (ret); ++} + + void ASN1_STRING_free(ASN1_STRING *a) +- { +- if (a == NULL) return; +- if (a->data != NULL) OPENSSL_free(a->data); +- OPENSSL_free(a); +- } ++{ ++ if (a == NULL) ++ return; ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ OPENSSL_free(a); ++} + + int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) +- { +- int i; +- +- i=(a->length-b->length); +- if (i == 0) +- { +- i=memcmp(a->data,b->data,a->length); +- if (i == 0) +- return(a->type-b->type); +- else +- return(i); +- } +- else +- return(i); +- } ++{ ++ int i; ++ ++ i = (a->length - b->length); ++ if (i == 0) { ++ i = memcmp(a->data, b->data, a->length); ++ if (i == 0) ++ return (a->type - b->type); ++ else ++ return (i); ++ } else ++ return (i); ++} + + void asn1_add_error(const unsigned char *address, int offset) +- { +- char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; ++{ ++ char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; + +- BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address); +- BIO_snprintf(buf2,sizeof buf2,"%d",offset); +- ERR_add_error_data(4,"address=",buf1," offset=",buf2); +- } ++ BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); ++ BIO_snprintf(buf2, sizeof buf2, "%d", offset); ++ ERR_add_error_data(4, "address=", buf1, " offset=", buf2); ++} + + int ASN1_STRING_length(ASN1_STRING *x) +-{ return M_ASN1_STRING_length(x); } ++{ ++ return M_ASN1_STRING_length(x); ++} + + void ASN1_STRING_length_set(ASN1_STRING *x, int len) +-{ M_ASN1_STRING_length_set(x, len); return; } ++{ ++ M_ASN1_STRING_length_set(x, len); ++ return; ++} + + int ASN1_STRING_type(ASN1_STRING *x) +-{ return M_ASN1_STRING_type(x); } +- +-unsigned char * ASN1_STRING_data(ASN1_STRING *x) +-{ return M_ASN1_STRING_data(x); } ++{ ++ return M_ASN1_STRING_type(x); ++} ++ ++unsigned char *ASN1_STRING_data(ASN1_STRING *x) ++{ ++ return M_ASN1_STRING_data(x); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +index cb08e15..e15e341 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,383 +62,350 @@ + #include + #include + +-static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, +- int indent); ++static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, ++ int indent); + static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, +- int offset, int depth, int indent, int dump); ++ int offset, int depth, int indent, int dump); + static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, +- int indent) +- { +- static const char fmt[]="%-18s"; +- static const char fmt2[]="%2d %-15s"; +- char str[128]; +- const char *p,*p2=NULL; ++ int indent) ++{ ++ static const char fmt[] = "%-18s"; ++ static const char fmt2[] = "%2d %-15s"; ++ char str[128]; ++ const char *p, *p2 = NULL; + +- if (constructed & V_ASN1_CONSTRUCTED) +- p="cons: "; +- else +- p="prim: "; +- if (BIO_write(bp,p,6) < 6) goto err; +- BIO_indent(bp,indent,128); ++ if (constructed & V_ASN1_CONSTRUCTED) ++ p = "cons: "; ++ else ++ p = "prim: "; ++ if (BIO_write(bp, p, 6) < 6) ++ goto err; ++ BIO_indent(bp, indent, 128); + +- p=str; +- if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) +- BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag); +- else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) +- BIO_snprintf(str,sizeof str,"cont [ %d ]",tag); +- else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) +- BIO_snprintf(str,sizeof str,"appl [ %d ]",tag); +- else if (tag > 30) +- BIO_snprintf(str,sizeof str,"",tag); +- else +- p = ASN1_tag2str(tag); ++ p = str; ++ if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) ++ BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag); ++ else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) ++ BIO_snprintf(str, sizeof str, "cont [ %d ]", tag); ++ else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) ++ BIO_snprintf(str, sizeof str, "appl [ %d ]", tag); ++ else if (tag > 30) ++ BIO_snprintf(str, sizeof str, "", tag); ++ else ++ p = ASN1_tag2str(tag); + +- if (p2 != NULL) +- { +- if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; +- } +- else +- { +- if (BIO_printf(bp,fmt,p) <= 0) goto err; +- } +- return(1); +-err: +- return(0); +- } ++ if (p2 != NULL) { ++ if (BIO_printf(bp, fmt2, tag, p2) <= 0) ++ goto err; ++ } else { ++ if (BIO_printf(bp, fmt, p) <= 0) ++ goto err; ++ } ++ return (1); ++ err: ++ return (0); ++} + + int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) +- { +- return(asn1_parse2(bp,&pp,len,0,0,indent,0)); +- } ++{ ++ return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0)); ++} + +-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) +- { +- return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); +- } ++int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, ++ int dump) ++{ ++ return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump)); ++} + +-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, +- int depth, int indent, int dump) +- { +- const unsigned char *p,*ep,*tot,*op,*opp; +- long len; +- int tag,xclass,ret=0; +- int nl,hl,j,r; +- ASN1_OBJECT *o=NULL; +- ASN1_OCTET_STRING *os=NULL; +- /* ASN1_BMPSTRING *bmp=NULL;*/ +- int dump_indent; ++static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, ++ int offset, int depth, int indent, int dump) ++{ ++ const unsigned char *p, *ep, *tot, *op, *opp; ++ long len; ++ int tag, xclass, ret = 0; ++ int nl, hl, j, r; ++ ASN1_OBJECT *o = NULL; ++ ASN1_OCTET_STRING *os = NULL; ++ /* ASN1_BMPSTRING *bmp=NULL; */ ++ int dump_indent; + + #if 0 +- dump_indent = indent; ++ dump_indent = indent; + #else +- dump_indent = 6; /* Because we know BIO_dump_indent() */ ++ dump_indent = 6; /* Because we know BIO_dump_indent() */ + #endif +- p= *pp; +- tot=p+length; +- op=p-1; +- while ((p < tot) && (op < p)) +- { +- op=p; +- j=ASN1_get_object(&p,&len,&tag,&xclass,length); ++ p = *pp; ++ tot = p + length; ++ op = p - 1; ++ while ((p < tot) && (op < p)) { ++ op = p; ++ j = ASN1_get_object(&p, &len, &tag, &xclass, length); + #ifdef LINT +- j=j; ++ j = j; + #endif +- if (j & 0x80) +- { +- if (BIO_write(bp,"Error in encoding\n",18) <= 0) +- goto end; +- ret=0; +- goto end; +- } +- hl=(p-op); +- length-=hl; +- /* if j == 0x21 it is a constructed indefinite length object */ +- if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) +- <= 0) goto end; ++ if (j & 0x80) { ++ if (BIO_write(bp, "Error in encoding\n", 18) <= 0) ++ goto end; ++ ret = 0; ++ goto end; ++ } ++ hl = (p - op); ++ length -= hl; ++ /* ++ * if j == 0x21 it is a constructed indefinite length object ++ */ ++ if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp)) ++ <= 0) ++ goto end; + +- if (j != (V_ASN1_CONSTRUCTED | 1)) +- { +- if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", +- depth,(long)hl,len) <= 0) +- goto end; +- } +- else +- { +- if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", +- depth,(long)hl) <= 0) +- goto end; +- } +- if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) +- goto end; +- if (j & V_ASN1_CONSTRUCTED) +- { +- ep=p+len; +- if (BIO_write(bp,"\n",1) <= 0) goto end; +- if (len > length) +- { +- BIO_printf(bp, +- "length is greater than %ld\n",length); +- ret=0; +- goto end; +- } +- if ((j == 0x21) && (len == 0)) +- { +- for (;;) +- { +- r=asn1_parse2(bp,&p,(long)(tot-p), +- offset+(p - *pp),depth+1, +- indent,dump); +- if (r == 0) { ret=0; goto end; } +- if ((r == 2) || (p >= tot)) break; +- } +- } +- else +- while (p < ep) +- { +- r=asn1_parse2(bp,&p,(long)len, +- offset+(p - *pp),depth+1, +- indent,dump); +- if (r == 0) { ret=0; goto end; } +- } +- } +- else if (xclass != 0) +- { +- p+=len; +- if (BIO_write(bp,"\n",1) <= 0) goto end; +- } +- else +- { +- nl=0; +- if ( (tag == V_ASN1_PRINTABLESTRING) || +- (tag == V_ASN1_T61STRING) || +- (tag == V_ASN1_IA5STRING) || +- (tag == V_ASN1_VISIBLESTRING) || +- (tag == V_ASN1_NUMERICSTRING) || +- (tag == V_ASN1_UTF8STRING) || +- (tag == V_ASN1_UTCTIME) || +- (tag == V_ASN1_GENERALIZEDTIME)) +- { +- if (BIO_write(bp,":",1) <= 0) goto end; +- if ((len > 0) && +- BIO_write(bp,(const char *)p,(int)len) +- != (int)len) +- goto end; +- } +- else if (tag == V_ASN1_OBJECT) +- { +- opp=op; +- if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) +- { +- if (BIO_write(bp,":",1) <= 0) goto end; +- i2a_ASN1_OBJECT(bp,o); +- } +- else +- { +- if (BIO_write(bp,":BAD OBJECT",11) <= 0) +- goto end; +- } +- } +- else if (tag == V_ASN1_BOOLEAN) +- { +- int ii; ++ if (j != (V_ASN1_CONSTRUCTED | 1)) { ++ if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", ++ depth, (long)hl, len) <= 0) ++ goto end; ++ } else { ++ if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0) ++ goto end; ++ } ++ if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) ++ goto end; ++ if (j & V_ASN1_CONSTRUCTED) { ++ ep = p + len; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto end; ++ if (len > length) { ++ BIO_printf(bp, "length is greater than %ld\n", length); ++ ret = 0; ++ goto end; ++ } ++ if ((j == 0x21) && (len == 0)) { ++ for (;;) { ++ r = asn1_parse2(bp, &p, (long)(tot - p), ++ offset + (p - *pp), depth + 1, ++ indent, dump); ++ if (r == 0) { ++ ret = 0; ++ goto end; ++ } ++ if ((r == 2) || (p >= tot)) ++ break; ++ } ++ } else ++ while (p < ep) { ++ r = asn1_parse2(bp, &p, (long)len, ++ offset + (p - *pp), depth + 1, ++ indent, dump); ++ if (r == 0) { ++ ret = 0; ++ goto end; ++ } ++ } ++ } else if (xclass != 0) { ++ p += len; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto end; ++ } else { ++ nl = 0; ++ if ((tag == V_ASN1_PRINTABLESTRING) || ++ (tag == V_ASN1_T61STRING) || ++ (tag == V_ASN1_IA5STRING) || ++ (tag == V_ASN1_VISIBLESTRING) || ++ (tag == V_ASN1_NUMERICSTRING) || ++ (tag == V_ASN1_UTF8STRING) || ++ (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { ++ if (BIO_write(bp, ":", 1) <= 0) ++ goto end; ++ if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) ++ != (int)len) ++ goto end; ++ } else if (tag == V_ASN1_OBJECT) { ++ opp = op; ++ if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) { ++ if (BIO_write(bp, ":", 1) <= 0) ++ goto end; ++ i2a_ASN1_OBJECT(bp, o); ++ } else { ++ if (BIO_write(bp, ":BAD OBJECT", 11) <= 0) ++ goto end; ++ } ++ } else if (tag == V_ASN1_BOOLEAN) { ++ int ii; + +- opp=op; +- ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); +- if (ii < 0) +- { +- if (BIO_write(bp,"Bad boolean\n",12) <= 0) +- goto end; +- } +- BIO_printf(bp,":%d",ii); +- } +- else if (tag == V_ASN1_BMPSTRING) +- { +- /* do the BMP thang */ +- } +- else if (tag == V_ASN1_OCTET_STRING) +- { +- int i,printable=1; ++ opp = op; ++ ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); ++ if (ii < 0) { ++ if (BIO_write(bp, "Bad boolean\n", 12) <= 0) ++ goto end; ++ } ++ BIO_printf(bp, ":%d", ii); ++ } else if (tag == V_ASN1_BMPSTRING) { ++ /* do the BMP thang */ ++ } else if (tag == V_ASN1_OCTET_STRING) { ++ int i, printable = 1; + +- opp=op; +- os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); +- if (os != NULL && os->length > 0) +- { +- opp = os->data; +- /* testing whether the octet string is +- * printable */ +- for (i=0; ilength; i++) +- { +- if (( (opp[i] < ' ') && +- (opp[i] != '\n') && +- (opp[i] != '\r') && +- (opp[i] != '\t')) || +- (opp[i] > '~')) +- { +- printable=0; +- break; +- } +- } +- if (printable) +- /* printable string */ +- { +- if (BIO_write(bp,":",1) <= 0) +- goto end; +- if (BIO_write(bp,(const char *)opp, +- os->length) <= 0) +- goto end; +- } +- else if (!dump) +- /* not printable => print octet string +- * as hex dump */ +- { +- if (BIO_write(bp,"[HEX DUMP]:",11) <= 0) +- goto end; +- for (i=0; ilength; i++) +- { +- if (BIO_printf(bp,"%02X" +- , opp[i]) <= 0) +- goto end; +- } +- } +- else +- /* print the normal dump */ +- { +- if (!nl) +- { +- if (BIO_write(bp,"\n",1) <= 0) +- goto end; +- } +- if (BIO_dump_indent(bp, +- (const char *)opp, +- ((dump == -1 || dump > +- os->length)?os->length:dump), +- dump_indent) <= 0) +- goto end; +- nl=1; +- } +- } +- if (os != NULL) +- { +- M_ASN1_OCTET_STRING_free(os); +- os=NULL; +- } +- } +- else if (tag == V_ASN1_INTEGER) +- { +- ASN1_INTEGER *bs; +- int i; ++ opp = op; ++ os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); ++ if (os != NULL && os->length > 0) { ++ opp = os->data; ++ /* ++ * testing whether the octet string is printable ++ */ ++ for (i = 0; i < os->length; i++) { ++ if (((opp[i] < ' ') && ++ (opp[i] != '\n') && ++ (opp[i] != '\r') && ++ (opp[i] != '\t')) || (opp[i] > '~')) { ++ printable = 0; ++ break; ++ } ++ } ++ if (printable) ++ /* printable string */ ++ { ++ if (BIO_write(bp, ":", 1) <= 0) ++ goto end; ++ if (BIO_write(bp, (const char *)opp, os->length) <= 0) ++ goto end; ++ } else if (!dump) ++ /* ++ * not printable => print octet string as hex dump ++ */ ++ { ++ if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) ++ goto end; ++ for (i = 0; i < os->length; i++) { ++ if (BIO_printf(bp, "%02X", opp[i]) <= 0) ++ goto end; ++ } ++ } else ++ /* print the normal dump */ ++ { ++ if (!nl) { ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto end; ++ } ++ if (BIO_dump_indent(bp, ++ (const char *)opp, ++ ((dump == -1 || dump > ++ os-> ++ length) ? os->length : dump), ++ dump_indent) <= 0) ++ goto end; ++ nl = 1; ++ } ++ } ++ if (os != NULL) { ++ M_ASN1_OCTET_STRING_free(os); ++ os = NULL; ++ } ++ } else if (tag == V_ASN1_INTEGER) { ++ ASN1_INTEGER *bs; ++ int i; + +- opp=op; +- bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); +- if (bs != NULL) +- { +- if (BIO_write(bp,":",1) <= 0) goto end; +- if (bs->type == V_ASN1_NEG_INTEGER) +- if (BIO_write(bp,"-",1) <= 0) +- goto end; +- for (i=0; ilength; i++) +- { +- if (BIO_printf(bp,"%02X", +- bs->data[i]) <= 0) +- goto end; +- } +- if (bs->length == 0) +- { +- if (BIO_write(bp,"00",2) <= 0) +- goto end; +- } +- } +- else +- { +- if (BIO_write(bp,"BAD INTEGER",11) <= 0) +- goto end; +- } +- M_ASN1_INTEGER_free(bs); +- } +- else if (tag == V_ASN1_ENUMERATED) +- { +- ASN1_ENUMERATED *bs; +- int i; ++ opp = op; ++ bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); ++ if (bs != NULL) { ++ if (BIO_write(bp, ":", 1) <= 0) ++ goto end; ++ if (bs->type == V_ASN1_NEG_INTEGER) ++ if (BIO_write(bp, "-", 1) <= 0) ++ goto end; ++ for (i = 0; i < bs->length; i++) { ++ if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) ++ goto end; ++ } ++ if (bs->length == 0) { ++ if (BIO_write(bp, "00", 2) <= 0) ++ goto end; ++ } ++ } else { ++ if (BIO_write(bp, "BAD INTEGER", 11) <= 0) ++ goto end; ++ } ++ M_ASN1_INTEGER_free(bs); ++ } else if (tag == V_ASN1_ENUMERATED) { ++ ASN1_ENUMERATED *bs; ++ int i; + +- opp=op; +- bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); +- if (bs != NULL) +- { +- if (BIO_write(bp,":",1) <= 0) goto end; +- if (bs->type == V_ASN1_NEG_ENUMERATED) +- if (BIO_write(bp,"-",1) <= 0) +- goto end; +- for (i=0; ilength; i++) +- { +- if (BIO_printf(bp,"%02X", +- bs->data[i]) <= 0) +- goto end; +- } +- if (bs->length == 0) +- { +- if (BIO_write(bp,"00",2) <= 0) +- goto end; +- } +- } +- else +- { +- if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) +- goto end; +- } +- M_ASN1_ENUMERATED_free(bs); +- } +- else if (len > 0 && dump) +- { +- if (!nl) +- { +- if (BIO_write(bp,"\n",1) <= 0) +- goto end; +- } +- if (BIO_dump_indent(bp,(const char *)p, +- ((dump == -1 || dump > len)?len:dump), +- dump_indent) <= 0) +- goto end; +- nl=1; +- } ++ opp = op; ++ bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); ++ if (bs != NULL) { ++ if (BIO_write(bp, ":", 1) <= 0) ++ goto end; ++ if (bs->type == V_ASN1_NEG_ENUMERATED) ++ if (BIO_write(bp, "-", 1) <= 0) ++ goto end; ++ for (i = 0; i < bs->length; i++) { ++ if (BIO_printf(bp, "%02X", bs->data[i]) <= 0) ++ goto end; ++ } ++ if (bs->length == 0) { ++ if (BIO_write(bp, "00", 2) <= 0) ++ goto end; ++ } ++ } else { ++ if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0) ++ goto end; ++ } ++ M_ASN1_ENUMERATED_free(bs); ++ } else if (len > 0 && dump) { ++ if (!nl) { ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto end; ++ } ++ if (BIO_dump_indent(bp, (const char *)p, ++ ((dump == -1 || dump > len) ? len : dump), ++ dump_indent) <= 0) ++ goto end; ++ nl = 1; ++ } + +- if (!nl) +- { +- if (BIO_write(bp,"\n",1) <= 0) goto end; +- } +- p+=len; +- if ((tag == V_ASN1_EOC) && (xclass == 0)) +- { +- ret=2; /* End of sequence */ +- goto end; +- } +- } +- length-=len; +- } +- ret=1; +-end: +- if (o != NULL) ASN1_OBJECT_free(o); +- if (os != NULL) M_ASN1_OCTET_STRING_free(os); +- *pp=p; +- return(ret); +- } ++ if (!nl) { ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto end; ++ } ++ p += len; ++ if ((tag == V_ASN1_EOC) && (xclass == 0)) { ++ ret = 2; /* End of sequence */ ++ goto end; ++ } ++ } ++ length -= len; ++ } ++ ret = 1; ++ end: ++ if (o != NULL) ++ ASN1_OBJECT_free(o); ++ if (os != NULL) ++ M_ASN1_OCTET_STRING_free(os); ++ *pp = p; ++ return (ret); ++} + + const char *ASN1_tag2str(int tag) + { +- static const char *tag2str[] = { +- "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ +- "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ +- "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ +- "", "", "SEQUENCE", "SET", /* 15-17 */ +- "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ +- "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */ +- "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ +- "UNIVERSALSTRING", "", "BMPSTRING" /* 28-30 */ +- }; ++ static const char *tag2str[] = { ++ /* 0-4 */ ++ "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", ++ /* 5-9 */ ++ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", ++ /* 10-13 */ ++ "ENUMERATED", "", "UTF8STRING", "", ++ /* 15-17 */ ++ "", "", "SEQUENCE", "SET", ++ /* 18-20 */ ++ "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", ++ /* 21-24 */ ++ "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", ++ /* 25-27 */ ++ "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", ++ /* 28-30 */ ++ "UNIVERSALSTRING", "", "BMPSTRING" ++ }; + +- if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) +- tag &= ~0x100; ++ if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) ++ tag &= ~0x100; + +- if(tag < 0 || tag > 30) return "(unknown)"; +- return tag2str[tag]; ++ if (tag < 0 || tag > 30) ++ return "(unknown)"; ++ return tag2str[tag]; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +index 095887f..e7c5696 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +@@ -1,5 +1,6 @@ + /* asn_mime.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,42 +61,43 @@ + #include + #include + +-/* Generalised MIME like utilities for streaming ASN1. Although many +- * have a PKCS7/CMS like flavour others are more general purpose. ++/* ++ * Generalised MIME like utilities for streaming ASN1. Although many have a ++ * PKCS7/CMS like flavour others are more general purpose. + */ + +-/* MIME format structures +- * Note that all are translated to lower case apart from +- * parameter values. Quotes are stripped off ++/* ++ * MIME format structures Note that all are translated to lower case apart ++ * from parameter values. Quotes are stripped off + */ + + typedef struct { +-char *param_name; /* Param name e.g. "micalg" */ +-char *param_value; /* Param value e.g. "sha1" */ ++ char *param_name; /* Param name e.g. "micalg" */ ++ char *param_value; /* Param value e.g. "sha1" */ + } MIME_PARAM; + + DECLARE_STACK_OF(MIME_PARAM) + IMPLEMENT_STACK_OF(MIME_PARAM) + + typedef struct { +-char *name; /* Name of line e.g. "content-type" */ +-char *value; /* Value of line e.g. "text/plain" */ +-STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ ++ char *name; /* Name of line e.g. "content-type" */ ++ char *value; /* Value of line e.g. "text/plain" */ ++ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ + } MIME_HEADER; + + DECLARE_STACK_OF(MIME_HEADER) + IMPLEMENT_STACK_OF(MIME_HEADER) + +-static char * strip_ends(char *name); +-static char * strip_start(char *name); +-static char * strip_end(char *name); ++static char *strip_ends(char *name); ++static char *strip_start(char *name); ++static char *strip_end(char *name); + static MIME_HEADER *mime_hdr_new(char *name, char *value); + static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); + static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); +-static int mime_hdr_cmp(const MIME_HEADER * const *a, +- const MIME_HEADER * const *b); +-static int mime_param_cmp(const MIME_PARAM * const *a, +- const MIME_PARAM * const *b); ++static int mime_hdr_cmp(const MIME_HEADER *const *a, ++ const MIME_HEADER *const *b); ++static int mime_param_cmp(const MIME_PARAM *const *a, ++ const MIME_PARAM *const *b); + static void mime_param_free(MIME_PARAM *param); + static int mime_bound_check(char *line, int linelen, char *bound, int blen); + static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); +@@ -105,777 +107,799 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); + static void mime_hdr_free(MIME_HEADER *hdr); + + #define MAX_SMLEN 1024 +-#define mime_debug(x) /* x */ ++#define mime_debug(x) /* x */ + + /* Base 64 read and write of ASN1 structure */ + + static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, +- const ASN1_ITEM *it) +- { +- BIO *b64; +- int r; +- b64 = BIO_new(BIO_f_base64()); +- if(!b64) +- { +- ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- /* prepend the b64 BIO so all data is base64 encoded. +- */ +- out = BIO_push(b64, out); +- r = ASN1_item_i2d_bio(it, out, val); +- (void)BIO_flush(out); +- BIO_pop(out); +- BIO_free(b64); +- return r; +- } ++ const ASN1_ITEM *it) ++{ ++ BIO *b64; ++ int r; ++ b64 = BIO_new(BIO_f_base64()); ++ if (!b64) { ++ ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ /* ++ * prepend the b64 BIO so all data is base64 encoded. ++ */ ++ out = BIO_push(b64, out); ++ r = ASN1_item_i2d_bio(it, out, val); ++ (void)BIO_flush(out); ++ BIO_pop(out); ++ BIO_free(b64); ++ return r; ++} + + static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) + { +- BIO *b64; +- ASN1_VALUE *val; +- if(!(b64 = BIO_new(BIO_f_base64()))) { +- ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- bio = BIO_push(b64, bio); +- val = ASN1_item_d2i_bio(it, bio, NULL); +- if(!val) +- ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR); +- (void)BIO_flush(bio); +- bio = BIO_pop(bio); +- BIO_free(b64); +- return val; ++ BIO *b64; ++ ASN1_VALUE *val; ++ if (!(b64 = BIO_new(BIO_f_base64()))) { ++ ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ bio = BIO_push(b64, bio); ++ val = ASN1_item_d2i_bio(it, bio, NULL); ++ if (!val) ++ ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR); ++ (void)BIO_flush(bio); ++ bio = BIO_pop(bio); ++ BIO_free(b64); ++ return val; + } + + /* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */ + + static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) +- { +- int i, have_unknown = 0, write_comma, md_nid; +- have_unknown = 0; +- write_comma = 0; +- for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) +- { +- if (write_comma) +- BIO_write(out, ",", 1); +- write_comma = 1; +- md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); +- switch(md_nid) +- { +- case NID_sha1: +- BIO_puts(out, "sha1"); +- break; +- +- case NID_md5: +- BIO_puts(out, "md5"); +- break; +- +- case NID_sha256: +- BIO_puts(out, "sha-256"); +- break; +- +- case NID_sha384: +- BIO_puts(out, "sha-384"); +- break; +- +- case NID_sha512: +- BIO_puts(out, "sha-512"); +- break; +- +- default: +- if (have_unknown) +- write_comma = 0; +- else +- { +- BIO_puts(out, "unknown"); +- have_unknown = 1; +- } +- break; +- +- } +- } +- +- return 1; +- +- } ++{ ++ int i, have_unknown = 0, write_comma, md_nid; ++ have_unknown = 0; ++ write_comma = 0; ++ for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) { ++ if (write_comma) ++ BIO_write(out, ",", 1); ++ write_comma = 1; ++ md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); ++ switch (md_nid) { ++ case NID_sha1: ++ BIO_puts(out, "sha1"); ++ break; ++ ++ case NID_md5: ++ BIO_puts(out, "md5"); ++ break; ++ ++ case NID_sha256: ++ BIO_puts(out, "sha-256"); ++ break; ++ ++ case NID_sha384: ++ BIO_puts(out, "sha-384"); ++ break; ++ ++ case NID_sha512: ++ BIO_puts(out, "sha-512"); ++ break; ++ ++ default: ++ if (have_unknown) ++ write_comma = 0; ++ else { ++ BIO_puts(out, "unknown"); ++ have_unknown = 1; ++ } ++ break; ++ ++ } ++ } ++ ++ return 1; ++ ++} + + /* SMIME sender */ + + int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, +- int ctype_nid, int econt_nid, +- STACK_OF(X509_ALGOR) *mdalgs, +- asn1_output_data_fn *data_fn, +- const ASN1_ITEM *it) ++ int ctype_nid, int econt_nid, ++ STACK_OF(X509_ALGOR) *mdalgs, ++ asn1_output_data_fn * data_fn, const ASN1_ITEM *it) + { +- char bound[33], c; +- int i; +- const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; +- const char *msg_type=NULL; +- if (flags & SMIME_OLDMIME) +- mime_prefix = "application/x-pkcs7-"; +- else +- mime_prefix = "application/pkcs7-"; +- +- if (flags & SMIME_CRLFEOL) +- mime_eol = "\r\n"; +- else +- mime_eol = "\n"; +- if((flags & SMIME_DETACHED) && data) { +- /* We want multipart/signed */ +- /* Generate a random boundary */ +- RAND_pseudo_bytes((unsigned char *)bound, 32); +- for(i = 0; i < 32; i++) { +- c = bound[i] & 0xf; +- if(c < 10) c += '0'; +- else c += 'A' - 10; +- bound[i] = c; +- } +- bound[32] = 0; +- BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); +- BIO_printf(bio, "Content-Type: multipart/signed;"); +- BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); +- BIO_puts(bio, " micalg=\""); +- asn1_write_micalg(bio, mdalgs); +- BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", +- bound, mime_eol, mime_eol); +- BIO_printf(bio, "This is an S/MIME signed message%s%s", +- mime_eol, mime_eol); +- /* Now write out the first part */ +- BIO_printf(bio, "------%s%s", bound, mime_eol); +- if (!data_fn(bio, data, val, flags, it)) +- return 0; +- BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); +- +- /* Headers for signature */ +- +- BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); +- BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); +- BIO_printf(bio, "Content-Transfer-Encoding: base64%s", +- mime_eol); +- BIO_printf(bio, "Content-Disposition: attachment;"); +- BIO_printf(bio, " filename=\"smime.p7s\"%s%s", +- mime_eol, mime_eol); +- B64_write_ASN1(bio, val, NULL, 0, it); +- BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound, +- mime_eol, mime_eol); +- return 1; +- } +- +- /* Determine smime-type header */ +- +- if (ctype_nid == NID_pkcs7_enveloped) +- msg_type = "enveloped-data"; +- else if (ctype_nid == NID_pkcs7_signed) +- { +- if (econt_nid == NID_id_smime_ct_receipt) +- msg_type = "signed-receipt"; +- else if (sk_X509_ALGOR_num(mdalgs) >= 0) +- msg_type = "signed-data"; +- else +- msg_type = "certs-only"; +- } +- else if (ctype_nid == NID_id_smime_ct_compressedData) +- { +- msg_type = "compressed-data"; +- cname = "smime.p7z"; +- } +- /* MIME headers */ +- BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); +- BIO_printf(bio, "Content-Disposition: attachment;"); +- BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); +- BIO_printf(bio, "Content-Type: %smime;", mime_prefix); +- if (msg_type) +- BIO_printf(bio, " smime-type=%s;", msg_type); +- BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); +- BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", +- mime_eol, mime_eol); +- if (!B64_write_ASN1(bio, val, data, flags, it)) +- return 0; +- BIO_printf(bio, "%s", mime_eol); +- return 1; ++ char bound[33], c; ++ int i; ++ const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; ++ const char *msg_type = NULL; ++ if (flags & SMIME_OLDMIME) ++ mime_prefix = "application/x-pkcs7-"; ++ else ++ mime_prefix = "application/pkcs7-"; ++ ++ if (flags & SMIME_CRLFEOL) ++ mime_eol = "\r\n"; ++ else ++ mime_eol = "\n"; ++ if ((flags & SMIME_DETACHED) && data) { ++ /* We want multipart/signed */ ++ /* Generate a random boundary */ ++ RAND_pseudo_bytes((unsigned char *)bound, 32); ++ for (i = 0; i < 32; i++) { ++ c = bound[i] & 0xf; ++ if (c < 10) ++ c += '0'; ++ else ++ c += 'A' - 10; ++ bound[i] = c; ++ } ++ bound[32] = 0; ++ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); ++ BIO_printf(bio, "Content-Type: multipart/signed;"); ++ BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); ++ BIO_puts(bio, " micalg=\""); ++ asn1_write_micalg(bio, mdalgs); ++ BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", ++ bound, mime_eol, mime_eol); ++ BIO_printf(bio, "This is an S/MIME signed message%s%s", ++ mime_eol, mime_eol); ++ /* Now write out the first part */ ++ BIO_printf(bio, "------%s%s", bound, mime_eol); ++ if (!data_fn(bio, data, val, flags, it)) ++ return 0; ++ BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); ++ ++ /* Headers for signature */ ++ ++ BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); ++ BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); ++ BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol); ++ BIO_printf(bio, "Content-Disposition: attachment;"); ++ BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol); ++ B64_write_ASN1(bio, val, NULL, 0, it); ++ BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound, ++ mime_eol, mime_eol); ++ return 1; ++ } ++ ++ /* Determine smime-type header */ ++ ++ if (ctype_nid == NID_pkcs7_enveloped) ++ msg_type = "enveloped-data"; ++ else if (ctype_nid == NID_pkcs7_signed) { ++ if (econt_nid == NID_id_smime_ct_receipt) ++ msg_type = "signed-receipt"; ++ else if (sk_X509_ALGOR_num(mdalgs) >= 0) ++ msg_type = "signed-data"; ++ else ++ msg_type = "certs-only"; ++ } else if (ctype_nid == NID_id_smime_ct_compressedData) { ++ msg_type = "compressed-data"; ++ cname = "smime.p7z"; ++ } ++ /* MIME headers */ ++ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); ++ BIO_printf(bio, "Content-Disposition: attachment;"); ++ BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); ++ BIO_printf(bio, "Content-Type: %smime;", mime_prefix); ++ if (msg_type) ++ BIO_printf(bio, " smime-type=%s;", msg_type); ++ BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); ++ BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", ++ mime_eol, mime_eol); ++ if (!B64_write_ASN1(bio, val, data, flags, it)) ++ return 0; ++ BIO_printf(bio, "%s", mime_eol); ++ return 1; + } + + #if 0 + + /* Handle output of ASN1 data */ + +- + static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, +- const ASN1_ITEM *it) +- { +- BIO *tmpbio; +- const ASN1_AUX *aux = it->funcs; +- ASN1_STREAM_ARG sarg; ++ const ASN1_ITEM *it) ++{ ++ BIO *tmpbio; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_STREAM_ARG sarg; + +- if (!(flags & SMIME_DETACHED)) +- { +- SMIME_crlf_copy(data, out, flags); +- return 1; +- } ++ if (!(flags & SMIME_DETACHED)) { ++ SMIME_crlf_copy(data, out, flags); ++ return 1; ++ } + +- if (!aux || !aux->asn1_cb) +- { +- ASN1err(ASN1_F_ASN1_OUTPUT_DATA, +- ASN1_R_STREAMING_NOT_SUPPORTED); +- return 0; +- } ++ if (!aux || !aux->asn1_cb) { ++ ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED); ++ return 0; ++ } + +- sarg.out = out; +- sarg.ndef_bio = NULL; +- sarg.boundary = NULL; ++ sarg.out = out; ++ sarg.ndef_bio = NULL; ++ sarg.boundary = NULL; + +- /* Let ASN1 code prepend any needed BIOs */ ++ /* Let ASN1 code prepend any needed BIOs */ + +- if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) +- return 0; ++ if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) ++ return 0; + +- /* Copy data across, passing through filter BIOs for processing */ +- SMIME_crlf_copy(data, sarg.ndef_bio, flags); ++ /* Copy data across, passing through filter BIOs for processing */ ++ SMIME_crlf_copy(data, sarg.ndef_bio, flags); + +- /* Finalize structure */ +- if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) +- return 0; ++ /* Finalize structure */ ++ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) ++ return 0; + +- /* Now remove any digests prepended to the BIO */ ++ /* Now remove any digests prepended to the BIO */ + +- while (sarg.ndef_bio != out) +- { +- tmpbio = BIO_pop(sarg.ndef_bio); +- BIO_free(sarg.ndef_bio); +- sarg.ndef_bio = tmpbio; +- } ++ while (sarg.ndef_bio != out) { ++ tmpbio = BIO_pop(sarg.ndef_bio); ++ BIO_free(sarg.ndef_bio); ++ sarg.ndef_bio = tmpbio; ++ } + +- return 1; ++ return 1; + +- } ++} + + #endif + +-/* SMIME reader: handle multipart/signed and opaque signing. +- * in multipart case the content is placed in a memory BIO +- * pointed to by "bcont". In opaque this is set to NULL ++/* ++ * SMIME reader: handle multipart/signed and opaque signing. in multipart ++ * case the content is placed in a memory BIO pointed to by "bcont". In ++ * opaque this is set to NULL + */ + + ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + { +- BIO *asnin; +- STACK_OF(MIME_HEADER) *headers = NULL; +- STACK_OF(BIO) *parts = NULL; +- MIME_HEADER *hdr; +- MIME_PARAM *prm; +- ASN1_VALUE *val; +- int ret; +- +- if(bcont) *bcont = NULL; +- +- if (!(headers = mime_parse_hdr(bio))) { +- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR); +- return NULL; +- } +- +- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); +- return NULL; +- } +- +- /* Handle multipart/signed */ +- +- if(!strcmp(hdr->value, "multipart/signed")) { +- /* Split into two parts */ +- prm = mime_param_find(hdr, "boundary"); +- if(!prm || !prm->param_value) { +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); +- return NULL; +- } +- ret = multi_split(bio, prm->param_value, &parts); +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- if(!ret || (sk_BIO_num(parts) != 2) ) { +- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); +- sk_BIO_pop_free(parts, BIO_vfree); +- return NULL; +- } +- +- /* Parse the signature piece */ +- asnin = sk_BIO_value(parts, 1); +- +- if (!(headers = mime_parse_hdr(asnin))) { +- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR); +- sk_BIO_pop_free(parts, BIO_vfree); +- return NULL; +- } +- +- /* Get content type */ +- +- if(!(hdr = mime_hdr_find(headers, "content-type")) || +- !hdr->value) { +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); +- return NULL; +- } +- +- if(strcmp(hdr->value, "application/x-pkcs7-signature") && +- strcmp(hdr->value, "application/pkcs7-signature")) { +- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE); +- ERR_add_error_data(2, "type: ", hdr->value); +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- sk_BIO_pop_free(parts, BIO_vfree); +- return NULL; +- } +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- /* Read in ASN1 */ +- if(!(val = b64_read_asn1(asnin, it))) { +- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR); +- sk_BIO_pop_free(parts, BIO_vfree); +- return NULL; +- } +- +- if(bcont) { +- *bcont = sk_BIO_value(parts, 0); +- BIO_free(asnin); +- sk_BIO_free(parts); +- } else sk_BIO_pop_free(parts, BIO_vfree); +- return val; +- } +- +- /* OK, if not multipart/signed try opaque signature */ +- +- if (strcmp (hdr->value, "application/x-pkcs7-mime") && +- strcmp (hdr->value, "application/pkcs7-mime")) { +- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE); +- ERR_add_error_data(2, "type: ", hdr->value); +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- return NULL; +- } +- +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- +- if(!(val = b64_read_asn1(bio, it))) { +- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); +- return NULL; +- } +- return val; ++ BIO *asnin; ++ STACK_OF(MIME_HEADER) *headers = NULL; ++ STACK_OF(BIO) *parts = NULL; ++ MIME_HEADER *hdr; ++ MIME_PARAM *prm; ++ ASN1_VALUE *val; ++ int ret; ++ ++ if (bcont) ++ *bcont = NULL; ++ ++ if (!(headers = mime_parse_hdr(bio))) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR); ++ return NULL; ++ } ++ ++ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); ++ return NULL; ++ } ++ ++ /* Handle multipart/signed */ ++ ++ if (!strcmp(hdr->value, "multipart/signed")) { ++ /* Split into two parts */ ++ prm = mime_param_find(hdr, "boundary"); ++ if (!prm || !prm->param_value) { ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); ++ return NULL; ++ } ++ ret = multi_split(bio, prm->param_value, &parts); ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ if (!ret || (sk_BIO_num(parts) != 2)) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); ++ sk_BIO_pop_free(parts, BIO_vfree); ++ return NULL; ++ } ++ ++ /* Parse the signature piece */ ++ asnin = sk_BIO_value(parts, 1); ++ ++ if (!(headers = mime_parse_hdr(asnin))) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); ++ sk_BIO_pop_free(parts, BIO_vfree); ++ return NULL; ++ } ++ ++ /* Get content type */ ++ ++ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); ++ return NULL; ++ } ++ ++ if (strcmp(hdr->value, "application/x-pkcs7-signature") && ++ strcmp(hdr->value, "application/pkcs7-signature")) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE); ++ ERR_add_error_data(2, "type: ", hdr->value); ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ sk_BIO_pop_free(parts, BIO_vfree); ++ return NULL; ++ } ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ /* Read in ASN1 */ ++ if (!(val = b64_read_asn1(asnin, it))) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); ++ sk_BIO_pop_free(parts, BIO_vfree); ++ return NULL; ++ } ++ ++ if (bcont) { ++ *bcont = sk_BIO_value(parts, 0); ++ BIO_free(asnin); ++ sk_BIO_free(parts); ++ } else ++ sk_BIO_pop_free(parts, BIO_vfree); ++ return val; ++ } ++ ++ /* OK, if not multipart/signed try opaque signature */ ++ ++ if (strcmp(hdr->value, "application/x-pkcs7-mime") && ++ strcmp(hdr->value, "application/pkcs7-mime")) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE); ++ ERR_add_error_data(2, "type: ", hdr->value); ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ return NULL; ++ } ++ ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ ++ if (!(val = b64_read_asn1(bio, it))) { ++ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); ++ return NULL; ++ } ++ return val; + + } + + /* Copy text from one BIO to another making the output CRLF at EOL */ + int SMIME_crlf_copy(BIO *in, BIO *out, int flags) + { +- BIO *bf; +- char eol; +- int len; +- char linebuf[MAX_SMLEN]; +- /* Buffer output so we don't write one line at a time. This is +- * useful when streaming as we don't end up with one OCTET STRING +- * per line. +- */ +- bf = BIO_new(BIO_f_buffer()); +- if (!bf) +- return 0; +- out = BIO_push(bf, out); +- if(flags & SMIME_BINARY) +- { +- while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) +- BIO_write(out, linebuf, len); +- } +- else +- { +- if(flags & SMIME_TEXT) +- BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); +- while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) +- { +- eol = strip_eol(linebuf, &len); +- if (len) +- BIO_write(out, linebuf, len); +- if(eol) BIO_write(out, "\r\n", 2); +- } +- } +- (void)BIO_flush(out); +- BIO_pop(out); +- BIO_free(bf); +- return 1; ++ BIO *bf; ++ char eol; ++ int len; ++ char linebuf[MAX_SMLEN]; ++ /* ++ * Buffer output so we don't write one line at a time. This is useful ++ * when streaming as we don't end up with one OCTET STRING per line. ++ */ ++ bf = BIO_new(BIO_f_buffer()); ++ if (!bf) ++ return 0; ++ out = BIO_push(bf, out); ++ if (flags & SMIME_BINARY) { ++ while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) ++ BIO_write(out, linebuf, len); ++ } else { ++ if (flags & SMIME_TEXT) ++ BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); ++ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { ++ eol = strip_eol(linebuf, &len); ++ if (len) ++ BIO_write(out, linebuf, len); ++ if (eol) ++ BIO_write(out, "\r\n", 2); ++ } ++ } ++ (void)BIO_flush(out); ++ BIO_pop(out); ++ BIO_free(bf); ++ return 1; + } + + /* Strip off headers if they are text/plain */ + int SMIME_text(BIO *in, BIO *out) + { +- char iobuf[4096]; +- int len; +- STACK_OF(MIME_HEADER) *headers; +- MIME_HEADER *hdr; +- +- if (!(headers = mime_parse_hdr(in))) { +- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR); +- return 0; +- } +- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { +- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE); +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- return 0; +- } +- if (strcmp (hdr->value, "text/plain")) { +- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE); +- ERR_add_error_data(2, "type: ", hdr->value); +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- return 0; +- } +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) +- BIO_write(out, iobuf, len); +- if (len < 0) +- return 0; +- return 1; ++ char iobuf[4096]; ++ int len; ++ STACK_OF(MIME_HEADER) *headers; ++ MIME_HEADER *hdr; ++ ++ if (!(headers = mime_parse_hdr(in))) { ++ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR); ++ return 0; ++ } ++ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { ++ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE); ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ return 0; ++ } ++ if (strcmp(hdr->value, "text/plain")) { ++ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE); ++ ERR_add_error_data(2, "type: ", hdr->value); ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ return 0; ++ } ++ sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ++ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) ++ BIO_write(out, iobuf, len); ++ if (len < 0) ++ return 0; ++ return 1; + } + +-/* Split a multipart/XXX message body into component parts: result is ++/* ++ * Split a multipart/XXX message body into component parts: result is + * canonical parts in a STACK of bios + */ + + static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) + { +- char linebuf[MAX_SMLEN]; +- int len, blen; +- int eol = 0, next_eol = 0; +- BIO *bpart = NULL; +- STACK_OF(BIO) *parts; +- char state, part, first; +- +- blen = strlen(bound); +- part = 0; +- state = 0; +- first = 1; +- parts = sk_BIO_new_null(); +- *ret = parts; +- while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { +- state = mime_bound_check(linebuf, len, bound, blen); +- if(state == 1) { +- first = 1; +- part++; +- } else if(state == 2) { +- sk_BIO_push(parts, bpart); +- return 1; +- } else if(part) { +- /* Strip CR+LF from linebuf */ +- next_eol = strip_eol(linebuf, &len); +- if(first) { +- first = 0; +- if(bpart) sk_BIO_push(parts, bpart); +- bpart = BIO_new(BIO_s_mem()); +- BIO_set_mem_eof_return(bpart, 0); +- } else if (eol) +- BIO_write(bpart, "\r\n", 2); +- eol = next_eol; +- if (len) +- BIO_write(bpart, linebuf, len); +- } +- } +- return 0; ++ char linebuf[MAX_SMLEN]; ++ int len, blen; ++ int eol = 0, next_eol = 0; ++ BIO *bpart = NULL; ++ STACK_OF(BIO) *parts; ++ char state, part, first; ++ ++ blen = strlen(bound); ++ part = 0; ++ state = 0; ++ first = 1; ++ parts = sk_BIO_new_null(); ++ *ret = parts; ++ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { ++ state = mime_bound_check(linebuf, len, bound, blen); ++ if (state == 1) { ++ first = 1; ++ part++; ++ } else if (state == 2) { ++ sk_BIO_push(parts, bpart); ++ return 1; ++ } else if (part) { ++ /* Strip CR+LF from linebuf */ ++ next_eol = strip_eol(linebuf, &len); ++ if (first) { ++ first = 0; ++ if (bpart) ++ sk_BIO_push(parts, bpart); ++ bpart = BIO_new(BIO_s_mem()); ++ BIO_set_mem_eof_return(bpart, 0); ++ } else if (eol) ++ BIO_write(bpart, "\r\n", 2); ++ eol = next_eol; ++ if (len) ++ BIO_write(bpart, linebuf, len); ++ } ++ } ++ return 0; + } + + /* This is the big one: parse MIME header lines up to message body */ + +-#define MIME_INVALID 0 +-#define MIME_START 1 +-#define MIME_TYPE 2 +-#define MIME_NAME 3 +-#define MIME_VALUE 4 +-#define MIME_QUOTE 5 +-#define MIME_COMMENT 6 +- ++#define MIME_INVALID 0 ++#define MIME_START 1 ++#define MIME_TYPE 2 ++#define MIME_NAME 3 ++#define MIME_VALUE 4 ++#define MIME_QUOTE 5 ++#define MIME_COMMENT 6 + + static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + { +- char *p, *q, c; +- char *ntmp; +- char linebuf[MAX_SMLEN]; +- MIME_HEADER *mhdr = NULL; +- STACK_OF(MIME_HEADER) *headers; +- int len, state, save_state = 0; +- +- headers = sk_MIME_HEADER_new(mime_hdr_cmp); +- if (!headers) +- return NULL; +- while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { +- /* If whitespace at line start then continuation line */ +- if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; +- else state = MIME_START; +- ntmp = NULL; +- /* Go through all characters */ +- for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { +- +- /* State machine to handle MIME headers +- * if this looks horrible that's because it *is* +- */ +- +- switch(state) { +- case MIME_START: +- if(c == ':') { +- state = MIME_TYPE; +- *p = 0; +- ntmp = strip_ends(q); +- q = p + 1; +- } +- break; +- +- case MIME_TYPE: +- if(c == ';') { +- mime_debug("Found End Value\n"); +- *p = 0; +- mhdr = mime_hdr_new(ntmp, strip_ends(q)); +- sk_MIME_HEADER_push(headers, mhdr); +- ntmp = NULL; +- q = p + 1; +- state = MIME_NAME; +- } else if(c == '(') { +- save_state = state; +- state = MIME_COMMENT; +- } +- break; +- +- case MIME_COMMENT: +- if(c == ')') { +- state = save_state; +- } +- break; +- +- case MIME_NAME: +- if(c == '=') { +- state = MIME_VALUE; +- *p = 0; +- ntmp = strip_ends(q); +- q = p + 1; +- } +- break ; +- +- case MIME_VALUE: +- if(c == ';') { +- state = MIME_NAME; +- *p = 0; +- mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); +- ntmp = NULL; +- q = p + 1; +- } else if (c == '"') { +- mime_debug("Found Quote\n"); +- state = MIME_QUOTE; +- } else if(c == '(') { +- save_state = state; +- state = MIME_COMMENT; +- } +- break; +- +- case MIME_QUOTE: +- if(c == '"') { +- mime_debug("Found Match Quote\n"); +- state = MIME_VALUE; +- } +- break; +- } +- } +- +- if(state == MIME_TYPE) { +- mhdr = mime_hdr_new(ntmp, strip_ends(q)); +- sk_MIME_HEADER_push(headers, mhdr); +- } else if(state == MIME_VALUE) +- mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); +- if(p == linebuf) break; /* Blank line means end of headers */ +-} +- +-return headers; ++ char *p, *q, c; ++ char *ntmp; ++ char linebuf[MAX_SMLEN]; ++ MIME_HEADER *mhdr = NULL; ++ STACK_OF(MIME_HEADER) *headers; ++ int len, state, save_state = 0; ++ ++ headers = sk_MIME_HEADER_new(mime_hdr_cmp); ++ if (!headers) ++ return NULL; ++ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { ++ /* If whitespace at line start then continuation line */ ++ if (mhdr && isspace((unsigned char)linebuf[0])) ++ state = MIME_NAME; ++ else ++ state = MIME_START; ++ ntmp = NULL; ++ /* Go through all characters */ ++ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); ++ p++) { ++ ++ /* ++ * State machine to handle MIME headers if this looks horrible ++ * that's because it *is* ++ */ ++ ++ switch (state) { ++ case MIME_START: ++ if (c == ':') { ++ state = MIME_TYPE; ++ *p = 0; ++ ntmp = strip_ends(q); ++ q = p + 1; ++ } ++ break; ++ ++ case MIME_TYPE: ++ if (c == ';') { ++ mime_debug("Found End Value\n"); ++ *p = 0; ++ mhdr = mime_hdr_new(ntmp, strip_ends(q)); ++ sk_MIME_HEADER_push(headers, mhdr); ++ ntmp = NULL; ++ q = p + 1; ++ state = MIME_NAME; ++ } else if (c == '(') { ++ save_state = state; ++ state = MIME_COMMENT; ++ } ++ break; ++ ++ case MIME_COMMENT: ++ if (c == ')') { ++ state = save_state; ++ } ++ break; ++ ++ case MIME_NAME: ++ if (c == '=') { ++ state = MIME_VALUE; ++ *p = 0; ++ ntmp = strip_ends(q); ++ q = p + 1; ++ } ++ break; ++ ++ case MIME_VALUE: ++ if (c == ';') { ++ state = MIME_NAME; ++ *p = 0; ++ mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); ++ ntmp = NULL; ++ q = p + 1; ++ } else if (c == '"') { ++ mime_debug("Found Quote\n"); ++ state = MIME_QUOTE; ++ } else if (c == '(') { ++ save_state = state; ++ state = MIME_COMMENT; ++ } ++ break; ++ ++ case MIME_QUOTE: ++ if (c == '"') { ++ mime_debug("Found Match Quote\n"); ++ state = MIME_VALUE; ++ } ++ break; ++ } ++ } ++ ++ if (state == MIME_TYPE) { ++ mhdr = mime_hdr_new(ntmp, strip_ends(q)); ++ sk_MIME_HEADER_push(headers, mhdr); ++ } else if (state == MIME_VALUE) ++ mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); ++ if (p == linebuf) ++ break; /* Blank line means end of headers */ ++ } ++ ++ return headers; + + } + + static char *strip_ends(char *name) + { +- return strip_end(strip_start(name)); ++ return strip_end(strip_start(name)); + } + + /* Strip a parameter of whitespace from start of param */ + static char *strip_start(char *name) + { +- char *p, c; +- /* Look for first non white space or quote */ +- for(p = name; (c = *p) ;p++) { +- if(c == '"') { +- /* Next char is start of string if non null */ +- if(p[1]) return p + 1; +- /* Else null string */ +- return NULL; +- } +- if(!isspace((unsigned char)c)) return p; +- } +- return NULL; ++ char *p, c; ++ /* Look for first non white space or quote */ ++ for (p = name; (c = *p); p++) { ++ if (c == '"') { ++ /* Next char is start of string if non null */ ++ if (p[1]) ++ return p + 1; ++ /* Else null string */ ++ return NULL; ++ } ++ if (!isspace((unsigned char)c)) ++ return p; ++ } ++ return NULL; + } + + /* As above but strip from end of string : maybe should handle brackets? */ + static char *strip_end(char *name) + { +- char *p, c; +- if(!name) return NULL; +- /* Look for first non white space or quote */ +- for(p = name + strlen(name) - 1; p >= name ;p--) { +- c = *p; +- if(c == '"') { +- if(p - 1 == name) return NULL; +- *p = 0; +- return name; +- } +- if(isspace((unsigned char)c)) *p = 0; +- else return name; +- } +- return NULL; ++ char *p, c; ++ if (!name) ++ return NULL; ++ /* Look for first non white space or quote */ ++ for (p = name + strlen(name) - 1; p >= name; p--) { ++ c = *p; ++ if (c == '"') { ++ if (p - 1 == name) ++ return NULL; ++ *p = 0; ++ return name; ++ } ++ if (isspace((unsigned char)c)) ++ *p = 0; ++ else ++ return name; ++ } ++ return NULL; + } + + static MIME_HEADER *mime_hdr_new(char *name, char *value) + { +- MIME_HEADER *mhdr; +- char *tmpname, *tmpval, *p; +- int c; +- if(name) { +- if(!(tmpname = BUF_strdup(name))) return NULL; +- for(p = tmpname ; *p; p++) { +- c = *p; +- if(isupper(c)) { +- c = tolower(c); +- *p = c; +- } +- } +- } else tmpname = NULL; +- if(value) { +- if(!(tmpval = BUF_strdup(value))) return NULL; +- for(p = tmpval ; *p; p++) { +- c = *p; +- if(isupper(c)) { +- c = tolower(c); +- *p = c; +- } +- } +- } else tmpval = NULL; +- mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); +- if(!mhdr) return NULL; +- mhdr->name = tmpname; +- mhdr->value = tmpval; +- if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; +- return mhdr; ++ MIME_HEADER *mhdr; ++ char *tmpname, *tmpval, *p; ++ int c; ++ if (name) { ++ if (!(tmpname = BUF_strdup(name))) ++ return NULL; ++ for (p = tmpname; *p; p++) { ++ c = *p; ++ if (isupper(c)) { ++ c = tolower(c); ++ *p = c; ++ } ++ } ++ } else ++ tmpname = NULL; ++ if (value) { ++ if (!(tmpval = BUF_strdup(value))) ++ return NULL; ++ for (p = tmpval; *p; p++) { ++ c = *p; ++ if (isupper(c)) { ++ c = tolower(c); ++ *p = c; ++ } ++ } ++ } else ++ tmpval = NULL; ++ mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER)); ++ if (!mhdr) ++ return NULL; ++ mhdr->name = tmpname; ++ mhdr->value = tmpval; ++ if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) ++ return NULL; ++ return mhdr; + } +- ++ + static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) + { +- char *tmpname, *tmpval, *p; +- int c; +- MIME_PARAM *mparam; +- if(name) { +- tmpname = BUF_strdup(name); +- if(!tmpname) return 0; +- for(p = tmpname ; *p; p++) { +- c = *p; +- if(isupper(c)) { +- c = tolower(c); +- *p = c; +- } +- } +- } else tmpname = NULL; +- if(value) { +- tmpval = BUF_strdup(value); +- if(!tmpval) return 0; +- } else tmpval = NULL; +- /* Parameter values are case sensitive so leave as is */ +- mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); +- if(!mparam) return 0; +- mparam->param_name = tmpname; +- mparam->param_value = tmpval; +- sk_MIME_PARAM_push(mhdr->params, mparam); +- return 1; ++ char *tmpname, *tmpval, *p; ++ int c; ++ MIME_PARAM *mparam; ++ if (name) { ++ tmpname = BUF_strdup(name); ++ if (!tmpname) ++ return 0; ++ for (p = tmpname; *p; p++) { ++ c = *p; ++ if (isupper(c)) { ++ c = tolower(c); ++ *p = c; ++ } ++ } ++ } else ++ tmpname = NULL; ++ if (value) { ++ tmpval = BUF_strdup(value); ++ if (!tmpval) ++ return 0; ++ } else ++ tmpval = NULL; ++ /* Parameter values are case sensitive so leave as is */ ++ mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM)); ++ if (!mparam) ++ return 0; ++ mparam->param_name = tmpname; ++ mparam->param_value = tmpval; ++ sk_MIME_PARAM_push(mhdr->params, mparam); ++ return 1; + } + +-static int mime_hdr_cmp(const MIME_HEADER * const *a, +- const MIME_HEADER * const *b) ++static int mime_hdr_cmp(const MIME_HEADER *const *a, ++ const MIME_HEADER *const *b) + { +- if (!(*a)->name || !(*b)->name) +- return !!(*a)->name - !!(*b)->name; ++ if (!(*a)->name || !(*b)->name) ++ return ! !(*a)->name - ! !(*b)->name; + +- return(strcmp((*a)->name, (*b)->name)); ++ return (strcmp((*a)->name, (*b)->name)); + } + +-static int mime_param_cmp(const MIME_PARAM * const *a, +- const MIME_PARAM * const *b) ++static int mime_param_cmp(const MIME_PARAM *const *a, ++ const MIME_PARAM *const *b) + { +- if (!(*a)->param_name || !(*b)->param_name) +- return !!(*a)->param_name - !!(*b)->param_name; +- return(strcmp((*a)->param_name, (*b)->param_name)); ++ if (!(*a)->param_name || !(*b)->param_name) ++ return ! !(*a)->param_name - ! !(*b)->param_name; ++ return (strcmp((*a)->param_name, (*b)->param_name)); + } + + /* Find a header with a given name (if possible) */ + + static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) + { +- MIME_HEADER htmp; +- int idx; +- htmp.name = name; +- idx = sk_MIME_HEADER_find(hdrs, &htmp); +- if(idx < 0) return NULL; +- return sk_MIME_HEADER_value(hdrs, idx); ++ MIME_HEADER htmp; ++ int idx; ++ htmp.name = name; ++ idx = sk_MIME_HEADER_find(hdrs, &htmp); ++ if (idx < 0) ++ return NULL; ++ return sk_MIME_HEADER_value(hdrs, idx); + } + + static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) + { +- MIME_PARAM param; +- int idx; +- param.param_name = name; +- idx = sk_MIME_PARAM_find(hdr->params, ¶m); +- if(idx < 0) return NULL; +- return sk_MIME_PARAM_value(hdr->params, idx); ++ MIME_PARAM param; ++ int idx; ++ param.param_name = name; ++ idx = sk_MIME_PARAM_find(hdr->params, ¶m); ++ if (idx < 0) ++ return NULL; ++ return sk_MIME_PARAM_value(hdr->params, idx); + } + + static void mime_hdr_free(MIME_HEADER *hdr) + { +- if(hdr->name) OPENSSL_free(hdr->name); +- if(hdr->value) OPENSSL_free(hdr->value); +- if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); +- OPENSSL_free(hdr); ++ if (hdr->name) ++ OPENSSL_free(hdr->name); ++ if (hdr->value) ++ OPENSSL_free(hdr->value); ++ if (hdr->params) ++ sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); ++ OPENSSL_free(hdr); + } + + static void mime_param_free(MIME_PARAM *param) + { +- if(param->param_name) OPENSSL_free(param->param_name); +- if(param->param_value) OPENSSL_free(param->param_value); +- OPENSSL_free(param); ++ if (param->param_name) ++ OPENSSL_free(param->param_name); ++ if (param->param_value) ++ OPENSSL_free(param->param_value); ++ OPENSSL_free(param); + } + +-/* Check for a multipart boundary. Returns: ++/*- ++ * Check for a multipart boundary. Returns: + * 0 : no boundary + * 1 : part boundary + * 2 : final boundary + */ + static int mime_bound_check(char *line, int linelen, char *bound, int blen) + { +- if(linelen == -1) linelen = strlen(line); +- if(blen == -1) blen = strlen(bound); +- /* Quickly eliminate if line length too short */ +- if(blen + 2 > linelen) return 0; +- /* Check for part boundary */ +- if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { +- if(!strncmp(line + blen + 2, "--", 2)) return 2; +- else return 1; +- } +- return 0; ++ if (linelen == -1) ++ linelen = strlen(line); ++ if (blen == -1) ++ blen = strlen(bound); ++ /* Quickly eliminate if line length too short */ ++ if (blen + 2 > linelen) ++ return 0; ++ /* Check for part boundary */ ++ if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { ++ if (!strncmp(line + blen + 2, "--", 2)) ++ return 2; ++ else ++ return 1; ++ } ++ return 0; + } + + static int strip_eol(char *linebuf, int *plen) +- { +- int len = *plen; +- char *p, c; +- int is_eol = 0; +- p = linebuf + len - 1; +- for (p = linebuf + len - 1; len > 0; len--, p--) +- { +- c = *p; +- if (c == '\n') +- is_eol = 1; +- else if (c != '\r') +- break; +- } +- *plen = len; +- return is_eol; +- } ++{ ++ int len = *plen; ++ char *p, c; ++ int is_eol = 0; ++ p = linebuf + len - 1; ++ for (p = linebuf + len - 1; len > 0; len--, p--) { ++ c = *p; ++ if (c == '\n') ++ is_eol = 1; ++ else if (c != '\r') ++ break; ++ } ++ *plen = len; ++ return is_eol; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c +index 1ea6a59..fab2dd9 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c +@@ -1,6 +1,7 @@ + /* asn_moid.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -69,92 +70,84 @@ + static int do_create(char *value, char *name); + + static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) +- { +- int i; +- const char *oid_section; +- STACK_OF(CONF_VALUE) *sktmp; +- CONF_VALUE *oval; +- oid_section = CONF_imodule_get_value(md); +- if(!(sktmp = NCONF_get_section(cnf, oid_section))) +- { +- ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); +- return 0; +- } +- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) +- { +- oval = sk_CONF_VALUE_value(sktmp, i); +- if(!do_create(oval->value, oval->name)) +- { +- ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); +- return 0; +- } +- } +- return 1; +- } ++{ ++ int i; ++ const char *oid_section; ++ STACK_OF(CONF_VALUE) *sktmp; ++ CONF_VALUE *oval; ++ oid_section = CONF_imodule_get_value(md); ++ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { ++ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); ++ return 0; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { ++ oval = sk_CONF_VALUE_value(sktmp, i); ++ if (!do_create(oval->value, oval->name)) { ++ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); ++ return 0; ++ } ++ } ++ return 1; ++} + + static void oid_module_finish(CONF_IMODULE *md) +- { +- OBJ_cleanup(); +- } ++{ ++ OBJ_cleanup(); ++} + + void ASN1_add_oid_module(void) +- { +- CONF_module_add("oid_section", oid_module_init, oid_module_finish); +- } ++{ ++ CONF_module_add("oid_section", oid_module_init, oid_module_finish); ++} + +-/* Create an OID based on a name value pair. Accept two formats. ++/*- ++ * Create an OID based on a name value pair. Accept two formats. + * shortname = 1.2.3.4 + * shortname = some long name, 1.2.3.4 + */ + +- + static int do_create(char *value, char *name) +- { +- int nid; +- ASN1_OBJECT *oid; +- char *ln, *ostr, *p, *lntmp; +- p = strrchr(value, ','); +- if (!p) +- { +- ln = name; +- ostr = value; +- } +- else +- { +- ln = NULL; +- ostr = p + 1; +- if (!*ostr) +- return 0; +- while(isspace((unsigned char)*ostr)) ostr++; +- } ++{ ++ int nid; ++ ASN1_OBJECT *oid; ++ char *ln, *ostr, *p, *lntmp; ++ p = strrchr(value, ','); ++ if (!p) { ++ ln = name; ++ ostr = value; ++ } else { ++ ln = NULL; ++ ostr = p + 1; ++ if (!*ostr) ++ return 0; ++ while (isspace((unsigned char)*ostr)) ++ ostr++; ++ } + +- nid = OBJ_create(ostr, name, ln); ++ nid = OBJ_create(ostr, name, ln); + +- if (nid == NID_undef) +- return 0; ++ if (nid == NID_undef) ++ return 0; + +- if (p) +- { +- ln = value; +- while(isspace((unsigned char)*ln)) ln++; +- p--; +- while(isspace((unsigned char)*p)) +- { +- if (p == ln) +- return 0; +- p--; +- } +- p++; +- lntmp = OPENSSL_malloc((p - ln) + 1); +- if (lntmp == NULL) +- return 0; +- memcpy(lntmp, ln, p - ln); +- lntmp[p - ln] = 0; +- oid = OBJ_nid2obj(nid); +- oid->ln = lntmp; +- } ++ if (p) { ++ ln = value; ++ while (isspace((unsigned char)*ln)) ++ ln++; ++ p--; ++ while (isspace((unsigned char)*p)) { ++ if (p == ln) ++ return 0; ++ p--; ++ } ++ p++; ++ lntmp = OPENSSL_malloc((p - ln) + 1); ++ if (lntmp == NULL) ++ return 0; ++ memcpy(lntmp, ln, p - ln); ++ lntmp[p - ln] = 0; ++ oid = OBJ_nid2obj(nid); ++ oid->ln = lntmp; ++ } + +- return 1; +- } +- +- ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +index c373714..0f460d0 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +@@ -1,6 +1,7 @@ + /* asn_pack.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,90 +68,94 @@ + /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ + + STACK *ASN1_seq_unpack(const unsigned char *buf, int len, +- d2i_of_void *d2i,void (*free_func)(void *)) ++ d2i_of_void *d2i, void (*free_func) (void *)) + { + STACK *sk; + const unsigned char *pbuf; +- pbuf = buf; ++ pbuf = buf; + if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) +- ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR); ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) ++ ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR); + return sk; + } + +-/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a ++/* ++ * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a + * OPENSSL_malloc'ed buffer + */ + +-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d, +- unsigned char **buf, int *len) ++unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d, ++ unsigned char **buf, int *len) + { +- int safelen; +- unsigned char *safe, *p; +- if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, +- V_ASN1_UNIVERSAL, IS_SEQUENCE))) { +- ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR); +- return NULL; +- } +- if (!(safe = OPENSSL_malloc (safelen))) { +- ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- p = safe; +- i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, +- IS_SEQUENCE); +- if (len) *len = safelen; +- if (buf) *buf = safe; +- return safe; ++ int safelen; ++ unsigned char *safe, *p; ++ if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, IS_SEQUENCE))) { ++ ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR); ++ return NULL; ++ } ++ if (!(safe = OPENSSL_malloc(safelen))) { ++ ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ p = safe; ++ i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, ++ IS_SEQUENCE); ++ if (len) ++ *len = safelen; ++ if (buf) ++ *buf = safe; ++ return safe; + } + + /* Extract an ASN1 object from an ASN1_STRING */ + + void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i) + { +- const unsigned char *p; +- char *ret; ++ const unsigned char *p; ++ char *ret; + +- p = oct->data; +- if(!(ret = d2i(NULL, &p, oct->length))) +- ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); +- return ret; ++ p = oct->data; ++ if (!(ret = d2i(NULL, &p, oct->length))) ++ ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR); ++ return ret; + } + + /* Pack an ASN1 object into an ASN1_STRING */ + + ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) + { +- unsigned char *p; +- ASN1_STRING *octmp; +- +- if (!oct || !*oct) { +- if (!(octmp = ASN1_STRING_new ())) { +- ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- if (oct) *oct = octmp; +- } else octmp = *oct; +- +- if (!(octmp->length = i2d(obj, NULL))) { +- ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); +- goto err; +- } +- if (!(p = OPENSSL_malloc (octmp->length))) { +- ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- octmp->data = p; +- i2d (obj, &p); +- return octmp; +- err: +- if (!oct || !*oct) +- { +- ASN1_STRING_free(octmp); +- if (oct) +- *oct = NULL; +- } +- return NULL; ++ unsigned char *p; ++ ASN1_STRING *octmp; ++ ++ if (!oct || !*oct) { ++ if (!(octmp = ASN1_STRING_new())) { ++ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (oct) ++ *oct = octmp; ++ } else ++ octmp = *oct; ++ ++ if (!(octmp->length = i2d(obj, NULL))) { ++ ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR); ++ goto err; ++ } ++ if (!(p = OPENSSL_malloc(octmp->length))) { ++ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ octmp->data = p; ++ i2d(obj, &p); ++ return octmp; ++ err: ++ if (!oct || !*oct) { ++ ASN1_STRING_free(octmp); ++ if (oct) ++ *oct = NULL; ++ } ++ return NULL; + } + + #endif +@@ -159,41 +164,43 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) + + ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) + { +- ASN1_STRING *octmp; +- +- if (!oct || !*oct) { +- if (!(octmp = ASN1_STRING_new ())) { +- ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- if (oct) *oct = octmp; +- } else octmp = *oct; +- +- if(octmp->data) { +- OPENSSL_free(octmp->data); +- octmp->data = NULL; +- } +- +- if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { +- ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR); +- return NULL; +- } +- if (!octmp->data) { +- ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- return octmp; ++ ASN1_STRING *octmp; ++ ++ if (!oct || !*oct) { ++ if (!(octmp = ASN1_STRING_new())) { ++ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (oct) ++ *oct = octmp; ++ } else ++ octmp = *oct; ++ ++ if (octmp->data) { ++ OPENSSL_free(octmp->data); ++ octmp->data = NULL; ++ } ++ ++ if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { ++ ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); ++ return NULL; ++ } ++ if (!octmp->data) { ++ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ return octmp; + } + + /* Extract an ASN1 object from an ASN1_STRING */ + + void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) + { +- const unsigned char *p; +- void *ret; ++ const unsigned char *p; ++ void *ret; + +- p = oct->data; +- if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) +- ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR); +- return ret; ++ p = oct->data; ++ if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) ++ ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR); ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +index 207ccda..3218862 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,99 +63,107 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + + EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, +- long length) +- { +- EVP_PKEY *ret; ++ long length) ++{ ++ EVP_PKEY *ret; + +- if ((a == NULL) || (*a == NULL)) +- { +- if ((ret=EVP_PKEY_new()) == NULL) +- { +- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB); +- return(NULL); +- } +- } +- else ret= *a; ++ if ((a == NULL) || (*a == NULL)) { ++ if ((ret = EVP_PKEY_new()) == NULL) { ++ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB); ++ return (NULL); ++ } ++ } else ++ ret = *a; + +- ret->save_type=type; +- ret->type=EVP_PKEY_type(type); +- switch (ret->type) +- { ++ ret->save_type = type; ++ ret->type = EVP_PKEY_type(type); ++ switch (ret->type) { + #ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, +- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ +- { +- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); +- goto err; +- } +- break; ++ case EVP_PKEY_RSA: ++ /* TMP UGLY CAST */ ++ if ((ret->pkey.rsa = d2i_RSAPrivateKey(NULL, ++ (const unsigned char **)pp, ++ length)) == NULL) { ++ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ break; + #endif + #ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, +- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ +- { +- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); +- goto err; +- } +- break; ++ case EVP_PKEY_DSA: ++ /* TMP UGLY CAST */ ++ if ((ret->pkey.dsa = d2i_DSAPrivateKey(NULL, ++ (const unsigned char **)pp, ++ length)) == NULL) { ++ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ break; + #endif + #ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, +- (const unsigned char **)pp, length)) == NULL) +- { +- ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- break; ++ case EVP_PKEY_EC: ++ if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, ++ (const unsigned char **)pp, ++ length)) == NULL) { ++ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ break; + #endif +- default: +- ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); +- goto err; +- /* break; */ +- } +- if (a != NULL) (*a)=ret; +- return(ret); +-err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); +- return(NULL); +- } ++ default: ++ ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); ++ goto err; ++ /* break; */ ++ } ++ if (a != NULL) ++ (*a) = ret; ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ EVP_PKEY_free(ret); ++ return (NULL); ++} + +-/* This works like d2i_PrivateKey() except it automatically works out the type */ ++/* ++ * This works like d2i_PrivateKey() except it automatically works out the ++ * type ++ */ + + EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +- long length) ++ long length) + { +- STACK_OF(ASN1_TYPE) *inkey; +- const unsigned char *p; +- int keytype; +- p = *pp; +- /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): +- * by analyzing it we can determine the passed structure: this +- * assumes the input is surrounded by an ASN1 SEQUENCE. +- */ +- inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, +- ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +- /* Since we only need to discern "traditional format" RSA and DSA +- * keys we can just count the elements. +- */ +- if(sk_ASN1_TYPE_num(inkey) == 6) +- keytype = EVP_PKEY_DSA; +- else if (sk_ASN1_TYPE_num(inkey) == 4) +- keytype = EVP_PKEY_EC; +- else keytype = EVP_PKEY_RSA; +- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); +- return d2i_PrivateKey(keytype, a, pp, length); ++ STACK_OF(ASN1_TYPE) *inkey; ++ const unsigned char *p; ++ int keytype; ++ p = *pp; ++ /* ++ * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by ++ * analyzing it we can determine the passed structure: this assumes the ++ * input is surrounded by an ASN1 SEQUENCE. ++ */ ++ inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, ++ ASN1_TYPE_free, V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL); ++ /* ++ * Since we only need to discern "traditional format" RSA and DSA keys we ++ * can just count the elements. ++ */ ++ if (sk_ASN1_TYPE_num(inkey) == 6) ++ keytype = EVP_PKEY_DSA; ++ else if (sk_ASN1_TYPE_num(inkey) == 4) ++ keytype = EVP_PKEY_EC; ++ else ++ keytype = EVP_PKEY_RSA; ++ sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); ++ return d2i_PrivateKey(keytype, a, pp, length); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +index 3694f51..1f05fee 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,73 +63,71 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + + EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +- long length) +- { +- EVP_PKEY *ret; ++ long length) ++{ ++ EVP_PKEY *ret; + +- if ((a == NULL) || (*a == NULL)) +- { +- if ((ret=EVP_PKEY_new()) == NULL) +- { +- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB); +- return(NULL); +- } +- } +- else ret= *a; ++ if ((a == NULL) || (*a == NULL)) { ++ if ((ret = EVP_PKEY_new()) == NULL) { ++ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); ++ return (NULL); ++ } ++ } else ++ ret = *a; + +- ret->save_type=type; +- ret->type=EVP_PKEY_type(type); +- switch (ret->type) +- { ++ ret->save_type = type; ++ ret->type = EVP_PKEY_type(type); ++ switch (ret->type) { + #ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL, +- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ +- { +- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); +- goto err; +- } +- break; ++ case EVP_PKEY_RSA: ++ /* TMP UGLY CAST */ ++ if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, ++ (const unsigned char **)pp, ++ length)) == NULL) { ++ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ break; + #endif + #ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- if (!d2i_DSAPublicKey(&(ret->pkey.dsa), +- (const unsigned char **)pp,length)) /* TMP UGLY CAST */ +- { +- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); +- goto err; +- } +- break; ++ case EVP_PKEY_DSA: ++ /* TMP UGLY CAST */ ++ if (!d2i_DSAPublicKey(&(ret->pkey.dsa), ++ (const unsigned char **)pp, length)) { ++ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ break; + #endif + #ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- if (!o2i_ECPublicKey(&(ret->pkey.ec), +- (const unsigned char **)pp, length)) +- { +- ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- break; ++ case EVP_PKEY_EC: ++ if (!o2i_ECPublicKey(&(ret->pkey.ec), ++ (const unsigned char **)pp, length)) { ++ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ break; + #endif +- default: +- ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); +- goto err; +- /* break; */ +- } +- if (a != NULL) (*a)=ret; +- return(ret); +-err: +- if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); +- return(NULL); +- } +- ++ default: ++ ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); ++ goto err; ++ /* break; */ ++ } ++ if (a != NULL) ++ (*a) = ret; ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ EVP_PKEY_free(ret); ++ return (NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +index 1b94459..5876afa 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,132 +62,134 @@ + #include + + int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) +- { +- ASN1_STRING *os; +- +- if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); +- if (!M_ASN1_OCTET_STRING_set(os,data,len)) +- { +- M_ASN1_OCTET_STRING_free(os); +- return 0; +- } +- ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); +- return(1); +- } ++{ ++ ASN1_STRING *os; ++ ++ if ((os = M_ASN1_OCTET_STRING_new()) == NULL) ++ return (0); ++ if (!M_ASN1_OCTET_STRING_set(os, data, len)) { ++ M_ASN1_OCTET_STRING_free(os); ++ return 0; ++ } ++ ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); ++ return (1); ++} + + /* int max_len: for returned value */ +-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, +- int max_len) +- { +- int ret,num; +- unsigned char *p; +- +- if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) +- { +- ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG); +- return(-1); +- } +- p=M_ASN1_STRING_data(a->value.octet_string); +- ret=M_ASN1_STRING_length(a->value.octet_string); +- if (ret < max_len) +- num=ret; +- else +- num=max_len; +- memcpy(data,p,num); +- return(ret); +- } ++int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len) ++{ ++ int ret, num; ++ unsigned char *p; ++ ++ if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { ++ ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); ++ return (-1); ++ } ++ p = M_ASN1_STRING_data(a->value.octet_string); ++ ret = M_ASN1_STRING_length(a->value.octet_string); ++ if (ret < max_len) ++ num = ret; ++ else ++ num = max_len; ++ memcpy(data, p, num); ++ return (ret); ++} + + int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, +- int len) +- { +- int n,size; +- ASN1_OCTET_STRING os,*osp; +- ASN1_INTEGER in; +- unsigned char *p; +- unsigned char buf[32]; /* when they have 256bit longs, +- * I'll be in trouble */ +- in.data=buf; +- in.length=32; +- os.data=data; +- os.type=V_ASN1_OCTET_STRING; +- os.length=len; +- ASN1_INTEGER_set(&in,num); +- n = i2d_ASN1_INTEGER(&in,NULL); +- n+=M_i2d_ASN1_OCTET_STRING(&os,NULL); +- +- size=ASN1_object_size(1,n,V_ASN1_SEQUENCE); +- +- if ((osp=ASN1_STRING_new()) == NULL) return(0); +- /* Grow the 'string' */ +- if (!ASN1_STRING_set(osp,NULL,size)) +- { +- ASN1_STRING_free(osp); +- return(0); +- } +- +- M_ASN1_STRING_length_set(osp, size); +- p=M_ASN1_STRING_data(osp); +- +- ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); +- i2d_ASN1_INTEGER(&in,&p); +- M_i2d_ASN1_OCTET_STRING(&os,&p); +- +- ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp); +- return(1); +- } +- +-/* we return the actual length..., num may be missing, in which +- * case, set it to zero */ ++ int len) ++{ ++ int n, size; ++ ASN1_OCTET_STRING os, *osp; ++ ASN1_INTEGER in; ++ unsigned char *p; ++ unsigned char buf[32]; /* when they have 256bit longs, I'll be in ++ * trouble */ ++ in.data = buf; ++ in.length = 32; ++ os.data = data; ++ os.type = V_ASN1_OCTET_STRING; ++ os.length = len; ++ ASN1_INTEGER_set(&in, num); ++ n = i2d_ASN1_INTEGER(&in, NULL); ++ n += M_i2d_ASN1_OCTET_STRING(&os, NULL); ++ ++ size = ASN1_object_size(1, n, V_ASN1_SEQUENCE); ++ ++ if ((osp = ASN1_STRING_new()) == NULL) ++ return (0); ++ /* Grow the 'string' */ ++ if (!ASN1_STRING_set(osp, NULL, size)) { ++ ASN1_STRING_free(osp); ++ return (0); ++ } ++ ++ M_ASN1_STRING_length_set(osp, size); ++ p = M_ASN1_STRING_data(osp); ++ ++ ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); ++ i2d_ASN1_INTEGER(&in, &p); ++ M_i2d_ASN1_OCTET_STRING(&os, &p); ++ ++ ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp); ++ return (1); ++} ++ ++/* ++ * we return the actual length..., num may be missing, in which case, set it ++ * to zero ++ */ + /* int max_len: for returned value */ +-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, +- int max_len) +- { +- int ret= -1,n; +- ASN1_INTEGER *ai=NULL; +- ASN1_OCTET_STRING *os=NULL; +- const unsigned char *p; +- long length; +- ASN1_const_CTX c; +- +- if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) +- { +- goto err; +- } +- p=M_ASN1_STRING_data(a->value.sequence); +- length=M_ASN1_STRING_length(a->value.sequence); +- +- c.pp= &p; +- c.p=p; +- c.max=p+length; +- c.error=ASN1_R_DATA_IS_WRONG; +- +- M_ASN1_D2I_start_sequence(); +- c.q=c.p; +- if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err; +- c.slen-=(c.p-c.q); +- c.q=c.p; +- if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err; +- c.slen-=(c.p-c.q); +- if (!M_ASN1_D2I_end_sequence()) goto err; +- +- if (num != NULL) +- *num=ASN1_INTEGER_get(ai); +- +- ret=M_ASN1_STRING_length(os); +- if (max_len > ret) +- n=ret; +- else +- n=max_len; +- +- if (data != NULL) +- memcpy(data,M_ASN1_STRING_data(os),n); +- if (0) +- { +-err: +- ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG); +- } +- if (os != NULL) M_ASN1_OCTET_STRING_free(os); +- if (ai != NULL) M_ASN1_INTEGER_free(ai); +- return(ret); +- } +- ++int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, ++ unsigned char *data, int max_len) ++{ ++ int ret = -1, n; ++ ASN1_INTEGER *ai = NULL; ++ ASN1_OCTET_STRING *os = NULL; ++ const unsigned char *p; ++ long length; ++ ASN1_const_CTX c; ++ ++ if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { ++ goto err; ++ } ++ p = M_ASN1_STRING_data(a->value.sequence); ++ length = M_ASN1_STRING_length(a->value.sequence); ++ ++ c.pp = &p; ++ c.p = p; ++ c.max = p + length; ++ c.error = ASN1_R_DATA_IS_WRONG; ++ ++ M_ASN1_D2I_start_sequence(); ++ c.q = c.p; ++ if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL) ++ goto err; ++ c.slen -= (c.p - c.q); ++ c.q = c.p; ++ if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) ++ goto err; ++ c.slen -= (c.p - c.q); ++ if (!M_ASN1_D2I_end_sequence()) ++ goto err; ++ ++ if (num != NULL) ++ *num = ASN1_INTEGER_get(ai); ++ ++ ret = M_ASN1_STRING_length(os); ++ if (max_len > ret) ++ n = ret; ++ else ++ n = max_len; ++ ++ if (data != NULL) ++ memcpy(data, M_ASN1_STRING_data(os), n); ++ if (0) { ++ err: ++ ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); ++ } ++ if (os != NULL) ++ M_ASN1_OCTET_STRING_free(os); ++ if (ai != NULL) ++ M_ASN1_INTEGER_free(ai); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c +index 56e3cc8..591c3b5 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,144 +64,140 @@ + /* Based on a_int.c: equivalent ENUMERATED functions */ + + int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) +- { +- int i,n=0; +- static const char *h="0123456789ABCDEF"; +- char buf[2]; ++{ ++ int i, n = 0; ++ static const char *h = "0123456789ABCDEF"; ++ char buf[2]; + +- if (a == NULL) return(0); ++ if (a == NULL) ++ return (0); + +- if (a->length == 0) +- { +- if (BIO_write(bp,"00",2) != 2) goto err; +- n=2; +- } +- else +- { +- for (i=0; ilength; i++) +- { +- if ((i != 0) && (i%35 == 0)) +- { +- if (BIO_write(bp,"\\\n",2) != 2) goto err; +- n+=2; +- } +- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; +- buf[1]=h[((unsigned char)a->data[i] )&0x0f]; +- if (BIO_write(bp,buf,2) != 2) goto err; +- n+=2; +- } +- } +- return(n); +-err: +- return(-1); +- } ++ if (a->length == 0) { ++ if (BIO_write(bp, "00", 2) != 2) ++ goto err; ++ n = 2; ++ } else { ++ for (i = 0; i < a->length; i++) { ++ if ((i != 0) && (i % 35 == 0)) { ++ if (BIO_write(bp, "\\\n", 2) != 2) ++ goto err; ++ n += 2; ++ } ++ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; ++ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; ++ if (BIO_write(bp, buf, 2) != 2) ++ goto err; ++ n += 2; ++ } ++ } ++ return (n); ++ err: ++ return (-1); ++} + + int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) +- { +- int ret=0; +- int i,j,k,m,n,again,bufsize; +- unsigned char *s=NULL,*sp; +- unsigned char *bufp; +- int num=0,slen=0,first=1; +- +- bs->type=V_ASN1_ENUMERATED; ++{ ++ int ret = 0; ++ int i, j, k, m, n, again, bufsize; ++ unsigned char *s = NULL, *sp; ++ unsigned char *bufp; ++ int num = 0, slen = 0, first = 1; + +- bufsize=BIO_gets(bp,buf,size); +- for (;;) +- { +- if (bufsize < 1) goto err_sl; +- i=bufsize; +- if (buf[i-1] == '\n') buf[--i]='\0'; +- if (i == 0) goto err_sl; +- if (buf[i-1] == '\r') buf[--i]='\0'; +- if (i == 0) goto err_sl; +- again=(buf[i-1] == '\\'); ++ bs->type = V_ASN1_ENUMERATED; + +- for (j=0; j= '0') && (buf[j] <= '9')) || +- ((buf[j] >= 'a') && (buf[j] <= 'f')) || +- ((buf[j] >= 'A') && (buf[j] <= 'F')))) +- { +- i=j; +- break; +- } +- } +- buf[i]='\0'; +- /* We have now cleared all the crap off the end of the +- * line */ +- if (i < 2) goto err_sl; ++ bufsize = BIO_gets(bp, buf, size); ++ for (;;) { ++ if (bufsize < 1) ++ goto err_sl; ++ i = bufsize; ++ if (buf[i - 1] == '\n') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ if (buf[i - 1] == '\r') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ again = (buf[i - 1] == '\\'); + +- bufp=(unsigned char *)buf; +- if (first) +- { +- first=0; +- if ((bufp[0] == '0') && (buf[1] == '0')) +- { +- bufp+=2; +- i-=2; +- } +- } +- k=0; +- i-=again; +- if (i%2 != 0) +- { +- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS); +- goto err; +- } +- i/=2; +- if (num+i > slen) +- { +- if (s == NULL) +- sp=(unsigned char *)OPENSSL_malloc( +- (unsigned int)num+i*2); +- else +- sp=(unsigned char *)OPENSSL_realloc(s, +- (unsigned int)num+i*2); +- if (sp == NULL) +- { +- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); +- if (s != NULL) OPENSSL_free(s); +- goto err; +- } +- s=sp; +- slen=num+i*2; +- } +- for (j=0; j= '0') && (m <= '9')) +- m-='0'; +- else if ((m >= 'a') && (m <= 'f')) +- m=m-'a'+10; +- else if ((m >= 'A') && (m <= 'F')) +- m=m-'A'+10; +- else +- { +- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS); +- goto err; +- } +- s[num+j]<<=4; +- s[num+j]|=m; +- } +- } +- num+=i; +- if (again) +- bufsize=BIO_gets(bp,buf,size); +- else +- break; +- } +- bs->length=num; +- bs->data=s; +- ret=1; +-err: +- if (0) +- { +-err_sl: +- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE); +- } +- return(ret); +- } ++ for (j = 0; j < i; j++) { ++ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || ++ ((buf[j] >= 'a') && (buf[j] <= 'f')) || ++ ((buf[j] >= 'A') && (buf[j] <= 'F')))) { ++ i = j; ++ break; ++ } ++ } ++ buf[i] = '\0'; ++ /* ++ * We have now cleared all the crap off the end of the line ++ */ ++ if (i < 2) ++ goto err_sl; + ++ bufp = (unsigned char *)buf; ++ if (first) { ++ first = 0; ++ if ((bufp[0] == '0') && (buf[1] == '0')) { ++ bufp += 2; ++ i -= 2; ++ } ++ } ++ k = 0; ++ i -= again; ++ if (i % 2 != 0) { ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); ++ goto err; ++ } ++ i /= 2; ++ if (num + i > slen) { ++ if (s == NULL) ++ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + ++ i * 2); ++ else ++ sp = (unsigned char *)OPENSSL_realloc(s, ++ (unsigned int)num + ++ i * 2); ++ if (sp == NULL) { ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ++ if (s != NULL) ++ OPENSSL_free(s); ++ goto err; ++ } ++ s = sp; ++ slen = num + i * 2; ++ } ++ for (j = 0; j < i; j++, k += 2) { ++ for (n = 0; n < 2; n++) { ++ m = bufp[k + n]; ++ if ((m >= '0') && (m <= '9')) ++ m -= '0'; ++ else if ((m >= 'a') && (m <= 'f')) ++ m = m - 'a' + 10; ++ else if ((m >= 'A') && (m <= 'F')) ++ m = m - 'A' + 10; ++ else { ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ++ ASN1_R_NON_HEX_CHARACTERS); ++ goto err; ++ } ++ s[num + j] <<= 4; ++ s[num + j] |= m; ++ } ++ } ++ num += i; ++ if (again) ++ bufsize = BIO_gets(bp, buf, size); ++ else ++ break; ++ } ++ bs->length = num; ++ bs->data = s; ++ ret = 1; ++ err: ++ if (0) { ++ err_sl: ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c +index 9494e59..4a81f81 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/f_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/f_int.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,158 +62,154 @@ + #include + + int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) +- { +- int i,n=0; +- static const char *h="0123456789ABCDEF"; +- char buf[2]; ++{ ++ int i, n = 0; ++ static const char *h = "0123456789ABCDEF"; ++ char buf[2]; + +- if (a == NULL) return(0); ++ if (a == NULL) ++ return (0); + +- if (a->type & V_ASN1_NEG) +- { +- if (BIO_write(bp, "-", 1) != 1) goto err; +- n = 1; +- } ++ if (a->type & V_ASN1_NEG) { ++ if (BIO_write(bp, "-", 1) != 1) ++ goto err; ++ n = 1; ++ } + +- if (a->length == 0) +- { +- if (BIO_write(bp,"00",2) != 2) goto err; +- n += 2; +- } +- else +- { +- for (i=0; ilength; i++) +- { +- if ((i != 0) && (i%35 == 0)) +- { +- if (BIO_write(bp,"\\\n",2) != 2) goto err; +- n+=2; +- } +- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; +- buf[1]=h[((unsigned char)a->data[i] )&0x0f]; +- if (BIO_write(bp,buf,2) != 2) goto err; +- n+=2; +- } +- } +- return(n); +-err: +- return(-1); +- } ++ if (a->length == 0) { ++ if (BIO_write(bp, "00", 2) != 2) ++ goto err; ++ n += 2; ++ } else { ++ for (i = 0; i < a->length; i++) { ++ if ((i != 0) && (i % 35 == 0)) { ++ if (BIO_write(bp, "\\\n", 2) != 2) ++ goto err; ++ n += 2; ++ } ++ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; ++ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; ++ if (BIO_write(bp, buf, 2) != 2) ++ goto err; ++ n += 2; ++ } ++ } ++ return (n); ++ err: ++ return (-1); ++} + + int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) +- { +- int ret=0; +- int i,j,k,m,n,again,bufsize; +- unsigned char *s=NULL,*sp; +- unsigned char *bufp; +- int num=0,slen=0,first=1; ++{ ++ int ret = 0; ++ int i, j, k, m, n, again, bufsize; ++ unsigned char *s = NULL, *sp; ++ unsigned char *bufp; ++ int num = 0, slen = 0, first = 1; + +- bs->type=V_ASN1_INTEGER; ++ bs->type = V_ASN1_INTEGER; + +- bufsize=BIO_gets(bp,buf,size); +- for (;;) +- { +- if (bufsize < 1) goto err_sl; +- i=bufsize; +- if (buf[i-1] == '\n') buf[--i]='\0'; +- if (i == 0) goto err_sl; +- if (buf[i-1] == '\r') buf[--i]='\0'; +- if (i == 0) goto err_sl; +- again=(buf[i-1] == '\\'); ++ bufsize = BIO_gets(bp, buf, size); ++ for (;;) { ++ if (bufsize < 1) ++ goto err_sl; ++ i = bufsize; ++ if (buf[i - 1] == '\n') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ if (buf[i - 1] == '\r') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ again = (buf[i - 1] == '\\'); + +- for (j=0; j= '0') && (buf[j] <= '9')) || +- ((buf[j] >= 'a') && (buf[j] <= 'f')) || +- ((buf[j] >= 'A') && (buf[j] <= 'F')))) ++ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || ++ ((buf[j] >= 'a') && (buf[j] <= 'f')) || ++ ((buf[j] >= 'A') && (buf[j] <= 'F')))) + #else +- /* This #ifdef is not strictly necessary, since +- * the characters A...F a...f 0...9 are contiguous +- * (yes, even in EBCDIC - but not the whole alphabet). +- * Nevertheless, isxdigit() is faster. +- */ +- if (!isxdigit(buf[j])) ++ /* ++ * This #ifdef is not strictly necessary, since the characters ++ * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but ++ * not the whole alphabet). Nevertheless, isxdigit() is faster. ++ */ ++ if (!isxdigit(buf[j])) + #endif +- { +- i=j; +- break; +- } +- } +- buf[i]='\0'; +- /* We have now cleared all the crap off the end of the +- * line */ +- if (i < 2) goto err_sl; +- +- bufp=(unsigned char *)buf; +- if (first) +- { +- first=0; +- if ((bufp[0] == '0') && (buf[1] == '0')) +- { +- bufp+=2; +- i-=2; +- } +- } +- k=0; +- i-=again; +- if (i%2 != 0) +- { +- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS); +- goto err; +- } +- i/=2; +- if (num+i > slen) +- { +- if (s == NULL) +- sp=(unsigned char *)OPENSSL_malloc( +- (unsigned int)num+i*2); +- else +- sp=OPENSSL_realloc_clean(s,slen,num+i*2); +- if (sp == NULL) +- { +- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); +- if (s != NULL) OPENSSL_free(s); +- goto err; +- } +- s=sp; +- slen=num+i*2; +- } +- for (j=0; j= '0') && (m <= '9')) +- m-='0'; +- else if ((m >= 'a') && (m <= 'f')) +- m=m-'a'+10; +- else if ((m >= 'A') && (m <= 'F')) +- m=m-'A'+10; +- else +- { +- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS); +- goto err; +- } +- s[num+j]<<=4; +- s[num+j]|=m; +- } +- } +- num+=i; +- if (again) +- bufsize=BIO_gets(bp,buf,size); +- else +- break; +- } +- bs->length=num; +- bs->data=s; +- ret=1; +-err: +- if (0) +- { +-err_sl: +- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE); +- } +- return(ret); +- } ++ { ++ i = j; ++ break; ++ } ++ } ++ buf[i] = '\0'; ++ /* ++ * We have now cleared all the crap off the end of the line ++ */ ++ if (i < 2) ++ goto err_sl; + ++ bufp = (unsigned char *)buf; ++ if (first) { ++ first = 0; ++ if ((bufp[0] == '0') && (buf[1] == '0')) { ++ bufp += 2; ++ i -= 2; ++ } ++ } ++ k = 0; ++ i -= again; ++ if (i % 2 != 0) { ++ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); ++ goto err; ++ } ++ i /= 2; ++ if (num + i > slen) { ++ if (s == NULL) ++ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + ++ i * 2); ++ else ++ sp = OPENSSL_realloc_clean(s, slen, num + i * 2); ++ if (sp == NULL) { ++ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); ++ if (s != NULL) ++ OPENSSL_free(s); ++ goto err; ++ } ++ s = sp; ++ slen = num + i * 2; ++ } ++ for (j = 0; j < i; j++, k += 2) { ++ for (n = 0; n < 2; n++) { ++ m = bufp[k + n]; ++ if ((m >= '0') && (m <= '9')) ++ m -= '0'; ++ else if ((m >= 'a') && (m <= 'f')) ++ m = m - 'a' + 10; ++ else if ((m >= 'A') && (m <= 'F')) ++ m = m - 'A' + 10; ++ else { ++ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ++ ASN1_R_NON_HEX_CHARACTERS); ++ goto err; ++ } ++ s[num + j] <<= 4; ++ s[num + j] |= m; ++ } ++ } ++ num += i; ++ if (again) ++ bufsize = BIO_gets(bp, buf, size); ++ else ++ break; ++ } ++ bs->length = num; ++ bs->data = s; ++ ret = 1; ++ err: ++ if (0) { ++ err_sl: ++ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c +index 968698a..6a6cf34 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/f_string.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/f_string.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,151 +62,148 @@ + #include + + int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) +- { +- int i,n=0; +- static const char *h="0123456789ABCDEF"; +- char buf[2]; ++{ ++ int i, n = 0; ++ static const char *h = "0123456789ABCDEF"; ++ char buf[2]; + +- if (a == NULL) return(0); ++ if (a == NULL) ++ return (0); + +- if (a->length == 0) +- { +- if (BIO_write(bp,"0",1) != 1) goto err; +- n=1; +- } +- else +- { +- for (i=0; ilength; i++) +- { +- if ((i != 0) && (i%35 == 0)) +- { +- if (BIO_write(bp,"\\\n",2) != 2) goto err; +- n+=2; +- } +- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; +- buf[1]=h[((unsigned char)a->data[i] )&0x0f]; +- if (BIO_write(bp,buf,2) != 2) goto err; +- n+=2; +- } +- } +- return(n); +-err: +- return(-1); +- } ++ if (a->length == 0) { ++ if (BIO_write(bp, "0", 1) != 1) ++ goto err; ++ n = 1; ++ } else { ++ for (i = 0; i < a->length; i++) { ++ if ((i != 0) && (i % 35 == 0)) { ++ if (BIO_write(bp, "\\\n", 2) != 2) ++ goto err; ++ n += 2; ++ } ++ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; ++ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; ++ if (BIO_write(bp, buf, 2) != 2) ++ goto err; ++ n += 2; ++ } ++ } ++ return (n); ++ err: ++ return (-1); ++} + + int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) +- { +- int ret=0; +- int i,j,k,m,n,again,bufsize; +- unsigned char *s=NULL,*sp; +- unsigned char *bufp; +- int num=0,slen=0,first=1; ++{ ++ int ret = 0; ++ int i, j, k, m, n, again, bufsize; ++ unsigned char *s = NULL, *sp; ++ unsigned char *bufp; ++ int num = 0, slen = 0, first = 1; + +- bufsize=BIO_gets(bp,buf,size); +- for (;;) +- { +- if (bufsize < 1) +- { +- if (first) +- break; +- else +- goto err_sl; +- } +- first=0; ++ bufsize = BIO_gets(bp, buf, size); ++ for (;;) { ++ if (bufsize < 1) { ++ if (first) ++ break; ++ else ++ goto err_sl; ++ } ++ first = 0; + +- i=bufsize; +- if (buf[i-1] == '\n') buf[--i]='\0'; +- if (i == 0) goto err_sl; +- if (buf[i-1] == '\r') buf[--i]='\0'; +- if (i == 0) goto err_sl; +- again=(buf[i-1] == '\\'); ++ i = bufsize; ++ if (buf[i - 1] == '\n') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ if (buf[i - 1] == '\r') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ again = (buf[i - 1] == '\\'); + +- for (j=i-1; j>0; j--) +- { ++ for (j = i - 1; j > 0; j--) { + #ifndef CHARSET_EBCDIC +- if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || +- ((buf[j] >= 'a') && (buf[j] <= 'f')) || +- ((buf[j] >= 'A') && (buf[j] <= 'F')))) ++ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || ++ ((buf[j] >= 'a') && (buf[j] <= 'f')) || ++ ((buf[j] >= 'A') && (buf[j] <= 'F')))) + #else +- /* This #ifdef is not strictly necessary, since +- * the characters A...F a...f 0...9 are contiguous +- * (yes, even in EBCDIC - but not the whole alphabet). +- * Nevertheless, isxdigit() is faster. +- */ +- if (!isxdigit(buf[j])) ++ /* ++ * This #ifdef is not strictly necessary, since the characters ++ * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but ++ * not the whole alphabet). Nevertheless, isxdigit() is faster. ++ */ ++ if (!isxdigit(buf[j])) + #endif +- { +- i=j; +- break; +- } +- } +- buf[i]='\0'; +- /* We have now cleared all the crap off the end of the +- * line */ +- if (i < 2) goto err_sl; +- +- bufp=(unsigned char *)buf; ++ { ++ i = j; ++ break; ++ } ++ } ++ buf[i] = '\0'; ++ /* ++ * We have now cleared all the crap off the end of the line ++ */ ++ if (i < 2) ++ goto err_sl; + +- k=0; +- i-=again; +- if (i%2 != 0) +- { +- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS); +- goto err; +- } +- i/=2; +- if (num+i > slen) +- { +- if (s == NULL) +- sp=(unsigned char *)OPENSSL_malloc( +- (unsigned int)num+i*2); +- else +- sp=(unsigned char *)OPENSSL_realloc(s, +- (unsigned int)num+i*2); +- if (sp == NULL) +- { +- ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE); +- if (s != NULL) OPENSSL_free(s); +- goto err; +- } +- s=sp; +- slen=num+i*2; +- } +- for (j=0; j= '0') && (m <= '9')) +- m-='0'; +- else if ((m >= 'a') && (m <= 'f')) +- m=m-'a'+10; +- else if ((m >= 'A') && (m <= 'F')) +- m=m-'A'+10; +- else +- { +- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS); +- goto err; +- } +- s[num+j]<<=4; +- s[num+j]|=m; +- } +- } +- num+=i; +- if (again) +- bufsize=BIO_gets(bp,buf,size); +- else +- break; +- } +- bs->length=num; +- bs->data=s; +- ret=1; +-err: +- if (0) +- { +-err_sl: +- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE); +- } +- return(ret); +- } ++ bufp = (unsigned char *)buf; + ++ k = 0; ++ i -= again; ++ if (i % 2 != 0) { ++ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); ++ goto err; ++ } ++ i /= 2; ++ if (num + i > slen) { ++ if (s == NULL) ++ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + ++ i * 2); ++ else ++ sp = (unsigned char *)OPENSSL_realloc(s, ++ (unsigned int)num + ++ i * 2); ++ if (sp == NULL) { ++ ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); ++ if (s != NULL) ++ OPENSSL_free(s); ++ goto err; ++ } ++ s = sp; ++ slen = num + i * 2; ++ } ++ for (j = 0; j < i; j++, k += 2) { ++ for (n = 0; n < 2; n++) { ++ m = bufp[k + n]; ++ if ((m >= '0') && (m <= '9')) ++ m -= '0'; ++ else if ((m >= 'a') && (m <= 'f')) ++ m = m - 'a' + 10; ++ else if ((m >= 'A') && (m <= 'F')) ++ m = m - 'A' + 10; ++ else { ++ ASN1err(ASN1_F_A2I_ASN1_STRING, ++ ASN1_R_NON_HEX_CHARACTERS); ++ goto err; ++ } ++ s[num + j] <<= 4; ++ s[num + j] |= m; ++ } ++ } ++ num += i; ++ if (again) ++ bufsize = BIO_gets(bp, buf, size); ++ else ++ break; ++ } ++ bs->length = num; ++ bs->data = s; ++ ret = 1; ++ err: ++ if (0) { ++ err_sl: ++ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +index 0be52c5..2919e48 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,38 +62,33 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + + int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) +- { ++{ + #ifndef OPENSSL_NO_RSA +- if (a->type == EVP_PKEY_RSA) +- { +- return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); +- } +- else ++ if (a->type == EVP_PKEY_RSA) { ++ return (i2d_RSAPrivateKey(a->pkey.rsa, pp)); ++ } else + #endif + #ifndef OPENSSL_NO_DSA +- if (a->type == EVP_PKEY_DSA) +- { +- return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); +- } ++ if (a->type == EVP_PKEY_DSA) { ++ return (i2d_DSAPrivateKey(a->pkey.dsa, pp)); ++ } + #endif + #ifndef OPENSSL_NO_EC +- if (a->type == EVP_PKEY_EC) +- { +- return(i2d_ECPrivateKey(a->pkey.ec, pp)); +- } ++ if (a->type == EVP_PKEY_EC) { ++ return (i2d_ECPrivateKey(a->pkey.ec, pp)); ++ } + #endif + +- ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); +- return(-1); +- } +- ++ ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); ++ return (-1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c +index 34286db..b8ed355 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,34 +62,32 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + + int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) +- { +- switch (a->type) +- { ++{ ++ switch (a->type) { + #ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- return(i2d_RSAPublicKey(a->pkey.rsa,pp)); ++ case EVP_PKEY_RSA: ++ return (i2d_RSAPublicKey(a->pkey.rsa, pp)); + #endif + #ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- return(i2d_DSAPublicKey(a->pkey.dsa,pp)); ++ case EVP_PKEY_DSA: ++ return (i2d_DSAPublicKey(a->pkey.dsa, pp)); + #endif + #ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- return(i2o_ECPublicKey(a->pkey.ec, pp)); ++ case EVP_PKEY_EC: ++ return (i2o_ECPublicKey(a->pkey.ec, pp)); + #endif +- default: +- ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); +- return(-1); +- } +- } +- ++ default: ++ ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); ++ return (-1); ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +index e7d0439..f7b874e 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,37 +59,34 @@ + #include + #include "cryptlib.h" + #ifndef OPENSSL_NO_RSA +-#include +-#include +-#include +-#include +-#include +-#include +- +- +-#ifndef OPENSSL_NO_RC4 +- +-typedef struct netscape_pkey_st +- { +- long version; +- X509_ALGOR *algor; +- ASN1_OCTET_STRING *private_key; +- } NETSCAPE_PKEY; +- +-typedef struct netscape_encrypted_pkey_st +- { +- ASN1_OCTET_STRING *os; +- /* This is the same structure as DigestInfo so use it: +- * although this isn't really anything to do with +- * digests. +- */ +- X509_SIG *enckey; +- } NETSCAPE_ENCRYPTED_PKEY; ++# include ++# include ++# include ++# include ++# include ++# include ++ ++# ifndef OPENSSL_NO_RC4 ++ ++typedef struct netscape_pkey_st { ++ long version; ++ X509_ALGOR *algor; ++ ASN1_OCTET_STRING *private_key; ++} NETSCAPE_PKEY; ++ ++typedef struct netscape_encrypted_pkey_st { ++ ASN1_OCTET_STRING *os; ++ /* ++ * This is the same structure as DigestInfo so use it: although this ++ * isn't really anything to do with digests. ++ */ ++ X509_SIG *enckey; ++} NETSCAPE_ENCRYPTED_PKEY; + + + ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { +- ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), +- ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) ++ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) + } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) + + DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) +@@ -97,9 +94,9 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P + IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) + + ASN1_SEQUENCE(NETSCAPE_PKEY) = { +- ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), +- ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), +- ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), ++ ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), ++ ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END(NETSCAPE_PKEY) + + DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) +@@ -107,237 +104,232 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) + IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) + + static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, +- int (*cb)(char *buf, int len, const char *prompt, +- int verify), +- int sgckey); ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey); + + int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, +- int (*cb)(char *buf, int len, const char *prompt, +- int verify)) ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)) + { +- return i2d_RSA_NET(a, pp, cb, 0); ++ return i2d_RSA_NET(a, pp, cb, 0); + } + + int i2d_RSA_NET(const RSA *a, unsigned char **pp, +- int (*cb)(char *buf, int len, const char *prompt, int verify), +- int sgckey) +- { +- int i, j, ret = 0; +- int rsalen, pkeylen, olen; +- NETSCAPE_PKEY *pkey = NULL; +- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; +- unsigned char buf[256],*zz; +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- EVP_CIPHER_CTX ctx; +- +- if (a == NULL) return(0); +- +- if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; +- if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; +- pkey->version = 0; +- +- pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); +- if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; +- pkey->algor->parameter->type=V_ASN1_NULL; +- +- rsalen = i2d_RSAPrivateKey(a, NULL); +- +- /* Fake some octet strings just for the initial length +- * calculation. +- */ +- +- pkey->private_key->length=rsalen; +- +- pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL); +- +- enckey->enckey->digest->length = pkeylen; +- +- enckey->os->length = 11; /* "private-key" */ +- +- enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); +- if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; +- enckey->enckey->algor->parameter->type=V_ASN1_NULL; +- +- if (pp == NULL) +- { +- olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); +- NETSCAPE_PKEY_free(pkey); +- NETSCAPE_ENCRYPTED_PKEY_free(enckey); +- return olen; +- } +- +- +- /* Since its RC4 encrypted length is actual length */ +- if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) +- { +- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- pkey->private_key->data = zz; +- /* Write out private key encoding */ +- i2d_RSAPrivateKey(a,&zz); +- +- if ((zz=OPENSSL_malloc(pkeylen)) == NULL) +- { +- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!ASN1_STRING_set(enckey->os, "private-key", -1)) +- { +- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- enckey->enckey->digest->data = zz; +- i2d_NETSCAPE_PKEY(pkey,&zz); +- +- /* Wipe the private key encoding */ +- OPENSSL_cleanse(pkey->private_key->data, rsalen); +- +- if (cb == NULL) +- cb=EVP_read_pw_string; +- i=cb((char *)buf,256,"Enter Private Key password:",1); +- if (i != 0) +- { +- ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ); +- goto err; +- } +- i = strlen((char *)buf); +- /* If the key is used for SGC the algorithm is modified a little. */ +- if(sgckey) { +- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); +- memcpy(buf + 16, "SGCKEYSALT", 10); +- i = 26; +- } +- +- EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); +- OPENSSL_cleanse(buf,256); +- +- /* Encrypt private key in place */ +- zz = enckey->enckey->digest->data; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); +- EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); +- EVP_EncryptFinal_ex(&ctx,zz + i,&j); +- EVP_CIPHER_CTX_cleanup(&ctx); +- +- ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); +-err: +- NETSCAPE_ENCRYPTED_PKEY_free(enckey); +- NETSCAPE_PKEY_free(pkey); +- return(ret); +- } +- ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey) ++{ ++ int i, j, ret = 0; ++ int rsalen, pkeylen, olen; ++ NETSCAPE_PKEY *pkey = NULL; ++ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; ++ unsigned char buf[256], *zz; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ EVP_CIPHER_CTX ctx; ++ ++ if (a == NULL) ++ return (0); ++ ++ if ((pkey = NETSCAPE_PKEY_new()) == NULL) ++ goto err; ++ if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) ++ goto err; ++ pkey->version = 0; ++ ++ pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); ++ if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ pkey->algor->parameter->type = V_ASN1_NULL; ++ ++ rsalen = i2d_RSAPrivateKey(a, NULL); ++ ++ /* ++ * Fake some octet strings just for the initial length calculation. ++ */ ++ ++ pkey->private_key->length = rsalen; ++ ++ pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); ++ ++ enckey->enckey->digest->length = pkeylen; ++ ++ enckey->os->length = 11; /* "private-key" */ ++ ++ enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); ++ if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ enckey->enckey->algor->parameter->type = V_ASN1_NULL; ++ ++ if (pp == NULL) { ++ olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); ++ NETSCAPE_PKEY_free(pkey); ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ return olen; ++ } ++ ++ /* Since its RC4 encrypted length is actual length */ ++ if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pkey->private_key->data = zz; ++ /* Write out private key encoding */ ++ i2d_RSAPrivateKey(a, &zz); ++ ++ if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ enckey->enckey->digest->data = zz; ++ i2d_NETSCAPE_PKEY(pkey, &zz); ++ ++ /* Wipe the private key encoding */ ++ OPENSSL_cleanse(pkey->private_key->data, rsalen); ++ ++ if (cb == NULL) ++ cb = EVP_read_pw_string; ++ i = cb((char *)buf, 256, "Enter Private Key password:", 1); ++ if (i != 0) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); ++ goto err; ++ } ++ i = strlen((char *)buf); ++ /* If the key is used for SGC the algorithm is modified a little. */ ++ if (sgckey) { ++ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); ++ memcpy(buf + 16, "SGCKEYSALT", 10); ++ i = 26; ++ } ++ ++ EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL); ++ OPENSSL_cleanse(buf, 256); ++ ++ /* Encrypt private key in place */ ++ zz = enckey->enckey->digest->data; ++ EVP_CIPHER_CTX_init(&ctx); ++ EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL); ++ EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen); ++ EVP_EncryptFinal_ex(&ctx, zz + i, &j); ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ ++ ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); ++ err: ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ NETSCAPE_PKEY_free(pkey); ++ return (ret); ++} + + RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, +- int (*cb)(char *buf, int len, const char *prompt, +- int verify)) ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)) + { +- return d2i_RSA_NET(a, pp, length, cb, 0); ++ return d2i_RSA_NET(a, pp, length, cb, 0); + } + + RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, +- int (*cb)(char *buf, int len, const char *prompt, int verify), +- int sgckey) +- { +- RSA *ret=NULL; +- const unsigned char *p; +- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; +- +- p = *pp; +- +- enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); +- if(!enckey) { +- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR); +- return NULL; +- } +- +- if ((enckey->os->length != 11) || (strncmp("private-key", +- (char *)enckey->os->data,11) != 0)) +- { +- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING); +- NETSCAPE_ENCRYPTED_PKEY_free(enckey); +- return NULL; +- } +- if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) +- { +- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); +- goto err; +- } +- if (cb == NULL) +- cb=EVP_read_pw_string; +- if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; +- +- *pp = p; +- +- err: +- NETSCAPE_ENCRYPTED_PKEY_free(enckey); +- return ret; +- +- } ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey) ++{ ++ RSA *ret = NULL; ++ const unsigned char *p; ++ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; ++ ++ p = *pp; ++ ++ enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); ++ if (!enckey) { ++ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); ++ return NULL; ++ } ++ ++ if ((enckey->os->length != 11) || (strncmp("private-key", ++ (char *)enckey->os->data, ++ 11) != 0)) { ++ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ return NULL; ++ } ++ if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { ++ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); ++ goto err; ++ } ++ if (cb == NULL) ++ cb = EVP_read_pw_string; ++ if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) ++ goto err; ++ ++ *pp = p; ++ ++ err: ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ return ret; ++ ++} + + static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, +- int (*cb)(char *buf, int len, const char *prompt, +- int verify), int sgckey) +- { +- NETSCAPE_PKEY *pkey=NULL; +- RSA *ret=NULL; +- int i,j; +- unsigned char buf[256]; +- const unsigned char *zz; +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- EVP_CIPHER_CTX ctx; +- +- i=cb((char *)buf,256,"Enter Private Key password:",0); +- if (i != 0) +- { +- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ); +- goto err; +- } +- +- i = strlen((char *)buf); +- if(sgckey){ +- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); +- memcpy(buf + 16, "SGCKEYSALT", 10); +- i = 26; +- } +- +- EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); +- OPENSSL_cleanse(buf,256); +- +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); +- EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); +- EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); +- EVP_CIPHER_CTX_cleanup(&ctx); +- os->length=i+j; +- +- zz=os->data; +- +- if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) +- { +- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); +- goto err; +- } +- +- zz=pkey->private_key->data; +- if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) +- { +- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); +- goto err; +- } +-err: +- NETSCAPE_PKEY_free(pkey); +- return(ret); +- } +- +-#endif /* OPENSSL_NO_RC4 */ +- +-#else /* !OPENSSL_NO_RSA */ ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey) ++{ ++ NETSCAPE_PKEY *pkey = NULL; ++ RSA *ret = NULL; ++ int i, j; ++ unsigned char buf[256]; ++ const unsigned char *zz; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ EVP_CIPHER_CTX ctx; ++ ++ i = cb((char *)buf, 256, "Enter Private Key password:", 0); ++ if (i != 0) { ++ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); ++ goto err; ++ } ++ ++ i = strlen((char *)buf); ++ if (sgckey) { ++ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); ++ memcpy(buf + 16, "SGCKEYSALT", 10); ++ i = 26; ++ } ++ ++ EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL); ++ OPENSSL_cleanse(buf, 256); ++ ++ EVP_CIPHER_CTX_init(&ctx); ++ EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL); ++ EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length); ++ EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j); ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ os->length = i + j; ++ ++ zz = os->data; ++ ++ if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { ++ ASN1err(ASN1_F_D2I_RSA_NET_2, ++ ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); ++ goto err; ++ } ++ ++ zz = pkey->private_key->data; ++ if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { ++ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); ++ goto err; ++ } ++ err: ++ NETSCAPE_PKEY_free(pkey); ++ return (ret); ++} ++ ++# endif /* OPENSSL_NO_RC4 */ ++ ++#else /* !OPENSSL_NO_RSA */ + + # if PEDANTIC +-static void *dummy=&dummy; ++static void *dummy = &dummy; + # endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +index e551c57..186e8b0 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +@@ -1,6 +1,7 @@ + /* nsseq.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,19 +65,19 @@ + + static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_NEW_POST) { +- NETSCAPE_CERT_SEQUENCE *nsseq; +- nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; +- nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); +- } +- return 1; ++ if (operation == ASN1_OP_NEW_POST) { ++ NETSCAPE_CERT_SEQUENCE *nsseq; ++ nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; ++ nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); ++ } ++ return 1; + } + + /* Netscape certificate sequence structure */ + + ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = { +- ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), +- ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) ++ ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), ++ ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) + } ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) + + IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +index c4582f8..096ccdd 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +@@ -1,6 +1,7 @@ + /* p5_pbe.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,67 +66,71 @@ + /* PKCS#5 password based encryption structure */ + + ASN1_SEQUENCE(PBEPARAM) = { +- ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), +- ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) ++ ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) + } ASN1_SEQUENCE_END(PBEPARAM) + + IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) + + /* Return an algorithm identifier for a PKCS#5 PBE algorithm */ + +-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, +- int saltlen) ++X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen) + { +- PBEPARAM *pbe=NULL; +- ASN1_OBJECT *al; +- X509_ALGOR *algor; +- ASN1_TYPE *astype=NULL; ++ PBEPARAM *pbe = NULL; ++ ASN1_OBJECT *al; ++ X509_ALGOR *algor; ++ ASN1_TYPE *astype = NULL; + +- if (!(pbe = PBEPARAM_new ())) { +- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if(iter <= 0) iter = PKCS5_DEFAULT_ITER; +- if (!ASN1_INTEGER_set(pbe->iter, iter)) { +- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!saltlen) saltlen = PKCS5_SALT_LEN; +- if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { +- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- pbe->salt->length = saltlen; +- if (salt) memcpy (pbe->salt->data, salt, saltlen); +- else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) +- goto err; ++ if (!(pbe = PBEPARAM_new())) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (iter <= 0) ++ iter = PKCS5_DEFAULT_ITER; ++ if (!ASN1_INTEGER_set(pbe->iter, iter)) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!saltlen) ++ saltlen = PKCS5_SALT_LEN; ++ if (!(pbe->salt->data = OPENSSL_malloc(saltlen))) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ pbe->salt->length = saltlen; ++ if (salt) ++ memcpy(pbe->salt->data, salt, saltlen); ++ else if (RAND_pseudo_bytes(pbe->salt->data, saltlen) < 0) ++ goto err; + +- if (!(astype = ASN1_TYPE_new())) { +- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ if (!(astype = ASN1_TYPE_new())) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- astype->type = V_ASN1_SEQUENCE; +- if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, +- &astype->value.sequence)) { +- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- PBEPARAM_free (pbe); +- pbe = NULL; +- +- al = OBJ_nid2obj(alg); /* never need to free al */ +- if (!(algor = X509_ALGOR_new())) { +- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ASN1_OBJECT_free(algor->algorithm); +- algor->algorithm = al; +- algor->parameter = astype; ++ astype->type = V_ASN1_SEQUENCE; ++ if (!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM, ++ &astype->value.sequence)) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ PBEPARAM_free(pbe); ++ pbe = NULL; + +- return (algor); +-err: +- if (pbe != NULL) PBEPARAM_free(pbe); +- if (astype != NULL) ASN1_TYPE_free(astype); +- return NULL; ++ al = OBJ_nid2obj(alg); /* never need to free al */ ++ if (!(algor = X509_ALGOR_new())) { ++ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ASN1_OBJECT_free(algor->algorithm); ++ algor->algorithm = al; ++ algor->parameter = astype; ++ ++ return (algor); ++ err: ++ if (pbe != NULL) ++ PBEPARAM_free(pbe); ++ if (astype != NULL) ++ ASN1_TYPE_free(astype); ++ return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +index 2b0516a..5054f0c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +@@ -1,6 +1,7 @@ + /* p5_pbev2.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999-2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999-2004. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,141 +66,157 @@ + /* PKCS#5 v2.0 password based encryption structures */ + + ASN1_SEQUENCE(PBE2PARAM) = { +- ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), +- ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) ++ ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), ++ ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) + } ASN1_SEQUENCE_END(PBE2PARAM) + + IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) + + ASN1_SEQUENCE(PBKDF2PARAM) = { +- ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), +- ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), +- ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), +- ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) ++ ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), ++ ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), ++ ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), ++ ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) + } ASN1_SEQUENCE_END(PBKDF2PARAM) + + IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) + +-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: +- * yes I know this is horrible! ++/* ++ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know ++ * this is horrible! + */ + + X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, +- unsigned char *salt, int saltlen) ++ unsigned char *salt, int saltlen) + { +- X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; +- int alg_nid; +- EVP_CIPHER_CTX ctx; +- unsigned char iv[EVP_MAX_IV_LENGTH]; +- PBKDF2PARAM *kdf = NULL; +- PBE2PARAM *pbe2 = NULL; +- ASN1_OCTET_STRING *osalt = NULL; +- ASN1_OBJECT *obj; ++ X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; ++ int alg_nid; ++ EVP_CIPHER_CTX ctx; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ PBKDF2PARAM *kdf = NULL; ++ PBE2PARAM *pbe2 = NULL; ++ ASN1_OCTET_STRING *osalt = NULL; ++ ASN1_OBJECT *obj; ++ ++ alg_nid = EVP_CIPHER_type(cipher); ++ if (alg_nid == NID_undef) { ++ ASN1err(ASN1_F_PKCS5_PBE2_SET, ++ ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); ++ goto err; ++ } ++ obj = OBJ_nid2obj(alg_nid); ++ ++ if (!(pbe2 = PBE2PARAM_new())) ++ goto merr; ++ ++ /* Setup the AlgorithmIdentifier for the encryption scheme */ ++ scheme = pbe2->encryption; ++ ++ scheme->algorithm = obj; ++ if (!(scheme->parameter = ASN1_TYPE_new())) ++ goto merr; ++ ++ /* Create random IV */ ++ if (EVP_CIPHER_iv_length(cipher) && ++ RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) ++ goto err; ++ ++ EVP_CIPHER_CTX_init(&ctx); ++ ++ /* Dummy cipherinit to just setup the IV */ ++ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); ++ if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { ++ ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ goto err; ++ } ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ ++ if (!(kdf = PBKDF2PARAM_new())) ++ goto merr; ++ if (!(osalt = M_ASN1_OCTET_STRING_new())) ++ goto merr; ++ ++ if (!saltlen) ++ saltlen = PKCS5_SALT_LEN; ++ if (!(osalt->data = OPENSSL_malloc(saltlen))) ++ goto merr; ++ osalt->length = saltlen; ++ if (salt) ++ memcpy(osalt->data, salt, saltlen); ++ else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0) ++ goto merr; ++ ++ if (iter <= 0) ++ iter = PKCS5_DEFAULT_ITER; ++ if (!ASN1_INTEGER_set(kdf->iter, iter)) ++ goto merr; ++ ++ /* Now include salt in kdf structure */ ++ kdf->salt->value.octet_string = osalt; ++ kdf->salt->type = V_ASN1_OCTET_STRING; ++ osalt = NULL; ++ ++ /* If its RC2 then we'd better setup the key length */ ++ ++ if (alg_nid == NID_rc2_cbc) { ++ if (!(kdf->keylength = M_ASN1_INTEGER_new())) ++ goto merr; ++ if (!ASN1_INTEGER_set(kdf->keylength, EVP_CIPHER_key_length(cipher))) ++ goto merr; ++ } ++ ++ /* prf can stay NULL because we are using hmacWithSHA1 */ ++ ++ /* Now setup the PBE2PARAM keyfunc structure */ ++ ++ pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); ++ ++ /* Encode PBKDF2PARAM into parameter of pbe2 */ ++ ++ if (!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) ++ goto merr; ++ ++ if (!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, ++ &pbe2->keyfunc->parameter->value.sequence)) ++ goto merr; ++ pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; ++ ++ PBKDF2PARAM_free(kdf); ++ kdf = NULL; ++ ++ /* Now set up top level AlgorithmIdentifier */ ++ ++ if (!(ret = X509_ALGOR_new())) ++ goto merr; ++ if (!(ret->parameter = ASN1_TYPE_new())) ++ goto merr; ++ ++ ret->algorithm = OBJ_nid2obj(NID_pbes2); ++ ++ /* Encode PBE2PARAM into parameter */ + +- alg_nid = EVP_CIPHER_type(cipher); +- if(alg_nid == NID_undef) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET, +- ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); +- goto err; +- } +- obj = OBJ_nid2obj(alg_nid); ++ if (!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, ++ &ret->parameter->value.sequence)) ++ goto merr; ++ ret->parameter->type = V_ASN1_SEQUENCE; + +- if(!(pbe2 = PBE2PARAM_new())) goto merr; ++ PBE2PARAM_free(pbe2); ++ pbe2 = NULL; + +- /* Setup the AlgorithmIdentifier for the encryption scheme */ +- scheme = pbe2->encryption; ++ return ret; + +- scheme->algorithm = obj; +- if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; ++ merr: ++ ASN1err(ASN1_F_PKCS5_PBE2_SET, ERR_R_MALLOC_FAILURE); + +- /* Create random IV */ +- if (EVP_CIPHER_iv_length(cipher) && +- RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) +- goto err; ++ err: ++ PBE2PARAM_free(pbe2); ++ /* Note 'scheme' is freed as part of pbe2 */ ++ M_ASN1_OCTET_STRING_free(osalt); ++ PBKDF2PARAM_free(kdf); ++ X509_ALGOR_free(kalg); ++ X509_ALGOR_free(ret); + +- EVP_CIPHER_CTX_init(&ctx); +- +- /* Dummy cipherinit to just setup the IV */ +- EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); +- if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET, +- ASN1_R_ERROR_SETTING_CIPHER_PARAMS); +- EVP_CIPHER_CTX_cleanup(&ctx); +- goto err; +- } +- EVP_CIPHER_CTX_cleanup(&ctx); +- +- if(!(kdf = PBKDF2PARAM_new())) goto merr; +- if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr; +- +- if (!saltlen) saltlen = PKCS5_SALT_LEN; +- if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr; +- osalt->length = saltlen; +- if (salt) memcpy (osalt->data, salt, saltlen); +- else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr; +- +- if(iter <= 0) iter = PKCS5_DEFAULT_ITER; +- if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; +- +- /* Now include salt in kdf structure */ +- kdf->salt->value.octet_string = osalt; +- kdf->salt->type = V_ASN1_OCTET_STRING; +- osalt = NULL; +- +- /* If its RC2 then we'd better setup the key length */ +- +- if(alg_nid == NID_rc2_cbc) { +- if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; +- if(!ASN1_INTEGER_set (kdf->keylength, +- EVP_CIPHER_key_length(cipher))) goto merr; +- } +- +- /* prf can stay NULL because we are using hmacWithSHA1 */ +- +- /* Now setup the PBE2PARAM keyfunc structure */ +- +- pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); +- +- /* Encode PBKDF2PARAM into parameter of pbe2 */ +- +- if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; +- +- if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM, +- &pbe2->keyfunc->parameter->value.sequence)) goto merr; +- pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; +- +- PBKDF2PARAM_free(kdf); +- kdf = NULL; +- +- /* Now set up top level AlgorithmIdentifier */ +- +- if(!(ret = X509_ALGOR_new())) goto merr; +- if(!(ret->parameter = ASN1_TYPE_new())) goto merr; +- +- ret->algorithm = OBJ_nid2obj(NID_pbes2); +- +- /* Encode PBE2PARAM into parameter */ +- +- if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM, +- &ret->parameter->value.sequence)) goto merr; +- ret->parameter->type = V_ASN1_SEQUENCE; +- +- PBE2PARAM_free(pbe2); +- pbe2 = NULL; +- +- return ret; +- +- merr: +- ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE); +- +- err: +- PBE2PARAM_free(pbe2); +- /* Note 'scheme' is freed as part of pbe2 */ +- M_ASN1_OCTET_STRING_free(osalt); +- PBKDF2PARAM_free(kdf); +- X509_ALGOR_free(kalg); +- X509_ALGOR_free(ret); +- +- return NULL; ++ return NULL; + + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +index 0a19575..6cd36ce 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +@@ -1,6 +1,7 @@ + /* p8_pkey.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,21 +65,22 @@ + /* Minor tweak to operation: zero private key data */ + static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ +- if(operation == ASN1_OP_FREE_PRE) { +- PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; +- if (key->pkey->value.octet_string) +- OPENSSL_cleanse(key->pkey->value.octet_string->data, +- key->pkey->value.octet_string->length); +- } +- return 1; ++ /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ ++ if (operation == ASN1_OP_FREE_PRE) { ++ PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; ++ if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING ++ && key->pkey->value.octet_string != NULL) ++ OPENSSL_cleanse(key->pkey->value.octet_string->data, ++ key->pkey->value.octet_string->length); ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { +- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), +- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), +- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), +- ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) ++ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), ++ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), ++ ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) + } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c +index 2e59a25..d5cf3c7 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c +@@ -1,6 +1,7 @@ + /* t_bitst.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,41 +63,43 @@ + #include + + int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, +- BIT_STRING_BITNAME *tbl, int indent) ++ BIT_STRING_BITNAME *tbl, int indent) + { +- BIT_STRING_BITNAME *bnam; +- char first = 1; +- BIO_printf(out, "%*s", indent, ""); +- for(bnam = tbl; bnam->lname; bnam++) { +- if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { +- if(!first) BIO_puts(out, ", "); +- BIO_puts(out, bnam->lname); +- first = 0; +- } +- } +- BIO_puts(out, "\n"); +- return 1; ++ BIT_STRING_BITNAME *bnam; ++ char first = 1; ++ BIO_printf(out, "%*s", indent, ""); ++ for (bnam = tbl; bnam->lname; bnam++) { ++ if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { ++ if (!first) ++ BIO_puts(out, ", "); ++ BIO_puts(out, bnam->lname); ++ first = 0; ++ } ++ } ++ BIO_puts(out, "\n"); ++ return 1; + } + + int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, +- BIT_STRING_BITNAME *tbl) ++ BIT_STRING_BITNAME *tbl) + { +- int bitnum; +- bitnum = ASN1_BIT_STRING_num_asc(name, tbl); +- if(bitnum < 0) return 0; +- if(bs) { +- if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) +- return 0; +- } +- return 1; ++ int bitnum; ++ bitnum = ASN1_BIT_STRING_num_asc(name, tbl); ++ if (bitnum < 0) ++ return 0; ++ if (bs) { ++ if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) ++ return 0; ++ } ++ return 1; + } + + int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) + { +- BIT_STRING_BITNAME *bnam; +- for(bnam = tbl; bnam->lname; bnam++) { +- if(!strcmp(bnam->sname, name) || +- !strcmp(bnam->lname, name) ) return bnam->bitnum; +- } +- return -1; ++ BIT_STRING_BITNAME *bnam; ++ for (bnam = tbl; bnam->lname; bnam++) { ++ if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name)) ++ return bnam->bitnum; ++ } ++ return -1; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +index ee5a687..75a753b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +@@ -1,6 +1,7 @@ + /* t_crl.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,68 +67,68 @@ + + #ifndef OPENSSL_NO_FP_API + int X509_CRL_print_fp(FILE *fp, X509_CRL *x) +- { +- BIO *b; +- int ret; ++{ ++ BIO *b; ++ int ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=X509_CRL_print(b, x); +- BIO_free(b); +- return(ret); +- } ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = X509_CRL_print(b, x); ++ BIO_free(b); ++ return (ret); ++} + #endif + + int X509_CRL_print(BIO *out, X509_CRL *x) + { +- STACK_OF(X509_REVOKED) *rev; +- X509_REVOKED *r; +- long l; +- int i; +- char *p; ++ STACK_OF(X509_REVOKED) *rev; ++ X509_REVOKED *r; ++ long l; ++ int i; ++ char *p; + +- BIO_printf(out, "Certificate Revocation List (CRL):\n"); +- l = X509_CRL_get_version(x); +- BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); +- i = OBJ_obj2nid(x->sig_alg->algorithm); +- BIO_printf(out, "%8sSignature Algorithm: %s\n", "", +- (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); +- p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0); +- BIO_printf(out,"%8sIssuer: %s\n","",p); +- OPENSSL_free(p); +- BIO_printf(out,"%8sLast Update: ",""); +- ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); +- BIO_printf(out,"\n%8sNext Update: ",""); +- if (X509_CRL_get_nextUpdate(x)) +- ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x)); +- else BIO_printf(out,"NONE"); +- BIO_printf(out,"\n"); ++ BIO_printf(out, "Certificate Revocation List (CRL):\n"); ++ l = X509_CRL_get_version(x); ++ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); ++ i = OBJ_obj2nid(x->sig_alg->algorithm); ++ BIO_printf(out, "%8sSignature Algorithm: %s\n", "", ++ (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); ++ p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); ++ BIO_printf(out, "%8sIssuer: %s\n", "", p); ++ OPENSSL_free(p); ++ BIO_printf(out, "%8sLast Update: ", ""); ++ ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); ++ BIO_printf(out, "\n%8sNext Update: ", ""); ++ if (X509_CRL_get_nextUpdate(x)) ++ ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); ++ else ++ BIO_printf(out, "NONE"); ++ BIO_printf(out, "\n"); + +- X509V3_extensions_print(out, "CRL extensions", +- x->crl->extensions, 0, 8); ++ X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); + +- rev = X509_CRL_get_REVOKED(x); ++ rev = X509_CRL_get_REVOKED(x); + +- if(sk_X509_REVOKED_num(rev) > 0) +- BIO_printf(out, "Revoked Certificates:\n"); +- else BIO_printf(out, "No Revoked Certificates.\n"); ++ if (sk_X509_REVOKED_num(rev) > 0) ++ BIO_printf(out, "Revoked Certificates:\n"); ++ else ++ BIO_printf(out, "No Revoked Certificates.\n"); + +- for(i = 0; i < sk_X509_REVOKED_num(rev); i++) { +- r = sk_X509_REVOKED_value(rev, i); +- BIO_printf(out," Serial Number: "); +- i2a_ASN1_INTEGER(out,r->serialNumber); +- BIO_printf(out,"\n Revocation Date: "); +- ASN1_TIME_print(out,r->revocationDate); +- BIO_printf(out,"\n"); +- X509V3_extensions_print(out, "CRL entry extensions", +- r->extensions, 0, 8); +- } +- X509_signature_print(out, x->sig_alg, x->signature); ++ for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { ++ r = sk_X509_REVOKED_value(rev, i); ++ BIO_printf(out, " Serial Number: "); ++ i2a_ASN1_INTEGER(out, r->serialNumber); ++ BIO_printf(out, "\n Revocation Date: "); ++ ASN1_TIME_print(out, r->revocationDate); ++ BIO_printf(out, "\n"); ++ X509V3_extensions_print(out, "CRL entry extensions", ++ r->extensions, 0, 8); ++ } ++ X509_signature_print(out, x->sig_alg, x->signature); + +- return 1; ++ return 1; + + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +index bc23f56..4821821 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,7 +57,7 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Binary polynomial ECC support in OpenSSL originally developed by ++ * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +@@ -67,768 +67,732 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + +-static int print(BIO *fp,const char *str, const BIGNUM *num, +- unsigned char *buf,int off); ++static int print(BIO *fp, const char *str, const BIGNUM *num, ++ unsigned char *buf, int off); + #ifndef OPENSSL_NO_EC + static int print_bin(BIO *fp, const char *str, const unsigned char *num, +- size_t len, int off); ++ size_t len, int off); + #endif + #ifndef OPENSSL_NO_RSA +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int RSA_print_fp(FILE *fp, const RSA *x, int off) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=RSA_print(b,x,off); +- BIO_free(b); +- return(ret); +- } +-#endif ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = RSA_print(b, x, off); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int RSA_print(BIO *bp, const RSA *x, int off) +- { +- char str[128]; +- const char *s; +- unsigned char *m=NULL; +- int ret=0, mod_len = 0; +- size_t buf_len=0, i; +- +- if (x->n) +- buf_len = (size_t)BN_num_bytes(x->n); +- if (x->e) +- if (buf_len < (i = (size_t)BN_num_bytes(x->e))) +- buf_len = i; +- if (x->d) +- if (buf_len < (i = (size_t)BN_num_bytes(x->d))) +- buf_len = i; +- if (x->p) +- if (buf_len < (i = (size_t)BN_num_bytes(x->p))) +- buf_len = i; +- if (x->q) +- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) +- buf_len = i; +- if (x->dmp1) +- if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) +- buf_len = i; +- if (x->dmq1) +- if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) +- buf_len = i; +- if (x->iqmp) +- if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) +- buf_len = i; +- +- m=(unsigned char *)OPENSSL_malloc(buf_len+10); +- if (m == NULL) +- { +- RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (x->n != NULL) +- mod_len = BN_num_bits(x->n); +- +- if (x->d != NULL) +- { +- if(!BIO_indent(bp,off,128)) +- goto err; +- if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) +- <= 0) goto err; +- } +- +- if (x->d == NULL) +- BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len); +- else +- BUF_strlcpy(str,"modulus:",sizeof str); +- if (!print(bp,str,x->n,m,off)) goto err; +- s=(x->d == NULL)?"Exponent:":"publicExponent:"; +- if ((x->e != NULL) && !print(bp,s,x->e,m,off)) +- goto err; +- if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off)) +- goto err; +- if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off)) +- goto err; +- if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off)) +- goto err; +- if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off)) +- goto err; +- if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off)) +- goto err; +- if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off)) +- goto err; +- ret=1; +-err: +- if (m != NULL) OPENSSL_free(m); +- return(ret); +- } +-#endif /* OPENSSL_NO_RSA */ ++{ ++ char str[128]; ++ const char *s; ++ unsigned char *m = NULL; ++ int ret = 0, mod_len = 0; ++ size_t buf_len = 0, i; ++ ++ if (x->n) ++ buf_len = (size_t)BN_num_bytes(x->n); ++ if (x->e) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->e))) ++ buf_len = i; ++ if (x->d) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->d))) ++ buf_len = i; ++ if (x->p) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->p))) ++ buf_len = i; ++ if (x->q) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->q))) ++ buf_len = i; ++ if (x->dmp1) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1))) ++ buf_len = i; ++ if (x->dmq1) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1))) ++ buf_len = i; ++ if (x->iqmp) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp))) ++ buf_len = i; ++ ++ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ RSAerr(RSA_F_RSA_PRINT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (x->n != NULL) ++ mod_len = BN_num_bits(x->n); ++ ++ if (x->d != NULL) { ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) ++ <= 0) ++ goto err; ++ } ++ ++ if (x->d == NULL) ++ BIO_snprintf(str, sizeof str, "Modulus (%d bit):", mod_len); ++ else ++ BUF_strlcpy(str, "modulus:", sizeof str); ++ if (!print(bp, str, x->n, m, off)) ++ goto err; ++ s = (x->d == NULL) ? "Exponent:" : "publicExponent:"; ++ if ((x->e != NULL) && !print(bp, s, x->e, m, off)) ++ goto err; ++ if ((x->d != NULL) && !print(bp, "privateExponent:", x->d, m, off)) ++ goto err; ++ if ((x->p != NULL) && !print(bp, "prime1:", x->p, m, off)) ++ goto err; ++ if ((x->q != NULL) && !print(bp, "prime2:", x->q, m, off)) ++ goto err; ++ if ((x->dmp1 != NULL) && !print(bp, "exponent1:", x->dmp1, m, off)) ++ goto err; ++ if ((x->dmq1 != NULL) && !print(bp, "exponent2:", x->dmq1, m, off)) ++ goto err; ++ if ((x->iqmp != NULL) && !print(bp, "coefficient:", x->iqmp, m, off)) ++ goto err; ++ ret = 1; ++ err: ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++#endif /* OPENSSL_NO_RSA */ + + #ifndef OPENSSL_NO_DSA +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int DSA_print_fp(FILE *fp, const DSA *x, int off) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=DSA_print(b,x,off); +- BIO_free(b); +- return(ret); +- } +-#endif ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = DSA_print(b, x, off); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int DSA_print(BIO *bp, const DSA *x, int off) +- { +- unsigned char *m=NULL; +- int ret=0; +- size_t buf_len=0,i; +- +- if (x->p) +- buf_len = (size_t)BN_num_bytes(x->p); +- if (x->q) +- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) +- buf_len = i; +- if (x->g) +- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) +- buf_len = i; +- if (x->priv_key) +- if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) +- buf_len = i; +- if (x->pub_key) +- if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) +- buf_len = i; +- +- m=(unsigned char *)OPENSSL_malloc(buf_len+10); +- if (m == NULL) +- { +- DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (x->priv_key != NULL) +- { +- if(!BIO_indent(bp,off,128)) +- goto err; +- if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) +- <= 0) goto err; +- } +- +- if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off)) +- goto err; +- if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off)) +- goto err; +- if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err; +- if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err; +- if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; +- ret=1; +-err: +- if (m != NULL) OPENSSL_free(m); +- return(ret); +- } +-#endif /* !OPENSSL_NO_DSA */ ++{ ++ unsigned char *m = NULL; ++ int ret = 0; ++ size_t buf_len = 0, i; ++ ++ if (x->p) ++ buf_len = (size_t)BN_num_bytes(x->p); ++ if (x->q) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->q))) ++ buf_len = i; ++ if (x->g) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->g))) ++ buf_len = i; ++ if (x->priv_key) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key))) ++ buf_len = i; ++ if (x->pub_key) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key))) ++ buf_len = i; ++ ++ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ DSAerr(DSA_F_DSA_PRINT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (x->priv_key != NULL) { ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(x->p)) ++ <= 0) ++ goto err; ++ } ++ ++ if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, m, off)) ++ goto err; ++ if ((x->pub_key != NULL) && !print(bp, "pub: ", x->pub_key, m, off)) ++ goto err; ++ if ((x->p != NULL) && !print(bp, "P: ", x->p, m, off)) ++ goto err; ++ if ((x->q != NULL) && !print(bp, "Q: ", x->q, m, off)) ++ goto err; ++ if ((x->g != NULL) && !print(bp, "G: ", x->g, m, off)) ++ goto err; ++ ret = 1; ++ err: ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++#endif /* !OPENSSL_NO_DSA */ + + #ifndef OPENSSL_NO_EC +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = ECPKParameters_print(b, x, off); +- BIO_free(b); +- return(ret); +- } ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = ECPKParameters_print(b, x, off); ++ BIO_free(b); ++ return (ret); ++} + + int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); +- return(0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = EC_KEY_print(b, x, off); +- BIO_free(b); +- return(ret); +- } +-#endif ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = EC_KEY_print(b, x, off); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) +- { +- unsigned char *buffer=NULL; +- size_t buf_len=0, i; +- int ret=0, reason=ERR_R_BIO_LIB; +- BN_CTX *ctx=NULL; +- const EC_POINT *point=NULL; +- BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL, +- *order=NULL, *cofactor=NULL; +- const unsigned char *seed; +- size_t seed_len=0; +- +- static const char *gen_compressed = "Generator (compressed):"; +- static const char *gen_uncompressed = "Generator (uncompressed):"; +- static const char *gen_hybrid = "Generator (hybrid):"; +- +- if (!x) +- { +- reason = ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } +- +- if (EC_GROUP_get_asn1_flag(x)) +- { +- /* the curve parameter are given by an asn1 OID */ +- int nid; +- +- if (!BIO_indent(bp, off, 128)) +- goto err; +- +- nid = EC_GROUP_get_curve_name(x); +- if (nid == 0) +- goto err; +- +- if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) +- goto err; +- if (BIO_printf(bp, "\n") <= 0) +- goto err; +- } +- else +- { +- /* explicit parameters */ +- int is_char_two = 0; +- point_conversion_form_t form; +- int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); +- +- if (tmp_nid == NID_X9_62_characteristic_two_field) +- is_char_two = 1; +- +- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || +- (b = BN_new()) == NULL || (order = BN_new()) == NULL || +- (cofactor = BN_new()) == NULL) +- { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (is_char_two) +- { +- if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- } +- else /* prime field */ +- { +- if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- } +- +- if ((point = EC_GROUP_get0_generator(x)) == NULL) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- if (!EC_GROUP_get_order(x, order, NULL) || +- !EC_GROUP_get_cofactor(x, cofactor, NULL)) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- form = EC_GROUP_get_point_conversion_form(x); +- +- if ((gen = EC_POINT_point2bn(x, point, +- form, NULL, ctx)) == NULL) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- buf_len = (size_t)BN_num_bytes(p); +- if (buf_len < (i = (size_t)BN_num_bytes(a))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(b))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(gen))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(order))) +- buf_len = i; +- if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) +- buf_len = i; +- +- if ((seed = EC_GROUP_get0_seed(x)) != NULL) +- seed_len = EC_GROUP_get_seed_len(x); +- +- buf_len += 10; +- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) +- { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (!BIO_indent(bp, off, 128)) +- goto err; +- +- /* print the 'short name' of the field type */ +- if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) +- <= 0) +- goto err; +- +- if (is_char_two) +- { +- /* print the 'short name' of the base type OID */ +- int basis_type = EC_GROUP_get_basis_type(x); +- if (basis_type == 0) +- goto err; +- +- if (!BIO_indent(bp, off, 128)) +- goto err; +- +- if (BIO_printf(bp, "Basis Type: %s\n", +- OBJ_nid2sn(basis_type)) <= 0) +- goto err; +- +- /* print the polynomial */ +- if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, +- off)) +- goto err; +- } +- else +- { +- if ((p != NULL) && !print(bp, "Prime:", p, buffer,off)) +- goto err; +- } +- if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) +- goto err; +- if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) +- goto err; +- if (form == POINT_CONVERSION_COMPRESSED) +- { +- if ((gen != NULL) && !print(bp, gen_compressed, gen, +- buffer, off)) +- goto err; +- } +- else if (form == POINT_CONVERSION_UNCOMPRESSED) +- { +- if ((gen != NULL) && !print(bp, gen_uncompressed, gen, +- buffer, off)) +- goto err; +- } +- else /* form == POINT_CONVERSION_HYBRID */ +- { +- if ((gen != NULL) && !print(bp, gen_hybrid, gen, +- buffer, off)) +- goto err; +- } +- if ((order != NULL) && !print(bp, "Order: ", order, +- buffer, off)) goto err; +- if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, +- buffer, off)) goto err; +- if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) +- goto err; +- } +- ret=1; +-err: +- if (!ret) +- ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); +- if (p) +- BN_free(p); +- if (a) +- BN_free(a); +- if (b) +- BN_free(b); +- if (gen) +- BN_free(gen); +- if (order) +- BN_free(order); +- if (cofactor) +- BN_free(cofactor); +- if (ctx) +- BN_CTX_free(ctx); +- if (buffer != NULL) +- OPENSSL_free(buffer); +- return(ret); +- } ++{ ++ unsigned char *buffer = NULL; ++ size_t buf_len = 0, i; ++ int ret = 0, reason = ERR_R_BIO_LIB; ++ BN_CTX *ctx = NULL; ++ const EC_POINT *point = NULL; ++ BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, ++ *order = NULL, *cofactor = NULL; ++ const unsigned char *seed; ++ size_t seed_len = 0; ++ ++ static const char *gen_compressed = "Generator (compressed):"; ++ static const char *gen_uncompressed = "Generator (uncompressed):"; ++ static const char *gen_hybrid = "Generator (hybrid):"; ++ ++ if (!x) { ++ reason = ERR_R_PASSED_NULL_PARAMETER; ++ goto err; ++ } ++ ++ if (EC_GROUP_get_asn1_flag(x)) { ++ /* the curve parameter are given by an asn1 OID */ ++ int nid; ++ ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ ++ nid = EC_GROUP_get_curve_name(x); ++ if (nid == 0) ++ goto err; ++ ++ if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) ++ goto err; ++ if (BIO_printf(bp, "\n") <= 0) ++ goto err; ++ } else { ++ /* explicit parameters */ ++ int is_char_two = 0; ++ point_conversion_form_t form; ++ int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); ++ ++ if (tmp_nid == NID_X9_62_characteristic_two_field) ++ is_char_two = 1; ++ ++ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || ++ (b = BN_new()) == NULL || (order = BN_new()) == NULL || ++ (cofactor = BN_new()) == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ if (is_char_two) { ++ if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { ++ reason = ERR_R_EC_LIB; ++ goto err; ++ } ++ } else { /* prime field */ ++ ++ if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { ++ reason = ERR_R_EC_LIB; ++ goto err; ++ } ++ } ++ ++ if ((point = EC_GROUP_get0_generator(x)) == NULL) { ++ reason = ERR_R_EC_LIB; ++ goto err; ++ } ++ if (!EC_GROUP_get_order(x, order, NULL) || ++ !EC_GROUP_get_cofactor(x, cofactor, NULL)) { ++ reason = ERR_R_EC_LIB; ++ goto err; ++ } ++ ++ form = EC_GROUP_get_point_conversion_form(x); ++ ++ if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) { ++ reason = ERR_R_EC_LIB; ++ goto err; ++ } ++ ++ buf_len = (size_t)BN_num_bytes(p); ++ if (buf_len < (i = (size_t)BN_num_bytes(a))) ++ buf_len = i; ++ if (buf_len < (i = (size_t)BN_num_bytes(b))) ++ buf_len = i; ++ if (buf_len < (i = (size_t)BN_num_bytes(gen))) ++ buf_len = i; ++ if (buf_len < (i = (size_t)BN_num_bytes(order))) ++ buf_len = i; ++ if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) ++ buf_len = i; ++ ++ if ((seed = EC_GROUP_get0_seed(x)) != NULL) ++ seed_len = EC_GROUP_get_seed_len(x); ++ ++ buf_len += 10; ++ if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ ++ /* print the 'short name' of the field type */ ++ if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) ++ <= 0) ++ goto err; ++ ++ if (is_char_two) { ++ /* print the 'short name' of the base type OID */ ++ int basis_type = EC_GROUP_get_basis_type(x); ++ if (basis_type == 0) ++ goto err; ++ ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ ++ if (BIO_printf(bp, "Basis Type: %s\n", ++ OBJ_nid2sn(basis_type)) <= 0) ++ goto err; ++ ++ /* print the polynomial */ ++ if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, off)) ++ goto err; ++ } else { ++ if ((p != NULL) && !print(bp, "Prime:", p, buffer, off)) ++ goto err; ++ } ++ if ((a != NULL) && !print(bp, "A: ", a, buffer, off)) ++ goto err; ++ if ((b != NULL) && !print(bp, "B: ", b, buffer, off)) ++ goto err; ++ if (form == POINT_CONVERSION_COMPRESSED) { ++ if ((gen != NULL) && !print(bp, gen_compressed, gen, buffer, off)) ++ goto err; ++ } else if (form == POINT_CONVERSION_UNCOMPRESSED) { ++ if ((gen != NULL) && !print(bp, gen_uncompressed, gen, ++ buffer, off)) ++ goto err; ++ } else { /* form == POINT_CONVERSION_HYBRID */ ++ ++ if ((gen != NULL) && !print(bp, gen_hybrid, gen, buffer, off)) ++ goto err; ++ } ++ if ((order != NULL) && !print(bp, "Order: ", order, buffer, off)) ++ goto err; ++ if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, ++ buffer, off)) ++ goto err; ++ if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (!ret) ++ ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); ++ if (p) ++ BN_free(p); ++ if (a) ++ BN_free(a); ++ if (b) ++ BN_free(b); ++ if (gen) ++ BN_free(gen); ++ if (order) ++ BN_free(order); ++ if (cofactor) ++ BN_free(cofactor); ++ if (ctx) ++ BN_CTX_free(ctx); ++ if (buffer != NULL) ++ OPENSSL_free(buffer); ++ return (ret); ++} + + int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) +- { +- unsigned char *buffer=NULL; +- size_t buf_len=0, i; +- int ret=0, reason=ERR_R_BIO_LIB; +- BIGNUM *pub_key=NULL, *order=NULL; +- BN_CTX *ctx=NULL; +- const EC_GROUP *group; +- const EC_POINT *public_key; +- const BIGNUM *priv_key; +- +- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) +- { +- reason = ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } +- +- public_key = EC_KEY_get0_public_key(x); +- if ((pub_key = EC_POINT_point2bn(group, public_key, +- EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- buf_len = (size_t)BN_num_bytes(pub_key); +- priv_key = EC_KEY_get0_private_key(x); +- if (priv_key != NULL) +- { +- if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len) +- buf_len = i; +- } +- +- buf_len += 10; +- if ((buffer = OPENSSL_malloc(buf_len)) == NULL) +- { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (priv_key != NULL) +- { +- if (!BIO_indent(bp, off, 128)) +- goto err; +- if ((order = BN_new()) == NULL) +- goto err; +- if (!EC_GROUP_get_order(group, order, NULL)) +- goto err; +- if (BIO_printf(bp, "Private-Key: (%d bit)\n", +- BN_num_bits(order)) <= 0) goto err; +- } +- +- if ((priv_key != NULL) && !print(bp, "priv:", priv_key, +- buffer, off)) +- goto err; +- if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, +- buffer, off)) +- goto err; +- if (!ECPKParameters_print(bp, group, off)) +- goto err; +- ret=1; +-err: +- if (!ret) +- ECerr(EC_F_EC_KEY_PRINT, reason); +- if (pub_key) +- BN_free(pub_key); +- if (order) +- BN_free(order); +- if (ctx) +- BN_CTX_free(ctx); +- if (buffer != NULL) +- OPENSSL_free(buffer); +- return(ret); +- } +-#endif /* OPENSSL_NO_EC */ +- +-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf, +- int off) +- { +- int n,i; +- const char *neg; +- +- if (num == NULL) return(1); +- neg = (BN_is_negative(num))?"-":""; +- if(!BIO_indent(bp,off,128)) +- return 0; +- if (BN_is_zero(num)) +- { +- if (BIO_printf(bp, "%s 0\n", number) <= 0) +- return 0; +- return 1; +- } +- +- if (BN_num_bytes(num) <= BN_BYTES) +- { +- if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg, +- (unsigned long)num->d[0],neg,(unsigned long)num->d[0]) +- <= 0) return(0); +- } +- else +- { +- buf[0]=0; +- if (BIO_printf(bp,"%s%s",number, +- (neg[0] == '-')?" (Negative)":"") <= 0) +- return(0); +- n=BN_bn2bin(num,&buf[1]); +- +- if (buf[1] & 0x80) +- n++; +- else buf++; +- +- for (i=0; i buf_len) ++ buf_len = i; ++ } ++ ++ buf_len += 10; ++ if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ if (priv_key != NULL) { ++ if (!BIO_indent(bp, off, 128)) ++ goto err; ++ if ((order = BN_new()) == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(group, order, NULL)) ++ goto err; ++ if (BIO_printf(bp, "Private-Key: (%d bit)\n", ++ BN_num_bits(order)) <= 0) ++ goto err; ++ } ++ ++ if ((priv_key != NULL) && !print(bp, "priv:", priv_key, buffer, off)) ++ goto err; ++ if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, buffer, off)) ++ goto err; ++ if (!ECPKParameters_print(bp, group, off)) ++ goto err; ++ ret = 1; ++ err: ++ if (!ret) ++ ECerr(EC_F_EC_KEY_PRINT, reason); ++ if (pub_key) ++ BN_free(pub_key); ++ if (order) ++ BN_free(order); ++ if (ctx) ++ BN_CTX_free(ctx); ++ if (buffer != NULL) ++ OPENSSL_free(buffer); ++ return (ret); ++} ++#endif /* OPENSSL_NO_EC */ ++ ++static int print(BIO *bp, const char *number, const BIGNUM *num, ++ unsigned char *buf, int off) ++{ ++ int n, i; ++ const char *neg; ++ ++ if (num == NULL) ++ return (1); ++ neg = (BN_is_negative(num)) ? "-" : ""; ++ if (!BIO_indent(bp, off, 128)) ++ return 0; ++ if (BN_is_zero(num)) { ++ if (BIO_printf(bp, "%s 0\n", number) <= 0) ++ return 0; ++ return 1; ++ } ++ ++ if (BN_num_bytes(num) <= BN_BYTES) { ++ if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, ++ (unsigned long)num->d[0], neg, ++ (unsigned long)num->d[0]) ++ <= 0) ++ return (0); ++ } else { ++ buf[0] = 0; ++ if (BIO_printf(bp, "%s%s", number, ++ (neg[0] == '-') ? " (Negative)" : "") <= 0) ++ return (0); ++ n = BN_bn2bin(num, &buf[1]); ++ ++ if (buf[1] & 0x80) ++ n++; ++ else ++ buf++; ++ ++ for (i = 0; i < n; i++) { ++ if ((i % 15) == 0) { ++ if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128)) ++ return 0; ++ } ++ if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":") ++ <= 0) ++ return (0); ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ return (0); ++ } ++ return (1); ++} + + #ifndef OPENSSL_NO_EC + static int print_bin(BIO *fp, const char *name, const unsigned char *buf, +- size_t len, int off) +- { +- size_t i; +- char str[128]; +- +- if (buf == NULL) +- return 1; +- if (off) +- { +- if (off > 128) +- off=128; +- memset(str,' ',off); +- if (BIO_write(fp, str, off) <= 0) +- return 0; +- } +- +- if (BIO_printf(fp,"%s", name) <= 0) +- return 0; +- +- for (i=0; i 128) ++ off = 128; ++ memset(str, ' ', off); ++ if (BIO_write(fp, str, off) <= 0) ++ return 0; ++ } ++ ++ if (BIO_printf(fp, "%s", name) <= 0) ++ return 0; ++ ++ for (i = 0; i < len; i++) { ++ if ((i % 15) == 0) { ++ str[0] = '\n'; ++ memset(&(str[1]), ' ', off + 4); ++ if (BIO_write(fp, str, off + 1 + 4) <= 0) ++ return 0; ++ } ++ if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= ++ 0) ++ return 0; ++ } ++ if (BIO_write(fp, "\n", 1) <= 0) ++ return 0; ++ ++ return 1; ++} + #endif + + #ifndef OPENSSL_NO_DH +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int DHparams_print_fp(FILE *fp, const DH *x) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=DHparams_print(b, x); +- BIO_free(b); +- return(ret); +- } +-#endif ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = DHparams_print(b, x); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int DHparams_print(BIO *bp, const DH *x) +- { +- unsigned char *m=NULL; +- int reason=ERR_R_BUF_LIB,ret=0; +- size_t buf_len=0, i; +- +- if (x->p) +- buf_len = (size_t)BN_num_bytes(x->p); +- else +- { +- reason = ERR_R_PASSED_NULL_PARAMETER; +- goto err; +- } +- if (x->g) +- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) +- buf_len = i; +- m=(unsigned char *)OPENSSL_malloc(buf_len+10); +- if (m == NULL) +- { +- reason=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", +- BN_num_bits(x->p)) <= 0) +- goto err; +- if (!print(bp,"prime:",x->p,m,4)) goto err; +- if (!print(bp,"generator:",x->g,m,4)) goto err; +- if (x->length != 0) +- { +- if (BIO_printf(bp," recommended-private-length: %d bits\n", +- (int)x->length) <= 0) goto err; +- } +- ret=1; +- if (0) +- { +-err: +- DHerr(DH_F_DHPARAMS_PRINT,reason); +- } +- if (m != NULL) OPENSSL_free(m); +- return(ret); +- } ++{ ++ unsigned char *m = NULL; ++ int reason = ERR_R_BUF_LIB, ret = 0; ++ size_t buf_len = 0, i; ++ ++ if (x->p) ++ buf_len = (size_t)BN_num_bytes(x->p); ++ else { ++ reason = ERR_R_PASSED_NULL_PARAMETER; ++ goto err; ++ } ++ if (x->g) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->g))) ++ buf_len = i; ++ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ if (BIO_printf(bp, "Diffie-Hellman-Parameters: (%d bit)\n", ++ BN_num_bits(x->p)) <= 0) ++ goto err; ++ if (!print(bp, "prime:", x->p, m, 4)) ++ goto err; ++ if (!print(bp, "generator:", x->g, m, 4)) ++ goto err; ++ if (x->length != 0) { ++ if (BIO_printf(bp, " recommended-private-length: %d bits\n", ++ (int)x->length) <= 0) ++ goto err; ++ } ++ ret = 1; ++ if (0) { ++ err: ++ DHerr(DH_F_DHPARAMS_PRINT, reason); ++ } ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} + #endif + + #ifndef OPENSSL_NO_DSA +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int DSAparams_print_fp(FILE *fp, const DSA *x) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=DSAparams_print(b, x); +- BIO_free(b); +- return(ret); +- } +-#endif ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = DSAparams_print(b, x); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int DSAparams_print(BIO *bp, const DSA *x) +- { +- unsigned char *m=NULL; +- int ret=0; +- size_t buf_len=0,i; +- +- if (x->p) +- buf_len = (size_t)BN_num_bytes(x->p); +- else +- { +- DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS); +- goto err; +- } +- if (x->q) +- if (buf_len < (i = (size_t)BN_num_bytes(x->q))) +- buf_len = i; +- if (x->g) +- if (buf_len < (i = (size_t)BN_num_bytes(x->g))) +- buf_len = i; +- m=(unsigned char *)OPENSSL_malloc(buf_len+10); +- if (m == NULL) +- { +- DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n", +- BN_num_bits(x->p)) <= 0) +- goto err; +- if (!print(bp,"p:",x->p,m,4)) goto err; +- if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err; +- if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err; +- ret=1; +-err: +- if (m != NULL) OPENSSL_free(m); +- return(ret); +- } +- +-#endif /* !OPENSSL_NO_DSA */ ++{ ++ unsigned char *m = NULL; ++ int ret = 0; ++ size_t buf_len = 0, i; ++ ++ if (x->p) ++ buf_len = (size_t)BN_num_bytes(x->p); ++ else { ++ DSAerr(DSA_F_DSAPARAMS_PRINT, DSA_R_MISSING_PARAMETERS); ++ goto err; ++ } ++ if (x->q) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->q))) ++ buf_len = i; ++ if (x->g) ++ if (buf_len < (i = (size_t)BN_num_bytes(x->g))) ++ buf_len = i; ++ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ DSAerr(DSA_F_DSAPARAMS_PRINT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (BIO_printf(bp, "DSA-Parameters: (%d bit)\n", BN_num_bits(x->p)) <= 0) ++ goto err; ++ if (!print(bp, "p:", x->p, m, 4)) ++ goto err; ++ if ((x->q != NULL) && !print(bp, "q:", x->q, m, 4)) ++ goto err; ++ if ((x->g != NULL) && !print(bp, "g:", x->g, m, 4)) ++ goto err; ++ ret = 1; ++ err: ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++ ++#endif /* !OPENSSL_NO_DSA */ + + #ifndef OPENSSL_NO_EC +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int ECParameters_print_fp(FILE *fp, const EC_KEY *x) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); +- return(0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = ECParameters_print(b, x); +- BIO_free(b); +- return(ret); +- } +-#endif ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = ECParameters_print(b, x); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int ECParameters_print(BIO *bp, const EC_KEY *x) +- { +- int reason=ERR_R_EC_LIB, ret=0; +- BIGNUM *order=NULL; +- const EC_GROUP *group; +- +- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) +- { +- reason = ERR_R_PASSED_NULL_PARAMETER;; +- goto err; +- } +- +- if ((order = BN_new()) == NULL) +- { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- if (!EC_GROUP_get_order(group, order, NULL)) +- { +- reason = ERR_R_EC_LIB; +- goto err; +- } +- +- if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", +- BN_num_bits(order)) <= 0) +- goto err; +- if (!ECPKParameters_print(bp, group, 4)) +- goto err; +- ret=1; +-err: +- if (order) +- BN_free(order); +- ECerr(EC_F_ECPARAMETERS_PRINT, reason); +- return(ret); +- } +- ++{ ++ int reason = ERR_R_EC_LIB, ret = 0; ++ BIGNUM *order = NULL; ++ const EC_GROUP *group; ++ ++ if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { ++ reason = ERR_R_PASSED_NULL_PARAMETER;; ++ goto err; ++ } ++ ++ if ((order = BN_new()) == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ if (!EC_GROUP_get_order(group, order, NULL)) { ++ reason = ERR_R_EC_LIB; ++ goto err; ++ } ++ ++ if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", ++ BN_num_bits(order)) <= 0) ++ goto err; ++ if (!ECPKParameters_print(bp, group, 4)) ++ goto err; ++ ret = 1; ++ err: ++ if (order) ++ BN_free(order); ++ ECerr(EC_F_ECPARAMETERS_PRINT, reason); ++ return (ret); ++} ++ + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +index 5557e06..b578b68 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,227 +64,210 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + + #ifndef OPENSSL_NO_FP_API + int X509_REQ_print_fp(FILE *fp, X509_REQ *x) +- { +- BIO *b; +- int ret; ++{ ++ BIO *b; ++ int ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=X509_REQ_print(b, x); +- BIO_free(b); +- return(ret); +- } ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = X509_REQ_print(b, x); ++ BIO_free(b); ++ return (ret); ++} + #endif + +-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag) +- { +- unsigned long l; +- int i; +- const char *neg; +- X509_REQ_INFO *ri; +- EVP_PKEY *pkey; +- STACK_OF(X509_ATTRIBUTE) *sk; +- STACK_OF(X509_EXTENSION) *exts; +- char mlch = ' '; +- int nmindent = 0; +- +- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { +- mlch = '\n'; +- nmindent = 12; +- } ++int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, ++ unsigned long cflag) ++{ ++ unsigned long l; ++ int i; ++ const char *neg; ++ X509_REQ_INFO *ri; ++ EVP_PKEY *pkey; ++ STACK_OF(X509_ATTRIBUTE) *sk; ++ STACK_OF(X509_EXTENSION) *exts; ++ char mlch = ' '; ++ int nmindent = 0; + +- if(nmflags == X509_FLAG_COMPAT) +- nmindent = 16; ++ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { ++ mlch = '\n'; ++ nmindent = 12; ++ } + ++ if (nmflags == X509_FLAG_COMPAT) ++ nmindent = 16; + +- ri=x->req_info; +- if(!(cflag & X509_FLAG_NO_HEADER)) +- { +- if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err; +- if (BIO_write(bp," Data:\n",10) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_VERSION)) +- { +- neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; +- l=0; +- for (i=0; iversion->length; i++) +- { l<<=8; l+=ri->version->data[i]; } +- if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg, +- l) <= 0) +- goto err; +- } +- if(!(cflag & X509_FLAG_NO_SUBJECT)) +- { +- if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; +- if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err; +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_PUBKEY)) +- { +- if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) +- goto err; +- if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) +- goto err; +- if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) +- goto err; +- if (BIO_puts(bp, "\n") <= 0) +- goto err; ++ ri = x->req_info; ++ if (!(cflag & X509_FLAG_NO_HEADER)) { ++ if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) ++ goto err; ++ if (BIO_write(bp, " Data:\n", 10) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_VERSION)) { ++ neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : ""; ++ l = 0; ++ for (i = 0; i < ri->version->length; i++) { ++ l <<= 8; ++ l += ri->version->data[i]; ++ } ++ if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg, ++ l) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_SUBJECT)) { ++ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) ++ goto err; ++ if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_PUBKEY)) { ++ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) ++ goto err; ++ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; + +- pkey=X509_REQ_get_pubkey(x); +- if (pkey == NULL) +- { +- BIO_printf(bp,"%12sUnable to load Public Key\n",""); +- ERR_print_errors(bp); +- } +- else ++ pkey = X509_REQ_get_pubkey(x); ++ if (pkey == NULL) { ++ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ++ ERR_print_errors(bp); ++ } else + #ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) +- { +- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", +- BN_num_bits(pkey->pkey.rsa->n)); +- RSA_print(bp,pkey->pkey.rsa,16); +- } +- else ++ if (pkey->type == EVP_PKEY_RSA) { ++ BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "", ++ BN_num_bits(pkey->pkey.rsa->n)); ++ RSA_print(bp, pkey->pkey.rsa, 16); ++ } else + #endif + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- { +- BIO_printf(bp,"%12sDSA Public Key:\n",""); +- DSA_print(bp,pkey->pkey.dsa,16); +- } +- else ++ if (pkey->type == EVP_PKEY_DSA) { ++ BIO_printf(bp, "%12sDSA Public Key:\n", ""); ++ DSA_print(bp, pkey->pkey.dsa, 16); ++ } else + #endif + #ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) +- { +- BIO_printf(bp, "%12sEC Public Key: \n",""); +- EC_KEY_print(bp, pkey->pkey.ec, 16); +- } +- else ++ if (pkey->type == EVP_PKEY_EC) { ++ BIO_printf(bp, "%12sEC Public Key: \n", ""); ++ EC_KEY_print(bp, pkey->pkey.ec, 16); ++ } else + #endif +- BIO_printf(bp,"%12sUnknown Public Key:\n",""); ++ BIO_printf(bp, "%12sUnknown Public Key:\n", ""); + +- EVP_PKEY_free(pkey); +- } ++ EVP_PKEY_free(pkey); ++ } + +- if(!(cflag & X509_FLAG_NO_ATTRIBUTES)) +- { +- /* may not be */ +- if(BIO_printf(bp,"%8sAttributes:\n","") <= 0) +- goto err; ++ if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { ++ /* may not be */ ++ if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) ++ goto err; + +- sk=x->req_info->attributes; +- if (sk_X509_ATTRIBUTE_num(sk) == 0) +- { +- if(BIO_printf(bp,"%12sa0:00\n","") <= 0) +- goto err; +- } +- else +- { +- for (i=0; ireq_info->attributes; ++ if (sk_X509_ATTRIBUTE_num(sk) == 0) { ++ if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) ++ goto err; ++ } else { ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { ++ ASN1_TYPE *at; ++ X509_ATTRIBUTE *a; ++ ASN1_BIT_STRING *bs = NULL; ++ ASN1_TYPE *t; ++ int j, type = 0, count = 1, ii = 0; + +- a=sk_X509_ATTRIBUTE_value(sk,i); +- if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) +- continue; +- if(BIO_printf(bp,"%12s","") <= 0) +- goto err; +- if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) +- { +- if (a->single) +- { +- t=a->value.single; +- type=t->type; +- bs=t->value.bit_string; +- } +- else +- { +- ii=0; +- count=sk_ASN1_TYPE_num(a->value.set); +-get_next: +- at=sk_ASN1_TYPE_value(a->value.set,ii); +- type=at->type; +- bs=at->value.asn1_string; +- } +- } +- for (j=25-j; j>0; j--) +- if (BIO_write(bp," ",1) != 1) goto err; +- if (BIO_puts(bp,":") <= 0) goto err; +- if ( (type == V_ASN1_PRINTABLESTRING) || +- (type == V_ASN1_T61STRING) || +- (type == V_ASN1_IA5STRING)) +- { +- if (BIO_write(bp,(char *)bs->data,bs->length) +- != bs->length) +- goto err; +- BIO_puts(bp,"\n"); +- } +- else +- { +- BIO_puts(bp,"unable to print attribute\n"); +- } +- if (++ii < count) goto get_next; +- } +- } +- } +- if(!(cflag & X509_FLAG_NO_EXTENSIONS)) +- { +- exts = X509_REQ_get_extensions(x); +- if(exts) +- { +- BIO_printf(bp,"%8sRequested Extensions:\n",""); +- for (i=0; ivalue); +- } +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- } +- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); +- } +- } ++ a = sk_X509_ATTRIBUTE_value(sk, i); ++ if (X509_REQ_extension_nid(OBJ_obj2nid(a->object))) ++ continue; ++ if (BIO_printf(bp, "%12s", "") <= 0) ++ goto err; ++ if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { ++ if (a->single) { ++ t = a->value.single; ++ type = t->type; ++ bs = t->value.bit_string; ++ } else { ++ ii = 0; ++ count = sk_ASN1_TYPE_num(a->value.set); ++ get_next: ++ at = sk_ASN1_TYPE_value(a->value.set, ii); ++ type = at->type; ++ bs = at->value.asn1_string; ++ } ++ } ++ for (j = 25 - j; j > 0; j--) ++ if (BIO_write(bp, " ", 1) != 1) ++ goto err; ++ if (BIO_puts(bp, ":") <= 0) ++ goto err; ++ if ((type == V_ASN1_PRINTABLESTRING) || ++ (type == V_ASN1_T61STRING) || ++ (type == V_ASN1_IA5STRING)) { ++ if (BIO_write(bp, (char *)bs->data, bs->length) ++ != bs->length) ++ goto err; ++ BIO_puts(bp, "\n"); ++ } else { ++ BIO_puts(bp, "unable to print attribute\n"); ++ } ++ if (++ii < count) ++ goto get_next; ++ } ++ } ++ } ++ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { ++ exts = X509_REQ_get_extensions(x); ++ if (exts) { ++ BIO_printf(bp, "%8sRequested Extensions:\n", ""); ++ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { ++ ASN1_OBJECT *obj; ++ X509_EXTENSION *ex; ++ int j; ++ ex = sk_X509_EXTENSION_value(exts, i); ++ if (BIO_printf(bp, "%12s", "") <= 0) ++ goto err; ++ obj = X509_EXTENSION_get_object(ex); ++ i2a_ASN1_OBJECT(bp, obj); ++ j = X509_EXTENSION_get_critical(ex); ++ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) ++ goto err; ++ if (!X509V3_EXT_print(bp, ex, cflag, 16)) { ++ BIO_printf(bp, "%16s", ""); ++ M_ASN1_OCTET_STRING_print(bp, ex->value); ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ++ } ++ } + +- if(!(cflag & X509_FLAG_NO_SIGDUMP)) +- { +- if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; +- } ++ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { ++ if (!X509_signature_print(bp, x->sig_alg, x->signature)) ++ goto err; ++ } + +- return(1); +-err: +- X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB); +- return(0); +- } ++ return (1); ++ err: ++ X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); ++ return (0); ++} + + int X509_REQ_print(BIO *bp, X509_REQ *x) +- { +- return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +- } ++{ ++ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +index a73369b..b0ce089 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +@@ -1,6 +1,7 @@ + /* t_spki.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,10 +62,10 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #include + +@@ -72,61 +73,56 @@ + + int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) + { +- EVP_PKEY *pkey; +- ASN1_IA5STRING *chal; +- int i, n; +- char *s; +- BIO_printf(out, "Netscape SPKI:\n"); +- i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); +- BIO_printf(out," Public Key Algorithm: %s\n", +- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); +- pkey = X509_PUBKEY_get(spki->spkac->pubkey); +- if(!pkey) BIO_printf(out, " Unable to load public key\n"); +- else { ++ EVP_PKEY *pkey; ++ ASN1_IA5STRING *chal; ++ int i, n; ++ char *s; ++ BIO_printf(out, "Netscape SPKI:\n"); ++ i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); ++ BIO_printf(out, " Public Key Algorithm: %s\n", ++ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); ++ pkey = X509_PUBKEY_get(spki->spkac->pubkey); ++ if (!pkey) ++ BIO_printf(out, " Unable to load public key\n"); ++ else { + #ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) +- { +- BIO_printf(out," RSA Public Key: (%d bit)\n", +- BN_num_bits(pkey->pkey.rsa->n)); +- RSA_print(out,pkey->pkey.rsa,2); +- } +- else ++ if (pkey->type == EVP_PKEY_RSA) { ++ BIO_printf(out, " RSA Public Key: (%d bit)\n", ++ BN_num_bits(pkey->pkey.rsa->n)); ++ RSA_print(out, pkey->pkey.rsa, 2); ++ } else + #endif + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- { +- BIO_printf(out," DSA Public Key:\n"); +- DSA_print(out,pkey->pkey.dsa,2); +- } +- else ++ if (pkey->type == EVP_PKEY_DSA) { ++ BIO_printf(out, " DSA Public Key:\n"); ++ DSA_print(out, pkey->pkey.dsa, 2); ++ } else + #endif + #ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) +- { +- BIO_printf(out, " EC Public Key:\n"); +- EC_KEY_print(out, pkey->pkey.ec,2); +- } +- else ++ if (pkey->type == EVP_PKEY_EC) { ++ BIO_printf(out, " EC Public Key:\n"); ++ EC_KEY_print(out, pkey->pkey.ec, 2); ++ } else + #endif + +- BIO_printf(out," Unknown Public Key:\n"); +- EVP_PKEY_free(pkey); +- } +- chal = spki->spkac->challenge; +- if(chal->length) +- BIO_printf(out, " Challenge String: %s\n", chal->data); +- i=OBJ_obj2nid(spki->sig_algor->algorithm); +- BIO_printf(out," Signature Algorithm: %s", +- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); ++ BIO_printf(out, " Unknown Public Key:\n"); ++ EVP_PKEY_free(pkey); ++ } ++ chal = spki->spkac->challenge; ++ if (chal->length) ++ BIO_printf(out, " Challenge String: %s\n", chal->data); ++ i = OBJ_obj2nid(spki->sig_algor->algorithm); ++ BIO_printf(out, " Signature Algorithm: %s", ++ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + +- n=spki->signature->length; +- s=(char *)spki->signature->data; +- for (i=0; isignature->length; ++ s = (char *)spki->signature->data; ++ for (i = 0; i < n; i++) { ++ if ((i % 18) == 0) ++ BIO_write(out, "\n ", 7); ++ BIO_printf(out, "%02x%s", (unsigned char)s[i], ++ ((i + 1) == n) ? "" : ":"); ++ } ++ BIO_write(out, "\n", 1); ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +index f9dad0e..53f631d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,13 +61,13 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + #include + #include +@@ -75,446 +75,455 @@ + + #ifndef OPENSSL_NO_FP_API + int X509_print_fp(FILE *fp, X509 *x) +- { +- return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +- } ++{ ++ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); ++} + +-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=X509_print_ex(b, x, nmflag, cflag); +- BIO_free(b); +- return(ret); +- } ++int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, ++ unsigned long cflag) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = X509_print_ex(b, x, nmflag, cflag); ++ BIO_free(b); ++ return (ret); ++} + #endif + + int X509_print(BIO *bp, X509 *x) + { +- return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); ++ return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); + } + +-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) +- { +- long l; +- int ret=0,i; +- char *m=NULL,mlch = ' '; +- int nmindent = 0; +- X509_CINF *ci; +- ASN1_INTEGER *bs; +- EVP_PKEY *pkey=NULL; +- const char *neg; +- ASN1_STRING *str=NULL; +- +- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { +- mlch = '\n'; +- nmindent = 12; +- } +- +- if(nmflags == X509_FLAG_COMPAT) +- nmindent = 16; +- +- ci=x->cert_info; +- if(!(cflag & X509_FLAG_NO_HEADER)) +- { +- if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; +- if (BIO_write(bp," Data:\n",10) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_VERSION)) +- { +- l=X509_get_version(x); +- if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_SERIAL)) +- { +- +- if (BIO_write(bp," Serial Number:",22) <= 0) goto err; +- +- bs=X509_get_serialNumber(x); +- if (bs->length <= 4) +- { +- l=ASN1_INTEGER_get(bs); +- if (l < 0) +- { +- l= -l; +- neg="-"; +- } +- else +- neg=""; +- if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) +- goto err; +- } +- else +- { +- neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; +- if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; +- +- for (i=0; ilength; i++) +- { +- if (BIO_printf(bp,"%02x%c",bs->data[i], +- ((i+1 == bs->length)?'\n':':')) <= 0) +- goto err; +- } +- } +- +- } +- +- if(!(cflag & X509_FLAG_NO_SIGNAME)) +- { +- if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) +- goto err; +- if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) +- goto err; +- if (BIO_puts(bp, "\n") <= 0) +- goto err; +- } +- +- if(!(cflag & X509_FLAG_NO_ISSUER)) +- { +- if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; +- if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err; +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_VALIDITY)) +- { +- if (BIO_write(bp," Validity\n",17) <= 0) goto err; +- if (BIO_write(bp," Not Before: ",24) <= 0) goto err; +- if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; +- if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; +- if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_SUBJECT)) +- { +- if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; +- if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err; +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_PUBKEY)) +- { +- if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) +- goto err; +- if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) +- goto err; +- if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) +- goto err; +- if (BIO_puts(bp, "\n") <= 0) +- goto err; +- +- pkey=X509_get_pubkey(x); +- if (pkey == NULL) +- { +- BIO_printf(bp,"%12sUnable to load Public Key\n",""); +- ERR_print_errors(bp); +- } +- else ++int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, ++ unsigned long cflag) ++{ ++ long l; ++ int ret = 0, i; ++ char *m = NULL, mlch = ' '; ++ int nmindent = 0; ++ X509_CINF *ci; ++ ASN1_INTEGER *bs; ++ EVP_PKEY *pkey = NULL; ++ const char *neg; ++ ASN1_STRING *str = NULL; ++ ++ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { ++ mlch = '\n'; ++ nmindent = 12; ++ } ++ ++ if (nmflags == X509_FLAG_COMPAT) ++ nmindent = 16; ++ ++ ci = x->cert_info; ++ if (!(cflag & X509_FLAG_NO_HEADER)) { ++ if (BIO_write(bp, "Certificate:\n", 13) <= 0) ++ goto err; ++ if (BIO_write(bp, " Data:\n", 10) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_VERSION)) { ++ l = X509_get_version(x); ++ if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_SERIAL)) { ++ ++ if (BIO_write(bp, " Serial Number:", 22) <= 0) ++ goto err; ++ ++ bs = X509_get_serialNumber(x); ++ if (bs->length <= 4) { ++ l = ASN1_INTEGER_get(bs); ++ if (l < 0) { ++ l = -l; ++ neg = "-"; ++ } else ++ neg = ""; ++ if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) ++ goto err; ++ } else { ++ neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; ++ if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) ++ goto err; ++ ++ for (i = 0; i < bs->length; i++) { ++ if (BIO_printf(bp, "%02x%c", bs->data[i], ++ ((i + 1 == bs->length) ? '\n' : ':')) <= 0) ++ goto err; ++ } ++ } ++ ++ } ++ ++ if (!(cflag & X509_FLAG_NO_SIGNAME)) { ++ if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++ } ++ ++ if (!(cflag & X509_FLAG_NO_ISSUER)) { ++ if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) ++ goto err; ++ if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) ++ < 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_VALIDITY)) { ++ if (BIO_write(bp, " Validity\n", 17) <= 0) ++ goto err; ++ if (BIO_write(bp, " Not Before: ", 24) <= 0) ++ goto err; ++ if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) ++ goto err; ++ if (BIO_write(bp, "\n Not After : ", 25) <= 0) ++ goto err; ++ if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_SUBJECT)) { ++ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) ++ goto err; ++ if (X509_NAME_print_ex ++ (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_PUBKEY)) { ++ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) ++ goto err; ++ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++ ++ pkey = X509_get_pubkey(x); ++ if (pkey == NULL) { ++ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ++ ERR_print_errors(bp); ++ } else + #ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) +- { +- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", +- BN_num_bits(pkey->pkey.rsa->n)); +- RSA_print(bp,pkey->pkey.rsa,16); +- } +- else ++ if (pkey->type == EVP_PKEY_RSA) { ++ BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "", ++ BN_num_bits(pkey->pkey.rsa->n)); ++ RSA_print(bp, pkey->pkey.rsa, 16); ++ } else + #endif + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- { +- BIO_printf(bp,"%12sDSA Public Key:\n",""); +- DSA_print(bp,pkey->pkey.dsa,16); +- } +- else ++ if (pkey->type == EVP_PKEY_DSA) { ++ BIO_printf(bp, "%12sDSA Public Key:\n", ""); ++ DSA_print(bp, pkey->pkey.dsa, 16); ++ } else + #endif + #ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) +- { +- BIO_printf(bp, "%12sEC Public Key:\n",""); +- EC_KEY_print(bp, pkey->pkey.ec, 16); +- } +- else ++ if (pkey->type == EVP_PKEY_EC) { ++ BIO_printf(bp, "%12sEC Public Key:\n", ""); ++ EC_KEY_print(bp, pkey->pkey.ec, 16); ++ } else + #endif +- BIO_printf(bp,"%12sUnknown Public Key:\n",""); +- +- EVP_PKEY_free(pkey); +- } +- +- if (!(cflag & X509_FLAG_NO_EXTENSIONS)) +- X509V3_extensions_print(bp, "X509v3 extensions", +- ci->extensions, cflag, 8); +- +- if(!(cflag & X509_FLAG_NO_SIGDUMP)) +- { +- if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err; +- } +- if(!(cflag & X509_FLAG_NO_AUX)) +- { +- if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; +- } +- ret=1; +-err: +- if (str != NULL) ASN1_STRING_free(str); +- if (m != NULL) OPENSSL_free(m); +- return(ret); +- } +- +-int X509_ocspid_print (BIO *bp, X509 *x) +- { +- unsigned char *der=NULL ; +- unsigned char *dertmp; +- int derlen; +- int i; +- unsigned char SHA1md[SHA_DIGEST_LENGTH]; +- +- /* display the hash of the subject as it would appear +- in OCSP requests */ +- if (BIO_printf(bp," Subject OCSP hash: ") <= 0) +- goto err; +- derlen = i2d_X509_NAME(x->cert_info->subject, NULL); +- if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL) +- goto err; +- i2d_X509_NAME(x->cert_info->subject, &dertmp); +- +- EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); +- for (i=0; i < SHA_DIGEST_LENGTH; i++) +- { +- if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; +- } +- OPENSSL_free (der); +- der=NULL; +- +- /* display the hash of the public key as it would appear +- in OCSP requests */ +- if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) +- goto err; +- +- EVP_Digest(x->cert_info->key->public_key->data, +- x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); +- for (i=0; i < SHA_DIGEST_LENGTH; i++) +- { +- if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) +- goto err; +- } +- BIO_printf(bp,"\n"); +- +- return (1); +-err: +- if (der != NULL) OPENSSL_free(der); +- return(0); +- } ++ BIO_printf(bp, "%12sUnknown Public Key:\n", ""); ++ ++ EVP_PKEY_free(pkey); ++ } ++ ++ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) ++ X509V3_extensions_print(bp, "X509v3 extensions", ++ ci->extensions, cflag, 8); ++ ++ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { ++ if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_AUX)) { ++ if (!X509_CERT_AUX_print(bp, x->aux, 0)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (str != NULL) ++ ASN1_STRING_free(str); ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++ ++int X509_ocspid_print(BIO *bp, X509 *x) ++{ ++ unsigned char *der = NULL; ++ unsigned char *dertmp; ++ int derlen; ++ int i; ++ unsigned char SHA1md[SHA_DIGEST_LENGTH]; ++ ++ /* ++ * display the hash of the subject as it would appear in OCSP requests ++ */ ++ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) ++ goto err; ++ derlen = i2d_X509_NAME(x->cert_info->subject, NULL); ++ if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL) ++ goto err; ++ i2d_X509_NAME(x->cert_info->subject, &dertmp); ++ ++ EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { ++ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) ++ goto err; ++ } ++ OPENSSL_free(der); ++ der = NULL; ++ ++ /* ++ * display the hash of the public key as it would appear in OCSP requests ++ */ ++ if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) ++ goto err; ++ ++ EVP_Digest(x->cert_info->key->public_key->data, ++ x->cert_info->key->public_key->length, SHA1md, NULL, ++ EVP_sha1(), NULL); ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { ++ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) ++ goto err; ++ } ++ BIO_printf(bp, "\n"); ++ ++ return (1); ++ err: ++ if (der != NULL) ++ OPENSSL_free(der); ++ return (0); ++} + + int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) + { +- unsigned char *s; +- int i, n; +- if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; +- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; +- +- n=sig->length; +- s=sig->data; +- for (i=0; ialgorithm) <= 0) ++ return 0; ++ ++ n = sig->length; ++ s = sig->data; ++ for (i = 0; i < n; i++) { ++ if ((i % 18) == 0) ++ if (BIO_write(bp, "\n ", 9) <= 0) ++ return 0; ++ if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) ++ return 0; ++ } ++ if (BIO_write(bp, "\n", 1) != 1) ++ return 0; ++ return 1; + } + + int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) +- { +- int i,n; +- char buf[80],*p; +- +- if (v == NULL) return(0); +- n=0; +- p=(char *)v->data; +- for (i=0; ilength; i++) +- { +- if ((p[i] > '~') || ((p[i] < ' ') && +- (p[i] != '\n') && (p[i] != '\r'))) +- buf[n]='.'; +- else +- buf[n]=p[i]; +- n++; +- if (n >= 80) +- { +- if (BIO_write(bp,buf,n) <= 0) +- return(0); +- n=0; +- } +- } +- if (n > 0) +- if (BIO_write(bp,buf,n) <= 0) +- return(0); +- return(1); +- } ++{ ++ int i, n; ++ char buf[80], *p; ++ ++ if (v == NULL) ++ return (0); ++ n = 0; ++ p = (char *)v->data; ++ for (i = 0; i < v->length; i++) { ++ if ((p[i] > '~') || ((p[i] < ' ') && ++ (p[i] != '\n') && (p[i] != '\r'))) ++ buf[n] = '.'; ++ else ++ buf[n] = p[i]; ++ n++; ++ if (n >= 80) { ++ if (BIO_write(bp, buf, n) <= 0) ++ return (0); ++ n = 0; ++ } ++ } ++ if (n > 0) ++ if (BIO_write(bp, buf, n) <= 0) ++ return (0); ++ return (1); ++} + + int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) + { +- if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); +- if(tm->type == V_ASN1_GENERALIZEDTIME) +- return ASN1_GENERALIZEDTIME_print(bp, tm); +- BIO_write(bp,"Bad time value",14); +- return(0); ++ if (tm->type == V_ASN1_UTCTIME) ++ return ASN1_UTCTIME_print(bp, tm); ++ if (tm->type == V_ASN1_GENERALIZEDTIME) ++ return ASN1_GENERALIZEDTIME_print(bp, tm); ++ BIO_write(bp, "Bad time value", 14); ++ return (0); + } + +-static const char *mon[12]= +- { +- "Jan","Feb","Mar","Apr","May","Jun", +- "Jul","Aug","Sep","Oct","Nov","Dec" +- }; ++static const char *mon[12] = { ++ "Jan", "Feb", "Mar", "Apr", "May", "Jun", ++ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" ++}; + + int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) +- { +- char *v; +- int gmt=0; +- int i; +- int y=0,M=0,d=0,h=0,m=0,s=0; +- char *f = NULL; +- int f_len = 0; +- +- i=tm->length; +- v=(char *)tm->data; +- +- if (i < 12) goto err; +- if (v[i-1] == 'Z') gmt=1; +- for (i=0; i<12; i++) +- if ((v[i] > '9') || (v[i] < '0')) goto err; +- y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0'); +- M= (v[4]-'0')*10+(v[5]-'0'); +- if ((M > 12) || (M < 1)) goto err; +- d= (v[6]-'0')*10+(v[7]-'0'); +- h= (v[8]-'0')*10+(v[9]-'0'); +- m= (v[10]-'0')*10+(v[11]-'0'); +- if (tm->length >= 14 && +- (v[12] >= '0') && (v[12] <= '9') && +- (v[13] >= '0') && (v[13] <= '9')) +- { +- s= (v[12]-'0')*10+(v[13]-'0'); +- /* Check for fractions of seconds. */ +- if (tm->length >= 15 && v[14] == '.') +- { +- int l = tm->length; +- f = &v[14]; /* The decimal point. */ +- f_len = 1; +- while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') +- ++f_len; +- } +- } +- +- if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s", +- mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0) +- return(0); +- else +- return(1); +-err: +- BIO_write(bp,"Bad time value",14); +- return(0); +- } ++{ ++ char *v; ++ int gmt = 0; ++ int i; ++ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; ++ char *f = NULL; ++ int f_len = 0; ++ ++ i = tm->length; ++ v = (char *)tm->data; ++ ++ if (i < 12) ++ goto err; ++ if (v[i - 1] == 'Z') ++ gmt = 1; ++ for (i = 0; i < 12; i++) ++ if ((v[i] > '9') || (v[i] < '0')) ++ goto err; ++ y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 ++ + (v[2] - '0') * 10 + (v[3] - '0'); ++ M = (v[4] - '0') * 10 + (v[5] - '0'); ++ if ((M > 12) || (M < 1)) ++ goto err; ++ d = (v[6] - '0') * 10 + (v[7] - '0'); ++ h = (v[8] - '0') * 10 + (v[9] - '0'); ++ m = (v[10] - '0') * 10 + (v[11] - '0'); ++ if (tm->length >= 14 && ++ (v[12] >= '0') && (v[12] <= '9') && ++ (v[13] >= '0') && (v[13] <= '9')) { ++ s = (v[12] - '0') * 10 + (v[13] - '0'); ++ /* Check for fractions of seconds. */ ++ if (tm->length >= 15 && v[14] == '.') { ++ int l = tm->length; ++ f = &v[14]; /* The decimal point. */ ++ f_len = 1; ++ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') ++ ++f_len; ++ } ++ } ++ ++ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", ++ mon[M - 1], d, h, m, s, f_len, f, y, ++ (gmt) ? " GMT" : "") <= 0) ++ return (0); ++ else ++ return (1); ++ err: ++ BIO_write(bp, "Bad time value", 14); ++ return (0); ++} + + int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) +- { +- char *v; +- int gmt=0; +- int i; +- int y=0,M=0,d=0,h=0,m=0,s=0; +- +- i=tm->length; +- v=(char *)tm->data; +- +- if (i < 10) goto err; +- if (v[i-1] == 'Z') gmt=1; +- for (i=0; i<10; i++) +- if ((v[i] > '9') || (v[i] < '0')) goto err; +- y= (v[0]-'0')*10+(v[1]-'0'); +- if (y < 50) y+=100; +- M= (v[2]-'0')*10+(v[3]-'0'); +- if ((M > 12) || (M < 1)) goto err; +- d= (v[4]-'0')*10+(v[5]-'0'); +- h= (v[6]-'0')*10+(v[7]-'0'); +- m= (v[8]-'0')*10+(v[9]-'0'); +- if (tm->length >=12 && +- (v[10] >= '0') && (v[10] <= '9') && +- (v[11] >= '0') && (v[11] <= '9')) +- s= (v[10]-'0')*10+(v[11]-'0'); +- +- if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", +- mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0) +- return(0); +- else +- return(1); +-err: +- BIO_write(bp,"Bad time value",14); +- return(0); +- } ++{ ++ char *v; ++ int gmt = 0; ++ int i; ++ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; ++ ++ i = tm->length; ++ v = (char *)tm->data; ++ ++ if (i < 10) ++ goto err; ++ if (v[i - 1] == 'Z') ++ gmt = 1; ++ for (i = 0; i < 10; i++) ++ if ((v[i] > '9') || (v[i] < '0')) ++ goto err; ++ y = (v[0] - '0') * 10 + (v[1] - '0'); ++ if (y < 50) ++ y += 100; ++ M = (v[2] - '0') * 10 + (v[3] - '0'); ++ if ((M > 12) || (M < 1)) ++ goto err; ++ d = (v[4] - '0') * 10 + (v[5] - '0'); ++ h = (v[6] - '0') * 10 + (v[7] - '0'); ++ m = (v[8] - '0') * 10 + (v[9] - '0'); ++ if (tm->length >= 12 && ++ (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) ++ s = (v[10] - '0') * 10 + (v[11] - '0'); ++ ++ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", ++ mon[M - 1], d, h, m, s, y + 1900, ++ (gmt) ? " GMT" : "") <= 0) ++ return (0); ++ else ++ return (1); ++ err: ++ BIO_write(bp, "Bad time value", 14); ++ return (0); ++} + + int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) +- { +- char *s,*c,*b; +- int ret=0,l,i; +- +- l=80-2-obase; +- +- b=X509_NAME_oneline(name,NULL,0); +- if (!b) +- return 0; +- if (!*b) +- { +- OPENSSL_free(b); +- return 1; +- } +- s=b+1; /* skip the first slash */ +- +- c=s; +- for (;;) +- { ++{ ++ char *s, *c, *b; ++ int ret = 0, l, i; ++ ++ l = 80 - 2 - obase; ++ ++ b = X509_NAME_oneline(name, NULL, 0); ++ if (!b) ++ return 0; ++ if (!*b) { ++ OPENSSL_free(b); ++ return 1; ++ } ++ s = b + 1; /* skip the first slash */ ++ ++ c = s; ++ for (;;) { + #ifndef CHARSET_EBCDIC +- if ( ((*s == '/') && +- ((s[1] >= 'A') && (s[1] <= 'Z') && ( +- (s[2] == '=') || +- ((s[2] >= 'A') && (s[2] <= 'Z') && +- (s[3] == '=')) +- ))) || +- (*s == '\0')) ++ if (((*s == '/') && ++ ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || ++ ((s[2] >= 'A') ++ && (s[2] <= 'Z') ++ && (s[3] == '=')) ++ ))) || (*s == '\0')) + #else +- if ( ((*s == '/') && +- (isupper(s[1]) && ( +- (s[2] == '=') || +- (isupper(s[2]) && +- (s[3] == '=')) +- ))) || +- (*s == '\0')) ++ if (((*s == '/') && ++ (isupper(s[1]) && ((s[2] == '=') || ++ (isupper(s[2]) && (s[3] == '=')) ++ ))) || (*s == '\0')) + #endif +- { +- i=s-c; +- if (BIO_write(bp,c,i) != i) goto err; +- c=s+1; /* skip following slash */ +- if (*s != '\0') +- { +- if (BIO_write(bp,", ",2) != 2) goto err; +- } +- l--; +- } +- if (*s == '\0') break; +- s++; +- l--; +- } +- +- ret=1; +- if (0) +- { +-err: +- X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); +- } +- OPENSSL_free(b); +- return(ret); +- } ++ { ++ i = s - c; ++ if (BIO_write(bp, c, i) != i) ++ goto err; ++ c = s + 1; /* skip following slash */ ++ if (*s != '\0') { ++ if (BIO_write(bp, ", ", 2) != 2) ++ goto err; ++ } ++ l--; ++ } ++ if (*s == '\0') ++ break; ++ s++; ++ l--; ++ } ++ ++ ret = 1; ++ if (0) { ++ err: ++ X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); ++ } ++ OPENSSL_free(b); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c +index 8b18801..f4b8f94 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c +@@ -1,6 +1,7 @@ + /* t_x509a.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,49 +63,53 @@ + #include + #include + +-/* X509_CERT_AUX and string set routines ++/* ++ * X509_CERT_AUX and string set routines + */ + + int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) + { +- char oidstr[80], first; +- int i; +- if(!aux) return 1; +- if(aux->trust) { +- first = 1; +- BIO_printf(out, "%*sTrusted Uses:\n%*s", +- indent, "", indent + 2, ""); +- for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { +- if(!first) BIO_puts(out, ", "); +- else first = 0; +- OBJ_obj2txt(oidstr, sizeof oidstr, +- sk_ASN1_OBJECT_value(aux->trust, i), 0); +- BIO_puts(out, oidstr); +- } +- BIO_puts(out, "\n"); +- } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); +- if(aux->reject) { +- first = 1; +- BIO_printf(out, "%*sRejected Uses:\n%*s", +- indent, "", indent + 2, ""); +- for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { +- if(!first) BIO_puts(out, ", "); +- else first = 0; +- OBJ_obj2txt(oidstr, sizeof oidstr, +- sk_ASN1_OBJECT_value(aux->reject, i), 0); +- BIO_puts(out, oidstr); +- } +- BIO_puts(out, "\n"); +- } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); +- if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", +- aux->alias->data); +- if(aux->keyid) { +- BIO_printf(out, "%*sKey Id: ", indent, ""); +- for(i = 0; i < aux->keyid->length; i++) +- BIO_printf(out, "%s%02X", +- i ? ":" : "", +- aux->keyid->data[i]); +- BIO_write(out,"\n",1); +- } +- return 1; ++ char oidstr[80], first; ++ int i; ++ if (!aux) ++ return 1; ++ if (aux->trust) { ++ first = 1; ++ BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); ++ for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { ++ if (!first) ++ BIO_puts(out, ", "); ++ else ++ first = 0; ++ OBJ_obj2txt(oidstr, sizeof oidstr, ++ sk_ASN1_OBJECT_value(aux->trust, i), 0); ++ BIO_puts(out, oidstr); ++ } ++ BIO_puts(out, "\n"); ++ } else ++ BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); ++ if (aux->reject) { ++ first = 1; ++ BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); ++ for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { ++ if (!first) ++ BIO_puts(out, ", "); ++ else ++ first = 0; ++ OBJ_obj2txt(oidstr, sizeof oidstr, ++ sk_ASN1_OBJECT_value(aux->reject, i), 0); ++ BIO_puts(out, oidstr); ++ } ++ BIO_puts(out, "\n"); ++ } else ++ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); ++ if (aux->alias) ++ BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); ++ if (aux->keyid) { ++ BIO_printf(out, "%*sKey Id: ", indent, ""); ++ for (i = 0; i < aux->keyid->length; i++) ++ BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]); ++ BIO_write(out, "\n", 1); ++ } ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +index a228c0d..6e4a325 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +@@ -1,6 +1,7 @@ + /* tasn_dec.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include + #include +@@ -69,1275 +69,1158 @@ static int asn1_check_eoc(const unsigned char **in, long len); + static int asn1_find_end(const unsigned char **in, long len, char inf); + + static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, +- char inf, int tag, int aclass, int depth); ++ char inf, int tag, int aclass, int depth); + + static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); + + static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, +- char *inf, char *cst, +- const unsigned char **in, long len, +- int exptag, int expclass, char opt, +- ASN1_TLC *ctx); ++ char *inf, char *cst, ++ const unsigned char **in, long len, ++ int exptag, int expclass, char opt, ASN1_TLC *ctx); + + static int asn1_template_ex_d2i(ASN1_VALUE **pval, +- const unsigned char **in, long len, +- const ASN1_TEMPLATE *tt, char opt, +- ASN1_TLC *ctx); ++ const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt, char opt, ++ ASN1_TLC *ctx); + static int asn1_template_noexp_d2i(ASN1_VALUE **val, +- const unsigned char **in, long len, +- const ASN1_TEMPLATE *tt, char opt, +- ASN1_TLC *ctx); ++ const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt, char opt, ++ ASN1_TLC *ctx); + static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, +- const unsigned char **in, long len, +- const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx); ++ const unsigned char **in, long len, ++ const ASN1_ITEM *it, ++ int tag, int aclass, char opt, ++ ASN1_TLC *ctx); + + /* Table to convert tags to bit values, used for MSTRING type */ + static const unsigned long tag2bit[32] = { +-0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ +-B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ +-B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ +-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ +-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ +-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ +-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ +-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ +-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */ +- }; ++ /* tags 0 - 3 */ ++ 0, 0, 0, B_ASN1_BIT_STRING, ++ /* tags 4- 7 */ ++ B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN, ++ /* tags 8-11 */ ++ B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, ++ /* tags 12-15 */ ++ B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, ++ /* tags 16-19 */ ++ B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING, ++ /* tags 20-22 */ ++ B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING, ++ /* tags 23-24 */ ++ B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, ++ /* tags 25-27 */ ++ B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING, ++ /* tags 28-31 */ ++ B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN, ++}; + + unsigned long ASN1_tag2bit(int tag) +- { +- if ((tag < 0) || (tag > 30)) return 0; +- return tag2bit[tag]; +- } ++{ ++ if ((tag < 0) || (tag > 30)) ++ return 0; ++ return tag2bit[tag]; ++} + + /* Macro to initialize and invalidate the cache */ + +-#define asn1_tlc_clear(c) if (c) (c)->valid = 0 ++#define asn1_tlc_clear(c) if (c) (c)->valid = 0 + +-/* Decode an ASN1 item, this currently behaves just +- * like a standard 'd2i' function. 'in' points to +- * a buffer to read the data from, in future we will +- * have more advanced versions that can input data +- * a piece at a time and this will simply be a special +- * case. ++/* ++ * Decode an ASN1 item, this currently behaves just like a standard 'd2i' ++ * function. 'in' points to a buffer to read the data from, in future we ++ * will have more advanced versions that can input data a piece at a time and ++ * this will simply be a special case. + */ + + ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, +- const unsigned char **in, long len, const ASN1_ITEM *it) +- { +- ASN1_TLC c; +- ASN1_VALUE *ptmpval = NULL; +- if (!pval) +- pval = &ptmpval; +- c.valid = 0; +- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) +- return *pval; +- return NULL; +- } ++ const unsigned char **in, long len, ++ const ASN1_ITEM *it) ++{ ++ ASN1_TLC c; ++ ASN1_VALUE *ptmpval = NULL; ++ if (!pval) ++ pval = &ptmpval; ++ c.valid = 0; ++ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) ++ return *pval; ++ return NULL; ++} + + int ASN1_template_d2i(ASN1_VALUE **pval, +- const unsigned char **in, long len, const ASN1_TEMPLATE *tt) +- { +- ASN1_TLC c; +- c.valid = 0; +- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); +- } +- +- +-/* Decode an item, taking care of IMPLICIT tagging, if any. +- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL ++ const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt) ++{ ++ ASN1_TLC c; ++ c.valid = 0; ++ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); ++} ++ ++/* ++ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and ++ * tag mismatch return -1 to handle OPTIONAL + */ + + int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, +- const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx) +- { +- const ASN1_TEMPLATE *tt, *errtt = NULL; +- const ASN1_COMPAT_FUNCS *cf; +- const ASN1_EXTERN_FUNCS *ef; +- const ASN1_AUX *aux = it->funcs; +- ASN1_aux_cb *asn1_cb; +- const unsigned char *p = NULL, *q; +- unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ +- unsigned char imphack = 0, oclass; +- char seq_eoc, seq_nolen, cst, isopt; +- long tmplen; +- int i; +- int otag; +- int ret = 0; +- ASN1_VALUE **pchptr, *ptmpval; +- if (!pval) +- return 0; +- if (aux && aux->asn1_cb) +- asn1_cb = aux->asn1_cb; +- else asn1_cb = 0; +- +- switch(it->itype) +- { +- case ASN1_ITYPE_PRIMITIVE: +- if (it->templates) +- { +- /* tagging or OPTIONAL is currently illegal on an item +- * template because the flags can't get passed down. +- * In practice this isn't a problem: we include the +- * relevant flags from the item template in the +- * template itself. +- */ +- if ((tag != -1) || opt) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); +- goto err; +- } +- return asn1_template_ex_d2i(pval, in, len, +- it->templates, opt, ctx); +- } +- return asn1_d2i_ex_primitive(pval, in, len, it, +- tag, aclass, opt, ctx); +- break; +- +- case ASN1_ITYPE_MSTRING: +- p = *in; +- /* Just read in tag and class */ +- ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, +- &p, len, -1, 0, 1, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- +- /* Must be UNIVERSAL class */ +- if (oclass != V_ASN1_UNIVERSAL) +- { +- /* If OPTIONAL, assume this is OK */ +- if (opt) return -1; +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_MSTRING_NOT_UNIVERSAL); +- goto err; +- } +- /* Check tag matches bit map */ +- if (!(ASN1_tag2bit(otag) & it->utype)) +- { +- /* If OPTIONAL, assume this is OK */ +- if (opt) +- return -1; +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_MSTRING_WRONG_TAG); +- goto err; +- } +- return asn1_d2i_ex_primitive(pval, in, len, +- it, otag, 0, 0, ctx); +- +- case ASN1_ITYPE_EXTERN: +- /* Use new style d2i */ +- ef = it->funcs; +- return ef->asn1_ex_d2i(pval, in, len, +- it, tag, aclass, opt, ctx); +- +- case ASN1_ITYPE_COMPAT: +- /* we must resort to old style evil hackery */ +- cf = it->funcs; +- +- /* If OPTIONAL see if it is there */ +- if (opt) +- { +- int exptag; +- p = *in; +- if (tag == -1) +- exptag = it->utype; +- else exptag = tag; +- /* Don't care about anything other than presence +- * of expected tag */ +- +- ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, +- &p, len, exptag, aclass, 1, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- if (ret == -1) +- return -1; +- } +- +- /* This is the old style evil hack IMPLICIT handling: +- * since the underlying code is expecting a tag and +- * class other than the one present we change the +- * buffer temporarily then change it back afterwards. +- * This doesn't and never did work for tags > 30. +- * +- * Yes this is *horrible* but it is only needed for +- * old style d2i which will hopefully not be around +- * for much longer. +- * FIXME: should copy the buffer then modify it so +- * the input buffer can be const: we should *always* +- * copy because the old style d2i might modify the +- * buffer. +- */ +- +- if (tag != -1) +- { +- wp = *(unsigned char **)in; +- imphack = *wp; +- if (p == NULL) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) +- | it->utype); +- } +- +- ptmpval = cf->asn1_d2i(pval, in, len); +- +- if (tag != -1) +- *wp = imphack; +- +- if (ptmpval) +- return 1; +- +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); +- goto err; +- +- +- case ASN1_ITYPE_CHOICE: +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) +- goto auxerr; +- +- /* Allocate structure */ +- if (!*pval && !ASN1_item_ex_new(pval, it)) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- /* CHOICE type, try each possibility in turn */ +- p = *in; +- for (i = 0, tt=it->templates; i < it->tcount; i++, tt++) +- { +- pchptr = asn1_get_field_ptr(pval, tt); +- /* We mark field as OPTIONAL so its absence +- * can be recognised. +- */ +- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); +- /* If field not present, try the next one */ +- if (ret == -1) +- continue; +- /* If positive return, read OK, break loop */ +- if (ret > 0) +- break; +- /* Otherwise must be an ASN1 parsing error */ +- errtt = tt; +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- +- /* Did we fall off the end without reading anything? */ +- if (i == it->tcount) +- { +- /* If OPTIONAL, this is OK */ +- if (opt) +- { +- /* Free and zero it */ +- ASN1_item_ex_free(pval, it); +- return -1; +- } +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_NO_MATCHING_CHOICE_TYPE); +- goto err; +- } +- +- asn1_set_choice_selector(pval, i, it); +- *in = p; +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) +- goto auxerr; +- return 1; +- +- case ASN1_ITYPE_NDEF_SEQUENCE: +- case ASN1_ITYPE_SEQUENCE: +- p = *in; +- tmplen = len; +- +- /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ +- if (tag == -1) +- { +- tag = V_ASN1_SEQUENCE; +- aclass = V_ASN1_UNIVERSAL; +- } +- /* Get SEQUENCE length and update len, p */ +- ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, +- &p, len, tag, aclass, opt, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- else if (ret == -1) +- return -1; +- if (aux && (aux->flags & ASN1_AFLG_BROKEN)) +- { +- len = tmplen - (p - *in); +- seq_nolen = 1; +- } +- /* If indefinite we don't do a length check */ +- else seq_nolen = seq_eoc; +- if (!cst) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_SEQUENCE_NOT_CONSTRUCTED); +- goto err; +- } +- +- if (!*pval && !ASN1_item_ex_new(pval, it)) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) +- goto auxerr; +- +- /* Get each field entry */ +- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) +- { +- const ASN1_TEMPLATE *seqtt; +- ASN1_VALUE **pseqval; +- seqtt = asn1_do_adb(pval, tt, 1); +- if (!seqtt) +- goto err; +- pseqval = asn1_get_field_ptr(pval, seqtt); +- /* Have we ran out of data? */ +- if (!len) +- break; +- q = p; +- if (asn1_check_eoc(&p, len)) +- { +- if (!seq_eoc) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_UNEXPECTED_EOC); +- goto err; +- } +- len -= p - q; +- seq_eoc = 0; +- q = p; +- break; +- } +- /* This determines the OPTIONAL flag value. The field +- * cannot be omitted if it is the last of a SEQUENCE +- * and there is still data to be read. This isn't +- * strictly necessary but it increases efficiency in +- * some cases. +- */ +- if (i == (it->tcount - 1)) +- isopt = 0; +- else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); +- /* attempt to read in field, allowing each to be +- * OPTIONAL */ +- +- ret = asn1_template_ex_d2i(pseqval, &p, len, +- seqtt, isopt, ctx); +- if (!ret) +- { +- errtt = seqtt; +- goto err; +- } +- else if (ret == -1) +- { +- /* OPTIONAL component absent. +- * Free and zero the field. +- */ +- ASN1_template_free(pseqval, seqtt); +- continue; +- } +- /* Update length */ +- len -= p - q; +- } +- +- /* Check for EOC if expecting one */ +- if (seq_eoc && !asn1_check_eoc(&p, len)) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); +- goto err; +- } +- /* Check all data read */ +- if (!seq_nolen && len) +- { +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_SEQUENCE_LENGTH_MISMATCH); +- goto err; +- } +- +- /* If we get here we've got no more data in the SEQUENCE, +- * however we may not have read all fields so check all +- * remaining are OPTIONAL and clear any that are. +- */ +- for (; i < it->tcount; tt++, i++) +- { +- const ASN1_TEMPLATE *seqtt; +- seqtt = asn1_do_adb(pval, tt, 1); +- if (!seqtt) +- goto err; +- if (seqtt->flags & ASN1_TFLG_OPTIONAL) +- { +- ASN1_VALUE **pseqval; +- pseqval = asn1_get_field_ptr(pval, seqtt); +- ASN1_template_free(pseqval, seqtt); +- } +- else +- { +- errtt = seqtt; +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, +- ASN1_R_FIELD_MISSING); +- goto err; +- } +- } +- /* Save encoding */ +- if (!asn1_enc_save(pval, *in, p - *in, it)) +- goto auxerr; +- *in = p; +- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) +- goto auxerr; +- return 1; +- +- default: +- return 0; +- } +- auxerr: +- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); +- err: +- ASN1_item_ex_free(pval, it); +- if (errtt) +- ERR_add_error_data(4, "Field=", errtt->field_name, +- ", Type=", it->sname); +- else +- ERR_add_error_data(2, "Type=", it->sname); +- return 0; +- } +- +-/* Templates are handled with two separate functions. +- * One handles any EXPLICIT tag and the other handles the rest. ++ const ASN1_ITEM *it, ++ int tag, int aclass, char opt, ASN1_TLC *ctx) ++{ ++ const ASN1_TEMPLATE *tt, *errtt = NULL; ++ const ASN1_COMPAT_FUNCS *cf; ++ const ASN1_EXTERN_FUNCS *ef; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_aux_cb *asn1_cb; ++ const unsigned char *p = NULL, *q; ++ unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ ++ unsigned char imphack = 0, oclass; ++ char seq_eoc, seq_nolen, cst, isopt; ++ long tmplen; ++ int i; ++ int otag; ++ int ret = 0; ++ ASN1_VALUE **pchptr, *ptmpval; ++ if (!pval) ++ return 0; ++ if (aux && aux->asn1_cb) ++ asn1_cb = aux->asn1_cb; ++ else ++ asn1_cb = 0; ++ ++ switch (it->itype) { ++ case ASN1_ITYPE_PRIMITIVE: ++ if (it->templates) { ++ /* ++ * tagging or OPTIONAL is currently illegal on an item template ++ * because the flags can't get passed down. In practice this ++ * isn't a problem: we include the relevant flags from the item ++ * template in the template itself. ++ */ ++ if ((tag != -1) || opt) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ++ ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); ++ goto err; ++ } ++ return asn1_template_ex_d2i(pval, in, len, ++ it->templates, opt, ctx); ++ } ++ return asn1_d2i_ex_primitive(pval, in, len, it, ++ tag, aclass, opt, ctx); ++ break; ++ ++ case ASN1_ITYPE_MSTRING: ++ p = *in; ++ /* Just read in tag and class */ ++ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, ++ &p, len, -1, 0, 1, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ ++ /* Must be UNIVERSAL class */ ++ if (oclass != V_ASN1_UNIVERSAL) { ++ /* If OPTIONAL, assume this is OK */ ++ if (opt) ++ return -1; ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); ++ goto err; ++ } ++ /* Check tag matches bit map */ ++ if (!(ASN1_tag2bit(otag) & it->utype)) { ++ /* If OPTIONAL, assume this is OK */ ++ if (opt) ++ return -1; ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); ++ goto err; ++ } ++ return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); ++ ++ case ASN1_ITYPE_EXTERN: ++ /* Use new style d2i */ ++ ef = it->funcs; ++ return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); ++ ++ case ASN1_ITYPE_COMPAT: ++ /* we must resort to old style evil hackery */ ++ cf = it->funcs; ++ ++ /* If OPTIONAL see if it is there */ ++ if (opt) { ++ int exptag; ++ p = *in; ++ if (tag == -1) ++ exptag = it->utype; ++ else ++ exptag = tag; ++ /* ++ * Don't care about anything other than presence of expected tag ++ */ ++ ++ ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, ++ &p, len, exptag, aclass, 1, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ if (ret == -1) ++ return -1; ++ } ++ ++ /* ++ * This is the old style evil hack IMPLICIT handling: since the ++ * underlying code is expecting a tag and class other than the one ++ * present we change the buffer temporarily then change it back ++ * afterwards. This doesn't and never did work for tags > 30. Yes ++ * this is *horrible* but it is only needed for old style d2i which ++ * will hopefully not be around for much longer. FIXME: should copy ++ * the buffer then modify it so the input buffer can be const: we ++ * should *always* copy because the old style d2i might modify the ++ * buffer. ++ */ ++ ++ if (tag != -1) { ++ wp = *(unsigned char **)in; ++ imphack = *wp; ++ if (p == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) ++ | it->utype); ++ } ++ ++ ptmpval = cf->asn1_d2i(pval, in, len); ++ ++ if (tag != -1) ++ *wp = imphack; ++ ++ if (ptmpval) ++ return 1; ++ ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ ++ case ASN1_ITYPE_CHOICE: ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) ++ goto auxerr; ++ if (*pval) { ++ /* Free up and zero CHOICE value if initialised */ ++ i = asn1_get_choice_selector(pval, it); ++ if ((i >= 0) && (i < it->tcount)) { ++ tt = it->templates + i; ++ pchptr = asn1_get_field_ptr(pval, tt); ++ ASN1_template_free(pchptr, tt); ++ asn1_set_choice_selector(pval, -1, it); ++ } ++ } else if (!ASN1_item_ex_new(pval, it)) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ /* CHOICE type, try each possibility in turn */ ++ p = *in; ++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { ++ pchptr = asn1_get_field_ptr(pval, tt); ++ /* ++ * We mark field as OPTIONAL so its absence can be recognised. ++ */ ++ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); ++ /* If field not present, try the next one */ ++ if (ret == -1) ++ continue; ++ /* If positive return, read OK, break loop */ ++ if (ret > 0) ++ break; ++ /* Otherwise must be an ASN1 parsing error */ ++ errtt = tt; ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ ++ /* Did we fall off the end without reading anything? */ ++ if (i == it->tcount) { ++ /* If OPTIONAL, this is OK */ ++ if (opt) { ++ /* Free and zero it */ ++ ASN1_item_ex_free(pval, it); ++ return -1; ++ } ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); ++ goto err; ++ } ++ ++ asn1_set_choice_selector(pval, i, it); ++ *in = p; ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) ++ goto auxerr; ++ return 1; ++ ++ case ASN1_ITYPE_NDEF_SEQUENCE: ++ case ASN1_ITYPE_SEQUENCE: ++ p = *in; ++ tmplen = len; ++ ++ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ ++ if (tag == -1) { ++ tag = V_ASN1_SEQUENCE; ++ aclass = V_ASN1_UNIVERSAL; ++ } ++ /* Get SEQUENCE length and update len, p */ ++ ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, ++ &p, len, tag, aclass, opt, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } else if (ret == -1) ++ return -1; ++ if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { ++ len = tmplen - (p - *in); ++ seq_nolen = 1; ++ } ++ /* If indefinite we don't do a length check */ ++ else ++ seq_nolen = seq_eoc; ++ if (!cst) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); ++ goto err; ++ } ++ ++ if (!*pval && !ASN1_item_ex_new(pval, it)) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) ++ goto auxerr; ++ ++ /* Free up and zero any ADB found */ ++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { ++ if (tt->flags & ASN1_TFLG_ADB_MASK) { ++ const ASN1_TEMPLATE *seqtt; ++ ASN1_VALUE **pseqval; ++ seqtt = asn1_do_adb(pval, tt, 1); ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ ASN1_template_free(pseqval, seqtt); ++ } ++ } ++ ++ /* Get each field entry */ ++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { ++ const ASN1_TEMPLATE *seqtt; ++ ASN1_VALUE **pseqval; ++ seqtt = asn1_do_adb(pval, tt, 1); ++ if (!seqtt) ++ goto err; ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ /* Have we ran out of data? */ ++ if (!len) ++ break; ++ q = p; ++ if (asn1_check_eoc(&p, len)) { ++ if (!seq_eoc) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); ++ goto err; ++ } ++ len -= p - q; ++ seq_eoc = 0; ++ q = p; ++ break; ++ } ++ /* ++ * This determines the OPTIONAL flag value. The field cannot be ++ * omitted if it is the last of a SEQUENCE and there is still ++ * data to be read. This isn't strictly necessary but it ++ * increases efficiency in some cases. ++ */ ++ if (i == (it->tcount - 1)) ++ isopt = 0; ++ else ++ isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); ++ /* ++ * attempt to read in field, allowing each to be OPTIONAL ++ */ ++ ++ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); ++ if (!ret) { ++ errtt = seqtt; ++ goto err; ++ } else if (ret == -1) { ++ /* ++ * OPTIONAL component absent. Free and zero the field. ++ */ ++ ASN1_template_free(pseqval, seqtt); ++ continue; ++ } ++ /* Update length */ ++ len -= p - q; ++ } ++ ++ /* Check for EOC if expecting one */ ++ if (seq_eoc && !asn1_check_eoc(&p, len)) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); ++ goto err; ++ } ++ /* Check all data read */ ++ if (!seq_nolen && len) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); ++ goto err; ++ } ++ ++ /* ++ * If we get here we've got no more data in the SEQUENCE, however we ++ * may not have read all fields so check all remaining are OPTIONAL ++ * and clear any that are. ++ */ ++ for (; i < it->tcount; tt++, i++) { ++ const ASN1_TEMPLATE *seqtt; ++ seqtt = asn1_do_adb(pval, tt, 1); ++ if (!seqtt) ++ goto err; ++ if (seqtt->flags & ASN1_TFLG_OPTIONAL) { ++ ASN1_VALUE **pseqval; ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ ASN1_template_free(pseqval, seqtt); ++ } else { ++ errtt = seqtt; ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); ++ goto err; ++ } ++ } ++ /* Save encoding */ ++ if (!asn1_enc_save(pval, *in, p - *in, it)) ++ goto auxerr; ++ *in = p; ++ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) ++ goto auxerr; ++ return 1; ++ ++ default: ++ return 0; ++ } ++ auxerr: ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); ++ err: ++ ASN1_item_ex_free(pval, it); ++ if (errtt) ++ ERR_add_error_data(4, "Field=", errtt->field_name, ++ ", Type=", it->sname); ++ else ++ ERR_add_error_data(2, "Type=", it->sname); ++ return 0; ++} ++ ++/* ++ * Templates are handled with two separate functions. One handles any ++ * EXPLICIT tag and the other handles the rest. + */ + + static int asn1_template_ex_d2i(ASN1_VALUE **val, +- const unsigned char **in, long inlen, +- const ASN1_TEMPLATE *tt, char opt, +- ASN1_TLC *ctx) +- { +- int flags, aclass; +- int ret; +- long len; +- const unsigned char *p, *q; +- char exp_eoc; +- if (!val) +- return 0; +- flags = tt->flags; +- aclass = flags & ASN1_TFLG_TAG_CLASS; +- +- p = *in; +- +- /* Check if EXPLICIT tag expected */ +- if (flags & ASN1_TFLG_EXPTAG) +- { +- char cst; +- /* Need to work out amount of data available to the inner +- * content and where it starts: so read in EXPLICIT header to +- * get the info. +- */ +- ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, +- &p, inlen, tt->tag, aclass, opt, ctx); +- q = p; +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- else if (ret == -1) +- return -1; +- if (!cst) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, +- ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); +- return 0; +- } +- /* We've found the field so it can't be OPTIONAL now */ +- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- /* We read the field in OK so update length */ +- len -= p - q; +- if (exp_eoc) +- { +- /* If NDEF we must have an EOC here */ +- if (!asn1_check_eoc(&p, len)) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, +- ASN1_R_MISSING_EOC); +- goto err; +- } +- } +- else +- { +- /* Otherwise we must hit the EXPLICIT tag end or its +- * an error */ +- if (len) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, +- ASN1_R_EXPLICIT_LENGTH_MISMATCH); +- goto err; +- } +- } +- } +- else +- return asn1_template_noexp_d2i(val, in, inlen, +- tt, opt, ctx); +- +- *in = p; +- return 1; +- +- err: +- ASN1_template_free(val, tt); +- return 0; +- } ++ const unsigned char **in, long inlen, ++ const ASN1_TEMPLATE *tt, char opt, ++ ASN1_TLC *ctx) ++{ ++ int flags, aclass; ++ int ret; ++ long len; ++ const unsigned char *p, *q; ++ char exp_eoc; ++ if (!val) ++ return 0; ++ flags = tt->flags; ++ aclass = flags & ASN1_TFLG_TAG_CLASS; ++ ++ p = *in; ++ ++ /* Check if EXPLICIT tag expected */ ++ if (flags & ASN1_TFLG_EXPTAG) { ++ char cst; ++ /* ++ * Need to work out amount of data available to the inner content and ++ * where it starts: so read in EXPLICIT header to get the info. ++ */ ++ ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, ++ &p, inlen, tt->tag, aclass, opt, ctx); ++ q = p; ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } else if (ret == -1) ++ return -1; ++ if (!cst) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ++ ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); ++ return 0; ++ } ++ /* We've found the field so it can't be OPTIONAL now */ ++ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } ++ /* We read the field in OK so update length */ ++ len -= p - q; ++ if (exp_eoc) { ++ /* If NDEF we must have an EOC here */ ++ if (!asn1_check_eoc(&p, len)) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC); ++ goto err; ++ } ++ } else { ++ /* ++ * Otherwise we must hit the EXPLICIT tag end or its an error ++ */ ++ if (len) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ++ ASN1_R_EXPLICIT_LENGTH_MISMATCH); ++ goto err; ++ } ++ } ++ } else ++ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); ++ ++ *in = p; ++ return 1; ++ ++ err: ++ ASN1_template_free(val, tt); ++ return 0; ++} + + static int asn1_template_noexp_d2i(ASN1_VALUE **val, +- const unsigned char **in, long len, +- const ASN1_TEMPLATE *tt, char opt, +- ASN1_TLC *ctx) +- { +- int flags, aclass; +- int ret; +- const unsigned char *p, *q; +- if (!val) +- return 0; +- flags = tt->flags; +- aclass = flags & ASN1_TFLG_TAG_CLASS; +- +- p = *in; +- q = p; +- +- if (flags & ASN1_TFLG_SK_MASK) +- { +- /* SET OF, SEQUENCE OF */ +- int sktag, skaclass; +- char sk_eoc; +- /* First work out expected inner tag value */ +- if (flags & ASN1_TFLG_IMPTAG) +- { +- sktag = tt->tag; +- skaclass = aclass; +- } +- else +- { +- skaclass = V_ASN1_UNIVERSAL; +- if (flags & ASN1_TFLG_SET_OF) +- sktag = V_ASN1_SET; +- else +- sktag = V_ASN1_SEQUENCE; +- } +- /* Get the tag */ +- ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, +- &p, len, sktag, skaclass, opt, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- else if (ret == -1) +- return -1; +- if (!*val) +- *val = (ASN1_VALUE *)sk_new_null(); +- else +- { +- /* We've got a valid STACK: free up any items present */ +- STACK *sktmp = (STACK *)*val; +- ASN1_VALUE *vtmp; +- while(sk_num(sktmp) > 0) +- { +- vtmp = (ASN1_VALUE *)sk_pop(sktmp); +- ASN1_item_ex_free(&vtmp, +- ASN1_ITEM_ptr(tt->item)); +- } +- } +- +- if (!*val) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* Read as many items as we can */ +- while(len > 0) +- { +- ASN1_VALUE *skfield; +- q = p; +- /* See if EOC found */ +- if (asn1_check_eoc(&p, len)) +- { +- if (!sk_eoc) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ASN1_R_UNEXPECTED_EOC); +- goto err; +- } +- len -= p - q; +- sk_eoc = 0; +- break; +- } +- skfield = NULL; +- if (!ASN1_item_ex_d2i(&skfield, &p, len, +- ASN1_ITEM_ptr(tt->item), +- -1, 0, 0, ctx)) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- len -= p - q; +- if (!sk_push((STACK *)*val, (char *)skfield)) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- if (sk_eoc) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); +- goto err; +- } +- } +- else if (flags & ASN1_TFLG_IMPTAG) +- { +- /* IMPLICIT tagging */ +- ret = ASN1_item_ex_d2i(val, &p, len, +- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- else if (ret == -1) +- return -1; +- } +- else +- { +- /* Nothing special */ +- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), +- -1, 0, opt, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, +- ERR_R_NESTED_ASN1_ERROR); +- goto err; +- } +- else if (ret == -1) +- return -1; +- } +- +- *in = p; +- return 1; +- +- err: +- ASN1_template_free(val, tt); +- return 0; +- } ++ const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt, char opt, ++ ASN1_TLC *ctx) ++{ ++ int flags, aclass; ++ int ret; ++ const unsigned char *p, *q; ++ if (!val) ++ return 0; ++ flags = tt->flags; ++ aclass = flags & ASN1_TFLG_TAG_CLASS; ++ ++ p = *in; ++ q = p; ++ ++ if (flags & ASN1_TFLG_SK_MASK) { ++ /* SET OF, SEQUENCE OF */ ++ int sktag, skaclass; ++ char sk_eoc; ++ /* First work out expected inner tag value */ ++ if (flags & ASN1_TFLG_IMPTAG) { ++ sktag = tt->tag; ++ skaclass = aclass; ++ } else { ++ skaclass = V_ASN1_UNIVERSAL; ++ if (flags & ASN1_TFLG_SET_OF) ++ sktag = V_ASN1_SET; ++ else ++ sktag = V_ASN1_SEQUENCE; ++ } ++ /* Get the tag */ ++ ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, ++ &p, len, sktag, skaclass, opt, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } else if (ret == -1) ++ return -1; ++ if (!*val) ++ *val = (ASN1_VALUE *)sk_new_null(); ++ else { ++ /* ++ * We've got a valid STACK: free up any items present ++ */ ++ STACK *sktmp = (STACK *) * val; ++ ASN1_VALUE *vtmp; ++ while (sk_num(sktmp) > 0) { ++ vtmp = (ASN1_VALUE *)sk_pop(sktmp); ++ ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); ++ } ++ } ++ ++ if (!*val) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* Read as many items as we can */ ++ while (len > 0) { ++ ASN1_VALUE *skfield; ++ q = p; ++ /* See if EOC found */ ++ if (asn1_check_eoc(&p, len)) { ++ if (!sk_eoc) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ++ ASN1_R_UNEXPECTED_EOC); ++ goto err; ++ } ++ len -= p - q; ++ sk_eoc = 0; ++ break; ++ } ++ skfield = NULL; ++ if (!ASN1_item_ex_d2i(&skfield, &p, len, ++ ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ++ ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ len -= p - q; ++ if (!sk_push((STACK *) * val, (char *)skfield)) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ if (sk_eoc) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); ++ goto err; ++ } ++ } else if (flags & ASN1_TFLG_IMPTAG) { ++ /* IMPLICIT tagging */ ++ ret = ASN1_item_ex_d2i(val, &p, len, ++ ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ++ ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } else if (ret == -1) ++ return -1; ++ } else { ++ /* Nothing special */ ++ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), ++ -1, 0, opt, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } else if (ret == -1) ++ return -1; ++ } ++ ++ *in = p; ++ return 1; ++ ++ err: ++ ASN1_template_free(val, tt); ++ return 0; ++} + + static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, +- const unsigned char **in, long inlen, +- const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx) +- { +- int ret = 0, utype; +- long plen; +- char cst, inf, free_cont = 0; +- const unsigned char *p; +- BUF_MEM buf; +- const unsigned char *cont = NULL; +- long len; +- if (!pval) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); +- return 0; /* Should never happen */ +- } +- +- if (it->itype == ASN1_ITYPE_MSTRING) +- { +- utype = tag; +- tag = -1; +- } +- else +- utype = it->utype; +- +- if (utype == V_ASN1_ANY) +- { +- /* If type is ANY need to figure out type from tag */ +- unsigned char oclass; +- if (tag >= 0) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, +- ASN1_R_ILLEGAL_TAGGED_ANY); +- return 0; +- } +- if (opt) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, +- ASN1_R_ILLEGAL_OPTIONAL_ANY); +- return 0; +- } +- p = *in; +- ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, +- &p, inlen, -1, 0, 0, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, +- ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- if (oclass != V_ASN1_UNIVERSAL) +- utype = V_ASN1_OTHER; +- } +- if (tag == -1) +- { +- tag = utype; +- aclass = V_ASN1_UNIVERSAL; +- } +- p = *in; +- /* Check header */ +- ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, +- &p, inlen, tag, aclass, opt, ctx); +- if (!ret) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- else if (ret == -1) +- return -1; +- ret = 0; +- /* SEQUENCE, SET and "OTHER" are left in encoded form */ +- if ((utype == V_ASN1_SEQUENCE) +- || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) +- { +- /* Clear context cache for type OTHER because the auto clear +- * when we have a exact match wont work +- */ +- if (utype == V_ASN1_OTHER) +- { +- asn1_tlc_clear(ctx); +- } +- /* SEQUENCE and SET must be constructed */ +- else if (!cst) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, +- ASN1_R_TYPE_NOT_CONSTRUCTED); +- return 0; +- } +- +- cont = *in; +- /* If indefinite length constructed find the real end */ +- if (inf) +- { +- if (!asn1_find_end(&p, plen, inf)) +- goto err; +- len = p - cont; +- } +- else +- { +- len = p - cont + plen; +- p += plen; +- buf.data = NULL; +- } +- } +- else if (cst) +- { +- buf.length = 0; +- buf.max = 0; +- buf.data = NULL; +- /* Should really check the internal tags are correct but +- * some things may get this wrong. The relevant specs +- * say that constructed string types should be OCTET STRINGs +- * internally irrespective of the type. So instead just check +- * for UNIVERSAL class and ignore the tag. +- */ +- if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) +- { +- free_cont = 1; +- goto err; +- } +- len = buf.length; +- /* Append a final null to string */ +- if (!BUF_MEM_grow_clean(&buf, len + 1)) +- { +- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- buf.data[len] = 0; +- cont = (const unsigned char *)buf.data; +- free_cont = 1; +- } +- else +- { +- cont = p; +- len = plen; +- p += plen; +- } +- +- /* We now have content length and type: translate into a structure */ +- if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) +- goto err; +- +- *in = p; +- ret = 1; +- err: +- if (free_cont && buf.data) OPENSSL_free(buf.data); +- return ret; +- } ++ const unsigned char **in, long inlen, ++ const ASN1_ITEM *it, ++ int tag, int aclass, char opt, ASN1_TLC *ctx) ++{ ++ int ret = 0, utype; ++ long plen; ++ char cst, inf, free_cont = 0; ++ const unsigned char *p; ++ BUF_MEM buf; ++ const unsigned char *cont = NULL; ++ long len; ++ if (!pval) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); ++ return 0; /* Should never happen */ ++ } ++ ++ if (it->itype == ASN1_ITYPE_MSTRING) { ++ utype = tag; ++ tag = -1; ++ } else ++ utype = it->utype; ++ ++ if (utype == V_ASN1_ANY) { ++ /* If type is ANY need to figure out type from tag */ ++ unsigned char oclass; ++ if (tag >= 0) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); ++ return 0; ++ } ++ if (opt) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ++ ASN1_R_ILLEGAL_OPTIONAL_ANY); ++ return 0; ++ } ++ p = *in; ++ ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, ++ &p, inlen, -1, 0, 0, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } ++ if (oclass != V_ASN1_UNIVERSAL) ++ utype = V_ASN1_OTHER; ++ } ++ if (tag == -1) { ++ tag = utype; ++ aclass = V_ASN1_UNIVERSAL; ++ } ++ p = *in; ++ /* Check header */ ++ ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, ++ &p, inlen, tag, aclass, opt, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } else if (ret == -1) ++ return -1; ++ ret = 0; ++ /* SEQUENCE, SET and "OTHER" are left in encoded form */ ++ if ((utype == V_ASN1_SEQUENCE) ++ || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { ++ /* ++ * Clear context cache for type OTHER because the auto clear when we ++ * have a exact match wont work ++ */ ++ if (utype == V_ASN1_OTHER) { ++ asn1_tlc_clear(ctx); ++ } ++ /* SEQUENCE and SET must be constructed */ ++ else if (!cst) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ++ ASN1_R_TYPE_NOT_CONSTRUCTED); ++ return 0; ++ } ++ ++ cont = *in; ++ /* If indefinite length constructed find the real end */ ++ if (inf) { ++ if (!asn1_find_end(&p, plen, inf)) ++ goto err; ++ len = p - cont; ++ } else { ++ len = p - cont + plen; ++ p += plen; ++ buf.data = NULL; ++ } ++ } else if (cst) { ++ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN ++ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER ++ || utype == V_ASN1_ENUMERATED) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); ++ return 0; ++ } ++ buf.length = 0; ++ buf.max = 0; ++ buf.data = NULL; ++ /* ++ * Should really check the internal tags are correct but some things ++ * may get this wrong. The relevant specs say that constructed string ++ * types should be OCTET STRINGs internally irrespective of the type. ++ * So instead just check for UNIVERSAL class and ignore the tag. ++ */ ++ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { ++ free_cont = 1; ++ goto err; ++ } ++ len = buf.length; ++ /* Append a final null to string */ ++ if (!BUF_MEM_grow_clean(&buf, len + 1)) { ++ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ buf.data[len] = 0; ++ cont = (const unsigned char *)buf.data; ++ free_cont = 1; ++ } else { ++ cont = p; ++ len = plen; ++ p += plen; ++ } ++ ++ /* We now have content length and type: translate into a structure */ ++ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) ++ goto err; ++ ++ *in = p; ++ ret = 1; ++ err: ++ if (free_cont && buf.data) ++ OPENSSL_free(buf.data); ++ return ret; ++} + + /* Translate ASN1 content octets into a structure */ + + int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it) +- { +- ASN1_VALUE **opval = NULL; +- ASN1_STRING *stmp; +- ASN1_TYPE *typ = NULL; +- int ret = 0; +- const ASN1_PRIMITIVE_FUNCS *pf; +- ASN1_INTEGER **tint; +- pf = it->funcs; +- +- if (pf && pf->prim_c2i) +- return pf->prim_c2i(pval, cont, len, utype, free_cont, it); +- /* If ANY type clear type and set pointer to internal value */ +- if (it->utype == V_ASN1_ANY) +- { +- if (!*pval) +- { +- typ = ASN1_TYPE_new(); +- if (typ == NULL) +- goto err; +- *pval = (ASN1_VALUE *)typ; +- } +- else +- typ = (ASN1_TYPE *)*pval; +- +- if (utype != typ->type) +- ASN1_TYPE_set(typ, utype, NULL); +- opval = pval; +- pval = &typ->value.asn1_value; +- } +- switch(utype) +- { +- case V_ASN1_OBJECT: +- if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) +- goto err; +- break; +- +- case V_ASN1_NULL: +- if (len) +- { +- ASN1err(ASN1_F_ASN1_EX_C2I, +- ASN1_R_NULL_IS_WRONG_LENGTH); +- goto err; +- } +- *pval = (ASN1_VALUE *)1; +- break; +- +- case V_ASN1_BOOLEAN: +- if (len != 1) +- { +- ASN1err(ASN1_F_ASN1_EX_C2I, +- ASN1_R_BOOLEAN_IS_WRONG_LENGTH); +- goto err; +- } +- else +- { +- ASN1_BOOLEAN *tbool; +- tbool = (ASN1_BOOLEAN *)pval; +- *tbool = *cont; +- } +- break; +- +- case V_ASN1_BIT_STRING: +- if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) +- goto err; +- break; +- +- case V_ASN1_INTEGER: +- case V_ASN1_NEG_INTEGER: +- case V_ASN1_ENUMERATED: +- case V_ASN1_NEG_ENUMERATED: +- tint = (ASN1_INTEGER **)pval; +- if (!c2i_ASN1_INTEGER(tint, &cont, len)) +- goto err; +- /* Fixup type to match the expected form */ +- (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); +- break; +- +- case V_ASN1_OCTET_STRING: +- case V_ASN1_NUMERICSTRING: +- case V_ASN1_PRINTABLESTRING: +- case V_ASN1_T61STRING: +- case V_ASN1_VIDEOTEXSTRING: +- case V_ASN1_IA5STRING: +- case V_ASN1_UTCTIME: +- case V_ASN1_GENERALIZEDTIME: +- case V_ASN1_GRAPHICSTRING: +- case V_ASN1_VISIBLESTRING: +- case V_ASN1_GENERALSTRING: +- case V_ASN1_UNIVERSALSTRING: +- case V_ASN1_BMPSTRING: +- case V_ASN1_UTF8STRING: +- case V_ASN1_OTHER: +- case V_ASN1_SET: +- case V_ASN1_SEQUENCE: +- default: +- if (utype == V_ASN1_BMPSTRING && (len & 1)) +- { +- ASN1err(ASN1_F_ASN1_EX_C2I, +- ASN1_R_BMPSTRING_IS_WRONG_LENGTH); +- goto err; +- } +- if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) +- { +- ASN1err(ASN1_F_ASN1_EX_C2I, +- ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); +- goto err; +- } +- /* All based on ASN1_STRING and handled the same */ +- if (!*pval) +- { +- stmp = ASN1_STRING_type_new(utype); +- if (!stmp) +- { +- ASN1err(ASN1_F_ASN1_EX_C2I, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- *pval = (ASN1_VALUE *)stmp; +- } +- else +- { +- stmp = (ASN1_STRING *)*pval; +- stmp->type = utype; +- } +- /* If we've already allocated a buffer use it */ +- if (*free_cont) +- { +- if (stmp->data) +- OPENSSL_free(stmp->data); +- stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ +- stmp->length = len; +- *free_cont = 0; +- } +- else +- { +- if (!ASN1_STRING_set(stmp, cont, len)) +- { +- ASN1err(ASN1_F_ASN1_EX_C2I, +- ERR_R_MALLOC_FAILURE); +- ASN1_STRING_free(stmp); +- *pval = NULL; +- goto err; +- } +- } +- break; +- } +- /* If ASN1_ANY and NULL type fix up value */ +- if (typ && (utype == V_ASN1_NULL)) +- typ->value.ptr = NULL; +- +- ret = 1; +- err: +- if (!ret) +- { +- ASN1_TYPE_free(typ); +- if (opval) +- *opval = NULL; +- } +- return ret; +- } +- +- +-/* This function finds the end of an ASN1 structure when passed its maximum +- * length, whether it is indefinite length and a pointer to the content. +- * This is more efficient than calling asn1_collect because it does not +- * recurse on each indefinite length header. ++ int utype, char *free_cont, const ASN1_ITEM *it) ++{ ++ ASN1_VALUE **opval = NULL; ++ ASN1_STRING *stmp; ++ ASN1_TYPE *typ = NULL; ++ int ret = 0; ++ const ASN1_PRIMITIVE_FUNCS *pf; ++ ASN1_INTEGER **tint; ++ pf = it->funcs; ++ ++ if (pf && pf->prim_c2i) ++ return pf->prim_c2i(pval, cont, len, utype, free_cont, it); ++ /* If ANY type clear type and set pointer to internal value */ ++ if (it->utype == V_ASN1_ANY) { ++ if (!*pval) { ++ typ = ASN1_TYPE_new(); ++ if (typ == NULL) ++ goto err; ++ *pval = (ASN1_VALUE *)typ; ++ } else ++ typ = (ASN1_TYPE *)*pval; ++ ++ if (utype != typ->type) ++ ASN1_TYPE_set(typ, utype, NULL); ++ opval = pval; ++ pval = &typ->value.asn1_value; ++ } ++ switch (utype) { ++ case V_ASN1_OBJECT: ++ if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) ++ goto err; ++ break; ++ ++ case V_ASN1_NULL: ++ if (len) { ++ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH); ++ goto err; ++ } ++ *pval = (ASN1_VALUE *)1; ++ break; ++ ++ case V_ASN1_BOOLEAN: ++ if (len != 1) { ++ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); ++ goto err; ++ } else { ++ ASN1_BOOLEAN *tbool; ++ tbool = (ASN1_BOOLEAN *)pval; ++ *tbool = *cont; ++ } ++ break; ++ ++ case V_ASN1_BIT_STRING: ++ if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) ++ goto err; ++ break; ++ ++ case V_ASN1_INTEGER: ++ case V_ASN1_NEG_INTEGER: ++ case V_ASN1_ENUMERATED: ++ case V_ASN1_NEG_ENUMERATED: ++ tint = (ASN1_INTEGER **)pval; ++ if (!c2i_ASN1_INTEGER(tint, &cont, len)) ++ goto err; ++ /* Fixup type to match the expected form */ ++ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); ++ break; ++ ++ case V_ASN1_OCTET_STRING: ++ case V_ASN1_NUMERICSTRING: ++ case V_ASN1_PRINTABLESTRING: ++ case V_ASN1_T61STRING: ++ case V_ASN1_VIDEOTEXSTRING: ++ case V_ASN1_IA5STRING: ++ case V_ASN1_UTCTIME: ++ case V_ASN1_GENERALIZEDTIME: ++ case V_ASN1_GRAPHICSTRING: ++ case V_ASN1_VISIBLESTRING: ++ case V_ASN1_GENERALSTRING: ++ case V_ASN1_UNIVERSALSTRING: ++ case V_ASN1_BMPSTRING: ++ case V_ASN1_UTF8STRING: ++ case V_ASN1_OTHER: ++ case V_ASN1_SET: ++ case V_ASN1_SEQUENCE: ++ default: ++ if (utype == V_ASN1_BMPSTRING && (len & 1)) { ++ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); ++ goto err; ++ } ++ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { ++ ASN1err(ASN1_F_ASN1_EX_C2I, ++ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); ++ goto err; ++ } ++ /* All based on ASN1_STRING and handled the same */ ++ if (!*pval) { ++ stmp = ASN1_STRING_type_new(utype); ++ if (!stmp) { ++ ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ *pval = (ASN1_VALUE *)stmp; ++ } else { ++ stmp = (ASN1_STRING *)*pval; ++ stmp->type = utype; ++ } ++ /* If we've already allocated a buffer use it */ ++ if (*free_cont) { ++ if (stmp->data) ++ OPENSSL_free(stmp->data); ++ stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ ++ stmp->length = len; ++ *free_cont = 0; ++ } else { ++ if (!ASN1_STRING_set(stmp, cont, len)) { ++ ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); ++ ASN1_STRING_free(stmp); ++ *pval = NULL; ++ goto err; ++ } ++ } ++ break; ++ } ++ /* If ASN1_ANY and NULL type fix up value */ ++ if (typ && (utype == V_ASN1_NULL)) ++ typ->value.ptr = NULL; ++ ++ ret = 1; ++ err: ++ if (!ret) { ++ ASN1_TYPE_free(typ); ++ if (opval) ++ *opval = NULL; ++ } ++ return ret; ++} ++ ++/* ++ * This function finds the end of an ASN1 structure when passed its maximum ++ * length, whether it is indefinite length and a pointer to the content. This ++ * is more efficient than calling asn1_collect because it does not recurse on ++ * each indefinite length header. + */ + + static int asn1_find_end(const unsigned char **in, long len, char inf) +- { +- int expected_eoc; +- long plen; +- const unsigned char *p = *in, *q; +- /* If not indefinite length constructed just add length */ +- if (inf == 0) +- { +- *in += len; +- return 1; +- } +- expected_eoc = 1; +- /* Indefinite length constructed form. Find the end when enough EOCs +- * are found. If more indefinite length constructed headers +- * are encountered increment the expected eoc count otherwise just +- * skip to the end of the data. +- */ +- while (len > 0) +- { +- if(asn1_check_eoc(&p, len)) +- { +- expected_eoc--; +- if (expected_eoc == 0) +- break; +- len -= 2; +- continue; +- } +- q = p; +- /* Just read in a header: only care about the length */ +- if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, +- -1, 0, 0, NULL)) +- { +- ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- if (inf) +- expected_eoc++; +- else +- p += plen; +- len -= p - q; +- } +- if (expected_eoc) +- { +- ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); +- return 0; +- } +- *in = p; +- return 1; +- } +-/* This function collects the asn1 data from a constructred string +- * type into a buffer. The values of 'in' and 'len' should refer +- * to the contents of the constructed type and 'inf' should be set +- * if it is indefinite length. ++{ ++ int expected_eoc; ++ long plen; ++ const unsigned char *p = *in, *q; ++ /* If not indefinite length constructed just add length */ ++ if (inf == 0) { ++ *in += len; ++ return 1; ++ } ++ expected_eoc = 1; ++ /* ++ * Indefinite length constructed form. Find the end when enough EOCs are ++ * found. If more indefinite length constructed headers are encountered ++ * increment the expected eoc count otherwise just skip to the end of the ++ * data. ++ */ ++ while (len > 0) { ++ if (asn1_check_eoc(&p, len)) { ++ expected_eoc--; ++ if (expected_eoc == 0) ++ break; ++ len -= 2; ++ continue; ++ } ++ q = p; ++ /* Just read in a header: only care about the length */ ++ if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, ++ -1, 0, 0, NULL)) { ++ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } ++ if (inf) ++ expected_eoc++; ++ else ++ p += plen; ++ len -= p - q; ++ } ++ if (expected_eoc) { ++ ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); ++ return 0; ++ } ++ *in = p; ++ return 1; ++} ++ ++/* ++ * This function collects the asn1 data from a constructred string type into ++ * a buffer. The values of 'in' and 'len' should refer to the contents of the ++ * constructed type and 'inf' should be set if it is indefinite length. + */ + + #ifndef ASN1_MAX_STRING_NEST +-/* This determines how many levels of recursion are permitted in ASN1 +- * string types. If it is not limited stack overflows can occur. If set +- * to zero no recursion is allowed at all. Although zero should be adequate +- * examples exist that require a value of 1. So 5 should be more than enough. ++/* ++ * This determines how many levels of recursion are permitted in ASN1 string ++ * types. If it is not limited stack overflows can occur. If set to zero no ++ * recursion is allowed at all. Although zero should be adequate examples ++ * exist that require a value of 1. So 5 should be more than enough. + */ +-#define ASN1_MAX_STRING_NEST 5 ++# define ASN1_MAX_STRING_NEST 5 + #endif + +- + static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, +- char inf, int tag, int aclass, int depth) +- { +- const unsigned char *p, *q; +- long plen; +- char cst, ininf; +- p = *in; +- inf &= 1; +- /* If no buffer and not indefinite length constructed just pass over +- * the encoded data */ +- if (!buf && !inf) +- { +- *in += len; +- return 1; +- } +- while(len > 0) +- { +- q = p; +- /* Check for EOC */ +- if (asn1_check_eoc(&p, len)) +- { +- /* EOC is illegal outside indefinite length +- * constructed form */ +- if (!inf) +- { +- ASN1err(ASN1_F_ASN1_COLLECT, +- ASN1_R_UNEXPECTED_EOC); +- return 0; +- } +- inf = 0; +- break; +- } +- +- if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, +- len, tag, aclass, 0, NULL)) +- { +- ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } +- +- /* If indefinite length constructed update max length */ +- if (cst) +- { +- if (depth >= ASN1_MAX_STRING_NEST) +- { +- ASN1err(ASN1_F_ASN1_COLLECT, +- ASN1_R_NESTED_ASN1_STRING); +- return 0; +- } +- if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, +- depth + 1)) +- return 0; +- } +- else if (plen && !collect_data(buf, &p, plen)) +- return 0; +- len -= p - q; +- } +- if (inf) +- { +- ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); +- return 0; +- } +- *in = p; +- return 1; +- } ++ char inf, int tag, int aclass, int depth) ++{ ++ const unsigned char *p, *q; ++ long plen; ++ char cst, ininf; ++ p = *in; ++ inf &= 1; ++ /* ++ * If no buffer and not indefinite length constructed just pass over the ++ * encoded data ++ */ ++ if (!buf && !inf) { ++ *in += len; ++ return 1; ++ } ++ while (len > 0) { ++ q = p; ++ /* Check for EOC */ ++ if (asn1_check_eoc(&p, len)) { ++ /* ++ * EOC is illegal outside indefinite length constructed form ++ */ ++ if (!inf) { ++ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); ++ return 0; ++ } ++ inf = 0; ++ break; ++ } ++ ++ if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, ++ len, tag, aclass, 0, NULL)) { ++ ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++ } ++ ++ /* If indefinite length constructed update max length */ ++ if (cst) { ++ if (depth >= ASN1_MAX_STRING_NEST) { ++ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); ++ return 0; ++ } ++ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1)) ++ return 0; ++ } else if (plen && !collect_data(buf, &p, plen)) ++ return 0; ++ len -= p - q; ++ } ++ if (inf) { ++ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); ++ return 0; ++ } ++ *in = p; ++ return 1; ++} + + static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) +- { +- int len; +- if (buf) +- { +- len = buf->length; +- if (!BUF_MEM_grow_clean(buf, len + plen)) +- { +- ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- memcpy(buf->data + len, *p, plen); +- } +- *p += plen; +- return 1; +- } ++{ ++ int len; ++ if (buf) { ++ len = buf->length; ++ if (!BUF_MEM_grow_clean(buf, len + plen)) { ++ ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ memcpy(buf->data + len, *p, plen); ++ } ++ *p += plen; ++ return 1; ++} + + /* Check for ASN1 EOC and swallow it if found */ + + static int asn1_check_eoc(const unsigned char **in, long len) +- { +- const unsigned char *p; +- if (len < 2) return 0; +- p = *in; +- if (!p[0] && !p[1]) +- { +- *in += 2; +- return 1; +- } +- return 0; +- } +- +-/* Check an ASN1 tag and length: a bit like ASN1_get_object +- * but it sets the length for indefinite length constructed +- * form, we don't know the exact length but we can set an +- * upper bound to the amount of data available minus the +- * header length just read. ++{ ++ const unsigned char *p; ++ if (len < 2) ++ return 0; ++ p = *in; ++ if (!p[0] && !p[1]) { ++ *in += 2; ++ return 1; ++ } ++ return 0; ++} ++ ++/* ++ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the ++ * length for indefinite length constructed form, we don't know the exact ++ * length but we can set an upper bound to the amount of data available minus ++ * the header length just read. + */ + + static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, +- char *inf, char *cst, +- const unsigned char **in, long len, +- int exptag, int expclass, char opt, +- ASN1_TLC *ctx) +- { +- int i; +- int ptag, pclass; +- long plen; +- const unsigned char *p, *q; +- p = *in; +- q = p; +- +- if (ctx && ctx->valid) +- { +- i = ctx->ret; +- plen = ctx->plen; +- pclass = ctx->pclass; +- ptag = ctx->ptag; +- p += ctx->hdrlen; +- } +- else +- { +- i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); +- if (ctx) +- { +- ctx->ret = i; +- ctx->plen = plen; +- ctx->pclass = pclass; +- ctx->ptag = ptag; +- ctx->hdrlen = p - q; +- ctx->valid = 1; +- /* If definite length, and no error, length + +- * header can't exceed total amount of data available. +- */ +- if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) +- { +- ASN1err(ASN1_F_ASN1_CHECK_TLEN, +- ASN1_R_TOO_LONG); +- asn1_tlc_clear(ctx); +- return 0; +- } +- } +- } +- +- if (i & 0x80) +- { +- ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); +- asn1_tlc_clear(ctx); +- return 0; +- } +- if (exptag >= 0) +- { +- if ((exptag != ptag) || (expclass != pclass)) +- { +- /* If type is OPTIONAL, not an error: +- * indicate missing type. +- */ +- if (opt) return -1; +- asn1_tlc_clear(ctx); +- ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); +- return 0; +- } +- /* We have a tag and class match: +- * assume we are going to do something with it */ +- asn1_tlc_clear(ctx); +- } +- +- if (i & 1) +- plen = len - (p - q); +- +- if (inf) +- *inf = i & 1; +- +- if (cst) +- *cst = i & V_ASN1_CONSTRUCTED; +- +- if (olen) +- *olen = plen; +- +- if (oclass) +- *oclass = pclass; +- +- if (otag) +- *otag = ptag; +- +- *in = p; +- return 1; +- } ++ char *inf, char *cst, ++ const unsigned char **in, long len, ++ int exptag, int expclass, char opt, ASN1_TLC *ctx) ++{ ++ int i; ++ int ptag, pclass; ++ long plen; ++ const unsigned char *p, *q; ++ p = *in; ++ q = p; ++ ++ if (ctx && ctx->valid) { ++ i = ctx->ret; ++ plen = ctx->plen; ++ pclass = ctx->pclass; ++ ptag = ctx->ptag; ++ p += ctx->hdrlen; ++ } else { ++ i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); ++ if (ctx) { ++ ctx->ret = i; ++ ctx->plen = plen; ++ ctx->pclass = pclass; ++ ctx->ptag = ptag; ++ ctx->hdrlen = p - q; ++ ctx->valid = 1; ++ /* ++ * If definite length, and no error, length + header can't exceed ++ * total amount of data available. ++ */ ++ if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { ++ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); ++ asn1_tlc_clear(ctx); ++ return 0; ++ } ++ } ++ } ++ ++ if (i & 0x80) { ++ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); ++ asn1_tlc_clear(ctx); ++ return 0; ++ } ++ if (exptag >= 0) { ++ if ((exptag != ptag) || (expclass != pclass)) { ++ /* ++ * If type is OPTIONAL, not an error: indicate missing type. ++ */ ++ if (opt) ++ return -1; ++ asn1_tlc_clear(ctx); ++ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); ++ return 0; ++ } ++ /* ++ * We have a tag and class match: assume we are going to do something ++ * with it ++ */ ++ asn1_tlc_clear(ctx); ++ } ++ ++ if (i & 1) ++ plen = len - (p - q); ++ ++ if (inf) ++ *inf = i & 1; ++ ++ if (cst) ++ *cst = i & V_ASN1_CONSTRUCTED; ++ ++ if (olen) ++ *olen = plen; ++ ++ if (oclass) ++ *oclass = pclass; ++ ++ if (otag) ++ *otag = ptag; ++ ++ *in = p; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +index b3687f9..b93f3f6 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +@@ -1,6 +1,7 @@ + /* tasn_enc.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include + #include "cryptlib.h" +@@ -65,631 +65,596 @@ + #include + + static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, +- const ASN1_ITEM *it, +- int tag, int aclass); ++ const ASN1_ITEM *it, int tag, int aclass); + static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, +- int skcontlen, const ASN1_ITEM *item, +- int do_sort, int iclass); ++ int skcontlen, const ASN1_ITEM *item, ++ int do_sort, int iclass); + static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, +- const ASN1_TEMPLATE *tt, +- int tag, int aclass); ++ const ASN1_TEMPLATE *tt, int tag, int aclass); + static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, +- const ASN1_ITEM *it, int flags); ++ const ASN1_ITEM *it, int flags); + +-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder +- * to use indefinite length constructed encoding, where appropriate ++/* ++ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use ++ * indefinite length constructed encoding, where appropriate + */ + + int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, +- const ASN1_ITEM *it) +- { +- return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); +- } ++ const ASN1_ITEM *it) ++{ ++ return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); ++} + + int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) +- { +- return asn1_item_flags_i2d(val, out, it, 0); +- } ++{ ++ return asn1_item_flags_i2d(val, out, it, 0); ++} + +-/* Encode an ASN1 item, this is use by the +- * standard 'i2d' function. 'out' points to +- * a buffer to output the data to. +- * +- * The new i2d has one additional feature. If the output +- * buffer is NULL (i.e. *out == NULL) then a buffer is ++/* ++ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out' ++ * points to a buffer to output the data to. The new i2d has one additional ++ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is + * allocated and populated with the encoding. + */ + + static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, +- const ASN1_ITEM *it, int flags) +- { +- if (out && !*out) +- { +- unsigned char *p, *buf; +- int len; +- len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); +- if (len <= 0) +- return len; +- buf = OPENSSL_malloc(len); +- if (!buf) +- return -1; +- p = buf; +- ASN1_item_ex_i2d(&val, &p, it, -1, flags); +- *out = buf; +- return len; +- } +- +- return ASN1_item_ex_i2d(&val, out, it, -1, flags); +- } +- +-/* Encode an item, taking care of IMPLICIT tagging (if any). +- * This function performs the normal item handling: it can be +- * used in external types. ++ const ASN1_ITEM *it, int flags) ++{ ++ if (out && !*out) { ++ unsigned char *p, *buf; ++ int len; ++ len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); ++ if (len <= 0) ++ return len; ++ buf = OPENSSL_malloc(len); ++ if (!buf) ++ return -1; ++ p = buf; ++ ASN1_item_ex_i2d(&val, &p, it, -1, flags); ++ *out = buf; ++ return len; ++ } ++ ++ return ASN1_item_ex_i2d(&val, out, it, -1, flags); ++} ++ ++/* ++ * Encode an item, taking care of IMPLICIT tagging (if any). This function ++ * performs the normal item handling: it can be used in external types. + */ + + int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, +- const ASN1_ITEM *it, int tag, int aclass) +- { +- const ASN1_TEMPLATE *tt = NULL; +- unsigned char *p = NULL; +- int i, seqcontlen, seqlen, ndef = 1; +- const ASN1_COMPAT_FUNCS *cf; +- const ASN1_EXTERN_FUNCS *ef; +- const ASN1_AUX *aux = it->funcs; +- ASN1_aux_cb *asn1_cb = 0; +- +- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) +- return 0; +- +- if (aux && aux->asn1_cb) +- asn1_cb = aux->asn1_cb; +- +- switch(it->itype) +- { +- +- case ASN1_ITYPE_PRIMITIVE: +- if (it->templates) +- return asn1_template_ex_i2d(pval, out, it->templates, +- tag, aclass); +- return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); +- break; +- +- case ASN1_ITYPE_MSTRING: +- return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); +- +- case ASN1_ITYPE_CHOICE: +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) +- return 0; +- i = asn1_get_choice_selector(pval, it); +- if ((i >= 0) && (i < it->tcount)) +- { +- ASN1_VALUE **pchval; +- const ASN1_TEMPLATE *chtt; +- chtt = it->templates + i; +- pchval = asn1_get_field_ptr(pval, chtt); +- return asn1_template_ex_i2d(pchval, out, chtt, +- -1, aclass); +- } +- /* Fixme: error condition if selector out of range */ +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) +- return 0; +- break; +- +- case ASN1_ITYPE_EXTERN: +- /* If new style i2d it does all the work */ +- ef = it->funcs; +- return ef->asn1_ex_i2d(pval, out, it, tag, aclass); +- +- case ASN1_ITYPE_COMPAT: +- /* old style hackery... */ +- cf = it->funcs; +- if (out) +- p = *out; +- i = cf->asn1_i2d(*pval, out); +- /* Fixup for IMPLICIT tag: note this messes up for tags > 30, +- * but so did the old code. Tags > 30 are very rare anyway. +- */ +- if (out && (tag != -1)) +- *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); +- return i; +- +- case ASN1_ITYPE_NDEF_SEQUENCE: +- /* Use indefinite length constructed if requested */ +- if (aclass & ASN1_TFLG_NDEF) ndef = 2; +- /* fall through */ +- +- case ASN1_ITYPE_SEQUENCE: +- i = asn1_enc_restore(&seqcontlen, out, pval, it); +- /* An error occurred */ +- if (i < 0) +- return 0; +- /* We have a valid cached encoding... */ +- if (i > 0) +- return seqcontlen; +- /* Otherwise carry on */ +- seqcontlen = 0; +- /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ +- if (tag == -1) +- { +- tag = V_ASN1_SEQUENCE; +- /* Retain any other flags in aclass */ +- aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) +- | V_ASN1_UNIVERSAL; +- } +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) +- return 0; +- /* First work out sequence content length */ +- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) +- { +- const ASN1_TEMPLATE *seqtt; +- ASN1_VALUE **pseqval; +- seqtt = asn1_do_adb(pval, tt, 1); +- if (!seqtt) +- return 0; +- pseqval = asn1_get_field_ptr(pval, seqtt); +- /* FIXME: check for errors in enhanced version */ +- seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, +- -1, aclass); +- } +- +- seqlen = ASN1_object_size(ndef, seqcontlen, tag); +- if (!out) +- return seqlen; +- /* Output SEQUENCE header */ +- ASN1_put_object(out, ndef, seqcontlen, tag, aclass); +- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) +- { +- const ASN1_TEMPLATE *seqtt; +- ASN1_VALUE **pseqval; +- seqtt = asn1_do_adb(pval, tt, 1); +- if (!seqtt) +- return 0; +- pseqval = asn1_get_field_ptr(pval, seqtt); +- /* FIXME: check for errors in enhanced version */ +- asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); +- } +- if (ndef == 2) +- ASN1_put_eoc(out); +- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) +- return 0; +- return seqlen; +- +- default: +- return 0; +- +- } +- return 0; +- } ++ const ASN1_ITEM *it, int tag, int aclass) ++{ ++ const ASN1_TEMPLATE *tt = NULL; ++ unsigned char *p = NULL; ++ int i, seqcontlen, seqlen, ndef = 1; ++ const ASN1_COMPAT_FUNCS *cf; ++ const ASN1_EXTERN_FUNCS *ef; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_aux_cb *asn1_cb = 0; ++ ++ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) ++ return 0; ++ ++ if (aux && aux->asn1_cb) ++ asn1_cb = aux->asn1_cb; ++ ++ switch (it->itype) { ++ ++ case ASN1_ITYPE_PRIMITIVE: ++ if (it->templates) ++ return asn1_template_ex_i2d(pval, out, it->templates, ++ tag, aclass); ++ return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); ++ break; ++ ++ case ASN1_ITYPE_MSTRING: ++ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); ++ ++ case ASN1_ITYPE_CHOICE: ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) ++ return 0; ++ i = asn1_get_choice_selector(pval, it); ++ if ((i >= 0) && (i < it->tcount)) { ++ ASN1_VALUE **pchval; ++ const ASN1_TEMPLATE *chtt; ++ chtt = it->templates + i; ++ pchval = asn1_get_field_ptr(pval, chtt); ++ return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass); ++ } ++ /* Fixme: error condition if selector out of range */ ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) ++ return 0; ++ break; ++ ++ case ASN1_ITYPE_EXTERN: ++ /* If new style i2d it does all the work */ ++ ef = it->funcs; ++ return ef->asn1_ex_i2d(pval, out, it, tag, aclass); ++ ++ case ASN1_ITYPE_COMPAT: ++ /* old style hackery... */ ++ cf = it->funcs; ++ if (out) ++ p = *out; ++ i = cf->asn1_i2d(*pval, out); ++ /* ++ * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so ++ * did the old code. Tags > 30 are very rare anyway. ++ */ ++ if (out && (tag != -1)) ++ *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); ++ return i; ++ ++ case ASN1_ITYPE_NDEF_SEQUENCE: ++ /* Use indefinite length constructed if requested */ ++ if (aclass & ASN1_TFLG_NDEF) ++ ndef = 2; ++ /* fall through */ ++ ++ case ASN1_ITYPE_SEQUENCE: ++ i = asn1_enc_restore(&seqcontlen, out, pval, it); ++ /* An error occurred */ ++ if (i < 0) ++ return 0; ++ /* We have a valid cached encoding... */ ++ if (i > 0) ++ return seqcontlen; ++ /* Otherwise carry on */ ++ seqcontlen = 0; ++ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ ++ if (tag == -1) { ++ tag = V_ASN1_SEQUENCE; ++ /* Retain any other flags in aclass */ ++ aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) ++ | V_ASN1_UNIVERSAL; ++ } ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) ++ return 0; ++ /* First work out sequence content length */ ++ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { ++ const ASN1_TEMPLATE *seqtt; ++ ASN1_VALUE **pseqval; ++ seqtt = asn1_do_adb(pval, tt, 1); ++ if (!seqtt) ++ return 0; ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ /* FIXME: check for errors in enhanced version */ ++ seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, ++ -1, aclass); ++ } ++ ++ seqlen = ASN1_object_size(ndef, seqcontlen, tag); ++ if (!out) ++ return seqlen; ++ /* Output SEQUENCE header */ ++ ASN1_put_object(out, ndef, seqcontlen, tag, aclass); ++ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { ++ const ASN1_TEMPLATE *seqtt; ++ ASN1_VALUE **pseqval; ++ seqtt = asn1_do_adb(pval, tt, 1); ++ if (!seqtt) ++ return 0; ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ /* FIXME: check for errors in enhanced version */ ++ asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); ++ } ++ if (ndef == 2) ++ ASN1_put_eoc(out); ++ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) ++ return 0; ++ return seqlen; ++ ++ default: ++ return 0; ++ ++ } ++ return 0; ++} + + int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, +- const ASN1_TEMPLATE *tt) +- { +- return asn1_template_ex_i2d(pval, out, tt, -1, 0); +- } ++ const ASN1_TEMPLATE *tt) ++{ ++ return asn1_template_ex_i2d(pval, out, tt, -1, 0); ++} + + static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, +- const ASN1_TEMPLATE *tt, int tag, int iclass) +- { +- int i, ret, flags, ttag, tclass, ndef; +- flags = tt->flags; +- /* Work out tag and class to use: tagging may come +- * either from the template or the arguments, not both +- * because this would create ambiguity. Additionally +- * the iclass argument may contain some additional flags +- * which should be noted and passed down to other levels. +- */ +- if (flags & ASN1_TFLG_TAG_MASK) +- { +- /* Error if argument and template tagging */ +- if (tag != -1) +- /* FIXME: error code here */ +- return -1; +- /* Get tagging from template */ +- ttag = tt->tag; +- tclass = flags & ASN1_TFLG_TAG_CLASS; +- } +- else if (tag != -1) +- { +- /* No template tagging, get from arguments */ +- ttag = tag; +- tclass = iclass & ASN1_TFLG_TAG_CLASS; +- } +- else +- { +- ttag = -1; +- tclass = 0; +- } +- /* +- * Remove any class mask from iflag. +- */ +- iclass &= ~ASN1_TFLG_TAG_CLASS; +- +- /* At this point 'ttag' contains the outer tag to use, +- * 'tclass' is the class and iclass is any flags passed +- * to this function. +- */ +- +- /* if template and arguments require ndef, use it */ +- if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) +- ndef = 2; +- else ndef = 1; +- +- if (flags & ASN1_TFLG_SK_MASK) +- { +- /* SET OF, SEQUENCE OF */ +- STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; +- int isset, sktag, skaclass; +- int skcontlen, sklen; +- ASN1_VALUE *skitem; +- +- if (!*pval) +- return 0; +- +- if (flags & ASN1_TFLG_SET_OF) +- { +- isset = 1; +- /* 2 means we reorder */ +- if (flags & ASN1_TFLG_SEQUENCE_OF) +- isset = 2; +- } +- else isset = 0; +- +- /* Work out inner tag value: if EXPLICIT +- * or no tagging use underlying type. +- */ +- if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) +- { +- sktag = ttag; +- skaclass = tclass; +- } +- else +- { +- skaclass = V_ASN1_UNIVERSAL; +- if (isset) +- sktag = V_ASN1_SET; +- else sktag = V_ASN1_SEQUENCE; +- } +- +- /* Determine total length of items */ +- skcontlen = 0; +- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) +- { +- skitem = sk_ASN1_VALUE_value(sk, i); +- skcontlen += ASN1_item_ex_i2d(&skitem, NULL, +- ASN1_ITEM_ptr(tt->item), +- -1, iclass); +- } +- sklen = ASN1_object_size(ndef, skcontlen, sktag); +- /* If EXPLICIT need length of surrounding tag */ +- if (flags & ASN1_TFLG_EXPTAG) +- ret = ASN1_object_size(ndef, sklen, ttag); +- else ret = sklen; +- +- if (!out) +- return ret; +- +- /* Now encode this lot... */ +- /* EXPLICIT tag */ +- if (flags & ASN1_TFLG_EXPTAG) +- ASN1_put_object(out, ndef, sklen, ttag, tclass); +- /* SET or SEQUENCE and IMPLICIT tag */ +- ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); +- /* And the stuff itself */ +- asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), +- isset, iclass); +- if (ndef == 2) +- { +- ASN1_put_eoc(out); +- if (flags & ASN1_TFLG_EXPTAG) +- ASN1_put_eoc(out); +- } +- +- return ret; +- } +- +- if (flags & ASN1_TFLG_EXPTAG) +- { +- /* EXPLICIT tagging */ +- /* Find length of tagged item */ +- i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), +- -1, iclass); +- if (!i) +- return 0; +- /* Find length of EXPLICIT tag */ +- ret = ASN1_object_size(ndef, i, ttag); +- if (out) +- { +- /* Output tag and item */ +- ASN1_put_object(out, ndef, i, ttag, tclass); +- ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), +- -1, iclass); +- if (ndef == 2) +- ASN1_put_eoc(out); +- } +- return ret; +- } +- +- /* Either normal or IMPLICIT tagging: combine class and flags */ +- return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), +- ttag, tclass | iclass); ++ const ASN1_TEMPLATE *tt, int tag, int iclass) ++{ ++ int i, ret, flags, ttag, tclass, ndef; ++ flags = tt->flags; ++ /* ++ * Work out tag and class to use: tagging may come either from the ++ * template or the arguments, not both because this would create ++ * ambiguity. Additionally the iclass argument may contain some ++ * additional flags which should be noted and passed down to other ++ * levels. ++ */ ++ if (flags & ASN1_TFLG_TAG_MASK) { ++ /* Error if argument and template tagging */ ++ if (tag != -1) ++ /* FIXME: error code here */ ++ return -1; ++ /* Get tagging from template */ ++ ttag = tt->tag; ++ tclass = flags & ASN1_TFLG_TAG_CLASS; ++ } else if (tag != -1) { ++ /* No template tagging, get from arguments */ ++ ttag = tag; ++ tclass = iclass & ASN1_TFLG_TAG_CLASS; ++ } else { ++ ttag = -1; ++ tclass = 0; ++ } ++ /* ++ * Remove any class mask from iflag. ++ */ ++ iclass &= ~ASN1_TFLG_TAG_CLASS; ++ ++ /* ++ * At this point 'ttag' contains the outer tag to use, 'tclass' is the ++ * class and iclass is any flags passed to this function. ++ */ ++ ++ /* if template and arguments require ndef, use it */ ++ if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) ++ ndef = 2; ++ else ++ ndef = 1; ++ ++ if (flags & ASN1_TFLG_SK_MASK) { ++ /* SET OF, SEQUENCE OF */ ++ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; ++ int isset, sktag, skaclass; ++ int skcontlen, sklen; ++ ASN1_VALUE *skitem; ++ ++ if (!*pval) ++ return 0; ++ ++ if (flags & ASN1_TFLG_SET_OF) { ++ isset = 1; ++ /* 2 means we reorder */ ++ if (flags & ASN1_TFLG_SEQUENCE_OF) ++ isset = 2; ++ } else ++ isset = 0; ++ ++ /* ++ * Work out inner tag value: if EXPLICIT or no tagging use underlying ++ * type. ++ */ ++ if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) { ++ sktag = ttag; ++ skaclass = tclass; ++ } else { ++ skaclass = V_ASN1_UNIVERSAL; ++ if (isset) ++ sktag = V_ASN1_SET; ++ else ++ sktag = V_ASN1_SEQUENCE; ++ } ++ ++ /* Determine total length of items */ ++ skcontlen = 0; ++ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ++ skitem = sk_ASN1_VALUE_value(sk, i); ++ skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ++ ASN1_ITEM_ptr(tt->item), ++ -1, iclass); ++ } ++ sklen = ASN1_object_size(ndef, skcontlen, sktag); ++ /* If EXPLICIT need length of surrounding tag */ ++ if (flags & ASN1_TFLG_EXPTAG) ++ ret = ASN1_object_size(ndef, sklen, ttag); ++ else ++ ret = sklen; ++ ++ if (!out) ++ return ret; ++ ++ /* Now encode this lot... */ ++ /* EXPLICIT tag */ ++ if (flags & ASN1_TFLG_EXPTAG) ++ ASN1_put_object(out, ndef, sklen, ttag, tclass); ++ /* SET or SEQUENCE and IMPLICIT tag */ ++ ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); ++ /* And the stuff itself */ ++ asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), ++ isset, iclass); ++ if (ndef == 2) { ++ ASN1_put_eoc(out); ++ if (flags & ASN1_TFLG_EXPTAG) ++ ASN1_put_eoc(out); ++ } ++ ++ return ret; ++ } ++ ++ if (flags & ASN1_TFLG_EXPTAG) { ++ /* EXPLICIT tagging */ ++ /* Find length of tagged item */ ++ i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass); ++ if (!i) ++ return 0; ++ /* Find length of EXPLICIT tag */ ++ ret = ASN1_object_size(ndef, i, ttag); ++ if (out) { ++ /* Output tag and item */ ++ ASN1_put_object(out, ndef, i, ttag, tclass); ++ ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass); ++ if (ndef == 2) ++ ASN1_put_eoc(out); ++ } ++ return ret; ++ } ++ ++ /* Either normal or IMPLICIT tagging: combine class and flags */ ++ return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), ++ ttag, tclass | iclass); + + } + + /* Temporary structure used to hold DER encoding of items for SET OF */ + +-typedef struct { +- unsigned char *data; +- int length; +- ASN1_VALUE *field; ++typedef struct { ++ unsigned char *data; ++ int length; ++ ASN1_VALUE *field; + } DER_ENC; + + static int der_cmp(const void *a, const void *b) +- { +- const DER_ENC *d1 = a, *d2 = b; +- int cmplen, i; +- cmplen = (d1->length < d2->length) ? d1->length : d2->length; +- i = memcmp(d1->data, d2->data, cmplen); +- if (i) +- return i; +- return d1->length - d2->length; +- } ++{ ++ const DER_ENC *d1 = a, *d2 = b; ++ int cmplen, i; ++ cmplen = (d1->length < d2->length) ? d1->length : d2->length; ++ i = memcmp(d1->data, d2->data, cmplen); ++ if (i) ++ return i; ++ return d1->length - d2->length; ++} + + /* Output the content octets of SET OF or SEQUENCE OF */ + + static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, +- int skcontlen, const ASN1_ITEM *item, +- int do_sort, int iclass) +- { +- int i; +- ASN1_VALUE *skitem; +- unsigned char *tmpdat = NULL, *p = NULL; +- DER_ENC *derlst = NULL, *tder; +- if (do_sort) +- { +- /* Don't need to sort less than 2 items */ +- if (sk_ASN1_VALUE_num(sk) < 2) +- do_sort = 0; +- else +- { +- derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) +- * sizeof(*derlst)); +- if (!derlst) +- return 0; +- tmpdat = OPENSSL_malloc(skcontlen); +- if (!tmpdat) +- { +- OPENSSL_free(derlst); +- return 0; +- } +- } +- } +- /* If not sorting just output each item */ +- if (!do_sort) +- { +- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) +- { +- skitem = sk_ASN1_VALUE_value(sk, i); +- ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); +- } +- return 1; +- } +- p = tmpdat; +- +- /* Doing sort: build up a list of each member's DER encoding */ +- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) +- { +- skitem = sk_ASN1_VALUE_value(sk, i); +- tder->data = p; +- tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); +- tder->field = skitem; +- } +- +- /* Now sort them */ +- qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); +- /* Output sorted DER encoding */ +- p = *out; +- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) +- { +- memcpy(p, tder->data, tder->length); +- p += tder->length; +- } +- *out = p; +- /* If do_sort is 2 then reorder the STACK */ +- if (do_sort == 2) +- { +- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); +- i++, tder++) +- (void)sk_ASN1_VALUE_set(sk, i, tder->field); +- } +- OPENSSL_free(derlst); +- OPENSSL_free(tmpdat); +- return 1; +- } ++ int skcontlen, const ASN1_ITEM *item, ++ int do_sort, int iclass) ++{ ++ int i; ++ ASN1_VALUE *skitem; ++ unsigned char *tmpdat = NULL, *p = NULL; ++ DER_ENC *derlst = NULL, *tder; ++ if (do_sort) { ++ /* Don't need to sort less than 2 items */ ++ if (sk_ASN1_VALUE_num(sk) < 2) ++ do_sort = 0; ++ else { ++ derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) ++ * sizeof(*derlst)); ++ if (!derlst) ++ return 0; ++ tmpdat = OPENSSL_malloc(skcontlen); ++ if (!tmpdat) { ++ OPENSSL_free(derlst); ++ return 0; ++ } ++ } ++ } ++ /* If not sorting just output each item */ ++ if (!do_sort) { ++ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ++ skitem = sk_ASN1_VALUE_value(sk, i); ++ ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); ++ } ++ return 1; ++ } ++ p = tmpdat; ++ ++ /* Doing sort: build up a list of each member's DER encoding */ ++ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { ++ skitem = sk_ASN1_VALUE_value(sk, i); ++ tder->data = p; ++ tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); ++ tder->field = skitem; ++ } ++ ++ /* Now sort them */ ++ qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); ++ /* Output sorted DER encoding */ ++ p = *out; ++ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { ++ memcpy(p, tder->data, tder->length); ++ p += tder->length; ++ } ++ *out = p; ++ /* If do_sort is 2 then reorder the STACK */ ++ if (do_sort == 2) { ++ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) ++ (void)sk_ASN1_VALUE_set(sk, i, tder->field); ++ } ++ OPENSSL_free(derlst); ++ OPENSSL_free(tmpdat); ++ return 1; ++} + + static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, +- const ASN1_ITEM *it, int tag, int aclass) +- { +- int len; +- int utype; +- int usetag; +- int ndef = 0; +- +- utype = it->utype; +- +- /* Get length of content octets and maybe find +- * out the underlying type. +- */ +- +- len = asn1_ex_i2c(pval, NULL, &utype, it); +- +- /* If SEQUENCE, SET or OTHER then header is +- * included in pseudo content octets so don't +- * include tag+length. We need to check here +- * because the call to asn1_ex_i2c() could change +- * utype. +- */ +- if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || +- (utype == V_ASN1_OTHER)) +- usetag = 0; +- else usetag = 1; +- +- /* -1 means omit type */ +- +- if (len == -1) +- return 0; +- +- /* -2 return is special meaning use ndef */ +- if (len == -2) +- { +- ndef = 2; +- len = 0; +- } +- +- /* If not implicitly tagged get tag from underlying type */ +- if (tag == -1) tag = utype; +- +- /* Output tag+length followed by content octets */ +- if (out) +- { +- if (usetag) +- ASN1_put_object(out, ndef, len, tag, aclass); +- asn1_ex_i2c(pval, *out, &utype, it); +- if (ndef) +- ASN1_put_eoc(out); +- else +- *out += len; +- } +- +- if (usetag) +- return ASN1_object_size(ndef, len, tag); +- return len; +- } ++ const ASN1_ITEM *it, int tag, int aclass) ++{ ++ int len; ++ int utype; ++ int usetag; ++ int ndef = 0; ++ ++ utype = it->utype; ++ ++ /* ++ * Get length of content octets and maybe find out the underlying type. ++ */ ++ ++ len = asn1_ex_i2c(pval, NULL, &utype, it); ++ ++ /* ++ * If SEQUENCE, SET or OTHER then header is included in pseudo content ++ * octets so don't include tag+length. We need to check here because the ++ * call to asn1_ex_i2c() could change utype. ++ */ ++ if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || ++ (utype == V_ASN1_OTHER)) ++ usetag = 0; ++ else ++ usetag = 1; ++ ++ /* -1 means omit type */ ++ ++ if (len == -1) ++ return 0; ++ ++ /* -2 return is special meaning use ndef */ ++ if (len == -2) { ++ ndef = 2; ++ len = 0; ++ } ++ ++ /* If not implicitly tagged get tag from underlying type */ ++ if (tag == -1) ++ tag = utype; ++ ++ /* Output tag+length followed by content octets */ ++ if (out) { ++ if (usetag) ++ ASN1_put_object(out, ndef, len, tag, aclass); ++ asn1_ex_i2c(pval, *out, &utype, it); ++ if (ndef) ++ ASN1_put_eoc(out); ++ else ++ *out += len; ++ } ++ ++ if (usetag) ++ return ASN1_object_size(ndef, len, tag); ++ return len; ++} + + /* Produce content octets from a structure */ + + int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, +- const ASN1_ITEM *it) +- { +- ASN1_BOOLEAN *tbool = NULL; +- ASN1_STRING *strtmp; +- ASN1_OBJECT *otmp; +- int utype; +- unsigned char *cont, c; +- int len; +- const ASN1_PRIMITIVE_FUNCS *pf; +- pf = it->funcs; +- if (pf && pf->prim_i2c) +- return pf->prim_i2c(pval, cout, putype, it); +- +- /* Should type be omitted? */ +- if ((it->itype != ASN1_ITYPE_PRIMITIVE) +- || (it->utype != V_ASN1_BOOLEAN)) +- { +- if (!*pval) return -1; +- } +- +- if (it->itype == ASN1_ITYPE_MSTRING) +- { +- /* If MSTRING type set the underlying type */ +- strtmp = (ASN1_STRING *)*pval; +- utype = strtmp->type; +- *putype = utype; +- } +- else if (it->utype == V_ASN1_ANY) +- { +- /* If ANY set type and pointer to value */ +- ASN1_TYPE *typ; +- typ = (ASN1_TYPE *)*pval; +- utype = typ->type; +- *putype = utype; +- pval = &typ->value.asn1_value; +- } +- else utype = *putype; +- +- switch(utype) +- { +- case V_ASN1_OBJECT: +- otmp = (ASN1_OBJECT *)*pval; +- cont = otmp->data; +- len = otmp->length; +- break; +- +- case V_ASN1_NULL: +- cont = NULL; +- len = 0; +- break; +- +- case V_ASN1_BOOLEAN: +- tbool = (ASN1_BOOLEAN *)pval; +- if (*tbool == -1) +- return -1; +- if (it->utype != V_ASN1_ANY) +- { +- /* Default handling if value == size field then omit */ +- if (*tbool && (it->size > 0)) +- return -1; +- if (!*tbool && !it->size) +- return -1; +- } +- c = (unsigned char)*tbool; +- cont = &c; +- len = 1; +- break; +- +- case V_ASN1_BIT_STRING: +- return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, +- cout ? &cout : NULL); +- break; +- +- case V_ASN1_INTEGER: +- case V_ASN1_NEG_INTEGER: +- case V_ASN1_ENUMERATED: +- case V_ASN1_NEG_ENUMERATED: +- /* These are all have the same content format +- * as ASN1_INTEGER +- */ +- return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, +- cout ? &cout : NULL); +- break; +- +- case V_ASN1_OCTET_STRING: +- case V_ASN1_NUMERICSTRING: +- case V_ASN1_PRINTABLESTRING: +- case V_ASN1_T61STRING: +- case V_ASN1_VIDEOTEXSTRING: +- case V_ASN1_IA5STRING: +- case V_ASN1_UTCTIME: +- case V_ASN1_GENERALIZEDTIME: +- case V_ASN1_GRAPHICSTRING: +- case V_ASN1_VISIBLESTRING: +- case V_ASN1_GENERALSTRING: +- case V_ASN1_UNIVERSALSTRING: +- case V_ASN1_BMPSTRING: +- case V_ASN1_UTF8STRING: +- case V_ASN1_SEQUENCE: +- case V_ASN1_SET: +- default: +- /* All based on ASN1_STRING and handled the same */ +- strtmp = (ASN1_STRING *)*pval; +- /* Special handling for NDEF */ +- if ((it->size == ASN1_TFLG_NDEF) +- && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) +- { +- if (cout) +- { +- strtmp->data = cout; +- strtmp->length = 0; +- } +- /* Special return code */ +- return -2; +- } +- cont = strtmp->data; +- len = strtmp->length; +- +- break; +- +- } +- if (cout && len) +- memcpy(cout, cont, len); +- return len; +- } ++ const ASN1_ITEM *it) ++{ ++ ASN1_BOOLEAN *tbool = NULL; ++ ASN1_STRING *strtmp; ++ ASN1_OBJECT *otmp; ++ int utype; ++ unsigned char *cont, c; ++ int len; ++ const ASN1_PRIMITIVE_FUNCS *pf; ++ pf = it->funcs; ++ if (pf && pf->prim_i2c) ++ return pf->prim_i2c(pval, cout, putype, it); ++ ++ /* Should type be omitted? */ ++ if ((it->itype != ASN1_ITYPE_PRIMITIVE) ++ || (it->utype != V_ASN1_BOOLEAN)) { ++ if (!*pval) ++ return -1; ++ } ++ ++ if (it->itype == ASN1_ITYPE_MSTRING) { ++ /* If MSTRING type set the underlying type */ ++ strtmp = (ASN1_STRING *)*pval; ++ utype = strtmp->type; ++ *putype = utype; ++ } else if (it->utype == V_ASN1_ANY) { ++ /* If ANY set type and pointer to value */ ++ ASN1_TYPE *typ; ++ typ = (ASN1_TYPE *)*pval; ++ utype = typ->type; ++ *putype = utype; ++ pval = &typ->value.asn1_value; ++ } else ++ utype = *putype; ++ ++ switch (utype) { ++ case V_ASN1_OBJECT: ++ otmp = (ASN1_OBJECT *)*pval; ++ cont = otmp->data; ++ len = otmp->length; ++ break; ++ ++ case V_ASN1_NULL: ++ cont = NULL; ++ len = 0; ++ break; ++ ++ case V_ASN1_BOOLEAN: ++ tbool = (ASN1_BOOLEAN *)pval; ++ if (*tbool == -1) ++ return -1; ++ if (it->utype != V_ASN1_ANY) { ++ /* ++ * Default handling if value == size field then omit ++ */ ++ if (*tbool && (it->size > 0)) ++ return -1; ++ if (!*tbool && !it->size) ++ return -1; ++ } ++ c = (unsigned char)*tbool; ++ cont = &c; ++ len = 1; ++ break; ++ ++ case V_ASN1_BIT_STRING: ++ return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, ++ cout ? &cout : NULL); ++ break; ++ ++ case V_ASN1_INTEGER: ++ case V_ASN1_NEG_INTEGER: ++ case V_ASN1_ENUMERATED: ++ case V_ASN1_NEG_ENUMERATED: ++ /* ++ * These are all have the same content format as ASN1_INTEGER ++ */ ++ return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); ++ break; ++ ++ case V_ASN1_OCTET_STRING: ++ case V_ASN1_NUMERICSTRING: ++ case V_ASN1_PRINTABLESTRING: ++ case V_ASN1_T61STRING: ++ case V_ASN1_VIDEOTEXSTRING: ++ case V_ASN1_IA5STRING: ++ case V_ASN1_UTCTIME: ++ case V_ASN1_GENERALIZEDTIME: ++ case V_ASN1_GRAPHICSTRING: ++ case V_ASN1_VISIBLESTRING: ++ case V_ASN1_GENERALSTRING: ++ case V_ASN1_UNIVERSALSTRING: ++ case V_ASN1_BMPSTRING: ++ case V_ASN1_UTF8STRING: ++ case V_ASN1_SEQUENCE: ++ case V_ASN1_SET: ++ default: ++ /* All based on ASN1_STRING and handled the same */ ++ strtmp = (ASN1_STRING *)*pval; ++ /* Special handling for NDEF */ ++ if ((it->size == ASN1_TFLG_NDEF) ++ && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) { ++ if (cout) { ++ strtmp->data = cout; ++ strtmp->length = 0; ++ } ++ /* Special return code */ ++ return -2; ++ } ++ cont = strtmp->data; ++ len = strtmp->length; ++ ++ break; ++ ++ } ++ if (cout && len) ++ memcpy(cout, cont, len); ++ return len; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +index d7c017f..a56d89b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +@@ -1,6 +1,7 @@ + /* tasn_fre.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,211 +57,193 @@ + * + */ + +- + #include + #include + #include + #include + +-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); ++static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int combine); + + /* Free up an ASN1 structure */ + + void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) +- { +- asn1_item_combine_free(&val, it, 0); +- } ++{ ++ asn1_item_combine_free(&val, it, 0); ++} + + void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- asn1_item_combine_free(pval, it, 0); +- } +- +-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) +- { +- const ASN1_TEMPLATE *tt = NULL, *seqtt; +- const ASN1_EXTERN_FUNCS *ef; +- const ASN1_COMPAT_FUNCS *cf; +- const ASN1_AUX *aux = it->funcs; +- ASN1_aux_cb *asn1_cb; +- int i; +- if (!pval) +- return; +- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) +- return; +- if (aux && aux->asn1_cb) +- asn1_cb = aux->asn1_cb; +- else +- asn1_cb = 0; +- +- switch(it->itype) +- { +- +- case ASN1_ITYPE_PRIMITIVE: +- if (it->templates) +- ASN1_template_free(pval, it->templates); +- else +- ASN1_primitive_free(pval, it); +- break; +- +- case ASN1_ITYPE_MSTRING: +- ASN1_primitive_free(pval, it); +- break; +- +- case ASN1_ITYPE_CHOICE: +- if (asn1_cb) +- { +- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); +- if (i == 2) +- return; +- } +- i = asn1_get_choice_selector(pval, it); +- if ((i >= 0) && (i < it->tcount)) +- { +- ASN1_VALUE **pchval; +- tt = it->templates + i; +- pchval = asn1_get_field_ptr(pval, tt); +- ASN1_template_free(pchval, tt); +- } +- if (asn1_cb) +- asn1_cb(ASN1_OP_FREE_POST, pval, it); +- if (!combine) +- { +- OPENSSL_free(*pval); +- *pval = NULL; +- } +- break; +- +- case ASN1_ITYPE_COMPAT: +- cf = it->funcs; +- if (cf && cf->asn1_free) +- cf->asn1_free(*pval); +- break; +- +- case ASN1_ITYPE_EXTERN: +- ef = it->funcs; +- if (ef && ef->asn1_ex_free) +- ef->asn1_ex_free(pval, it); +- break; +- +- case ASN1_ITYPE_NDEF_SEQUENCE: +- case ASN1_ITYPE_SEQUENCE: +- if (asn1_do_lock(pval, -1, it) > 0) +- return; +- if (asn1_cb) +- { +- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); +- if (i == 2) +- return; +- } +- asn1_enc_free(pval, it); +- /* If we free up as normal we will invalidate any +- * ANY DEFINED BY field and we wont be able to +- * determine the type of the field it defines. So +- * free up in reverse order. +- */ +- tt = it->templates + it->tcount - 1; +- for (i = 0; i < it->tcount; tt--, i++) +- { +- ASN1_VALUE **pseqval; +- seqtt = asn1_do_adb(pval, tt, 0); +- if (!seqtt) +- continue; +- pseqval = asn1_get_field_ptr(pval, seqtt); +- ASN1_template_free(pseqval, seqtt); +- } +- if (asn1_cb) +- asn1_cb(ASN1_OP_FREE_POST, pval, it); +- if (!combine) +- { +- OPENSSL_free(*pval); +- *pval = NULL; +- } +- break; +- } +- } ++{ ++ asn1_item_combine_free(pval, it, 0); ++} ++ ++static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int combine) ++{ ++ const ASN1_TEMPLATE *tt = NULL, *seqtt; ++ const ASN1_EXTERN_FUNCS *ef; ++ const ASN1_COMPAT_FUNCS *cf; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_aux_cb *asn1_cb; ++ int i; ++ if (!pval) ++ return; ++ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) ++ return; ++ if (aux && aux->asn1_cb) ++ asn1_cb = aux->asn1_cb; ++ else ++ asn1_cb = 0; ++ ++ switch (it->itype) { ++ ++ case ASN1_ITYPE_PRIMITIVE: ++ if (it->templates) ++ ASN1_template_free(pval, it->templates); ++ else ++ ASN1_primitive_free(pval, it); ++ break; ++ ++ case ASN1_ITYPE_MSTRING: ++ ASN1_primitive_free(pval, it); ++ break; ++ ++ case ASN1_ITYPE_CHOICE: ++ if (asn1_cb) { ++ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); ++ if (i == 2) ++ return; ++ } ++ i = asn1_get_choice_selector(pval, it); ++ if ((i >= 0) && (i < it->tcount)) { ++ ASN1_VALUE **pchval; ++ tt = it->templates + i; ++ pchval = asn1_get_field_ptr(pval, tt); ++ ASN1_template_free(pchval, tt); ++ } ++ if (asn1_cb) ++ asn1_cb(ASN1_OP_FREE_POST, pval, it); ++ if (!combine) { ++ OPENSSL_free(*pval); ++ *pval = NULL; ++ } ++ break; ++ ++ case ASN1_ITYPE_COMPAT: ++ cf = it->funcs; ++ if (cf && cf->asn1_free) ++ cf->asn1_free(*pval); ++ break; ++ ++ case ASN1_ITYPE_EXTERN: ++ ef = it->funcs; ++ if (ef && ef->asn1_ex_free) ++ ef->asn1_ex_free(pval, it); ++ break; ++ ++ case ASN1_ITYPE_NDEF_SEQUENCE: ++ case ASN1_ITYPE_SEQUENCE: ++ if (asn1_do_lock(pval, -1, it) > 0) ++ return; ++ if (asn1_cb) { ++ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); ++ if (i == 2) ++ return; ++ } ++ asn1_enc_free(pval, it); ++ /* ++ * If we free up as normal we will invalidate any ANY DEFINED BY ++ * field and we wont be able to determine the type of the field it ++ * defines. So free up in reverse order. ++ */ ++ tt = it->templates + it->tcount - 1; ++ for (i = 0; i < it->tcount; tt--, i++) { ++ ASN1_VALUE **pseqval; ++ seqtt = asn1_do_adb(pval, tt, 0); ++ if (!seqtt) ++ continue; ++ pseqval = asn1_get_field_ptr(pval, seqtt); ++ ASN1_template_free(pseqval, seqtt); ++ } ++ if (asn1_cb) ++ asn1_cb(ASN1_OP_FREE_POST, pval, it); ++ if (!combine) { ++ OPENSSL_free(*pval); ++ *pval = NULL; ++ } ++ break; ++ } ++} + + void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +- { +- int i; +- if (tt->flags & ASN1_TFLG_SK_MASK) +- { +- STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; +- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) +- { +- ASN1_VALUE *vtmp; +- vtmp = sk_ASN1_VALUE_value(sk, i); +- asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), +- 0); +- } +- sk_ASN1_VALUE_free(sk); +- *pval = NULL; +- } +- else +- asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), +- tt->flags & ASN1_TFLG_COMBINE); +- } ++{ ++ int i; ++ if (tt->flags & ASN1_TFLG_SK_MASK) { ++ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; ++ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ++ ASN1_VALUE *vtmp; ++ vtmp = sk_ASN1_VALUE_value(sk, i); ++ asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); ++ } ++ sk_ASN1_VALUE_free(sk); ++ *pval = NULL; ++ } else ++ asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), ++ tt->flags & ASN1_TFLG_COMBINE); ++} + + void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- int utype; +- if (it) +- { +- const ASN1_PRIMITIVE_FUNCS *pf; +- pf = it->funcs; +- if (pf && pf->prim_free) +- { +- pf->prim_free(pval, it); +- return; +- } +- } +- /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ +- if (!it) +- { +- ASN1_TYPE *typ = (ASN1_TYPE *)*pval; +- utype = typ->type; +- pval = &typ->value.asn1_value; +- if (!*pval) +- return; +- } +- else if (it->itype == ASN1_ITYPE_MSTRING) +- { +- utype = -1; +- if (!*pval) +- return; +- } +- else +- { +- utype = it->utype; +- if ((utype != V_ASN1_BOOLEAN) && !*pval) +- return; +- } +- +- switch(utype) +- { +- case V_ASN1_OBJECT: +- ASN1_OBJECT_free((ASN1_OBJECT *)*pval); +- break; +- +- case V_ASN1_BOOLEAN: +- if (it) +- *(ASN1_BOOLEAN *)pval = it->size; +- else +- *(ASN1_BOOLEAN *)pval = -1; +- return; +- +- case V_ASN1_NULL: +- break; +- +- case V_ASN1_ANY: +- ASN1_primitive_free(pval, NULL); +- OPENSSL_free(*pval); +- break; +- +- default: +- ASN1_STRING_free((ASN1_STRING *)*pval); +- *pval = NULL; +- break; +- } +- *pval = NULL; +- } ++{ ++ int utype; ++ if (it) { ++ const ASN1_PRIMITIVE_FUNCS *pf; ++ pf = it->funcs; ++ if (pf && pf->prim_free) { ++ pf->prim_free(pval, it); ++ return; ++ } ++ } ++ /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ ++ if (!it) { ++ ASN1_TYPE *typ = (ASN1_TYPE *)*pval; ++ utype = typ->type; ++ pval = &typ->value.asn1_value; ++ if (!*pval) ++ return; ++ } else if (it->itype == ASN1_ITYPE_MSTRING) { ++ utype = -1; ++ if (!*pval) ++ return; ++ } else { ++ utype = it->utype; ++ if ((utype != V_ASN1_BOOLEAN) && !*pval) ++ return; ++ } ++ ++ switch (utype) { ++ case V_ASN1_OBJECT: ++ ASN1_OBJECT_free((ASN1_OBJECT *)*pval); ++ break; ++ ++ case V_ASN1_BOOLEAN: ++ if (it) ++ *(ASN1_BOOLEAN *)pval = it->size; ++ else ++ *(ASN1_BOOLEAN *)pval = -1; ++ return; ++ ++ case V_ASN1_NULL: ++ break; ++ ++ case V_ASN1_ANY: ++ ASN1_primitive_free(pval, NULL); ++ OPENSSL_free(*pval); ++ break; ++ ++ default: ++ ASN1_STRING_free((ASN1_STRING *)*pval); ++ *pval = NULL; ++ break; ++ } ++ *pval = NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +index 5c6a2eb..8c540cc 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +@@ -1,6 +1,7 @@ + /* tasn_new.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include + #include +@@ -65,331 +65,316 @@ + #include + + static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int combine); ++ int combine); + static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); + static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); + + ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) +- { +- ASN1_VALUE *ret = NULL; +- if (ASN1_item_ex_new(&ret, it) > 0) +- return ret; +- return NULL; +- } ++{ ++ ASN1_VALUE *ret = NULL; ++ if (ASN1_item_ex_new(&ret, it) > 0) ++ return ret; ++ return NULL; ++} + + /* Allocate an ASN1 structure */ + + int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- return asn1_item_ex_combine_new(pval, it, 0); +- } ++{ ++ return asn1_item_ex_combine_new(pval, it, 0); ++} + + static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int combine) +- { +- const ASN1_TEMPLATE *tt = NULL; +- const ASN1_COMPAT_FUNCS *cf; +- const ASN1_EXTERN_FUNCS *ef; +- const ASN1_AUX *aux = it->funcs; +- ASN1_aux_cb *asn1_cb; +- ASN1_VALUE **pseqval; +- int i; +- if (aux && aux->asn1_cb) +- asn1_cb = aux->asn1_cb; +- else +- asn1_cb = 0; +- +- if (!combine) *pval = NULL; ++ int combine) ++{ ++ const ASN1_TEMPLATE *tt = NULL; ++ const ASN1_COMPAT_FUNCS *cf; ++ const ASN1_EXTERN_FUNCS *ef; ++ const ASN1_AUX *aux = it->funcs; ++ ASN1_aux_cb *asn1_cb; ++ ASN1_VALUE **pseqval; ++ int i; ++ if (aux && aux->asn1_cb) ++ asn1_cb = aux->asn1_cb; ++ else ++ asn1_cb = 0; ++ ++ if (!combine) ++ *pval = NULL; + + #ifdef CRYPTO_MDEBUG +- if (it->sname) +- CRYPTO_push_info(it->sname); ++ if (it->sname) ++ CRYPTO_push_info(it->sname); + #endif + +- switch(it->itype) +- { +- +- case ASN1_ITYPE_EXTERN: +- ef = it->funcs; +- if (ef && ef->asn1_ex_new) +- { +- if (!ef->asn1_ex_new(pval, it)) +- goto memerr; +- } +- break; +- +- case ASN1_ITYPE_COMPAT: +- cf = it->funcs; +- if (cf && cf->asn1_new) { +- *pval = cf->asn1_new(); +- if (!*pval) +- goto memerr; +- } +- break; +- +- case ASN1_ITYPE_PRIMITIVE: +- if (it->templates) +- { +- if (!ASN1_template_new(pval, it->templates)) +- goto memerr; +- } +- else if (!ASN1_primitive_new(pval, it)) +- goto memerr; +- break; +- +- case ASN1_ITYPE_MSTRING: +- if (!ASN1_primitive_new(pval, it)) +- goto memerr; +- break; +- +- case ASN1_ITYPE_CHOICE: +- if (asn1_cb) +- { +- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); +- if (!i) +- goto auxerr; +- if (i==2) +- { ++ switch (it->itype) { ++ ++ case ASN1_ITYPE_EXTERN: ++ ef = it->funcs; ++ if (ef && ef->asn1_ex_new) { ++ if (!ef->asn1_ex_new(pval, it)) ++ goto memerr; ++ } ++ break; ++ ++ case ASN1_ITYPE_COMPAT: ++ cf = it->funcs; ++ if (cf && cf->asn1_new) { ++ *pval = cf->asn1_new(); ++ if (!*pval) ++ goto memerr; ++ } ++ break; ++ ++ case ASN1_ITYPE_PRIMITIVE: ++ if (it->templates) { ++ if (!ASN1_template_new(pval, it->templates)) ++ goto memerr; ++ } else if (!ASN1_primitive_new(pval, it)) ++ goto memerr; ++ break; ++ ++ case ASN1_ITYPE_MSTRING: ++ if (!ASN1_primitive_new(pval, it)) ++ goto memerr; ++ break; ++ ++ case ASN1_ITYPE_CHOICE: ++ if (asn1_cb) { ++ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); ++ if (!i) ++ goto auxerr; ++ if (i == 2) { + #ifdef CRYPTO_MDEBUG +- if (it->sname) +- CRYPTO_pop_info(); ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif +- return 1; +- } +- } +- if (!combine) +- { +- *pval = OPENSSL_malloc(it->size); +- if (!*pval) +- goto memerr; +- memset(*pval, 0, it->size); +- } +- asn1_set_choice_selector(pval, -1, it); +- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) +- goto auxerr; +- break; +- +- case ASN1_ITYPE_NDEF_SEQUENCE: +- case ASN1_ITYPE_SEQUENCE: +- if (asn1_cb) +- { +- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); +- if (!i) +- goto auxerr; +- if (i==2) +- { ++ return 1; ++ } ++ } ++ if (!combine) { ++ *pval = OPENSSL_malloc(it->size); ++ if (!*pval) ++ goto memerr; ++ memset(*pval, 0, it->size); ++ } ++ asn1_set_choice_selector(pval, -1, it); ++ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) ++ goto auxerr; ++ break; ++ ++ case ASN1_ITYPE_NDEF_SEQUENCE: ++ case ASN1_ITYPE_SEQUENCE: ++ if (asn1_cb) { ++ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); ++ if (!i) ++ goto auxerr; ++ if (i == 2) { + #ifdef CRYPTO_MDEBUG +- if (it->sname) +- CRYPTO_pop_info(); ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif +- return 1; +- } +- } +- if (!combine) +- { +- *pval = OPENSSL_malloc(it->size); +- if (!*pval) +- goto memerr; +- memset(*pval, 0, it->size); +- asn1_do_lock(pval, 0, it); +- asn1_enc_init(pval, it); +- } +- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) +- { +- pseqval = asn1_get_field_ptr(pval, tt); +- if (!ASN1_template_new(pseqval, tt)) +- goto memerr; +- } +- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) +- goto auxerr; +- break; +- } ++ return 1; ++ } ++ } ++ if (!combine) { ++ *pval = OPENSSL_malloc(it->size); ++ if (!*pval) ++ goto memerr; ++ memset(*pval, 0, it->size); ++ asn1_do_lock(pval, 0, it); ++ asn1_enc_init(pval, it); ++ } ++ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { ++ pseqval = asn1_get_field_ptr(pval, tt); ++ if (!ASN1_template_new(pseqval, tt)) ++ goto memerr; ++ } ++ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) ++ goto auxerr; ++ break; ++ } + #ifdef CRYPTO_MDEBUG +- if (it->sname) CRYPTO_pop_info(); ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif +- return 1; ++ return 1; + +- memerr: +- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); ++ memerr: ++ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); + #ifdef CRYPTO_MDEBUG +- if (it->sname) CRYPTO_pop_info(); ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif +- return 0; ++ return 0; + +- auxerr: +- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); +- ASN1_item_ex_free(pval, it); ++ auxerr: ++ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); ++ ASN1_item_ex_free(pval, it); + #ifdef CRYPTO_MDEBUG +- if (it->sname) CRYPTO_pop_info(); ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif +- return 0; ++ return 0; + +- } ++} + + static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- const ASN1_EXTERN_FUNCS *ef; +- +- switch(it->itype) +- { +- +- case ASN1_ITYPE_EXTERN: +- ef = it->funcs; +- if (ef && ef->asn1_ex_clear) +- ef->asn1_ex_clear(pval, it); +- else *pval = NULL; +- break; +- +- +- case ASN1_ITYPE_PRIMITIVE: +- if (it->templates) +- asn1_template_clear(pval, it->templates); +- else +- asn1_primitive_clear(pval, it); +- break; +- +- case ASN1_ITYPE_MSTRING: +- asn1_primitive_clear(pval, it); +- break; +- +- case ASN1_ITYPE_COMPAT: +- case ASN1_ITYPE_CHOICE: +- case ASN1_ITYPE_SEQUENCE: +- case ASN1_ITYPE_NDEF_SEQUENCE: +- *pval = NULL; +- break; +- } +- } +- ++{ ++ const ASN1_EXTERN_FUNCS *ef; ++ ++ switch (it->itype) { ++ ++ case ASN1_ITYPE_EXTERN: ++ ef = it->funcs; ++ if (ef && ef->asn1_ex_clear) ++ ef->asn1_ex_clear(pval, it); ++ else ++ *pval = NULL; ++ break; ++ ++ case ASN1_ITYPE_PRIMITIVE: ++ if (it->templates) ++ asn1_template_clear(pval, it->templates); ++ else ++ asn1_primitive_clear(pval, it); ++ break; ++ ++ case ASN1_ITYPE_MSTRING: ++ asn1_primitive_clear(pval, it); ++ break; ++ ++ case ASN1_ITYPE_COMPAT: ++ case ASN1_ITYPE_CHOICE: ++ case ASN1_ITYPE_SEQUENCE: ++ case ASN1_ITYPE_NDEF_SEQUENCE: ++ *pval = NULL; ++ break; ++ } ++} + + int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +- { +- const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); +- int ret; +- if (tt->flags & ASN1_TFLG_OPTIONAL) +- { +- asn1_template_clear(pval, tt); +- return 1; +- } +- /* If ANY DEFINED BY nothing to do */ +- +- if (tt->flags & ASN1_TFLG_ADB_MASK) +- { +- *pval = NULL; +- return 1; +- } ++{ ++ const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); ++ int ret; ++ if (tt->flags & ASN1_TFLG_OPTIONAL) { ++ asn1_template_clear(pval, tt); ++ return 1; ++ } ++ /* If ANY DEFINED BY nothing to do */ ++ ++ if (tt->flags & ASN1_TFLG_ADB_MASK) { ++ *pval = NULL; ++ return 1; ++ } + #ifdef CRYPTO_MDEBUG +- if (tt->field_name) +- CRYPTO_push_info(tt->field_name); ++ if (tt->field_name) ++ CRYPTO_push_info(tt->field_name); + #endif +- /* If SET OF or SEQUENCE OF, its a STACK */ +- if (tt->flags & ASN1_TFLG_SK_MASK) +- { +- STACK_OF(ASN1_VALUE) *skval; +- skval = sk_ASN1_VALUE_new_null(); +- if (!skval) +- { +- ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); +- ret = 0; +- goto done; +- } +- *pval = (ASN1_VALUE *)skval; +- ret = 1; +- goto done; +- } +- /* Otherwise pass it back to the item routine */ +- ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); +- done: ++ /* If SET OF or SEQUENCE OF, its a STACK */ ++ if (tt->flags & ASN1_TFLG_SK_MASK) { ++ STACK_OF(ASN1_VALUE) *skval; ++ skval = sk_ASN1_VALUE_new_null(); ++ if (!skval) { ++ ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); ++ ret = 0; ++ goto done; ++ } ++ *pval = (ASN1_VALUE *)skval; ++ ret = 1; ++ goto done; ++ } ++ /* Otherwise pass it back to the item routine */ ++ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); ++ done: + #ifdef CRYPTO_MDEBUG +- if (it->sname) +- CRYPTO_pop_info(); ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif +- return ret; +- } ++ return ret; ++} + + static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +- { +- /* If ADB or STACK just NULL the field */ +- if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) +- *pval = NULL; +- else +- asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); +- } +- +- +-/* NB: could probably combine most of the real XXX_new() behaviour and junk ++{ ++ /* If ADB or STACK just NULL the field */ ++ if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK)) ++ *pval = NULL; ++ else ++ asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); ++} ++ ++/* ++ * NB: could probably combine most of the real XXX_new() behaviour and junk + * all the old functions. + */ + + int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- ASN1_TYPE *typ; +- int utype; +- +- if (it && it->funcs) +- { +- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; +- if (pf->prim_new) +- return pf->prim_new(pval, it); +- } +- +- if (!it || (it->itype == ASN1_ITYPE_MSTRING)) +- utype = -1; +- else +- utype = it->utype; +- switch(utype) +- { +- case V_ASN1_OBJECT: +- *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); +- return 1; +- +- case V_ASN1_BOOLEAN: +- if (it) +- *(ASN1_BOOLEAN *)pval = it->size; +- else +- *(ASN1_BOOLEAN *)pval = -1; +- return 1; +- +- case V_ASN1_NULL: +- *pval = (ASN1_VALUE *)1; +- return 1; +- +- case V_ASN1_ANY: +- typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); +- if (!typ) +- return 0; +- typ->value.ptr = NULL; +- typ->type = -1; +- *pval = (ASN1_VALUE *)typ; +- break; +- +- default: +- *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); +- break; +- } +- if (*pval) +- return 1; +- return 0; +- } ++{ ++ ASN1_TYPE *typ; ++ int utype; ++ ++ if (it && it->funcs) { ++ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; ++ if (pf->prim_new) ++ return pf->prim_new(pval, it); ++ } ++ ++ if (!it || (it->itype == ASN1_ITYPE_MSTRING)) ++ utype = -1; ++ else ++ utype = it->utype; ++ switch (utype) { ++ case V_ASN1_OBJECT: ++ *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); ++ return 1; ++ ++ case V_ASN1_BOOLEAN: ++ if (it) ++ *(ASN1_BOOLEAN *)pval = it->size; ++ else ++ *(ASN1_BOOLEAN *)pval = -1; ++ return 1; ++ ++ case V_ASN1_NULL: ++ *pval = (ASN1_VALUE *)1; ++ return 1; ++ ++ case V_ASN1_ANY: ++ typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); ++ if (!typ) ++ return 0; ++ typ->value.ptr = NULL; ++ typ->type = -1; ++ *pval = (ASN1_VALUE *)typ; ++ break; ++ ++ default: ++ *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); ++ break; ++ } ++ if (*pval) ++ return 1; ++ return 0; ++} + + void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- int utype; +- if (it && it->funcs) +- { +- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; +- if (pf->prim_clear) +- pf->prim_clear(pval, it); +- else +- *pval = NULL; +- return; +- } +- if (!it || (it->itype == ASN1_ITYPE_MSTRING)) +- utype = -1; +- else +- utype = it->utype; +- if (utype == V_ASN1_BOOLEAN) +- *(ASN1_BOOLEAN *)pval = it->size; +- else *pval = NULL; +- } ++{ ++ int utype; ++ if (it && it->funcs) { ++ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; ++ if (pf->prim_clear) ++ pf->prim_clear(pval, it); ++ else ++ *pval = NULL; ++ return; ++ } ++ if (!it || (it->itype == ASN1_ITYPE_MSTRING)) ++ utype = -1; ++ else ++ utype = it->utype; ++ if (utype == V_ASN1_BOOLEAN) ++ *(ASN1_BOOLEAN *)pval = it->size; ++ else ++ *pval = NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +index 6252213..4820035 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +@@ -1,6 +1,7 @@ + /* tasn_typ.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c +index ca9ec7a..41726d8 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c +@@ -1,6 +1,7 @@ + /* tasn_utl.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include + #include +@@ -69,211 +69,207 @@ + /* Add 'offset' to 'addr' */ + #define offset2ptr(addr, offset) (void *)(((char *) addr) + offset) + +-/* Given an ASN1_ITEM CHOICE type return +- * the selector value ++/* ++ * Given an ASN1_ITEM CHOICE type return the selector value + */ + + int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- int *sel = offset2ptr(*pval, it->utype); +- return *sel; +- } ++{ ++ int *sel = offset2ptr(*pval, it->utype); ++ return *sel; ++} + +-/* Given an ASN1_ITEM CHOICE type set +- * the selector value, return old value. ++/* ++ * Given an ASN1_ITEM CHOICE type set the selector value, return old value. + */ + +-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) +- { +- int *sel, ret; +- sel = offset2ptr(*pval, it->utype); +- ret = *sel; +- *sel = value; +- return ret; +- } ++int asn1_set_choice_selector(ASN1_VALUE **pval, int value, ++ const ASN1_ITEM *it) ++{ ++ int *sel, ret; ++ sel = offset2ptr(*pval, it->utype); ++ ret = *sel; ++ *sel = value; ++ return ret; ++} + +-/* Do reference counting. The value 'op' decides what to do. +- * if it is +1 then the count is incremented. If op is 0 count is +- * set to 1. If op is -1 count is decremented and the return value +- * is the current refrence count or 0 if no reference count exists. ++/* ++ * Do reference counting. The value 'op' decides what to do. if it is +1 ++ * then the count is incremented. If op is 0 count is set to 1. If op is -1 ++ * count is decremented and the return value is the current refrence count or ++ * 0 if no reference count exists. + */ + + int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) +- { +- const ASN1_AUX *aux; +- int *lck, ret; +- if ((it->itype != ASN1_ITYPE_SEQUENCE) +- && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) +- return 0; +- aux = it->funcs; +- if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) +- return 0; +- lck = offset2ptr(*pval, aux->ref_offset); +- if (op == 0) +- { +- *lck = 1; +- return 1; +- } +- ret = CRYPTO_add(lck, op, aux->ref_lock); ++{ ++ const ASN1_AUX *aux; ++ int *lck, ret; ++ if ((it->itype != ASN1_ITYPE_SEQUENCE) ++ && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) ++ return 0; ++ aux = it->funcs; ++ if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) ++ return 0; ++ lck = offset2ptr(*pval, aux->ref_offset); ++ if (op == 0) { ++ *lck = 1; ++ return 1; ++ } ++ ret = CRYPTO_add(lck, op, aux->ref_lock); + #ifdef REF_PRINT +- fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); ++ fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); + #endif + #ifdef REF_CHECK +- if (ret < 0) +- fprintf(stderr, "%s, bad reference count\n", it->sname); ++ if (ret < 0) ++ fprintf(stderr, "%s, bad reference count\n", it->sname); + #endif +- return ret; +- } ++ return ret; ++} + + static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- const ASN1_AUX *aux; +- if (!pval || !*pval) +- return NULL; +- aux = it->funcs; +- if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) +- return NULL; +- return offset2ptr(*pval, aux->enc_offset); +- } ++{ ++ const ASN1_AUX *aux; ++ if (!pval || !*pval) ++ return NULL; ++ aux = it->funcs; ++ if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) ++ return NULL; ++ return offset2ptr(*pval, aux->enc_offset); ++} + + void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- ASN1_ENCODING *enc; +- enc = asn1_get_enc_ptr(pval, it); +- if (enc) +- { +- enc->enc = NULL; +- enc->len = 0; +- enc->modified = 1; +- } +- } ++{ ++ ASN1_ENCODING *enc; ++ enc = asn1_get_enc_ptr(pval, it); ++ if (enc) { ++ enc->enc = NULL; ++ enc->len = 0; ++ enc->modified = 1; ++ } ++} + + void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- ASN1_ENCODING *enc; +- enc = asn1_get_enc_ptr(pval, it); +- if (enc) +- { +- if (enc->enc) +- OPENSSL_free(enc->enc); +- enc->enc = NULL; +- enc->len = 0; +- enc->modified = 1; +- } +- } ++{ ++ ASN1_ENCODING *enc; ++ enc = asn1_get_enc_ptr(pval, it); ++ if (enc) { ++ if (enc->enc) ++ OPENSSL_free(enc->enc); ++ enc->enc = NULL; ++ enc->len = 0; ++ enc->modified = 1; ++ } ++} + + int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, +- const ASN1_ITEM *it) +- { +- ASN1_ENCODING *enc; +- enc = asn1_get_enc_ptr(pval, it); +- if (!enc) +- return 1; ++ const ASN1_ITEM *it) ++{ ++ ASN1_ENCODING *enc; ++ enc = asn1_get_enc_ptr(pval, it); ++ if (!enc) ++ return 1; ++ ++ if (enc->enc) ++ OPENSSL_free(enc->enc); ++ enc->enc = OPENSSL_malloc(inlen); ++ if (!enc->enc) ++ return 0; ++ memcpy(enc->enc, in, inlen); ++ enc->len = inlen; ++ enc->modified = 0; + +- if (enc->enc) +- OPENSSL_free(enc->enc); +- enc->enc = OPENSSL_malloc(inlen); +- if (!enc->enc) +- return 0; +- memcpy(enc->enc, in, inlen); +- enc->len = inlen; +- enc->modified = 0; ++ return 1; ++} + +- return 1; +- } +- + int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, +- const ASN1_ITEM *it) +- { +- ASN1_ENCODING *enc; +- enc = asn1_get_enc_ptr(pval, it); +- if (!enc || enc->modified) +- return 0; +- if (out) +- { +- memcpy(*out, enc->enc, enc->len); +- *out += enc->len; +- } +- if (len) +- *len = enc->len; +- return 1; +- } ++ const ASN1_ITEM *it) ++{ ++ ASN1_ENCODING *enc; ++ enc = asn1_get_enc_ptr(pval, it); ++ if (!enc || enc->modified) ++ return 0; ++ if (out) { ++ memcpy(*out, enc->enc, enc->len); ++ *out += enc->len; ++ } ++ if (len) ++ *len = enc->len; ++ return 1; ++} + + /* Given an ASN1_TEMPLATE get a pointer to a field */ +-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +- { +- ASN1_VALUE **pvaltmp; +- if (tt->flags & ASN1_TFLG_COMBINE) +- return pval; +- pvaltmp = offset2ptr(*pval, tt->offset); +- /* NOTE for BOOLEAN types the field is just a plain +- * int so we can't return int **, so settle for +- * (int *). +- */ +- return pvaltmp; +- } ++ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) ++{ ++ ASN1_VALUE **pvaltmp; ++ if (tt->flags & ASN1_TFLG_COMBINE) ++ return pval; ++ pvaltmp = offset2ptr(*pval, tt->offset); ++ /* ++ * NOTE for BOOLEAN types the field is just a plain int so we can't ++ * return int **, so settle for (int *). ++ */ ++ return pvaltmp; ++} + +-/* Handle ANY DEFINED BY template, find the selector, look up +- * the relevant ASN1_TEMPLATE in the table and return it. ++/* ++ * Handle ANY DEFINED BY template, find the selector, look up the relevant ++ * ASN1_TEMPLATE in the table and return it. + */ + + const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, +- int nullerr) +- { +- const ASN1_ADB *adb; +- const ASN1_ADB_TABLE *atbl; +- long selector; +- ASN1_VALUE **sfld; +- int i; +- if (!(tt->flags & ASN1_TFLG_ADB_MASK)) +- return tt; ++ int nullerr) ++{ ++ const ASN1_ADB *adb; ++ const ASN1_ADB_TABLE *atbl; ++ long selector; ++ ASN1_VALUE **sfld; ++ int i; ++ if (!(tt->flags & ASN1_TFLG_ADB_MASK)) ++ return tt; ++ ++ /* Else ANY DEFINED BY ... get the table */ ++ adb = ASN1_ADB_ptr(tt->item); + +- /* Else ANY DEFINED BY ... get the table */ +- adb = ASN1_ADB_ptr(tt->item); ++ /* Get the selector field */ ++ sfld = offset2ptr(*pval, adb->offset); + +- /* Get the selector field */ +- sfld = offset2ptr(*pval, adb->offset); ++ /* Check if NULL */ ++ if (!sfld) { ++ if (!adb->null_tt) ++ goto err; ++ return adb->null_tt; ++ } + +- /* Check if NULL */ +- if (!sfld) +- { +- if (!adb->null_tt) +- goto err; +- return adb->null_tt; +- } ++ /* ++ * Convert type to a long: NB: don't check for NID_undef here because it ++ * might be a legitimate value in the table ++ */ ++ if (tt->flags & ASN1_TFLG_ADB_OID) ++ selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); ++ else ++ selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); + +- /* Convert type to a long: +- * NB: don't check for NID_undef here because it +- * might be a legitimate value in the table +- */ +- if (tt->flags & ASN1_TFLG_ADB_OID) +- selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); +- else +- selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); ++ /* ++ * Try to find matching entry in table Maybe should check application ++ * types first to allow application override? Might also be useful to ++ * have a flag which indicates table is sorted and we can do a binary ++ * search. For now stick to a linear search. ++ */ + +- /* Try to find matching entry in table +- * Maybe should check application types first to +- * allow application override? Might also be useful +- * to have a flag which indicates table is sorted and +- * we can do a binary search. For now stick to a +- * linear search. +- */ ++ for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) ++ if (atbl->value == selector) ++ return &atbl->tt; + +- for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) +- if (atbl->value == selector) +- return &atbl->tt; ++ /* FIXME: need to search application table too */ + +- /* FIXME: need to search application table too */ ++ /* No match, return default type */ ++ if (!adb->default_tt) ++ goto err; ++ return adb->default_tt; + +- /* No match, return default type */ +- if (!adb->default_tt) +- goto err; +- return adb->default_tt; +- +- err: +- /* FIXME: should log the value or OID of unsupported type */ +- if (nullerr) +- ASN1err(ASN1_F_ASN1_DO_ADB, +- ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); +- return NULL; +- } ++ err: ++ /* FIXME: should log the value or OID of unsupported type */ ++ if (nullerr) ++ ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); ++ return NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +index 99e5342..babc2e1 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +@@ -1,6 +1,7 @@ + /* x_algor.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,12 +63,12 @@ + #include + + ASN1_SEQUENCE(X509_ALGOR) = { +- ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), +- ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) ++ ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), ++ ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) + } ASN1_SEQUENCE_END(X509_ALGOR) + +-ASN1_ITEM_TEMPLATE(X509_ALGORS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) ++ASN1_ITEM_TEMPLATE(X509_ALGORS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) + ASN1_ITEM_TEMPLATE_END(X509_ALGORS) + + IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) +@@ -78,53 +79,55 @@ IMPLEMENT_STACK_OF(X509_ALGOR) + IMPLEMENT_ASN1_SET_OF(X509_ALGOR) + + int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) +- { +- if (!alg) +- return 0; +- if (ptype != V_ASN1_UNDEF) +- { +- if (alg->parameter == NULL) +- alg->parameter = ASN1_TYPE_new(); +- if (alg->parameter == NULL) +- return 0; +- } +- if (alg) +- { +- if (alg->algorithm) +- ASN1_OBJECT_free(alg->algorithm); +- alg->algorithm = aobj; +- } +- if (ptype == 0) +- return 1; +- if (ptype == V_ASN1_UNDEF) +- { +- if (alg->parameter) +- { +- ASN1_TYPE_free(alg->parameter); +- alg->parameter = NULL; +- } +- } +- else +- ASN1_TYPE_set(alg->parameter, ptype, pval); +- return 1; +- } ++{ ++ if (!alg) ++ return 0; ++ if (ptype != V_ASN1_UNDEF) { ++ if (alg->parameter == NULL) ++ alg->parameter = ASN1_TYPE_new(); ++ if (alg->parameter == NULL) ++ return 0; ++ } ++ if (alg) { ++ if (alg->algorithm) ++ ASN1_OBJECT_free(alg->algorithm); ++ alg->algorithm = aobj; ++ } ++ if (ptype == 0) ++ return 1; ++ if (ptype == V_ASN1_UNDEF) { ++ if (alg->parameter) { ++ ASN1_TYPE_free(alg->parameter); ++ alg->parameter = NULL; ++ } ++ } else ++ ASN1_TYPE_set(alg->parameter, ptype, pval); ++ return 1; ++} + + void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, +- X509_ALGOR *algor) +- { +- if (paobj) +- *paobj = algor->algorithm; +- if (pptype) +- { +- if (algor->parameter == NULL) +- { +- *pptype = V_ASN1_UNDEF; +- return; +- } +- else +- *pptype = algor->parameter->type; +- if (ppval) +- *ppval = algor->parameter->value.ptr; +- } +- } ++ X509_ALGOR *algor) ++{ ++ if (paobj) ++ *paobj = algor->algorithm; ++ if (pptype) { ++ if (algor->parameter == NULL) { ++ *pptype = V_ASN1_UNDEF; ++ return; ++ } else ++ *pptype = algor->parameter->type; ++ if (ppval) ++ *ppval = algor->parameter->value.ptr; ++ } ++} + ++int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) ++{ ++ int rv; ++ rv = OBJ_cmp(a->algorithm, b->algorithm); ++ if (rv) ++ return rv; ++ if (!a->parameter && !b->parameter) ++ return 0; ++ return ASN1_TYPE_cmp(a->parameter, b->parameter); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c +index 1e3713f..93ef53b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,18 +62,19 @@ + #include + #include + +-/* X509_ATTRIBUTE: this has the following form: ++/*- ++ * X509_ATTRIBUTE: this has the following form: + * + * typedef struct x509_attributes_st +- * { +- * ASN1_OBJECT *object; +- * int single; +- * union { +- * char *ptr; +- * STACK_OF(ASN1_TYPE) *set; +- * ASN1_TYPE *single; +- * } value; +- * } X509_ATTRIBUTE; ++ * { ++ * ASN1_OBJECT *object; ++ * int single; ++ * union { ++ * char *ptr; ++ * STACK_OF(ASN1_TYPE) *set; ++ * ASN1_TYPE *single; ++ * } value; ++ * } X509_ATTRIBUTE; + * + * this needs some extra thought because the CHOICE type is + * merged with the main structure and because the value can +@@ -83,36 +84,41 @@ + */ + + ASN1_CHOICE(X509_ATTRIBUTE_SET) = { +- ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), +- ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) ++ ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), ++ ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) + } ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) + + ASN1_SEQUENCE(X509_ATTRIBUTE) = { +- ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), +- /* CHOICE type merged with parent */ +- ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) ++ ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), ++ /* CHOICE type merged with parent */ ++ ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) + } ASN1_SEQUENCE_END(X509_ATTRIBUTE) + + IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) + IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) + + X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) +- { +- X509_ATTRIBUTE *ret=NULL; +- ASN1_TYPE *val=NULL; ++{ ++ X509_ATTRIBUTE *ret = NULL; ++ ASN1_TYPE *val = NULL; + +- if ((ret=X509_ATTRIBUTE_new()) == NULL) +- return(NULL); +- ret->object=OBJ_nid2obj(nid); +- ret->single=0; +- if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err; +- if ((val=ASN1_TYPE_new()) == NULL) goto err; +- if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err; ++ if ((ret = X509_ATTRIBUTE_new()) == NULL) ++ return (NULL); ++ ret->object = OBJ_nid2obj(nid); ++ ret->single = 0; ++ if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) ++ goto err; ++ if ((val = ASN1_TYPE_new()) == NULL) ++ goto err; ++ if (!sk_ASN1_TYPE_push(ret->value.set, val)) ++ goto err; + +- ASN1_TYPE_set(val,atrtype,value); +- return(ret); +-err: +- if (ret != NULL) X509_ATTRIBUTE_free(ret); +- if (val != NULL) ASN1_TYPE_free(val); +- return(NULL); +- } ++ ASN1_TYPE_set(val, atrtype, value); ++ return (ret); ++ err: ++ if (ret != NULL) ++ X509_ATTRIBUTE_free(ret); ++ if (val != NULL) ++ ASN1_TYPE_free(val); ++ return (NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c +index 9cf3204..a5a403c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c +@@ -1,6 +1,7 @@ + /* x_bignum.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,79 +62,91 @@ + #include + #include + +-/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a +- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all +- * BIGNUMs used are non negative and anything that looks negative is normally due +- * to an encoding error. ++/* ++ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER ++ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem ++ * since all BIGNUMs used are non negative and anything that looks negative ++ * is normally due to an encoding error. + */ + +-#define BN_SENSITIVE 1 ++#define BN_SENSITIVE 1 + + static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); ++static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, ++ const ASN1_ITEM *it); ++static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ++ int utype, char *free_cont, const ASN1_ITEM *it); + + static ASN1_PRIMITIVE_FUNCS bignum_pf = { +- NULL, 0, +- bn_new, +- bn_free, +- 0, +- bn_c2i, +- bn_i2c ++ NULL, 0, ++ bn_new, ++ bn_free, ++ 0, ++ bn_c2i, ++ bn_i2c + }; + + ASN1_ITEM_start(BIGNUM) +- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" ++ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" + ASN1_ITEM_end(BIGNUM) + + ASN1_ITEM_start(CBIGNUM) +- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" ++ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" + ASN1_ITEM_end(CBIGNUM) + + static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- *pval = (ASN1_VALUE *)BN_new(); +- if(*pval) return 1; +- else return 0; ++ *pval = (ASN1_VALUE *)BN_new(); ++ if (*pval) ++ return 1; ++ else ++ return 0; + } + + static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(!*pval) return; +- if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); +- else BN_free((BIGNUM *)*pval); +- *pval = NULL; ++ if (!*pval) ++ return; ++ if (it->size & BN_SENSITIVE) ++ BN_clear_free((BIGNUM *)*pval); ++ else ++ BN_free((BIGNUM *)*pval); ++ *pval = NULL; + } + +-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) ++static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, ++ const ASN1_ITEM *it) + { +- BIGNUM *bn; +- int pad; +- if(!*pval) return -1; +- bn = (BIGNUM *)*pval; +- /* If MSB set in an octet we need a padding byte */ +- if(BN_num_bits(bn) & 0x7) pad = 0; +- else pad = 1; +- if(cont) { +- if(pad) *cont++ = 0; +- BN_bn2bin(bn, cont); +- } +- return pad + BN_num_bytes(bn); ++ BIGNUM *bn; ++ int pad; ++ if (!*pval) ++ return -1; ++ bn = (BIGNUM *)*pval; ++ /* If MSB set in an octet we need a padding byte */ ++ if (BN_num_bits(bn) & 0x7) ++ pad = 0; ++ else ++ pad = 1; ++ if (cont) { ++ if (pad) ++ *cont++ = 0; ++ BN_bn2bin(bn, cont); ++ } ++ return pad + BN_num_bytes(bn); + } + + static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it) ++ int utype, char *free_cont, const ASN1_ITEM *it) + { +- BIGNUM *bn; +- if(!*pval) bn_new(pval, it); +- bn = (BIGNUM *)*pval; +- if(!BN_bin2bn(cont, len, bn)) { +- bn_free(pval, it); +- return 0; +- } +- return 1; ++ BIGNUM *bn; ++ if (!*pval) ++ bn_new(pval, it); ++ bn = (BIGNUM *)*pval; ++ if (!BN_bin2bn(cont, len, bn)) { ++ bn_free(pval, it); ++ return 0; ++ } ++ return 1; + } +- +- +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +index 70d56a6..099b264 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,80 +61,88 @@ + #include + #include + +-static int X509_REVOKED_cmp(const X509_REVOKED * const *a, +- const X509_REVOKED * const *b); ++static int X509_REVOKED_cmp(const X509_REVOKED *const *a, ++ const X509_REVOKED *const *b); + + ASN1_SEQUENCE(X509_REVOKED) = { +- ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), +- ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), +- ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) ++ ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), ++ ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) + } ASN1_SEQUENCE_END(X509_REVOKED) + +-/* The X509_CRL_INFO structure needs a bit of customisation. +- * Since we cache the original encoding the signature wont be affected by +- * reordering of the revoked field. ++/* ++ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache ++ * the original encoding the signature wont be affected by reordering of the ++ * revoked field. + */ + static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; +- +- if(!a || !a->revoked) return 1; +- switch(operation) { +- /* Just set cmp function here. We don't sort because that +- * would affect the output of X509_CRL_print(). +- */ +- case ASN1_OP_D2I_POST: +- (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); +- break; +- } +- return 1; ++ X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; ++ ++ if (!a || !a->revoked) ++ return 1; ++ switch (operation) { ++ /* ++ * Just set cmp function here. We don't sort because that would ++ * affect the output of X509_CRL_print(). ++ */ ++ case ASN1_OP_D2I_POST: ++ (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); ++ break; ++ } ++ return 1; + } + + + ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { +- ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), +- ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), +- ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), +- ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), +- ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), +- ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), +- ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) ++ ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), ++ ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), ++ ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), ++ ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), ++ ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) + } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) + + ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { +- ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), +- ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), +- ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) ++ ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), ++ ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) + + IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) ++ + IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) ++ + IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) ++ + IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) + +-static int X509_REVOKED_cmp(const X509_REVOKED * const *a, +- const X509_REVOKED * const *b) +- { +- return(ASN1_STRING_cmp( +- (ASN1_STRING *)(*a)->serialNumber, +- (ASN1_STRING *)(*b)->serialNumber)); +- } ++static int X509_REVOKED_cmp(const X509_REVOKED *const *a, ++ const X509_REVOKED *const *b) ++{ ++ return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber, ++ (ASN1_STRING *)(*b)->serialNumber)); ++} + + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) + { +- X509_CRL_INFO *inf; +- inf = crl->crl; +- if(!inf->revoked) +- inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); +- if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { +- ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- inf->enc.modified = 1; +- return 1; ++ X509_CRL_INFO *inf; ++ inf = crl->crl; ++ if (!inf->revoked) ++ inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); ++ if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { ++ ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ inf->enc.modified = 1; ++ return 1; + } + + IMPLEMENT_STACK_OF(X509_REVOKED) ++ + IMPLEMENT_ASN1_SET_OF(X509_REVOKED) ++ + IMPLEMENT_STACK_OF(X509_CRL) ++ + IMPLEMENT_ASN1_SET_OF(X509_CRL) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c +index 3a21239..00a9580 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c +@@ -1,6 +1,7 @@ + /* x_exten.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,13 +63,13 @@ + #include + + ASN1_SEQUENCE(X509_EXTENSION) = { +- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), +- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), +- ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), ++ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), ++ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END(X509_EXTENSION) + +-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) ++ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) + ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) + + IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c +index d44f6cd..067fd72 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_info.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_info.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,52 +63,55 @@ + #include + + X509_INFO *X509_INFO_new(void) +- { +- X509_INFO *ret=NULL; ++{ ++ X509_INFO *ret = NULL; ++ ++ ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } + +- ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); +- if (ret == NULL) +- { +- ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- +- ret->enc_cipher.cipher=NULL; +- ret->enc_len=0; +- ret->enc_data=NULL; +- +- ret->references=1; +- ret->x509=NULL; +- ret->crl=NULL; +- ret->x_pkey=NULL; +- return(ret); +- } ++ ret->enc_cipher.cipher = NULL; ++ ret->enc_len = 0; ++ ret->enc_data = NULL; ++ ++ ret->references = 1; ++ ret->x509 = NULL; ++ ret->crl = NULL; ++ ret->x_pkey = NULL; ++ return (ret); ++} + + void X509_INFO_free(X509_INFO *x) +- { +- int i; ++{ ++ int i; + +- if (x == NULL) return; ++ if (x == NULL) ++ return; + +- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO); ++ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO); + #ifdef REF_PRINT +- REF_PRINT("X509_INFO",x); ++ REF_PRINT("X509_INFO", x); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"X509_INFO_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "X509_INFO_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if (x->x509 != NULL) X509_free(x->x509); +- if (x->crl != NULL) X509_CRL_free(x->crl); +- if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); +- if (x->enc_data != NULL) OPENSSL_free(x->enc_data); +- OPENSSL_free(x); +- } ++ if (x->x509 != NULL) ++ X509_free(x->x509); ++ if (x->crl != NULL) ++ X509_CRL_free(x->crl); ++ if (x->x_pkey != NULL) ++ X509_PKEY_free(x->x_pkey); ++ if (x->enc_data != NULL) ++ OPENSSL_free(x->enc_data); ++ OPENSSL_free(x); ++} + + IMPLEMENT_STACK_OF(X509_INFO) +- +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +index bf35457..e0dab2b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_long.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +@@ -1,6 +1,7 @@ + /* x_long.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,111 +62,126 @@ + #include + #include + +-/* Custom primitive type for long handling. This converts between an ASN1_INTEGER +- * and a long directly. ++/* ++ * Custom primitive type for long handling. This converts between an ++ * ASN1_INTEGER and a long directly. + */ + +- + static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + +-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); ++static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, ++ const ASN1_ITEM *it); ++static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ++ int utype, char *free_cont, const ASN1_ITEM *it); + + static ASN1_PRIMITIVE_FUNCS long_pf = { +- NULL, 0, +- long_new, +- long_free, +- long_free, /* Clear should set to initial value */ +- long_c2i, +- long_i2c ++ NULL, 0, ++ long_new, ++ long_free, ++ long_free, /* Clear should set to initial value */ ++ long_c2i, ++ long_i2c + }; + + ASN1_ITEM_start(LONG) +- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" ++ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" + ASN1_ITEM_end(LONG) + + ASN1_ITEM_start(ZLONG) +- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" ++ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" + ASN1_ITEM_end(ZLONG) + + static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- *(long *)pval = it->size; +- return 1; ++ *(long *)pval = it->size; ++ return 1; + } + + static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- *(long *)pval = it->size; ++ *(long *)pval = it->size; + } + +-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) ++static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, ++ const ASN1_ITEM *it) + { +- long ltmp; +- unsigned long utmp; +- int clen, pad, i; +- /* this exists to bypass broken gcc optimization */ +- char *cp = (char *)pval; +- +- /* use memcpy, because we may not be long aligned */ +- memcpy(<mp, cp, sizeof(long)); +- +- if(ltmp == it->size) return -1; +- /* Convert the long to positive: we subtract one if negative so +- * we can cleanly handle the padding if only the MSB of the leading +- * octet is set. +- */ +- if(ltmp < 0) utmp = -ltmp - 1; +- else utmp = ltmp; +- clen = BN_num_bits_word(utmp); +- /* If MSB of leading octet set we need to pad */ +- if(!(clen & 0x7)) pad = 1; +- else pad = 0; +- +- /* Convert number of bits to number of octets */ +- clen = (clen + 7) >> 3; +- +- if(cont) { +- if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; +- for(i = clen - 1; i >= 0; i--) { +- cont[i] = (unsigned char)(utmp & 0xff); +- if(ltmp < 0) cont[i] ^= 0xff; +- utmp >>= 8; +- } +- } +- return clen + pad; ++ long ltmp; ++ unsigned long utmp; ++ int clen, pad, i; ++ /* this exists to bypass broken gcc optimization */ ++ char *cp = (char *)pval; ++ ++ /* use memcpy, because we may not be long aligned */ ++ memcpy(<mp, cp, sizeof(long)); ++ ++ if (ltmp == it->size) ++ return -1; ++ /* ++ * Convert the long to positive: we subtract one if negative so we can ++ * cleanly handle the padding if only the MSB of the leading octet is ++ * set. ++ */ ++ if (ltmp < 0) ++ utmp = -ltmp - 1; ++ else ++ utmp = ltmp; ++ clen = BN_num_bits_word(utmp); ++ /* If MSB of leading octet set we need to pad */ ++ if (!(clen & 0x7)) ++ pad = 1; ++ else ++ pad = 0; ++ ++ /* Convert number of bits to number of octets */ ++ clen = (clen + 7) >> 3; ++ ++ if (cont) { ++ if (pad) ++ *cont++ = (ltmp < 0) ? 0xff : 0; ++ for (i = clen - 1; i >= 0; i--) { ++ cont[i] = (unsigned char)(utmp & 0xff); ++ if (ltmp < 0) ++ cont[i] ^= 0xff; ++ utmp >>= 8; ++ } ++ } ++ return clen + pad; + } + + static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it) ++ int utype, char *free_cont, const ASN1_ITEM *it) + { +- int neg, i; +- long ltmp; +- unsigned long utmp = 0; +- char *cp = (char *)pval; +- if(len > (int)sizeof(long)) { +- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); +- return 0; +- } +- /* Is it negative? */ +- if(len && (cont[0] & 0x80)) neg = 1; +- else neg = 0; +- utmp = 0; +- for(i = 0; i < len; i++) { +- utmp <<= 8; +- if(neg) utmp |= cont[i] ^ 0xff; +- else utmp |= cont[i]; +- } +- ltmp = (long)utmp; +- if(neg) { +- ltmp++; +- ltmp = -ltmp; +- } +- if(ltmp == it->size) { +- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); +- return 0; +- } +- memcpy(cp, <mp, sizeof(long)); +- return 1; ++ int neg, i; ++ long ltmp; ++ unsigned long utmp = 0; ++ char *cp = (char *)pval; ++ if (len > (int)sizeof(long)) { ++ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); ++ return 0; ++ } ++ /* Is it negative? */ ++ if (len && (cont[0] & 0x80)) ++ neg = 1; ++ else ++ neg = 0; ++ utmp = 0; ++ for (i = 0; i < len; i++) { ++ utmp <<= 8; ++ if (neg) ++ utmp |= cont[i] ^ 0xff; ++ else ++ utmp |= cont[i]; ++ } ++ ltmp = (long)utmp; ++ if (neg) { ++ ltmp++; ++ ltmp = -ltmp; ++ } ++ if (ltmp == it->size) { ++ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); ++ return 0; ++ } ++ memcpy(cp, <mp, sizeof(long)); ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +index 9a1a9f4..85be1a6 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_name.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,217 +61,250 @@ + #include + #include + +-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx); ++static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, ++ long len, const ASN1_ITEM *it, int tag, ++ int aclass, char opt, ASN1_TLC *ctx); + +-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); ++static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, ++ const ASN1_ITEM *it, int tag, int aclass); + static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); + static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); + + static int x509_name_encode(X509_NAME *a); + + ASN1_SEQUENCE(X509_NAME_ENTRY) = { +- ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), +- ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) ++ ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), ++ ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) + } ASN1_SEQUENCE_END(X509_NAME_ENTRY) + + IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) + IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) + +-/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } +- * so declare two template wrappers for this ++/* ++ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so ++ * declare two template wrappers for this + */ + + ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) + ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) + + ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) + ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) + +-/* Normally that's where it would end: we'd have two nested STACK structures ++/* ++ * Normally that's where it would end: we'd have two nested STACK structures + * representing the ASN1. Unfortunately X509_NAME uses a completely different +- * form and caches encodings so we have to process the internal form and convert +- * to the external form. ++ * form and caches encodings so we have to process the internal form and ++ * convert to the external form. + */ + + const ASN1_EXTERN_FUNCS x509_name_ff = { +- NULL, +- x509_name_ex_new, +- x509_name_ex_free, +- 0, /* Default clear behaviour is OK */ +- x509_name_ex_d2i, +- x509_name_ex_i2d ++ NULL, ++ x509_name_ex_new, ++ x509_name_ex_free, ++ 0, /* Default clear behaviour is OK */ ++ x509_name_ex_d2i, ++ x509_name_ex_i2d + }; + +-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) ++IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) + + IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) ++ + IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) + + static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) + { +- X509_NAME *ret = NULL; +- ret = OPENSSL_malloc(sizeof(X509_NAME)); +- if(!ret) goto memerr; +- if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL) +- goto memerr; +- if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr; +- ret->modified=1; +- *val = (ASN1_VALUE *)ret; +- return 1; ++ X509_NAME *ret = NULL; ++ ret = OPENSSL_malloc(sizeof(X509_NAME)); ++ if (!ret) ++ goto memerr; ++ if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) ++ goto memerr; ++ if ((ret->bytes = BUF_MEM_new()) == NULL) ++ goto memerr; ++ ret->modified = 1; ++ *val = (ASN1_VALUE *)ret; ++ return 1; + + memerr: +- ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); +- if (ret) +- { +- if (ret->entries) +- sk_X509_NAME_ENTRY_free(ret->entries); +- OPENSSL_free(ret); +- } +- return 0; ++ ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); ++ if (ret) { ++ if (ret->entries) ++ sk_X509_NAME_ENTRY_free(ret->entries); ++ OPENSSL_free(ret); ++ } ++ return 0; + } + + static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- X509_NAME *a; +- if(!pval || !*pval) +- return; +- a = (X509_NAME *)*pval; +- +- BUF_MEM_free(a->bytes); +- sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free); +- OPENSSL_free(a); +- *pval = NULL; ++ X509_NAME *a; ++ if (!pval || !*pval) ++ return; ++ a = (X509_NAME *)*pval; ++ ++ BUF_MEM_free(a->bytes); ++ sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); ++ OPENSSL_free(a); ++ *pval = NULL; + } + +-/* Used with sk_pop_free() to free up the internal representation. +- * NB: we only free the STACK and not its contents because it is +- * already present in the X509_NAME structure. ++/* ++ * Used with sk_pop_free() to free up the internal representation. NB: we ++ * only free the STACK and not its contents because it is already present in ++ * the X509_NAME structure. + */ + + static void sk_internal_free(void *a) + { +- sk_free(a); ++ sk_free(a); + } + +-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx) ++static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, ++ long len, const ASN1_ITEM *it, int tag, ++ int aclass, char opt, ASN1_TLC *ctx) + { +- const unsigned char *p = *in, *q; +- union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; +- union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL}; +- int i, j, ret; +- STACK_OF(X509_NAME_ENTRY) *entries; +- X509_NAME_ENTRY *entry; +- q = p; +- +- /* Get internal representation of Name */ +- ret = ASN1_item_ex_d2i(&intname.a, +- &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), +- tag, aclass, opt, ctx); +- +- if(ret <= 0) return ret; +- +- if(*val) x509_name_ex_free(val, NULL); +- if(!x509_name_ex_new(&nm.a, NULL)) goto err; +- /* We've decoded it: now cache encoding */ +- if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err; +- memcpy(nm.x->bytes->data, q, p - q); +- +- /* Convert internal representation to X509_NAME structure */ +- for(i = 0; i < sk_num(intname.s); i++) { +- entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); +- for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { +- entry = sk_X509_NAME_ENTRY_value(entries, j); +- entry->set = i; +- if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) +- goto err; +- } +- sk_X509_NAME_ENTRY_free(entries); +- } +- sk_free(intname.s); +- nm.x->modified = 0; +- *val = nm.a; +- *in = p; +- return ret; +-err: +- if (nm.x != NULL) +- X509_NAME_free(nm.x); +- ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); +- return 0; ++ const unsigned char *p = *in, *q; ++ union { ++ STACK *s; ++ ASN1_VALUE *a; ++ } intname = { ++ NULL ++ }; ++ union { ++ X509_NAME *x; ++ ASN1_VALUE *a; ++ } nm = { ++ NULL ++ }; ++ int i, j, ret; ++ STACK_OF(X509_NAME_ENTRY) *entries; ++ X509_NAME_ENTRY *entry; ++ q = p; ++ ++ /* Get internal representation of Name */ ++ ret = ASN1_item_ex_d2i(&intname.a, ++ &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), ++ tag, aclass, opt, ctx); ++ ++ if (ret <= 0) ++ return ret; ++ ++ if (*val) ++ x509_name_ex_free(val, NULL); ++ if (!x509_name_ex_new(&nm.a, NULL)) ++ goto err; ++ /* We've decoded it: now cache encoding */ ++ if (!BUF_MEM_grow(nm.x->bytes, p - q)) ++ goto err; ++ memcpy(nm.x->bytes->data, q, p - q); ++ ++ /* Convert internal representation to X509_NAME structure */ ++ for (i = 0; i < sk_num(intname.s); i++) { ++ entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i); ++ for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { ++ entry = sk_X509_NAME_ENTRY_value(entries, j); ++ entry->set = i; ++ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) ++ goto err; ++ } ++ sk_X509_NAME_ENTRY_free(entries); ++ } ++ sk_free(intname.s); ++ nm.x->modified = 0; ++ *val = nm.a; ++ *in = p; ++ return ret; ++ err: ++ if (nm.x != NULL) ++ X509_NAME_free(nm.x); ++ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ return 0; + } + +-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) ++static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, ++ const ASN1_ITEM *it, int tag, int aclass) + { +- int ret; +- X509_NAME *a = (X509_NAME *)*val; +- if(a->modified) { +- ret = x509_name_encode((X509_NAME *)a); +- if(ret < 0) return ret; +- } +- ret = a->bytes->length; +- if(out != NULL) { +- memcpy(*out,a->bytes->data,ret); +- *out+=ret; +- } +- return ret; ++ int ret; ++ X509_NAME *a = (X509_NAME *)*val; ++ if (a->modified) { ++ ret = x509_name_encode((X509_NAME *)a); ++ if (ret < 0) ++ return ret; ++ } ++ ret = a->bytes->length; ++ if (out != NULL) { ++ memcpy(*out, a->bytes->data, ret); ++ *out += ret; ++ } ++ return ret; + } + + static int x509_name_encode(X509_NAME *a) + { +- union { STACK *s; ASN1_VALUE *a; } intname = {NULL}; +- int len; +- unsigned char *p; +- STACK_OF(X509_NAME_ENTRY) *entries = NULL; +- X509_NAME_ENTRY *entry; +- int i, set = -1; +- intname.s = sk_new_null(); +- if(!intname.s) goto memerr; +- for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { +- entry = sk_X509_NAME_ENTRY_value(a->entries, i); +- if(entry->set != set) { +- entries = sk_X509_NAME_ENTRY_new_null(); +- if(!entries) goto memerr; +- if(!sk_push(intname.s, (char *)entries)) goto memerr; +- set = entry->set; +- } +- if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; +- } +- len = ASN1_item_ex_i2d(&intname.a, NULL, +- ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); +- if (!BUF_MEM_grow(a->bytes,len)) goto memerr; +- p=(unsigned char *)a->bytes->data; +- ASN1_item_ex_i2d(&intname.a, +- &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); +- sk_pop_free(intname.s, sk_internal_free); +- a->modified = 0; +- return len; +- memerr: +- sk_pop_free(intname.s, sk_internal_free); +- ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); +- return -1; ++ union { ++ STACK *s; ++ ASN1_VALUE *a; ++ } intname = { ++ NULL ++ }; ++ int len; ++ unsigned char *p; ++ STACK_OF(X509_NAME_ENTRY) *entries = NULL; ++ X509_NAME_ENTRY *entry; ++ int i, set = -1; ++ intname.s = sk_new_null(); ++ if (!intname.s) ++ goto memerr; ++ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { ++ entry = sk_X509_NAME_ENTRY_value(a->entries, i); ++ if (entry->set != set) { ++ entries = sk_X509_NAME_ENTRY_new_null(); ++ if (!entries) ++ goto memerr; ++ if (!sk_push(intname.s, (char *)entries)) ++ goto memerr; ++ set = entry->set; ++ } ++ if (!sk_X509_NAME_ENTRY_push(entries, entry)) ++ goto memerr; ++ } ++ len = ASN1_item_ex_i2d(&intname.a, NULL, ++ ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); ++ if (!BUF_MEM_grow(a->bytes, len)) ++ goto memerr; ++ p = (unsigned char *)a->bytes->data; ++ ASN1_item_ex_i2d(&intname.a, ++ &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); ++ sk_pop_free(intname.s, sk_internal_free); ++ a->modified = 0; ++ return len; ++ memerr: ++ sk_pop_free(intname.s, sk_internal_free); ++ ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); ++ return -1; + } + +- + int X509_NAME_set(X509_NAME **xn, X509_NAME *name) +- { +- X509_NAME *in; +- +- if (!xn || !name) return(0); +- +- if (*xn != name) +- { +- in=X509_NAME_dup(name); +- if (in != NULL) +- { +- X509_NAME_free(*xn); +- *xn=in; +- } +- } +- return(*xn != NULL); +- } +- ++{ ++ X509_NAME *in; ++ ++ if (!xn || !name) ++ return (0); ++ ++ if (*xn != name) { ++ in = X509_NAME_dup(name); ++ if (in != NULL) { ++ X509_NAME_free(*xn); ++ *xn = in; ++ } ++ } ++ return (*xn != NULL); ++} ++ + IMPLEMENT_STACK_OF(X509_NAME_ENTRY) ++ + IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c +index 8453618..2da23e4 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,87 +65,89 @@ + + /* need to implement */ + int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) +- { +- return(0); +- } ++{ ++ return (0); ++} + + X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length) +- { +- int i; +- M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); ++{ ++ int i; ++ M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new); + +- M_ASN1_D2I_Init(); +- M_ASN1_D2I_start_sequence(); +- M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR); +- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING); ++ M_ASN1_D2I_Init(); ++ M_ASN1_D2I_start_sequence(); ++ M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR); ++ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING); + +- ret->cipher.cipher=EVP_get_cipherbyname( +- OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm))); +- if (ret->cipher.cipher == NULL) +- { +- c.error=ASN1_R_UNSUPPORTED_CIPHER; +- c.line=__LINE__; +- goto err; +- } +- if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) +- { +- i=ret->enc_algor->parameter->value.octet_string->length; +- if (i > EVP_MAX_IV_LENGTH) +- { +- c.error=ASN1_R_IV_TOO_LARGE; +- c.line=__LINE__; +- goto err; +- } +- memcpy(ret->cipher.iv, +- ret->enc_algor->parameter->value.octet_string->data,i); +- } +- else +- memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH); +- M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY); +- } ++ ret->cipher.cipher = ++ EVP_get_cipherbyname(OBJ_nid2ln ++ (OBJ_obj2nid(ret->enc_algor->algorithm))); ++ if (ret->cipher.cipher == NULL) { ++ c.error = ASN1_R_UNSUPPORTED_CIPHER; ++ c.line = __LINE__; ++ goto err; ++ } ++ if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) { ++ i = ret->enc_algor->parameter->value.octet_string->length; ++ if (i > EVP_MAX_IV_LENGTH) { ++ c.error = ASN1_R_IV_TOO_LARGE; ++ c.line = __LINE__; ++ goto err; ++ } ++ memcpy(ret->cipher.iv, ++ ret->enc_algor->parameter->value.octet_string->data, i); ++ } else ++ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ++ M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY); ++} + + X509_PKEY *X509_PKEY_new(void) +- { +- X509_PKEY *ret=NULL; +- ASN1_CTX c; ++{ ++ X509_PKEY *ret = NULL; ++ ASN1_CTX c; + +- M_ASN1_New_Malloc(ret,X509_PKEY); +- ret->version=0; +- M_ASN1_New(ret->enc_algor,X509_ALGOR_new); +- M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new); +- ret->dec_pkey=NULL; +- ret->key_length=0; +- ret->key_data=NULL; +- ret->key_free=0; +- ret->cipher.cipher=NULL; +- memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH); +- ret->references=1; +- return(ret); +- M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); +- } ++ M_ASN1_New_Malloc(ret, X509_PKEY); ++ ret->version = 0; ++ M_ASN1_New(ret->enc_algor, X509_ALGOR_new); ++ M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); ++ ret->dec_pkey = NULL; ++ ret->key_length = 0; ++ ret->key_data = NULL; ++ ret->key_free = 0; ++ ret->cipher.cipher = NULL; ++ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ++ ret->references = 1; ++ return (ret); ++ M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); ++} + + void X509_PKEY_free(X509_PKEY *x) +- { +- int i; ++{ ++ int i; + +- if (x == NULL) return; ++ if (x == NULL) ++ return; + +- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY); ++ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); + #ifdef REF_PRINT +- REF_PRINT("X509_PKEY",x); ++ REF_PRINT("X509_PKEY", x); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"X509_PKEY_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "X509_PKEY_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); +- if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey); +- if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); +- if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data); +- OPENSSL_free(x); +- } ++ if (x->enc_algor != NULL) ++ X509_ALGOR_free(x->enc_algor); ++ if (x->enc_pkey != NULL) ++ M_ASN1_OCTET_STRING_free(x->enc_pkey); ++ if (x->dec_pkey != NULL) ++ EVP_PKEY_free(x->dec_pkey); ++ if ((x->key_data != NULL) && (x->key_free)) ++ OPENSSL_free(x->key_data); ++ OPENSSL_free(x); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +index bc8a7bf..307798c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,483 +61,462 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + + /* Minor tweak to operation: free up EVP_PKEY */ + static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +- { +- if (operation == ASN1_OP_FREE_POST) +- { +- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; +- EVP_PKEY_free(pubkey->pkey); +- } +- return 1; +- } ++{ ++ if (operation == ASN1_OP_FREE_POST) { ++ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; ++ EVP_PKEY_free(pubkey->pkey); ++ } ++ return 1; ++} + + ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { +- ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), +- ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) ++ ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), ++ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) + + IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) + + int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) +- { +- X509_PUBKEY *pk=NULL; +- X509_ALGOR *a; +- ASN1_OBJECT *o; +- unsigned char *s,*p = NULL; +- int i; +- +- if (x == NULL) return(0); +- +- if ((pk=X509_PUBKEY_new()) == NULL) goto err; +- a=pk->algor; +- +- /* set the algorithm id */ +- if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; +- ASN1_OBJECT_free(a->algorithm); +- a->algorithm=o; +- +- /* Set the parameter list */ +- if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) +- { +- if ((a->parameter == NULL) || +- (a->parameter->type != V_ASN1_NULL)) +- { +- ASN1_TYPE_free(a->parameter); +- if (!(a->parameter=ASN1_TYPE_new())) +- { +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- a->parameter->type=V_ASN1_NULL; +- } +- } ++{ ++ X509_PUBKEY *pk = NULL; ++ X509_ALGOR *a; ++ ASN1_OBJECT *o; ++ unsigned char *s, *p = NULL; ++ int i; ++ ++ if (x == NULL) ++ return (0); ++ ++ if ((pk = X509_PUBKEY_new()) == NULL) ++ goto err; ++ a = pk->algor; ++ ++ /* set the algorithm id */ ++ if ((o = OBJ_nid2obj(pkey->type)) == NULL) ++ goto err; ++ ASN1_OBJECT_free(a->algorithm); ++ a->algorithm = o; ++ ++ /* Set the parameter list */ ++ if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) { ++ if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) { ++ ASN1_TYPE_free(a->parameter); ++ if (!(a->parameter = ASN1_TYPE_new())) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ a->parameter->type = V_ASN1_NULL; ++ } ++ } + #ifndef OPENSSL_NO_DSA +- else if (pkey->type == EVP_PKEY_DSA) +- { +- unsigned char *pp; +- DSA *dsa; +- +- dsa=pkey->pkey.dsa; +- dsa->write_params=0; +- ASN1_TYPE_free(a->parameter); +- if ((i=i2d_DSAparams(dsa,NULL)) <= 0) +- goto err; +- if (!(p=(unsigned char *)OPENSSL_malloc(i))) +- { +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- pp=p; +- i2d_DSAparams(dsa,&pp); +- if (!(a->parameter=ASN1_TYPE_new())) +- { +- OPENSSL_free(p); +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- a->parameter->type=V_ASN1_SEQUENCE; +- if (!(a->parameter->value.sequence=ASN1_STRING_new())) +- { +- OPENSSL_free(p); +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_STRING_set(a->parameter->value.sequence,p,i)) +- { +- OPENSSL_free(p); +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- OPENSSL_free(p); +- } ++ else if (pkey->type == EVP_PKEY_DSA) { ++ unsigned char *pp; ++ DSA *dsa; ++ ++ dsa = pkey->pkey.dsa; ++ dsa->write_params = 0; ++ ASN1_TYPE_free(a->parameter); ++ if ((i = i2d_DSAparams(dsa, NULL)) <= 0) ++ goto err; ++ if (!(p = (unsigned char *)OPENSSL_malloc(i))) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ pp = p; ++ i2d_DSAparams(dsa, &pp); ++ if (!(a->parameter = ASN1_TYPE_new())) { ++ OPENSSL_free(p); ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ a->parameter->type = V_ASN1_SEQUENCE; ++ if (!(a->parameter->value.sequence = ASN1_STRING_new())) { ++ OPENSSL_free(p); ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!ASN1_STRING_set(a->parameter->value.sequence, p, i)) { ++ OPENSSL_free(p); ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ OPENSSL_free(p); ++ } + #endif + #ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) +- { +- int nid=0; +- unsigned char *pp; +- EC_KEY *ec_key; +- const EC_GROUP *group; +- +- ec_key = pkey->pkey.ec; +- ASN1_TYPE_free(a->parameter); +- +- if ((a->parameter = ASN1_TYPE_new()) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); +- goto err; +- } +- +- group = EC_KEY_get0_group(ec_key); +- if (EC_GROUP_get_asn1_flag(group) +- && (nid = EC_GROUP_get_curve_name(group))) +- { +- /* just set the OID */ +- a->parameter->type = V_ASN1_OBJECT; +- a->parameter->value.object = OBJ_nid2obj(nid); +- } +- else /* explicit parameters */ +- { +- if ((i = i2d_ECParameters(ec_key, NULL)) == 0) +- { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); +- goto err; +- } +- if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- pp = p; +- if (!i2d_ECParameters(ec_key, &pp)) +- { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); +- OPENSSL_free(p); +- goto err; +- } +- a->parameter->type = V_ASN1_SEQUENCE; +- if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); +- OPENSSL_free(p); +- goto err; +- } +- ASN1_STRING_set(a->parameter->value.sequence, p, i); +- OPENSSL_free(p); +- } +- } ++ else if (pkey->type == EVP_PKEY_EC) { ++ int nid = 0; ++ unsigned char *pp; ++ EC_KEY *ec_key; ++ const EC_GROUP *group; ++ ++ ec_key = pkey->pkey.ec; ++ ASN1_TYPE_free(a->parameter); ++ ++ if ((a->parameter = ASN1_TYPE_new()) == NULL) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(ec_key); ++ if (EC_GROUP_get_asn1_flag(group) ++ && (nid = EC_GROUP_get_curve_name(group))) { ++ /* just set the OID */ ++ a->parameter->type = V_ASN1_OBJECT; ++ a->parameter->value.object = OBJ_nid2obj(nid); ++ } else { /* explicit parameters */ ++ ++ if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); ++ goto err; ++ } ++ if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ pp = p; ++ if (!i2d_ECParameters(ec_key, &pp)) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB); ++ OPENSSL_free(p); ++ goto err; ++ } ++ a->parameter->type = V_ASN1_SEQUENCE; ++ if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB); ++ OPENSSL_free(p); ++ goto err; ++ } ++ ASN1_STRING_set(a->parameter->value.sequence, p, i); ++ OPENSSL_free(p); ++ } ++ } + #endif +- else if (1) +- { +- X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); +- goto err; +- } +- +- if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; +- if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p=s; +- i2d_PublicKey(pkey,&p); +- if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) +- { +- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- /* Set number of unused bits to zero */ +- pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +- pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; +- +- OPENSSL_free(s); ++ else if (1) { ++ X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); ++ goto err; ++ } ++ ++ if ((i = i2d_PublicKey(pkey, NULL)) <= 0) ++ goto err; ++ if ((s = (unsigned char *)OPENSSL_malloc(i + 1)) == NULL) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = s; ++ i2d_PublicKey(pkey, &p); ++ if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) { ++ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ /* Set number of unused bits to zero */ ++ pk->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ pk->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ ++ OPENSSL_free(s); + + #if 0 +- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); +- pk->pkey=pkey; ++ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ pk->pkey = pkey; + #endif + +- if (*x != NULL) +- X509_PUBKEY_free(*x); ++ if (*x != NULL) ++ X509_PUBKEY_free(*x); + +- *x=pk; ++ *x = pk; + +- return 1; +-err: +- if (pk != NULL) X509_PUBKEY_free(pk); +- return 0; +- } ++ return 1; ++ err: ++ if (pk != NULL) ++ X509_PUBKEY_free(pk); ++ return 0; ++} + + EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) +- { +- EVP_PKEY *ret=NULL; +- long j; +- int type; +- const unsigned char *p; ++{ ++ EVP_PKEY *ret = NULL; ++ long j; ++ int type; ++ const unsigned char *p; + #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +- const unsigned char *cp; +- X509_ALGOR *a; ++ const unsigned char *cp; ++ X509_ALGOR *a; + #endif + +- if (key == NULL) goto err; ++ if (key == NULL) ++ goto err; ++ ++ if (key->pkey != NULL) { ++ CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ return (key->pkey); ++ } + +- if (key->pkey != NULL) +- { +- CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); +- return(key->pkey); +- } ++ if (key->public_key == NULL) ++ goto err; + +- if (key->public_key == NULL) goto err; ++ type = OBJ_obj2nid(key->algor->algorithm); ++ if ((ret = EVP_PKEY_new()) == NULL) { ++ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ret->type = EVP_PKEY_type(type); + +- type=OBJ_obj2nid(key->algor->algorithm); +- if ((ret = EVP_PKEY_new()) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ret->type = EVP_PKEY_type(type); ++ /* the parameters must be extracted before the public key (ECDSA!) */ + +- /* the parameters must be extracted before the public key (ECDSA!) */ +- + #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +- a=key->algor; ++ a = key->algor; + #endif + +- if (0) +- ; ++ if (0) ; + #ifndef OPENSSL_NO_DSA +- else if (ret->type == EVP_PKEY_DSA) +- { +- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) +- { +- if ((ret->pkey.dsa = DSA_new()) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ret->pkey.dsa->write_params=0; +- cp=p=a->parameter->value.sequence->data; +- j=a->parameter->value.sequence->length; +- if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) +- goto err; +- } +- ret->save_parameters=1; +- } ++ else if (ret->type == EVP_PKEY_DSA) { ++ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ++ if ((ret->pkey.dsa = DSA_new()) == NULL) { ++ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ret->pkey.dsa->write_params = 0; ++ cp = p = a->parameter->value.sequence->data; ++ j = a->parameter->value.sequence->length; ++ if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j)) ++ goto err; ++ } ++ ret->save_parameters = 1; ++ } + #endif + #ifndef OPENSSL_NO_EC +- else if (ret->type == EVP_PKEY_EC) +- { +- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) +- { +- /* type == V_ASN1_SEQUENCE => we have explicit parameters +- * (e.g. parameters in the X9_62_EC_PARAMETERS-structure ) +- */ +- if ((ret->pkey.ec= EC_KEY_new()) == NULL) +- { +- X509err(X509_F_X509_PUBKEY_GET, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- cp = p = a->parameter->value.sequence->data; +- j = a->parameter->value.sequence->length; +- if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) +- { +- X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); +- goto err; +- } +- } +- else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) +- { +- /* type == V_ASN1_OBJECT => the parameters are given +- * by an asn1 OID +- */ +- EC_KEY *ec_key; +- EC_GROUP *group; +- +- if (ret->pkey.ec == NULL) +- ret->pkey.ec = EC_KEY_new(); +- ec_key = ret->pkey.ec; +- if (ec_key == NULL) +- goto err; +- group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); +- if (group == NULL) +- goto err; +- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); +- if (EC_KEY_set_group(ec_key, group) == 0) +- goto err; +- EC_GROUP_free(group); +- } +- /* the case implicitlyCA is currently not implemented */ +- ret->save_parameters = 1; +- } ++ else if (ret->type == EVP_PKEY_EC) { ++ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) { ++ /* ++ * type == V_ASN1_SEQUENCE => we have explicit parameters (e.g. ++ * parameters in the X9_62_EC_PARAMETERS-structure ) ++ */ ++ if ((ret->pkey.ec = EC_KEY_new()) == NULL) { ++ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ cp = p = a->parameter->value.sequence->data; ++ j = a->parameter->value.sequence->length; ++ if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) { ++ X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) { ++ /* ++ * type == V_ASN1_OBJECT => the parameters are given by an asn1 ++ * OID ++ */ ++ EC_KEY *ec_key; ++ EC_GROUP *group; ++ ++ if (ret->pkey.ec == NULL) ++ ret->pkey.ec = EC_KEY_new(); ++ ec_key = ret->pkey.ec; ++ if (ec_key == NULL) ++ goto err; ++ group = ++ EC_GROUP_new_by_curve_name(OBJ_obj2nid ++ (a->parameter->value.object)); ++ if (group == NULL) ++ goto err; ++ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); ++ if (EC_KEY_set_group(ec_key, group) == 0) ++ goto err; ++ EC_GROUP_free(group); ++ } ++ /* ++ * the case implicitlyCA is currently not implemented ++ */ ++ ret->save_parameters = 1; ++ } + #endif + +- p=key->public_key->data; +- j=key->public_key->length; +- if (!d2i_PublicKey(type, &ret, &p, (long)j)) +- { +- X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); +- goto err; +- } +- +- /* Check to see if another thread set key->pkey first */ +- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); +- if (key->pkey) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); +- EVP_PKEY_free(ret); +- ret = key->pkey; +- } +- else +- { +- key->pkey = ret; +- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); +- } +- CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); +- return(ret); +-err: +- if (ret != NULL) +- EVP_PKEY_free(ret); +- return(NULL); +- } +- +-/* Now two pseudo ASN1 routines that take an EVP_PKEY structure +- * and encode or decode as X509_PUBKEY ++ p = key->public_key->data; ++ j = key->public_key->length; ++ if (!d2i_PublicKey(type, &ret, &p, (long)j)) { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB); ++ goto err; ++ } ++ ++ /* Check to see if another thread set key->pkey first */ ++ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); ++ if (key->pkey) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ EVP_PKEY_free(ret); ++ ret = key->pkey; ++ } else { ++ key->pkey = ret; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ } ++ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ return (ret); ++ err: ++ if (ret != NULL) ++ EVP_PKEY_free(ret); ++ return (NULL); ++} ++ ++/* ++ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or ++ * decode as X509_PUBKEY + */ + +-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, +- long length) +- { +- X509_PUBKEY *xpk; +- EVP_PKEY *pktmp; +- xpk = d2i_X509_PUBKEY(NULL, pp, length); +- if(!xpk) return NULL; +- pktmp = X509_PUBKEY_get(xpk); +- X509_PUBKEY_free(xpk); +- if(!pktmp) return NULL; +- if(a) +- { +- EVP_PKEY_free(*a); +- *a = pktmp; +- } +- return pktmp; +- } ++EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) ++{ ++ X509_PUBKEY *xpk; ++ EVP_PKEY *pktmp; ++ xpk = d2i_X509_PUBKEY(NULL, pp, length); ++ if (!xpk) ++ return NULL; ++ pktmp = X509_PUBKEY_get(xpk); ++ X509_PUBKEY_free(xpk); ++ if (!pktmp) ++ return NULL; ++ if (a) { ++ EVP_PKEY_free(*a); ++ *a = pktmp; ++ } ++ return pktmp; ++} + + int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) +- { +- X509_PUBKEY *xpk=NULL; +- int ret; +- if(!a) return 0; +- if(!X509_PUBKEY_set(&xpk, a)) return 0; +- ret = i2d_X509_PUBKEY(xpk, pp); +- X509_PUBKEY_free(xpk); +- return ret; +- } +- +-/* The following are equivalents but which return RSA and DSA +- * keys ++{ ++ X509_PUBKEY *xpk = NULL; ++ int ret; ++ if (!a) ++ return 0; ++ if (!X509_PUBKEY_set(&xpk, a)) ++ return 0; ++ ret = i2d_X509_PUBKEY(xpk, pp); ++ X509_PUBKEY_free(xpk); ++ return ret; ++} ++ ++/* ++ * The following are equivalents but which return RSA and DSA keys + */ + #ifndef OPENSSL_NO_RSA +-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, +- long length) +- { +- EVP_PKEY *pkey; +- RSA *key; +- const unsigned char *q; +- q = *pp; +- pkey = d2i_PUBKEY(NULL, &q, length); +- if (!pkey) return NULL; +- key = EVP_PKEY_get1_RSA(pkey); +- EVP_PKEY_free(pkey); +- if (!key) return NULL; +- *pp = q; +- if (a) +- { +- RSA_free(*a); +- *a = key; +- } +- return key; +- } ++RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) ++{ ++ EVP_PKEY *pkey; ++ RSA *key; ++ const unsigned char *q; ++ q = *pp; ++ pkey = d2i_PUBKEY(NULL, &q, length); ++ if (!pkey) ++ return NULL; ++ key = EVP_PKEY_get1_RSA(pkey); ++ EVP_PKEY_free(pkey); ++ if (!key) ++ return NULL; ++ *pp = q; ++ if (a) { ++ RSA_free(*a); ++ *a = key; ++ } ++ return key; ++} + + int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) +- { +- EVP_PKEY *pktmp; +- int ret; +- if (!a) return 0; +- pktmp = EVP_PKEY_new(); +- if (!pktmp) +- { +- ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- EVP_PKEY_set1_RSA(pktmp, a); +- ret = i2d_PUBKEY(pktmp, pp); +- EVP_PKEY_free(pktmp); +- return ret; +- } ++{ ++ EVP_PKEY *pktmp; ++ int ret; ++ if (!a) ++ return 0; ++ pktmp = EVP_PKEY_new(); ++ if (!pktmp) { ++ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ EVP_PKEY_set1_RSA(pktmp, a); ++ ret = i2d_PUBKEY(pktmp, pp); ++ EVP_PKEY_free(pktmp); ++ return ret; ++} + #endif + + #ifndef OPENSSL_NO_DSA +-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, +- long length) +- { +- EVP_PKEY *pkey; +- DSA *key; +- const unsigned char *q; +- q = *pp; +- pkey = d2i_PUBKEY(NULL, &q, length); +- if (!pkey) return NULL; +- key = EVP_PKEY_get1_DSA(pkey); +- EVP_PKEY_free(pkey); +- if (!key) return NULL; +- *pp = q; +- if (a) +- { +- DSA_free(*a); +- *a = key; +- } +- return key; +- } ++DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) ++{ ++ EVP_PKEY *pkey; ++ DSA *key; ++ const unsigned char *q; ++ q = *pp; ++ pkey = d2i_PUBKEY(NULL, &q, length); ++ if (!pkey) ++ return NULL; ++ key = EVP_PKEY_get1_DSA(pkey); ++ EVP_PKEY_free(pkey); ++ if (!key) ++ return NULL; ++ *pp = q; ++ if (a) { ++ DSA_free(*a); ++ *a = key; ++ } ++ return key; ++} + + int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) +- { +- EVP_PKEY *pktmp; +- int ret; +- if(!a) return 0; +- pktmp = EVP_PKEY_new(); +- if(!pktmp) +- { +- ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- EVP_PKEY_set1_DSA(pktmp, a); +- ret = i2d_PUBKEY(pktmp, pp); +- EVP_PKEY_free(pktmp); +- return ret; +- } ++{ ++ EVP_PKEY *pktmp; ++ int ret; ++ if (!a) ++ return 0; ++ pktmp = EVP_PKEY_new(); ++ if (!pktmp) { ++ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ EVP_PKEY_set1_DSA(pktmp, a); ++ ret = i2d_PUBKEY(pktmp, pp); ++ EVP_PKEY_free(pktmp); ++ return ret; ++} + #endif + + #ifndef OPENSSL_NO_EC + EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) +- { +- EVP_PKEY *pkey; +- EC_KEY *key; +- const unsigned char *q; +- q = *pp; +- pkey = d2i_PUBKEY(NULL, &q, length); +- if (!pkey) return(NULL); +- key = EVP_PKEY_get1_EC_KEY(pkey); +- EVP_PKEY_free(pkey); +- if (!key) return(NULL); +- *pp = q; +- if (a) +- { +- EC_KEY_free(*a); +- *a = key; +- } +- return(key); +- } ++{ ++ EVP_PKEY *pkey; ++ EC_KEY *key; ++ const unsigned char *q; ++ q = *pp; ++ pkey = d2i_PUBKEY(NULL, &q, length); ++ if (!pkey) ++ return (NULL); ++ key = EVP_PKEY_get1_EC_KEY(pkey); ++ EVP_PKEY_free(pkey); ++ if (!key) ++ return (NULL); ++ *pp = q; ++ if (a) { ++ EC_KEY_free(*a); ++ *a = key; ++ } ++ return (key); ++} + + int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) +- { +- EVP_PKEY *pktmp; +- int ret; +- if (!a) return(0); +- if ((pktmp = EVP_PKEY_new()) == NULL) +- { +- ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); +- return(0); +- } +- EVP_PKEY_set1_EC_KEY(pktmp, a); +- ret = i2d_PUBKEY(pktmp, pp); +- EVP_PKEY_free(pktmp); +- return(ret); +- } ++{ ++ EVP_PKEY *pktmp; ++ int ret; ++ if (!a) ++ return (0); ++ if ((pktmp = EVP_PKEY_new()) == NULL) { ++ ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ EVP_PKEY_set1_EC_KEY(pktmp, a); ++ ret = i2d_PUBKEY(pktmp, pp); ++ EVP_PKEY_free(pktmp); ++ return (ret); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +index 59ca8ce..5b303fb 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_req.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,12 +61,13 @@ + #include + #include + +-/* X509_REQ_INFO is handled in an unusual way to get round ++/*- ++ * X509_REQ_INFO is handled in an unusual way to get round + * invalid encodings. Some broken certificate requests don't + * encode the attributes field if it is empty. This is in + * violation of PKCS#10 but we need to tolerate it. We do + * this by making the attributes field OPTIONAL then using +- * the callback to initialise it to an empty STACK. ++ * the callback to initialise it to an empty STACK. + * + * This means that the field will be correctly encoded unless + * we NULL out the field. +@@ -81,32 +82,34 @@ + + static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; ++ X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; + +- if(operation == ASN1_OP_NEW_POST) { +- rinf->attributes = sk_X509_ATTRIBUTE_new_null(); +- if(!rinf->attributes) return 0; +- } +- return 1; ++ if (operation == ASN1_OP_NEW_POST) { ++ rinf->attributes = sk_X509_ATTRIBUTE_new_null(); ++ if (!rinf->attributes) ++ return 0; ++ } ++ return 1; + } + + ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { +- ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), +- ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), +- ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), +- /* This isn't really OPTIONAL but it gets round invalid +- * encodings +- */ +- ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) ++ ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), ++ ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), ++ /* This isn't really OPTIONAL but it gets round invalid ++ * encodings ++ */ ++ ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) + } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) + + IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) + + ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { +- ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), +- ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), +- ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) ++ ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), ++ ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) + + IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) ++ + IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c +index 42efa86..dd33720 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,8 +62,8 @@ + #include + + ASN1_SEQUENCE(X509_SIG) = { +- ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), +- ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), ++ ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END(X509_SIG) + + IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c +index 2aece07..1df6b87 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,15 +49,16 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +- /* This module was send to me my Pat Richards who +- * wrote it. It is under my Copyright with his permission ++ /* ++ * This module was send to me my Pat Richards who wrote it. ++ * It is under my Copyright with his permission + */ + + #include +@@ -66,16 +67,16 @@ + #include + + ASN1_SEQUENCE(NETSCAPE_SPKAC) = { +- ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), +- ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) ++ ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), ++ ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) + } ASN1_SEQUENCE_END(NETSCAPE_SPKAC) + + IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) + + ASN1_SEQUENCE(NETSCAPE_SPKI) = { +- ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), +- ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), +- ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) ++ ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), ++ ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), ++ ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END(NETSCAPE_SPKI) + + IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c +index dc17c67..ee75a1e 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_val.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_val.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,8 +62,8 @@ + #include + + ASN1_SEQUENCE(X509_VAL) = { +- ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), +- ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) ++ ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), ++ ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) + } ASN1_SEQUENCE_END(X509_VAL) + + IMPLEMENT_ASN1_FUNCTIONS(X509_VAL) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +index 088d550..d6958f6 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,16 +64,16 @@ + #include + + ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { +- ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), +- ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), +- ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), +- ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), +- ASN1_SIMPLE(X509_CINF, validity, X509_VAL), +- ASN1_SIMPLE(X509_CINF, subject, X509_NAME), +- ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), +- ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), +- ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), +- ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) ++ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ++ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), ++ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), ++ ASN1_SIMPLE(X509_CINF, validity, X509_VAL), ++ ASN1_SIMPLE(X509_CINF, subject, X509_NAME), ++ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), ++ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ++ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ++ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) + } ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) + + IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) +@@ -83,120 +83,135 @@ extern void policy_cache_free(X509_POLICY_CACHE *cache); + + static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- X509 *ret = (X509 *)*pval; ++ X509 *ret = (X509 *)*pval; + +- switch(operation) { ++ switch (operation) { + +- case ASN1_OP_NEW_POST: +- ret->valid=0; +- ret->name = NULL; +- ret->ex_flags = 0; +- ret->ex_pathlen = -1; +- ret->skid = NULL; +- ret->akid = NULL; ++ case ASN1_OP_NEW_POST: ++ ret->valid = 0; ++ ret->name = NULL; ++ ret->ex_flags = 0; ++ ret->ex_pathlen = -1; ++ ret->skid = NULL; ++ ret->akid = NULL; + #ifndef OPENSSL_NO_RFC3779 +- ret->rfc3779_addr = NULL; +- ret->rfc3779_asid = NULL; ++ ret->rfc3779_addr = NULL; ++ ret->rfc3779_asid = NULL; + #endif +- ret->aux = NULL; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); +- break; +- +- case ASN1_OP_D2I_POST: +- if (ret->name != NULL) OPENSSL_free(ret->name); +- ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); +- break; +- +- case ASN1_OP_FREE_POST: +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); +- X509_CERT_AUX_free(ret->aux); +- ASN1_OCTET_STRING_free(ret->skid); +- AUTHORITY_KEYID_free(ret->akid); +- policy_cache_free(ret->policy_cache); ++ ret->aux = NULL; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); ++ break; ++ ++ case ASN1_OP_D2I_POST: ++ if (ret->name != NULL) ++ OPENSSL_free(ret->name); ++ ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); ++ break; ++ ++ case ASN1_OP_FREE_POST: ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); ++ X509_CERT_AUX_free(ret->aux); ++ ASN1_OCTET_STRING_free(ret->skid); ++ AUTHORITY_KEYID_free(ret->akid); ++ policy_cache_free(ret->policy_cache); + #ifndef OPENSSL_NO_RFC3779 +- sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); +- ASIdentifiers_free(ret->rfc3779_asid); ++ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ++ ASIdentifiers_free(ret->rfc3779_asid); + #endif + +- if (ret->name != NULL) OPENSSL_free(ret->name); +- break; ++ if (ret->name != NULL) ++ OPENSSL_free(ret->name); ++ break; + +- } ++ } + +- return 1; ++ return 1; + + } + + ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { +- ASN1_SIMPLE(X509, cert_info, X509_CINF), +- ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), +- ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) ++ ASN1_SIMPLE(X509, cert_info, X509_CINF), ++ ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END_ref(X509, X509) + + IMPLEMENT_ASN1_FUNCTIONS(X509) ++ + IMPLEMENT_ASN1_DUP_FUNCTION(X509) + +-static ASN1_METHOD meth= +- { +- (I2D_OF(void)) i2d_X509, ++static ASN1_METHOD meth = { ++ (I2D_OF(void)) i2d_X509, + (D2I_OF(void)) d2i_X509, + (void *(*)(void))X509_new, +- (void (*)(void *)) X509_free +- }; ++ (void (*)(void *))X509_free ++}; + + ASN1_METHOD *X509_asn1_meth(void) +- { +- return(&meth); +- } ++{ ++ return (&meth); ++} + + int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, ++ new_func, dup_func, free_func); ++} + + int X509_set_ex_data(X509 *r, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} + + void *X509_get_ex_data(X509 *r, int idx) +- { +- return(CRYPTO_get_ex_data(&r->ex_data,idx)); +- } +- +-/* X509_AUX ASN1 routines. X509_AUX is the name given to +- * a certificate with extra info tagged on the end. Since these +- * functions set how a certificate is trusted they should only +- * be used when the certificate comes from a reliable source +- * such as local storage. +- * ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); ++} ++ ++/* ++ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with ++ * extra info tagged on the end. Since these functions set how a certificate ++ * is trusted they should only be used when the certificate comes from a ++ * reliable source such as local storage. + */ + + X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) + { +- const unsigned char *q; +- X509 *ret; +- /* Save start position */ +- q = *pp; +- ret = d2i_X509(a, pp, length); +- /* If certificate unreadable then forget it */ +- if(!ret) return NULL; +- /* update length */ +- length -= *pp - q; +- if(!length) return ret; +- if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; +- return ret; +- err: +- X509_free(ret); +- return NULL; ++ const unsigned char *q; ++ X509 *ret; ++ int freeret = 0; ++ ++ /* Save start position */ ++ q = *pp; ++ ++ if(!a || *a == NULL) { ++ freeret = 1; ++ } ++ ret = d2i_X509(a, pp, length); ++ /* If certificate unreadable then forget it */ ++ if (!ret) ++ return NULL; ++ /* update length */ ++ length -= *pp - q; ++ if (!length) ++ return ret; ++ if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) ++ goto err; ++ return ret; ++ err: ++ if(freeret) { ++ X509_free(ret); ++ if (a) ++ *a = NULL; ++ } ++ return NULL; + } + + int i2d_X509_AUX(X509 *a, unsigned char **pp) + { +- int length; +- length = i2d_X509(a, pp); +- if(a) length += i2d_X509_CERT_AUX(a->aux, pp); +- return length; ++ int length; ++ length = i2d_X509(a, pp); ++ if (a) ++ length += i2d_X509_CERT_AUX(a->aux, pp); ++ return length; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c +index b603f82..76bbc13 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c +@@ -1,6 +1,7 @@ + /* a_x509a.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,119 +63,131 @@ + #include + #include + +-/* X509_CERT_AUX routines. These are used to encode additional +- * user modifiable data about a certificate. This data is +- * appended to the X509 encoding when the *_X509_AUX routines +- * are used. This means that the "traditional" X509 routines +- * will simply ignore the extra data. ++/* ++ * X509_CERT_AUX routines. These are used to encode additional user ++ * modifiable data about a certificate. This data is appended to the X509 ++ * encoding when the *_X509_AUX routines are used. This means that the ++ * "traditional" X509 routines will simply ignore the extra data. + */ + + static X509_CERT_AUX *aux_get(X509 *x); + + ASN1_SEQUENCE(X509_CERT_AUX) = { +- ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), +- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), +- ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), +- ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), +- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) ++ ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), ++ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), ++ ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), ++ ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), ++ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) + } ASN1_SEQUENCE_END(X509_CERT_AUX) + + IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) + + static X509_CERT_AUX *aux_get(X509 *x) + { +- if(!x) return NULL; +- if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL; +- return x->aux; ++ if (!x) ++ return NULL; ++ if (!x->aux && !(x->aux = X509_CERT_AUX_new())) ++ return NULL; ++ return x->aux; + } + + int X509_alias_set1(X509 *x, unsigned char *name, int len) + { +- X509_CERT_AUX *aux; +- if (!name) +- { +- if (!x || !x->aux || !x->aux->alias) +- return 1; +- ASN1_UTF8STRING_free(x->aux->alias); +- x->aux->alias = NULL; +- return 1; +- } +- if(!(aux = aux_get(x))) return 0; +- if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; +- return ASN1_STRING_set(aux->alias, name, len); ++ X509_CERT_AUX *aux; ++ if (!name) { ++ if (!x || !x->aux || !x->aux->alias) ++ return 1; ++ ASN1_UTF8STRING_free(x->aux->alias); ++ x->aux->alias = NULL; ++ return 1; ++ } ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) ++ return 0; ++ return ASN1_STRING_set(aux->alias, name, len); + } + + int X509_keyid_set1(X509 *x, unsigned char *id, int len) + { +- X509_CERT_AUX *aux; +- if (!id) +- { +- if (!x || !x->aux || !x->aux->keyid) +- return 1; +- ASN1_OCTET_STRING_free(x->aux->keyid); +- x->aux->keyid = NULL; +- return 1; +- } +- if(!(aux = aux_get(x))) return 0; +- if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; +- return ASN1_STRING_set(aux->keyid, id, len); ++ X509_CERT_AUX *aux; ++ if (!id) { ++ if (!x || !x->aux || !x->aux->keyid) ++ return 1; ++ ASN1_OCTET_STRING_free(x->aux->keyid); ++ x->aux->keyid = NULL; ++ return 1; ++ } ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) ++ return 0; ++ return ASN1_STRING_set(aux->keyid, id, len); + } + + unsigned char *X509_alias_get0(X509 *x, int *len) + { +- if(!x->aux || !x->aux->alias) return NULL; +- if(len) *len = x->aux->alias->length; +- return x->aux->alias->data; ++ if (!x->aux || !x->aux->alias) ++ return NULL; ++ if (len) ++ *len = x->aux->alias->length; ++ return x->aux->alias->data; + } + + unsigned char *X509_keyid_get0(X509 *x, int *len) + { +- if(!x->aux || !x->aux->keyid) return NULL; +- if(len) *len = x->aux->keyid->length; +- return x->aux->keyid->data; ++ if (!x->aux || !x->aux->keyid) ++ return NULL; ++ if (len) ++ *len = x->aux->keyid->length; ++ return x->aux->keyid->data; + } + + int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) + { +- X509_CERT_AUX *aux; +- ASN1_OBJECT *objtmp; +- if(!(objtmp = OBJ_dup(obj))) return 0; +- if(!(aux = aux_get(x))) return 0; +- if(!aux->trust +- && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; +- return sk_ASN1_OBJECT_push(aux->trust, objtmp); ++ X509_CERT_AUX *aux; ++ ASN1_OBJECT *objtmp; ++ if (!(objtmp = OBJ_dup(obj))) ++ return 0; ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) ++ return 0; ++ return sk_ASN1_OBJECT_push(aux->trust, objtmp); + } + + int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) + { +- X509_CERT_AUX *aux; +- ASN1_OBJECT *objtmp; +- if(!(objtmp = OBJ_dup(obj))) return 0; +- if(!(aux = aux_get(x))) return 0; +- if(!aux->reject +- && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; +- return sk_ASN1_OBJECT_push(aux->reject, objtmp); ++ X509_CERT_AUX *aux; ++ ASN1_OBJECT *objtmp; ++ if (!(objtmp = OBJ_dup(obj))) ++ return 0; ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) ++ return 0; ++ return sk_ASN1_OBJECT_push(aux->reject, objtmp); + } + + void X509_trust_clear(X509 *x) + { +- if(x->aux && x->aux->trust) { +- sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); +- x->aux->trust = NULL; +- } ++ if (x->aux && x->aux->trust) { ++ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); ++ x->aux->trust = NULL; ++ } + } + + void X509_reject_clear(X509 *x) + { +- if(x->aux && x->aux->reject) { +- sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); +- x->aux->reject = NULL; +- } ++ if (x->aux && x->aux->reject) { ++ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); ++ x->aux->reject = NULL; ++ } + } + + ASN1_SEQUENCE(X509_CERT_PAIR) = { +- ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), +- ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) ++ ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), ++ ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) + } ASN1_SEQUENCE_END(X509_CERT_PAIR) + + IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c +index 6451c8d..ddeab6e 100644 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c ++++ b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,63 +59,65 @@ + #include + #include "bf_locl.h" + +-/* The input and output encrypted as though 64bit cfb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + +-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt) +- { +- register BF_LONG v0,v1,t; +- register int n= *num; +- register long l=length; +- BF_LONG ti[2]; +- unsigned char *iv,c,cc; +- +- iv=(unsigned char *)ivec; +- if (encrypt) +- { +- while (l--) +- { +- if (n == 0) +- { +- n2l(iv,v0); ti[0]=v0; +- n2l(iv,v1); ti[1]=v1; +- BF_encrypt((BF_LONG *)ti,schedule); +- iv=(unsigned char *)ivec; +- t=ti[0]; l2n(t,iv); +- t=ti[1]; l2n(t,iv); +- iv=(unsigned char *)ivec; +- } +- c= *(in++)^iv[n]; +- *(out++)=c; +- iv[n]=c; +- n=(n+1)&0x07; +- } +- } +- else +- { +- while (l--) +- { +- if (n == 0) +- { +- n2l(iv,v0); ti[0]=v0; +- n2l(iv,v1); ti[1]=v1; +- BF_encrypt((BF_LONG *)ti,schedule); +- iv=(unsigned char *)ivec; +- t=ti[0]; l2n(t,iv); +- t=ti[1]; l2n(t,iv); +- iv=(unsigned char *)ivec; +- } +- cc= *(in++); +- c=iv[n]; +- iv[n]=cc; +- *(out++)=c^cc; +- n=(n+1)&0x07; +- } +- } +- v0=v1=ti[0]=ti[1]=t=c=cc=0; +- *num=n; +- } ++void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const BF_KEY *schedule, ++ unsigned char *ivec, int *num, int encrypt) ++{ ++ register BF_LONG v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ BF_LONG ti[2]; ++ unsigned char *iv, c, cc; + ++ iv = (unsigned char *)ivec; ++ if (encrypt) { ++ while (l--) { ++ if (n == 0) { ++ n2l(iv, v0); ++ ti[0] = v0; ++ n2l(iv, v1); ++ ti[1] = v1; ++ BF_encrypt((BF_LONG *)ti, schedule); ++ iv = (unsigned char *)ivec; ++ t = ti[0]; ++ l2n(t, iv); ++ t = ti[1]; ++ l2n(t, iv); ++ iv = (unsigned char *)ivec; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ n2l(iv, v0); ++ ti[0] = v0; ++ n2l(iv, v1); ++ ti[1] = v1; ++ BF_encrypt((BF_LONG *)ti, schedule); ++ iv = (unsigned char *)ivec; ++ t = ti[0]; ++ l2n(t, iv); ++ t = ti[1]; ++ l2n(t, iv); ++ iv = (unsigned char *)ivec; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c +index 1607cef..967a7f5 100644 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c ++++ b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,37 +60,41 @@ + #include "bf_locl.h" + #include + +-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' +- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, +- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) ++/* ++ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From ++ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE ++ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) + */ + +-const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT; ++const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT; + + const char *BF_options(void) +- { ++{ + #ifdef BF_PTR +- return("blowfish(ptr)"); ++ return ("blowfish(ptr)"); + #elif defined(BF_PTR2) +- return("blowfish(ptr2)"); ++ return ("blowfish(ptr2)"); + #else +- return("blowfish(idx)"); ++ return ("blowfish(idx)"); + #endif +- } ++} + + void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const BF_KEY *key, int encrypt) +- { +- BF_LONG l,d[2]; +- +- n2l(in,l); d[0]=l; +- n2l(in,l); d[1]=l; +- if (encrypt) +- BF_encrypt(d,key); +- else +- BF_decrypt(d,key); +- l=d[0]; l2n(l,out); +- l=d[1]; l2n(l,out); +- l=d[0]=d[1]=0; +- } ++ const BF_KEY *key, int encrypt) ++{ ++ BF_LONG l, d[2]; + ++ n2l(in, l); ++ d[0] = l; ++ n2l(in, l); ++ d[1] = l; ++ if (encrypt) ++ BF_encrypt(d, key); ++ else ++ BF_decrypt(d, key); ++ l = d[0]; ++ l2n(l, out); ++ l = d[1]; ++ l2n(l, out); ++ l = d[0] = d[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c +index 2d21d09..b268795 100644 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c ++++ b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,248 +59,242 @@ + #include + #include "bf_locl.h" + +-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' +- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, +- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) ++/* ++ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From ++ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE ++ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) + */ + + #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) +-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ ++# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ + to modify the code. + #endif + + void BF_encrypt(BF_LONG *data, const BF_KEY *key) +- { ++{ + #ifndef BF_PTR2 +- register BF_LONG l,r; +- register const BF_LONG *p,*s; ++ register BF_LONG l, r; ++ register const BF_LONG *p, *s; + +- p=key->P; +- s= &(key->S[0]); +- l=data[0]; +- r=data[1]; ++ p = key->P; ++ s = &(key->S[0]); ++ l = data[0]; ++ r = data[1]; + +- l^=p[0]; +- BF_ENC(r,l,s,p[ 1]); +- BF_ENC(l,r,s,p[ 2]); +- BF_ENC(r,l,s,p[ 3]); +- BF_ENC(l,r,s,p[ 4]); +- BF_ENC(r,l,s,p[ 5]); +- BF_ENC(l,r,s,p[ 6]); +- BF_ENC(r,l,s,p[ 7]); +- BF_ENC(l,r,s,p[ 8]); +- BF_ENC(r,l,s,p[ 9]); +- BF_ENC(l,r,s,p[10]); +- BF_ENC(r,l,s,p[11]); +- BF_ENC(l,r,s,p[12]); +- BF_ENC(r,l,s,p[13]); +- BF_ENC(l,r,s,p[14]); +- BF_ENC(r,l,s,p[15]); +- BF_ENC(l,r,s,p[16]); +-#if BF_ROUNDS == 20 +- BF_ENC(r,l,s,p[17]); +- BF_ENC(l,r,s,p[18]); +- BF_ENC(r,l,s,p[19]); +- BF_ENC(l,r,s,p[20]); +-#endif +- r^=p[BF_ROUNDS+1]; ++ l ^= p[0]; ++ BF_ENC(r, l, s, p[1]); ++ BF_ENC(l, r, s, p[2]); ++ BF_ENC(r, l, s, p[3]); ++ BF_ENC(l, r, s, p[4]); ++ BF_ENC(r, l, s, p[5]); ++ BF_ENC(l, r, s, p[6]); ++ BF_ENC(r, l, s, p[7]); ++ BF_ENC(l, r, s, p[8]); ++ BF_ENC(r, l, s, p[9]); ++ BF_ENC(l, r, s, p[10]); ++ BF_ENC(r, l, s, p[11]); ++ BF_ENC(l, r, s, p[12]); ++ BF_ENC(r, l, s, p[13]); ++ BF_ENC(l, r, s, p[14]); ++ BF_ENC(r, l, s, p[15]); ++ BF_ENC(l, r, s, p[16]); ++# if BF_ROUNDS == 20 ++ BF_ENC(r, l, s, p[17]); ++ BF_ENC(l, r, s, p[18]); ++ BF_ENC(r, l, s, p[19]); ++ BF_ENC(l, r, s, p[20]); ++# endif ++ r ^= p[BF_ROUNDS + 1]; + +- data[1]=l&0xffffffffL; +- data[0]=r&0xffffffffL; ++ data[1] = l & 0xffffffffL; ++ data[0] = r & 0xffffffffL; + #else +- register BF_LONG l,r,t,*k; ++ register BF_LONG l, r, t, *k; + +- l=data[0]; +- r=data[1]; +- k=(BF_LONG*)key; ++ l = data[0]; ++ r = data[1]; ++ k = (BF_LONG *)key; + +- l^=k[0]; +- BF_ENC(r,l,k, 1); +- BF_ENC(l,r,k, 2); +- BF_ENC(r,l,k, 3); +- BF_ENC(l,r,k, 4); +- BF_ENC(r,l,k, 5); +- BF_ENC(l,r,k, 6); +- BF_ENC(r,l,k, 7); +- BF_ENC(l,r,k, 8); +- BF_ENC(r,l,k, 9); +- BF_ENC(l,r,k,10); +- BF_ENC(r,l,k,11); +- BF_ENC(l,r,k,12); +- BF_ENC(r,l,k,13); +- BF_ENC(l,r,k,14); +- BF_ENC(r,l,k,15); +- BF_ENC(l,r,k,16); +-#if BF_ROUNDS == 20 +- BF_ENC(r,l,k,17); +- BF_ENC(l,r,k,18); +- BF_ENC(r,l,k,19); +- BF_ENC(l,r,k,20); +-#endif +- r^=k[BF_ROUNDS+1]; ++ l ^= k[0]; ++ BF_ENC(r, l, k, 1); ++ BF_ENC(l, r, k, 2); ++ BF_ENC(r, l, k, 3); ++ BF_ENC(l, r, k, 4); ++ BF_ENC(r, l, k, 5); ++ BF_ENC(l, r, k, 6); ++ BF_ENC(r, l, k, 7); ++ BF_ENC(l, r, k, 8); ++ BF_ENC(r, l, k, 9); ++ BF_ENC(l, r, k, 10); ++ BF_ENC(r, l, k, 11); ++ BF_ENC(l, r, k, 12); ++ BF_ENC(r, l, k, 13); ++ BF_ENC(l, r, k, 14); ++ BF_ENC(r, l, k, 15); ++ BF_ENC(l, r, k, 16); ++# if BF_ROUNDS == 20 ++ BF_ENC(r, l, k, 17); ++ BF_ENC(l, r, k, 18); ++ BF_ENC(r, l, k, 19); ++ BF_ENC(l, r, k, 20); ++# endif ++ r ^= k[BF_ROUNDS + 1]; + +- data[1]=l&0xffffffffL; +- data[0]=r&0xffffffffL; ++ data[1] = l & 0xffffffffL; ++ data[0] = r & 0xffffffffL; + #endif +- } ++} + + #ifndef BF_DEFAULT_OPTIONS + + void BF_decrypt(BF_LONG *data, const BF_KEY *key) +- { +-#ifndef BF_PTR2 +- register BF_LONG l,r; +- register const BF_LONG *p,*s; ++{ ++# ifndef BF_PTR2 ++ register BF_LONG l, r; ++ register const BF_LONG *p, *s; + +- p=key->P; +- s= &(key->S[0]); +- l=data[0]; +- r=data[1]; ++ p = key->P; ++ s = &(key->S[0]); ++ l = data[0]; ++ r = data[1]; + +- l^=p[BF_ROUNDS+1]; +-#if BF_ROUNDS == 20 +- BF_ENC(r,l,s,p[20]); +- BF_ENC(l,r,s,p[19]); +- BF_ENC(r,l,s,p[18]); +- BF_ENC(l,r,s,p[17]); +-#endif +- BF_ENC(r,l,s,p[16]); +- BF_ENC(l,r,s,p[15]); +- BF_ENC(r,l,s,p[14]); +- BF_ENC(l,r,s,p[13]); +- BF_ENC(r,l,s,p[12]); +- BF_ENC(l,r,s,p[11]); +- BF_ENC(r,l,s,p[10]); +- BF_ENC(l,r,s,p[ 9]); +- BF_ENC(r,l,s,p[ 8]); +- BF_ENC(l,r,s,p[ 7]); +- BF_ENC(r,l,s,p[ 6]); +- BF_ENC(l,r,s,p[ 5]); +- BF_ENC(r,l,s,p[ 4]); +- BF_ENC(l,r,s,p[ 3]); +- BF_ENC(r,l,s,p[ 2]); +- BF_ENC(l,r,s,p[ 1]); +- r^=p[0]; ++ l ^= p[BF_ROUNDS + 1]; ++# if BF_ROUNDS == 20 ++ BF_ENC(r, l, s, p[20]); ++ BF_ENC(l, r, s, p[19]); ++ BF_ENC(r, l, s, p[18]); ++ BF_ENC(l, r, s, p[17]); ++# endif ++ BF_ENC(r, l, s, p[16]); ++ BF_ENC(l, r, s, p[15]); ++ BF_ENC(r, l, s, p[14]); ++ BF_ENC(l, r, s, p[13]); ++ BF_ENC(r, l, s, p[12]); ++ BF_ENC(l, r, s, p[11]); ++ BF_ENC(r, l, s, p[10]); ++ BF_ENC(l, r, s, p[9]); ++ BF_ENC(r, l, s, p[8]); ++ BF_ENC(l, r, s, p[7]); ++ BF_ENC(r, l, s, p[6]); ++ BF_ENC(l, r, s, p[5]); ++ BF_ENC(r, l, s, p[4]); ++ BF_ENC(l, r, s, p[3]); ++ BF_ENC(r, l, s, p[2]); ++ BF_ENC(l, r, s, p[1]); ++ r ^= p[0]; + +- data[1]=l&0xffffffffL; +- data[0]=r&0xffffffffL; +-#else +- register BF_LONG l,r,t,*k; ++ data[1] = l & 0xffffffffL; ++ data[0] = r & 0xffffffffL; ++# else ++ register BF_LONG l, r, t, *k; + +- l=data[0]; +- r=data[1]; +- k=(BF_LONG *)key; ++ l = data[0]; ++ r = data[1]; ++ k = (BF_LONG *)key; + +- l^=k[BF_ROUNDS+1]; +-#if BF_ROUNDS == 20 +- BF_ENC(r,l,k,20); +- BF_ENC(l,r,k,19); +- BF_ENC(r,l,k,18); +- BF_ENC(l,r,k,17); +-#endif +- BF_ENC(r,l,k,16); +- BF_ENC(l,r,k,15); +- BF_ENC(r,l,k,14); +- BF_ENC(l,r,k,13); +- BF_ENC(r,l,k,12); +- BF_ENC(l,r,k,11); +- BF_ENC(r,l,k,10); +- BF_ENC(l,r,k, 9); +- BF_ENC(r,l,k, 8); +- BF_ENC(l,r,k, 7); +- BF_ENC(r,l,k, 6); +- BF_ENC(l,r,k, 5); +- BF_ENC(r,l,k, 4); +- BF_ENC(l,r,k, 3); +- BF_ENC(r,l,k, 2); +- BF_ENC(l,r,k, 1); +- r^=k[0]; ++ l ^= k[BF_ROUNDS + 1]; ++# if BF_ROUNDS == 20 ++ BF_ENC(r, l, k, 20); ++ BF_ENC(l, r, k, 19); ++ BF_ENC(r, l, k, 18); ++ BF_ENC(l, r, k, 17); ++# endif ++ BF_ENC(r, l, k, 16); ++ BF_ENC(l, r, k, 15); ++ BF_ENC(r, l, k, 14); ++ BF_ENC(l, r, k, 13); ++ BF_ENC(r, l, k, 12); ++ BF_ENC(l, r, k, 11); ++ BF_ENC(r, l, k, 10); ++ BF_ENC(l, r, k, 9); ++ BF_ENC(r, l, k, 8); ++ BF_ENC(l, r, k, 7); ++ BF_ENC(r, l, k, 6); ++ BF_ENC(l, r, k, 5); ++ BF_ENC(r, l, k, 4); ++ BF_ENC(l, r, k, 3); ++ BF_ENC(r, l, k, 2); ++ BF_ENC(l, r, k, 1); ++ r ^= k[0]; + +- data[1]=l&0xffffffffL; +- data[0]=r&0xffffffffL; +-#endif +- } ++ data[1] = l & 0xffffffffL; ++ data[0] = r & 0xffffffffL; ++# endif ++} + + void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int encrypt) +- { +- register BF_LONG tin0,tin1; +- register BF_LONG tout0,tout1,xor0,xor1; +- register long l=length; +- BF_LONG tin[2]; ++ const BF_KEY *schedule, unsigned char *ivec, int encrypt) ++{ ++ register BF_LONG tin0, tin1; ++ register BF_LONG tout0, tout1, xor0, xor1; ++ register long l = length; ++ BF_LONG tin[2]; + +- if (encrypt) +- { +- n2l(ivec,tout0); +- n2l(ivec,tout1); +- ivec-=8; +- for (l-=8; l>=0; l-=8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- BF_encrypt(tin,schedule); +- tout0=tin[0]; +- tout1=tin[1]; +- l2n(tout0,out); +- l2n(tout1,out); +- } +- if (l != -8) +- { +- n2ln(in,tin0,tin1,l+8); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- BF_encrypt(tin,schedule); +- tout0=tin[0]; +- tout1=tin[1]; +- l2n(tout0,out); +- l2n(tout1,out); +- } +- l2n(tout0,ivec); +- l2n(tout1,ivec); +- } +- else +- { +- n2l(ivec,xor0); +- n2l(ivec,xor1); +- ivec-=8; +- for (l-=8; l>=0; l-=8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin[0]=tin0; +- tin[1]=tin1; +- BF_decrypt(tin,schedule); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2n(tout0,out); +- l2n(tout1,out); +- xor0=tin0; +- xor1=tin1; +- } +- if (l != -8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin[0]=tin0; +- tin[1]=tin1; +- BF_decrypt(tin,schedule); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2nn(tout0,tout1,out,l+8); +- xor0=tin0; +- xor1=tin1; +- } +- l2n(xor0,ivec); +- l2n(xor1,ivec); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; +- } ++ if (encrypt) { ++ n2l(ivec, tout0); ++ n2l(ivec, tout1); ++ ivec -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ BF_encrypt(tin, schedule); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ } ++ if (l != -8) { ++ n2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ BF_encrypt(tin, schedule); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ } ++ l2n(tout0, ivec); ++ l2n(tout1, ivec); ++ } else { ++ n2l(ivec, xor0); ++ n2l(ivec, xor1); ++ ivec -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin[0] = tin0; ++ tin[1] = tin1; ++ BF_decrypt(tin, schedule); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin[0] = tin0; ++ tin[1] = tin1; ++ BF_decrypt(tin, schedule); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2nn(tout0, tout1, out, l + 8); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ l2n(xor0, ivec); ++ l2n(xor1, ivec); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c +index f2a9ff6..a8d190b 100644 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c ++++ b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,52 +59,52 @@ + #include + #include "bf_locl.h" + +-/* The input and output encrypted as though 64bit ofb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ +-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, +- const BF_KEY *schedule, unsigned char *ivec, int *num) +- { +- register BF_LONG v0,v1,t; +- register int n= *num; +- register long l=length; +- unsigned char d[8]; +- register char *dp; +- BF_LONG ti[2]; +- unsigned char *iv; +- int save=0; +- +- iv=(unsigned char *)ivec; +- n2l(iv,v0); +- n2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- dp=(char *)d; +- l2n(v0,dp); +- l2n(v1,dp); +- while (l--) +- { +- if (n == 0) +- { +- BF_encrypt((BF_LONG *)ti,schedule); +- dp=(char *)d; +- t=ti[0]; l2n(t,dp); +- t=ti[1]; l2n(t,dp); +- save++; +- } +- *(out++)= *(in++)^d[n]; +- n=(n+1)&0x07; +- } +- if (save) +- { +- v0=ti[0]; +- v1=ti[1]; +- iv=(unsigned char *)ivec; +- l2n(v0,iv); +- l2n(v1,iv); +- } +- t=v0=v1=ti[0]=ti[1]=0; +- *num=n; +- } ++void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const BF_KEY *schedule, ++ unsigned char *ivec, int *num) ++{ ++ register BF_LONG v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ unsigned char d[8]; ++ register char *dp; ++ BF_LONG ti[2]; ++ unsigned char *iv; ++ int save = 0; + ++ iv = (unsigned char *)ivec; ++ n2l(iv, v0); ++ n2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = (char *)d; ++ l2n(v0, dp); ++ l2n(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ BF_encrypt((BF_LONG *)ti, schedule); ++ dp = (char *)d; ++ t = ti[0]; ++ l2n(t, dp); ++ t = ti[1]; ++ l2n(t, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++ v0 = ti[0]; ++ v1 = ti[1]; ++ iv = (unsigned char *)ivec; ++ l2n(v0, iv); ++ l2n(v1, iv); ++ } ++ t = v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c +index 6ac2aeb..c7b74ff 100644 +--- a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c ++++ b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,61 +61,61 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include "bf_locl.h" + #include "bf_pi.h" + + FIPS_NON_FIPS_VCIPHER_Init(BF) +- { +- int i; +- BF_LONG *p,ri,in[2]; +- const unsigned char *d,*end; +- +- +- memcpy(key,&bf_init,sizeof(BF_KEY)); +- p=key->P; ++{ ++ int i; ++ BF_LONG *p, ri, in[2]; ++ const unsigned char *d, *end; + +- if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; ++ memcpy(key, &bf_init, sizeof(BF_KEY)); ++ p = key->P; + +- d=data; +- end= &(data[len]); +- for (i=0; i<(BF_ROUNDS+2); i++) +- { +- ri= *(d++); +- if (d >= end) d=data; ++ if (len > ((BF_ROUNDS + 2) * 4)) ++ len = (BF_ROUNDS + 2) * 4; + +- ri<<=8; +- ri|= *(d++); +- if (d >= end) d=data; ++ d = data; ++ end = &(data[len]); ++ for (i = 0; i < (BF_ROUNDS + 2); i++) { ++ ri = *(d++); ++ if (d >= end) ++ d = data; + +- ri<<=8; +- ri|= *(d++); +- if (d >= end) d=data; ++ ri <<= 8; ++ ri |= *(d++); ++ if (d >= end) ++ d = data; + +- ri<<=8; +- ri|= *(d++); +- if (d >= end) d=data; ++ ri <<= 8; ++ ri |= *(d++); ++ if (d >= end) ++ d = data; + +- p[i]^=ri; +- } ++ ri <<= 8; ++ ri |= *(d++); ++ if (d >= end) ++ d = data; + +- in[0]=0L; +- in[1]=0L; +- for (i=0; i<(BF_ROUNDS+2); i+=2) +- { +- BF_encrypt(in,key); +- p[i ]=in[0]; +- p[i+1]=in[1]; +- } ++ p[i] ^= ri; ++ } + +- p=key->S; +- for (i=0; i<4*256; i+=2) +- { +- BF_encrypt(in,key); +- p[i ]=in[0]; +- p[i+1]=in[1]; +- } +- } ++ in[0] = 0L; ++ in[1] = 0L; ++ for (i = 0; i < (BF_ROUNDS + 2); i += 2) { ++ BF_encrypt(in, key); ++ p[i] = in[0]; ++ p[i + 1] = in[1]; ++ } + ++ p = key->S; ++ for (i = 0; i < 4 * 256; i += 2) { ++ BF_encrypt(in, key); ++ p[i] = in[0]; ++ p[i + 1] = in[1]; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +index c80ecc4..3293c72 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,14 +49,14 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* ++/* + * Stolen from tjh's ssl/ssl_trc.c stuff. + */ + +@@ -65,123 +65,120 @@ + #include "bio_lcl.h" + + #define TRUNCATE +-#define DUMP_WIDTH 16 ++#define DUMP_WIDTH 16 + #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) + +-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), +- void *u, const char *s, int len) +- { +- return BIO_dump_indent_cb(cb, u, s, len, 0); +- } ++int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), ++ void *u, const char *s, int len) ++{ ++ return BIO_dump_indent_cb(cb, u, s, len, 0); ++} + +-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), +- void *u, const char *s, int len, int indent) +- { +- int ret=0; +- char buf[288+1],tmp[20],str[128+1]; +- int i,j,rows,trc; +- unsigned char ch; +- int dump_width; ++int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), ++ void *u, const char *s, int len, int indent) ++{ ++ int ret = 0; ++ char buf[288 + 1], tmp[20], str[128 + 1]; ++ int i, j, rows, trc; ++ unsigned char ch; ++ int dump_width; + +- trc=0; ++ trc = 0; + + #ifdef TRUNCATE +- for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) +- trc++; ++ for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) ++ trc++; + #endif + +- if (indent < 0) +- indent = 0; +- if (indent) +- { +- if (indent > 128) indent=128; +- memset(str,' ',indent); +- } +- str[indent]='\0'; ++ if (indent < 0) ++ indent = 0; ++ if (indent) { ++ if (indent > 128) ++ indent = 128; ++ memset(str, ' ', indent); ++ } ++ str[indent] = '\0'; + +- dump_width=DUMP_WIDTH_LESS_INDENT(indent); +- rows=(len/dump_width); +- if ((rows*dump_width)=len) +- { +- BUF_strlcat(buf," ",sizeof buf); +- } +- else +- { +- ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; +- BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch, +- j==7?'-':' '); +- BUF_strlcat(buf,tmp,sizeof buf); +- } +- } +- BUF_strlcat(buf," ",sizeof buf); +- for(j=0;j=len) +- break; +- ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; ++ dump_width = DUMP_WIDTH_LESS_INDENT(indent); ++ rows = (len / dump_width); ++ if ((rows * dump_width) < len) ++ rows++; ++ for (i = 0; i < rows; i++) { ++ buf[0] = '\0'; /* start with empty string */ ++ BUF_strlcpy(buf, str, sizeof buf); ++ BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); ++ BUF_strlcat(buf, tmp, sizeof buf); ++ for (j = 0; j < dump_width; j++) { ++ if (((i * dump_width) + j) >= len) { ++ BUF_strlcat(buf, " ", sizeof buf); ++ } else { ++ ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; ++ BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, ++ j == 7 ? '-' : ' '); ++ BUF_strlcat(buf, tmp, sizeof buf); ++ } ++ } ++ BUF_strlcat(buf, " ", sizeof buf); ++ for (j = 0; j < dump_width; j++) { ++ if (((i * dump_width) + j) >= len) ++ break; ++ ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; + #ifndef CHARSET_EBCDIC +- BIO_snprintf(tmp,sizeof tmp,"%c", +- ((ch>=' ')&&(ch<='~'))?ch:'.'); ++ BIO_snprintf(tmp, sizeof tmp, "%c", ++ ((ch >= ' ') && (ch <= '~')) ? ch : '.'); + #else +- BIO_snprintf(tmp,sizeof tmp,"%c", +- ((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) +- ? os_toebcdic[ch] +- : '.'); ++ BIO_snprintf(tmp, sizeof tmp, "%c", ++ ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) ++ ? os_toebcdic[ch] ++ : '.'); + #endif +- BUF_strlcat(buf,tmp,sizeof buf); +- } +- BUF_strlcat(buf,"\n",sizeof buf); +- /* if this is the last call then update the ddt_dump thing so +- * that we will move the selection point in the debug window +- */ +- ret+=cb((void *)buf,strlen(buf),u); +- } ++ BUF_strlcat(buf, tmp, sizeof buf); ++ } ++ BUF_strlcat(buf, "\n", sizeof buf); ++ /* ++ * if this is the last call then update the ddt_dump thing so that we ++ * will move the selection point in the debug window ++ */ ++ ret += cb((void *)buf, strlen(buf), u); ++ } + #ifdef TRUNCATE +- if (trc > 0) +- { +- BIO_snprintf(buf,sizeof buf,"%s%04x - \n",str, +- len+trc); +- ret+=cb((void *)buf,strlen(buf),u); +- } ++ if (trc > 0) { ++ BIO_snprintf(buf, sizeof buf, "%s%04x - \n", str, ++ len + trc); ++ ret += cb((void *)buf, strlen(buf), u); ++ } + #endif +- return(ret); +- } ++ return (ret); ++} + + #ifndef OPENSSL_NO_FP_API + static int write_fp(const void *data, size_t len, void *fp) +- { +- return UP_fwrite(data, len, 1, fp); +- } ++{ ++ return UP_fwrite(data, len, 1, fp); ++} ++ + int BIO_dump_fp(FILE *fp, const char *s, int len) +- { +- return BIO_dump_cb(write_fp, fp, s, len); +- } ++{ ++ return BIO_dump_cb(write_fp, fp, s, len); ++} ++ + int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent) +- { +- return BIO_dump_indent_cb(write_fp, fp, s, len, indent); +- } ++{ ++ return BIO_dump_indent_cb(write_fp, fp, s, len, indent); ++} + #endif + + static int write_bio(const void *data, size_t len, void *bp) +- { +- return BIO_write((BIO *)bp, (const char *)data, len); +- } ++{ ++ return BIO_write((BIO *)bp, (const char *)data, len); ++} ++ + int BIO_dump(BIO *bp, const char *s, int len) +- { +- return BIO_dump_cb(write_bio, bp, s, len); +- } +-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) +- { +- return BIO_dump_indent_cb(write_bio, bp, s, len, indent); +- } ++{ ++ return BIO_dump_cb(write_bio, bp, s, len); ++} + ++int BIO_dump_indent(BIO *bp, const char *s, int len, int indent) ++{ ++ return BIO_dump_indent_cb(write_bio, bp, s, len, indent); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c +index 4b5a132..478fa16 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,7 +61,7 @@ + #include "cryptlib.h" + #include + +-static int buffer_write(BIO *h, const char *buf,int num); ++static int buffer_write(BIO *h, const char *buf, int num); + static int buffer_read(BIO *h, char *buf, int size); + static int buffer_puts(BIO *h, const char *str); + static int buffer_gets(BIO *h, char *str, int size); +@@ -69,444 +69,449 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int buffer_new(BIO *h); + static int buffer_free(BIO *data); + static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +-#define DEFAULT_BUFFER_SIZE 4096 +- +-static BIO_METHOD methods_buffer= +- { +- BIO_TYPE_BUFFER, +- "buffer", +- buffer_write, +- buffer_read, +- buffer_puts, +- buffer_gets, +- buffer_ctrl, +- buffer_new, +- buffer_free, +- buffer_callback_ctrl, +- }; ++#define DEFAULT_BUFFER_SIZE 4096 ++ ++static BIO_METHOD methods_buffer = { ++ BIO_TYPE_BUFFER, ++ "buffer", ++ buffer_write, ++ buffer_read, ++ buffer_puts, ++ buffer_gets, ++ buffer_ctrl, ++ buffer_new, ++ buffer_free, ++ buffer_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_buffer(void) +- { +- return(&methods_buffer); +- } ++{ ++ return (&methods_buffer); ++} + + static int buffer_new(BIO *bi) +- { +- BIO_F_BUFFER_CTX *ctx; +- +- ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); +- if (ctx == NULL) return(0); +- ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); +- if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); } +- ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); +- if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); } +- ctx->ibuf_size=DEFAULT_BUFFER_SIZE; +- ctx->obuf_size=DEFAULT_BUFFER_SIZE; +- ctx->ibuf_len=0; +- ctx->ibuf_off=0; +- ctx->obuf_len=0; +- ctx->obuf_off=0; +- +- bi->init=1; +- bi->ptr=(char *)ctx; +- bi->flags=0; +- return(1); +- } ++{ ++ BIO_F_BUFFER_CTX *ctx; ++ ++ ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); ++ if (ctx == NULL) ++ return (0); ++ ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); ++ if (ctx->ibuf == NULL) { ++ OPENSSL_free(ctx); ++ return (0); ++ } ++ ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); ++ if (ctx->obuf == NULL) { ++ OPENSSL_free(ctx->ibuf); ++ OPENSSL_free(ctx); ++ return (0); ++ } ++ ctx->ibuf_size = DEFAULT_BUFFER_SIZE; ++ ctx->obuf_size = DEFAULT_BUFFER_SIZE; ++ ctx->ibuf_len = 0; ++ ctx->ibuf_off = 0; ++ ctx->obuf_len = 0; ++ ctx->obuf_off = 0; ++ ++ bi->init = 1; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); ++} + + static int buffer_free(BIO *a) +- { +- BIO_F_BUFFER_CTX *b; +- +- if (a == NULL) return(0); +- b=(BIO_F_BUFFER_CTX *)a->ptr; +- if (b->ibuf != NULL) OPENSSL_free(b->ibuf); +- if (b->obuf != NULL) OPENSSL_free(b->obuf); +- OPENSSL_free(a->ptr); +- a->ptr=NULL; +- a->init=0; +- a->flags=0; +- return(1); +- } +- ++{ ++ BIO_F_BUFFER_CTX *b; ++ ++ if (a == NULL) ++ return (0); ++ b = (BIO_F_BUFFER_CTX *)a->ptr; ++ if (b->ibuf != NULL) ++ OPENSSL_free(b->ibuf); ++ if (b->obuf != NULL) ++ OPENSSL_free(b->obuf); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); ++} ++ + static int buffer_read(BIO *b, char *out, int outl) +- { +- int i,num=0; +- BIO_F_BUFFER_CTX *ctx; +- +- if (out == NULL) return(0); +- ctx=(BIO_F_BUFFER_CTX *)b->ptr; +- +- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); +- num=0; +- BIO_clear_retry_flags(b); +- +-start: +- i=ctx->ibuf_len; +- /* If there is stuff left over, grab it */ +- if (i != 0) +- { +- if (i > outl) i=outl; +- memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i); +- ctx->ibuf_off+=i; +- ctx->ibuf_len-=i; +- num+=i; +- if (outl == i) return(num); +- outl-=i; +- out+=i; +- } +- +- /* We may have done a partial read. try to do more. +- * We have nothing in the buffer. +- * If we get an error and have read some data, just return it +- * and let them retry to get the error again. +- * copy direct to parent address space */ +- if (outl > ctx->ibuf_size) +- { +- for (;;) +- { +- i=BIO_read(b->next_bio,out,outl); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- if (i < 0) return((num > 0)?num:i); +- if (i == 0) return(num); +- } +- num+=i; +- if (outl == i) return(num); +- out+=i; +- outl-=i; +- } +- } +- /* else */ +- +- /* we are going to be doing some buffering */ +- i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- if (i < 0) return((num > 0)?num:i); +- if (i == 0) return(num); +- } +- ctx->ibuf_off=0; +- ctx->ibuf_len=i; +- +- /* Lets re-read using ourselves :-) */ +- goto start; +- } ++{ ++ int i, num = 0; ++ BIO_F_BUFFER_CTX *ctx; ++ ++ if (out == NULL) ++ return (0); ++ ctx = (BIO_F_BUFFER_CTX *)b->ptr; ++ ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); ++ num = 0; ++ BIO_clear_retry_flags(b); ++ ++ start: ++ i = ctx->ibuf_len; ++ /* If there is stuff left over, grab it */ ++ if (i != 0) { ++ if (i > outl) ++ i = outl; ++ memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i); ++ ctx->ibuf_off += i; ++ ctx->ibuf_len -= i; ++ num += i; ++ if (outl == i) ++ return (num); ++ outl -= i; ++ out += i; ++ } ++ ++ /* ++ * We may have done a partial read. try to do more. We have nothing in ++ * the buffer. If we get an error and have read some data, just return it ++ * and let them retry to get the error again. copy direct to parent ++ * address space ++ */ ++ if (outl > ctx->ibuf_size) { ++ for (;;) { ++ i = BIO_read(b->next_bio, out, outl); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ if (i < 0) ++ return ((num > 0) ? num : i); ++ if (i == 0) ++ return (num); ++ } ++ num += i; ++ if (outl == i) ++ return (num); ++ out += i; ++ outl -= i; ++ } ++ } ++ /* else */ ++ ++ /* we are going to be doing some buffering */ ++ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ if (i < 0) ++ return ((num > 0) ? num : i); ++ if (i == 0) ++ return (num); ++ } ++ ctx->ibuf_off = 0; ++ ctx->ibuf_len = i; ++ ++ /* Lets re-read using ourselves :-) */ ++ goto start; ++} + + static int buffer_write(BIO *b, const char *in, int inl) +- { +- int i,num=0; +- BIO_F_BUFFER_CTX *ctx; +- +- if ((in == NULL) || (inl <= 0)) return(0); +- ctx=(BIO_F_BUFFER_CTX *)b->ptr; +- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); +- +- BIO_clear_retry_flags(b); +-start: +- i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off); +- /* add to buffer and return */ +- if (i >= inl) +- { +- memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl); +- ctx->obuf_len+=inl; +- return(num+inl); +- } +- /* else */ +- /* stuff already in buffer, so add to it first, then flush */ +- if (ctx->obuf_len != 0) +- { +- if (i > 0) /* lets fill it up if we can */ +- { +- memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i); +- in+=i; +- inl-=i; +- num+=i; +- ctx->obuf_len+=i; +- } +- /* we now have a full buffer needing flushing */ +- for (;;) +- { +- i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]), +- ctx->obuf_len); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- +- if (i < 0) return((num > 0)?num:i); +- if (i == 0) return(num); +- } +- ctx->obuf_off+=i; +- ctx->obuf_len-=i; +- if (ctx->obuf_len == 0) break; +- } +- } +- /* we only get here if the buffer has been flushed and we +- * still have stuff to write */ +- ctx->obuf_off=0; +- +- /* we now have inl bytes to write */ +- while (inl >= ctx->obuf_size) +- { +- i=BIO_write(b->next_bio,in,inl); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- if (i < 0) return((num > 0)?num:i); +- if (i == 0) return(num); +- } +- num+=i; +- in+=i; +- inl-=i; +- if (inl == 0) return(num); +- } +- +- /* copy the rest into the buffer since we have only a small +- * amount left */ +- goto start; +- } ++{ ++ int i, num = 0; ++ BIO_F_BUFFER_CTX *ctx; ++ ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ ctx = (BIO_F_BUFFER_CTX *)b->ptr; ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); ++ ++ BIO_clear_retry_flags(b); ++ start: ++ i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off); ++ /* add to buffer and return */ ++ if (i >= inl) { ++ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl); ++ ctx->obuf_len += inl; ++ return (num + inl); ++ } ++ /* else */ ++ /* stuff already in buffer, so add to it first, then flush */ ++ if (ctx->obuf_len != 0) { ++ if (i > 0) { /* lets fill it up if we can */ ++ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i); ++ in += i; ++ inl -= i; ++ num += i; ++ ctx->obuf_len += i; ++ } ++ /* we now have a full buffer needing flushing */ ++ for (;;) { ++ i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), ++ ctx->obuf_len); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ ++ if (i < 0) ++ return ((num > 0) ? num : i); ++ if (i == 0) ++ return (num); ++ } ++ ctx->obuf_off += i; ++ ctx->obuf_len -= i; ++ if (ctx->obuf_len == 0) ++ break; ++ } ++ } ++ /* ++ * we only get here if the buffer has been flushed and we still have ++ * stuff to write ++ */ ++ ctx->obuf_off = 0; ++ ++ /* we now have inl bytes to write */ ++ while (inl >= ctx->obuf_size) { ++ i = BIO_write(b->next_bio, in, inl); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ if (i < 0) ++ return ((num > 0) ? num : i); ++ if (i == 0) ++ return (num); ++ } ++ num += i; ++ in += i; ++ inl -= i; ++ if (inl == 0) ++ return (num); ++ } ++ ++ /* ++ * copy the rest into the buffer since we have only a small amount left ++ */ ++ goto start; ++} + + static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- BIO *dbio; +- BIO_F_BUFFER_CTX *ctx; +- long ret=1; +- char *p1,*p2; +- int r,i,*ip; +- int ibs,obs; +- +- ctx=(BIO_F_BUFFER_CTX *)b->ptr; +- +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- ctx->ibuf_off=0; +- ctx->ibuf_len=0; +- ctx->obuf_off=0; +- ctx->obuf_len=0; +- if (b->next_bio == NULL) return(0); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_INFO: +- ret=(long)ctx->obuf_len; +- break; +- case BIO_C_GET_BUFF_NUM_LINES: +- ret=0; +- p1=ctx->ibuf; +- for (i=0; iibuf_len; i++) +- { +- if (p1[ctx->ibuf_off + i] == '\n') ret++; +- } +- break; +- case BIO_CTRL_WPENDING: +- ret=(long)ctx->obuf_len; +- if (ret == 0) +- { +- if (b->next_bio == NULL) return(0); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- } +- break; +- case BIO_CTRL_PENDING: +- ret=(long)ctx->ibuf_len; +- if (ret == 0) +- { +- if (b->next_bio == NULL) return(0); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- } +- break; +- case BIO_C_SET_BUFF_READ_DATA: +- if (num > ctx->ibuf_size) +- { +- p1=OPENSSL_malloc((int)num); +- if (p1 == NULL) goto malloc_error; +- if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf); +- ctx->ibuf=p1; +- } +- ctx->ibuf_off=0; +- ctx->ibuf_len=(int)num; +- memcpy(ctx->ibuf,ptr,(int)num); +- ret=1; +- break; +- case BIO_C_SET_BUFF_SIZE: +- if (ptr != NULL) +- { +- ip=(int *)ptr; +- if (*ip == 0) +- { +- ibs=(int)num; +- obs=ctx->obuf_size; +- } +- else /* if (*ip == 1) */ +- { +- ibs=ctx->ibuf_size; +- obs=(int)num; +- } +- } +- else +- { +- ibs=(int)num; +- obs=(int)num; +- } +- p1=ctx->ibuf; +- p2=ctx->obuf; +- if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) +- { +- p1=(char *)OPENSSL_malloc((int)num); +- if (p1 == NULL) goto malloc_error; +- } +- if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) +- { +- p2=(char *)OPENSSL_malloc((int)num); +- if (p2 == NULL) +- { +- if (p1 != ctx->ibuf) OPENSSL_free(p1); +- goto malloc_error; +- } +- } +- if (ctx->ibuf != p1) +- { +- OPENSSL_free(ctx->ibuf); +- ctx->ibuf=p1; +- ctx->ibuf_off=0; +- ctx->ibuf_len=0; +- ctx->ibuf_size=ibs; +- } +- if (ctx->obuf != p2) +- { +- OPENSSL_free(ctx->obuf); +- ctx->obuf=p2; +- ctx->obuf_off=0; +- ctx->obuf_len=0; +- ctx->obuf_size=obs; +- } +- break; +- case BIO_C_DO_STATE_MACHINE: +- if (b->next_bio == NULL) return(0); +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; +- +- case BIO_CTRL_FLUSH: +- if (b->next_bio == NULL) return(0); +- if (ctx->obuf_len <= 0) +- { +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- +- for (;;) +- { +- BIO_clear_retry_flags(b); +- if (ctx->obuf_len > 0) +- { +- r=BIO_write(b->next_bio, +- &(ctx->obuf[ctx->obuf_off]), +- ctx->obuf_len); ++{ ++ BIO *dbio; ++ BIO_F_BUFFER_CTX *ctx; ++ long ret = 1; ++ char *p1, *p2; ++ int r, i, *ip; ++ int ibs, obs; ++ ++ ctx = (BIO_F_BUFFER_CTX *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ ctx->ibuf_off = 0; ++ ctx->ibuf_len = 0; ++ ctx->obuf_off = 0; ++ ctx->obuf_len = 0; ++ if (b->next_bio == NULL) ++ return (0); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_INFO: ++ ret = (long)ctx->obuf_len; ++ break; ++ case BIO_C_GET_BUFF_NUM_LINES: ++ ret = 0; ++ p1 = ctx->ibuf; ++ for (i = 0; i < ctx->ibuf_len; i++) { ++ if (p1[ctx->ibuf_off + i] == '\n') ++ ret++; ++ } ++ break; ++ case BIO_CTRL_WPENDING: ++ ret = (long)ctx->obuf_len; ++ if (ret == 0) { ++ if (b->next_bio == NULL) ++ return (0); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ } ++ break; ++ case BIO_CTRL_PENDING: ++ ret = (long)ctx->ibuf_len; ++ if (ret == 0) { ++ if (b->next_bio == NULL) ++ return (0); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ } ++ break; ++ case BIO_C_SET_BUFF_READ_DATA: ++ if (num > ctx->ibuf_size) { ++ p1 = OPENSSL_malloc((int)num); ++ if (p1 == NULL) ++ goto malloc_error; ++ if (ctx->ibuf != NULL) ++ OPENSSL_free(ctx->ibuf); ++ ctx->ibuf = p1; ++ } ++ ctx->ibuf_off = 0; ++ ctx->ibuf_len = (int)num; ++ memcpy(ctx->ibuf, ptr, (int)num); ++ ret = 1; ++ break; ++ case BIO_C_SET_BUFF_SIZE: ++ if (ptr != NULL) { ++ ip = (int *)ptr; ++ if (*ip == 0) { ++ ibs = (int)num; ++ obs = ctx->obuf_size; ++ } else { /* if (*ip == 1) */ ++ ++ ibs = ctx->ibuf_size; ++ obs = (int)num; ++ } ++ } else { ++ ibs = (int)num; ++ obs = (int)num; ++ } ++ p1 = ctx->ibuf; ++ p2 = ctx->obuf; ++ if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) { ++ p1 = (char *)OPENSSL_malloc((int)num); ++ if (p1 == NULL) ++ goto malloc_error; ++ } ++ if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) { ++ p2 = (char *)OPENSSL_malloc((int)num); ++ if (p2 == NULL) { ++ if (p1 != ctx->ibuf) ++ OPENSSL_free(p1); ++ goto malloc_error; ++ } ++ } ++ if (ctx->ibuf != p1) { ++ OPENSSL_free(ctx->ibuf); ++ ctx->ibuf = p1; ++ ctx->ibuf_off = 0; ++ ctx->ibuf_len = 0; ++ ctx->ibuf_size = ibs; ++ } ++ if (ctx->obuf != p2) { ++ OPENSSL_free(ctx->obuf); ++ ctx->obuf = p2; ++ ctx->obuf_off = 0; ++ ctx->obuf_len = 0; ++ ctx->obuf_size = obs; ++ } ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ if (b->next_bio == NULL) ++ return (0); ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ ++ case BIO_CTRL_FLUSH: ++ if (b->next_bio == NULL) ++ return (0); ++ if (ctx->obuf_len <= 0) { ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ ++ for (;;) { ++ BIO_clear_retry_flags(b); ++ if (ctx->obuf_len > 0) { ++ r = BIO_write(b->next_bio, ++ &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); + #if 0 +-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r); ++ fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off, ++ ctx->obuf_len, r); + #endif +- BIO_copy_next_retry(b); +- if (r <= 0) return((long)r); +- ctx->obuf_off+=r; +- ctx->obuf_len-=r; +- } +- else +- { +- ctx->obuf_len=0; +- ctx->obuf_off=0; +- ret=1; +- break; +- } +- } +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_DUP: +- dbio=(BIO *)ptr; +- if ( !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) || +- !BIO_set_write_buffer_size(dbio,ctx->obuf_size)) +- ret=0; +- break; +- default: +- if (b->next_bio == NULL) return(0); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- return(ret); +-malloc_error: +- BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE); +- return(0); +- } ++ BIO_copy_next_retry(b); ++ if (r <= 0) ++ return ((long)r); ++ ctx->obuf_off += r; ++ ctx->obuf_len -= r; ++ } else { ++ ctx->obuf_len = 0; ++ ctx->obuf_off = 0; ++ ret = 1; ++ break; ++ } ++ } ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_DUP: ++ dbio = (BIO *)ptr; ++ if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) || ++ !BIO_set_write_buffer_size(dbio, ctx->obuf_size)) ++ ret = 0; ++ break; ++ default: ++ if (b->next_bio == NULL) ++ return (0); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++ malloc_error: ++ BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE); ++ return (0); ++} + + static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } ++{ ++ long ret = 1; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} + + static int buffer_gets(BIO *b, char *buf, int size) +- { +- BIO_F_BUFFER_CTX *ctx; +- int num=0,i,flag; +- char *p; +- +- ctx=(BIO_F_BUFFER_CTX *)b->ptr; +- size--; /* reserve space for a '\0' */ +- BIO_clear_retry_flags(b); +- +- for (;;) +- { +- if (ctx->ibuf_len > 0) +- { +- p= &(ctx->ibuf[ctx->ibuf_off]); +- flag=0; +- for (i=0; (iibuf_len) && (iibuf_len-=i; +- ctx->ibuf_off+=i; +- if (flag || size == 0) +- { +- *buf='\0'; +- return(num); +- } +- } +- else /* read another chunk */ +- { +- i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- *buf='\0'; +- if (i < 0) return((num > 0)?num:i); +- if (i == 0) return(num); +- } +- ctx->ibuf_len=i; +- ctx->ibuf_off=0; +- } +- } +- } ++{ ++ BIO_F_BUFFER_CTX *ctx; ++ int num = 0, i, flag; ++ char *p; ++ ++ ctx = (BIO_F_BUFFER_CTX *)b->ptr; ++ size--; /* reserve space for a '\0' */ ++ BIO_clear_retry_flags(b); ++ ++ for (;;) { ++ if (ctx->ibuf_len > 0) { ++ p = &(ctx->ibuf[ctx->ibuf_off]); ++ flag = 0; ++ for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) { ++ *(buf++) = p[i]; ++ if (p[i] == '\n') { ++ flag = 1; ++ i++; ++ break; ++ } ++ } ++ num += i; ++ size -= i; ++ ctx->ibuf_len -= i; ++ ctx->ibuf_off += i; ++ if (flag || size == 0) { ++ *buf = '\0'; ++ return (num); ++ } ++ } else { /* read another chunk */ ++ ++ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ *buf = '\0'; ++ if (i < 0) ++ return ((num > 0) ? num : i); ++ if (i == 0) ++ return (num); ++ } ++ ctx->ibuf_len = i; ++ ctx->ibuf_off = 0; ++ } ++ } ++} + + static int buffer_puts(BIO *b, const char *str) +- { +- return(buffer_write(b,str,strlen(str))); +- } +- ++{ ++ return (buffer_write(b, str, strlen(str))); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +index 028616c..da88a8a 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,192 +62,190 @@ + #include + #include + +-/* BIO_put and BIO_get both add to the digest, +- * BIO_gets returns the digest */ ++/* ++ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest ++ */ + +-static int nbiof_write(BIO *h,const char *buf,int num); +-static int nbiof_read(BIO *h,char *buf,int size); +-static int nbiof_puts(BIO *h,const char *str); +-static int nbiof_gets(BIO *h,char *str,int size); +-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2); ++static int nbiof_write(BIO *h, const char *buf, int num); ++static int nbiof_read(BIO *h, char *buf, int size); ++static int nbiof_puts(BIO *h, const char *str); ++static int nbiof_gets(BIO *h, char *str, int size); ++static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int nbiof_new(BIO *h); + static int nbiof_free(BIO *data); +-static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); +-typedef struct nbio_test_st +- { +- /* only set if we sent a 'should retry' error */ +- int lrn; +- int lwn; +- } NBIO_TEST; +- +-static BIO_METHOD methods_nbiof= +- { +- BIO_TYPE_NBIO_TEST, +- "non-blocking IO test filter", +- nbiof_write, +- nbiof_read, +- nbiof_puts, +- nbiof_gets, +- nbiof_ctrl, +- nbiof_new, +- nbiof_free, +- nbiof_callback_ctrl, +- }; ++static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); ++typedef struct nbio_test_st { ++ /* only set if we sent a 'should retry' error */ ++ int lrn; ++ int lwn; ++} NBIO_TEST; ++ ++static BIO_METHOD methods_nbiof = { ++ BIO_TYPE_NBIO_TEST, ++ "non-blocking IO test filter", ++ nbiof_write, ++ nbiof_read, ++ nbiof_puts, ++ nbiof_gets, ++ nbiof_ctrl, ++ nbiof_new, ++ nbiof_free, ++ nbiof_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_nbio_test(void) +- { +- return(&methods_nbiof); +- } ++{ ++ return (&methods_nbiof); ++} + + static int nbiof_new(BIO *bi) +- { +- NBIO_TEST *nt; +- +- if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0); +- nt->lrn= -1; +- nt->lwn= -1; +- bi->ptr=(char *)nt; +- bi->init=1; +- bi->flags=0; +- return(1); +- } ++{ ++ NBIO_TEST *nt; ++ ++ if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) ++ return (0); ++ nt->lrn = -1; ++ nt->lwn = -1; ++ bi->ptr = (char *)nt; ++ bi->init = 1; ++ bi->flags = 0; ++ return (1); ++} + + static int nbiof_free(BIO *a) +- { +- if (a == NULL) return(0); +- if (a->ptr != NULL) +- OPENSSL_free(a->ptr); +- a->ptr=NULL; +- a->init=0; +- a->flags=0; +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ if (a->ptr != NULL) ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); ++} ++ + static int nbiof_read(BIO *b, char *out, int outl) +- { +- int ret=0; ++{ ++ int ret = 0; + #if 1 +- int num; +- unsigned char n; ++ int num; ++ unsigned char n; + #endif + +- if (out == NULL) return(0); +- if (b->next_bio == NULL) return(0); ++ if (out == NULL) ++ return (0); ++ if (b->next_bio == NULL) ++ return (0); + +- BIO_clear_retry_flags(b); ++ BIO_clear_retry_flags(b); + #if 1 +- RAND_pseudo_bytes(&n,1); +- num=(n&0x07); ++ RAND_pseudo_bytes(&n, 1); ++ num = (n & 0x07); + +- if (outl > num) outl=num; ++ if (outl > num) ++ outl = num; + +- if (num == 0) +- { +- ret= -1; +- BIO_set_retry_read(b); +- } +- else ++ if (num == 0) { ++ ret = -1; ++ BIO_set_retry_read(b); ++ } else + #endif +- { +- ret=BIO_read(b->next_bio,out,outl); +- if (ret < 0) +- BIO_copy_next_retry(b); +- } +- return(ret); +- } ++ { ++ ret = BIO_read(b->next_bio, out, outl); ++ if (ret < 0) ++ BIO_copy_next_retry(b); ++ } ++ return (ret); ++} + + static int nbiof_write(BIO *b, const char *in, int inl) +- { +- NBIO_TEST *nt; +- int ret=0; +- int num; +- unsigned char n; ++{ ++ NBIO_TEST *nt; ++ int ret = 0; ++ int num; ++ unsigned char n; + +- if ((in == NULL) || (inl <= 0)) return(0); +- if (b->next_bio == NULL) return(0); +- nt=(NBIO_TEST *)b->ptr; ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ if (b->next_bio == NULL) ++ return (0); ++ nt = (NBIO_TEST *)b->ptr; + +- BIO_clear_retry_flags(b); ++ BIO_clear_retry_flags(b); + + #if 1 +- if (nt->lwn > 0) +- { +- num=nt->lwn; +- nt->lwn=0; +- } +- else +- { +- RAND_pseudo_bytes(&n,1); +- num=(n&7); +- } +- +- if (inl > num) inl=num; +- +- if (num == 0) +- { +- ret= -1; +- BIO_set_retry_write(b); +- } +- else ++ if (nt->lwn > 0) { ++ num = nt->lwn; ++ nt->lwn = 0; ++ } else { ++ RAND_pseudo_bytes(&n, 1); ++ num = (n & 7); ++ } ++ ++ if (inl > num) ++ inl = num; ++ ++ if (num == 0) { ++ ret = -1; ++ BIO_set_retry_write(b); ++ } else + #endif +- { +- ret=BIO_write(b->next_bio,in,inl); +- if (ret < 0) +- { +- BIO_copy_next_retry(b); +- nt->lwn=inl; +- } +- } +- return(ret); +- } ++ { ++ ret = BIO_write(b->next_bio, in, inl); ++ if (ret < 0) { ++ BIO_copy_next_retry(b); ++ nt->lwn = inl; ++ } ++ } ++ return (ret); ++} + + static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; +- case BIO_CTRL_DUP: +- ret=0L; +- break; +- default: +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- return(ret); +- } ++{ ++ long ret; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ case BIO_CTRL_DUP: ++ ret = 0L; ++ break; ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++} + + static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } ++{ ++ long ret = 1; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} + + static int nbiof_gets(BIO *bp, char *buf, int size) +- { +- if (bp->next_bio == NULL) return(0); +- return(BIO_gets(bp->next_bio,buf,size)); +- } +- ++{ ++ if (bp->next_bio == NULL) ++ return (0); ++ return (BIO_gets(bp->next_bio, buf, size)); ++} + + static int nbiof_puts(BIO *bp, const char *str) +- { +- if (bp->next_bio == NULL) return(0); +- return(BIO_puts(bp->next_bio,str)); +- } +- +- ++{ ++ if (bp->next_bio == NULL) ++ return (0); ++ return (BIO_puts(bp->next_bio, str)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c +index c1bf39a..e0c79e8 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_null.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_null.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,8 +61,9 @@ + #include "cryptlib.h" + #include + +-/* BIO_put and BIO_get both add to the digest, +- * BIO_gets returns the digest */ ++/* ++ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest ++ */ + + static int nullf_write(BIO *h, const char *buf, int num); + static int nullf_read(BIO *h, char *buf, int size); +@@ -72,112 +73,117 @@ static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int nullf_new(BIO *h); + static int nullf_free(BIO *data); + static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +-static BIO_METHOD methods_nullf= +- { +- BIO_TYPE_NULL_FILTER, +- "NULL filter", +- nullf_write, +- nullf_read, +- nullf_puts, +- nullf_gets, +- nullf_ctrl, +- nullf_new, +- nullf_free, +- nullf_callback_ctrl, +- }; ++static BIO_METHOD methods_nullf = { ++ BIO_TYPE_NULL_FILTER, ++ "NULL filter", ++ nullf_write, ++ nullf_read, ++ nullf_puts, ++ nullf_gets, ++ nullf_ctrl, ++ nullf_new, ++ nullf_free, ++ nullf_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_null(void) +- { +- return(&methods_nullf); +- } ++{ ++ return (&methods_nullf); ++} + + static int nullf_new(BIO *bi) +- { +- bi->init=1; +- bi->ptr=NULL; +- bi->flags=0; +- return(1); +- } ++{ ++ bi->init = 1; ++ bi->ptr = NULL; ++ bi->flags = 0; ++ return (1); ++} + + static int nullf_free(BIO *a) +- { +- if (a == NULL) return(0); +-/* a->ptr=NULL; +- a->init=0; +- a->flags=0;*/ +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ /*- ++ a->ptr=NULL; ++ a->init=0; ++ a->flags=0; ++ */ ++ return (1); ++} ++ + static int nullf_read(BIO *b, char *out, int outl) +- { +- int ret=0; +- +- if (out == NULL) return(0); +- if (b->next_bio == NULL) return(0); +- ret=BIO_read(b->next_bio,out,outl); +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return(ret); +- } ++{ ++ int ret = 0; ++ ++ if (out == NULL) ++ return (0); ++ if (b->next_bio == NULL) ++ return (0); ++ ret = BIO_read(b->next_bio, out, outl); ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static int nullf_write(BIO *b, const char *in, int inl) +- { +- int ret=0; +- +- if ((in == NULL) || (inl <= 0)) return(0); +- if (b->next_bio == NULL) return(0); +- ret=BIO_write(b->next_bio,in,inl); +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return(ret); +- } ++{ ++ int ret = 0; ++ ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ if (b->next_bio == NULL) ++ return (0); ++ ret = BIO_write(b->next_bio, in, inl); ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret; +- +- if (b->next_bio == NULL) return(0); +- switch(cmd) +- { +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; +- case BIO_CTRL_DUP: +- ret=0L; +- break; +- default: +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- } +- return(ret); +- } ++{ ++ long ret; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ case BIO_CTRL_DUP: ++ ret = 0L; ++ break; ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ } ++ return (ret); ++} + + static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } ++{ ++ long ret = 1; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} + + static int nullf_gets(BIO *bp, char *buf, int size) +- { +- if (bp->next_bio == NULL) return(0); +- return(BIO_gets(bp->next_bio,buf,size)); +- } +- ++{ ++ if (bp->next_bio == NULL) ++ return (0); ++ return (BIO_gets(bp->next_bio, buf, size)); ++} + + static int nullf_puts(BIO *bp, const char *str) +- { +- if (bp->next_bio == NULL) return(0); +- return(BIO_puts(bp->next_bio,str)); +- } +- +- ++{ ++ if (bp->next_bio == NULL) ++ return (0); ++ return (BIO_puts(bp->next_bio, str)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +index 6f4254a..b24daf7 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,76 +64,75 @@ + #include + + long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, +- int argi, long argl, long ret) +- { +- BIO *b; +- MS_STATIC char buf[256]; +- char *p; +- long r=1; +- size_t p_maxlen; ++ int argi, long argl, long ret) ++{ ++ BIO *b; ++ MS_STATIC char buf[256]; ++ char *p; ++ long r = 1; ++ size_t p_maxlen; + +- if (BIO_CB_RETURN & cmd) +- r=ret; ++ if (BIO_CB_RETURN & cmd) ++ r = ret; + +- BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio); +- p= &(buf[14]); +- p_maxlen = sizeof buf - 14; +- switch (cmd) +- { +- case BIO_CB_FREE: +- BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name); +- break; +- case BIO_CB_READ: +- if (bio->method->type & BIO_TYPE_DESCRIPTOR) +- BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n", +- bio->num,argi,bio->method->name,bio->num); +- else +- BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n", +- bio->num,argi,bio->method->name); +- break; +- case BIO_CB_WRITE: +- if (bio->method->type & BIO_TYPE_DESCRIPTOR) +- BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n", +- bio->num,argi,bio->method->name,bio->num); +- else +- BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n", +- bio->num,argi,bio->method->name); +- break; +- case BIO_CB_PUTS: +- BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name); +- break; +- case BIO_CB_GETS: +- BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name); +- break; +- case BIO_CB_CTRL: +- BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name); +- break; +- case BIO_CB_RETURN|BIO_CB_READ: +- BIO_snprintf(p,p_maxlen,"read return %ld\n",ret); +- break; +- case BIO_CB_RETURN|BIO_CB_WRITE: +- BIO_snprintf(p,p_maxlen,"write return %ld\n",ret); +- break; +- case BIO_CB_RETURN|BIO_CB_GETS: +- BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret); +- break; +- case BIO_CB_RETURN|BIO_CB_PUTS: +- BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret); +- break; +- case BIO_CB_RETURN|BIO_CB_CTRL: +- BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret); +- break; +- default: +- BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd); +- break; +- } ++ BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); ++ p = &(buf[14]); ++ p_maxlen = sizeof buf - 14; ++ switch (cmd) { ++ case BIO_CB_FREE: ++ BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); ++ break; ++ case BIO_CB_READ: ++ if (bio->method->type & BIO_TYPE_DESCRIPTOR) ++ BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s fd=%d\n", ++ bio->num, argi, bio->method->name, bio->num); ++ else ++ BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s\n", ++ bio->num, argi, bio->method->name); ++ break; ++ case BIO_CB_WRITE: ++ if (bio->method->type & BIO_TYPE_DESCRIPTOR) ++ BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s fd=%d\n", ++ bio->num, argi, bio->method->name, bio->num); ++ else ++ BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s\n", ++ bio->num, argi, bio->method->name); ++ break; ++ case BIO_CB_PUTS: ++ BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name); ++ break; ++ case BIO_CB_GETS: ++ BIO_snprintf(p, p_maxlen, "gets(%d) - %s\n", argi, bio->method->name); ++ break; ++ case BIO_CB_CTRL: ++ BIO_snprintf(p, p_maxlen, "ctrl(%d) - %s\n", argi, bio->method->name); ++ break; ++ case BIO_CB_RETURN | BIO_CB_READ: ++ BIO_snprintf(p, p_maxlen, "read return %ld\n", ret); ++ break; ++ case BIO_CB_RETURN | BIO_CB_WRITE: ++ BIO_snprintf(p, p_maxlen, "write return %ld\n", ret); ++ break; ++ case BIO_CB_RETURN | BIO_CB_GETS: ++ BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret); ++ break; ++ case BIO_CB_RETURN | BIO_CB_PUTS: ++ BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret); ++ break; ++ case BIO_CB_RETURN | BIO_CB_CTRL: ++ BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret); ++ break; ++ default: ++ BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd); ++ break; ++ } + +- b=(BIO *)bio->cb_arg; +- if (b != NULL) +- BIO_write(b,buf,strlen(buf)); ++ b = (BIO *)bio->cb_arg; ++ if (b != NULL) ++ BIO_write(b, buf, strlen(buf)); + #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +- else +- fputs(buf,stderr); ++ else ++ fputs(buf, stderr); + #endif +- return(r); +- } ++ return (r); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +index 6603f1c..3a838ff 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,90 +66,90 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) + +-static ERR_STRING_DATA BIO_str_functs[]= +- { +-{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, +-{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, +-{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, +-{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, +-{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, +-{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, +-{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, +-{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, +-{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, +-{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, +-{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, +-{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, +-{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, +-{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, +-{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, +-{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, +-{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, +-{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, +-{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, +-{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, +-{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, +-{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, +-{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, +-{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, +-{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, +-{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, +-{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, +-{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, +-{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, +-{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, +-{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, +-{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA BIO_str_functs[] = { ++ {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, ++ {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, ++ {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, ++ {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, ++ {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, ++ {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, ++ {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, ++ {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, ++ {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, ++ {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, ++ {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, ++ {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, ++ {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, ++ {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, ++ {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"}, ++ {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, ++ {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, ++ {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, ++ {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, ++ {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, ++ {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, ++ {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, ++ {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, ++ {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, ++ {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, ++ {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, ++ {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, ++ {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, ++ {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, ++ {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, ++ {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, ++ {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA BIO_str_reasons[]= +- { +-{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"}, +-{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"}, +-{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"}, +-{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"}, +-{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"}, +-{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"}, +-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"}, +-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"}, +-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"}, +-{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"}, +-{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"}, +-{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"}, +-{ERR_REASON(BIO_R_IN_USE) ,"in use"}, +-{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"}, +-{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"}, +-{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"}, +-{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"}, +-{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"}, +-{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"}, +-{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"}, +-{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"}, +-{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"}, +-{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"}, +-{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"}, +-{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"}, +-{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"}, +-{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"}, +-{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"}, +-{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA BIO_str_reasons[] = { ++ {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"}, ++ {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, ++ {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"}, ++ {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"}, ++ {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"}, ++ {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"}, ++ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"}, ++ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET), ++ "error setting nbio on accepted socket"}, ++ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET), ++ "error setting nbio on accept socket"}, ++ {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), ++ "gethostbyname addr is not af inet"}, ++ {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"}, ++ {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"}, ++ {ERR_REASON(BIO_R_IN_USE), "in use"}, ++ {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"}, ++ {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, ++ {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, ++ {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"}, ++ {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"}, ++ {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"}, ++ {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"}, ++ {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"}, ++ {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"}, ++ {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"}, ++ {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"}, ++ {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"}, ++ {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"}, ++ {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, ++ {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"}, ++ {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_BIO_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,BIO_str_functs); +- ERR_load_strings(0,BIO_str_reasons); +- } ++ if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, BIO_str_functs); ++ ERR_load_strings(0, BIO_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +index 6346c19..bb284be 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,539 +64,531 @@ + #include + + BIO *BIO_new(BIO_METHOD *method) +- { +- BIO *ret=NULL; +- +- ret=(BIO *)OPENSSL_malloc(sizeof(BIO)); +- if (ret == NULL) +- { +- BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- if (!BIO_set(ret,method)) +- { +- OPENSSL_free(ret); +- ret=NULL; +- } +- return(ret); +- } ++{ ++ BIO *ret = NULL; ++ ++ ret = (BIO *)OPENSSL_malloc(sizeof(BIO)); ++ if (ret == NULL) { ++ BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ if (!BIO_set(ret, method)) { ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} + + int BIO_set(BIO *bio, BIO_METHOD *method) +- { +- bio->method=method; +- bio->callback=NULL; +- bio->cb_arg=NULL; +- bio->init=0; +- bio->shutdown=1; +- bio->flags=0; +- bio->retry_reason=0; +- bio->num=0; +- bio->ptr=NULL; +- bio->prev_bio=NULL; +- bio->next_bio=NULL; +- bio->references=1; +- bio->num_read=0L; +- bio->num_write=0L; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); +- if (method->create != NULL) +- if (!method->create(bio)) +- { +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, +- &bio->ex_data); +- return(0); +- } +- return(1); +- } ++{ ++ bio->method = method; ++ bio->callback = NULL; ++ bio->cb_arg = NULL; ++ bio->init = 0; ++ bio->shutdown = 1; ++ bio->flags = 0; ++ bio->retry_reason = 0; ++ bio->num = 0; ++ bio->ptr = NULL; ++ bio->prev_bio = NULL; ++ bio->next_bio = NULL; ++ bio->references = 1; ++ bio->num_read = 0L; ++ bio->num_write = 0L; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); ++ if (method->create != NULL) ++ if (!method->create(bio)) { ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); ++ return (0); ++ } ++ return (1); ++} + + int BIO_free(BIO *a) +- { +- int i; ++{ ++ int i; + +- if (a == NULL) return(0); ++ if (a == NULL) ++ return (0); + +- i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO); ++ i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); + #ifdef REF_PRINT +- REF_PRINT("BIO",a); ++ REF_PRINT("BIO", a); + #endif +- if (i > 0) return(1); ++ if (i > 0) ++ return (1); + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"BIO_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "BIO_free, bad reference count\n"); ++ abort(); ++ } + #endif +- if ((a->callback != NULL) && +- ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) +- return(i); ++ if ((a->callback != NULL) && ++ ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) ++ return (i); + +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); + +- if ((a->method != NULL) && (a->method->destroy != NULL)) +- a->method->destroy(a); +- OPENSSL_free(a); +- return(1); +- } ++ if ((a->method != NULL) && (a->method->destroy != NULL)) ++ a->method->destroy(a); ++ OPENSSL_free(a); ++ return (1); ++} + + void BIO_vfree(BIO *a) +- { BIO_free(a); } ++{ ++ BIO_free(a); ++} + + void BIO_clear_flags(BIO *b, int flags) +- { +- b->flags &= ~flags; +- } +- +-int BIO_test_flags(const BIO *b, int flags) +- { +- return (b->flags & flags); +- } +- +-void BIO_set_flags(BIO *b, int flags) +- { +- b->flags |= flags; +- } +- +-long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long) +- { +- return b->callback; +- } +- +-void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long)) +- { +- b->callback = cb; +- } ++{ ++ b->flags &= ~flags; ++} ++ ++int BIO_test_flags(const BIO *b, int flags) ++{ ++ return (b->flags & flags); ++} ++ ++void BIO_set_flags(BIO *b, int flags) ++{ ++ b->flags |= flags; ++} ++ ++long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, ++ int, long, long) { ++ return b->callback; ++} ++ ++void BIO_set_callback(BIO *b, ++ long (*cb) (struct bio_st *, int, const char *, int, ++ long, long)) ++{ ++ b->callback = cb; ++} + + void BIO_set_callback_arg(BIO *b, char *arg) +- { +- b->cb_arg = arg; +- } ++{ ++ b->cb_arg = arg; ++} + +-char * BIO_get_callback_arg(const BIO *b) +- { +- return b->cb_arg; +- } ++char *BIO_get_callback_arg(const BIO *b) ++{ ++ return b->cb_arg; ++} + +-const char * BIO_method_name(const BIO *b) +- { +- return b->method->name; +- } ++const char *BIO_method_name(const BIO *b) ++{ ++ return b->method->name; ++} + + int BIO_method_type(const BIO *b) +- { +- return b->method->type; +- } +- ++{ ++ return b->method->type; ++} + + int BIO_read(BIO *b, void *out, int outl) +- { +- int i; +- long (*cb)(BIO *,int,const char *,int,long,long); ++{ ++ int i; ++ long (*cb) (BIO *, int, const char *, int, long, long); + +- if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) +- { +- BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD); +- return(-2); +- } ++ if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) { ++ BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD); ++ return (-2); ++ } + +- cb=b->callback; +- if ((cb != NULL) && +- ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0)) +- return(i); ++ cb = b->callback; ++ if ((cb != NULL) && ++ ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0)) ++ return (i); + +- if (!b->init) +- { +- BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED); +- return(-2); +- } ++ if (!b->init) { ++ BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED); ++ return (-2); ++ } + +- i=b->method->bread(b,out,outl); ++ i = b->method->bread(b, out, outl); + +- if (i > 0) b->num_read+=(unsigned long)i; ++ if (i > 0) ++ b->num_read += (unsigned long)i; + +- if (cb != NULL) +- i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl, +- 0L,(long)i); +- return(i); +- } ++ if (cb != NULL) ++ i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i); ++ return (i); ++} + + int BIO_write(BIO *b, const void *in, int inl) +- { +- int i; +- long (*cb)(BIO *,int,const char *,int,long,long); ++{ ++ int i; ++ long (*cb) (BIO *, int, const char *, int, long, long); + +- if (b == NULL) +- return(0); ++ if (b == NULL) ++ return (0); + +- cb=b->callback; +- if ((b->method == NULL) || (b->method->bwrite == NULL)) +- { +- BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD); +- return(-2); +- } ++ cb = b->callback; ++ if ((b->method == NULL) || (b->method->bwrite == NULL)) { ++ BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD); ++ return (-2); ++ } + +- if ((cb != NULL) && +- ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0)) +- return(i); ++ if ((cb != NULL) && ++ ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0)) ++ return (i); + +- if (!b->init) +- { +- BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED); +- return(-2); +- } ++ if (!b->init) { ++ BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED); ++ return (-2); ++ } + +- i=b->method->bwrite(b,in,inl); ++ i = b->method->bwrite(b, in, inl); + +- if (i > 0) b->num_write+=(unsigned long)i; ++ if (i > 0) ++ b->num_write += (unsigned long)i; + +- if (cb != NULL) +- i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl, +- 0L,(long)i); +- return(i); +- } ++ if (cb != NULL) ++ i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i); ++ return (i); ++} + + int BIO_puts(BIO *b, const char *in) +- { +- int i; +- long (*cb)(BIO *,int,const char *,int,long,long); ++{ ++ int i; ++ long (*cb) (BIO *, int, const char *, int, long, long); + +- if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) +- { +- BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD); +- return(-2); +- } ++ if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { ++ BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD); ++ return (-2); ++ } + +- cb=b->callback; ++ cb = b->callback; + +- if ((cb != NULL) && +- ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0)) +- return(i); ++ if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0)) ++ return (i); + +- if (!b->init) +- { +- BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED); +- return(-2); +- } ++ if (!b->init) { ++ BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED); ++ return (-2); ++ } + +- i=b->method->bputs(b,in); ++ i = b->method->bputs(b, in); + +- if (i > 0) b->num_write+=(unsigned long)i; ++ if (i > 0) ++ b->num_write += (unsigned long)i; + +- if (cb != NULL) +- i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0, +- 0L,(long)i); +- return(i); +- } ++ if (cb != NULL) ++ i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i); ++ return (i); ++} + + int BIO_gets(BIO *b, char *in, int inl) +- { +- int i; +- long (*cb)(BIO *,int,const char *,int,long,long); +- +- if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) +- { +- BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD); +- return(-2); +- } +- +- cb=b->callback; +- +- if ((cb != NULL) && +- ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0)) +- return(i); +- +- if (!b->init) +- { +- BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED); +- return(-2); +- } +- +- i=b->method->bgets(b,in,inl); +- +- if (cb != NULL) +- i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl, +- 0L,(long)i); +- return(i); +- } +- +-int BIO_indent(BIO *b,int indent,int max) +- { +- if(indent < 0) +- indent=0; +- if(indent > max) +- indent=max; +- while(indent--) +- if(BIO_puts(b," ") != 1) +- return 0; +- return 1; +- } ++{ ++ int i; ++ long (*cb) (BIO *, int, const char *, int, long, long); ++ ++ if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { ++ BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD); ++ return (-2); ++ } ++ ++ cb = b->callback; ++ ++ if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0)) ++ return (i); ++ ++ if (!b->init) { ++ BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED); ++ return (-2); ++ } ++ ++ i = b->method->bgets(b, in, inl); ++ ++ if (cb != NULL) ++ i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i); ++ return (i); ++} ++ ++int BIO_indent(BIO *b, int indent, int max) ++{ ++ if (indent < 0) ++ indent = 0; ++ if (indent > max) ++ indent = max; ++ while (indent--) ++ if (BIO_puts(b, " ") != 1) ++ return 0; ++ return 1; ++} + + long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) +- { +- int i; ++{ ++ int i; + +- i=iarg; +- return(BIO_ctrl(b,cmd,larg,(char *)&i)); +- } ++ i = iarg; ++ return (BIO_ctrl(b, cmd, larg, (char *)&i)); ++} + + char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) +- { +- char *p=NULL; ++{ ++ char *p = NULL; + +- if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0) +- return(NULL); +- else +- return(p); +- } ++ if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) ++ return (NULL); ++ else ++ return (p); ++} + + long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) +- { +- long ret; +- long (*cb)(BIO *,int,const char *,int,long,long); ++{ ++ long ret; ++ long (*cb) (BIO *, int, const char *, int, long, long); + +- if (b == NULL) return(0); ++ if (b == NULL) ++ return (0); + +- if ((b->method == NULL) || (b->method->ctrl == NULL)) +- { +- BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); +- return(-2); +- } ++ if ((b->method == NULL) || (b->method->ctrl == NULL)) { ++ BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD); ++ return (-2); ++ } + +- cb=b->callback; ++ cb = b->callback; + +- if ((cb != NULL) && +- ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0)) +- return(ret); ++ if ((cb != NULL) && ++ ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0)) ++ return (ret); + +- ret=b->method->ctrl(b,cmd,larg,parg); ++ ret = b->method->ctrl(b, cmd, larg, parg); + +- if (cb != NULL) +- ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, +- larg,ret); +- return(ret); +- } ++ if (cb != NULL) ++ ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret); ++ return (ret); ++} + +-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) +- { +- long ret; +- long (*cb)(BIO *,int,const char *,int,long,long); ++long BIO_callback_ctrl(BIO *b, int cmd, ++ void (*fp) (struct bio_st *, int, const char *, int, ++ long, long)) ++{ ++ long ret; ++ long (*cb) (BIO *, int, const char *, int, long, long); + +- if (b == NULL) return(0); ++ if (b == NULL) ++ return (0); + +- if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) +- { +- BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD); +- return(-2); +- } ++ if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { ++ BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD); ++ return (-2); ++ } + +- cb=b->callback; ++ cb = b->callback; + +- if ((cb != NULL) && +- ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0)) +- return(ret); ++ if ((cb != NULL) && ++ ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0)) ++ return (ret); + +- ret=b->method->callback_ctrl(b,cmd,fp); ++ ret = b->method->callback_ctrl(b, cmd, fp); + +- if (cb != NULL) +- ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd, +- 0,ret); +- return(ret); +- } ++ if (cb != NULL) ++ ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret); ++ return (ret); ++} + +-/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros ++/* ++ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros + * do; but those macros have inappropriate return type, and for interfacing +- * from other programming languages, C macros aren't much of a help anyway. */ ++ * from other programming languages, C macros aren't much of a help anyway. ++ */ + size_t BIO_ctrl_pending(BIO *bio) +- { +- return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); +- } ++{ ++ return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); ++} + + size_t BIO_ctrl_wpending(BIO *bio) +- { +- return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); +- } +- ++{ ++ return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); ++} + + /* put the 'bio' on the end of b's list of operators */ + BIO *BIO_push(BIO *b, BIO *bio) +- { +- BIO *lb; +- +- if (b == NULL) return(bio); +- lb=b; +- while (lb->next_bio != NULL) +- lb=lb->next_bio; +- lb->next_bio=bio; +- if (bio != NULL) +- bio->prev_bio=lb; +- /* called to do internal processing */ +- BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL); +- return(b); +- } ++{ ++ BIO *lb; ++ ++ if (b == NULL) ++ return (bio); ++ lb = b; ++ while (lb->next_bio != NULL) ++ lb = lb->next_bio; ++ lb->next_bio = bio; ++ if (bio != NULL) ++ bio->prev_bio = lb; ++ /* called to do internal processing */ ++ BIO_ctrl(b, BIO_CTRL_PUSH, 0, NULL); ++ return (b); ++} + + /* Remove the first and return the rest */ + BIO *BIO_pop(BIO *b) +- { +- BIO *ret; ++{ ++ BIO *ret; + +- if (b == NULL) return(NULL); +- ret=b->next_bio; ++ if (b == NULL) ++ return (NULL); ++ ret = b->next_bio; + +- BIO_ctrl(b,BIO_CTRL_POP,0,NULL); ++ BIO_ctrl(b, BIO_CTRL_POP, 0, NULL); + +- if (b->prev_bio != NULL) +- b->prev_bio->next_bio=b->next_bio; +- if (b->next_bio != NULL) +- b->next_bio->prev_bio=b->prev_bio; ++ if (b->prev_bio != NULL) ++ b->prev_bio->next_bio = b->next_bio; ++ if (b->next_bio != NULL) ++ b->next_bio->prev_bio = b->prev_bio; + +- b->next_bio=NULL; +- b->prev_bio=NULL; +- return(ret); +- } ++ b->next_bio = NULL; ++ b->prev_bio = NULL; ++ return (ret); ++} + + BIO *BIO_get_retry_BIO(BIO *bio, int *reason) +- { +- BIO *b,*last; +- +- b=last=bio; +- for (;;) +- { +- if (!BIO_should_retry(b)) break; +- last=b; +- b=b->next_bio; +- if (b == NULL) break; +- } +- if (reason != NULL) *reason=last->retry_reason; +- return(last); +- } ++{ ++ BIO *b, *last; ++ ++ b = last = bio; ++ for (;;) { ++ if (!BIO_should_retry(b)) ++ break; ++ last = b; ++ b = b->next_bio; ++ if (b == NULL) ++ break; ++ } ++ if (reason != NULL) ++ *reason = last->retry_reason; ++ return (last); ++} + + int BIO_get_retry_reason(BIO *bio) +- { +- return(bio->retry_reason); +- } ++{ ++ return (bio->retry_reason); ++} + + BIO *BIO_find_type(BIO *bio, int type) +- { +- int mt,mask; +- +- if(!bio) return NULL; +- mask=type&0xff; +- do { +- if (bio->method != NULL) +- { +- mt=bio->method->type; +- +- if (!mask) +- { +- if (mt & type) return(bio); +- } +- else if (mt == type) +- return(bio); +- } +- bio=bio->next_bio; +- } while (bio != NULL); +- return(NULL); +- } ++{ ++ int mt, mask; ++ ++ if (!bio) ++ return NULL; ++ mask = type & 0xff; ++ do { ++ if (bio->method != NULL) { ++ mt = bio->method->type; ++ ++ if (!mask) { ++ if (mt & type) ++ return (bio); ++ } else if (mt == type) ++ return (bio); ++ } ++ bio = bio->next_bio; ++ } while (bio != NULL); ++ return (NULL); ++} + + BIO *BIO_next(BIO *b) +- { +- if(!b) return NULL; +- return b->next_bio; +- } ++{ ++ if (!b) ++ return NULL; ++ return b->next_bio; ++} + + void BIO_free_all(BIO *bio) +- { +- BIO *b; +- int ref; +- +- while (bio != NULL) +- { +- b=bio; +- ref=b->references; +- bio=bio->next_bio; +- BIO_free(b); +- /* Since ref count > 1, don't free anyone else. */ +- if (ref > 1) break; +- } +- } ++{ ++ BIO *b; ++ int ref; ++ ++ while (bio != NULL) { ++ b = bio; ++ ref = b->references; ++ bio = bio->next_bio; ++ BIO_free(b); ++ /* Since ref count > 1, don't free anyone else. */ ++ if (ref > 1) ++ break; ++ } ++} + + BIO *BIO_dup_chain(BIO *in) +- { +- BIO *ret=NULL,*eoc=NULL,*bio,*new; +- +- for (bio=in; bio != NULL; bio=bio->next_bio) +- { +- if ((new=BIO_new(bio->method)) == NULL) goto err; +- new->callback=bio->callback; +- new->cb_arg=bio->cb_arg; +- new->init=bio->init; +- new->shutdown=bio->shutdown; +- new->flags=bio->flags; +- +- /* This will let SSL_s_sock() work with stdin/stdout */ +- new->num=bio->num; +- +- if (!BIO_dup_state(bio,(char *)new)) +- { +- BIO_free(new); +- goto err; +- } +- +- /* copy app data */ +- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, +- &bio->ex_data)) +- goto err; +- +- if (ret == NULL) +- { +- eoc=new; +- ret=eoc; +- } +- else +- { +- BIO_push(eoc,new); +- eoc=new; +- } +- } +- return(ret); +-err: +- if (ret != NULL) +- BIO_free(ret); +- return(NULL); +- } ++{ ++ BIO *ret = NULL, *eoc = NULL, *bio, *new; ++ ++ for (bio = in; bio != NULL; bio = bio->next_bio) { ++ if ((new = BIO_new(bio->method)) == NULL) ++ goto err; ++ new->callback = bio->callback; ++ new->cb_arg = bio->cb_arg; ++ new->init = bio->init; ++ new->shutdown = bio->shutdown; ++ new->flags = bio->flags; ++ ++ /* This will let SSL_s_sock() work with stdin/stdout */ ++ new->num = bio->num; ++ ++ if (!BIO_dup_state(bio, (char *)new)) { ++ BIO_free(new); ++ goto err; ++ } ++ ++ /* copy app data */ ++ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, ++ &bio->ex_data)) ++ goto err; ++ ++ if (ret == NULL) { ++ eoc = new; ++ ret = eoc; ++ } else { ++ BIO_push(eoc, new); ++ eoc = new; ++ } ++ } ++ return (ret); ++ err: ++ if (ret != NULL) ++ BIO_free(ret); ++ return (NULL); ++} + + void BIO_copy_next_retry(BIO *b) +- { +- BIO_set_flags(b,BIO_get_retry_flags(b->next_bio)); +- b->retry_reason=b->next_bio->retry_reason; +- } ++{ ++ BIO_set_flags(b, BIO_get_retry_flags(b->next_bio)); ++ b->retry_reason = b->next_bio->retry_reason; ++} + + int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, ++ new_func, dup_func, free_func); ++} + + int BIO_set_ex_data(BIO *bio, int idx, void *data) +- { +- return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data)); +- } ++{ ++ return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); ++} + + void *BIO_get_ex_data(BIO *bio, int idx) +- { +- return(CRYPTO_get_ex_data(&(bio->ex_data),idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); ++} + + unsigned long BIO_number_read(BIO *bio) + { +- if(bio) return bio->num_read; +- return 0; ++ if (bio) ++ return bio->num_read; ++ return 0; + } + + unsigned long BIO_number_written(BIO *bio) + { +- if(bio) return bio->num_write; +- return 0; ++ if (bio) ++ return bio->num_write; ++ return 0; + } + + IMPLEMENT_STACK_OF(BIO) +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +index 76bd48e..87955f0 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,12 +53,13 @@ + * + */ + +-/* Special method for a BIO where the other endpoint is also a BIO +- * of this kind, handled by the same thread (i.e. the "peer" is actually +- * ourselves, wearing a different hat). +- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces +- * for which no specific BIO method is available. +- * See ssl/ssltest.c for some hints on how this can be used. */ ++/* ++ * Special method for a BIO where the other endpoint is also a BIO of this ++ * kind, handled by the same thread (i.e. the "peer" is actually ourselves, ++ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL ++ * library with I/O interfaces for which no specific BIO method is available. ++ * See ssl/ssltest.c for some hints on how this can be used. ++ */ + + /* BIO_DEBUG implies BIO_PAIR_DEBUG */ + #ifdef BIO_DEBUG +@@ -103,822 +104,783 @@ static int bio_puts(BIO *bio, const char *str); + static int bio_make_pair(BIO *bio1, BIO *bio2); + static void bio_destroy_pair(BIO *bio); + +-static BIO_METHOD methods_biop = +-{ +- BIO_TYPE_BIO, +- "BIO pair", +- bio_write, +- bio_read, +- bio_puts, +- NULL /* no bio_gets */, +- bio_ctrl, +- bio_new, +- bio_free, +- NULL /* no bio_callback_ctrl */ ++static BIO_METHOD methods_biop = { ++ BIO_TYPE_BIO, ++ "BIO pair", ++ bio_write, ++ bio_read, ++ bio_puts, ++ NULL /* no bio_gets */ , ++ bio_ctrl, ++ bio_new, ++ bio_free, ++ NULL /* no bio_callback_ctrl */ + }; + + BIO_METHOD *BIO_s_bio(void) +- { +- return &methods_biop; +- } +- +-struct bio_bio_st + { +- BIO *peer; /* NULL if buf == NULL. +- * If peer != NULL, then peer->ptr is also a bio_bio_st, +- * and its "peer" member points back to us. +- * peer != NULL iff init != 0 in the BIO. */ +- +- /* This is for what we write (i.e. reading uses peer's struct): */ +- int closed; /* valid iff peer != NULL */ +- size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ +- size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ +- size_t size; +- char *buf; /* "size" elements (if != NULL) */ +- +- size_t request; /* valid iff peer != NULL; 0 if len != 0, +- * otherwise set by peer to number of bytes +- * it (unsuccessfully) tried to read, +- * never more than buffer space (size-len) warrants. */ ++ return &methods_biop; ++} ++ ++struct bio_bio_st { ++ BIO *peer; /* NULL if buf == NULL. If peer != NULL, then ++ * peer->ptr is also a bio_bio_st, and its ++ * "peer" member points back to us. peer != ++ * NULL iff init != 0 in the BIO. */ ++ /* This is for what we write (i.e. reading uses peer's struct): */ ++ int closed; /* valid iff peer != NULL */ ++ size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ ++ size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ ++ size_t size; ++ char *buf; /* "size" elements (if != NULL) */ ++ size_t request; /* valid iff peer != NULL; 0 if len != 0, ++ * otherwise set by peer to number of bytes ++ * it (unsuccessfully) tried to read, never ++ * more than buffer space (size-len) ++ * warrants. */ + }; + + static int bio_new(BIO *bio) +- { +- struct bio_bio_st *b; +- +- b = OPENSSL_malloc(sizeof *b); +- if (b == NULL) +- return 0; ++{ ++ struct bio_bio_st *b; + +- b->peer = NULL; +- b->size = 17*1024; /* enough for one TLS record (just a default) */ +- b->buf = NULL; ++ b = OPENSSL_malloc(sizeof *b); ++ if (b == NULL) ++ return 0; + +- bio->ptr = b; +- return 1; +- } ++ b->peer = NULL; ++ /* enough for one TLS record (just a default) */ ++ b->size = 17 * 1024; ++ b->buf = NULL; + ++ bio->ptr = b; ++ return 1; ++} + + static int bio_free(BIO *bio) +- { +- struct bio_bio_st *b; +- +- if (bio == NULL) +- return 0; +- b = bio->ptr; ++{ ++ struct bio_bio_st *b; + +- assert(b != NULL); ++ if (bio == NULL) ++ return 0; ++ b = bio->ptr; + +- if (b->peer) +- bio_destroy_pair(bio); +- +- if (b->buf != NULL) +- { +- OPENSSL_free(b->buf); +- } ++ assert(b != NULL); + +- OPENSSL_free(b); ++ if (b->peer) ++ bio_destroy_pair(bio); + +- return 1; +- } ++ if (b->buf != NULL) { ++ OPENSSL_free(b->buf); ++ } + ++ OPENSSL_free(b); + ++ return 1; ++} + + static int bio_read(BIO *bio, char *buf, int size_) +- { +- size_t size = size_; +- size_t rest; +- struct bio_bio_st *b, *peer_b; +- +- BIO_clear_retry_flags(bio); +- +- if (!bio->init) +- return 0; +- +- b = bio->ptr; +- assert(b != NULL); +- assert(b->peer != NULL); +- peer_b = b->peer->ptr; +- assert(peer_b != NULL); +- assert(peer_b->buf != NULL); +- +- peer_b->request = 0; /* will be set in "retry_read" situation */ +- +- if (buf == NULL || size == 0) +- return 0; +- +- if (peer_b->len == 0) +- { +- if (peer_b->closed) +- return 0; /* writer has closed, and no data is left */ +- else +- { +- BIO_set_retry_read(bio); /* buffer is empty */ +- if (size <= peer_b->size) +- peer_b->request = size; +- else +- /* don't ask for more than the peer can +- * deliver in one write */ +- peer_b->request = peer_b->size; +- return -1; +- } +- } +- +- /* we can read */ +- if (peer_b->len < size) +- size = peer_b->len; +- +- /* now read "size" bytes */ +- +- rest = size; +- +- assert(rest > 0); +- do /* one or two iterations */ +- { +- size_t chunk; +- +- assert(rest <= peer_b->len); +- if (peer_b->offset + rest <= peer_b->size) +- chunk = rest; +- else +- /* wrap around ring buffer */ +- chunk = peer_b->size - peer_b->offset; +- assert(peer_b->offset + chunk <= peer_b->size); +- +- memcpy(buf, peer_b->buf + peer_b->offset, chunk); +- +- peer_b->len -= chunk; +- if (peer_b->len) +- { +- peer_b->offset += chunk; +- assert(peer_b->offset <= peer_b->size); +- if (peer_b->offset == peer_b->size) +- peer_b->offset = 0; +- buf += chunk; +- } +- else +- { +- /* buffer now empty, no need to advance "buf" */ +- assert(chunk == rest); +- peer_b->offset = 0; +- } +- rest -= chunk; +- } +- while (rest); +- +- return size; +- } +- +-/* non-copying interface: provide pointer to available data in buffer ++{ ++ size_t size = size_; ++ size_t rest; ++ struct bio_bio_st *b, *peer_b; ++ ++ BIO_clear_retry_flags(bio); ++ ++ if (!bio->init) ++ return 0; ++ ++ b = bio->ptr; ++ assert(b != NULL); ++ assert(b->peer != NULL); ++ peer_b = b->peer->ptr; ++ assert(peer_b != NULL); ++ assert(peer_b->buf != NULL); ++ ++ peer_b->request = 0; /* will be set in "retry_read" situation */ ++ ++ if (buf == NULL || size == 0) ++ return 0; ++ ++ if (peer_b->len == 0) { ++ if (peer_b->closed) ++ return 0; /* writer has closed, and no data is left */ ++ else { ++ BIO_set_retry_read(bio); /* buffer is empty */ ++ if (size <= peer_b->size) ++ peer_b->request = size; ++ else ++ /* ++ * don't ask for more than the peer can deliver in one write ++ */ ++ peer_b->request = peer_b->size; ++ return -1; ++ } ++ } ++ ++ /* we can read */ ++ if (peer_b->len < size) ++ size = peer_b->len; ++ ++ /* now read "size" bytes */ ++ ++ rest = size; ++ ++ assert(rest > 0); ++ do { /* one or two iterations */ ++ size_t chunk; ++ ++ assert(rest <= peer_b->len); ++ if (peer_b->offset + rest <= peer_b->size) ++ chunk = rest; ++ else ++ /* wrap around ring buffer */ ++ chunk = peer_b->size - peer_b->offset; ++ assert(peer_b->offset + chunk <= peer_b->size); ++ ++ memcpy(buf, peer_b->buf + peer_b->offset, chunk); ++ ++ peer_b->len -= chunk; ++ if (peer_b->len) { ++ peer_b->offset += chunk; ++ assert(peer_b->offset <= peer_b->size); ++ if (peer_b->offset == peer_b->size) ++ peer_b->offset = 0; ++ buf += chunk; ++ } else { ++ /* buffer now empty, no need to advance "buf" */ ++ assert(chunk == rest); ++ peer_b->offset = 0; ++ } ++ rest -= chunk; ++ } ++ while (rest); ++ ++ return size; ++} ++ ++/*- ++ * non-copying interface: provide pointer to available data in buffer + * bio_nread0: return number of available bytes + * bio_nread: also advance index + * (example usage: bio_nread0(), read from buffer, bio_nread() + * or just bio_nread(), read from buffer) + */ +-/* WARNING: The non-copying interface is largely untested as of yet +- * and may contain bugs. */ ++/* ++ * WARNING: The non-copying interface is largely untested as of yet and may ++ * contain bugs. ++ */ + static ssize_t bio_nread0(BIO *bio, char **buf) +- { +- struct bio_bio_st *b, *peer_b; +- ssize_t num; +- +- BIO_clear_retry_flags(bio); +- +- if (!bio->init) +- return 0; +- +- b = bio->ptr; +- assert(b != NULL); +- assert(b->peer != NULL); +- peer_b = b->peer->ptr; +- assert(peer_b != NULL); +- assert(peer_b->buf != NULL); +- +- peer_b->request = 0; +- +- if (peer_b->len == 0) +- { +- char dummy; +- +- /* avoid code duplication -- nothing available for reading */ +- return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ +- } +- +- num = peer_b->len; +- if (peer_b->size < peer_b->offset + num) +- /* no ring buffer wrap-around for non-copying interface */ +- num = peer_b->size - peer_b->offset; +- assert(num > 0); +- +- if (buf != NULL) +- *buf = peer_b->buf + peer_b->offset; +- return num; +- } ++{ ++ struct bio_bio_st *b, *peer_b; ++ ssize_t num; + +-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) +- { +- struct bio_bio_st *b, *peer_b; +- ssize_t num, available; +- +- if (num_ > SSIZE_MAX) +- num = SSIZE_MAX; +- else +- num = (ssize_t)num_; +- +- available = bio_nread0(bio, buf); +- if (num > available) +- num = available; +- if (num <= 0) +- return num; +- +- b = bio->ptr; +- peer_b = b->peer->ptr; +- +- peer_b->len -= num; +- if (peer_b->len) +- { +- peer_b->offset += num; +- assert(peer_b->offset <= peer_b->size); +- if (peer_b->offset == peer_b->size) +- peer_b->offset = 0; +- } +- else +- peer_b->offset = 0; +- +- return num; +- } ++ BIO_clear_retry_flags(bio); ++ ++ if (!bio->init) ++ return 0; ++ ++ b = bio->ptr; ++ assert(b != NULL); ++ assert(b->peer != NULL); ++ peer_b = b->peer->ptr; ++ assert(peer_b != NULL); ++ assert(peer_b->buf != NULL); ++ ++ peer_b->request = 0; + ++ if (peer_b->len == 0) { ++ char dummy; ++ ++ /* avoid code duplication -- nothing available for reading */ ++ return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ ++ } ++ ++ num = peer_b->len; ++ if (peer_b->size < peer_b->offset + num) ++ /* no ring buffer wrap-around for non-copying interface */ ++ num = peer_b->size - peer_b->offset; ++ assert(num > 0); ++ ++ if (buf != NULL) ++ *buf = peer_b->buf + peer_b->offset; ++ return num; ++} ++ ++static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) ++{ ++ struct bio_bio_st *b, *peer_b; ++ ssize_t num, available; ++ ++ if (num_ > SSIZE_MAX) ++ num = SSIZE_MAX; ++ else ++ num = (ssize_t) num_; ++ ++ available = bio_nread0(bio, buf); ++ if (num > available) ++ num = available; ++ if (num <= 0) ++ return num; ++ ++ b = bio->ptr; ++ peer_b = b->peer->ptr; ++ ++ peer_b->len -= num; ++ if (peer_b->len) { ++ peer_b->offset += num; ++ assert(peer_b->offset <= peer_b->size); ++ if (peer_b->offset == peer_b->size) ++ peer_b->offset = 0; ++ } else ++ peer_b->offset = 0; ++ ++ return num; ++} + + static int bio_write(BIO *bio, const char *buf, int num_) +- { +- size_t num = num_; +- size_t rest; +- struct bio_bio_st *b; +- +- BIO_clear_retry_flags(bio); +- +- if (!bio->init || buf == NULL || num == 0) +- return 0; +- +- b = bio->ptr; +- assert(b != NULL); +- assert(b->peer != NULL); +- assert(b->buf != NULL); +- +- b->request = 0; +- if (b->closed) +- { +- /* we already closed */ +- BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE); +- return -1; +- } +- +- assert(b->len <= b->size); +- +- if (b->len == b->size) +- { +- BIO_set_retry_write(bio); /* buffer is full */ +- return -1; +- } +- +- /* we can write */ +- if (num > b->size - b->len) +- num = b->size - b->len; +- +- /* now write "num" bytes */ +- +- rest = num; +- +- assert(rest > 0); +- do /* one or two iterations */ +- { +- size_t write_offset; +- size_t chunk; +- +- assert(b->len + rest <= b->size); +- +- write_offset = b->offset + b->len; +- if (write_offset >= b->size) +- write_offset -= b->size; +- /* b->buf[write_offset] is the first byte we can write to. */ +- +- if (write_offset + rest <= b->size) +- chunk = rest; +- else +- /* wrap around ring buffer */ +- chunk = b->size - write_offset; +- +- memcpy(b->buf + write_offset, buf, chunk); +- +- b->len += chunk; +- +- assert(b->len <= b->size); +- +- rest -= chunk; +- buf += chunk; +- } +- while (rest); +- +- return num; +- } +- +-/* non-copying interface: provide pointer to region to write to ++{ ++ size_t num = num_; ++ size_t rest; ++ struct bio_bio_st *b; ++ ++ BIO_clear_retry_flags(bio); ++ ++ if (!bio->init || buf == NULL || num == 0) ++ return 0; ++ ++ b = bio->ptr; ++ assert(b != NULL); ++ assert(b->peer != NULL); ++ assert(b->buf != NULL); ++ ++ b->request = 0; ++ if (b->closed) { ++ /* we already closed */ ++ BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE); ++ return -1; ++ } ++ ++ assert(b->len <= b->size); ++ ++ if (b->len == b->size) { ++ BIO_set_retry_write(bio); /* buffer is full */ ++ return -1; ++ } ++ ++ /* we can write */ ++ if (num > b->size - b->len) ++ num = b->size - b->len; ++ ++ /* now write "num" bytes */ ++ ++ rest = num; ++ ++ assert(rest > 0); ++ do { /* one or two iterations */ ++ size_t write_offset; ++ size_t chunk; ++ ++ assert(b->len + rest <= b->size); ++ ++ write_offset = b->offset + b->len; ++ if (write_offset >= b->size) ++ write_offset -= b->size; ++ /* b->buf[write_offset] is the first byte we can write to. */ ++ ++ if (write_offset + rest <= b->size) ++ chunk = rest; ++ else ++ /* wrap around ring buffer */ ++ chunk = b->size - write_offset; ++ ++ memcpy(b->buf + write_offset, buf, chunk); ++ ++ b->len += chunk; ++ ++ assert(b->len <= b->size); ++ ++ rest -= chunk; ++ buf += chunk; ++ } ++ while (rest); ++ ++ return num; ++} ++ ++/*- ++ * non-copying interface: provide pointer to region to write to + * bio_nwrite0: check how much space is available + * bio_nwrite: also increase length + * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() + * or just bio_nwrite(), write to buffer) + */ + static ssize_t bio_nwrite0(BIO *bio, char **buf) +- { +- struct bio_bio_st *b; +- size_t num; +- size_t write_offset; +- +- BIO_clear_retry_flags(bio); +- +- if (!bio->init) +- return 0; +- +- b = bio->ptr; +- assert(b != NULL); +- assert(b->peer != NULL); +- assert(b->buf != NULL); +- +- b->request = 0; +- if (b->closed) +- { +- BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE); +- return -1; +- } +- +- assert(b->len <= b->size); +- +- if (b->len == b->size) +- { +- BIO_set_retry_write(bio); +- return -1; +- } +- +- num = b->size - b->len; +- write_offset = b->offset + b->len; +- if (write_offset >= b->size) +- write_offset -= b->size; +- if (write_offset + num > b->size) +- /* no ring buffer wrap-around for non-copying interface +- * (to fulfil the promise by BIO_ctrl_get_write_guarantee, +- * BIO_nwrite may have to be called twice) */ +- num = b->size - write_offset; +- +- if (buf != NULL) +- *buf = b->buf + write_offset; +- assert(write_offset + num <= b->size); +- +- return num; +- } ++{ ++ struct bio_bio_st *b; ++ size_t num; ++ size_t write_offset; ++ ++ BIO_clear_retry_flags(bio); ++ ++ if (!bio->init) ++ return 0; ++ ++ b = bio->ptr; ++ assert(b != NULL); ++ assert(b->peer != NULL); ++ assert(b->buf != NULL); ++ ++ b->request = 0; ++ if (b->closed) { ++ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE); ++ return -1; ++ } ++ ++ assert(b->len <= b->size); ++ ++ if (b->len == b->size) { ++ BIO_set_retry_write(bio); ++ return -1; ++ } ++ ++ num = b->size - b->len; ++ write_offset = b->offset + b->len; ++ if (write_offset >= b->size) ++ write_offset -= b->size; ++ if (write_offset + num > b->size) ++ /* ++ * no ring buffer wrap-around for non-copying interface (to fulfil ++ * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have ++ * to be called twice) ++ */ ++ num = b->size - write_offset; ++ ++ if (buf != NULL) ++ *buf = b->buf + write_offset; ++ assert(write_offset + num <= b->size); ++ ++ return num; ++} + + static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) +- { +- struct bio_bio_st *b; +- ssize_t num, space; ++{ ++ struct bio_bio_st *b; ++ ssize_t num, space; ++ ++ if (num_ > SSIZE_MAX) ++ num = SSIZE_MAX; ++ else ++ num = (ssize_t) num_; ++ ++ space = bio_nwrite0(bio, buf); ++ if (num > space) ++ num = space; ++ if (num <= 0) ++ return num; ++ b = bio->ptr; ++ assert(b != NULL); ++ b->len += num; ++ assert(b->len <= b->size); ++ ++ return num; ++} + +- if (num_ > SSIZE_MAX) +- num = SSIZE_MAX; +- else +- num = (ssize_t)num_; ++static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) ++{ ++ long ret; ++ struct bio_bio_st *b = bio->ptr; ++ ++ assert(b != NULL); ++ ++ switch (cmd) { ++ /* specific CTRL codes */ ++ ++ case BIO_C_SET_WRITE_BUF_SIZE: ++ if (b->peer) { ++ BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE); ++ ret = 0; ++ } else if (num == 0) { ++ BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT); ++ ret = 0; ++ } else { ++ size_t new_size = num; ++ ++ if (b->size != new_size) { ++ if (b->buf) { ++ OPENSSL_free(b->buf); ++ b->buf = NULL; ++ } ++ b->size = new_size; ++ } ++ ret = 1; ++ } ++ break; ++ ++ case BIO_C_GET_WRITE_BUF_SIZE: ++ ret = (long)b->size; ++ break; ++ ++ case BIO_C_MAKE_BIO_PAIR: ++ { ++ BIO *other_bio = ptr; ++ ++ if (bio_make_pair(bio, other_bio)) ++ ret = 1; ++ else ++ ret = 0; ++ } ++ break; ++ ++ case BIO_C_DESTROY_BIO_PAIR: ++ /* ++ * Affects both BIOs in the pair -- call just once! Or let ++ * BIO_free(bio1); BIO_free(bio2); do the job. ++ */ ++ bio_destroy_pair(bio); ++ ret = 1; ++ break; ++ ++ case BIO_C_GET_WRITE_GUARANTEE: ++ /* ++ * How many bytes can the caller feed to the next write without ++ * having to keep any? ++ */ ++ if (b->peer == NULL || b->closed) ++ ret = 0; ++ else ++ ret = (long)b->size - b->len; ++ break; ++ ++ case BIO_C_GET_READ_REQUEST: ++ /* ++ * If the peer unsuccessfully tried to read, how many bytes were ++ * requested? (As with BIO_CTRL_PENDING, that number can usually be ++ * treated as boolean.) ++ */ ++ ret = (long)b->request; ++ break; ++ ++ case BIO_C_RESET_READ_REQUEST: ++ /* ++ * Reset request. (Can be useful after read attempts at the other ++ * side that are meant to be non-blocking, e.g. when probing SSL_read ++ * to see if any data is available.) ++ */ ++ b->request = 0; ++ ret = 1; ++ break; ++ ++ case BIO_C_SHUTDOWN_WR: ++ /* similar to shutdown(..., SHUT_WR) */ ++ b->closed = 1; ++ ret = 1; ++ break; ++ ++ case BIO_C_NREAD0: ++ /* prepare for non-copying read */ ++ ret = (long)bio_nread0(bio, ptr); ++ break; ++ ++ case BIO_C_NREAD: ++ /* non-copying read */ ++ ret = (long)bio_nread(bio, ptr, (size_t)num); ++ break; ++ ++ case BIO_C_NWRITE0: ++ /* prepare for non-copying write */ ++ ret = (long)bio_nwrite0(bio, ptr); ++ break; ++ ++ case BIO_C_NWRITE: ++ /* non-copying write */ ++ ret = (long)bio_nwrite(bio, ptr, (size_t)num); ++ break; ++ ++ /* standard CTRL codes follow */ ++ ++ case BIO_CTRL_RESET: ++ if (b->buf != NULL) { ++ b->len = 0; ++ b->offset = 0; ++ } ++ ret = 0; ++ break; ++ ++ case BIO_CTRL_GET_CLOSE: ++ ret = bio->shutdown; ++ break; ++ ++ case BIO_CTRL_SET_CLOSE: ++ bio->shutdown = (int)num; ++ ret = 1; ++ break; ++ ++ case BIO_CTRL_PENDING: ++ if (b->peer != NULL) { ++ struct bio_bio_st *peer_b = b->peer->ptr; ++ ++ ret = (long)peer_b->len; ++ } else ++ ret = 0; ++ break; ++ ++ case BIO_CTRL_WPENDING: ++ if (b->buf != NULL) ++ ret = (long)b->len; ++ else ++ ret = 0; ++ break; ++ ++ case BIO_CTRL_DUP: ++ /* See BIO_dup_chain for circumstances we have to expect. */ ++ { ++ BIO *other_bio = ptr; ++ struct bio_bio_st *other_b; ++ ++ assert(other_bio != NULL); ++ other_b = other_bio->ptr; ++ assert(other_b != NULL); ++ ++ assert(other_b->buf == NULL); /* other_bio is always fresh */ ++ ++ other_b->size = b->size; ++ } ++ ++ ret = 1; ++ break; ++ ++ case BIO_CTRL_FLUSH: ++ ret = 1; ++ break; ++ ++ case BIO_CTRL_EOF: ++ { ++ BIO *other_bio = ptr; ++ ++ if (other_bio) { ++ struct bio_bio_st *other_b = other_bio->ptr; ++ ++ assert(other_b != NULL); ++ ret = other_b->len == 0 && other_b->closed; ++ } else ++ ret = 1; ++ } ++ break; ++ ++ default: ++ ret = 0; ++ } ++ return ret; ++} + +- space = bio_nwrite0(bio, buf); +- if (num > space) +- num = space; +- if (num <= 0) +- return num; +- b = bio->ptr; +- assert(b != NULL); +- b->len += num; +- assert(b->len <= b->size); ++static int bio_puts(BIO *bio, const char *str) ++{ ++ return bio_write(bio, str, strlen(str)); ++} + +- return num; +- } ++static int bio_make_pair(BIO *bio1, BIO *bio2) ++{ ++ struct bio_bio_st *b1, *b2; ++ ++ assert(bio1 != NULL); ++ assert(bio2 != NULL); ++ ++ b1 = bio1->ptr; ++ b2 = bio2->ptr; ++ ++ if (b1->peer != NULL || b2->peer != NULL) { ++ BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE); ++ return 0; ++ } ++ ++ if (b1->buf == NULL) { ++ b1->buf = OPENSSL_malloc(b1->size); ++ if (b1->buf == NULL) { ++ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ b1->len = 0; ++ b1->offset = 0; ++ } ++ ++ if (b2->buf == NULL) { ++ b2->buf = OPENSSL_malloc(b2->size); ++ if (b2->buf == NULL) { ++ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ b2->len = 0; ++ b2->offset = 0; ++ } ++ ++ b1->peer = bio2; ++ b1->closed = 0; ++ b1->request = 0; ++ b2->peer = bio1; ++ b2->closed = 0; ++ b2->request = 0; ++ ++ bio1->init = 1; ++ bio2->init = 1; ++ ++ return 1; ++} + ++static void bio_destroy_pair(BIO *bio) ++{ ++ struct bio_bio_st *b = bio->ptr; + +-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) +- { +- long ret; +- struct bio_bio_st *b = bio->ptr; +- +- assert(b != NULL); +- +- switch (cmd) +- { +- /* specific CTRL codes */ +- +- case BIO_C_SET_WRITE_BUF_SIZE: +- if (b->peer) +- { +- BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE); +- ret = 0; +- } +- else if (num == 0) +- { +- BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT); +- ret = 0; +- } +- else +- { +- size_t new_size = num; +- +- if (b->size != new_size) +- { +- if (b->buf) +- { +- OPENSSL_free(b->buf); +- b->buf = NULL; +- } +- b->size = new_size; +- } +- ret = 1; +- } +- break; +- +- case BIO_C_GET_WRITE_BUF_SIZE: +- ret = (long) b->size; +- break; +- +- case BIO_C_MAKE_BIO_PAIR: +- { +- BIO *other_bio = ptr; +- +- if (bio_make_pair(bio, other_bio)) +- ret = 1; +- else +- ret = 0; +- } +- break; +- +- case BIO_C_DESTROY_BIO_PAIR: +- /* Affects both BIOs in the pair -- call just once! +- * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ +- bio_destroy_pair(bio); +- ret = 1; +- break; +- +- case BIO_C_GET_WRITE_GUARANTEE: +- /* How many bytes can the caller feed to the next write +- * without having to keep any? */ +- if (b->peer == NULL || b->closed) +- ret = 0; +- else +- ret = (long) b->size - b->len; +- break; +- +- case BIO_C_GET_READ_REQUEST: +- /* If the peer unsuccessfully tried to read, how many bytes +- * were requested? (As with BIO_CTRL_PENDING, that number +- * can usually be treated as boolean.) */ +- ret = (long) b->request; +- break; +- +- case BIO_C_RESET_READ_REQUEST: +- /* Reset request. (Can be useful after read attempts +- * at the other side that are meant to be non-blocking, +- * e.g. when probing SSL_read to see if any data is +- * available.) */ +- b->request = 0; +- ret = 1; +- break; +- +- case BIO_C_SHUTDOWN_WR: +- /* similar to shutdown(..., SHUT_WR) */ +- b->closed = 1; +- ret = 1; +- break; +- +- case BIO_C_NREAD0: +- /* prepare for non-copying read */ +- ret = (long) bio_nread0(bio, ptr); +- break; +- +- case BIO_C_NREAD: +- /* non-copying read */ +- ret = (long) bio_nread(bio, ptr, (size_t) num); +- break; +- +- case BIO_C_NWRITE0: +- /* prepare for non-copying write */ +- ret = (long) bio_nwrite0(bio, ptr); +- break; +- +- case BIO_C_NWRITE: +- /* non-copying write */ +- ret = (long) bio_nwrite(bio, ptr, (size_t) num); +- break; +- +- +- /* standard CTRL codes follow */ +- +- case BIO_CTRL_RESET: +- if (b->buf != NULL) +- { +- b->len = 0; +- b->offset = 0; +- } +- ret = 0; +- break; +- +- case BIO_CTRL_GET_CLOSE: +- ret = bio->shutdown; +- break; +- +- case BIO_CTRL_SET_CLOSE: +- bio->shutdown = (int) num; +- ret = 1; +- break; +- +- case BIO_CTRL_PENDING: +- if (b->peer != NULL) +- { +- struct bio_bio_st *peer_b = b->peer->ptr; +- +- ret = (long) peer_b->len; +- } +- else +- ret = 0; +- break; +- +- case BIO_CTRL_WPENDING: +- if (b->buf != NULL) +- ret = (long) b->len; +- else +- ret = 0; +- break; +- +- case BIO_CTRL_DUP: +- /* See BIO_dup_chain for circumstances we have to expect. */ +- { +- BIO *other_bio = ptr; +- struct bio_bio_st *other_b; +- +- assert(other_bio != NULL); +- other_b = other_bio->ptr; +- assert(other_b != NULL); +- +- assert(other_b->buf == NULL); /* other_bio is always fresh */ +- +- other_b->size = b->size; +- } +- +- ret = 1; +- break; +- +- case BIO_CTRL_FLUSH: +- ret = 1; +- break; +- +- case BIO_CTRL_EOF: +- { +- BIO *other_bio = ptr; +- +- if (other_bio) +- { +- struct bio_bio_st *other_b = other_bio->ptr; +- +- assert(other_b != NULL); +- ret = other_b->len == 0 && other_b->closed; +- } +- else +- ret = 1; +- } +- break; +- +- default: +- ret = 0; +- } +- return ret; +- } ++ if (b != NULL) { ++ BIO *peer_bio = b->peer; + +-static int bio_puts(BIO *bio, const char *str) +- { +- return bio_write(bio, str, strlen(str)); +- } ++ if (peer_bio != NULL) { ++ struct bio_bio_st *peer_b = peer_bio->ptr; + ++ assert(peer_b != NULL); ++ assert(peer_b->peer == bio); + +-static int bio_make_pair(BIO *bio1, BIO *bio2) +- { +- struct bio_bio_st *b1, *b2; +- +- assert(bio1 != NULL); +- assert(bio2 != NULL); +- +- b1 = bio1->ptr; +- b2 = bio2->ptr; +- +- if (b1->peer != NULL || b2->peer != NULL) +- { +- BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE); +- return 0; +- } +- +- if (b1->buf == NULL) +- { +- b1->buf = OPENSSL_malloc(b1->size); +- if (b1->buf == NULL) +- { +- BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- b1->len = 0; +- b1->offset = 0; +- } +- +- if (b2->buf == NULL) +- { +- b2->buf = OPENSSL_malloc(b2->size); +- if (b2->buf == NULL) +- { +- BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- b2->len = 0; +- b2->offset = 0; +- } +- +- b1->peer = bio2; +- b1->closed = 0; +- b1->request = 0; +- b2->peer = bio1; +- b2->closed = 0; +- b2->request = 0; +- +- bio1->init = 1; +- bio2->init = 1; +- +- return 1; +- } ++ peer_b->peer = NULL; ++ peer_bio->init = 0; ++ assert(peer_b->buf != NULL); ++ peer_b->len = 0; ++ peer_b->offset = 0; + +-static void bio_destroy_pair(BIO *bio) +- { +- struct bio_bio_st *b = bio->ptr; +- +- if (b != NULL) +- { +- BIO *peer_bio = b->peer; +- +- if (peer_bio != NULL) +- { +- struct bio_bio_st *peer_b = peer_bio->ptr; +- +- assert(peer_b != NULL); +- assert(peer_b->peer == bio); +- +- peer_b->peer = NULL; +- peer_bio->init = 0; +- assert(peer_b->buf != NULL); +- peer_b->len = 0; +- peer_b->offset = 0; +- +- b->peer = NULL; +- bio->init = 0; +- assert(b->buf != NULL); +- b->len = 0; +- b->offset = 0; +- } +- } +- } +- ++ b->peer = NULL; ++ bio->init = 0; ++ assert(b->buf != NULL); ++ b->len = 0; ++ b->offset = 0; ++ } ++ } ++} + + /* Exported convenience functions */ + int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, +- BIO **bio2_p, size_t writebuf2) +- { +- BIO *bio1 = NULL, *bio2 = NULL; +- long r; +- int ret = 0; +- +- bio1 = BIO_new(BIO_s_bio()); +- if (bio1 == NULL) +- goto err; +- bio2 = BIO_new(BIO_s_bio()); +- if (bio2 == NULL) +- goto err; +- +- if (writebuf1) +- { +- r = BIO_set_write_buf_size(bio1, writebuf1); +- if (!r) +- goto err; +- } +- if (writebuf2) +- { +- r = BIO_set_write_buf_size(bio2, writebuf2); +- if (!r) +- goto err; +- } +- +- r = BIO_make_bio_pair(bio1, bio2); +- if (!r) +- goto err; +- ret = 1; ++ BIO **bio2_p, size_t writebuf2) ++{ ++ BIO *bio1 = NULL, *bio2 = NULL; ++ long r; ++ int ret = 0; ++ ++ bio1 = BIO_new(BIO_s_bio()); ++ if (bio1 == NULL) ++ goto err; ++ bio2 = BIO_new(BIO_s_bio()); ++ if (bio2 == NULL) ++ goto err; ++ ++ if (writebuf1) { ++ r = BIO_set_write_buf_size(bio1, writebuf1); ++ if (!r) ++ goto err; ++ } ++ if (writebuf2) { ++ r = BIO_set_write_buf_size(bio2, writebuf2); ++ if (!r) ++ goto err; ++ } ++ ++ r = BIO_make_bio_pair(bio1, bio2); ++ if (!r) ++ goto err; ++ ret = 1; + + err: +- if (ret == 0) +- { +- if (bio1) +- { +- BIO_free(bio1); +- bio1 = NULL; +- } +- if (bio2) +- { +- BIO_free(bio2); +- bio2 = NULL; +- } +- } +- +- *bio1_p = bio1; +- *bio2_p = bio2; +- return ret; +- } ++ if (ret == 0) { ++ if (bio1) { ++ BIO_free(bio1); ++ bio1 = NULL; ++ } ++ if (bio2) { ++ BIO_free(bio2); ++ bio2 = NULL; ++ } ++ } ++ ++ *bio1_p = bio1; ++ *bio2_p = bio2; ++ return ret; ++} + + size_t BIO_ctrl_get_write_guarantee(BIO *bio) +- { +- return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); +- } ++{ ++ return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); ++} + + size_t BIO_ctrl_get_read_request(BIO *bio) +- { +- return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); +- } ++{ ++ return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); ++} + + int BIO_ctrl_reset_read_request(BIO *bio) +- { +- return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); +- } +- ++{ ++ return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); ++} + +-/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now +- * (conceivably some other BIOs could allow non-copying reads and writes too.) ++/* ++ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now ++ * (conceivably some other BIOs could allow non-copying reads and writes ++ * too.) + */ + int BIO_nread0(BIO *bio, char **buf) +- { +- long ret; +- +- if (!bio->init) +- { +- BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED); +- return -2; +- } +- +- ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); +- if (ret > INT_MAX) +- return INT_MAX; +- else +- return (int) ret; +- } ++{ ++ long ret; ++ ++ if (!bio->init) { ++ BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED); ++ return -2; ++ } ++ ++ ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); ++ if (ret > INT_MAX) ++ return INT_MAX; ++ else ++ return (int)ret; ++} + + int BIO_nread(BIO *bio, char **buf, int num) +- { +- int ret; ++{ ++ int ret; + +- if (!bio->init) +- { +- BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED); +- return -2; +- } ++ if (!bio->init) { ++ BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED); ++ return -2; ++ } + +- ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf); +- if (ret > 0) +- bio->num_read += ret; +- return ret; +- } ++ ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf); ++ if (ret > 0) ++ bio->num_read += ret; ++ return ret; ++} + + int BIO_nwrite0(BIO *bio, char **buf) +- { +- long ret; +- +- if (!bio->init) +- { +- BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED); +- return -2; +- } +- +- ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); +- if (ret > INT_MAX) +- return INT_MAX; +- else +- return (int) ret; +- } ++{ ++ long ret; ++ ++ if (!bio->init) { ++ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED); ++ return -2; ++ } ++ ++ ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); ++ if (ret > INT_MAX) ++ return INT_MAX; ++ else ++ return (int)ret; ++} + + int BIO_nwrite(BIO *bio, char **buf, int num) +- { +- int ret; +- +- if (!bio->init) +- { +- BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED); +- return -2; +- } +- +- ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); +- if (ret > 0) +- bio->num_write += ret; +- return ret; +- } ++{ ++ int ret; ++ ++ if (!bio->init) { ++ BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED); ++ return -2; ++ } ++ ++ ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); ++ if (ret > 0) ++ bio->num_write += ret; ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +index e0327bd..405190f 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +@@ -1,7 +1,7 @@ + /* crypto/bio/bio_dgram.c */ +-/* ++/* + * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ + /* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,7 +57,6 @@ + * + */ + +- + #include + #include + #define USE_SOCKETS +@@ -66,19 +65,19 @@ + #include + #ifndef OPENSSL_NO_DGRAM + +-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) +-#include +-#endif ++# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ++# include ++# endif + +-#ifdef OPENSSL_SYS_LINUX +-#define IP_MTU 14 /* linux is lame */ +-#endif ++# ifdef OPENSSL_SYS_LINUX ++# define IP_MTU 14 /* linux is lame */ ++# endif + +-#ifdef WATT32 +-#define sock_write SockWrite /* Watt-32 uses same names */ +-#define sock_read SockRead +-#define sock_puts SockPuts +-#endif ++# ifdef WATT32 ++# define sock_write SockWrite /* Watt-32 uses same names */ ++# define sock_read SockRead ++# define sock_puts SockPuts ++# endif + + static int dgram_write(BIO *h, const char *buf, int num); + static int dgram_read(BIO *h, char *buf, int size); +@@ -92,657 +91,653 @@ static int BIO_dgram_should_retry(int s); + + static void get_current_time(struct timeval *t); + +-static BIO_METHOD methods_dgramp= +- { +- BIO_TYPE_DGRAM, +- "datagram socket", +- dgram_write, +- dgram_read, +- dgram_puts, +- NULL, /* dgram_gets, */ +- dgram_ctrl, +- dgram_new, +- dgram_free, +- NULL, +- }; +- +-typedef struct bio_dgram_data_st +- { +- struct sockaddr peer; +- unsigned int connected; +- unsigned int _errno; +- unsigned int mtu; +- struct timeval next_timeout; +- struct timeval socket_timeout; +- } bio_dgram_data; ++static BIO_METHOD methods_dgramp = { ++ BIO_TYPE_DGRAM, ++ "datagram socket", ++ dgram_write, ++ dgram_read, ++ dgram_puts, ++ NULL, /* dgram_gets, */ ++ dgram_ctrl, ++ dgram_new, ++ dgram_free, ++ NULL, ++}; ++ ++typedef struct bio_dgram_data_st { ++ struct sockaddr peer; ++ unsigned int connected; ++ unsigned int _errno; ++ unsigned int mtu; ++ struct timeval next_timeout; ++ struct timeval socket_timeout; ++} bio_dgram_data; + + BIO_METHOD *BIO_s_datagram(void) +- { +- return(&methods_dgramp); +- } ++{ ++ return (&methods_dgramp); ++} + + BIO *BIO_new_dgram(int fd, int close_flag) +- { +- BIO *ret; ++{ ++ BIO *ret; + +- ret=BIO_new(BIO_s_datagram()); +- if (ret == NULL) return(NULL); +- BIO_set_fd(ret,fd,close_flag); +- return(ret); +- } ++ ret = BIO_new(BIO_s_datagram()); ++ if (ret == NULL) ++ return (NULL); ++ BIO_set_fd(ret, fd, close_flag); ++ return (ret); ++} + + static int dgram_new(BIO *bi) +- { +- bio_dgram_data *data = NULL; +- +- bi->init=0; +- bi->num=0; +- data = OPENSSL_malloc(sizeof(bio_dgram_data)); +- if (data == NULL) +- return 0; +- memset(data, 0x00, sizeof(bio_dgram_data)); ++{ ++ bio_dgram_data *data = NULL; ++ ++ bi->init = 0; ++ bi->num = 0; ++ data = OPENSSL_malloc(sizeof(bio_dgram_data)); ++ if (data == NULL) ++ return 0; ++ memset(data, 0x00, sizeof(bio_dgram_data)); + bi->ptr = data; + +- bi->flags=0; +- return(1); +- } ++ bi->flags = 0; ++ return (1); ++} + + static int dgram_free(BIO *a) +- { +- bio_dgram_data *data; ++{ ++ bio_dgram_data *data; + +- if (a == NULL) return(0); +- if ( ! dgram_clear(a)) +- return 0; ++ if (a == NULL) ++ return (0); ++ if (!dgram_clear(a)) ++ return 0; + +- data = (bio_dgram_data *)a->ptr; +- if(data != NULL) OPENSSL_free(data); ++ data = (bio_dgram_data *)a->ptr; ++ if (data != NULL) ++ OPENSSL_free(data); + +- return(1); +- } ++ return (1); ++} + + static int dgram_clear(BIO *a) +- { +- if (a == NULL) return(0); +- if (a->shutdown) +- { +- if (a->init) +- { +- SHUTDOWN2(a->num); +- } +- a->init=0; +- a->flags=0; +- } +- return(1); +- } ++{ ++ if (a == NULL) ++ return (0); ++ if (a->shutdown) { ++ if (a->init) { ++ SHUTDOWN2(a->num); ++ } ++ a->init = 0; ++ a->flags = 0; ++ } ++ return (1); ++} + + static void dgram_adjust_rcv_timeout(BIO *b) +- { +-#if defined(SO_RCVTIMEO) +- bio_dgram_data *data = (bio_dgram_data *)b->ptr; +- int sz = sizeof(int); +- +- /* Is a timer active? */ +- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) +- { +- struct timeval timenow, timeleft; +- +- /* Read current socket timeout */ +-#ifdef OPENSSL_SYS_WINDOWS +- int timeout; +- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void*)&timeout, &sz) < 0) +- { perror("getsockopt"); } +- else +- { +- data->socket_timeout.tv_sec = timeout / 1000; +- data->socket_timeout.tv_usec = (timeout % 1000) * 1000; +- } +-#else +- if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- &(data->socket_timeout), (void *)&sz) < 0) +- { perror("getsockopt"); } +-#endif ++{ ++# if defined(SO_RCVTIMEO) ++ bio_dgram_data *data = (bio_dgram_data *)b->ptr; ++ int sz = sizeof(int); ++ ++ /* Is a timer active? */ ++ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { ++ struct timeval timenow, timeleft; ++ ++ /* Read current socket timeout */ ++# ifdef OPENSSL_SYS_WINDOWS ++ int timeout; ++ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ (void *)&timeout, &sz) < 0) { ++ perror("getsockopt"); ++ } else { ++ data->socket_timeout.tv_sec = timeout / 1000; ++ data->socket_timeout.tv_usec = (timeout % 1000) * 1000; ++ } ++# else ++ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ &(data->socket_timeout), (void *)&sz) < 0) { ++ perror("getsockopt"); ++ } ++# endif + +- /* Get current time */ +- get_current_time(&timenow); +- +- /* Calculate time left until timer expires */ +- memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); +- timeleft.tv_sec -= timenow.tv_sec; +- timeleft.tv_usec -= timenow.tv_usec; +- if (timeleft.tv_usec < 0) +- { +- timeleft.tv_sec--; +- timeleft.tv_usec += 1000000; +- } +- +- if (timeleft.tv_sec < 0) +- { +- timeleft.tv_sec = 0; +- timeleft.tv_usec = 1; +- } +- +- /* Adjust socket timeout if next handhake message timer +- * will expire earlier. +- */ +- if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) || +- (data->socket_timeout.tv_sec > timeleft.tv_sec) || +- (data->socket_timeout.tv_sec == timeleft.tv_sec && +- data->socket_timeout.tv_usec >= timeleft.tv_usec)) +- { +-#ifdef OPENSSL_SYS_WINDOWS +- timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; +- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void*)&timeout, sizeof(timeout)) < 0) +- { perror("setsockopt"); } +-#else +- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, +- sizeof(struct timeval)) < 0) +- { perror("setsockopt"); } +-#endif +- } +- } +-#endif +- } ++ /* Get current time */ ++ get_current_time(&timenow); ++ ++ /* Calculate time left until timer expires */ ++ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); ++ timeleft.tv_sec -= timenow.tv_sec; ++ timeleft.tv_usec -= timenow.tv_usec; ++ if (timeleft.tv_usec < 0) { ++ timeleft.tv_sec--; ++ timeleft.tv_usec += 1000000; ++ } ++ ++ if (timeleft.tv_sec < 0) { ++ timeleft.tv_sec = 0; ++ timeleft.tv_usec = 1; ++ } ++ ++ /* ++ * Adjust socket timeout if next handhake message timer will expire ++ * earlier. ++ */ ++ if ((data->socket_timeout.tv_sec == 0 ++ && data->socket_timeout.tv_usec == 0) ++ || (data->socket_timeout.tv_sec > timeleft.tv_sec) ++ || (data->socket_timeout.tv_sec == timeleft.tv_sec ++ && data->socket_timeout.tv_usec >= timeleft.tv_usec)) { ++# ifdef OPENSSL_SYS_WINDOWS ++ timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; ++ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ (void *)&timeout, sizeof(timeout)) < 0) { ++ perror("setsockopt"); ++ } ++# else ++ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, ++ sizeof(struct timeval)) < 0) { ++ perror("setsockopt"); ++ } ++# endif ++ } ++ } ++# endif ++} + + static void dgram_reset_rcv_timeout(BIO *b) +- { +-#if defined(SO_RCVTIMEO) +- bio_dgram_data *data = (bio_dgram_data *)b->ptr; +- +- /* Is a timer active? */ +- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) +- { +-#ifdef OPENSSL_SYS_WINDOWS +- int timeout = data->socket_timeout.tv_sec * 1000 + +- data->socket_timeout.tv_usec / 1000; +- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void*)&timeout, sizeof(timeout)) < 0) +- { perror("setsockopt"); } +-#else +- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), +- sizeof(struct timeval)) < 0) +- { perror("setsockopt"); } +-#endif +- } +-#endif +- } ++{ ++# if defined(SO_RCVTIMEO) ++ bio_dgram_data *data = (bio_dgram_data *)b->ptr; ++ ++ /* Is a timer active? */ ++ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { ++# ifdef OPENSSL_SYS_WINDOWS ++ int timeout = data->socket_timeout.tv_sec * 1000 + ++ data->socket_timeout.tv_usec / 1000; ++ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ (void *)&timeout, sizeof(timeout)) < 0) { ++ perror("setsockopt"); ++ } ++# else ++ if (setsockopt ++ (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), ++ sizeof(struct timeval)) < 0) { ++ perror("setsockopt"); ++ } ++# endif ++ } ++# endif ++} + + static int dgram_read(BIO *b, char *out, int outl) +- { +- int ret=0; +- bio_dgram_data *data = (bio_dgram_data *)b->ptr; +- +- struct sockaddr peer; +- int peerlen = sizeof(peer); +- +- if (out != NULL) +- { +- clear_socket_error(); +- memset(&peer, 0x00, peerlen); +- /* Last arg in recvfrom is signed on some platforms and +- * unsigned on others. It is of type socklen_t on some +- * but this is not universal. Cast to (void *) to avoid +- * compiler warnings. +- */ +- dgram_adjust_rcv_timeout(b); +- ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen); +- +- if ( ! data->connected && ret >= 0) +- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); +- +- BIO_clear_retry_flags(b); +- if (ret < 0) +- { +- if (BIO_dgram_should_retry(ret)) +- { +- BIO_set_retry_read(b); +- data->_errno = get_last_socket_error(); +- } +- } +- +- dgram_reset_rcv_timeout(b); +- } +- return(ret); +- } ++{ ++ int ret = 0; ++ bio_dgram_data *data = (bio_dgram_data *)b->ptr; ++ ++ struct sockaddr peer; ++ int peerlen = sizeof(peer); ++ ++ if (out != NULL) { ++ clear_socket_error(); ++ memset(&peer, 0x00, peerlen); ++ /* ++ * Last arg in recvfrom is signed on some platforms and unsigned on ++ * others. It is of type socklen_t on some but this is not universal. ++ * Cast to (void *) to avoid compiler warnings. ++ */ ++ dgram_adjust_rcv_timeout(b); ++ ret = recvfrom(b->num, out, outl, 0, &peer, (void *)&peerlen); ++ ++ if (!data->connected && ret >= 0) ++ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); ++ ++ BIO_clear_retry_flags(b); ++ if (ret < 0) { ++ if (BIO_dgram_should_retry(ret)) { ++ BIO_set_retry_read(b); ++ data->_errno = get_last_socket_error(); ++ } ++ } ++ ++ dgram_reset_rcv_timeout(b); ++ } ++ return (ret); ++} + + static int dgram_write(BIO *b, const char *in, int inl) +- { +- int ret; +- bio_dgram_data *data = (bio_dgram_data *)b->ptr; +- clear_socket_error(); ++{ ++ int ret; ++ bio_dgram_data *data = (bio_dgram_data *)b->ptr; ++ clear_socket_error(); + +- if ( data->connected ) +- ret=writesocket(b->num,in,inl); ++ if (data->connected) ++ ret = writesocket(b->num, in, inl); + else +-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer)); +-#else +- ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); +-#endif ++# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) ++ ret = ++ sendto(b->num, (char *)in, inl, 0, &data->peer, ++ sizeof(data->peer)); ++# else ++ ret = sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer)); ++# endif + +- BIO_clear_retry_flags(b); +- if (ret <= 0) +- { +- if (BIO_dgram_should_retry(ret)) +- { +- BIO_set_retry_write(b); +- data->_errno = get_last_socket_error(); +- +-#if 0 /* higher layers are responsible for querying MTU, if necessary */ +- if ( data->_errno == EMSGSIZE) +- /* retrieve the new MTU */ +- BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); +-#endif +- } +- } +- return(ret); +- } ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_dgram_should_retry(ret)) { ++ BIO_set_retry_write(b); ++ data->_errno = get_last_socket_error(); ++ ++# if 0 /* higher layers are responsible for querying ++ * MTU, if necessary */ ++ if (data->_errno == EMSGSIZE) ++ /* retrieve the new MTU */ ++ BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); ++# endif ++ } ++ } ++ return (ret); ++} + + static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret=1; +- int *ip; +- struct sockaddr *to = NULL; +- bio_dgram_data *data = NULL; +-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU) +- long sockopt_val = 0; +- unsigned int sockopt_len = 0; +-#endif +-#ifdef OPENSSL_SYS_LINUX +- socklen_t addr_len; +- struct sockaddr_storage addr; +-#endif ++{ ++ long ret = 1; ++ int *ip; ++ struct sockaddr *to = NULL; ++ bio_dgram_data *data = NULL; ++# if defined(IP_MTU_DISCOVER) || defined(IP_MTU) ++ long sockopt_val = 0; ++ unsigned int sockopt_len = 0; ++# endif ++# ifdef OPENSSL_SYS_LINUX ++ socklen_t addr_len; ++ struct sockaddr_storage addr; ++# endif + +- data = (bio_dgram_data *)b->ptr; +- +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- num=0; +- case BIO_C_FILE_SEEK: +- ret=0; +- break; +- case BIO_C_FILE_TELL: +- case BIO_CTRL_INFO: +- ret=0; +- break; +- case BIO_C_SET_FD: +- dgram_clear(b); +- b->num= *((int *)ptr); +- b->shutdown=(int)num; +- b->init=1; +- break; +- case BIO_C_GET_FD: +- if (b->init) +- { +- ip=(int *)ptr; +- if (ip != NULL) *ip=b->num; +- ret=b->num; +- } +- else +- ret= -1; +- break; +- case BIO_CTRL_GET_CLOSE: +- ret=b->shutdown; +- break; +- case BIO_CTRL_SET_CLOSE: +- b->shutdown=(int)num; +- break; +- case BIO_CTRL_PENDING: +- case BIO_CTRL_WPENDING: +- ret=0; +- break; +- case BIO_CTRL_DUP: +- case BIO_CTRL_FLUSH: +- ret=1; +- break; +- case BIO_CTRL_DGRAM_CONNECT: +- to = (struct sockaddr *)ptr; +-#if 0 +- if (connect(b->num, to, sizeof(struct sockaddr)) < 0) +- { perror("connect"); ret = 0; } +- else +- { +-#endif +- memcpy(&(data->peer),to, sizeof(struct sockaddr)); +-#if 0 +- } +-#endif +- break; +- /* (Linux)kernel sets DF bit on outgoing IP packets */ +- case BIO_CTRL_DGRAM_MTU_DISCOVER: +-#ifdef OPENSSL_SYS_LINUX +- addr_len = (socklen_t)sizeof(struct sockaddr_storage); +- memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); +- if (getsockname(b->num, (void *)&addr, &addr_len) < 0) +- { +- ret = 0; +- break; +- } +- sockopt_len = sizeof(sockopt_val); +- switch (addr.ss_family) +- { +- case AF_INET: +- sockopt_val = IP_PMTUDISC_DO; +- if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, +- &sockopt_val, sizeof(sockopt_val))) < 0) +- perror("setsockopt"); +- break; +- case AF_INET6: +- sockopt_val = IPV6_PMTUDISC_DO; +- if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, +- &sockopt_val, sizeof(sockopt_val))) < 0) +- perror("setsockopt"); +- break; +- default: +- ret = -1; +- break; +- } +- ret = -1; +-#else +- break; +-#endif +- case BIO_CTRL_DGRAM_QUERY_MTU: +-#ifdef OPENSSL_SYS_LINUX +- addr_len = (socklen_t)sizeof(struct sockaddr_storage); +- memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); +- if (getsockname(b->num, (void *)&addr, &addr_len) < 0) +- { +- ret = 0; +- break; +- } +- sockopt_len = sizeof(sockopt_val); +- switch (addr.ss_family) +- { +- case AF_INET: +- if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, +- &sockopt_len)) < 0 || sockopt_val < 0) +- { +- ret = 0; +- } +- else +- { +- /* we assume that the transport protocol is UDP and no +- * IP options are used. +- */ +- data->mtu = sockopt_val - 8 - 20; +- ret = data->mtu; +- } +- break; +- case AF_INET6: +- if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val, +- &sockopt_len)) < 0 || sockopt_val < 0) +- { +- ret = 0; +- } +- else +- { +- /* we assume that the transport protocol is UDP and no +- * IPV6 options are used. +- */ +- data->mtu = sockopt_val - 8 - 40; +- ret = data->mtu; +- } +- break; +- default: +- ret = 0; +- break; +- } +-#else +- ret = 0; +-#endif +- break; +- case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: +- ret = 576 - 20 - 8; +- break; +- case BIO_CTRL_DGRAM_GET_MTU: +- return data->mtu; +- break; +- case BIO_CTRL_DGRAM_SET_MTU: +- data->mtu = num; +- ret = num; +- break; +- case BIO_CTRL_DGRAM_SET_CONNECTED: +- to = (struct sockaddr *)ptr; +- +- if ( to != NULL) +- { +- data->connected = 1; +- memcpy(&(data->peer),to, sizeof(struct sockaddr)); +- } +- else +- { +- data->connected = 0; +- memset(&(data->peer), 0x00, sizeof(struct sockaddr)); +- } +- break; ++ data = (bio_dgram_data *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ num = 0; ++ case BIO_C_FILE_SEEK: ++ ret = 0; ++ break; ++ case BIO_C_FILE_TELL: ++ case BIO_CTRL_INFO: ++ ret = 0; ++ break; ++ case BIO_C_SET_FD: ++ dgram_clear(b); ++ b->num = *((int *)ptr); ++ b->shutdown = (int)num; ++ b->init = 1; ++ break; ++ case BIO_C_GET_FD: ++ if (b->init) { ++ ip = (int *)ptr; ++ if (ip != NULL) ++ *ip = b->num; ++ ret = b->num; ++ } else ++ ret = -1; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; ++ case BIO_CTRL_PENDING: ++ case BIO_CTRL_WPENDING: ++ ret = 0; ++ break; ++ case BIO_CTRL_DUP: ++ case BIO_CTRL_FLUSH: ++ ret = 1; ++ break; ++ case BIO_CTRL_DGRAM_CONNECT: ++ to = (struct sockaddr *)ptr; ++# if 0 ++ if (connect(b->num, to, sizeof(struct sockaddr)) < 0) { ++ perror("connect"); ++ ret = 0; ++ } else { ++# endif ++ memcpy(&(data->peer), to, sizeof(struct sockaddr)); ++# if 0 ++ } ++# endif ++ break; ++ /* (Linux)kernel sets DF bit on outgoing IP packets */ ++ case BIO_CTRL_DGRAM_MTU_DISCOVER: ++# ifdef OPENSSL_SYS_LINUX ++ addr_len = (socklen_t) sizeof(struct sockaddr_storage); ++ memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); ++ if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { ++ ret = 0; ++ break; ++ } ++ sockopt_len = sizeof(sockopt_val); ++ switch (addr.ss_family) { ++ case AF_INET: ++ sockopt_val = IP_PMTUDISC_DO; ++ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, ++ &sockopt_val, sizeof(sockopt_val))) < 0) ++ perror("setsockopt"); ++ break; ++ case AF_INET6: ++ sockopt_val = IPV6_PMTUDISC_DO; ++ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, ++ &sockopt_val, sizeof(sockopt_val))) < 0) ++ perror("setsockopt"); ++ break; ++ default: ++ ret = -1; ++ break; ++ } ++ ret = -1; ++# else ++ break; ++# endif ++ case BIO_CTRL_DGRAM_QUERY_MTU: ++# ifdef OPENSSL_SYS_LINUX ++ addr_len = (socklen_t) sizeof(struct sockaddr_storage); ++ memset((void *)&addr, 0, sizeof(struct sockaddr_storage)); ++ if (getsockname(b->num, (void *)&addr, &addr_len) < 0) { ++ ret = 0; ++ break; ++ } ++ sockopt_len = sizeof(sockopt_val); ++ switch (addr.ss_family) { ++ case AF_INET: ++ if ((ret = ++ getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, ++ &sockopt_len)) < 0 || sockopt_val < 0) { ++ ret = 0; ++ } else { ++ /* ++ * we assume that the transport protocol is UDP and no IP ++ * options are used. ++ */ ++ data->mtu = sockopt_val - 8 - 20; ++ ret = data->mtu; ++ } ++ break; ++ case AF_INET6: ++ if ((ret = ++ getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, ++ (void *)&sockopt_val, &sockopt_len)) < 0 ++ || sockopt_val < 0) { ++ ret = 0; ++ } else { ++ /* ++ * we assume that the transport protocol is UDP and no IPV6 ++ * options are used. ++ */ ++ data->mtu = sockopt_val - 8 - 40; ++ ret = data->mtu; ++ } ++ break; ++ default: ++ ret = 0; ++ break; ++ } ++# else ++ ret = 0; ++# endif ++ break; ++ case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: ++ ret = 576 - 20 - 8; ++ break; ++ case BIO_CTRL_DGRAM_GET_MTU: ++ return data->mtu; ++ break; ++ case BIO_CTRL_DGRAM_SET_MTU: ++ data->mtu = num; ++ ret = num; ++ break; ++ case BIO_CTRL_DGRAM_SET_CONNECTED: ++ to = (struct sockaddr *)ptr; ++ ++ if (to != NULL) { ++ data->connected = 1; ++ memcpy(&(data->peer), to, sizeof(struct sockaddr)); ++ } else { ++ data->connected = 0; ++ memset(&(data->peer), 0x00, sizeof(struct sockaddr)); ++ } ++ break; + case BIO_CTRL_DGRAM_GET_PEER: +- to = (struct sockaddr *) ptr; ++ to = (struct sockaddr *)ptr; + + memcpy(to, &(data->peer), sizeof(struct sockaddr)); +- ret = sizeof(struct sockaddr); ++ ret = sizeof(struct sockaddr); + break; + case BIO_CTRL_DGRAM_SET_PEER: +- to = (struct sockaddr *) ptr; ++ to = (struct sockaddr *)ptr; + + memcpy(&(data->peer), to, sizeof(struct sockaddr)); + break; +- case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: +- memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); +- break; +-#if defined(SO_RCVTIMEO) +- case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: +-#ifdef OPENSSL_SYS_WINDOWS +- { +- struct timeval *tv = (struct timeval *)ptr; +- int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; +- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void*)&timeout, sizeof(timeout)) < 0) +- { perror("setsockopt"); ret = -1; } +- } +-#else +- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, +- sizeof(struct timeval)) < 0) +- { perror("setsockopt"); ret = -1; } +-#endif +- break; +- case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: +-#ifdef OPENSSL_SYS_WINDOWS +- { +- int timeout, sz = sizeof(timeout); +- struct timeval *tv = (struct timeval *)ptr; +- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- (void*)&timeout, &sz) < 0) +- { perror("getsockopt"); ret = -1; } +- else +- { +- tv->tv_sec = timeout / 1000; +- tv->tv_usec = (timeout % 1000) * 1000; +- ret = sizeof(*tv); +- } +- } +-#else +- if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, +- ptr, (void *)&ret) < 0) +- { perror("getsockopt"); ret = -1; } +-#endif +- break; +-#endif +-#if defined(SO_SNDTIMEO) +- case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: +-#ifdef OPENSSL_SYS_WINDOWS +- { +- struct timeval *tv = (struct timeval *)ptr; +- int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000; +- if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, +- (void*)&timeout, sizeof(timeout)) < 0) +- { perror("setsockopt"); ret = -1; } +- } +-#else +- if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, +- sizeof(struct timeval)) < 0) +- { perror("setsockopt"); ret = -1; } +-#endif +- break; +- case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: +-#ifdef OPENSSL_SYS_WINDOWS +- { +- int timeout, sz = sizeof(timeout); +- struct timeval *tv = (struct timeval *)ptr; +- if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, +- (void*)&timeout, &sz) < 0) +- { perror("getsockopt"); ret = -1; } +- else +- { +- tv->tv_sec = timeout / 1000; +- tv->tv_usec = (timeout % 1000) * 1000; +- ret = sizeof(*tv); +- } +- } +-#else +- if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, +- ptr, (void *)&ret) < 0) +- { perror("getsockopt"); ret = -1; } +-#endif +- break; +-#endif +- case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: +- /* fall-through */ +- case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: +-#ifdef OPENSSL_SYS_WINDOWS +- if ( data->_errno == WSAETIMEDOUT) +-#else +- if ( data->_errno == EAGAIN) +-#endif +- { +- ret = 1; +- data->_errno = 0; +- } +- else +- ret = 0; +- break; +-#ifdef EMSGSIZE +- case BIO_CTRL_DGRAM_MTU_EXCEEDED: +- if ( data->_errno == EMSGSIZE) +- { +- ret = 1; +- data->_errno = 0; +- } +- else +- ret = 0; +- break; +-#endif +- default: +- ret=0; +- break; +- } +- return(ret); +- } ++ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: ++ memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); ++ break; ++# if defined(SO_RCVTIMEO) ++ case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: ++# ifdef OPENSSL_SYS_WINDOWS ++ { ++ struct timeval *tv = (struct timeval *)ptr; ++ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; ++ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ (void *)&timeout, sizeof(timeout)) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++ } ++# else ++ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, ++ sizeof(struct timeval)) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# endif ++ break; ++ case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: ++# ifdef OPENSSL_SYS_WINDOWS ++ { ++ int timeout, sz = sizeof(timeout); ++ struct timeval *tv = (struct timeval *)ptr; ++ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ (void *)&timeout, &sz) < 0) { ++ perror("getsockopt"); ++ ret = -1; ++ } else { ++ tv->tv_sec = timeout / 1000; ++ tv->tv_usec = (timeout % 1000) * 1000; ++ ret = sizeof(*tv); ++ } ++ } ++# else ++ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ++ ptr, (void *)&ret) < 0) { ++ perror("getsockopt"); ++ ret = -1; ++ } ++# endif ++ break; ++# endif ++# if defined(SO_SNDTIMEO) ++ case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: ++# ifdef OPENSSL_SYS_WINDOWS ++ { ++ struct timeval *tv = (struct timeval *)ptr; ++ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; ++ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ++ (void *)&timeout, sizeof(timeout)) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++ } ++# else ++ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, ++ sizeof(struct timeval)) < 0) { ++ perror("setsockopt"); ++ ret = -1; ++ } ++# endif ++ break; ++ case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: ++# ifdef OPENSSL_SYS_WINDOWS ++ { ++ int timeout, sz = sizeof(timeout); ++ struct timeval *tv = (struct timeval *)ptr; ++ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ++ (void *)&timeout, &sz) < 0) { ++ perror("getsockopt"); ++ ret = -1; ++ } else { ++ tv->tv_sec = timeout / 1000; ++ tv->tv_usec = (timeout % 1000) * 1000; ++ ret = sizeof(*tv); ++ } ++ } ++# else ++ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ++ ptr, (void *)&ret) < 0) { ++ perror("getsockopt"); ++ ret = -1; ++ } ++# endif ++ break; ++# endif ++ case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: ++ /* fall-through */ ++ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: ++# ifdef OPENSSL_SYS_WINDOWS ++ if (data->_errno == WSAETIMEDOUT) ++# else ++ if (data->_errno == EAGAIN) ++# endif ++ { ++ ret = 1; ++ data->_errno = 0; ++ } else ++ ret = 0; ++ break; ++# ifdef EMSGSIZE ++ case BIO_CTRL_DGRAM_MTU_EXCEEDED: ++ if (data->_errno == EMSGSIZE) { ++ ret = 1; ++ data->_errno = 0; ++ } else ++ ret = 0; ++ break; ++# endif ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} + + static int dgram_puts(BIO *bp, const char *str) +- { +- int n,ret; ++{ ++ int n, ret; + +- n=strlen(str); +- ret=dgram_write(bp,str,n); +- return(ret); +- } ++ n = strlen(str); ++ ret = dgram_write(bp, str, n); ++ return (ret); ++} + + static int BIO_dgram_should_retry(int i) +- { +- int err; +- +- if ((i == 0) || (i == -1)) +- { +- err=get_last_socket_error(); +- +-#if defined(OPENSSL_SYS_WINDOWS) +- /* If the socket return value (i) is -1 +- * and err is unexpectedly 0 at this point, +- * the error code was overwritten by +- * another system call before this error +- * handling is called. +- */ +-#endif ++{ ++ int err; ++ ++ if ((i == 0) || (i == -1)) { ++ err = get_last_socket_error(); ++ ++# if defined(OPENSSL_SYS_WINDOWS) ++ /* ++ * If the socket return value (i) is -1 and err is unexpectedly 0 at ++ * this point, the error code was overwritten by another system call ++ * before this error handling is called. ++ */ ++# endif + +- return(BIO_dgram_non_fatal_error(err)); +- } +- return(0); +- } ++ return (BIO_dgram_non_fatal_error(err)); ++ } ++ return (0); ++} + + int BIO_dgram_non_fatal_error(int err) +- { +- switch (err) +- { +-#if defined(OPENSSL_SYS_WINDOWS) +-# if defined(WSAEWOULDBLOCK) +- case WSAEWOULDBLOCK: +-# endif ++{ ++ switch (err) { ++# if defined(OPENSSL_SYS_WINDOWS) ++# if defined(WSAEWOULDBLOCK) ++ case WSAEWOULDBLOCK: ++# endif + +-# if 0 /* This appears to always be an error */ +-# if defined(WSAENOTCONN) +- case WSAENOTCONN: ++# if 0 /* This appears to always be an error */ ++# if defined(WSAENOTCONN) ++ case WSAENOTCONN: ++# endif + # endif + # endif +-#endif + +-#ifdef EWOULDBLOCK +-# ifdef WSAEWOULDBLOCK +-# if WSAEWOULDBLOCK != EWOULDBLOCK +- case EWOULDBLOCK: ++# ifdef EWOULDBLOCK ++# ifdef WSAEWOULDBLOCK ++# if WSAEWOULDBLOCK != EWOULDBLOCK ++ case EWOULDBLOCK: ++# endif ++# else ++ case EWOULDBLOCK: + # endif +-# else +- case EWOULDBLOCK: + # endif +-#endif + +-#ifdef EINTR +- case EINTR: +-#endif ++# ifdef EINTR ++ case EINTR: ++# endif + +-#ifdef EAGAIN +-#if EWOULDBLOCK != EAGAIN +- case EAGAIN: ++# ifdef EAGAIN ++# if EWOULDBLOCK != EAGAIN ++ case EAGAIN: ++# endif + # endif +-#endif + +-#ifdef EPROTO +- case EPROTO: +-#endif ++# ifdef EPROTO ++ case EPROTO: ++# endif + +-#ifdef EINPROGRESS +- case EINPROGRESS: +-#endif ++# ifdef EINPROGRESS ++ case EINPROGRESS: ++# endif + +-#ifdef EALREADY +- case EALREADY: +-#endif ++# ifdef EALREADY ++ case EALREADY: ++# endif + +- return(1); +- /* break; */ +- default: +- break; +- } +- return(0); +- } ++ return (1); ++ /* break; */ ++ default: ++ break; ++ } ++ return (0); ++} + + static void get_current_time(struct timeval *t) +- { +-#ifdef OPENSSL_SYS_WIN32 +- struct _timeb tb; +- _ftime(&tb); +- t->tv_sec = (long)tb.time; +- t->tv_usec = (long)tb.millitm * 1000; +-#elif defined(OPENSSL_SYS_VMS) +- struct timeb tb; +- ftime(&tb); +- t->tv_sec = (long)tb.time; +- t->tv_usec = (long)tb.millitm * 1000; +-#else +- gettimeofday(t, NULL); +-#endif +- } ++{ ++# ifdef OPENSSL_SYS_WIN32 ++ struct _timeb tb; ++ _ftime(&tb); ++ t->tv_sec = (long)tb.time; ++ t->tv_usec = (long)tb.millitm * 1000; ++# elif defined(OPENSSL_SYS_VMS) ++ struct timeb tb; ++ ftime(&tb); ++ t->tv_sec = (long)tb.time; ++ t->tv_usec = (long)tb.millitm * 1000; ++# else ++ gettimeofday(t, NULL); ++# endif ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +index 4c229bf..ad554df 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -82,213 +82,206 @@ static int fd_new(BIO *h); + static int fd_free(BIO *data); + int BIO_fd_should_retry(int s); + +-static BIO_METHOD methods_fdp= +- { +- BIO_TYPE_FD,"file descriptor", +- fd_write, +- fd_read, +- fd_puts, +- NULL, /* fd_gets, */ +- fd_ctrl, +- fd_new, +- fd_free, +- NULL, +- }; ++static BIO_METHOD methods_fdp = { ++ BIO_TYPE_FD, "file descriptor", ++ fd_write, ++ fd_read, ++ fd_puts, ++ NULL, /* fd_gets, */ ++ fd_ctrl, ++ fd_new, ++ fd_free, ++ NULL, ++}; + + BIO_METHOD *BIO_s_fd(void) +- { +- return(&methods_fdp); +- } ++{ ++ return (&methods_fdp); ++} + +-BIO *BIO_new_fd(int fd,int close_flag) +- { +- BIO *ret; +- ret=BIO_new(BIO_s_fd()); +- if (ret == NULL) return(NULL); +- BIO_set_fd(ret,fd,close_flag); +- return(ret); +- } ++BIO *BIO_new_fd(int fd, int close_flag) ++{ ++ BIO *ret; ++ ret = BIO_new(BIO_s_fd()); ++ if (ret == NULL) ++ return (NULL); ++ BIO_set_fd(ret, fd, close_flag); ++ return (ret); ++} + + static int fd_new(BIO *bi) +- { +- bi->init=0; +- bi->num=-1; +- bi->ptr=NULL; +- bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */ +- return(1); +- } ++{ ++ bi->init = 0; ++ bi->num = -1; ++ bi->ptr = NULL; ++ bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */ ++ return (1); ++} + + static int fd_free(BIO *a) +- { +- if (a == NULL) return(0); +- if (a->shutdown) +- { +- if (a->init) +- { +- UP_close(a->num); +- } +- a->init=0; +- a->flags=BIO_FLAGS_UPLINK; +- } +- return(1); +- } +- +-static int fd_read(BIO *b, char *out,int outl) +- { +- int ret=0; ++{ ++ if (a == NULL) ++ return (0); ++ if (a->shutdown) { ++ if (a->init) { ++ UP_close(a->num); ++ } ++ a->init = 0; ++ a->flags = BIO_FLAGS_UPLINK; ++ } ++ return (1); ++} ++ ++static int fd_read(BIO *b, char *out, int outl) ++{ ++ int ret = 0; + +- if (out != NULL) +- { +- clear_sys_error(); +- ret=UP_read(b->num,out,outl); +- BIO_clear_retry_flags(b); +- if (ret <= 0) +- { +- if (BIO_fd_should_retry(ret)) +- BIO_set_retry_read(b); +- } +- } +- return(ret); +- } ++ if (out != NULL) { ++ clear_sys_error(); ++ ret = UP_read(b->num, out, outl); ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_fd_should_retry(ret)) ++ BIO_set_retry_read(b); ++ } ++ } ++ return (ret); ++} + + static int fd_write(BIO *b, const char *in, int inl) +- { +- int ret; +- clear_sys_error(); +- ret=UP_write(b->num,in,inl); +- BIO_clear_retry_flags(b); +- if (ret <= 0) +- { +- if (BIO_fd_should_retry(ret)) +- BIO_set_retry_write(b); +- } +- return(ret); +- } ++{ ++ int ret; ++ clear_sys_error(); ++ ret = UP_write(b->num, in, inl); ++ BIO_clear_retry_flags(b); ++ if (ret <= 0) { ++ if (BIO_fd_should_retry(ret)) ++ BIO_set_retry_write(b); ++ } ++ return (ret); ++} + + static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret=1; +- int *ip; ++{ ++ long ret = 1; ++ int *ip; + +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- num=0; +- case BIO_C_FILE_SEEK: +- ret=(long)UP_lseek(b->num,num,0); +- break; +- case BIO_C_FILE_TELL: +- case BIO_CTRL_INFO: +- ret=(long)UP_lseek(b->num,0,1); +- break; +- case BIO_C_SET_FD: +- fd_free(b); +- b->num= *((int *)ptr); +- b->shutdown=(int)num; +- b->init=1; +- break; +- case BIO_C_GET_FD: +- if (b->init) +- { +- ip=(int *)ptr; +- if (ip != NULL) *ip=b->num; +- ret=b->num; +- } +- else +- ret= -1; +- break; +- case BIO_CTRL_GET_CLOSE: +- ret=b->shutdown; +- break; +- case BIO_CTRL_SET_CLOSE: +- b->shutdown=(int)num; +- break; +- case BIO_CTRL_PENDING: +- case BIO_CTRL_WPENDING: +- ret=0; +- break; +- case BIO_CTRL_DUP: +- case BIO_CTRL_FLUSH: +- ret=1; +- break; +- default: +- ret=0; +- break; +- } +- return(ret); +- } ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ num = 0; ++ case BIO_C_FILE_SEEK: ++ ret = (long)UP_lseek(b->num, num, 0); ++ break; ++ case BIO_C_FILE_TELL: ++ case BIO_CTRL_INFO: ++ ret = (long)UP_lseek(b->num, 0, 1); ++ break; ++ case BIO_C_SET_FD: ++ fd_free(b); ++ b->num = *((int *)ptr); ++ b->shutdown = (int)num; ++ b->init = 1; ++ break; ++ case BIO_C_GET_FD: ++ if (b->init) { ++ ip = (int *)ptr; ++ if (ip != NULL) ++ *ip = b->num; ++ ret = b->num; ++ } else ++ ret = -1; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; ++ case BIO_CTRL_PENDING: ++ case BIO_CTRL_WPENDING: ++ ret = 0; ++ break; ++ case BIO_CTRL_DUP: ++ case BIO_CTRL_FLUSH: ++ ret = 1; ++ break; ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} + + static int fd_puts(BIO *bp, const char *str) +- { +- int n,ret; ++{ ++ int n, ret; + +- n=strlen(str); +- ret=fd_write(bp,str,n); +- return(ret); +- } ++ n = strlen(str); ++ ret = fd_write(bp, str, n); ++ return (ret); ++} + + int BIO_fd_should_retry(int i) +- { +- int err; ++{ ++ int err; + +- if ((i == 0) || (i == -1)) +- { +- err=get_last_sys_error(); ++ if ((i == 0) || (i == -1)) { ++ err = get_last_sys_error(); + +-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ +- if ((i == -1) && (err == 0)) +- return(1); ++#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps ++ * not? Ben 4/1/99 */ ++ if ((i == -1) && (err == 0)) ++ return (1); + #endif + +- return(BIO_fd_non_fatal_error(err)); +- } +- return(0); +- } ++ return (BIO_fd_non_fatal_error(err)); ++ } ++ return (0); ++} + + int BIO_fd_non_fatal_error(int err) +- { +- switch (err) +- { ++{ ++ switch (err) { + + #ifdef EWOULDBLOCK + # ifdef WSAEWOULDBLOCK + # if WSAEWOULDBLOCK != EWOULDBLOCK +- case EWOULDBLOCK: ++ case EWOULDBLOCK: + # endif + # else +- case EWOULDBLOCK: ++ case EWOULDBLOCK: + # endif + #endif + + #if defined(ENOTCONN) +- case ENOTCONN: ++ case ENOTCONN: + #endif + + #ifdef EINTR +- case EINTR: ++ case EINTR: + #endif + + #ifdef EAGAIN +-#if EWOULDBLOCK != EAGAIN +- case EAGAIN: ++# if EWOULDBLOCK != EAGAIN ++ case EAGAIN: + # endif + #endif + + #ifdef EPROTO +- case EPROTO: ++ case EPROTO: + #endif + + #ifdef EINPROGRESS +- case EINPROGRESS: ++ case EINPROGRESS: + #endif + + #ifdef EALREADY +- case EALREADY: ++ case EALREADY: + #endif +- return(1); +- /* break; */ +- default: +- break; +- } +- return(0); +- } ++ return (1); ++ /* break; */ ++ default: ++ break; ++ } ++ return (0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +index 3f553a6..81e5b94 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,51 +49,51 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* +- * 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout +- * with binary data (e.g. asn1parse -inform DER < xxx) under +- * Windows ++/*- ++ * 03-Dec-1997 rdenny@dc3.com Fix bug preventing use of stdin/stdout ++ * with binary data (e.g. asn1parse -inform DER < xxx) under ++ * Windows + */ + + #ifndef HEADER_BSS_FILE_C +-#define HEADER_BSS_FILE_C +- +-#if defined(__linux) || defined(__sun) || defined(__hpux) +-/* Following definition aliases fopen to fopen64 on above mentioned +- * platforms. This makes it possible to open and sequentially access +- * files larger than 2GB from 32-bit application. It does not allow to +- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no* +- * 32-bit platform permits that, not with fseek/ftell. Not to mention +- * that breaking 2GB limit for seeking would require surgery to *our* +- * API. But sequential access suffices for practical cases when you +- * can run into large files, such as fingerprinting, so we can let API +- * alone. For reference, the list of 32-bit platforms which allow for +- * sequential access of large files without extra "magic" comprise *BSD, +- * Darwin, IRIX... ++# define HEADER_BSS_FILE_C ++ ++# if defined(__linux) || defined(__sun) || defined(__hpux) ++/* ++ * Following definition aliases fopen to fopen64 on above mentioned ++ * platforms. This makes it possible to open and sequentially access files ++ * larger than 2GB from 32-bit application. It does not allow to traverse ++ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit ++ * platform permits that, not with fseek/ftell. Not to mention that breaking ++ * 2GB limit for seeking would require surgery to *our* API. But sequential ++ * access suffices for practical cases when you can run into large files, ++ * such as fingerprinting, so we can let API alone. For reference, the list ++ * of 32-bit platforms which allow for sequential access of large files ++ * without extra "magic" comprise *BSD, Darwin, IRIX... + */ +-#ifndef _FILE_OFFSET_BITS +-#define _FILE_OFFSET_BITS 64 +-#endif +-#endif ++# ifndef _FILE_OFFSET_BITS ++# define _FILE_OFFSET_BITS 64 ++# endif ++# endif + +-#include +-#include +-#include "cryptlib.h" +-#include "bio_lcl.h" +-#include ++# include ++# include ++# include "cryptlib.h" ++# include "bio_lcl.h" ++# include + +-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +-#include +-#endif ++# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) ++# include ++# endif + +-#if !defined(OPENSSL_NO_STDIO) ++# if !defined(OPENSSL_NO_STDIO) + + static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); + static int MS_CALLBACK file_read(BIO *h, char *buf, int size); +@@ -102,351 +102,339 @@ static int MS_CALLBACK file_gets(BIO *h, char *str, int size); + static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int MS_CALLBACK file_new(BIO *h); + static int MS_CALLBACK file_free(BIO *data); +-static BIO_METHOD methods_filep= +- { +- BIO_TYPE_FILE, +- "FILE pointer", +- file_write, +- file_read, +- file_puts, +- file_gets, +- file_ctrl, +- file_new, +- file_free, +- NULL, +- }; ++static BIO_METHOD methods_filep = { ++ BIO_TYPE_FILE, ++ "FILE pointer", ++ file_write, ++ file_read, ++ file_puts, ++ file_gets, ++ file_ctrl, ++ file_new, ++ file_free, ++ NULL, ++}; + + BIO *BIO_new_file(const char *filename, const char *mode) +- { +- BIO *ret; +- FILE *file; +- +- if ((file=fopen(filename,mode)) == NULL) +- { +- SYSerr(SYS_F_FOPEN,get_last_sys_error()); +- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); +- if (errno == ENOENT) +- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE); +- else +- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); +- return(NULL); +- } +- if ((ret=BIO_new(BIO_s_file_internal())) == NULL) +- { +- fclose(file); +- return(NULL); +- } +- +- BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ +- BIO_set_fp(ret,file,BIO_CLOSE); +- return(ret); +- } ++{ ++ BIO *ret; ++ FILE *file; ++ ++ if ((file = fopen(filename, mode)) == NULL) { ++ SYSerr(SYS_F_FOPEN, get_last_sys_error()); ++ ERR_add_error_data(5, "fopen('", filename, "','", mode, "')"); ++ if (errno == ENOENT) ++ BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE); ++ else ++ BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB); ++ return (NULL); ++ } ++ if ((ret = BIO_new(BIO_s_file_internal())) == NULL) { ++ fclose(file); ++ return (NULL); ++ } ++ ++ BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage ++ * UPLINK */ ++ BIO_set_fp(ret, file, BIO_CLOSE); ++ return (ret); ++} + + BIO *BIO_new_fp(FILE *stream, int close_flag) +- { +- BIO *ret; ++{ ++ BIO *ret; + +- if ((ret=BIO_new(BIO_s_file())) == NULL) +- return(NULL); ++ if ((ret = BIO_new(BIO_s_file())) == NULL) ++ return (NULL); + +- BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */ +- BIO_set_fp(ret,stream,close_flag); +- return(ret); +- } ++ BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for ++ * documentation puposes */ ++ BIO_set_fp(ret, stream, close_flag); ++ return (ret); ++} + + BIO_METHOD *BIO_s_file(void) +- { +- return(&methods_filep); +- } ++{ ++ return (&methods_filep); ++} + + static int MS_CALLBACK file_new(BIO *bi) +- { +- bi->init=0; +- bi->num=0; +- bi->ptr=NULL; +- bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */ +- return(1); +- } ++{ ++ bi->init = 0; ++ bi->num = 0; ++ bi->ptr = NULL; ++ bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */ ++ return (1); ++} + + static int MS_CALLBACK file_free(BIO *a) +- { +- if (a == NULL) return(0); +- if (a->shutdown) +- { +- if ((a->init) && (a->ptr != NULL)) +- { +- if (a->flags&BIO_FLAGS_UPLINK) +- UP_fclose (a->ptr); +- else +- fclose (a->ptr); +- a->ptr=NULL; +- a->flags=BIO_FLAGS_UPLINK; +- } +- a->init=0; +- } +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ if (a->shutdown) { ++ if ((a->init) && (a->ptr != NULL)) { ++ if (a->flags & BIO_FLAGS_UPLINK) ++ UP_fclose(a->ptr); ++ else ++ fclose(a->ptr); ++ a->ptr = NULL; ++ a->flags = BIO_FLAGS_UPLINK; ++ } ++ a->init = 0; ++ } ++ return (1); ++} ++ + static int MS_CALLBACK file_read(BIO *b, char *out, int outl) +- { +- int ret=0; +- +- if (b->init && (out != NULL)) +- { +- if (b->flags&BIO_FLAGS_UPLINK) +- ret=UP_fread(out,1,(int)outl,b->ptr); +- else +- ret=fread(out,1,(int)outl,(FILE *)b->ptr); +- if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr)) +- { +- SYSerr(SYS_F_FREAD,get_last_sys_error()); +- BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB); +- ret=-1; +- } +- } +- return(ret); +- } ++{ ++ int ret = 0; ++ ++ if (b->init && (out != NULL)) { ++ if (b->flags & BIO_FLAGS_UPLINK) ++ ret = UP_fread(out, 1, (int)outl, b->ptr); ++ else ++ ret = fread(out, 1, (int)outl, (FILE *)b->ptr); ++ if (ret == 0 ++ && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : ++ ferror((FILE *)b->ptr)) { ++ SYSerr(SYS_F_FREAD, get_last_sys_error()); ++ BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); ++ ret = -1; ++ } ++ } ++ return (ret); ++} + + static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) +- { +- int ret=0; +- +- if (b->init && (in != NULL)) +- { +- if (b->flags&BIO_FLAGS_UPLINK) +- ret=UP_fwrite(in,(int)inl,1,b->ptr); +- else +- ret=fwrite(in,(int)inl,1,(FILE *)b->ptr); +- if (ret) +- ret=inl; +- /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ +- /* according to Tim Hudson , the commented +- * out version above can cause 'inl' write calls under +- * some stupid stdio implementations (VMS) */ +- } +- return(ret); +- } ++{ ++ int ret = 0; ++ ++ if (b->init && (in != NULL)) { ++ if (b->flags & BIO_FLAGS_UPLINK) ++ ret = UP_fwrite(in, (int)inl, 1, b->ptr); ++ else ++ ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr); ++ if (ret) ++ ret = inl; ++ /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ ++ /* ++ * according to Tim Hudson , the commented out ++ * version above can cause 'inl' write calls under some stupid stdio ++ * implementations (VMS) ++ */ ++ } ++ return (ret); ++} + + static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret=1; +- FILE *fp=(FILE *)b->ptr; +- FILE **fpp; +- char p[4]; +- +- switch (cmd) +- { +- case BIO_C_FILE_SEEK: +- case BIO_CTRL_RESET: +- if (b->flags&BIO_FLAGS_UPLINK) +- ret=(long)UP_fseek(b->ptr,num,0); +- else +- ret=(long)fseek(fp,num,0); +- break; +- case BIO_CTRL_EOF: +- if (b->flags&BIO_FLAGS_UPLINK) +- ret=(long)UP_feof(fp); +- else +- ret=(long)feof(fp); +- break; +- case BIO_C_FILE_TELL: +- case BIO_CTRL_INFO: +- if (b->flags&BIO_FLAGS_UPLINK) +- ret=UP_ftell(b->ptr); +- else +- ret=ftell(fp); +- break; +- case BIO_C_SET_FILE_PTR: +- file_free(b); +- b->shutdown=(int)num&BIO_CLOSE; +- b->ptr=ptr; +- b->init=1; +-#if BIO_FLAGS_UPLINK!=0 +-#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) +-#define _IOB_ENTRIES 20 +-#endif +-#if defined(_IOB_ENTRIES) +- /* Safety net to catch purely internal BIO_set_fp calls */ +- if ((size_t)ptr >= (size_t)stdin && +- (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES)) +- BIO_clear_flags(b,BIO_FLAGS_UPLINK); +-#endif +-#endif +-#ifdef UP_fsetmod +- if (b->flags&BIO_FLAGS_UPLINK) +- UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b')); +- else +-#endif +- { +-#if defined(OPENSSL_SYS_WINDOWS) +- int fd = _fileno((FILE*)ptr); +- if (num & BIO_FP_TEXT) +- _setmode(fd,_O_TEXT); +- else +- _setmode(fd,_O_BINARY); +-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) +- int fd = fileno((FILE*)ptr); +- /* Under CLib there are differences in file modes +- */ +- if (num & BIO_FP_TEXT) +- setmode(fd,O_TEXT); +- else +- setmode(fd,O_BINARY); +-#elif defined(OPENSSL_SYS_MSDOS) +- int fd = fileno((FILE*)ptr); +- /* Set correct text/binary mode */ +- if (num & BIO_FP_TEXT) +- _setmode(fd,_O_TEXT); +- /* Dangerous to set stdin/stdout to raw (unless redirected) */ +- else +- { +- if (fd == STDIN_FILENO || fd == STDOUT_FILENO) +- { +- if (isatty(fd) <= 0) +- _setmode(fd,_O_BINARY); +- } +- else +- _setmode(fd,_O_BINARY); +- } +-#elif defined(OPENSSL_SYS_OS2) +- int fd = fileno((FILE*)ptr); +- if (num & BIO_FP_TEXT) +- setmode(fd, O_TEXT); +- else +- setmode(fd, O_BINARY); +-#endif +- } +- break; +- case BIO_C_SET_FILENAME: +- file_free(b); +- b->shutdown=(int)num&BIO_CLOSE; +- if (num & BIO_FP_APPEND) +- { +- if (num & BIO_FP_READ) +- BUF_strlcpy(p,"a+",sizeof p); +- else BUF_strlcpy(p,"a",sizeof p); +- } +- else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) +- BUF_strlcpy(p,"r+",sizeof p); +- else if (num & BIO_FP_WRITE) +- BUF_strlcpy(p,"w",sizeof p); +- else if (num & BIO_FP_READ) +- BUF_strlcpy(p,"r",sizeof p); +- else +- { +- BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); +- ret=0; +- break; +- } +-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) +- if (!(num & BIO_FP_TEXT)) +- strcat(p,"b"); +- else +- strcat(p,"t"); +-#endif +-#if defined(OPENSSL_SYS_NETWARE) +- if (!(num & BIO_FP_TEXT)) +- strcat(p,"b"); +- else +- strcat(p,"t"); +-#endif +- fp=fopen(ptr,p); +- if (fp == NULL) +- { +- SYSerr(SYS_F_FOPEN,get_last_sys_error()); +- ERR_add_error_data(5,"fopen('",ptr,"','",p,"')"); +- BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB); +- ret=0; +- break; +- } +- b->ptr=fp; +- b->init=1; +- BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */ +- break; +- case BIO_C_GET_FILE_PTR: +- /* the ptr parameter is actually a FILE ** in this case. */ +- if (ptr != NULL) +- { +- fpp=(FILE **)ptr; +- *fpp=(FILE *)b->ptr; +- } +- break; +- case BIO_CTRL_GET_CLOSE: +- ret=(long)b->shutdown; +- break; +- case BIO_CTRL_SET_CLOSE: +- b->shutdown=(int)num; +- break; +- case BIO_CTRL_FLUSH: +- if (b->flags&BIO_FLAGS_UPLINK) +- UP_fflush(b->ptr); +- else +- fflush((FILE *)b->ptr); +- break; +- case BIO_CTRL_DUP: +- ret=1; +- break; +- +- case BIO_CTRL_WPENDING: +- case BIO_CTRL_PENDING: +- case BIO_CTRL_PUSH: +- case BIO_CTRL_POP: +- default: +- ret=0; +- break; +- } +- return(ret); +- } ++{ ++ long ret = 1; ++ FILE *fp = (FILE *)b->ptr; ++ FILE **fpp; ++ char p[4]; ++ ++ switch (cmd) { ++ case BIO_C_FILE_SEEK: ++ case BIO_CTRL_RESET: ++ if (b->flags & BIO_FLAGS_UPLINK) ++ ret = (long)UP_fseek(b->ptr, num, 0); ++ else ++ ret = (long)fseek(fp, num, 0); ++ break; ++ case BIO_CTRL_EOF: ++ if (b->flags & BIO_FLAGS_UPLINK) ++ ret = (long)UP_feof(fp); ++ else ++ ret = (long)feof(fp); ++ break; ++ case BIO_C_FILE_TELL: ++ case BIO_CTRL_INFO: ++ if (b->flags & BIO_FLAGS_UPLINK) ++ ret = UP_ftell(b->ptr); ++ else ++ ret = ftell(fp); ++ break; ++ case BIO_C_SET_FILE_PTR: ++ file_free(b); ++ b->shutdown = (int)num & BIO_CLOSE; ++ b->ptr = ptr; ++ b->init = 1; ++# if BIO_FLAGS_UPLINK!=0 ++# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) ++# define _IOB_ENTRIES 20 ++# endif ++# if defined(_IOB_ENTRIES) ++ /* Safety net to catch purely internal BIO_set_fp calls */ ++ if ((size_t)ptr >= (size_t)stdin && ++ (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) ++ BIO_clear_flags(b, BIO_FLAGS_UPLINK); ++# endif ++# endif ++# ifdef UP_fsetmod ++ if (b->flags & BIO_FLAGS_UPLINK) ++ UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); ++ else ++# endif ++ { ++# if defined(OPENSSL_SYS_WINDOWS) ++ int fd = _fileno((FILE *)ptr); ++ if (num & BIO_FP_TEXT) ++ _setmode(fd, _O_TEXT); ++ else ++ _setmode(fd, _O_BINARY); ++# elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) ++ int fd = fileno((FILE *)ptr); ++ /* ++ * Under CLib there are differences in file modes ++ */ ++ if (num & BIO_FP_TEXT) ++ setmode(fd, O_TEXT); ++ else ++ setmode(fd, O_BINARY); ++# elif defined(OPENSSL_SYS_MSDOS) ++ int fd = fileno((FILE *)ptr); ++ /* Set correct text/binary mode */ ++ if (num & BIO_FP_TEXT) ++ _setmode(fd, _O_TEXT); ++ /* Dangerous to set stdin/stdout to raw (unless redirected) */ ++ else { ++ if (fd == STDIN_FILENO || fd == STDOUT_FILENO) { ++ if (isatty(fd) <= 0) ++ _setmode(fd, _O_BINARY); ++ } else ++ _setmode(fd, _O_BINARY); ++ } ++# elif defined(OPENSSL_SYS_OS2) ++ int fd = fileno((FILE *)ptr); ++ if (num & BIO_FP_TEXT) ++ setmode(fd, O_TEXT); ++ else ++ setmode(fd, O_BINARY); ++# endif ++ } ++ break; ++ case BIO_C_SET_FILENAME: ++ file_free(b); ++ b->shutdown = (int)num & BIO_CLOSE; ++ if (num & BIO_FP_APPEND) { ++ if (num & BIO_FP_READ) ++ BUF_strlcpy(p, "a+", sizeof p); ++ else ++ BUF_strlcpy(p, "a", sizeof p); ++ } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) ++ BUF_strlcpy(p, "r+", sizeof p); ++ else if (num & BIO_FP_WRITE) ++ BUF_strlcpy(p, "w", sizeof p); ++ else if (num & BIO_FP_READ) ++ BUF_strlcpy(p, "r", sizeof p); ++ else { ++ BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); ++ ret = 0; ++ break; ++ } ++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) ++ if (!(num & BIO_FP_TEXT)) ++ strcat(p, "b"); ++ else ++ strcat(p, "t"); ++# endif ++# if defined(OPENSSL_SYS_NETWARE) ++ if (!(num & BIO_FP_TEXT)) ++ strcat(p, "b"); ++ else ++ strcat(p, "t"); ++# endif ++ fp = fopen(ptr, p); ++ if (fp == NULL) { ++ SYSerr(SYS_F_FOPEN, get_last_sys_error()); ++ ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); ++ BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB); ++ ret = 0; ++ break; ++ } ++ b->ptr = fp; ++ b->init = 1; ++ BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage ++ * UPLINK */ ++ break; ++ case BIO_C_GET_FILE_PTR: ++ /* the ptr parameter is actually a FILE ** in this case. */ ++ if (ptr != NULL) { ++ fpp = (FILE **)ptr; ++ *fpp = (FILE *)b->ptr; ++ } ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = (long)b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; ++ case BIO_CTRL_FLUSH: ++ if (b->flags & BIO_FLAGS_UPLINK) ++ UP_fflush(b->ptr); ++ else ++ fflush((FILE *)b->ptr); ++ break; ++ case BIO_CTRL_DUP: ++ ret = 1; ++ break; ++ ++ case BIO_CTRL_WPENDING: ++ case BIO_CTRL_PENDING: ++ case BIO_CTRL_PUSH: ++ case BIO_CTRL_POP: ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} + + static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) +- { +- int ret=0; +- +- buf[0]='\0'; +- if (bp->flags&BIO_FLAGS_UPLINK) +- { +- if (!UP_fgets(buf,size,bp->ptr)) +- goto err; +- } +- else +- { +- if (!fgets(buf,size,(FILE *)bp->ptr)) +- goto err; +- } +- if (buf[0] != '\0') +- ret=strlen(buf); +- err: +- return(ret); +- } ++{ ++ int ret = 0; ++ ++ buf[0] = '\0'; ++ if (bp->flags & BIO_FLAGS_UPLINK) { ++ if (!UP_fgets(buf, size, bp->ptr)) ++ goto err; ++ } else { ++ if (!fgets(buf, size, (FILE *)bp->ptr)) ++ goto err; ++ } ++ if (buf[0] != '\0') ++ ret = strlen(buf); ++ err: ++ return (ret); ++} + + static int MS_CALLBACK file_puts(BIO *bp, const char *str) +- { +- int n,ret; ++{ ++ int n, ret; + +- n=strlen(str); +- ret=file_write(bp,str,n); +- return(ret); +- } ++ n = strlen(str); ++ ret = file_write(bp, str, n); ++ return (ret); ++} + + #else + + BIO_METHOD *BIO_s_file(void) +- { +- return NULL; +- } ++{ ++ return NULL; ++} + + BIO *BIO_new_file(const char *filename, const char *mode) +- { +- return NULL; +- } ++{ ++ return NULL; ++} + + BIO *BIO_new_fp(FILE *stream, int close_flag) +- { +- return NULL; +- } +- +-#endif /* OPENSSL_NO_STDIO */ +- +-#endif /* HEADER_BSS_FILE_C */ ++{ ++ return NULL; ++} + ++# endif /* OPENSSL_NO_STDIO */ + ++#endif /* HEADER_BSS_FILE_C */ +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +index 6360dbc..679d205 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,14 +54,13 @@ + */ + + /* +- Why BIO_s_log? +- +- BIO_s_log is useful for system daemons (or services under NT). +- It is one-way BIO, it sends all stuff to syslogd (on system that +- commonly use that), or event log (on NT), or OPCOM (on OpenVMS). +- +-*/ +- ++ * Why BIO_s_log? ++ * ++ * BIO_s_log is useful for system daemons (or services under NT). It is ++ * one-way BIO, it sends all stuff to syslogd (on system that commonly use ++ * that), or event log (on NT), or OPCOM (on OpenVMS). ++ * ++ */ + + #include + #include +@@ -70,18 +69,18 @@ + + #if defined(OPENSSL_SYS_WINCE) + #elif defined(OPENSSL_SYS_WIN32) +-# include ++# include + #elif defined(OPENSSL_SYS_VMS) +-# include +-# include +-# include +-# include ++# include ++# include ++# include ++# include + #elif defined(__ultrix) +-# include ++# include + #elif defined(OPENSSL_SYS_NETWARE) +-# define NO_SYSLOG ++# define NO_SYSLOG + #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) +-# include ++# include + #endif + + #include +@@ -89,314 +88,365 @@ + + #ifndef NO_SYSLOG + +-#if defined(OPENSSL_SYS_WIN32) +-#define LOG_EMERG 0 +-#define LOG_ALERT 1 +-#define LOG_CRIT 2 +-#define LOG_ERR 3 +-#define LOG_WARNING 4 +-#define LOG_NOTICE 5 +-#define LOG_INFO 6 +-#define LOG_DEBUG 7 +- +-#define LOG_DAEMON (3<<3) +-#elif defined(OPENSSL_SYS_VMS) ++# if defined(OPENSSL_SYS_WIN32) ++# define LOG_EMERG 0 ++# define LOG_ALERT 1 ++# define LOG_CRIT 2 ++# define LOG_ERR 3 ++# define LOG_WARNING 4 ++# define LOG_NOTICE 5 ++# define LOG_INFO 6 ++# define LOG_DEBUG 7 ++ ++# define LOG_DAEMON (3<<3) ++# elif defined(OPENSSL_SYS_VMS) + /* On VMS, we don't really care about these, but we need them to compile */ +-#define LOG_EMERG 0 +-#define LOG_ALERT 1 +-#define LOG_CRIT 2 +-#define LOG_ERR 3 +-#define LOG_WARNING 4 +-#define LOG_NOTICE 5 +-#define LOG_INFO 6 +-#define LOG_DEBUG 7 +- +-#define LOG_DAEMON OPC$M_NM_NTWORK +-#endif ++# define LOG_EMERG 0 ++# define LOG_ALERT 1 ++# define LOG_CRIT 2 ++# define LOG_ERR 3 ++# define LOG_WARNING 4 ++# define LOG_NOTICE 5 ++# define LOG_INFO 6 ++# define LOG_DEBUG 7 ++ ++# define LOG_DAEMON OPC$M_NM_NTWORK ++# endif + + static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); + static int MS_CALLBACK slg_puts(BIO *h, const char *str); + static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int MS_CALLBACK slg_new(BIO *h); + static int MS_CALLBACK slg_free(BIO *data); +-static void xopenlog(BIO* bp, char* name, int level); +-static void xsyslog(BIO* bp, int priority, const char* string); +-static void xcloselog(BIO* bp); +-#ifdef OPENSSL_SYS_WIN32 +-LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx; +-HANDLE (WINAPI *register_event_source)() = NULL; +-BOOL (WINAPI *deregister_event_source)() = NULL; +-BOOL (WINAPI *report_event)() = NULL; +-#define DL_PROC(m,f) (GetProcAddress( m, f )) +-#ifdef UNICODE +-#define DL_PROC_X(m,f) DL_PROC( m, f "W" ) +-#else +-#define DL_PROC_X(m,f) DL_PROC( m, f "A" ) +-#endif +-#endif +- +-static BIO_METHOD methods_slg= +- { +- BIO_TYPE_MEM,"syslog", +- slg_write, +- NULL, +- slg_puts, +- NULL, +- slg_ctrl, +- slg_new, +- slg_free, +- NULL, +- }; ++static void xopenlog(BIO *bp, char *name, int level); ++static void xsyslog(BIO *bp, int priority, const char *string); ++static void xcloselog(BIO *bp); ++# ifdef OPENSSL_SYS_WIN32 ++LONG(WINAPI *go_for_advapi) () = RegOpenKeyEx; ++HANDLE(WINAPI *register_event_source) () = NULL; ++BOOL(WINAPI *deregister_event_source) () = NULL; ++BOOL(WINAPI *report_event) () = NULL; ++# define DL_PROC(m,f) (GetProcAddress( m, f )) ++# ifdef UNICODE ++# define DL_PROC_X(m,f) DL_PROC( m, f "W" ) ++# else ++# define DL_PROC_X(m,f) DL_PROC( m, f "A" ) ++# endif ++# endif ++ ++static BIO_METHOD methods_slg = { ++ BIO_TYPE_MEM, "syslog", ++ slg_write, ++ NULL, ++ slg_puts, ++ NULL, ++ slg_ctrl, ++ slg_new, ++ slg_free, ++ NULL, ++}; + + BIO_METHOD *BIO_s_log(void) +- { +- return(&methods_slg); +- } ++{ ++ return (&methods_slg); ++} + + static int MS_CALLBACK slg_new(BIO *bi) +- { +- bi->init=1; +- bi->num=0; +- bi->ptr=NULL; +- xopenlog(bi, "application", LOG_DAEMON); +- return(1); +- } ++{ ++ bi->init = 1; ++ bi->num = 0; ++ bi->ptr = NULL; ++ xopenlog(bi, "application", LOG_DAEMON); ++ return (1); ++} + + static int MS_CALLBACK slg_free(BIO *a) +- { +- if (a == NULL) return(0); +- xcloselog(a); +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ xcloselog(a); ++ return (1); ++} ++ + static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) +- { +- int ret= inl; +- char* buf; +- char* pp; +- int priority, i; +- static struct +- { +- int strl; +- char str[10]; +- int log_level; +- } +- mapping[] = +- { +- { 6, "PANIC ", LOG_EMERG }, +- { 6, "EMERG ", LOG_EMERG }, +- { 4, "EMR ", LOG_EMERG }, +- { 6, "ALERT ", LOG_ALERT }, +- { 4, "ALR ", LOG_ALERT }, +- { 5, "CRIT ", LOG_CRIT }, +- { 4, "CRI ", LOG_CRIT }, +- { 6, "ERROR ", LOG_ERR }, +- { 4, "ERR ", LOG_ERR }, +- { 8, "WARNING ", LOG_WARNING }, +- { 5, "WARN ", LOG_WARNING }, +- { 4, "WAR ", LOG_WARNING }, +- { 7, "NOTICE ", LOG_NOTICE }, +- { 5, "NOTE ", LOG_NOTICE }, +- { 4, "NOT ", LOG_NOTICE }, +- { 5, "INFO ", LOG_INFO }, +- { 4, "INF ", LOG_INFO }, +- { 6, "DEBUG ", LOG_DEBUG }, +- { 4, "DBG ", LOG_DEBUG }, +- { 0, "", LOG_ERR } /* The default */ +- }; +- +- if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){ +- return(0); +- } +- strncpy(buf, in, inl); +- buf[inl]= '\0'; +- +- i = 0; +- while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++; +- priority = mapping[i].log_level; +- pp = buf + mapping[i].strl; +- +- xsyslog(b, priority, pp); +- +- OPENSSL_free(buf); +- return(ret); +- } ++{ ++ int ret = inl; ++ char *buf; ++ char *pp; ++ int priority, i; ++ static struct { ++ int strl; ++ char str[10]; ++ int log_level; ++ } mapping[] = { ++ { ++ 6, "PANIC ", LOG_EMERG ++ }, ++ { ++ 6, "EMERG ", LOG_EMERG ++ }, ++ { ++ 4, "EMR ", LOG_EMERG ++ }, ++ { ++ 6, "ALERT ", LOG_ALERT ++ }, ++ { ++ 4, "ALR ", LOG_ALERT ++ }, ++ { ++ 5, "CRIT ", LOG_CRIT ++ }, ++ { ++ 4, "CRI ", LOG_CRIT ++ }, ++ { ++ 6, "ERROR ", LOG_ERR ++ }, ++ { ++ 4, "ERR ", LOG_ERR ++ }, ++ { ++ 8, "WARNING ", LOG_WARNING ++ }, ++ { ++ 5, "WARN ", LOG_WARNING ++ }, ++ { ++ 4, "WAR ", LOG_WARNING ++ }, ++ { ++ 7, "NOTICE ", LOG_NOTICE ++ }, ++ { ++ 5, "NOTE ", LOG_NOTICE ++ }, ++ { ++ 4, "NOT ", LOG_NOTICE ++ }, ++ { ++ 5, "INFO ", LOG_INFO ++ }, ++ { ++ 4, "INF ", LOG_INFO ++ }, ++ { ++ 6, "DEBUG ", LOG_DEBUG ++ }, ++ { ++ 4, "DBG ", LOG_DEBUG ++ }, ++ { ++ 0, "", LOG_ERR ++ } ++ /* The default */ ++ }; ++ ++ if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { ++ return (0); ++ } ++ strncpy(buf, in, inl); ++ buf[inl] = '\0'; ++ ++ i = 0; ++ while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0) ++ i++; ++ priority = mapping[i].log_level; ++ pp = buf + mapping[i].strl; ++ ++ xsyslog(b, priority, pp); ++ ++ OPENSSL_free(buf); ++ return (ret); ++} + + static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- switch (cmd) +- { +- case BIO_CTRL_SET: +- xcloselog(b); +- xopenlog(b, ptr, num); +- break; +- default: +- break; +- } +- return(0); +- } ++{ ++ switch (cmd) { ++ case BIO_CTRL_SET: ++ xcloselog(b); ++ xopenlog(b, ptr, num); ++ break; ++ default: ++ break; ++ } ++ return (0); ++} + + static int MS_CALLBACK slg_puts(BIO *bp, const char *str) +- { +- int n,ret; ++{ ++ int n, ret; + +- n=strlen(str); +- ret=slg_write(bp,str,n); +- return(ret); +- } ++ n = strlen(str); ++ ret = slg_write(bp, str, n); ++ return (ret); ++} + +-#if defined(OPENSSL_SYS_WIN32) ++# if defined(OPENSSL_SYS_WIN32) + +-static void xopenlog(BIO* bp, char* name, int level) ++static void xopenlog(BIO *bp, char *name, int level) + { +- if ( !register_event_source ) +- { +- HANDLE advapi; +- if ( !(advapi = GetModuleHandle("advapi32")) ) +- return; +- register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi, +- "RegisterEventSource" ); +- deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi, +- "DeregisterEventSource"); +- report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi, +- "ReportEvent" ); +- if ( !(register_event_source && deregister_event_source && +- report_event) ) +- { +- register_event_source = NULL; +- deregister_event_source = NULL; +- report_event = NULL; +- return; +- } +- } +- bp->ptr= (char *)register_event_source(NULL, name); ++ if (!register_event_source) { ++ HANDLE advapi; ++ if (!(advapi = GetModuleHandle("advapi32"))) ++ return; ++ register_event_source = (HANDLE(WINAPI *)())DL_PROC_X(advapi, ++ "RegisterEventSource"); ++ deregister_event_source = (BOOL(WINAPI *)()) DL_PROC(advapi, ++ "DeregisterEventSource"); ++ report_event = (BOOL(WINAPI *)()) DL_PROC_X(advapi, "ReportEvent"); ++ if (!(register_event_source && deregister_event_source && ++ report_event)) { ++ register_event_source = NULL; ++ deregister_event_source = NULL; ++ report_event = NULL; ++ return; ++ } ++ } ++ bp->ptr = (char *)register_event_source(NULL, name); + } + + static void xsyslog(BIO *bp, int priority, const char *string) + { +- LPCSTR lpszStrings[2]; +- WORD evtype= EVENTLOG_ERROR_TYPE; +- int pid = _getpid(); +- char pidbuf[DECIMAL_SIZE(pid)+4]; +- +- switch (priority) +- { +- case LOG_EMERG: +- case LOG_ALERT: +- case LOG_CRIT: +- case LOG_ERR: +- evtype = EVENTLOG_ERROR_TYPE; +- break; +- case LOG_WARNING: +- evtype = EVENTLOG_WARNING_TYPE; +- break; +- case LOG_NOTICE: +- case LOG_INFO: +- case LOG_DEBUG: +- evtype = EVENTLOG_INFORMATION_TYPE; +- break; +- default: /* Should never happen, but set it +- as error anyway. */ +- evtype = EVENTLOG_ERROR_TYPE; +- break; +- } +- +- sprintf(pidbuf, "[%d] ", pid); +- lpszStrings[0] = pidbuf; +- lpszStrings[1] = string; +- +- if(report_event && bp->ptr) +- report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, +- lpszStrings, NULL); ++ LPCSTR lpszStrings[2]; ++ WORD evtype = EVENTLOG_ERROR_TYPE; ++ int pid = _getpid(); ++ char pidbuf[DECIMAL_SIZE(pid) + 4]; ++ ++ switch (priority) { ++ case LOG_EMERG: ++ case LOG_ALERT: ++ case LOG_CRIT: ++ case LOG_ERR: ++ evtype = EVENTLOG_ERROR_TYPE; ++ break; ++ case LOG_WARNING: ++ evtype = EVENTLOG_WARNING_TYPE; ++ break; ++ case LOG_NOTICE: ++ case LOG_INFO: ++ case LOG_DEBUG: ++ evtype = EVENTLOG_INFORMATION_TYPE; ++ break; ++ default: ++ /* ++ * Should never happen, but set it ++ * as error anyway. ++ */ ++ evtype = EVENTLOG_ERROR_TYPE; ++ break; ++ } ++ ++ sprintf(pidbuf, "[%d] ", pid); ++ lpszStrings[0] = pidbuf; ++ lpszStrings[1] = string; ++ ++ if (report_event && bp->ptr) ++ report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); + } +- +-static void xcloselog(BIO* bp) ++ ++static void xcloselog(BIO *bp) + { +- if(deregister_event_source && bp->ptr) +- deregister_event_source((HANDLE)(bp->ptr)); +- bp->ptr= NULL; ++ if (deregister_event_source && bp->ptr) ++ deregister_event_source((HANDLE) (bp->ptr)); ++ bp->ptr = NULL; + } + +-#elif defined(OPENSSL_SYS_VMS) ++# elif defined(OPENSSL_SYS_VMS) + + static int VMS_OPC_target = LOG_DAEMON; + +-static void xopenlog(BIO* bp, char* name, int level) ++static void xopenlog(BIO *bp, char *name, int level) + { +- VMS_OPC_target = level; ++ VMS_OPC_target = level; + } + + static void xsyslog(BIO *bp, int priority, const char *string) + { +- struct dsc$descriptor_s opc_dsc; +- struct opcdef *opcdef_p; +- char buf[10240]; +- unsigned int len; +- struct dsc$descriptor_s buf_dsc; +- $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); +- char *priority_tag; +- +- switch (priority) +- { +- case LOG_EMERG: priority_tag = "Emergency"; break; +- case LOG_ALERT: priority_tag = "Alert"; break; +- case LOG_CRIT: priority_tag = "Critical"; break; +- case LOG_ERR: priority_tag = "Error"; break; +- case LOG_WARNING: priority_tag = "Warning"; break; +- case LOG_NOTICE: priority_tag = "Notice"; break; +- case LOG_INFO: priority_tag = "Info"; break; +- case LOG_DEBUG: priority_tag = "DEBUG"; break; +- } +- +- buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- buf_dsc.dsc$b_class = DSC$K_CLASS_S; +- buf_dsc.dsc$a_pointer = buf; +- buf_dsc.dsc$w_length = sizeof(buf) - 1; +- +- lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); +- +- /* we know there's an 8 byte header. That's documented */ +- opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); +- opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; +- memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); +- opcdef_p->opc$l_ms_rqstid = 0; +- memcpy(&opcdef_p->opc$l_ms_text, buf, len); +- +- opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- opc_dsc.dsc$b_class = DSC$K_CLASS_S; +- opc_dsc.dsc$a_pointer = (char *)opcdef_p; +- opc_dsc.dsc$w_length = len + 8; +- +- sys$sndopr(opc_dsc, 0); +- +- OPENSSL_free(opcdef_p); ++ struct dsc$descriptor_s opc_dsc; ++ struct opcdef *opcdef_p; ++ char buf[10240]; ++ unsigned int len; ++ struct dsc$descriptor_s buf_dsc; ++ $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); ++ char *priority_tag; ++ ++ switch (priority) { ++ case LOG_EMERG: ++ priority_tag = "Emergency"; ++ break; ++ case LOG_ALERT: ++ priority_tag = "Alert"; ++ break; ++ case LOG_CRIT: ++ priority_tag = "Critical"; ++ break; ++ case LOG_ERR: ++ priority_tag = "Error"; ++ break; ++ case LOG_WARNING: ++ priority_tag = "Warning"; ++ break; ++ case LOG_NOTICE: ++ priority_tag = "Notice"; ++ break; ++ case LOG_INFO: ++ priority_tag = "Info"; ++ break; ++ case LOG_DEBUG: ++ priority_tag = "DEBUG"; ++ break; ++ } ++ ++ buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ buf_dsc.dsc$b_class = DSC$K_CLASS_S; ++ buf_dsc.dsc$a_pointer = buf; ++ buf_dsc.dsc$w_length = sizeof(buf) - 1; ++ ++ lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); ++ ++ /* we know there's an 8 byte header. That's documented */ ++ opcdef_p = (struct opcdef *)OPENSSL_malloc(8 + len); ++ opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; ++ memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); ++ opcdef_p->opc$l_ms_rqstid = 0; ++ memcpy(&opcdef_p->opc$l_ms_text, buf, len); ++ ++ opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ opc_dsc.dsc$b_class = DSC$K_CLASS_S; ++ opc_dsc.dsc$a_pointer = (char *)opcdef_p; ++ opc_dsc.dsc$w_length = len + 8; ++ ++ sys$sndopr(opc_dsc, 0); ++ ++ OPENSSL_free(opcdef_p); + } + +-static void xcloselog(BIO* bp) ++static void xcloselog(BIO *bp) + { + } + +-#else /* Unix/Watt32 */ ++# else /* Unix/Watt32 */ + +-static void xopenlog(BIO* bp, char* name, int level) ++static void xopenlog(BIO *bp, char *name, int level) + { +-#ifdef WATT32 /* djgpp/DOS */ +- openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level); +-#else +- openlog(name, LOG_PID|LOG_CONS, level); +-#endif ++# ifdef WATT32 /* djgpp/DOS */ ++ openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level); ++# else ++ openlog(name, LOG_PID | LOG_CONS, level); ++# endif + } + + static void xsyslog(BIO *bp, int priority, const char *string) + { +- syslog(priority, "%s", string); ++ syslog(priority, "%s", string); + } + +-static void xcloselog(BIO* bp) ++static void xcloselog(BIO *bp) + { +- closelog(); ++ closelog(); + } + +-#endif /* Unix */ ++# endif /* Unix */ + +-#endif /* NO_SYSLOG */ ++#endif /* NO_SYSLOG */ +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +index e7ab9cb..9e6f097 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -68,256 +68,249 @@ static int mem_gets(BIO *h, char *str, int size); + static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int mem_new(BIO *h); + static int mem_free(BIO *data); +-static BIO_METHOD mem_method= +- { +- BIO_TYPE_MEM, +- "memory buffer", +- mem_write, +- mem_read, +- mem_puts, +- mem_gets, +- mem_ctrl, +- mem_new, +- mem_free, +- NULL, +- }; ++static BIO_METHOD mem_method = { ++ BIO_TYPE_MEM, ++ "memory buffer", ++ mem_write, ++ mem_read, ++ mem_puts, ++ mem_gets, ++ mem_ctrl, ++ mem_new, ++ mem_free, ++ NULL, ++}; + +-/* bio->num is used to hold the value to return on 'empty', if it is +- * 0, should_retry is not set */ ++/* ++ * bio->num is used to hold the value to return on 'empty', if it is 0, ++ * should_retry is not set ++ */ + + BIO_METHOD *BIO_s_mem(void) +- { +- return(&mem_method); +- } ++{ ++ return (&mem_method); ++} + + BIO *BIO_new_mem_buf(void *buf, int len) + { +- BIO *ret; +- BUF_MEM *b; +- if (!buf) { +- BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER); +- return NULL; +- } +- if(len == -1) len = strlen(buf); +- if(!(ret = BIO_new(BIO_s_mem())) ) return NULL; +- b = (BUF_MEM *)ret->ptr; +- b->data = buf; +- b->length = len; +- b->max = len; +- ret->flags |= BIO_FLAGS_MEM_RDONLY; +- /* Since this is static data retrying wont help */ +- ret->num = 0; +- return ret; ++ BIO *ret; ++ BUF_MEM *b; ++ if (!buf) { ++ BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); ++ return NULL; ++ } ++ if (len == -1) ++ len = strlen(buf); ++ if (!(ret = BIO_new(BIO_s_mem()))) ++ return NULL; ++ b = (BUF_MEM *)ret->ptr; ++ b->data = buf; ++ b->length = len; ++ b->max = len; ++ ret->flags |= BIO_FLAGS_MEM_RDONLY; ++ /* Since this is static data retrying wont help */ ++ ret->num = 0; ++ return ret; + } + + static int mem_new(BIO *bi) +- { +- BUF_MEM *b; ++{ ++ BUF_MEM *b; + +- if ((b=BUF_MEM_new()) == NULL) +- return(0); +- bi->shutdown=1; +- bi->init=1; +- bi->num= -1; +- bi->ptr=(char *)b; +- return(1); +- } ++ if ((b = BUF_MEM_new()) == NULL) ++ return (0); ++ bi->shutdown = 1; ++ bi->init = 1; ++ bi->num = -1; ++ bi->ptr = (char *)b; ++ return (1); ++} + + static int mem_free(BIO *a) +- { +- if (a == NULL) return(0); +- if (a->shutdown) +- { +- if ((a->init) && (a->ptr != NULL)) +- { +- BUF_MEM *b; +- b = (BUF_MEM *)a->ptr; +- if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL; +- BUF_MEM_free(b); +- a->ptr=NULL; +- } +- } +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ if (a->shutdown) { ++ if ((a->init) && (a->ptr != NULL)) { ++ BUF_MEM *b; ++ b = (BUF_MEM *)a->ptr; ++ if (a->flags & BIO_FLAGS_MEM_RDONLY) ++ b->data = NULL; ++ BUF_MEM_free(b); ++ a->ptr = NULL; ++ } ++ } ++ return (1); ++} ++ + static int mem_read(BIO *b, char *out, int outl) +- { +- int ret= -1; +- BUF_MEM *bm; +- int i; +- char *from,*to; ++{ ++ int ret = -1; ++ BUF_MEM *bm; ++ int i; ++ char *from, *to; + +- bm=(BUF_MEM *)b->ptr; +- BIO_clear_retry_flags(b); +- ret=(outl > bm->length)?bm->length:outl; +- if ((out != NULL) && (ret > 0)) { +- memcpy(out,bm->data,ret); +- bm->length-=ret; +- /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ +- if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret; +- else { +- from=(char *)&(bm->data[ret]); +- to=(char *)&(bm->data[0]); +- for (i=0; ilength; i++) +- to[i]=from[i]; +- } +- } else if (bm->length == 0) +- { +- ret = b->num; +- if (ret != 0) +- BIO_set_retry_read(b); +- } +- return(ret); +- } ++ bm = (BUF_MEM *)b->ptr; ++ BIO_clear_retry_flags(b); ++ ret = (outl > bm->length) ? bm->length : outl; ++ if ((out != NULL) && (ret > 0)) { ++ memcpy(out, bm->data, ret); ++ bm->length -= ret; ++ /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ ++ if (b->flags & BIO_FLAGS_MEM_RDONLY) ++ bm->data += ret; ++ else { ++ from = (char *)&(bm->data[ret]); ++ to = (char *)&(bm->data[0]); ++ for (i = 0; i < bm->length; i++) ++ to[i] = from[i]; ++ } ++ } else if (bm->length == 0) { ++ ret = b->num; ++ if (ret != 0) ++ BIO_set_retry_read(b); ++ } ++ return (ret); ++} + + static int mem_write(BIO *b, const char *in, int inl) +- { +- int ret= -1; +- int blen; +- BUF_MEM *bm; ++{ ++ int ret = -1; ++ int blen; ++ BUF_MEM *bm; + +- bm=(BUF_MEM *)b->ptr; +- if (in == NULL) +- { +- BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER); +- goto end; +- } ++ bm = (BUF_MEM *)b->ptr; ++ if (in == NULL) { ++ BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER); ++ goto end; ++ } + +- if(b->flags & BIO_FLAGS_MEM_RDONLY) { +- BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO); +- goto end; +- } ++ if (b->flags & BIO_FLAGS_MEM_RDONLY) { ++ BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO); ++ goto end; ++ } + +- BIO_clear_retry_flags(b); +- blen=bm->length; +- if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl)) +- goto end; +- memcpy(&(bm->data[blen]),in,inl); +- ret=inl; +-end: +- return(ret); +- } ++ BIO_clear_retry_flags(b); ++ blen = bm->length; ++ if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) ++ goto end; ++ memcpy(&(bm->data[blen]), in, inl); ++ ret = inl; ++ end: ++ return (ret); ++} + + static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret=1; +- char **pptr; ++{ ++ long ret = 1; ++ char **pptr; + +- BUF_MEM *bm=(BUF_MEM *)b->ptr; ++ BUF_MEM *bm = (BUF_MEM *)b->ptr; + +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- if (bm->data != NULL) +- { +- /* For read only case reset to the start again */ +- if(b->flags & BIO_FLAGS_MEM_RDONLY) +- { +- bm->data -= bm->max - bm->length; +- bm->length = bm->max; +- } +- else +- { +- memset(bm->data,0,bm->max); +- bm->length=0; +- } +- } +- break; +- case BIO_CTRL_EOF: +- ret=(long)(bm->length == 0); +- break; +- case BIO_C_SET_BUF_MEM_EOF_RETURN: +- b->num=(int)num; +- break; +- case BIO_CTRL_INFO: +- ret=(long)bm->length; +- if (ptr != NULL) +- { +- pptr=(char **)ptr; +- *pptr=(char *)&(bm->data[0]); +- } +- break; +- case BIO_C_SET_BUF_MEM: +- mem_free(b); +- b->shutdown=(int)num; +- b->ptr=ptr; +- break; +- case BIO_C_GET_BUF_MEM_PTR: +- if (ptr != NULL) +- { +- pptr=(char **)ptr; +- *pptr=(char *)bm; +- } +- break; +- case BIO_CTRL_GET_CLOSE: +- ret=(long)b->shutdown; +- break; +- case BIO_CTRL_SET_CLOSE: +- b->shutdown=(int)num; +- break; ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ if (bm->data != NULL) { ++ /* For read only case reset to the start again */ ++ if (b->flags & BIO_FLAGS_MEM_RDONLY) { ++ bm->data -= bm->max - bm->length; ++ bm->length = bm->max; ++ } else { ++ memset(bm->data, 0, bm->max); ++ bm->length = 0; ++ } ++ } ++ break; ++ case BIO_CTRL_EOF: ++ ret = (long)(bm->length == 0); ++ break; ++ case BIO_C_SET_BUF_MEM_EOF_RETURN: ++ b->num = (int)num; ++ break; ++ case BIO_CTRL_INFO: ++ ret = (long)bm->length; ++ if (ptr != NULL) { ++ pptr = (char **)ptr; ++ *pptr = (char *)&(bm->data[0]); ++ } ++ break; ++ case BIO_C_SET_BUF_MEM: ++ mem_free(b); ++ b->shutdown = (int)num; ++ b->ptr = ptr; ++ break; ++ case BIO_C_GET_BUF_MEM_PTR: ++ if (ptr != NULL) { ++ pptr = (char **)ptr; ++ *pptr = (char *)bm; ++ } ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ ret = (long)b->shutdown; ++ break; ++ case BIO_CTRL_SET_CLOSE: ++ b->shutdown = (int)num; ++ break; + +- case BIO_CTRL_WPENDING: +- ret=0L; +- break; +- case BIO_CTRL_PENDING: +- ret=(long)bm->length; +- break; +- case BIO_CTRL_DUP: +- case BIO_CTRL_FLUSH: +- ret=1; +- break; +- case BIO_CTRL_PUSH: +- case BIO_CTRL_POP: +- default: +- ret=0; +- break; +- } +- return(ret); +- } ++ case BIO_CTRL_WPENDING: ++ ret = 0L; ++ break; ++ case BIO_CTRL_PENDING: ++ ret = (long)bm->length; ++ break; ++ case BIO_CTRL_DUP: ++ case BIO_CTRL_FLUSH: ++ ret = 1; ++ break; ++ case BIO_CTRL_PUSH: ++ case BIO_CTRL_POP: ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} + + static int mem_gets(BIO *bp, char *buf, int size) +- { +- int i,j; +- int ret= -1; +- char *p; +- BUF_MEM *bm=(BUF_MEM *)bp->ptr; ++{ ++ int i, j; ++ int ret = -1; ++ char *p; ++ BUF_MEM *bm = (BUF_MEM *)bp->ptr; + +- BIO_clear_retry_flags(bp); +- j=bm->length; +- if ((size-1) < j) j=size-1; +- if (j <= 0) +- { +- *buf='\0'; +- return 0; +- } +- p=bm->data; +- for (i=0; ilength; ++ if ((size - 1) < j) ++ j = size - 1; ++ if (j <= 0) { ++ *buf = '\0'; ++ return 0; ++ } ++ p = bm->data; ++ for (i = 0; i < j; i++) { ++ if (p[i] == '\n') { ++ i++; ++ break; ++ } ++ } + +- /* +- * i is now the max num of bytes to copy, either j or up to +- * and including the first newline +- */ ++ /* ++ * i is now the max num of bytes to copy, either j or up to ++ * and including the first newline ++ */ + +- i=mem_read(bp,buf,i); +- if (i > 0) buf[i]='\0'; +- ret=i; +- return(ret); +- } ++ i = mem_read(bp, buf, i); ++ if (i > 0) ++ buf[i] = '\0'; ++ ret = i; ++ return (ret); ++} + + static int mem_puts(BIO *bp, const char *str) +- { +- int n,ret; +- +- n=strlen(str); +- ret=mem_write(bp,str,n); +- /* memory semantics is that it will always work */ +- return(ret); +- } ++{ ++ int n, ret; + ++ n = strlen(str); ++ ret = mem_write(bp, str, n); ++ /* memory semantics is that it will always work */ ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c +index 46b7333..6a03fa2 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_null.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_null.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -68,83 +68,82 @@ static int null_gets(BIO *h, char *str, int size); + static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int null_new(BIO *h); + static int null_free(BIO *data); +-static BIO_METHOD null_method= +- { +- BIO_TYPE_NULL, +- "NULL", +- null_write, +- null_read, +- null_puts, +- null_gets, +- null_ctrl, +- null_new, +- null_free, +- NULL, +- }; ++static BIO_METHOD null_method = { ++ BIO_TYPE_NULL, ++ "NULL", ++ null_write, ++ null_read, ++ null_puts, ++ null_gets, ++ null_ctrl, ++ null_new, ++ null_free, ++ NULL, ++}; + + BIO_METHOD *BIO_s_null(void) +- { +- return(&null_method); +- } ++{ ++ return (&null_method); ++} + + static int null_new(BIO *bi) +- { +- bi->init=1; +- bi->num=0; +- bi->ptr=(NULL); +- return(1); +- } ++{ ++ bi->init = 1; ++ bi->num = 0; ++ bi->ptr = (NULL); ++ return (1); ++} + + static int null_free(BIO *a) +- { +- if (a == NULL) return(0); +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ return (1); ++} ++ + static int null_read(BIO *b, char *out, int outl) +- { +- return(0); +- } ++{ ++ return (0); ++} + + static int null_write(BIO *b, const char *in, int inl) +- { +- return(inl); +- } ++{ ++ return (inl); ++} + + static long null_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- long ret=1; ++{ ++ long ret = 1; + +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- case BIO_CTRL_EOF: +- case BIO_CTRL_SET: +- case BIO_CTRL_SET_CLOSE: +- case BIO_CTRL_FLUSH: +- case BIO_CTRL_DUP: +- ret=1; +- break; +- case BIO_CTRL_GET_CLOSE: +- case BIO_CTRL_INFO: +- case BIO_CTRL_GET: +- case BIO_CTRL_PENDING: +- case BIO_CTRL_WPENDING: +- default: +- ret=0; +- break; +- } +- return(ret); +- } ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ case BIO_CTRL_EOF: ++ case BIO_CTRL_SET: ++ case BIO_CTRL_SET_CLOSE: ++ case BIO_CTRL_FLUSH: ++ case BIO_CTRL_DUP: ++ ret = 1; ++ break; ++ case BIO_CTRL_GET_CLOSE: ++ case BIO_CTRL_INFO: ++ case BIO_CTRL_GET: ++ case BIO_CTRL_PENDING: ++ case BIO_CTRL_WPENDING: ++ default: ++ ret = 0; ++ break; ++ } ++ return (ret); ++} + + static int null_gets(BIO *bp, char *buf, int size) +- { +- return(0); +- } ++{ ++ return (0); ++} + + static int null_puts(BIO *bp, const char *str) +- { +- if (str == NULL) return(0); +- return(strlen(str)); +- } +- ++{ ++ if (str == NULL) ++ return (0); ++ return (strlen(str)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c +index 9405163..2f3d110 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,252 +62,252 @@ + + /* r can == a or b */ + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +- { +- const BIGNUM *tmp; +- int a_neg = a->neg, ret; ++{ ++ const BIGNUM *tmp; ++ int a_neg = a->neg, ret; + +- bn_check_top(a); +- bn_check_top(b); ++ bn_check_top(a); ++ bn_check_top(b); + +- /* a + b a+b +- * a + -b a-b +- * -a + b b-a +- * -a + -b -(a+b) +- */ +- if (a_neg ^ b->neg) +- { +- /* only one is negative */ +- if (a_neg) +- { tmp=a; a=b; b=tmp; } ++ /*- ++ * a + b a+b ++ * a + -b a-b ++ * -a + b b-a ++ * -a + -b -(a+b) ++ */ ++ if (a_neg ^ b->neg) { ++ /* only one is negative */ ++ if (a_neg) { ++ tmp = a; ++ a = b; ++ b = tmp; ++ } + +- /* we are now a - b */ ++ /* we are now a - b */ + +- if (BN_ucmp(a,b) < 0) +- { +- if (!BN_usub(r,b,a)) return(0); +- r->neg=1; +- } +- else +- { +- if (!BN_usub(r,a,b)) return(0); +- r->neg=0; +- } +- return(1); +- } ++ if (BN_ucmp(a, b) < 0) { ++ if (!BN_usub(r, b, a)) ++ return (0); ++ r->neg = 1; ++ } else { ++ if (!BN_usub(r, a, b)) ++ return (0); ++ r->neg = 0; ++ } ++ return (1); ++ } + +- ret = BN_uadd(r,a,b); +- r->neg = a_neg; +- bn_check_top(r); +- return ret; +- } ++ ret = BN_uadd(r, a, b); ++ r->neg = a_neg; ++ bn_check_top(r); ++ return ret; ++} + + /* unsigned add of b to a */ + int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +- { +- int max,min,dif; +- BN_ULONG *ap,*bp,*rp,carry,t1,t2; +- const BIGNUM *tmp; ++{ ++ int max, min, dif; ++ BN_ULONG *ap, *bp, *rp, carry, t1, t2; ++ const BIGNUM *tmp; + +- bn_check_top(a); +- bn_check_top(b); ++ bn_check_top(a); ++ bn_check_top(b); + +- if (a->top < b->top) +- { tmp=a; a=b; b=tmp; } +- max = a->top; +- min = b->top; +- dif = max - min; ++ if (a->top < b->top) { ++ tmp = a; ++ a = b; ++ b = tmp; ++ } ++ max = a->top; ++ min = b->top; ++ dif = max - min; + +- if (bn_wexpand(r,max+1) == NULL) +- return 0; ++ if (bn_wexpand(r, max + 1) == NULL) ++ return 0; + +- r->top=max; ++ r->top = max; + ++ ap = a->d; ++ bp = b->d; ++ rp = r->d; + +- ap=a->d; +- bp=b->d; +- rp=r->d; ++ carry = bn_add_words(rp, ap, bp, min); ++ rp += min; ++ ap += min; ++ bp += min; + +- carry=bn_add_words(rp,ap,bp,min); +- rp+=min; +- ap+=min; +- bp+=min; +- +- if (carry) +- { +- while (dif) +- { +- dif--; +- t1 = *(ap++); +- t2 = (t1+1) & BN_MASK2; +- *(rp++) = t2; +- if (t2) +- { +- carry=0; +- break; +- } +- } +- if (carry) +- { +- /* carry != 0 => dif == 0 */ +- *rp = 1; +- r->top++; +- } +- } +- if (dif && rp != ap) +- while (dif--) +- /* copy remaining words if ap != rp */ +- *(rp++) = *(ap++); +- r->neg = 0; +- bn_check_top(r); +- return 1; +- } ++ if (carry) { ++ while (dif) { ++ dif--; ++ t1 = *(ap++); ++ t2 = (t1 + 1) & BN_MASK2; ++ *(rp++) = t2; ++ if (t2) { ++ carry = 0; ++ break; ++ } ++ } ++ if (carry) { ++ /* carry != 0 => dif == 0 */ ++ *rp = 1; ++ r->top++; ++ } ++ } ++ if (dif && rp != ap) ++ while (dif--) ++ /* copy remaining words if ap != rp */ ++ *(rp++) = *(ap++); ++ r->neg = 0; ++ bn_check_top(r); ++ return 1; ++} + + /* unsigned subtraction of b from a, a must be larger than b. */ + int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +- { +- int max,min,dif; +- register BN_ULONG t1,t2,*ap,*bp,*rp; +- int i,carry; ++{ ++ int max, min, dif; ++ register BN_ULONG t1, t2, *ap, *bp, *rp; ++ int i, carry; + #if defined(IRIX_CC_BUG) && !defined(LINT) +- int dummy; ++ int dummy; + #endif + +- bn_check_top(a); +- bn_check_top(b); ++ bn_check_top(a); ++ bn_check_top(b); + +- max = a->top; +- min = b->top; +- dif = max - min; ++ max = a->top; ++ min = b->top; ++ dif = max - min; + +- if (dif < 0) /* hmm... should not be happening */ +- { +- BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); +- return(0); +- } ++ if (dif < 0) { /* hmm... should not be happening */ ++ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); ++ return (0); ++ } + +- if (bn_wexpand(r,max) == NULL) return(0); ++ if (bn_wexpand(r, max) == NULL) ++ return (0); + +- ap=a->d; +- bp=b->d; +- rp=r->d; ++ ap = a->d; ++ bp = b->d; ++ rp = r->d; + + #if 1 +- carry=0; +- for (i = min; i != 0; i--) +- { +- t1= *(ap++); +- t2= *(bp++); +- if (carry) +- { +- carry=(t1 <= t2); +- t1=(t1-t2-1)&BN_MASK2; +- } +- else +- { +- carry=(t1 < t2); +- t1=(t1-t2)&BN_MASK2; +- } +-#if defined(IRIX_CC_BUG) && !defined(LINT) +- dummy=t1; +-#endif +- *(rp++)=t1&BN_MASK2; +- } ++ carry = 0; ++ for (i = min; i != 0; i--) { ++ t1 = *(ap++); ++ t2 = *(bp++); ++ if (carry) { ++ carry = (t1 <= t2); ++ t1 = (t1 - t2 - 1) & BN_MASK2; ++ } else { ++ carry = (t1 < t2); ++ t1 = (t1 - t2) & BN_MASK2; ++ } ++# if defined(IRIX_CC_BUG) && !defined(LINT) ++ dummy = t1; ++# endif ++ *(rp++) = t1 & BN_MASK2; ++ } + #else +- carry=bn_sub_words(rp,ap,bp,min); +- ap+=min; +- bp+=min; +- rp+=min; ++ carry = bn_sub_words(rp, ap, bp, min); ++ ap += min; ++ bp += min; ++ rp += min; + #endif +- if (carry) /* subtracted */ +- { +- if (!dif) +- /* error: a < b */ +- return 0; +- while (dif) +- { +- dif--; +- t1 = *(ap++); +- t2 = (t1-1)&BN_MASK2; +- *(rp++) = t2; +- if (t1) +- break; +- } +- } ++ if (carry) { /* subtracted */ ++ if (!dif) ++ /* error: a < b */ ++ return 0; ++ while (dif) { ++ dif--; ++ t1 = *(ap++); ++ t2 = (t1 - 1) & BN_MASK2; ++ *(rp++) = t2; ++ if (t1) ++ break; ++ } ++ } + #if 0 +- memcpy(rp,ap,sizeof(*rp)*(max-i)); ++ memcpy(rp, ap, sizeof(*rp) * (max - i)); + #else +- if (rp != ap) +- { +- for (;;) +- { +- if (!dif--) break; +- rp[0]=ap[0]; +- if (!dif--) break; +- rp[1]=ap[1]; +- if (!dif--) break; +- rp[2]=ap[2]; +- if (!dif--) break; +- rp[3]=ap[3]; +- rp+=4; +- ap+=4; +- } +- } ++ if (rp != ap) { ++ for (;;) { ++ if (!dif--) ++ break; ++ rp[0] = ap[0]; ++ if (!dif--) ++ break; ++ rp[1] = ap[1]; ++ if (!dif--) ++ break; ++ rp[2] = ap[2]; ++ if (!dif--) ++ break; ++ rp[3] = ap[3]; ++ rp += 4; ++ ap += 4; ++ } ++ } + #endif + +- r->top=max; +- r->neg=0; +- bn_correct_top(r); +- return(1); +- } ++ r->top = max; ++ r->neg = 0; ++ bn_correct_top(r); ++ return (1); ++} + + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +- { +- int max; +- int add=0,neg=0; +- const BIGNUM *tmp; +- +- bn_check_top(a); +- bn_check_top(b); ++{ ++ int max; ++ int add = 0, neg = 0; ++ const BIGNUM *tmp; + +- /* a - b a-b +- * a - -b a+b +- * -a - b -(a+b) +- * -a - -b b-a +- */ +- if (a->neg) +- { +- if (b->neg) +- { tmp=a; a=b; b=tmp; } +- else +- { add=1; neg=1; } +- } +- else +- { +- if (b->neg) { add=1; neg=0; } +- } ++ bn_check_top(a); ++ bn_check_top(b); + +- if (add) +- { +- if (!BN_uadd(r,a,b)) return(0); +- r->neg=neg; +- return(1); +- } ++ /*- ++ * a - b a-b ++ * a - -b a+b ++ * -a - b -(a+b) ++ * -a - -b b-a ++ */ ++ if (a->neg) { ++ if (b->neg) { ++ tmp = a; ++ a = b; ++ b = tmp; ++ } else { ++ add = 1; ++ neg = 1; ++ } ++ } else { ++ if (b->neg) { ++ add = 1; ++ neg = 0; ++ } ++ } + +- /* We are actually doing a - b :-) */ ++ if (add) { ++ if (!BN_uadd(r, a, b)) ++ return (0); ++ r->neg = neg; ++ return (1); ++ } + +- max=(a->top > b->top)?a->top:b->top; +- if (bn_wexpand(r,max) == NULL) return(0); +- if (BN_ucmp(a,b) < 0) +- { +- if (!BN_usub(r,b,a)) return(0); +- r->neg=1; +- } +- else +- { +- if (!BN_usub(r,a,b)) return(0); +- r->neg=0; +- } +- bn_check_top(r); +- return(1); +- } ++ /* We are actually doing a - b :-) */ + ++ max = (a->top > b->top) ? a->top : b->top; ++ if (bn_wexpand(r, max) == NULL) ++ return (0); ++ if (BN_ucmp(a, b) < 0) { ++ if (!BN_usub(r, b, a)) ++ return (0); ++ r->neg = 1; ++ } else { ++ if (!BN_usub(r, a, b)) ++ return (0); ++ r->neg = 0; ++ } ++ bn_check_top(r); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +index 99bc2de..92e9539 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,7 +57,7 @@ + */ + + #ifndef BN_DEBUG +-# undef NDEBUG /* avoid conflicting definitions */ ++# undef NDEBUG /* avoid conflicting definitions */ + # define NDEBUG + #endif + +@@ -68,793 +68,853 @@ + + #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) + +-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +- { +- BN_ULONG c1=0; +- +- assert(num >= 0); +- if (num <= 0) return(c1); +- +- while (num&~3) +- { +- mul_add(rp[0],ap[0],w,c1); +- mul_add(rp[1],ap[1],w,c1); +- mul_add(rp[2],ap[2],w,c1); +- mul_add(rp[3],ap[3],w,c1); +- ap+=4; rp+=4; num-=4; +- } +- if (num) +- { +- mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; +- mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; +- mul_add(rp[2],ap[2],w,c1); return c1; +- } +- +- return(c1); +- } ++BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, ++ BN_ULONG w) ++{ ++ BN_ULONG c1 = 0; ++ ++ assert(num >= 0); ++ if (num <= 0) ++ return (c1); ++ ++ while (num & ~3) { ++ mul_add(rp[0], ap[0], w, c1); ++ mul_add(rp[1], ap[1], w, c1); ++ mul_add(rp[2], ap[2], w, c1); ++ mul_add(rp[3], ap[3], w, c1); ++ ap += 4; ++ rp += 4; ++ num -= 4; ++ } ++ if (num) { ++ mul_add(rp[0], ap[0], w, c1); ++ if (--num == 0) ++ return c1; ++ mul_add(rp[1], ap[1], w, c1); ++ if (--num == 0) ++ return c1; ++ mul_add(rp[2], ap[2], w, c1); ++ return c1; ++ } ++ ++ return (c1); ++} + + BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +- { +- BN_ULONG c1=0; +- +- assert(num >= 0); +- if (num <= 0) return(c1); +- +- while (num&~3) +- { +- mul(rp[0],ap[0],w,c1); +- mul(rp[1],ap[1],w,c1); +- mul(rp[2],ap[2],w,c1); +- mul(rp[3],ap[3],w,c1); +- ap+=4; rp+=4; num-=4; +- } +- if (num) +- { +- mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; +- mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; +- mul(rp[2],ap[2],w,c1); +- } +- return(c1); +- } ++{ ++ BN_ULONG c1 = 0; ++ ++ assert(num >= 0); ++ if (num <= 0) ++ return (c1); ++ ++ while (num & ~3) { ++ mul(rp[0], ap[0], w, c1); ++ mul(rp[1], ap[1], w, c1); ++ mul(rp[2], ap[2], w, c1); ++ mul(rp[3], ap[3], w, c1); ++ ap += 4; ++ rp += 4; ++ num -= 4; ++ } ++ if (num) { ++ mul(rp[0], ap[0], w, c1); ++ if (--num == 0) ++ return c1; ++ mul(rp[1], ap[1], w, c1); ++ if (--num == 0) ++ return c1; ++ mul(rp[2], ap[2], w, c1); ++ } ++ return (c1); ++} + + void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) +- { +- assert(n >= 0); +- if (n <= 0) return; +- while (n&~3) +- { +- sqr(r[0],r[1],a[0]); +- sqr(r[2],r[3],a[1]); +- sqr(r[4],r[5],a[2]); +- sqr(r[6],r[7],a[3]); +- a+=4; r+=8; n-=4; +- } +- if (n) +- { +- sqr(r[0],r[1],a[0]); if (--n == 0) return; +- sqr(r[2],r[3],a[1]); if (--n == 0) return; +- sqr(r[4],r[5],a[2]); +- } +- } +- +-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ +- +-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +- { +- BN_ULONG c=0; +- BN_ULONG bl,bh; +- +- assert(num >= 0); +- if (num <= 0) return((BN_ULONG)0); +- +- bl=LBITS(w); +- bh=HBITS(w); +- +- for (;;) +- { +- mul_add(rp[0],ap[0],bl,bh,c); +- if (--num == 0) break; +- mul_add(rp[1],ap[1],bl,bh,c); +- if (--num == 0) break; +- mul_add(rp[2],ap[2],bl,bh,c); +- if (--num == 0) break; +- mul_add(rp[3],ap[3],bl,bh,c); +- if (--num == 0) break; +- ap+=4; +- rp+=4; +- } +- return(c); +- } ++{ ++ assert(n >= 0); ++ if (n <= 0) ++ return; ++ while (n & ~3) { ++ sqr(r[0], r[1], a[0]); ++ sqr(r[2], r[3], a[1]); ++ sqr(r[4], r[5], a[2]); ++ sqr(r[6], r[7], a[3]); ++ a += 4; ++ r += 8; ++ n -= 4; ++ } ++ if (n) { ++ sqr(r[0], r[1], a[0]); ++ if (--n == 0) ++ return; ++ sqr(r[2], r[3], a[1]); ++ if (--n == 0) ++ return; ++ sqr(r[4], r[5], a[2]); ++ } ++} ++ ++#else /* !(defined(BN_LLONG) || ++ * defined(BN_UMULT_HIGH)) */ ++ ++BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, ++ BN_ULONG w) ++{ ++ BN_ULONG c = 0; ++ BN_ULONG bl, bh; ++ ++ assert(num >= 0); ++ if (num <= 0) ++ return ((BN_ULONG)0); ++ ++ bl = LBITS(w); ++ bh = HBITS(w); ++ ++ for (;;) { ++ mul_add(rp[0], ap[0], bl, bh, c); ++ if (--num == 0) ++ break; ++ mul_add(rp[1], ap[1], bl, bh, c); ++ if (--num == 0) ++ break; ++ mul_add(rp[2], ap[2], bl, bh, c); ++ if (--num == 0) ++ break; ++ mul_add(rp[3], ap[3], bl, bh, c); ++ if (--num == 0) ++ break; ++ ap += 4; ++ rp += 4; ++ } ++ return (c); ++} + + BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +- { +- BN_ULONG carry=0; +- BN_ULONG bl,bh; +- +- assert(num >= 0); +- if (num <= 0) return((BN_ULONG)0); +- +- bl=LBITS(w); +- bh=HBITS(w); +- +- for (;;) +- { +- mul(rp[0],ap[0],bl,bh,carry); +- if (--num == 0) break; +- mul(rp[1],ap[1],bl,bh,carry); +- if (--num == 0) break; +- mul(rp[2],ap[2],bl,bh,carry); +- if (--num == 0) break; +- mul(rp[3],ap[3],bl,bh,carry); +- if (--num == 0) break; +- ap+=4; +- rp+=4; +- } +- return(carry); +- } ++{ ++ BN_ULONG carry = 0; ++ BN_ULONG bl, bh; ++ ++ assert(num >= 0); ++ if (num <= 0) ++ return ((BN_ULONG)0); ++ ++ bl = LBITS(w); ++ bh = HBITS(w); ++ ++ for (;;) { ++ mul(rp[0], ap[0], bl, bh, carry); ++ if (--num == 0) ++ break; ++ mul(rp[1], ap[1], bl, bh, carry); ++ if (--num == 0) ++ break; ++ mul(rp[2], ap[2], bl, bh, carry); ++ if (--num == 0) ++ break; ++ mul(rp[3], ap[3], bl, bh, carry); ++ if (--num == 0) ++ break; ++ ap += 4; ++ rp += 4; ++ } ++ return (carry); ++} + + void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) +- { +- assert(n >= 0); +- if (n <= 0) return; +- for (;;) +- { +- sqr64(r[0],r[1],a[0]); +- if (--n == 0) break; +- +- sqr64(r[2],r[3],a[1]); +- if (--n == 0) break; +- +- sqr64(r[4],r[5],a[2]); +- if (--n == 0) break; +- +- sqr64(r[6],r[7],a[3]); +- if (--n == 0) break; +- +- a+=4; +- r+=8; +- } +- } +- +-#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ ++{ ++ assert(n >= 0); ++ if (n <= 0) ++ return; ++ for (;;) { ++ sqr64(r[0], r[1], a[0]); ++ if (--n == 0) ++ break; ++ ++ sqr64(r[2], r[3], a[1]); ++ if (--n == 0) ++ break; ++ ++ sqr64(r[4], r[5], a[2]); ++ if (--n == 0) ++ break; ++ ++ sqr64(r[6], r[7], a[3]); ++ if (--n == 0) ++ break; ++ ++ a += 4; ++ r += 8; ++ } ++} ++ ++#endif /* !(defined(BN_LLONG) || ++ * defined(BN_UMULT_HIGH)) */ + + #if defined(BN_LLONG) && defined(BN_DIV2W) + + BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) +- { +- return((BN_ULONG)(((((BN_ULLONG)h)<= d) h-=d; +- +- if (i) +- { +- d<<=i; +- h=(h<>(BN_BITS2-i)); +- l<<=i; +- } +- dh=(d&BN_MASK2h)>>BN_BITS4; +- dl=(d&BN_MASK2l); +- for (;;) +- { +- if ((h>>BN_BITS4) == dh) +- q=BN_MASK2l; +- else +- q=h/dh; +- +- th=q*dh; +- tl=dl*q; +- for (;;) +- { +- t=h-th; +- if ((t&BN_MASK2h) || +- ((tl) <= ( +- (t<>BN_BITS4)))) +- break; +- q--; +- th-=dh; +- tl-=dl; +- } +- t=(tl>>BN_BITS4); +- tl=(tl<>BN_BITS4))&BN_MASK2; +- l=(l&BN_MASK2l)<= d) ++ h -= d; ++ ++ if (i) { ++ d <<= i; ++ h = (h << i) | (l >> (BN_BITS2 - i)); ++ l <<= i; ++ } ++ dh = (d & BN_MASK2h) >> BN_BITS4; ++ dl = (d & BN_MASK2l); ++ for (;;) { ++ if ((h >> BN_BITS4) == dh) ++ q = BN_MASK2l; ++ else ++ q = h / dh; ++ ++ th = q * dh; ++ tl = dl * q; ++ for (;;) { ++ t = h - th; ++ if ((t & BN_MASK2h) || ++ ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4)))) ++ break; ++ q--; ++ th -= dh; ++ tl -= dl; ++ } ++ t = (tl >> BN_BITS4); ++ tl = (tl << BN_BITS4) & BN_MASK2h; ++ th += t; ++ ++ if (l < tl) ++ th++; ++ l -= tl; ++ if (h < th) { ++ h += d; ++ q--; ++ } ++ h -= th; ++ ++ if (--count == 0) ++ break; ++ ++ ret = q << BN_BITS4; ++ h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2; ++ l = (l & BN_MASK2l) << BN_BITS4; ++ } ++ ret |= q; ++ return (ret); ++} ++#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ + + #ifdef BN_LLONG +-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) +- { +- BN_ULLONG ll=0; +- +- assert(n >= 0); +- if (n <= 0) return((BN_ULONG)0); +- +- for (;;) +- { +- ll+=(BN_ULLONG)a[0]+b[0]; +- r[0]=(BN_ULONG)ll&BN_MASK2; +- ll>>=BN_BITS2; +- if (--n <= 0) break; +- +- ll+=(BN_ULLONG)a[1]+b[1]; +- r[1]=(BN_ULONG)ll&BN_MASK2; +- ll>>=BN_BITS2; +- if (--n <= 0) break; +- +- ll+=(BN_ULLONG)a[2]+b[2]; +- r[2]=(BN_ULONG)ll&BN_MASK2; +- ll>>=BN_BITS2; +- if (--n <= 0) break; +- +- ll+=(BN_ULLONG)a[3]+b[3]; +- r[3]=(BN_ULONG)ll&BN_MASK2; +- ll>>=BN_BITS2; +- if (--n <= 0) break; +- +- a+=4; +- b+=4; +- r+=4; +- } +- return((BN_ULONG)ll); +- } +-#else /* !BN_LLONG */ +-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) +- { +- BN_ULONG c,l,t; +- +- assert(n >= 0); +- if (n <= 0) return((BN_ULONG)0); +- +- c=0; +- for (;;) +- { +- t=a[0]; +- t=(t+c)&BN_MASK2; +- c=(t < c); +- l=(t+b[0])&BN_MASK2; +- c+=(l < t); +- r[0]=l; +- if (--n <= 0) break; +- +- t=a[1]; +- t=(t+c)&BN_MASK2; +- c=(t < c); +- l=(t+b[1])&BN_MASK2; +- c+=(l < t); +- r[1]=l; +- if (--n <= 0) break; +- +- t=a[2]; +- t=(t+c)&BN_MASK2; +- c=(t < c); +- l=(t+b[2])&BN_MASK2; +- c+=(l < t); +- r[2]=l; +- if (--n <= 0) break; +- +- t=a[3]; +- t=(t+c)&BN_MASK2; +- c=(t < c); +- l=(t+b[3])&BN_MASK2; +- c+=(l < t); +- r[3]=l; +- if (--n <= 0) break; +- +- a+=4; +- b+=4; +- r+=4; +- } +- return((BN_ULONG)c); +- } +-#endif /* !BN_LLONG */ +- +-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) +- { +- BN_ULONG t1,t2; +- int c=0; +- +- assert(n >= 0); +- if (n <= 0) return((BN_ULONG)0); +- +- for (;;) +- { +- t1=a[0]; t2=b[0]; +- r[0]=(t1-t2-c)&BN_MASK2; +- if (t1 != t2) c=(t1 < t2); +- if (--n <= 0) break; +- +- t1=a[1]; t2=b[1]; +- r[1]=(t1-t2-c)&BN_MASK2; +- if (t1 != t2) c=(t1 < t2); +- if (--n <= 0) break; +- +- t1=a[2]; t2=b[2]; +- r[2]=(t1-t2-c)&BN_MASK2; +- if (t1 != t2) c=(t1 < t2); +- if (--n <= 0) break; +- +- t1=a[3]; t2=b[3]; +- r[3]=(t1-t2-c)&BN_MASK2; +- if (t1 != t2) c=(t1 < t2); +- if (--n <= 0) break; +- +- a+=4; +- b+=4; +- r+=4; +- } +- return(c); +- } ++BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, ++ int n) ++{ ++ BN_ULLONG ll = 0; ++ ++ assert(n >= 0); ++ if (n <= 0) ++ return ((BN_ULONG)0); ++ ++ for (;;) { ++ ll += (BN_ULLONG) a[0] + b[0]; ++ r[0] = (BN_ULONG)ll & BN_MASK2; ++ ll >>= BN_BITS2; ++ if (--n <= 0) ++ break; ++ ++ ll += (BN_ULLONG) a[1] + b[1]; ++ r[1] = (BN_ULONG)ll & BN_MASK2; ++ ll >>= BN_BITS2; ++ if (--n <= 0) ++ break; ++ ++ ll += (BN_ULLONG) a[2] + b[2]; ++ r[2] = (BN_ULONG)ll & BN_MASK2; ++ ll >>= BN_BITS2; ++ if (--n <= 0) ++ break; ++ ++ ll += (BN_ULLONG) a[3] + b[3]; ++ r[3] = (BN_ULONG)ll & BN_MASK2; ++ ll >>= BN_BITS2; ++ if (--n <= 0) ++ break; ++ ++ a += 4; ++ b += 4; ++ r += 4; ++ } ++ return ((BN_ULONG)ll); ++} ++#else /* !BN_LLONG */ ++BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, ++ int n) ++{ ++ BN_ULONG c, l, t; ++ ++ assert(n >= 0); ++ if (n <= 0) ++ return ((BN_ULONG)0); ++ ++ c = 0; ++ for (;;) { ++ t = a[0]; ++ t = (t + c) & BN_MASK2; ++ c = (t < c); ++ l = (t + b[0]) & BN_MASK2; ++ c += (l < t); ++ r[0] = l; ++ if (--n <= 0) ++ break; ++ ++ t = a[1]; ++ t = (t + c) & BN_MASK2; ++ c = (t < c); ++ l = (t + b[1]) & BN_MASK2; ++ c += (l < t); ++ r[1] = l; ++ if (--n <= 0) ++ break; ++ ++ t = a[2]; ++ t = (t + c) & BN_MASK2; ++ c = (t < c); ++ l = (t + b[2]) & BN_MASK2; ++ c += (l < t); ++ r[2] = l; ++ if (--n <= 0) ++ break; ++ ++ t = a[3]; ++ t = (t + c) & BN_MASK2; ++ c = (t < c); ++ l = (t + b[3]) & BN_MASK2; ++ c += (l < t); ++ r[3] = l; ++ if (--n <= 0) ++ break; ++ ++ a += 4; ++ b += 4; ++ r += 4; ++ } ++ return ((BN_ULONG)c); ++} ++#endif /* !BN_LLONG */ ++ ++BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, ++ int n) ++{ ++ BN_ULONG t1, t2; ++ int c = 0; ++ ++ assert(n >= 0); ++ if (n <= 0) ++ return ((BN_ULONG)0); ++ ++ for (;;) { ++ t1 = a[0]; ++ t2 = b[0]; ++ r[0] = (t1 - t2 - c) & BN_MASK2; ++ if (t1 != t2) ++ c = (t1 < t2); ++ if (--n <= 0) ++ break; ++ ++ t1 = a[1]; ++ t2 = b[1]; ++ r[1] = (t1 - t2 - c) & BN_MASK2; ++ if (t1 != t2) ++ c = (t1 < t2); ++ if (--n <= 0) ++ break; ++ ++ t1 = a[2]; ++ t2 = b[2]; ++ r[2] = (t1 - t2 - c) & BN_MASK2; ++ if (t1 != t2) ++ c = (t1 < t2); ++ if (--n <= 0) ++ break; ++ ++ t1 = a[3]; ++ t2 = b[3]; ++ r[3] = (t1 - t2 - c) & BN_MASK2; ++ if (t1 != t2) ++ c = (t1 < t2); ++ if (--n <= 0) ++ break; ++ ++ a += 4; ++ b += 4; ++ r += 4; ++ } ++ return (c); ++} + + #ifdef BN_MUL_COMBA + +-#undef bn_mul_comba8 +-#undef bn_mul_comba4 +-#undef bn_sqr_comba8 +-#undef bn_sqr_comba4 ++# undef bn_mul_comba8 ++# undef bn_mul_comba4 ++# undef bn_sqr_comba8 ++# undef bn_sqr_comba4 + + /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ + /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ + /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ +-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ ++/* ++ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number ++ * c=(c2,c1,c0) ++ */ + +-#ifdef BN_LLONG +-#define mul_add_c(a,b,c0,c1,c2) \ +- t=(BN_ULLONG)a*b; \ +- t1=(BN_ULONG)Lw(t); \ +- t2=(BN_ULONG)Hw(t); \ +- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ +- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; +- +-#define mul_add_c2(a,b,c0,c1,c2) \ +- t=(BN_ULLONG)a*b; \ +- tt=(t+t)&BN_MASK; \ +- if (tt < t) c2++; \ +- t1=(BN_ULONG)Lw(tt); \ +- t2=(BN_ULONG)Hw(tt); \ +- c0=(c0+t1)&BN_MASK2; \ +- if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \ +- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; +- +-#define sqr_add_c(a,i,c0,c1,c2) \ +- t=(BN_ULLONG)a[i]*a[i]; \ +- t1=(BN_ULONG)Lw(t); \ +- t2=(BN_ULONG)Hw(t); \ +- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ +- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; +- +-#define sqr_add_c2(a,i,j,c0,c1,c2) \ +- mul_add_c2((a)[i],(a)[j],c0,c1,c2) +- +-#elif defined(BN_UMULT_LOHI) +- +-#define mul_add_c(a,b,c0,c1,c2) { \ +- BN_ULONG ta=(a),tb=(b); \ +- BN_UMULT_LOHI(t1,t2,ta,tb); \ +- c0 += t1; t2 += (c0A = BN_dup(A)) == NULL) goto err; +- } +- if (Ai != NULL) +- { +- if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; +- } +- +- /* save a copy of mod in the BN_BLINDING structure */ +- if ((ret->mod = BN_dup(mod)) == NULL) goto err; +- if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) +- BN_set_flags(ret->mod, BN_FLG_CONSTTIME); +- +- /* Set the counter to the special value -1 +- * to indicate that this is never-used fresh blinding +- * that does not need updating before first use. */ +- ret->counter = -1; +- return(ret); +-err: +- if (ret != NULL) BN_BLINDING_free(ret); +- return(NULL); +- } ++#define BN_BLINDING_COUNTER 32 ++ ++struct bn_blinding_st { ++ BIGNUM *A; ++ BIGNUM *Ai; ++ BIGNUM *e; ++ BIGNUM *mod; /* just a reference */ ++ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used ++ * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ ++ int counter; ++ unsigned long flags; ++ BN_MONT_CTX *m_ctx; ++ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++}; ++ ++BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) ++{ ++ BN_BLINDING *ret = NULL; ++ ++ bn_check_top(mod); ++ ++ if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { ++ BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ memset(ret, 0, sizeof(BN_BLINDING)); ++ if (A != NULL) { ++ if ((ret->A = BN_dup(A)) == NULL) ++ goto err; ++ } ++ if (Ai != NULL) { ++ if ((ret->Ai = BN_dup(Ai)) == NULL) ++ goto err; ++ } ++ ++ /* save a copy of mod in the BN_BLINDING structure */ ++ if ((ret->mod = BN_dup(mod)) == NULL) ++ goto err; ++ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) ++ BN_set_flags(ret->mod, BN_FLG_CONSTTIME); ++ ++ /* ++ * Set the counter to the special value -1 to indicate that this is ++ * never-used fresh blinding that does not need updating before first ++ * use. ++ */ ++ ret->counter = -1; ++ return (ret); ++ err: ++ if (ret != NULL) ++ BN_BLINDING_free(ret); ++ return (NULL); ++} + + void BN_BLINDING_free(BN_BLINDING *r) +- { +- if(r == NULL) +- return; +- +- if (r->A != NULL) BN_free(r->A ); +- if (r->Ai != NULL) BN_free(r->Ai); +- if (r->e != NULL) BN_free(r->e ); +- if (r->mod != NULL) BN_free(r->mod); +- OPENSSL_free(r); +- } ++{ ++ if (r == NULL) ++ return; ++ ++ if (r->A != NULL) ++ BN_free(r->A); ++ if (r->Ai != NULL) ++ BN_free(r->Ai); ++ if (r->e != NULL) ++ BN_free(r->e); ++ if (r->mod != NULL) ++ BN_free(r->mod); ++ OPENSSL_free(r); ++} + + int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) +- { +- int ret=0; +- +- if ((b->A == NULL) || (b->Ai == NULL)) +- { +- BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); +- goto err; +- } +- +- if (b->counter == -1) +- b->counter = 0; +- +- if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && +- !(b->flags & BN_BLINDING_NO_RECREATE)) +- { +- /* re-create blinding parameters */ +- if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) +- goto err; +- } +- else if (!(b->flags & BN_BLINDING_NO_UPDATE)) +- { +- if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; +- if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; +- } +- +- ret=1; +-err: +- if (b->counter == BN_BLINDING_COUNTER) +- b->counter = 0; +- return(ret); +- } ++{ ++ int ret = 0; ++ ++ if ((b->A == NULL) || (b->Ai == NULL)) { ++ BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED); ++ goto err; ++ } ++ ++ if (b->counter == -1) ++ b->counter = 0; ++ ++ if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && ++ !(b->flags & BN_BLINDING_NO_RECREATE)) { ++ /* re-create blinding parameters */ ++ if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) ++ goto err; ++ } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { ++ if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) ++ goto err; ++ if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) ++ goto err; ++ } ++ ++ ret = 1; ++ err: ++ if (b->counter == BN_BLINDING_COUNTER) ++ b->counter = 0; ++ return (ret); ++} + + int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) +- { +- return BN_BLINDING_convert_ex(n, NULL, b, ctx); +- } ++{ ++ return BN_BLINDING_convert_ex(n, NULL, b, ctx); ++} + + int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) +- { +- int ret = 1; ++{ ++ int ret = 1; + +- bn_check_top(n); ++ bn_check_top(n); + +- if ((b->A == NULL) || (b->Ai == NULL)) +- { +- BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); +- return(0); +- } ++ if ((b->A == NULL) || (b->Ai == NULL)) { ++ BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED); ++ return (0); ++ } + +- if (b->counter == -1) +- /* Fresh blinding, doesn't need updating. */ +- b->counter = 0; +- else if (!BN_BLINDING_update(b,ctx)) +- return(0); ++ if (b->counter == -1) ++ /* Fresh blinding, doesn't need updating. */ ++ b->counter = 0; ++ else if (!BN_BLINDING_update(b, ctx)) ++ return (0); + +- if (r != NULL) +- { +- if (!BN_copy(r, b->Ai)) ret=0; +- } ++ if (r != NULL) { ++ if (!BN_copy(r, b->Ai)) ++ ret = 0; ++ } + +- if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; +- +- return ret; +- } ++ if (!BN_mod_mul(n, n, b->A, b->mod, ctx)) ++ ret = 0; ++ ++ return ret; ++} + + int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) +- { +- return BN_BLINDING_invert_ex(n, NULL, b, ctx); +- } +- +-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) +- { +- int ret; +- +- bn_check_top(n); +- +- if (r != NULL) +- ret = BN_mod_mul(n, n, r, b->mod, ctx); +- else +- { +- if (b->Ai == NULL) +- { +- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); +- return(0); +- } +- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); +- } +- +- bn_check_top(n); +- return(ret); +- } ++{ ++ return BN_BLINDING_invert_ex(n, NULL, b, ctx); ++} ++ ++int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, ++ BN_CTX *ctx) ++{ ++ int ret; ++ ++ bn_check_top(n); ++ ++ if (r != NULL) ++ ret = BN_mod_mul(n, n, r, b->mod, ctx); ++ else { ++ if (b->Ai == NULL) { ++ BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); ++ return (0); ++ } ++ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); ++ } ++ ++ bn_check_top(n); ++ return (ret); ++} + + unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) +- { +- return b->thread_id; +- } ++{ ++ return b->thread_id; ++} + + void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) +- { +- b->thread_id = n; +- } ++{ ++ b->thread_id = n; ++} + + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) +- { +- return b->flags; +- } ++{ ++ return b->flags; ++} + + void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) +- { +- b->flags = flags; +- } ++{ ++ b->flags = flags; ++} + + BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, +- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), +- BN_MONT_CTX *m_ctx) ++ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, ++ int (*bn_mod_exp) (BIGNUM *r, ++ const BIGNUM *a, ++ const BIGNUM *p, ++ const BIGNUM *m, ++ BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx), ++ BN_MONT_CTX *m_ctx) + { +- int retry_counter = 32; +- BN_BLINDING *ret = NULL; +- +- if (b == NULL) +- ret = BN_BLINDING_new(NULL, NULL, m); +- else +- ret = b; +- +- if (ret == NULL) +- goto err; +- +- if (ret->A == NULL && (ret->A = BN_new()) == NULL) +- goto err; +- if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) +- goto err; +- +- if (e != NULL) +- { +- if (ret->e != NULL) +- BN_free(ret->e); +- ret->e = BN_dup(e); +- } +- if (ret->e == NULL) +- goto err; +- +- if (bn_mod_exp != NULL) +- ret->bn_mod_exp = bn_mod_exp; +- if (m_ctx != NULL) +- ret->m_ctx = m_ctx; +- +- do { +- if (!BN_rand_range(ret->A, ret->mod)) goto err; +- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) +- { +- /* this should almost never happen for good RSA keys */ +- unsigned long error = ERR_peek_last_error(); +- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) +- { +- if (retry_counter-- == 0) +- { +- BNerr(BN_F_BN_BLINDING_CREATE_PARAM, +- BN_R_TOO_MANY_ITERATIONS); +- goto err; +- } +- ERR_clear_error(); +- } +- else +- goto err; +- } +- else +- break; +- } while (1); +- +- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) +- { +- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) +- goto err; +- } +- else +- { +- if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) +- goto err; +- } +- +- return ret; +-err: +- if (b == NULL && ret != NULL) +- { +- BN_BLINDING_free(ret); +- ret = NULL; +- } +- +- return ret; ++ int retry_counter = 32; ++ BN_BLINDING *ret = NULL; ++ ++ if (b == NULL) ++ ret = BN_BLINDING_new(NULL, NULL, m); ++ else ++ ret = b; ++ ++ if (ret == NULL) ++ goto err; ++ ++ if (ret->A == NULL && (ret->A = BN_new()) == NULL) ++ goto err; ++ if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) ++ goto err; ++ ++ if (e != NULL) { ++ if (ret->e != NULL) ++ BN_free(ret->e); ++ ret->e = BN_dup(e); ++ } ++ if (ret->e == NULL) ++ goto err; ++ ++ if (bn_mod_exp != NULL) ++ ret->bn_mod_exp = bn_mod_exp; ++ if (m_ctx != NULL) ++ ret->m_ctx = m_ctx; ++ ++ do { ++ if (!BN_rand_range(ret->A, ret->mod)) ++ goto err; ++ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { ++ /* ++ * this should almost never happen for good RSA keys ++ */ ++ unsigned long error = ERR_peek_last_error(); ++ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ if (retry_counter-- == 0) { ++ BNerr(BN_F_BN_BLINDING_CREATE_PARAM, ++ BN_R_TOO_MANY_ITERATIONS); ++ goto err; ++ } ++ ERR_clear_error(); ++ } else ++ goto err; ++ } else ++ break; ++ } while (1); ++ ++ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { ++ if (!ret->bn_mod_exp ++ (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) ++ goto err; ++ } else { ++ if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) ++ goto err; ++ } ++ ++ return ret; ++ err: ++ if (b == NULL && ret != NULL) { ++ BN_BLINDING_free(ret); ++ ret = NULL; ++ } ++ ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c +index eb60a25..12c3208 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c +@@ -3,7 +3,8 @@ + + #include "bn.h" + +-/* "First Oakley Default Group" from RFC2409, section 6.1. ++/*- ++ * "First Oakley Default Group" from RFC2409, section 6.1. + * + * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } + * +@@ -12,21 +13,26 @@ + */ + + BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) +- { +- static const unsigned char RFC2409_PRIME_768[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn); +- } ++{ ++ static const unsigned char RFC2409_PRIME_768[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn); ++} + +-/* "Second Oakley Default Group" from RFC2409, section 6.2. ++/*- ++ * "Second Oakley Default Group" from RFC2409, section 6.2. + * + * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. + * +@@ -35,24 +41,30 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) + */ + + BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) +- { +- static const unsigned char RFC2409_PRIME_1024[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81, +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn); +- } ++{ ++ static const unsigned char RFC2409_PRIME_1024[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn); ++} + +-/* "1536-bit MODP Group" from RFC3526, Section 2. ++/*- ++ * "1536-bit MODP Group" from RFC3526, Section 2. + * + * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } + * +@@ -61,29 +73,38 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) + */ + + BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) +- { +- static const unsigned char RFC3526_PRIME_1536[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, +- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, +- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, +- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, +- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, +- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, +- 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn); +- } ++{ ++ static const unsigned char RFC3526_PRIME_1536[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, ++ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, ++ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, ++ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, ++ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, ++ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn); ++} + +-/* "2048-bit MODP Group" from RFC3526, Section 3. ++/*- ++ * "2048-bit MODP Group" from RFC3526, Section 3. + * + * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } + * +@@ -91,35 +112,46 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) + */ + + BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) +- { +- static const unsigned char RFC3526_PRIME_2048[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, +- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, +- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, +- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, +- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, +- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, +- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, +- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, +- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, +- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, +- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, +- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF, +- 0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn); +- } ++{ ++ static const unsigned char RFC3526_PRIME_2048[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, ++ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, ++ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, ++ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, ++ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, ++ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, ++ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, ++ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, ++ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, ++ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn); ++} + +-/* "3072-bit MODP Group" from RFC3526, Section 4. ++/*- ++ * "3072-bit MODP Group" from RFC3526, Section 4. + * + * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } + * +@@ -127,45 +159,62 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) + */ + + BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) +- { +- static const unsigned char RFC3526_PRIME_3072[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, +- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, +- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, +- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, +- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, +- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, +- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, +- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, +- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, +- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, +- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, +- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, +- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, +- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, +- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, +- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, +- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, +- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, +- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, +- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, +- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, +- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, +- 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn); +- } ++{ ++ static const unsigned char RFC3526_PRIME_3072[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, ++ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, ++ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, ++ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, ++ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, ++ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, ++ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, ++ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, ++ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, ++ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, ++ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, ++ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, ++ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, ++ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, ++ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, ++ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, ++ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, ++ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, ++ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, ++ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn); ++} + +-/* "4096-bit MODP Group" from RFC3526, Section 5. ++/*- ++ * "4096-bit MODP Group" from RFC3526, Section 5. + * + * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } + * +@@ -173,56 +222,78 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) + */ + + BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) +- { +- static const unsigned char RFC3526_PRIME_4096[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, +- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, +- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, +- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, +- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, +- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, +- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, +- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, +- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, +- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, +- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, +- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, +- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, +- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, +- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, +- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, +- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, +- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, +- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, +- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, +- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, +- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, +- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, +- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, +- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, +- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, +- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, +- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, +- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, +- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, +- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, +- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, +- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99, +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn); +- } ++{ ++ static const unsigned char RFC3526_PRIME_4096[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, ++ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, ++ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, ++ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, ++ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, ++ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, ++ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, ++ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, ++ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, ++ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, ++ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, ++ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, ++ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, ++ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, ++ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, ++ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, ++ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, ++ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, ++ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, ++ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, ++ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, ++ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, ++ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, ++ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, ++ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, ++ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, ++ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, ++ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, ++ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, ++ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, ++ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn); ++} + +-/* "6144-bit MODP Group" from RFC3526, Section 6. ++/*- ++ * "6144-bit MODP Group" from RFC3526, Section 6. + * + * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } + * +@@ -230,77 +301,110 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) + */ + + BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) +- { +- static const unsigned char RFC3526_PRIME_6144[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, +- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, +- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, +- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, +- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, +- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, +- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, +- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, +- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, +- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, +- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, +- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, +- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, +- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, +- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, +- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, +- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, +- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, +- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, +- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, +- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, +- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, +- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, +- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, +- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, +- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, +- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, +- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, +- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, +- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, +- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, +- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, +- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, +- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, +- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, +- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, +- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, +- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, +- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, +- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, +- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, +- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, +- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, +- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, +- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, +- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, +- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, +- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, +- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, +- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, +- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, +- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, +- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, +- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, +- 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn); +- } ++{ ++ static const unsigned char RFC3526_PRIME_6144[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, ++ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, ++ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, ++ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, ++ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, ++ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, ++ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, ++ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, ++ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, ++ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, ++ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, ++ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, ++ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, ++ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, ++ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, ++ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, ++ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, ++ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, ++ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, ++ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, ++ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, ++ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, ++ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, ++ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, ++ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, ++ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, ++ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, ++ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, ++ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, ++ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, ++ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, ++ 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, ++ 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, ++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, ++ 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, ++ 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, ++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, ++ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, ++ 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, ++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, ++ 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, ++ 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, ++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, ++ 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, ++ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, ++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, ++ 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, ++ 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, ++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, ++ 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, ++ 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, ++ 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, ++ 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, ++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, ++ 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, ++ 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, ++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, ++ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, ++ 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, ++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, ++ 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn); ++} + +-/* "8192-bit MODP Group" from RFC3526, Section 7. ++/*- ++ * "8192-bit MODP Group" from RFC3526, Section 7. + * + * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } + * +@@ -308,95 +412,136 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) + */ + + BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) +- { +- static const unsigned char RFC3526_PRIME_8192[]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2, +- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, +- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6, +- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, +- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D, +- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, +- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9, +- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, +- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11, +- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, +- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36, +- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, +- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56, +- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, +- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08, +- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, +- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2, +- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9, +- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C, +- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, +- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D, +- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64, +- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57, +- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, +- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0, +- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B, +- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73, +- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, +- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0, +- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31, +- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20, +- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, +- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18, +- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA, +- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB, +- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, +- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F, +- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED, +- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76, +- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, +- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC, +- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92, +- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2, +- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, +- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F, +- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31, +- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB, +- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, +- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51, +- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF, +- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15, +- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, +- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31, +- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3, +- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7, +- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, +- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2, +- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28, +- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D, +- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, +- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7, +- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE, +- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E, +- 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, +- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0, +- 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00, +- 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93, +- 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, +- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB, +- 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9, +- 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8, +- 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, +- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F, +- 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A, +- 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8, +- 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, +- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5, +- 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1, +- 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3, +- 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, +- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E, +- 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47, +- 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2, +- 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, +- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF, +- 0xFF,0xFF,0xFF,0xFF, +- }; +- return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn); +- } +- ++{ ++ static const unsigned char RFC3526_PRIME_8192[] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, ++ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, ++ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, ++ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, ++ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, ++ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, ++ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, ++ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, ++ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, ++ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, ++ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, ++ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, ++ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, ++ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, ++ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, ++ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, ++ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, ++ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, ++ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, ++ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, ++ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, ++ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, ++ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, ++ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, ++ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, ++ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, ++ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, ++ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, ++ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, ++ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, ++ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, ++ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, ++ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, ++ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, ++ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, ++ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, ++ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, ++ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, ++ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, ++ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, ++ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, ++ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, ++ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, ++ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, ++ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, ++ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, ++ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, ++ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, ++ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, ++ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, ++ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, ++ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, ++ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, ++ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, ++ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, ++ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, ++ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, ++ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, ++ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, ++ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, ++ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, ++ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, ++ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, ++ 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, ++ 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, ++ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, ++ 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, ++ 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, ++ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, ++ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, ++ 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, ++ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, ++ 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, ++ 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, ++ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, ++ 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, ++ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, ++ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, ++ 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, ++ 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, ++ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, ++ 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, ++ 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, ++ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, ++ 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, ++ 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, ++ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, ++ 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, ++ 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, ++ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, ++ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, ++ 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, ++ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, ++ 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, ++ 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, ++ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, ++ 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, ++ 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, ++ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, ++ 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, ++ 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, ++ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, ++ 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, ++ 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, ++ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, ++ 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, ++ 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, ++ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, ++ 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8, ++ 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, ++ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, ++ 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, ++ 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, ++ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, ++ 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D, ++ 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, ++ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, ++ 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, ++ 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, ++ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, ++ 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B, ++ 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, ++ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, ++ 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, ++ 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, ++ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ }; ++ return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +index b3452f1..1d756a0 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +@@ -8,7 +8,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -55,9 +55,9 @@ + */ + + #if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +-#ifndef NDEBUG +-#define NDEBUG +-#endif ++# ifndef NDEBUG ++# define NDEBUG ++# endif + #endif + + #include +@@ -66,7 +66,8 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +-/* TODO list ++/*- ++ * TODO list + * + * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and + * check they can be safely removed. +@@ -79,376 +80,369 @@ + */ + + /* How many bignums are in each "pool item"; */ +-#define BN_CTX_POOL_SIZE 16 ++#define BN_CTX_POOL_SIZE 16 + /* The stack frame info is resizing, set a first-time expansion size; */ +-#define BN_CTX_START_FRAMES 32 ++#define BN_CTX_START_FRAMES 32 + + /***********/ + /* BN_POOL */ + /***********/ + + /* A bundle of bignums that can be linked with other bundles */ +-typedef struct bignum_pool_item +- { +- /* The bignum values */ +- BIGNUM vals[BN_CTX_POOL_SIZE]; +- /* Linked-list admin */ +- struct bignum_pool_item *prev, *next; +- } BN_POOL_ITEM; ++typedef struct bignum_pool_item { ++ /* The bignum values */ ++ BIGNUM vals[BN_CTX_POOL_SIZE]; ++ /* Linked-list admin */ ++ struct bignum_pool_item *prev, *next; ++} BN_POOL_ITEM; + /* A linked-list of bignums grouped in bundles */ +-typedef struct bignum_pool +- { +- /* Linked-list admin */ +- BN_POOL_ITEM *head, *current, *tail; +- /* Stack depth and allocation size */ +- unsigned used, size; +- } BN_POOL; +-static void BN_POOL_init(BN_POOL *); +-static void BN_POOL_finish(BN_POOL *); ++typedef struct bignum_pool { ++ /* Linked-list admin */ ++ BN_POOL_ITEM *head, *current, *tail; ++ /* Stack depth and allocation size */ ++ unsigned used, size; ++} BN_POOL; ++static void BN_POOL_init(BN_POOL *); ++static void BN_POOL_finish(BN_POOL *); + #ifndef OPENSSL_NO_DEPRECATED +-static void BN_POOL_reset(BN_POOL *); ++static void BN_POOL_reset(BN_POOL *); + #endif +-static BIGNUM * BN_POOL_get(BN_POOL *); +-static void BN_POOL_release(BN_POOL *, unsigned int); ++static BIGNUM *BN_POOL_get(BN_POOL *); ++static void BN_POOL_release(BN_POOL *, unsigned int); + + /************/ + /* BN_STACK */ + /************/ + + /* A wrapper to manage the "stack frames" */ +-typedef struct bignum_ctx_stack +- { +- /* Array of indexes into the bignum stack */ +- unsigned int *indexes; +- /* Number of stack frames, and the size of the allocated array */ +- unsigned int depth, size; +- } BN_STACK; +-static void BN_STACK_init(BN_STACK *); +-static void BN_STACK_finish(BN_STACK *); ++typedef struct bignum_ctx_stack { ++ /* Array of indexes into the bignum stack */ ++ unsigned int *indexes; ++ /* Number of stack frames, and the size of the allocated array */ ++ unsigned int depth, size; ++} BN_STACK; ++static void BN_STACK_init(BN_STACK *); ++static void BN_STACK_finish(BN_STACK *); + #ifndef OPENSSL_NO_DEPRECATED +-static void BN_STACK_reset(BN_STACK *); ++static void BN_STACK_reset(BN_STACK *); + #endif +-static int BN_STACK_push(BN_STACK *, unsigned int); +-static unsigned int BN_STACK_pop(BN_STACK *); ++static int BN_STACK_push(BN_STACK *, unsigned int); ++static unsigned int BN_STACK_pop(BN_STACK *); + + /**********/ + /* BN_CTX */ + /**********/ + + /* The opaque BN_CTX type */ +-struct bignum_ctx +- { +- /* The bignum bundles */ +- BN_POOL pool; +- /* The "stack frames", if you will */ +- BN_STACK stack; +- /* The number of bignums currently assigned */ +- unsigned int used; +- /* Depth of stack overflow */ +- int err_stack; +- /* Block "gets" until an "end" (compatibility behaviour) */ +- int too_many; +- }; ++struct bignum_ctx { ++ /* The bignum bundles */ ++ BN_POOL pool; ++ /* The "stack frames", if you will */ ++ BN_STACK stack; ++ /* The number of bignums currently assigned */ ++ unsigned int used; ++ /* Depth of stack overflow */ ++ int err_stack; ++ /* Block "gets" until an "end" (compatibility behaviour) */ ++ int too_many; ++}; + + /* Enable this to find BN_CTX bugs */ + #ifdef BN_CTX_DEBUG + static const char *ctxdbg_cur = NULL; + static void ctxdbg(BN_CTX *ctx) +- { +- unsigned int bnidx = 0, fpidx = 0; +- BN_POOL_ITEM *item = ctx->pool.head; +- BN_STACK *stack = &ctx->stack; +- fprintf(stderr,"(%08x): ", (unsigned int)ctx); +- while(bnidx < ctx->used) +- { +- fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); +- if(!(bnidx % BN_CTX_POOL_SIZE)) +- item = item->next; +- } +- fprintf(stderr,"\n"); +- bnidx = 0; +- fprintf(stderr," : "); +- while(fpidx < stack->depth) +- { +- while(bnidx++ < stack->indexes[fpidx]) +- fprintf(stderr," "); +- fprintf(stderr,"^^ "); +- bnidx++; +- fpidx++; +- } +- fprintf(stderr,"\n"); +- } +-#define CTXDBG_ENTRY(str, ctx) do { \ +- ctxdbg_cur = (str); \ +- fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ +- ctxdbg(ctx); \ +- } while(0) +-#define CTXDBG_EXIT(ctx) do { \ +- fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ +- ctxdbg(ctx); \ +- } while(0) +-#define CTXDBG_RET(ctx,ret) ++{ ++ unsigned int bnidx = 0, fpidx = 0; ++ BN_POOL_ITEM *item = ctx->pool.head; ++ BN_STACK *stack = &ctx->stack; ++ fprintf(stderr, "(%08x): ", (unsigned int)ctx); ++ while (bnidx < ctx->used) { ++ fprintf(stderr, "%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); ++ if (!(bnidx % BN_CTX_POOL_SIZE)) ++ item = item->next; ++ } ++ fprintf(stderr, "\n"); ++ bnidx = 0; ++ fprintf(stderr, " : "); ++ while (fpidx < stack->depth) { ++ while (bnidx++ < stack->indexes[fpidx]) ++ fprintf(stderr, " "); ++ fprintf(stderr, "^^ "); ++ bnidx++; ++ fpidx++; ++ } ++ fprintf(stderr, "\n"); ++} ++ ++# define CTXDBG_ENTRY(str, ctx) do { \ ++ ctxdbg_cur = (str); \ ++ fprintf(stderr,"Starting %s\n", ctxdbg_cur); \ ++ ctxdbg(ctx); \ ++ } while(0) ++# define CTXDBG_EXIT(ctx) do { \ ++ fprintf(stderr,"Ending %s\n", ctxdbg_cur); \ ++ ctxdbg(ctx); \ ++ } while(0) ++# define CTXDBG_RET(ctx,ret) + #else +-#define CTXDBG_ENTRY(str, ctx) +-#define CTXDBG_EXIT(ctx) +-#define CTXDBG_RET(ctx,ret) ++# define CTXDBG_ENTRY(str, ctx) ++# define CTXDBG_EXIT(ctx) ++# define CTXDBG_RET(ctx,ret) + #endif + +-/* This function is an evil legacy and should not be used. This implementation +- * is WYSIWYG, though I've done my best. */ ++/* ++ * This function is an evil legacy and should not be used. This ++ * implementation is WYSIWYG, though I've done my best. ++ */ + #ifndef OPENSSL_NO_DEPRECATED + void BN_CTX_init(BN_CTX *ctx) +- { +- /* Assume the caller obtained the context via BN_CTX_new() and so is +- * trying to reset it for use. Nothing else makes sense, least of all +- * binary compatibility from a time when they could declare a static +- * variable. */ +- BN_POOL_reset(&ctx->pool); +- BN_STACK_reset(&ctx->stack); +- ctx->used = 0; +- ctx->err_stack = 0; +- ctx->too_many = 0; +- } ++{ ++ /* ++ * Assume the caller obtained the context via BN_CTX_new() and so is ++ * trying to reset it for use. Nothing else makes sense, least of all ++ * binary compatibility from a time when they could declare a static ++ * variable. ++ */ ++ BN_POOL_reset(&ctx->pool); ++ BN_STACK_reset(&ctx->stack); ++ ctx->used = 0; ++ ctx->err_stack = 0; ++ ctx->too_many = 0; ++} + #endif + + BN_CTX *BN_CTX_new(void) +- { +- BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); +- if(!ret) +- { +- BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- /* Initialise the structure */ +- BN_POOL_init(&ret->pool); +- BN_STACK_init(&ret->stack); +- ret->used = 0; +- ret->err_stack = 0; +- ret->too_many = 0; +- return ret; +- } ++{ ++ BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); ++ if (!ret) { ++ BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ /* Initialise the structure */ ++ BN_POOL_init(&ret->pool); ++ BN_STACK_init(&ret->stack); ++ ret->used = 0; ++ ret->err_stack = 0; ++ ret->too_many = 0; ++ return ret; ++} + + void BN_CTX_free(BN_CTX *ctx) +- { +- if (ctx == NULL) +- return; ++{ ++ if (ctx == NULL) ++ return; + #ifdef BN_CTX_DEBUG +- { +- BN_POOL_ITEM *pool = ctx->pool.head; +- fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n", +- ctx->stack.size, ctx->pool.size); +- fprintf(stderr,"dmaxs: "); +- while(pool) { +- unsigned loop = 0; +- while(loop < BN_CTX_POOL_SIZE) +- fprintf(stderr,"%02x ", pool->vals[loop++].dmax); +- pool = pool->next; +- } +- fprintf(stderr,"\n"); +- } ++ { ++ BN_POOL_ITEM *pool = ctx->pool.head; ++ fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n", ++ ctx->stack.size, ctx->pool.size); ++ fprintf(stderr, "dmaxs: "); ++ while (pool) { ++ unsigned loop = 0; ++ while (loop < BN_CTX_POOL_SIZE) ++ fprintf(stderr, "%02x ", pool->vals[loop++].dmax); ++ pool = pool->next; ++ } ++ fprintf(stderr, "\n"); ++ } + #endif +- BN_STACK_finish(&ctx->stack); +- BN_POOL_finish(&ctx->pool); +- OPENSSL_free(ctx); +- } ++ BN_STACK_finish(&ctx->stack); ++ BN_POOL_finish(&ctx->pool); ++ OPENSSL_free(ctx); ++} + + void BN_CTX_start(BN_CTX *ctx) +- { +- CTXDBG_ENTRY("BN_CTX_start", ctx); +- /* If we're already overflowing ... */ +- if(ctx->err_stack || ctx->too_many) +- ctx->err_stack++; +- /* (Try to) get a new frame pointer */ +- else if(!BN_STACK_push(&ctx->stack, ctx->used)) +- { +- BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES); +- ctx->err_stack++; +- } +- CTXDBG_EXIT(ctx); +- } ++{ ++ CTXDBG_ENTRY("BN_CTX_start", ctx); ++ /* If we're already overflowing ... */ ++ if (ctx->err_stack || ctx->too_many) ++ ctx->err_stack++; ++ /* (Try to) get a new frame pointer */ ++ else if (!BN_STACK_push(&ctx->stack, ctx->used)) { ++ BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES); ++ ctx->err_stack++; ++ } ++ CTXDBG_EXIT(ctx); ++} + + void BN_CTX_end(BN_CTX *ctx) +- { +- CTXDBG_ENTRY("BN_CTX_end", ctx); +- if(ctx->err_stack) +- ctx->err_stack--; +- else +- { +- unsigned int fp = BN_STACK_pop(&ctx->stack); +- /* Does this stack frame have anything to release? */ +- if(fp < ctx->used) +- BN_POOL_release(&ctx->pool, ctx->used - fp); +- ctx->used = fp; +- /* Unjam "too_many" in case "get" had failed */ +- ctx->too_many = 0; +- } +- CTXDBG_EXIT(ctx); +- } ++{ ++ CTXDBG_ENTRY("BN_CTX_end", ctx); ++ if (ctx->err_stack) ++ ctx->err_stack--; ++ else { ++ unsigned int fp = BN_STACK_pop(&ctx->stack); ++ /* Does this stack frame have anything to release? */ ++ if (fp < ctx->used) ++ BN_POOL_release(&ctx->pool, ctx->used - fp); ++ ctx->used = fp; ++ /* Unjam "too_many" in case "get" had failed */ ++ ctx->too_many = 0; ++ } ++ CTXDBG_EXIT(ctx); ++} + + BIGNUM *BN_CTX_get(BN_CTX *ctx) +- { +- BIGNUM *ret; +- CTXDBG_ENTRY("BN_CTX_get", ctx); +- if(ctx->err_stack || ctx->too_many) return NULL; +- if((ret = BN_POOL_get(&ctx->pool)) == NULL) +- { +- /* Setting too_many prevents repeated "get" attempts from +- * cluttering the error stack. */ +- ctx->too_many = 1; +- BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); +- return NULL; +- } +- /* OK, make sure the returned bignum is "zero" */ +- BN_zero(ret); +- ctx->used++; +- CTXDBG_RET(ctx, ret); +- return ret; +- } ++{ ++ BIGNUM *ret; ++ CTXDBG_ENTRY("BN_CTX_get", ctx); ++ if (ctx->err_stack || ctx->too_many) ++ return NULL; ++ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { ++ /* ++ * Setting too_many prevents repeated "get" attempts from cluttering ++ * the error stack. ++ */ ++ ctx->too_many = 1; ++ BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES); ++ return NULL; ++ } ++ /* OK, make sure the returned bignum is "zero" */ ++ BN_zero(ret); ++ ctx->used++; ++ CTXDBG_RET(ctx, ret); ++ return ret; ++} + + /************/ + /* BN_STACK */ + /************/ + + static void BN_STACK_init(BN_STACK *st) +- { +- st->indexes = NULL; +- st->depth = st->size = 0; +- } ++{ ++ st->indexes = NULL; ++ st->depth = st->size = 0; ++} + + static void BN_STACK_finish(BN_STACK *st) +- { +- if(st->size) OPENSSL_free(st->indexes); +- } ++{ ++ if (st->size) ++ OPENSSL_free(st->indexes); ++} + + #ifndef OPENSSL_NO_DEPRECATED + static void BN_STACK_reset(BN_STACK *st) +- { +- st->depth = 0; +- } ++{ ++ st->depth = 0; ++} + #endif + + static int BN_STACK_push(BN_STACK *st, unsigned int idx) +- { +- if(st->depth == st->size) +- /* Need to expand */ +- { +- unsigned int newsize = (st->size ? +- (st->size * 3 / 2) : BN_CTX_START_FRAMES); +- unsigned int *newitems = OPENSSL_malloc(newsize * +- sizeof(unsigned int)); +- if(!newitems) return 0; +- if(st->depth) +- memcpy(newitems, st->indexes, st->depth * +- sizeof(unsigned int)); +- if(st->size) OPENSSL_free(st->indexes); +- st->indexes = newitems; +- st->size = newsize; +- } +- st->indexes[(st->depth)++] = idx; +- return 1; +- } ++{ ++ if (st->depth == st->size) ++ /* Need to expand */ ++ { ++ unsigned int newsize = (st->size ? ++ (st->size * 3 / 2) : BN_CTX_START_FRAMES); ++ unsigned int *newitems = OPENSSL_malloc(newsize * ++ sizeof(unsigned int)); ++ if (!newitems) ++ return 0; ++ if (st->depth) ++ memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); ++ if (st->size) ++ OPENSSL_free(st->indexes); ++ st->indexes = newitems; ++ st->size = newsize; ++ } ++ st->indexes[(st->depth)++] = idx; ++ return 1; ++} + + static unsigned int BN_STACK_pop(BN_STACK *st) +- { +- return st->indexes[--(st->depth)]; +- } ++{ ++ return st->indexes[--(st->depth)]; ++} + + /***********/ + /* BN_POOL */ + /***********/ + + static void BN_POOL_init(BN_POOL *p) +- { +- p->head = p->current = p->tail = NULL; +- p->used = p->size = 0; +- } ++{ ++ p->head = p->current = p->tail = NULL; ++ p->used = p->size = 0; ++} + + static void BN_POOL_finish(BN_POOL *p) +- { +- while(p->head) +- { +- unsigned int loop = 0; +- BIGNUM *bn = p->head->vals; +- while(loop++ < BN_CTX_POOL_SIZE) +- { +- if(bn->d) BN_clear_free(bn); +- bn++; +- } +- p->current = p->head->next; +- OPENSSL_free(p->head); +- p->head = p->current; +- } +- } ++{ ++ while (p->head) { ++ unsigned int loop = 0; ++ BIGNUM *bn = p->head->vals; ++ while (loop++ < BN_CTX_POOL_SIZE) { ++ if (bn->d) ++ BN_clear_free(bn); ++ bn++; ++ } ++ p->current = p->head->next; ++ OPENSSL_free(p->head); ++ p->head = p->current; ++ } ++} + + #ifndef OPENSSL_NO_DEPRECATED + static void BN_POOL_reset(BN_POOL *p) +- { +- BN_POOL_ITEM *item = p->head; +- while(item) +- { +- unsigned int loop = 0; +- BIGNUM *bn = item->vals; +- while(loop++ < BN_CTX_POOL_SIZE) +- { +- if(bn->d) BN_clear(bn); +- bn++; +- } +- item = item->next; +- } +- p->current = p->head; +- p->used = 0; +- } ++{ ++ BN_POOL_ITEM *item = p->head; ++ while (item) { ++ unsigned int loop = 0; ++ BIGNUM *bn = item->vals; ++ while (loop++ < BN_CTX_POOL_SIZE) { ++ if (bn->d) ++ BN_clear(bn); ++ bn++; ++ } ++ item = item->next; ++ } ++ p->current = p->head; ++ p->used = 0; ++} + #endif + + static BIGNUM *BN_POOL_get(BN_POOL *p) +- { +- if(p->used == p->size) +- { +- BIGNUM *bn; +- unsigned int loop = 0; +- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); +- if(!item) return NULL; +- /* Initialise the structure */ +- bn = item->vals; +- while(loop++ < BN_CTX_POOL_SIZE) +- BN_init(bn++); +- item->prev = p->tail; +- item->next = NULL; +- /* Link it in */ +- if(!p->head) +- p->head = p->current = p->tail = item; +- else +- { +- p->tail->next = item; +- p->tail = item; +- p->current = item; +- } +- p->size += BN_CTX_POOL_SIZE; +- p->used++; +- /* Return the first bignum from the new pool */ +- return item->vals; +- } +- if(!p->used) +- p->current = p->head; +- else if((p->used % BN_CTX_POOL_SIZE) == 0) +- p->current = p->current->next; +- return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); +- } ++{ ++ if (p->used == p->size) { ++ BIGNUM *bn; ++ unsigned int loop = 0; ++ BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); ++ if (!item) ++ return NULL; ++ /* Initialise the structure */ ++ bn = item->vals; ++ while (loop++ < BN_CTX_POOL_SIZE) ++ BN_init(bn++); ++ item->prev = p->tail; ++ item->next = NULL; ++ /* Link it in */ ++ if (!p->head) ++ p->head = p->current = p->tail = item; ++ else { ++ p->tail->next = item; ++ p->tail = item; ++ p->current = item; ++ } ++ p->size += BN_CTX_POOL_SIZE; ++ p->used++; ++ /* Return the first bignum from the new pool */ ++ return item->vals; ++ } ++ if (!p->used) ++ p->current = p->head; ++ else if ((p->used % BN_CTX_POOL_SIZE) == 0) ++ p->current = p->current->next; ++ return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); ++} + + static void BN_POOL_release(BN_POOL *p, unsigned int num) +- { +- unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; +- p->used -= num; +- while(num--) +- { +- bn_check_top(p->current->vals + offset); +- if(!offset) +- { +- offset = BN_CTX_POOL_SIZE - 1; +- p->current = p->current->prev; +- } +- else +- offset--; +- } +- } +- ++{ ++ unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; ++ p->used -= num; ++ while (num--) { ++ bn_check_top(p->current->vals + offset); ++ if (!offset) { ++ offset = BN_CTX_POOL_SIZE - 1; ++ p->current = p->current->prev; ++ } else ++ offset--; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +index 27535e4..34895f5 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,8 +53,10 @@ + * + */ + +-/* Support for deprecated functions goes here - static linkage will only slurp +- * this code if applications are using them directly. */ ++/* ++ * Support for deprecated functions goes here - static linkage will only ++ * slurp this code if applications are using them directly. ++ */ + + #include + #include +@@ -62,51 +64,52 @@ + #include "bn_lcl.h" + #include + +-static void *dummy=&dummy; ++static void *dummy = &dummy; + + #ifndef OPENSSL_NO_DEPRECATED + BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, +- const BIGNUM *add, const BIGNUM *rem, +- void (*callback)(int,int,void *), void *cb_arg) +- { +- BN_GENCB cb; +- BIGNUM *rnd=NULL; +- int found = 0; ++ const BIGNUM *add, const BIGNUM *rem, ++ void (*callback) (int, int, void *), void *cb_arg) ++{ ++ BN_GENCB cb; ++ BIGNUM *rnd = NULL; ++ int found = 0; + +- BN_GENCB_set_old(&cb, callback, cb_arg); ++ BN_GENCB_set_old(&cb, callback, cb_arg); + +- if (ret == NULL) +- { +- if ((rnd=BN_new()) == NULL) goto err; +- } +- else +- rnd=ret; +- if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) +- goto err; ++ if (ret == NULL) { ++ if ((rnd = BN_new()) == NULL) ++ goto err; ++ } else ++ rnd = ret; ++ if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) ++ goto err; + +- /* we have a prime :-) */ +- found = 1; +-err: +- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); +- return(found ? rnd : NULL); +- } ++ /* we have a prime :-) */ ++ found = 1; ++ err: ++ if (!found && (ret == NULL) && (rnd != NULL)) ++ BN_free(rnd); ++ return (found ? rnd : NULL); ++} + +-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), +- BN_CTX *ctx_passed, void *cb_arg) +- { +- BN_GENCB cb; +- BN_GENCB_set_old(&cb, callback, cb_arg); +- return BN_is_prime_ex(a, checks, ctx_passed, &cb); +- } ++int BN_is_prime(const BIGNUM *a, int checks, ++ void (*callback) (int, int, void *), BN_CTX *ctx_passed, ++ void *cb_arg) ++{ ++ BN_GENCB cb; ++ BN_GENCB_set_old(&cb, callback, cb_arg); ++ return BN_is_prime_ex(a, checks, ctx_passed, &cb); ++} + + int BN_is_prime_fasttest(const BIGNUM *a, int checks, +- void (*callback)(int,int,void *), +- BN_CTX *ctx_passed, void *cb_arg, +- int do_trial_division) +- { +- BN_GENCB cb; +- BN_GENCB_set_old(&cb, callback, cb_arg); +- return BN_is_prime_fasttest_ex(a, checks, ctx_passed, +- do_trial_division, &cb); +- } ++ void (*callback) (int, int, void *), ++ BN_CTX *ctx_passed, void *cb_arg, ++ int do_trial_division) ++{ ++ BN_GENCB cb; ++ BN_GENCB_set_old(&cb, callback, cb_arg); ++ return BN_is_prime_fasttest_ex(a, checks, ctx_passed, ++ do_trial_division, &cb); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +index 78c6507..836e046 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,77 +61,86 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +- + /* The old slow way */ + #if 0 + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, +- BN_CTX *ctx) +- { +- int i,nm,nd; +- int ret = 0; +- BIGNUM *D; +- +- bn_check_top(m); +- bn_check_top(d); +- if (BN_is_zero(d)) +- { +- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); +- return(0); +- } +- +- if (BN_ucmp(m,d) < 0) +- { +- if (rem != NULL) +- { if (BN_copy(rem,m) == NULL) return(0); } +- if (dv != NULL) BN_zero(dv); +- return(1); +- } +- +- BN_CTX_start(ctx); +- D = BN_CTX_get(ctx); +- if (dv == NULL) dv = BN_CTX_get(ctx); +- if (rem == NULL) rem = BN_CTX_get(ctx); +- if (D == NULL || dv == NULL || rem == NULL) +- goto end; +- +- nd=BN_num_bits(d); +- nm=BN_num_bits(m); +- if (BN_copy(D,d) == NULL) goto end; +- if (BN_copy(rem,m) == NULL) goto end; +- +- /* The next 2 are needed so we can do a dv->d[0]|=1 later +- * since BN_lshift1 will only work once there is a value :-) */ +- BN_zero(dv); +- if(bn_wexpand(dv,1) == NULL) goto end; +- dv->top=1; +- +- if (!BN_lshift(D,D,nm-nd)) goto end; +- for (i=nm-nd; i>=0; i--) +- { +- if (!BN_lshift1(dv,dv)) goto end; +- if (BN_ucmp(rem,D) >= 0) +- { +- dv->d[0]|=1; +- if (!BN_usub(rem,rem,D)) goto end; +- } ++ BN_CTX *ctx) ++{ ++ int i, nm, nd; ++ int ret = 0; ++ BIGNUM *D; ++ ++ bn_check_top(m); ++ bn_check_top(d); ++ if (BN_is_zero(d)) { ++ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); ++ return (0); ++ } ++ ++ if (BN_ucmp(m, d) < 0) { ++ if (rem != NULL) { ++ if (BN_copy(rem, m) == NULL) ++ return (0); ++ } ++ if (dv != NULL) ++ BN_zero(dv); ++ return (1); ++ } ++ ++ BN_CTX_start(ctx); ++ D = BN_CTX_get(ctx); ++ if (dv == NULL) ++ dv = BN_CTX_get(ctx); ++ if (rem == NULL) ++ rem = BN_CTX_get(ctx); ++ if (D == NULL || dv == NULL || rem == NULL) ++ goto end; ++ ++ nd = BN_num_bits(d); ++ nm = BN_num_bits(m); ++ if (BN_copy(D, d) == NULL) ++ goto end; ++ if (BN_copy(rem, m) == NULL) ++ goto end; ++ ++ /* ++ * The next 2 are needed so we can do a dv->d[0]|=1 later since ++ * BN_lshift1 will only work once there is a value :-) ++ */ ++ BN_zero(dv); ++ if (bn_wexpand(dv, 1) == NULL) ++ goto end; ++ dv->top = 1; ++ ++ if (!BN_lshift(D, D, nm - nd)) ++ goto end; ++ for (i = nm - nd; i >= 0; i--) { ++ if (!BN_lshift1(dv, dv)) ++ goto end; ++ if (BN_ucmp(rem, D) >= 0) { ++ dv->d[0] |= 1; ++ if (!BN_usub(rem, rem, D)) ++ goto end; ++ } + /* CAN IMPROVE (and have now :=) */ +- if (!BN_rshift1(D,D)) goto end; +- } +- rem->neg=BN_is_zero(rem)?0:m->neg; +- dv->neg=m->neg^d->neg; +- ret = 1; ++ if (!BN_rshift1(D, D)) ++ goto end; ++ } ++ rem->neg = BN_is_zero(rem) ? 0 : m->neg; ++ dv->neg = m->neg ^ d->neg; ++ ret = 1; + end: +- BN_CTX_end(ctx); +- return(ret); +- } ++ BN_CTX_end(ctx); ++ return (ret); ++} + + #else + +-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ ++# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ + && !defined(PEDANTIC) && !defined(BN_DIV3W) +-# if defined(__GNUC__) && __GNUC__>=2 +-# if defined(__i386) || defined (__i386__) +- /* ++# if defined(__GNUC__) && __GNUC__>=2 ++# if defined(__i386) || defined (__i386__) ++ /*- + * There were two reasons for implementing this template: + * - GNU C generates a call to a function (__udivdi3 to be exact) + * in reply to ((((BN_ULLONG)n0)< ++ * + */ +-# define bn_div_words(n0,n1,d0) \ +- ({ asm volatile ( \ +- "divl %4" \ +- : "=a"(q), "=d"(rem) \ +- : "a"(n1), "d"(n0), "g"(d0) \ +- : "cc"); \ +- q; \ +- }) +-# define REMAINDER_IS_ALREADY_CALCULATED +-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) ++# define bn_div_words(n0,n1,d0) \ ++ ({ asm volatile ( \ ++ "divl %4" \ ++ : "=a"(q), "=d"(rem) \ ++ : "a"(n1), "d"(n0), "g"(d0) \ ++ : "cc"); \ ++ q; \ ++ }) ++# define REMAINDER_IS_ALREADY_CALCULATED ++# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG) + /* + * Same story here, but it's 128-bit by 64-bit division. Wow! +- * ++ * + */ +-# define bn_div_words(n0,n1,d0) \ +- ({ asm volatile ( \ +- "divq %4" \ +- : "=a"(q), "=d"(rem) \ +- : "a"(n1), "d"(n0), "g"(d0) \ +- : "cc"); \ +- q; \ +- }) +-# define REMAINDER_IS_ALREADY_CALCULATED +-# endif /* __ */ +-# endif /* __GNUC__ */ +-#endif /* OPENSSL_NO_ASM */ +- +- +-/* BN_div[_no_branch] computes dv := num / divisor, rounding towards ++# define bn_div_words(n0,n1,d0) \ ++ ({ asm volatile ( \ ++ "divq %4" \ ++ : "=a"(q), "=d"(rem) \ ++ : "a"(n1), "d"(n0), "g"(d0) \ ++ : "cc"); \ ++ q; \ ++ }) ++# define REMAINDER_IS_ALREADY_CALCULATED ++# endif /* __ */ ++# endif /* __GNUC__ */ ++# endif /* OPENSSL_NO_ASM */ ++ ++/*- ++ * BN_div[_no_branch] computes dv := num / divisor, rounding towards + * zero, and sets up rm such that dv*divisor + rm = num holds. + * Thus: + * dv->neg == num->neg ^ divisor->neg (unless the result is zero) +@@ -177,474 +186,506 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + * If 'dv' or 'rm' is NULL, the respective value is not returned. + */ + static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, +- const BIGNUM *divisor, BN_CTX *ctx); ++ const BIGNUM *divisor, BN_CTX *ctx); + int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, +- BN_CTX *ctx) +- { +- int norm_shift,i,loop; +- BIGNUM *tmp,wnum,*snum,*sdiv,*res; +- BN_ULONG *resp,*wnump; +- BN_ULONG d0,d1; +- int num_n,div_n; +- +- /* Invalid zero-padding would have particularly bad consequences +- * in the case of 'num', so don't just rely on bn_check_top() for this one +- * (bn_check_top() works only for BN_DEBUG builds) */ +- if (num->top > 0 && num->d[num->top - 1] == 0) +- { +- BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED); +- return 0; +- } +- +- bn_check_top(num); +- +- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) +- { +- return BN_div_no_branch(dv, rm, num, divisor, ctx); +- } +- +- bn_check_top(dv); +- bn_check_top(rm); +- /* bn_check_top(num); */ /* 'num' has been checked already */ +- bn_check_top(divisor); +- +- if (BN_is_zero(divisor)) +- { +- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); +- return(0); +- } +- +- if (BN_ucmp(num,divisor) < 0) +- { +- if (rm != NULL) +- { if (BN_copy(rm,num) == NULL) return(0); } +- if (dv != NULL) BN_zero(dv); +- return(1); +- } +- +- BN_CTX_start(ctx); +- tmp=BN_CTX_get(ctx); +- snum=BN_CTX_get(ctx); +- sdiv=BN_CTX_get(ctx); +- if (dv == NULL) +- res=BN_CTX_get(ctx); +- else res=dv; +- if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) +- goto err; +- +- /* First we normalise the numbers */ +- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); +- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; +- sdiv->neg=0; +- norm_shift+=BN_BITS2; +- if (!(BN_lshift(snum,num,norm_shift))) goto err; +- snum->neg=0; +- div_n=sdiv->top; +- num_n=snum->top; +- loop=num_n-div_n; +- /* Lets setup a 'window' into snum +- * This is the part that corresponds to the current +- * 'area' being divided */ +- wnum.neg = 0; +- wnum.d = &(snum->d[loop]); +- wnum.top = div_n; +- /* only needed when BN_ucmp messes up the values between top and max */ +- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ +- +- /* Get the top 2 words of sdiv */ +- /* div_n=sdiv->top; */ +- d0=sdiv->d[div_n-1]; +- d1=(div_n == 1)?0:sdiv->d[div_n-2]; +- +- /* pointer to the 'top' of snum */ +- wnump= &(snum->d[num_n-1]); +- +- /* Setup to 'res' */ +- res->neg= (num->neg^divisor->neg); +- if (!bn_wexpand(res,(loop+1))) goto err; +- res->top=loop; +- resp= &(res->d[loop-1]); +- +- /* space for temp */ +- if (!bn_wexpand(tmp,(div_n+1))) goto err; +- +- if (BN_ucmp(&wnum,sdiv) >= 0) +- { +- /* If BN_DEBUG_RAND is defined BN_ucmp changes (via +- * bn_pollute) the const bignum arguments => +- * clean the values between top and max again */ +- bn_clear_top2max(&wnum); +- bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); +- *resp=1; +- } +- else +- res->top--; +- /* if res->top == 0 then clear the neg value otherwise decrease +- * the resp pointer */ +- if (res->top == 0) +- res->neg = 0; +- else +- resp--; +- +- for (i=0; i 0x%08X\n", +- n0, n1, d0, q); +-#endif +-#endif +- +-#ifndef REMAINDER_IS_ALREADY_CALCULATED +- /* +- * rem doesn't have to be BN_ULLONG. The least we +- * know it's less that d0, isn't it? +- */ +- rem=(n1-q*d0)&BN_MASK2; +-#endif +- t2=(BN_ULLONG)d1*q; +- +- for (;;) +- { +- if (t2 <= ((((BN_ULLONG)rem)< 0x%08X\n", +- n0, n1, d0, q); +-#endif +-#ifndef REMAINDER_IS_ALREADY_CALCULATED +- rem=(n1-q*d0)&BN_MASK2; +-#endif +- +-#if defined(BN_UMULT_LOHI) +- BN_UMULT_LOHI(t2l,t2h,d1,q); +-#elif defined(BN_UMULT_HIGH) +- t2l = d1 * q; +- t2h = BN_UMULT_HIGH(d1,q); +-#else +- t2l=LBITS(d1); t2h=HBITS(d1); +- ql =LBITS(q); qh =HBITS(q); +- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ +-#endif +- +- for (;;) +- { +- if ((t2h < rem) || +- ((t2h == rem) && (t2l <= wnump[-2]))) +- break; +- q--; +- rem += d0; +- if (rem < d0) break; /* don't let rem overflow */ +- if (t2l < d1) t2h--; t2l -= d1; +- } +-#endif /* !BN_LLONG */ +- } +-#endif /* !BN_DIV3W */ +- +- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); +- tmp->d[div_n]=l0; +- wnum.d--; +- /* ingore top values of the bignums just sub the two +- * BN_ULONG arrays with bn_sub_words */ +- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) +- { +- /* Note: As we have considered only the leading +- * two BN_ULONGs in the calculation of q, sdiv * q +- * might be greater than wnum (but then (q-1) * sdiv +- * is less or equal than wnum) +- */ +- q--; +- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) +- /* we can't have an overflow here (assuming +- * that q != 0, but if q == 0 then tmp is +- * zero anyway) */ +- (*wnump)++; +- } +- /* store part of the result */ +- *resp = q; +- } +- bn_correct_top(snum); +- if (rm != NULL) +- { +- /* Keep a copy of the neg flag in num because if rm==num +- * BN_rshift() will overwrite it. +- */ +- int neg = num->neg; +- BN_rshift(rm,snum,norm_shift); +- if (!BN_is_zero(rm)) +- rm->neg = neg; +- bn_check_top(rm); +- } +- BN_CTX_end(ctx); +- return(1); +-err: +- bn_check_top(rm); +- BN_CTX_end(ctx); +- return(0); +- } +- +- +-/* BN_div_no_branch is a special version of BN_div. It does not contain ++ BN_CTX *ctx) ++{ ++ int norm_shift, i, loop; ++ BIGNUM *tmp, wnum, *snum, *sdiv, *res; ++ BN_ULONG *resp, *wnump; ++ BN_ULONG d0, d1; ++ int num_n, div_n; ++ ++ /* ++ * Invalid zero-padding would have particularly bad consequences in the ++ * case of 'num', so don't just rely on bn_check_top() for this one ++ * (bn_check_top() works only for BN_DEBUG builds) ++ */ ++ if (num->top > 0 && num->d[num->top - 1] == 0) { ++ BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); ++ return 0; ++ } ++ ++ bn_check_top(num); ++ ++ if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ++ || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { ++ return BN_div_no_branch(dv, rm, num, divisor, ctx); ++ } ++ ++ bn_check_top(dv); ++ bn_check_top(rm); ++ /*- bn_check_top(num); *//* ++ * 'num' has been checked already ++ */ ++ bn_check_top(divisor); ++ ++ if (BN_is_zero(divisor)) { ++ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); ++ return (0); ++ } ++ ++ if (BN_ucmp(num, divisor) < 0) { ++ if (rm != NULL) { ++ if (BN_copy(rm, num) == NULL) ++ return (0); ++ } ++ if (dv != NULL) ++ BN_zero(dv); ++ return (1); ++ } ++ ++ BN_CTX_start(ctx); ++ tmp = BN_CTX_get(ctx); ++ snum = BN_CTX_get(ctx); ++ sdiv = BN_CTX_get(ctx); ++ if (dv == NULL) ++ res = BN_CTX_get(ctx); ++ else ++ res = dv; ++ if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL) ++ goto err; ++ ++ /* First we normalise the numbers */ ++ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); ++ if (!(BN_lshift(sdiv, divisor, norm_shift))) ++ goto err; ++ sdiv->neg = 0; ++ norm_shift += BN_BITS2; ++ if (!(BN_lshift(snum, num, norm_shift))) ++ goto err; ++ snum->neg = 0; ++ div_n = sdiv->top; ++ num_n = snum->top; ++ loop = num_n - div_n; ++ /* ++ * Lets setup a 'window' into snum This is the part that corresponds to ++ * the current 'area' being divided ++ */ ++ wnum.neg = 0; ++ wnum.d = &(snum->d[loop]); ++ wnum.top = div_n; ++ /* ++ * only needed when BN_ucmp messes up the values between top and max ++ */ ++ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ ++ ++ /* Get the top 2 words of sdiv */ ++ /* div_n=sdiv->top; */ ++ d0 = sdiv->d[div_n - 1]; ++ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; ++ ++ /* pointer to the 'top' of snum */ ++ wnump = &(snum->d[num_n - 1]); ++ ++ /* Setup to 'res' */ ++ res->neg = (num->neg ^ divisor->neg); ++ if (!bn_wexpand(res, (loop + 1))) ++ goto err; ++ res->top = loop; ++ resp = &(res->d[loop - 1]); ++ ++ /* space for temp */ ++ if (!bn_wexpand(tmp, (div_n + 1))) ++ goto err; ++ ++ if (BN_ucmp(&wnum, sdiv) >= 0) { ++ /* ++ * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) the ++ * const bignum arguments => clean the values between top and max ++ * again ++ */ ++ bn_clear_top2max(&wnum); ++ bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); ++ *resp = 1; ++ } else ++ res->top--; ++ /* ++ * if res->top == 0 then clear the neg value otherwise decrease the resp ++ * pointer ++ */ ++ if (res->top == 0) ++ res->neg = 0; ++ else ++ resp--; ++ ++ for (i = 0; i < loop - 1; i++, wnump--, resp--) { ++ BN_ULONG q, l0; ++ /* ++ * the first part of the loop uses the top two words of snum and sdiv ++ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv ++ */ ++# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) ++ BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); ++ q = bn_div_3_words(wnump, d1, d0); ++# else ++ BN_ULONG n0, n1, rem = 0; ++ ++ n0 = wnump[0]; ++ n1 = wnump[-1]; ++ if (n0 == d0) ++ q = BN_MASK2; ++ else { /* n0 < d0 */ ++ ++# ifdef BN_LLONG ++ BN_ULLONG t2; ++ ++# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) ++ q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); ++# else ++ q = bn_div_words(n0, n1, d0); ++# ifdef BN_DEBUG_LEVITTE ++ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ ++X) -> 0x%08X\n", n0, n1, d0, q); ++# endif ++# endif ++ ++# ifndef REMAINDER_IS_ALREADY_CALCULATED ++ /* ++ * rem doesn't have to be BN_ULLONG. The least we ++ * know it's less that d0, isn't it? ++ */ ++ rem = (n1 - q * d0) & BN_MASK2; ++# endif ++ t2 = (BN_ULLONG) d1 *q; ++ ++ for (;;) { ++ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) ++ break; ++ q--; ++ rem += d0; ++ if (rem < d0) ++ break; /* don't let rem overflow */ ++ t2 -= d1; ++ } ++# else /* !BN_LLONG */ ++ BN_ULONG t2l, t2h; ++# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) ++ BN_ULONG ql, qh; ++# endif ++ ++ q = bn_div_words(n0, n1, d0); ++# ifdef BN_DEBUG_LEVITTE ++ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ ++X) -> 0x%08X\n", n0, n1, d0, q); ++# endif ++# ifndef REMAINDER_IS_ALREADY_CALCULATED ++ rem = (n1 - q * d0) & BN_MASK2; ++# endif ++ ++# if defined(BN_UMULT_LOHI) ++ BN_UMULT_LOHI(t2l, t2h, d1, q); ++# elif defined(BN_UMULT_HIGH) ++ t2l = d1 * q; ++ t2h = BN_UMULT_HIGH(d1, q); ++# else ++ t2l = LBITS(d1); ++ t2h = HBITS(d1); ++ ql = LBITS(q); ++ qh = HBITS(q); ++ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ ++# endif ++ ++ for (;;) { ++ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) ++ break; ++ q--; ++ rem += d0; ++ if (rem < d0) ++ break; /* don't let rem overflow */ ++ if (t2l < d1) ++ t2h--; ++ t2l -= d1; ++ } ++# endif /* !BN_LLONG */ ++ } ++# endif /* !BN_DIV3W */ ++ ++ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); ++ tmp->d[div_n] = l0; ++ wnum.d--; ++ /* ++ * ingore top values of the bignums just sub the two BN_ULONG arrays ++ * with bn_sub_words ++ */ ++ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { ++ /* ++ * Note: As we have considered only the leading two BN_ULONGs in ++ * the calculation of q, sdiv * q might be greater than wnum (but ++ * then (q-1) * sdiv is less or equal than wnum) ++ */ ++ q--; ++ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) ++ /* ++ * we can't have an overflow here (assuming that q != 0, but ++ * if q == 0 then tmp is zero anyway) ++ */ ++ (*wnump)++; ++ } ++ /* store part of the result */ ++ *resp = q; ++ } ++ bn_correct_top(snum); ++ if (rm != NULL) { ++ /* ++ * Keep a copy of the neg flag in num because if rm==num BN_rshift() ++ * will overwrite it. ++ */ ++ int neg = num->neg; ++ BN_rshift(rm, snum, norm_shift); ++ if (!BN_is_zero(rm)) ++ rm->neg = neg; ++ bn_check_top(rm); ++ } ++ BN_CTX_end(ctx); ++ return (1); ++ err: ++ bn_check_top(rm); ++ BN_CTX_end(ctx); ++ return (0); ++} ++ ++/* ++ * BN_div_no_branch is a special version of BN_div. It does not contain + * branches that may leak sensitive information. + */ +-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, +- const BIGNUM *divisor, BN_CTX *ctx) +- { +- int norm_shift,i,loop; +- BIGNUM *tmp,wnum,*snum,*sdiv,*res; +- BN_ULONG *resp,*wnump; +- BN_ULONG d0,d1; +- int num_n,div_n; +- +- bn_check_top(dv); +- bn_check_top(rm); +- /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */ +- bn_check_top(divisor); +- +- if (BN_is_zero(divisor)) +- { +- BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO); +- return(0); +- } +- +- BN_CTX_start(ctx); +- tmp=BN_CTX_get(ctx); +- snum=BN_CTX_get(ctx); +- sdiv=BN_CTX_get(ctx); +- if (dv == NULL) +- res=BN_CTX_get(ctx); +- else res=dv; +- if (sdiv == NULL || res == NULL) goto err; +- +- /* First we normalise the numbers */ +- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); +- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; +- sdiv->neg=0; +- norm_shift+=BN_BITS2; +- if (!(BN_lshift(snum,num,norm_shift))) goto err; +- snum->neg=0; +- +- /* Since we don't know whether snum is larger than sdiv, +- * we pad snum with enough zeroes without changing its +- * value. +- */ +- if (snum->top <= sdiv->top+1) +- { +- if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err; +- for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0; +- snum->top = sdiv->top + 2; +- } +- else +- { +- if (bn_wexpand(snum, snum->top + 1) == NULL) goto err; +- snum->d[snum->top] = 0; +- snum->top ++; +- } +- +- div_n=sdiv->top; +- num_n=snum->top; +- loop=num_n-div_n; +- /* Lets setup a 'window' into snum +- * This is the part that corresponds to the current +- * 'area' being divided */ +- wnum.neg = 0; +- wnum.d = &(snum->d[loop]); +- wnum.top = div_n; +- /* only needed when BN_ucmp messes up the values between top and max */ +- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ +- +- /* Get the top 2 words of sdiv */ +- /* div_n=sdiv->top; */ +- d0=sdiv->d[div_n-1]; +- d1=(div_n == 1)?0:sdiv->d[div_n-2]; +- +- /* pointer to the 'top' of snum */ +- wnump= &(snum->d[num_n-1]); +- +- /* Setup to 'res' */ +- res->neg= (num->neg^divisor->neg); +- if (!bn_wexpand(res,(loop+1))) goto err; +- res->top=loop-1; +- resp= &(res->d[loop-1]); +- +- /* space for temp */ +- if (!bn_wexpand(tmp,(div_n+1))) goto err; +- +- /* if res->top == 0 then clear the neg value otherwise decrease +- * the resp pointer */ +- if (res->top == 0) +- res->neg = 0; +- else +- resp--; +- +- for (i=0; i 0x%08X\n", +- n0, n1, d0, q); +-#endif +-#endif +- +-#ifndef REMAINDER_IS_ALREADY_CALCULATED +- /* +- * rem doesn't have to be BN_ULLONG. The least we +- * know it's less that d0, isn't it? +- */ +- rem=(n1-q*d0)&BN_MASK2; +-#endif +- t2=(BN_ULLONG)d1*q; +- +- for (;;) +- { +- if (t2 <= ((((BN_ULLONG)rem)< 0x%08X\n", +- n0, n1, d0, q); +-#endif +-#ifndef REMAINDER_IS_ALREADY_CALCULATED +- rem=(n1-q*d0)&BN_MASK2; +-#endif +- +-#if defined(BN_UMULT_LOHI) +- BN_UMULT_LOHI(t2l,t2h,d1,q); +-#elif defined(BN_UMULT_HIGH) +- t2l = d1 * q; +- t2h = BN_UMULT_HIGH(d1,q); +-#else +- t2l=LBITS(d1); t2h=HBITS(d1); +- ql =LBITS(q); qh =HBITS(q); +- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ +-#endif +- +- for (;;) +- { +- if ((t2h < rem) || +- ((t2h == rem) && (t2l <= wnump[-2]))) +- break; +- q--; +- rem += d0; +- if (rem < d0) break; /* don't let rem overflow */ +- if (t2l < d1) t2h--; t2l -= d1; +- } +-#endif /* !BN_LLONG */ +- } +-#endif /* !BN_DIV3W */ +- +- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); +- tmp->d[div_n]=l0; +- wnum.d--; +- /* ingore top values of the bignums just sub the two +- * BN_ULONG arrays with bn_sub_words */ +- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1)) +- { +- /* Note: As we have considered only the leading +- * two BN_ULONGs in the calculation of q, sdiv * q +- * might be greater than wnum (but then (q-1) * sdiv +- * is less or equal than wnum) +- */ +- q--; +- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) +- /* we can't have an overflow here (assuming +- * that q != 0, but if q == 0 then tmp is +- * zero anyway) */ +- (*wnump)++; +- } +- /* store part of the result */ +- *resp = q; +- } +- bn_correct_top(snum); +- if (rm != NULL) +- { +- /* Keep a copy of the neg flag in num because if rm==num +- * BN_rshift() will overwrite it. +- */ +- int neg = num->neg; +- BN_rshift(rm,snum,norm_shift); +- if (!BN_is_zero(rm)) +- rm->neg = neg; +- bn_check_top(rm); +- } +- bn_correct_top(res); +- BN_CTX_end(ctx); +- return(1); +-err: +- bn_check_top(rm); +- BN_CTX_end(ctx); +- return(0); +- } ++static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, ++ const BIGNUM *divisor, BN_CTX *ctx) ++{ ++ int norm_shift, i, loop; ++ BIGNUM *tmp, wnum, *snum, *sdiv, *res; ++ BN_ULONG *resp, *wnump; ++ BN_ULONG d0, d1; ++ int num_n, div_n; ++ ++ bn_check_top(dv); ++ bn_check_top(rm); ++ /*- bn_check_top(num); *//* ++ * 'num' has been checked in BN_div() ++ */ ++ bn_check_top(divisor); ++ ++ if (BN_is_zero(divisor)) { ++ BNerr(BN_F_BN_DIV_NO_BRANCH, BN_R_DIV_BY_ZERO); ++ return (0); ++ } ++ ++ BN_CTX_start(ctx); ++ tmp = BN_CTX_get(ctx); ++ snum = BN_CTX_get(ctx); ++ sdiv = BN_CTX_get(ctx); ++ if (dv == NULL) ++ res = BN_CTX_get(ctx); ++ else ++ res = dv; ++ if (sdiv == NULL || res == NULL) ++ goto err; ++ ++ /* First we normalise the numbers */ ++ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); ++ if (!(BN_lshift(sdiv, divisor, norm_shift))) ++ goto err; ++ sdiv->neg = 0; ++ norm_shift += BN_BITS2; ++ if (!(BN_lshift(snum, num, norm_shift))) ++ goto err; ++ snum->neg = 0; ++ ++ /* ++ * Since we don't know whether snum is larger than sdiv, we pad snum with ++ * enough zeroes without changing its value. ++ */ ++ if (snum->top <= sdiv->top + 1) { ++ if (bn_wexpand(snum, sdiv->top + 2) == NULL) ++ goto err; ++ for (i = snum->top; i < sdiv->top + 2; i++) ++ snum->d[i] = 0; ++ snum->top = sdiv->top + 2; ++ } else { ++ if (bn_wexpand(snum, snum->top + 1) == NULL) ++ goto err; ++ snum->d[snum->top] = 0; ++ snum->top++; ++ } ++ ++ div_n = sdiv->top; ++ num_n = snum->top; ++ loop = num_n - div_n; ++ /* ++ * Lets setup a 'window' into snum This is the part that corresponds to ++ * the current 'area' being divided ++ */ ++ wnum.neg = 0; ++ wnum.d = &(snum->d[loop]); ++ wnum.top = div_n; ++ /* ++ * only needed when BN_ucmp messes up the values between top and max ++ */ ++ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ ++ ++ /* Get the top 2 words of sdiv */ ++ /* div_n=sdiv->top; */ ++ d0 = sdiv->d[div_n - 1]; ++ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; ++ ++ /* pointer to the 'top' of snum */ ++ wnump = &(snum->d[num_n - 1]); ++ ++ /* Setup to 'res' */ ++ res->neg = (num->neg ^ divisor->neg); ++ if (!bn_wexpand(res, (loop + 1))) ++ goto err; ++ res->top = loop - 1; ++ resp = &(res->d[loop - 1]); ++ ++ /* space for temp */ ++ if (!bn_wexpand(tmp, (div_n + 1))) ++ goto err; ++ ++ /* ++ * if res->top == 0 then clear the neg value otherwise decrease the resp ++ * pointer ++ */ ++ if (res->top == 0) ++ res->neg = 0; ++ else ++ resp--; ++ ++ for (i = 0; i < loop - 1; i++, wnump--, resp--) { ++ BN_ULONG q, l0; ++ /* ++ * the first part of the loop uses the top two words of snum and sdiv ++ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv ++ */ ++# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) ++ BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); ++ q = bn_div_3_words(wnump, d1, d0); ++# else ++ BN_ULONG n0, n1, rem = 0; ++ ++ n0 = wnump[0]; ++ n1 = wnump[-1]; ++ if (n0 == d0) ++ q = BN_MASK2; ++ else { /* n0 < d0 */ ++ ++# ifdef BN_LLONG ++ BN_ULLONG t2; ++ ++# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) ++ q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); ++# else ++ q = bn_div_words(n0, n1, d0); ++# ifdef BN_DEBUG_LEVITTE ++ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ ++X) -> 0x%08X\n", n0, n1, d0, q); ++# endif ++# endif ++ ++# ifndef REMAINDER_IS_ALREADY_CALCULATED ++ /* ++ * rem doesn't have to be BN_ULLONG. The least we ++ * know it's less that d0, isn't it? ++ */ ++ rem = (n1 - q * d0) & BN_MASK2; ++# endif ++ t2 = (BN_ULLONG) d1 *q; ++ ++ for (;;) { ++ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) ++ break; ++ q--; ++ rem += d0; ++ if (rem < d0) ++ break; /* don't let rem overflow */ ++ t2 -= d1; ++ } ++# else /* !BN_LLONG */ ++ BN_ULONG t2l, t2h; ++# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH) ++ BN_ULONG ql, qh; ++# endif ++ ++ q = bn_div_words(n0, n1, d0); ++# ifdef BN_DEBUG_LEVITTE ++ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ ++X) -> 0x%08X\n", n0, n1, d0, q); ++# endif ++# ifndef REMAINDER_IS_ALREADY_CALCULATED ++ rem = (n1 - q * d0) & BN_MASK2; ++# endif ++ ++# if defined(BN_UMULT_LOHI) ++ BN_UMULT_LOHI(t2l, t2h, d1, q); ++# elif defined(BN_UMULT_HIGH) ++ t2l = d1 * q; ++ t2h = BN_UMULT_HIGH(d1, q); ++# else ++ t2l = LBITS(d1); ++ t2h = HBITS(d1); ++ ql = LBITS(q); ++ qh = HBITS(q); ++ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ ++# endif ++ ++ for (;;) { ++ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) ++ break; ++ q--; ++ rem += d0; ++ if (rem < d0) ++ break; /* don't let rem overflow */ ++ if (t2l < d1) ++ t2h--; ++ t2l -= d1; ++ } ++# endif /* !BN_LLONG */ ++ } ++# endif /* !BN_DIV3W */ ++ ++ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); ++ tmp->d[div_n] = l0; ++ wnum.d--; ++ /* ++ * ingore top values of the bignums just sub the two BN_ULONG arrays ++ * with bn_sub_words ++ */ ++ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { ++ /* ++ * Note: As we have considered only the leading two BN_ULONGs in ++ * the calculation of q, sdiv * q might be greater than wnum (but ++ * then (q-1) * sdiv is less or equal than wnum) ++ */ ++ q--; ++ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) ++ /* ++ * we can't have an overflow here (assuming that q != 0, but ++ * if q == 0 then tmp is zero anyway) ++ */ ++ (*wnump)++; ++ } ++ /* store part of the result */ ++ *resp = q; ++ } ++ bn_correct_top(snum); ++ if (rm != NULL) { ++ /* ++ * Keep a copy of the neg flag in num because if rm==num BN_rshift() ++ * will overwrite it. ++ */ ++ int neg = num->neg; ++ BN_rshift(rm, snum, norm_shift); ++ if (!BN_is_zero(rm)) ++ rm->neg = neg; ++ bn_check_top(rm); ++ } ++ bn_correct_top(res); ++ BN_CTX_end(ctx); ++ return (1); ++ err: ++ bn_check_top(rm); ++ BN_CTX_end(ctx); ++ return (0); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +index cfe2eb9..faa7e22 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,86 +66,85 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) + +-static ERR_STRING_DATA BN_str_functs[]= +- { +-{ERR_FUNC(BN_F_BNRAND), "BNRAND"}, +-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, +-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, +-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, +-{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, +-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, +-{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, +-{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, +-{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, +-{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, +-{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, +-{ERR_FUNC(BN_F_BN_DIV), "BN_div"}, +-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, +-{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, +-{ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, +-{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, +-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, +-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, +-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, +-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, +-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, +-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, +-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, +-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, +-{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, +-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, +-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, +-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, +-{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, +-{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, +-{ERR_FUNC(BN_F_BN_NEW), "BN_new"}, +-{ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, +-{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, +-{ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA BN_str_functs[] = { ++ {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, ++ {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, ++ {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, ++ {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, ++ {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"}, ++ {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, ++ {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, ++ {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, ++ {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, ++ {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, ++ {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, ++ {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, ++ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, ++ {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, ++ {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, ++ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, ++ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, ++ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, ++ {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, ++ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, ++ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, ++ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"}, ++ {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"}, ++ {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"}, ++ {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, ++ {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, ++ {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, ++ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, ++ {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, ++ {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, ++ {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, ++ {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, ++ {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, ++ {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA BN_str_reasons[]= +- { +-{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"}, +-{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"}, +-{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"}, +-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"}, +-{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"}, +-{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"}, +-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"}, +-{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"}, +-{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"}, +-{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"}, +-{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"}, +-{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"}, +-{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"}, +-{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"}, +-{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"}, +-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"}, +-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA BN_str_reasons[] = { ++ {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, ++ {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, ++ {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, ++ {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, ++ {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, ++ {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, ++ {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), ++ "expand on static bignum data"}, ++ {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, ++ {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, ++ {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, ++ {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, ++ {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, ++ {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, ++ {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, ++ {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, ++ {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, ++ {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), ++ "too many temporary variables"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_BN_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(BN_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,BN_str_functs); +- ERR_load_strings(0,BN_str_reasons); +- } ++ if (ERR_func_error_string(BN_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, BN_str_functs); ++ ERR_load_strings(0, BN_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +index d9b6c73..ef67843 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -109,883 +109,899 @@ + * + */ + +- + #include "cryptlib.h" + #include "bn_lcl.h" + + /* maximum precomputation table size for *variable* sliding windows */ +-#define TABLE_SIZE 32 ++#define TABLE_SIZE 32 + + /* this one works - simple but works */ + int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +- { +- int i,bits,ret=0; +- BIGNUM *v,*rr; +- +- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) +- { +- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ +- BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +- } +- +- BN_CTX_start(ctx); +- if ((r == a) || (r == p)) +- rr = BN_CTX_get(ctx); +- else +- rr = r; +- v = BN_CTX_get(ctx); +- if (rr == NULL || v == NULL) goto err; +- +- if (BN_copy(v,a) == NULL) goto err; +- bits=BN_num_bits(p); +- +- if (BN_is_odd(p)) +- { if (BN_copy(rr,a) == NULL) goto err; } +- else { if (!BN_one(rr)) goto err; } +- +- for (i=1; i= m. eay 07-May-97 */ +-/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ +- +- if (BN_is_odd(m)) +- { +-# ifdef MONT_EXP_WORD +- if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) +- { +- BN_ULONG A = a->d[0]; +- ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); +- } +- else +-# endif +- ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); +- } +- else ++ /* ++ * I have finally been able to take out this pre-condition of the top bit ++ * being set. It was caused by an error in BN_div with negatives. There ++ * was also another problem when for a^b%m a >= m. eay 07-May-97 ++ */ ++ /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ ++ ++ if (BN_is_odd(m)) { ++# ifdef MONT_EXP_WORD ++ if (a->top == 1 && !a->neg ++ && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) { ++ BN_ULONG A = a->d[0]; ++ ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); ++ } else ++# endif ++ ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL); ++ } else + #endif + #ifdef RECP_MUL_MOD +- { ret=BN_mod_exp_recp(r,a,p,m,ctx); } ++ { ++ ret = BN_mod_exp_recp(r, a, p, m, ctx); ++ } + #else +- { ret=BN_mod_exp_simple(r,a,p,m,ctx); } ++ { ++ ret = BN_mod_exp_simple(r, a, p, m, ctx); ++ } + #endif + +- bn_check_top(r); +- return(ret); +- } +- ++ bn_check_top(r); ++ return (ret); ++} + + int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx) +- { +- int i,j,bits,ret=0,wstart,wend,window,wvalue; +- int start=1; +- BIGNUM *aa; +- /* Table of variables obtained from 'ctx' */ +- BIGNUM *val[TABLE_SIZE]; +- BN_RECP_CTX recp; +- +- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) +- { +- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ +- BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +- } +- +- bits=BN_num_bits(p); +- +- if (bits == 0) +- { +- ret = BN_one(r); +- return ret; +- } +- +- BN_CTX_start(ctx); +- aa = BN_CTX_get(ctx); +- val[0] = BN_CTX_get(ctx); +- if(!aa || !val[0]) goto err; +- +- BN_RECP_CTX_init(&recp); +- if (m->neg) +- { +- /* ignore sign of 'm' */ +- if (!BN_copy(aa, m)) goto err; +- aa->neg = 0; +- if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err; +- } +- else +- { +- if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; +- } +- +- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ +- if (BN_is_zero(val[0])) +- { +- BN_zero(r); +- ret = 1; +- goto err; +- } +- +- window = BN_window_bits_for_exponent_size(bits); +- if (window > 1) +- { +- if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx)) +- goto err; /* 2 */ +- j=1<<(window-1); +- for (i=1; i>1],&recp,ctx)) +- goto err; +- +- /* move the 'window' down further */ +- wstart-=wend+1; +- wvalue=0; +- start=0; +- if (wstart < 0) break; +- } +- ret=1; +-err: +- BN_CTX_end(ctx); +- BN_RECP_CTX_free(&recp); +- bn_check_top(r); +- return(ret); +- } +- ++ const BIGNUM *m, BN_CTX *ctx) ++{ ++ int i, j, bits, ret = 0, wstart, wend, window, wvalue; ++ int start = 1; ++ BIGNUM *aa; ++ /* Table of variables obtained from 'ctx' */ ++ BIGNUM *val[TABLE_SIZE]; ++ BN_RECP_CTX recp; ++ ++ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { ++ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ++ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++ ++ bits = BN_num_bits(p); ++ ++ if (bits == 0) { ++ ret = BN_one(r); ++ return ret; ++ } ++ ++ BN_CTX_start(ctx); ++ aa = BN_CTX_get(ctx); ++ val[0] = BN_CTX_get(ctx); ++ if (!aa || !val[0]) ++ goto err; ++ ++ BN_RECP_CTX_init(&recp); ++ if (m->neg) { ++ /* ignore sign of 'm' */ ++ if (!BN_copy(aa, m)) ++ goto err; ++ aa->neg = 0; ++ if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0) ++ goto err; ++ } else { ++ if (BN_RECP_CTX_set(&recp, m, ctx) <= 0) ++ goto err; ++ } ++ ++ if (!BN_nnmod(val[0], a, m, ctx)) ++ goto err; /* 1 */ ++ if (BN_is_zero(val[0])) { ++ BN_zero(r); ++ ret = 1; ++ goto err; ++ } ++ ++ window = BN_window_bits_for_exponent_size(bits); ++ if (window > 1) { ++ if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) ++ goto err; /* 2 */ ++ j = 1 << (window - 1); ++ for (i = 1; i < j; i++) { ++ if (((val[i] = BN_CTX_get(ctx)) == NULL) || ++ !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx)) ++ goto err; ++ } ++ } ++ ++ start = 1; /* This is used to avoid multiplication etc ++ * when there is only the value '1' in the ++ * buffer. */ ++ wvalue = 0; /* The 'value' of the window */ ++ wstart = bits - 1; /* The top bit of the window */ ++ wend = 0; /* The bottom bit of the window */ ++ ++ if (!BN_one(r)) ++ goto err; ++ ++ for (;;) { ++ if (BN_is_bit_set(p, wstart) == 0) { ++ if (!start) ++ if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) ++ goto err; ++ if (wstart == 0) ++ break; ++ wstart--; ++ continue; ++ } ++ /* ++ * We now have wstart on a 'set' bit, we now need to work out how bit ++ * a window to do. To do this we need to scan forward until the last ++ * set bit before the end of the window ++ */ ++ j = wstart; ++ wvalue = 1; ++ wend = 0; ++ for (i = 1; i < window; i++) { ++ if (wstart - i < 0) ++ break; ++ if (BN_is_bit_set(p, wstart - i)) { ++ wvalue <<= (i - wend); ++ wvalue |= 1; ++ wend = i; ++ } ++ } ++ ++ /* wend is the size of the current window */ ++ j = wend + 1; ++ /* add the 'bytes above' */ ++ if (!start) ++ for (i = 0; i < j; i++) { ++ if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) ++ goto err; ++ } ++ ++ /* wvalue will be an odd number < 2^window */ ++ if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) ++ goto err; ++ ++ /* move the 'window' down further */ ++ wstart -= wend + 1; ++ wvalue = 0; ++ start = 0; ++ if (wstart < 0) ++ break; ++ } ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ BN_RECP_CTX_free(&recp); ++ bn_check_top(r); ++ return (ret); ++} + + int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +- { +- int i,j,bits,ret=0,wstart,wend,window,wvalue; +- int start=1; +- BIGNUM *d,*r; +- const BIGNUM *aa; +- /* Table of variables obtained from 'ctx' */ +- BIGNUM *val[TABLE_SIZE]; +- BN_MONT_CTX *mont=NULL; +- +- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) +- { +- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); +- } +- +- bn_check_top(a); +- bn_check_top(p); +- bn_check_top(m); +- +- if (!BN_is_odd(m)) +- { +- BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); +- return(0); +- } +- bits=BN_num_bits(p); +- if (bits == 0) +- { +- ret = BN_one(rr); +- return ret; +- } +- +- BN_CTX_start(ctx); +- d = BN_CTX_get(ctx); +- r = BN_CTX_get(ctx); +- val[0] = BN_CTX_get(ctx); +- if (!d || !r || !val[0]) goto err; +- +- /* If this is not done, things will break in the montgomery +- * part */ +- +- if (in_mont != NULL) +- mont=in_mont; +- else +- { +- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; +- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; +- } +- +- if (a->neg || BN_ucmp(a,m) >= 0) +- { +- if (!BN_nnmod(val[0],a,m,ctx)) +- goto err; +- aa= val[0]; +- } +- else +- aa=a; +- if (BN_is_zero(aa)) +- { +- BN_zero(rr); +- ret = 1; +- goto err; +- } +- if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */ +- +- window = BN_window_bits_for_exponent_size(bits); +- if (window > 1) +- { +- if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */ +- j=1<<(window-1); +- for (i=1; i>1],mont,ctx)) +- goto err; +- +- /* move the 'window' down further */ +- wstart-=wend+1; +- wvalue=0; +- start=0; +- if (wstart < 0) break; +- } +- if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; +- ret=1; +-err: +- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); +- BN_CTX_end(ctx); +- bn_check_top(rr); +- return(ret); +- } +- +- +-/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout +- * so that accessing any of these table values shows the same access pattern as far +- * as cache lines are concerned. The following functions are used to transfer a BIGNUM +- * from/to that table. */ +- +-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) +- { +- size_t i, j; +- +- if (bn_wexpand(b, top) == NULL) +- return 0; +- while (b->top < top) +- { +- b->d[b->top++] = 0; +- } +- +- for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) +- { +- buf[j] = ((unsigned char*)b->d)[i]; +- } +- +- bn_correct_top(b); +- return 1; +- } +- +-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width) +- { +- size_t i, j; +- +- if (bn_wexpand(b, top) == NULL) +- return 0; +- +- for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width) +- { +- ((unsigned char*)b->d)[i] = buf[j]; +- } +- +- b->top = top; +- bn_correct_top(b); +- return 1; +- } +- +-/* Given a pointer value, compute the next address that is a cache line multiple. */ +-#define MOD_EXP_CTIME_ALIGN(x_) \ +- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) ++{ ++ int i, j, bits, ret = 0, wstart, wend, window, wvalue; ++ int start = 1; ++ BIGNUM *d, *r; ++ const BIGNUM *aa; ++ /* Table of variables obtained from 'ctx' */ ++ BIGNUM *val[TABLE_SIZE]; ++ BN_MONT_CTX *mont = NULL; ++ ++ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { ++ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); ++ } ++ ++ bn_check_top(a); ++ bn_check_top(p); ++ bn_check_top(m); ++ ++ if (!BN_is_odd(m)) { ++ BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); ++ return (0); ++ } ++ bits = BN_num_bits(p); ++ if (bits == 0) { ++ ret = BN_one(rr); ++ return ret; ++ } ++ ++ BN_CTX_start(ctx); ++ d = BN_CTX_get(ctx); ++ r = BN_CTX_get(ctx); ++ val[0] = BN_CTX_get(ctx); ++ if (!d || !r || !val[0]) ++ goto err; ++ ++ /* ++ * If this is not done, things will break in the montgomery part ++ */ ++ ++ if (in_mont != NULL) ++ mont = in_mont; ++ else { ++ if ((mont = BN_MONT_CTX_new()) == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, m, ctx)) ++ goto err; ++ } ++ ++ if (a->neg || BN_ucmp(a, m) >= 0) { ++ if (!BN_nnmod(val[0], a, m, ctx)) ++ goto err; ++ aa = val[0]; ++ } else ++ aa = a; ++ if (BN_is_zero(aa)) { ++ BN_zero(rr); ++ ret = 1; ++ goto err; ++ } ++ if (!BN_to_montgomery(val[0], aa, mont, ctx)) ++ goto err; /* 1 */ ++ ++ window = BN_window_bits_for_exponent_size(bits); ++ if (window > 1) { ++ if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) ++ goto err; /* 2 */ ++ j = 1 << (window - 1); ++ for (i = 1; i < j; i++) { ++ if (((val[i] = BN_CTX_get(ctx)) == NULL) || ++ !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) ++ goto err; ++ } ++ } ++ ++ start = 1; /* This is used to avoid multiplication etc ++ * when there is only the value '1' in the ++ * buffer. */ ++ wvalue = 0; /* The 'value' of the window */ ++ wstart = bits - 1; /* The top bit of the window */ ++ wend = 0; /* The bottom bit of the window */ ++ ++ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) ++ goto err; ++ for (;;) { ++ if (BN_is_bit_set(p, wstart) == 0) { ++ if (!start) { ++ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) ++ goto err; ++ } ++ if (wstart == 0) ++ break; ++ wstart--; ++ continue; ++ } ++ /* ++ * We now have wstart on a 'set' bit, we now need to work out how bit ++ * a window to do. To do this we need to scan forward until the last ++ * set bit before the end of the window ++ */ ++ j = wstart; ++ wvalue = 1; ++ wend = 0; ++ for (i = 1; i < window; i++) { ++ if (wstart - i < 0) ++ break; ++ if (BN_is_bit_set(p, wstart - i)) { ++ wvalue <<= (i - wend); ++ wvalue |= 1; ++ wend = i; ++ } ++ } ++ ++ /* wend is the size of the current window */ ++ j = wend + 1; ++ /* add the 'bytes above' */ ++ if (!start) ++ for (i = 0; i < j; i++) { ++ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) ++ goto err; ++ } ++ ++ /* wvalue will be an odd number < 2^window */ ++ if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) ++ goto err; ++ ++ /* move the 'window' down further */ ++ wstart -= wend + 1; ++ wvalue = 0; ++ start = 0; ++ if (wstart < 0) ++ break; ++ } ++ if (!BN_from_montgomery(rr, r, mont, ctx)) ++ goto err; ++ ret = 1; ++ err: ++ if ((in_mont == NULL) && (mont != NULL)) ++ BN_MONT_CTX_free(mont); ++ BN_CTX_end(ctx); ++ bn_check_top(rr); ++ return (ret); ++} ++ ++/* ++ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific ++ * layout so that accessing any of these table values shows the same access ++ * pattern as far as cache lines are concerned. The following functions are ++ * used to transfer a BIGNUM from/to that table. ++ */ + +-/* This variant of BN_mod_exp_mont() uses fixed windows and the special +- * precomputation memory layout to limit data-dependency to a minimum +- * to protect secret exponents (cf. the hyper-threading timing attacks +- * pointed out by Colin Percival, +- * http://www.daemonology.net/hyperthreading-considered-harmful/) ++static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, ++ unsigned char *buf, int idx, ++ int width) ++{ ++ size_t i, j; ++ ++ if (bn_wexpand(b, top) == NULL) ++ return 0; ++ while (b->top < top) { ++ b->d[b->top++] = 0; ++ } ++ ++ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) { ++ buf[j] = ((unsigned char *)b->d)[i]; ++ } ++ ++ bn_correct_top(b); ++ return 1; ++} ++ ++static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, ++ unsigned char *buf, int idx, ++ int width) ++{ ++ size_t i, j; ++ ++ if (bn_wexpand(b, top) == NULL) ++ return 0; ++ ++ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) { ++ ((unsigned char *)b->d)[i] = buf[j]; ++ } ++ ++ b->top = top; ++ bn_correct_top(b); ++ return 1; ++} ++ ++/* ++ * Given a pointer value, compute the next address that is a cache line ++ * multiple. ++ */ ++#define MOD_EXP_CTIME_ALIGN(x_) \ ++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) ++ ++/* ++ * This variant of BN_mod_exp_mont() uses fixed windows and the special ++ * precomputation memory layout to limit data-dependency to a minimum to ++ * protect secret exponents (cf. the hyper-threading timing attacks pointed ++ * out by Colin Percival, ++ * http://www.daemong-consideredperthreading-considered-harmful/) + */ + int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +- { +- int i,bits,ret=0,idx,window,wvalue; +- int top; +- BIGNUM *r; +- const BIGNUM *aa; +- BN_MONT_CTX *mont=NULL; +- +- int numPowers; +- unsigned char *powerbufFree=NULL; +- int powerbufLen = 0; +- unsigned char *powerbuf=NULL; +- BIGNUM *computeTemp=NULL, *am=NULL; +- +- bn_check_top(a); +- bn_check_top(p); +- bn_check_top(m); +- +- top = m->top; +- +- if (!(m->d[0] & 1)) +- { +- BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS); +- return(0); +- } +- bits=BN_num_bits(p); +- if (bits == 0) +- { +- ret = BN_one(rr); +- return ret; +- } +- +- /* Initialize BIGNUM context and allocate intermediate result */ +- BN_CTX_start(ctx); +- r = BN_CTX_get(ctx); +- if (r == NULL) goto err; +- +- /* Allocate a montgomery context if it was not supplied by the caller. +- * If this is not done, things will break in the montgomery part. +- */ +- if (in_mont != NULL) +- mont=in_mont; +- else +- { +- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; +- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; +- } +- +- /* Get the window size to use with size of p. */ +- window = BN_window_bits_for_ctime_exponent_size(bits); +- +- /* Allocate a buffer large enough to hold all of the pre-computed +- * powers of a. +- */ +- numPowers = 1 << window; +- powerbufLen = sizeof(m->d[0])*top*numPowers; +- if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) +- goto err; +- +- powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); +- memset(powerbuf, 0, powerbufLen); +- +- /* Initialize the intermediate result. Do this early to save double conversion, +- * once each for a^0 and intermediate result. +- */ +- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; +- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err; +- +- /* Initialize computeTemp as a^1 with montgomery precalcs */ +- computeTemp = BN_CTX_get(ctx); +- am = BN_CTX_get(ctx); +- if (computeTemp==NULL || am==NULL) goto err; +- +- if (a->neg || BN_ucmp(a,m) >= 0) +- { +- if (!BN_mod(am,a,m,ctx)) +- goto err; +- aa= am; +- } +- else +- aa=a; +- if (!BN_to_montgomery(am,aa,mont,ctx)) goto err; +- if (!BN_copy(computeTemp, am)) goto err; +- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err; +- +- /* If the window size is greater than 1, then calculate +- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) +- * (even powers could instead be computed as (a^(i/2))^2 +- * to use the slight performance advantage of sqr over mul). +- */ +- if (window > 1) +- { +- for (i=2; i= 0) +- { +- wvalue=0; /* The 'value' of the window */ +- +- /* Scan the window, squaring the result as we go */ +- for (i=0; itop; ++ ++ if (!(m->d[0] & 1)) { ++ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS); ++ return (0); ++ } ++ bits = BN_num_bits(p); ++ if (bits == 0) { ++ ret = BN_one(rr); ++ return ret; ++ } ++ ++ /* Initialize BIGNUM context and allocate intermediate result */ ++ BN_CTX_start(ctx); ++ r = BN_CTX_get(ctx); ++ if (r == NULL) ++ goto err; ++ ++ /* ++ * Allocate a montgomery context if it was not supplied by the caller. If ++ * this is not done, things will break in the montgomery part. ++ */ ++ if (in_mont != NULL) ++ mont = in_mont; ++ else { ++ if ((mont = BN_MONT_CTX_new()) == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, m, ctx)) ++ goto err; ++ } ++ ++ /* Get the window size to use with size of p. */ ++ window = BN_window_bits_for_ctime_exponent_size(bits); ++ ++ /* ++ * Allocate a buffer large enough to hold all of the pre-computed powers ++ * of a. ++ */ ++ numPowers = 1 << window; ++ powerbufLen = sizeof(m->d[0]) * top * numPowers; ++ if ((powerbufFree = ++ (unsigned char *)OPENSSL_malloc(powerbufLen + ++ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) ++ == NULL) ++ goto err; ++ ++ powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); ++ memset(powerbuf, 0, powerbufLen); ++ ++ /* ++ * Initialize the intermediate result. Do this early to save double ++ * conversion, once each for a^0 and intermediate result. ++ */ ++ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) ++ goto err; ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) ++ goto err; ++ ++ /* Initialize computeTemp as a^1 with montgomery precalcs */ ++ computeTemp = BN_CTX_get(ctx); ++ am = BN_CTX_get(ctx); ++ if (computeTemp == NULL || am == NULL) ++ goto err; ++ ++ if (a->neg || BN_ucmp(a, m) >= 0) { ++ if (!BN_mod(am, a, m, ctx)) ++ goto err; ++ aa = am; ++ } else ++ aa = a; ++ if (!BN_to_montgomery(am, aa, mont, ctx)) ++ goto err; ++ if (!BN_copy(computeTemp, am)) ++ goto err; ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) ++ goto err; ++ ++ /* ++ * If the window size is greater than 1, then calculate ++ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers ++ * could instead be computed as (a^(i/2))^2 to use the slight performance ++ * advantage of sqr over mul). ++ */ ++ if (window > 1) { ++ for (i = 2; i < numPowers; i++) { ++ /* Calculate a^i = a^(i-1) * a */ ++ if (!BN_mod_mul_montgomery ++ (computeTemp, am, computeTemp, mont, ctx)) ++ goto err; ++ if (!MOD_EXP_CTIME_COPY_TO_PREBUF ++ (computeTemp, top, powerbuf, i, numPowers)) ++ goto err; ++ } ++ } ++ ++ /* ++ * Adjust the number of bits up to a multiple of the window size. If the ++ * exponent length is not a multiple of the window size, then this pads ++ * the most significant bits with zeros to normalize the scanning loop to ++ * there's no special cases. * NOTE: Making the window size a power of ++ * two less than the native * word size ensures that the padded bits ++ * won't go past the last * word in the internal BIGNUM structure. Going ++ * past the end will * still produce the correct result, but causes a ++ * different branch * to be taken in the BN_is_bit_set function. ++ */ ++ bits = ((bits + window - 1) / window) * window; ++ idx = bits - 1; /* The top bit of the window */ ++ ++ /* ++ * Scan the exponent one window at a time starting from the most ++ * significant bits. ++ */ ++ while (idx >= 0) { ++ wvalue = 0; /* The 'value' of the window */ ++ ++ /* Scan the window, squaring the result as we go */ ++ for (i = 0; i < window; i++, idx--) { ++ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) ++ goto err; ++ wvalue = (wvalue << 1) + BN_is_bit_set(p, idx); ++ } ++ ++ /* ++ * Fetch the appropriate pre-computed value from the pre-buf ++ */ ++ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF ++ (computeTemp, top, powerbuf, wvalue, numPowers)) ++ goto err; ++ ++ /* Multiply the result into the intermediate result */ ++ if (!BN_mod_mul_montgomery(r, r, computeTemp, mont, ctx)) ++ goto err; ++ } ++ ++ /* Convert the final result from montgomery to standard format */ ++ if (!BN_from_montgomery(rr, r, mont, ctx)) ++ goto err; ++ ret = 1; ++ err: ++ if ((in_mont == NULL) && (mont != NULL)) ++ BN_MONT_CTX_free(mont); ++ if (powerbuf != NULL) { ++ OPENSSL_cleanse(powerbuf, powerbufLen); ++ OPENSSL_free(powerbufFree); ++ } ++ if (am != NULL) ++ BN_clear(am); ++ if (computeTemp != NULL) ++ BN_clear(computeTemp); ++ BN_CTX_end(ctx); ++ return (ret); ++} + + int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +- { +- BN_MONT_CTX *mont = NULL; +- int b, bits, ret=0; +- int r_is_one; +- BN_ULONG w, next_w; +- BIGNUM *d, *r, *t; +- BIGNUM *swap_tmp; ++{ ++ BN_MONT_CTX *mont = NULL; ++ int b, bits, ret = 0; ++ int r_is_one; ++ BN_ULONG w, next_w; ++ BIGNUM *d, *r, *t; ++ BIGNUM *swap_tmp; + #define BN_MOD_MUL_WORD(r, w, m) \ +- (BN_mul_word(r, (w)) && \ +- (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ +- (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) +- /* BN_MOD_MUL_WORD is only used with 'w' large, +- * so the BN_ucmp test is probably more overhead +- * than always using BN_mod (which uses BN_copy if +- * a similar test returns true). */ +- /* We can use BN_mod and do not need BN_nnmod because our +- * accumulator is never negative (the result of BN_mod does +- * not depend on the sign of the modulus). +- */ ++ (BN_mul_word(r, (w)) && \ ++ (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ ++ (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) ++ /* ++ * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is ++ * probably more overhead than always using BN_mod (which uses BN_copy if ++ * a similar test returns true). ++ */ ++ /* ++ * We can use BN_mod and do not need BN_nnmod because our accumulator is ++ * never negative (the result of BN_mod does not depend on the sign of ++ * the modulus). ++ */ + #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ +- (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) +- +- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) +- { +- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ +- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +- } +- +- bn_check_top(p); +- bn_check_top(m); +- +- if (!BN_is_odd(m)) +- { +- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); +- return(0); +- } +- if (m->top == 1) +- a %= m->d[0]; /* make sure that 'a' is reduced */ +- +- bits = BN_num_bits(p); +- if (bits == 0) +- { +- ret = BN_one(rr); +- return ret; +- } +- if (a == 0) +- { +- BN_zero(rr); +- ret = 1; +- return ret; +- } +- +- BN_CTX_start(ctx); +- d = BN_CTX_get(ctx); +- r = BN_CTX_get(ctx); +- t = BN_CTX_get(ctx); +- if (d == NULL || r == NULL || t == NULL) goto err; +- +- if (in_mont != NULL) +- mont=in_mont; +- else +- { +- if ((mont = BN_MONT_CTX_new()) == NULL) goto err; +- if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; +- } +- +- r_is_one = 1; /* except for Montgomery factor */ +- +- /* bits-1 >= 0 */ +- +- /* The result is accumulated in the product r*w. */ +- w = a; /* bit 'bits-1' of 'p' is always set */ +- for (b = bits-2; b >= 0; b--) +- { +- /* First, square r*w. */ +- next_w = w*w; +- if ((next_w/w) != w) /* overflow */ +- { +- if (r_is_one) +- { +- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; +- r_is_one = 0; +- } +- else +- { +- if (!BN_MOD_MUL_WORD(r, w, m)) goto err; +- } +- next_w = 1; +- } +- w = next_w; +- if (!r_is_one) +- { +- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; +- } +- +- /* Second, multiply r*w by 'a' if exponent bit is set. */ +- if (BN_is_bit_set(p, b)) +- { +- next_w = w*a; +- if ((next_w/a) != w) /* overflow */ +- { +- if (r_is_one) +- { +- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; +- r_is_one = 0; +- } +- else +- { +- if (!BN_MOD_MUL_WORD(r, w, m)) goto err; +- } +- next_w = a; +- } +- w = next_w; +- } +- } +- +- /* Finally, set r:=r*w. */ +- if (w != 1) +- { +- if (r_is_one) +- { +- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; +- r_is_one = 0; +- } +- else +- { +- if (!BN_MOD_MUL_WORD(r, w, m)) goto err; +- } +- } +- +- if (r_is_one) /* can happen only if a == 1*/ +- { +- if (!BN_one(rr)) goto err; +- } +- else +- { +- if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; +- } +- ret = 1; +-err: +- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); +- BN_CTX_end(ctx); +- bn_check_top(rr); +- return(ret); +- } +- ++ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) ++ ++ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { ++ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ++ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++ ++ bn_check_top(p); ++ bn_check_top(m); ++ ++ if (!BN_is_odd(m)) { ++ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS); ++ return (0); ++ } ++ if (m->top == 1) ++ a %= m->d[0]; /* make sure that 'a' is reduced */ ++ ++ bits = BN_num_bits(p); ++ if (bits == 0) { ++ /* x**0 mod 1 is still zero. */ ++ if (BN_is_one(m)) { ++ ret = 1; ++ BN_zero(rr); ++ } else ++ ret = BN_one(rr); ++ return ret; ++ } ++ if (a == 0) { ++ BN_zero(rr); ++ ret = 1; ++ return ret; ++ } ++ ++ BN_CTX_start(ctx); ++ d = BN_CTX_get(ctx); ++ r = BN_CTX_get(ctx); ++ t = BN_CTX_get(ctx); ++ if (d == NULL || r == NULL || t == NULL) ++ goto err; ++ ++ if (in_mont != NULL) ++ mont = in_mont; ++ else { ++ if ((mont = BN_MONT_CTX_new()) == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, m, ctx)) ++ goto err; ++ } ++ ++ r_is_one = 1; /* except for Montgomery factor */ ++ ++ /* bits-1 >= 0 */ ++ ++ /* The result is accumulated in the product r*w. */ ++ w = a; /* bit 'bits-1' of 'p' is always set */ ++ for (b = bits - 2; b >= 0; b--) { ++ /* First, square r*w. */ ++ next_w = w * w; ++ if ((next_w / w) != w) { /* overflow */ ++ if (r_is_one) { ++ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) ++ goto err; ++ r_is_one = 0; ++ } else { ++ if (!BN_MOD_MUL_WORD(r, w, m)) ++ goto err; ++ } ++ next_w = 1; ++ } ++ w = next_w; ++ if (!r_is_one) { ++ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) ++ goto err; ++ } ++ ++ /* Second, multiply r*w by 'a' if exponent bit is set. */ ++ if (BN_is_bit_set(p, b)) { ++ next_w = w * a; ++ if ((next_w / a) != w) { /* overflow */ ++ if (r_is_one) { ++ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) ++ goto err; ++ r_is_one = 0; ++ } else { ++ if (!BN_MOD_MUL_WORD(r, w, m)) ++ goto err; ++ } ++ next_w = a; ++ } ++ w = next_w; ++ } ++ } ++ ++ /* Finally, set r:=r*w. */ ++ if (w != 1) { ++ if (r_is_one) { ++ if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) ++ goto err; ++ r_is_one = 0; ++ } else { ++ if (!BN_MOD_MUL_WORD(r, w, m)) ++ goto err; ++ } ++ } ++ ++ if (r_is_one) { /* can happen only if a == 1 */ ++ if (!BN_one(rr)) ++ goto err; ++ } else { ++ if (!BN_from_montgomery(rr, r, mont, ctx)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ if ((in_mont == NULL) && (mont != NULL)) ++ BN_MONT_CTX_free(mont); ++ BN_CTX_end(ctx); ++ bn_check_top(rr); ++ return (ret); ++} + + /* The old fallback, simple version :-) */ + int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx) +- { +- int i,j,bits,ret=0,wstart,wend,window,wvalue; +- int start=1; +- BIGNUM *d; +- /* Table of variables obtained from 'ctx' */ +- BIGNUM *val[TABLE_SIZE]; +- +- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) +- { +- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ +- BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +- } +- +- bits=BN_num_bits(p); +- +- if (bits == 0) +- { +- ret = BN_one(r); +- return ret; +- } +- +- BN_CTX_start(ctx); +- d = BN_CTX_get(ctx); +- val[0] = BN_CTX_get(ctx); +- if(!d || !val[0]) goto err; +- +- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */ +- if (BN_is_zero(val[0])) +- { +- BN_zero(r); +- ret = 1; +- goto err; +- } +- +- window = BN_window_bits_for_exponent_size(bits); +- if (window > 1) +- { +- if (!BN_mod_mul(d,val[0],val[0],m,ctx)) +- goto err; /* 2 */ +- j=1<<(window-1); +- for (i=1; i>1],m,ctx)) +- goto err; +- +- /* move the 'window' down further */ +- wstart-=wend+1; +- wvalue=0; +- start=0; +- if (wstart < 0) break; +- } +- ret=1; +-err: +- BN_CTX_end(ctx); +- bn_check_top(r); +- return(ret); +- } +- ++ const BIGNUM *m, BN_CTX *ctx) ++{ ++ int i, j, bits, ret = 0, wstart, wend, window, wvalue; ++ int start = 1; ++ BIGNUM *d; ++ /* Table of variables obtained from 'ctx' */ ++ BIGNUM *val[TABLE_SIZE]; ++ ++ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { ++ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ ++ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++ ++ bits = BN_num_bits(p); ++ ++ if (bits == 0) { ++ ret = BN_one(r); ++ return ret; ++ } ++ ++ BN_CTX_start(ctx); ++ d = BN_CTX_get(ctx); ++ val[0] = BN_CTX_get(ctx); ++ if (!d || !val[0]) ++ goto err; ++ ++ if (!BN_nnmod(val[0], a, m, ctx)) ++ goto err; /* 1 */ ++ if (BN_is_zero(val[0])) { ++ BN_zero(r); ++ ret = 1; ++ goto err; ++ } ++ ++ window = BN_window_bits_for_exponent_size(bits); ++ if (window > 1) { ++ if (!BN_mod_mul(d, val[0], val[0], m, ctx)) ++ goto err; /* 2 */ ++ j = 1 << (window - 1); ++ for (i = 1; i < j; i++) { ++ if (((val[i] = BN_CTX_get(ctx)) == NULL) || ++ !BN_mod_mul(val[i], val[i - 1], d, m, ctx)) ++ goto err; ++ } ++ } ++ ++ start = 1; /* This is used to avoid multiplication etc ++ * when there is only the value '1' in the ++ * buffer. */ ++ wvalue = 0; /* The 'value' of the window */ ++ wstart = bits - 1; /* The top bit of the window */ ++ wend = 0; /* The bottom bit of the window */ ++ ++ if (!BN_one(r)) ++ goto err; ++ ++ for (;;) { ++ if (BN_is_bit_set(p, wstart) == 0) { ++ if (!start) ++ if (!BN_mod_mul(r, r, r, m, ctx)) ++ goto err; ++ if (wstart == 0) ++ break; ++ wstart--; ++ continue; ++ } ++ /* ++ * We now have wstart on a 'set' bit, we now need to work out how bit ++ * a window to do. To do this we need to scan forward until the last ++ * set bit before the end of the window ++ */ ++ j = wstart; ++ wvalue = 1; ++ wend = 0; ++ for (i = 1; i < window; i++) { ++ if (wstart - i < 0) ++ break; ++ if (BN_is_bit_set(p, wstart - i)) { ++ wvalue <<= (i - wend); ++ wvalue |= 1; ++ wend = i; ++ } ++ } ++ ++ /* wend is the size of the current window */ ++ j = wend + 1; ++ /* add the 'bytes above' */ ++ if (!start) ++ for (i = 0; i < j; i++) { ++ if (!BN_mod_mul(r, r, r, m, ctx)) ++ goto err; ++ } ++ ++ /* wvalue will be an odd number < 2^window */ ++ if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx)) ++ goto err; ++ ++ /* move the 'window' down further */ ++ wstart -= wend + 1; ++ wvalue = 0; ++ start = 0; ++ if (wstart < 0) ++ break; ++ } ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ bn_check_top(r); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +index bd0c34b..43fd204 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -113,200 +113,191 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +-#define TABLE_SIZE 32 ++#define TABLE_SIZE 32 + + int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, +- const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, +- BN_CTX *ctx, BN_MONT_CTX *in_mont) +- { +- int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; +- int r_is_one=1; +- BIGNUM *d,*r; +- const BIGNUM *a_mod_m; +- /* Tables of variables obtained from 'ctx' */ +- BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; +- BN_MONT_CTX *mont=NULL; ++ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, ++ BN_CTX *ctx, BN_MONT_CTX *in_mont) ++{ ++ int i, j, bits, b, bits1, bits2, ret = ++ 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; ++ int r_is_one = 1; ++ BIGNUM *d, *r; ++ const BIGNUM *a_mod_m; ++ /* Tables of variables obtained from 'ctx' */ ++ BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; ++ BN_MONT_CTX *mont = NULL; ++ ++ bn_check_top(a1); ++ bn_check_top(p1); ++ bn_check_top(a2); ++ bn_check_top(p2); ++ bn_check_top(m); ++ ++ if (!(m->d[0] & 1)) { ++ BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); ++ return (0); ++ } ++ bits1 = BN_num_bits(p1); ++ bits2 = BN_num_bits(p2); ++ if ((bits1 == 0) && (bits2 == 0)) { ++ ret = BN_one(rr); ++ return ret; ++ } + +- bn_check_top(a1); +- bn_check_top(p1); +- bn_check_top(a2); +- bn_check_top(p2); +- bn_check_top(m); ++ bits = (bits1 > bits2) ? bits1 : bits2; + +- if (!(m->d[0] & 1)) +- { +- BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); +- return(0); +- } +- bits1=BN_num_bits(p1); +- bits2=BN_num_bits(p2); +- if ((bits1 == 0) && (bits2 == 0)) +- { +- ret = BN_one(rr); +- return ret; +- } +- +- bits=(bits1 > bits2)?bits1:bits2; ++ BN_CTX_start(ctx); ++ d = BN_CTX_get(ctx); ++ r = BN_CTX_get(ctx); ++ val1[0] = BN_CTX_get(ctx); ++ val2[0] = BN_CTX_get(ctx); ++ if (!d || !r || !val1[0] || !val2[0]) ++ goto err; + +- BN_CTX_start(ctx); +- d = BN_CTX_get(ctx); +- r = BN_CTX_get(ctx); +- val1[0] = BN_CTX_get(ctx); +- val2[0] = BN_CTX_get(ctx); +- if(!d || !r || !val1[0] || !val2[0]) goto err; ++ if (in_mont != NULL) ++ mont = in_mont; ++ else { ++ if ((mont = BN_MONT_CTX_new()) == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, m, ctx)) ++ goto err; ++ } + +- if (in_mont != NULL) +- mont=in_mont; +- else +- { +- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; +- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; +- } ++ window1 = BN_window_bits_for_exponent_size(bits1); ++ window2 = BN_window_bits_for_exponent_size(bits2); + +- window1 = BN_window_bits_for_exponent_size(bits1); +- window2 = BN_window_bits_for_exponent_size(bits2); ++ /* ++ * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) ++ */ ++ if (a1->neg || BN_ucmp(a1, m) >= 0) { ++ if (!BN_mod(val1[0], a1, m, ctx)) ++ goto err; ++ a_mod_m = val1[0]; ++ } else ++ a_mod_m = a1; ++ if (BN_is_zero(a_mod_m)) { ++ BN_zero(rr); ++ ret = 1; ++ goto err; ++ } + +- /* +- * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) +- */ +- if (a1->neg || BN_ucmp(a1,m) >= 0) +- { +- if (!BN_mod(val1[0],a1,m,ctx)) +- goto err; +- a_mod_m = val1[0]; +- } +- else +- a_mod_m = a1; +- if (BN_is_zero(a_mod_m)) +- { +- BN_zero(rr); +- ret = 1; +- goto err; +- } ++ if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx)) ++ goto err; ++ if (window1 > 1) { ++ if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx)) ++ goto err; + +- if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err; +- if (window1 > 1) +- { +- if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err; ++ j = 1 << (window1 - 1); ++ for (i = 1; i < j; i++) { ++ if (((val1[i] = BN_CTX_get(ctx)) == NULL) || ++ !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) ++ goto err; ++ } ++ } + +- j=1<<(window1-1); +- for (i=1; ineg || BN_ucmp(a2, m) >= 0) { ++ if (!BN_mod(val2[0], a2, m, ctx)) ++ goto err; ++ a_mod_m = val2[0]; ++ } else ++ a_mod_m = a2; ++ if (BN_is_zero(a_mod_m)) { ++ BN_zero(rr); ++ ret = 1; ++ goto err; ++ } ++ if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx)) ++ goto err; ++ if (window2 > 1) { ++ if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx)) ++ goto err; + ++ j = 1 << (window2 - 1); ++ for (i = 1; i < j; i++) { ++ if (((val2[i] = BN_CTX_get(ctx)) == NULL) || ++ !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) ++ goto err; ++ } ++ } + +- /* +- * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) +- */ +- if (a2->neg || BN_ucmp(a2,m) >= 0) +- { +- if (!BN_mod(val2[0],a2,m,ctx)) +- goto err; +- a_mod_m = val2[0]; +- } +- else +- a_mod_m = a2; +- if (BN_is_zero(a_mod_m)) +- { +- BN_zero(rr); +- ret = 1; +- goto err; +- } +- if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err; +- if (window2 > 1) +- { +- if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err; ++ /* Now compute the power product, using independent windows. */ ++ r_is_one = 1; ++ wvalue1 = 0; /* The 'value' of the first window */ ++ wvalue2 = 0; /* The 'value' of the second window */ ++ wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the ++ * first window */ ++ wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the ++ * second window */ + +- j=1<<(window2-1); +- for (i=1; i= 0; b--) { ++ if (!r_is_one) { ++ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) ++ goto err; ++ } + ++ if (!wvalue1) ++ if (BN_is_bit_set(p1, b)) { ++ /* ++ * consider bits b-window1+1 .. b for this window ++ */ ++ i = b - window1 + 1; ++ while (!BN_is_bit_set(p1, i)) /* works for i<0 */ ++ i++; ++ wpos1 = i; ++ wvalue1 = 1; ++ for (i = b - 1; i >= wpos1; i--) { ++ wvalue1 <<= 1; ++ if (BN_is_bit_set(p1, i)) ++ wvalue1++; ++ } ++ } + +- /* Now compute the power product, using independent windows. */ +- r_is_one=1; +- wvalue1=0; /* The 'value' of the first window */ +- wvalue2=0; /* The 'value' of the second window */ +- wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */ +- wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */ ++ if (!wvalue2) ++ if (BN_is_bit_set(p2, b)) { ++ /* ++ * consider bits b-window2+1 .. b for this window ++ */ ++ i = b - window2 + 1; ++ while (!BN_is_bit_set(p2, i)) ++ i++; ++ wpos2 = i; ++ wvalue2 = 1; ++ for (i = b - 1; i >= wpos2; i--) { ++ wvalue2 <<= 1; ++ if (BN_is_bit_set(p2, i)) ++ wvalue2++; ++ } ++ } + +- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; +- for (b=bits-1; b>=0; b--) +- { +- if (!r_is_one) +- { +- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) +- goto err; +- } +- +- if (!wvalue1) +- if (BN_is_bit_set(p1, b)) +- { +- /* consider bits b-window1+1 .. b for this window */ +- i = b-window1+1; +- while (!BN_is_bit_set(p1, i)) /* works for i<0 */ +- i++; +- wpos1 = i; +- wvalue1 = 1; +- for (i = b-1; i >= wpos1; i--) +- { +- wvalue1 <<= 1; +- if (BN_is_bit_set(p1, i)) +- wvalue1++; +- } +- } +- +- if (!wvalue2) +- if (BN_is_bit_set(p2, b)) +- { +- /* consider bits b-window2+1 .. b for this window */ +- i = b-window2+1; +- while (!BN_is_bit_set(p2, i)) +- i++; +- wpos2 = i; +- wvalue2 = 1; +- for (i = b-1; i >= wpos2; i--) +- { +- wvalue2 <<= 1; +- if (BN_is_bit_set(p2, i)) +- wvalue2++; +- } +- } ++ if (wvalue1 && b == wpos1) { ++ /* wvalue1 is odd and < 2^window1 */ ++ if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx)) ++ goto err; ++ wvalue1 = 0; ++ r_is_one = 0; ++ } + +- if (wvalue1 && b == wpos1) +- { +- /* wvalue1 is odd and < 2^window1 */ +- if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx)) +- goto err; +- wvalue1 = 0; +- r_is_one = 0; +- } +- +- if (wvalue2 && b == wpos2) +- { +- /* wvalue2 is odd and < 2^window2 */ +- if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx)) +- goto err; +- wvalue2 = 0; +- r_is_one = 0; +- } +- } +- if (!BN_from_montgomery(rr,r,mont,ctx)) +- goto err; +- ret=1; +-err: +- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); +- BN_CTX_end(ctx); +- bn_check_top(rr); +- return(ret); +- } ++ if (wvalue2 && b == wpos2) { ++ /* wvalue2 is odd and < 2^window2 */ ++ if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx)) ++ goto err; ++ wvalue2 = 0; ++ r_is_one = 0; ++ } ++ } ++ if (!BN_from_montgomery(rr, r, mont, ctx)) ++ goto err; ++ ret = 1; ++ err: ++ if ((in_mont == NULL) && (mont != NULL)) ++ BN_MONT_CTX_free(mont); ++ BN_CTX_end(ctx); ++ bn_check_top(rr); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +index 4a35211..cd5f86b 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -115,540 +115,585 @@ + static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); + + int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +- { +- BIGNUM *a,*b,*t; +- int ret=0; +- +- bn_check_top(in_a); +- bn_check_top(in_b); +- +- BN_CTX_start(ctx); +- a = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- if (a == NULL || b == NULL) goto err; +- +- if (BN_copy(a,in_a) == NULL) goto err; +- if (BN_copy(b,in_b) == NULL) goto err; +- a->neg = 0; +- b->neg = 0; +- +- if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } +- t=euclid(a,b); +- if (t == NULL) goto err; +- +- if (BN_copy(r,t) == NULL) goto err; +- ret=1; +-err: +- BN_CTX_end(ctx); +- bn_check_top(r); +- return(ret); +- } ++{ ++ BIGNUM *a, *b, *t; ++ int ret = 0; ++ ++ bn_check_top(in_a); ++ bn_check_top(in_b); ++ ++ BN_CTX_start(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ if (a == NULL || b == NULL) ++ goto err; ++ ++ if (BN_copy(a, in_a) == NULL) ++ goto err; ++ if (BN_copy(b, in_b) == NULL) ++ goto err; ++ a->neg = 0; ++ b->neg = 0; ++ ++ if (BN_cmp(a, b) < 0) { ++ t = a; ++ a = b; ++ b = t; ++ } ++ t = euclid(a, b); ++ if (t == NULL) ++ goto err; ++ ++ if (BN_copy(r, t) == NULL) ++ goto err; ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ bn_check_top(r); ++ return (ret); ++} + + static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) +- { +- BIGNUM *t; +- int shifts=0; +- +- bn_check_top(a); +- bn_check_top(b); +- +- /* 0 <= b <= a */ +- while (!BN_is_zero(b)) +- { +- /* 0 < b <= a */ +- +- if (BN_is_odd(a)) +- { +- if (BN_is_odd(b)) +- { +- if (!BN_sub(a,a,b)) goto err; +- if (!BN_rshift1(a,a)) goto err; +- if (BN_cmp(a,b) < 0) +- { t=a; a=b; b=t; } +- } +- else /* a odd - b even */ +- { +- if (!BN_rshift1(b,b)) goto err; +- if (BN_cmp(a,b) < 0) +- { t=a; a=b; b=t; } +- } +- } +- else /* a is even */ +- { +- if (BN_is_odd(b)) +- { +- if (!BN_rshift1(a,a)) goto err; +- if (BN_cmp(a,b) < 0) +- { t=a; a=b; b=t; } +- } +- else /* a even - b even */ +- { +- if (!BN_rshift1(a,a)) goto err; +- if (!BN_rshift1(b,b)) goto err; +- shifts++; +- } +- } +- /* 0 <= b <= a */ +- } +- +- if (shifts) +- { +- if (!BN_lshift(a,a,shifts)) goto err; +- } +- bn_check_top(a); +- return(a); +-err: +- return(NULL); +- } +- ++{ ++ BIGNUM *t; ++ int shifts = 0; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ /* 0 <= b <= a */ ++ while (!BN_is_zero(b)) { ++ /* 0 < b <= a */ ++ ++ if (BN_is_odd(a)) { ++ if (BN_is_odd(b)) { ++ if (!BN_sub(a, a, b)) ++ goto err; ++ if (!BN_rshift1(a, a)) ++ goto err; ++ if (BN_cmp(a, b) < 0) { ++ t = a; ++ a = b; ++ b = t; ++ } ++ } else { /* a odd - b even */ ++ ++ if (!BN_rshift1(b, b)) ++ goto err; ++ if (BN_cmp(a, b) < 0) { ++ t = a; ++ a = b; ++ b = t; ++ } ++ } ++ } else { /* a is even */ ++ ++ if (BN_is_odd(b)) { ++ if (!BN_rshift1(a, a)) ++ goto err; ++ if (BN_cmp(a, b) < 0) { ++ t = a; ++ a = b; ++ b = t; ++ } ++ } else { /* a even - b even */ ++ ++ if (!BN_rshift1(a, a)) ++ goto err; ++ if (!BN_rshift1(b, b)) ++ goto err; ++ shifts++; ++ } ++ } ++ /* 0 <= b <= a */ ++ } ++ ++ if (shifts) { ++ if (!BN_lshift(a, a, shifts)) ++ goto err; ++ } ++ bn_check_top(a); ++ return (a); ++ err: ++ return (NULL); ++} + + /* solves ax == 1 (mod n) */ + static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, +- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +-BIGNUM *BN_mod_inverse(BIGNUM *in, +- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +- { +- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; +- BIGNUM *ret=NULL; +- int sign; +- +- if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) +- { +- return BN_mod_inverse_no_branch(in, a, n, ctx); +- } +- +- bn_check_top(a); +- bn_check_top(n); +- +- BN_CTX_start(ctx); +- A = BN_CTX_get(ctx); +- B = BN_CTX_get(ctx); +- X = BN_CTX_get(ctx); +- D = BN_CTX_get(ctx); +- M = BN_CTX_get(ctx); +- Y = BN_CTX_get(ctx); +- T = BN_CTX_get(ctx); +- if (T == NULL) goto err; +- +- if (in == NULL) +- R=BN_new(); +- else +- R=in; +- if (R == NULL) goto err; +- +- BN_one(X); +- BN_zero(Y); +- if (BN_copy(B,a) == NULL) goto err; +- if (BN_copy(A,n) == NULL) goto err; +- A->neg = 0; +- if (B->neg || (BN_ucmp(B, A) >= 0)) +- { +- if (!BN_nnmod(B, B, A, ctx)) goto err; +- } +- sign = -1; +- /* From B = a mod |n|, A = |n| it follows that +- * +- * 0 <= B < A, +- * -sign*X*a == B (mod |n|), +- * sign*Y*a == A (mod |n|). +- */ +- +- if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) +- { +- /* Binary inversion algorithm; requires odd modulus. +- * This is faster than the general algorithm if the modulus +- * is sufficiently small (about 400 .. 500 bits on 32-bit +- * sytems, but much more on 64-bit systems) */ +- int shift; +- +- while (!BN_is_zero(B)) +- { +- /* +- * 0 < B < |n|, +- * 0 < A <= |n|, +- * (1) -sign*X*a == B (mod |n|), +- * (2) sign*Y*a == A (mod |n|) +- */ +- +- /* Now divide B by the maximum possible power of two in the integers, +- * and divide X by the same value mod |n|. +- * When we're done, (1) still holds. */ +- shift = 0; +- while (!BN_is_bit_set(B, shift)) /* note that 0 < B */ +- { +- shift++; +- +- if (BN_is_odd(X)) +- { +- if (!BN_uadd(X, X, n)) goto err; +- } +- /* now X is even, so we can easily divide it by two */ +- if (!BN_rshift1(X, X)) goto err; +- } +- if (shift > 0) +- { +- if (!BN_rshift(B, B, shift)) goto err; +- } +- +- +- /* Same for A and Y. Afterwards, (2) still holds. */ +- shift = 0; +- while (!BN_is_bit_set(A, shift)) /* note that 0 < A */ +- { +- shift++; +- +- if (BN_is_odd(Y)) +- { +- if (!BN_uadd(Y, Y, n)) goto err; +- } +- /* now Y is even */ +- if (!BN_rshift1(Y, Y)) goto err; +- } +- if (shift > 0) +- { +- if (!BN_rshift(A, A, shift)) goto err; +- } +- +- +- /* We still have (1) and (2). +- * Both A and B are odd. +- * The following computations ensure that +- * +- * 0 <= B < |n|, +- * 0 < A < |n|, +- * (1) -sign*X*a == B (mod |n|), +- * (2) sign*Y*a == A (mod |n|), +- * +- * and that either A or B is even in the next iteration. +- */ +- if (BN_ucmp(B, A) >= 0) +- { +- /* -sign*(X + Y)*a == B - A (mod |n|) */ +- if (!BN_uadd(X, X, Y)) goto err; +- /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that +- * actually makes the algorithm slower */ +- if (!BN_usub(B, B, A)) goto err; +- } +- else +- { +- /* sign*(X + Y)*a == A - B (mod |n|) */ +- if (!BN_uadd(Y, Y, X)) goto err; +- /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */ +- if (!BN_usub(A, A, B)) goto err; +- } +- } +- } +- else +- { +- /* general inversion algorithm */ +- +- while (!BN_is_zero(B)) +- { +- BIGNUM *tmp; +- +- /* +- * 0 < B < A, +- * (*) -sign*X*a == B (mod |n|), +- * sign*Y*a == A (mod |n|) +- */ +- +- /* (D, M) := (A/B, A%B) ... */ +- if (BN_num_bits(A) == BN_num_bits(B)) +- { +- if (!BN_one(D)) goto err; +- if (!BN_sub(M,A,B)) goto err; +- } +- else if (BN_num_bits(A) == BN_num_bits(B) + 1) +- { +- /* A/B is 1, 2, or 3 */ +- if (!BN_lshift1(T,B)) goto err; +- if (BN_ucmp(A,T) < 0) +- { +- /* A < 2*B, so D=1 */ +- if (!BN_one(D)) goto err; +- if (!BN_sub(M,A,B)) goto err; +- } +- else +- { +- /* A >= 2*B, so D=2 or D=3 */ +- if (!BN_sub(M,A,T)) goto err; +- if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */ +- if (BN_ucmp(A,D) < 0) +- { +- /* A < 3*B, so D=2 */ +- if (!BN_set_word(D,2)) goto err; +- /* M (= A - 2*B) already has the correct value */ +- } +- else +- { +- /* only D=3 remains */ +- if (!BN_set_word(D,3)) goto err; +- /* currently M = A - 2*B, but we need M = A - 3*B */ +- if (!BN_sub(M,M,B)) goto err; +- } +- } +- } +- else +- { +- if (!BN_div(D,M,A,B,ctx)) goto err; +- } +- +- /* Now +- * A = D*B + M; +- * thus we have +- * (**) sign*Y*a == D*B + M (mod |n|). +- */ +- +- tmp=A; /* keep the BIGNUM object, the value does not matter */ +- +- /* (A, B) := (B, A mod B) ... */ +- A=B; +- B=M; +- /* ... so we have 0 <= B < A again */ +- +- /* Since the former M is now B and the former B is now A, +- * (**) translates into +- * sign*Y*a == D*A + B (mod |n|), +- * i.e. +- * sign*Y*a - D*A == B (mod |n|). +- * Similarly, (*) translates into +- * -sign*X*a == A (mod |n|). +- * +- * Thus, +- * sign*Y*a + D*sign*X*a == B (mod |n|), +- * i.e. +- * sign*(Y + D*X)*a == B (mod |n|). +- * +- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at +- * -sign*X*a == B (mod |n|), +- * sign*Y*a == A (mod |n|). +- * Note that X and Y stay non-negative all the time. +- */ +- +- /* most of the time D is very small, so we can optimize tmp := D*X+Y */ +- if (BN_is_one(D)) +- { +- if (!BN_add(tmp,X,Y)) goto err; +- } +- else +- { +- if (BN_is_word(D,2)) +- { +- if (!BN_lshift1(tmp,X)) goto err; +- } +- else if (BN_is_word(D,4)) +- { +- if (!BN_lshift(tmp,X,2)) goto err; +- } +- else if (D->top == 1) +- { +- if (!BN_copy(tmp,X)) goto err; +- if (!BN_mul_word(tmp,D->d[0])) goto err; +- } +- else +- { +- if (!BN_mul(tmp,D,X,ctx)) goto err; +- } +- if (!BN_add(tmp,tmp,Y)) goto err; +- } +- +- M=Y; /* keep the BIGNUM object, the value does not matter */ +- Y=X; +- X=tmp; +- sign = -sign; +- } +- } +- +- /* +- * The while loop (Euclid's algorithm) ends when +- * A == gcd(a,n); +- * we have +- * sign*Y*a == A (mod |n|), +- * where Y is non-negative. +- */ +- +- if (sign < 0) +- { +- if (!BN_sub(Y,n,Y)) goto err; +- } +- /* Now Y*a == A (mod |n|). */ +- +- +- if (BN_is_one(A)) +- { +- /* Y*a == 1 (mod |n|) */ +- if (!Y->neg && BN_ucmp(Y,n) < 0) +- { +- if (!BN_copy(R,Y)) goto err; +- } +- else +- { +- if (!BN_nnmod(R,Y,n,ctx)) goto err; +- } +- } +- else +- { +- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); +- goto err; +- } +- ret=R; +-err: +- if ((ret == NULL) && (in == NULL)) BN_free(R); +- BN_CTX_end(ctx); +- bn_check_top(ret); +- return(ret); +- } +- +- +-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. +- * It does not contain branches that may leak sensitive information. ++ const BIGNUM *a, const BIGNUM *n, ++ BN_CTX *ctx); ++BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, ++ BN_CTX *ctx) ++{ ++ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; ++ BIGNUM *ret = NULL; ++ int sign; ++ ++ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) ++ || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { ++ return BN_mod_inverse_no_branch(in, a, n, ctx); ++ } ++ ++ bn_check_top(a); ++ bn_check_top(n); ++ ++ BN_CTX_start(ctx); ++ A = BN_CTX_get(ctx); ++ B = BN_CTX_get(ctx); ++ X = BN_CTX_get(ctx); ++ D = BN_CTX_get(ctx); ++ M = BN_CTX_get(ctx); ++ Y = BN_CTX_get(ctx); ++ T = BN_CTX_get(ctx); ++ if (T == NULL) ++ goto err; ++ ++ if (in == NULL) ++ R = BN_new(); ++ else ++ R = in; ++ if (R == NULL) ++ goto err; ++ ++ BN_one(X); ++ BN_zero(Y); ++ if (BN_copy(B, a) == NULL) ++ goto err; ++ if (BN_copy(A, n) == NULL) ++ goto err; ++ A->neg = 0; ++ if (B->neg || (BN_ucmp(B, A) >= 0)) { ++ if (!BN_nnmod(B, B, A, ctx)) ++ goto err; ++ } ++ sign = -1; ++ /*- ++ * From B = a mod |n|, A = |n| it follows that ++ * ++ * 0 <= B < A, ++ * -sign*X*a == B (mod |n|), ++ * sign*Y*a == A (mod |n|). ++ */ ++ ++ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { ++ /* ++ * Binary inversion algorithm; requires odd modulus. This is faster ++ * than the general algorithm if the modulus is sufficiently small ++ * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit ++ * systems) ++ */ ++ int shift; ++ ++ while (!BN_is_zero(B)) { ++ /*- ++ * 0 < B < |n|, ++ * 0 < A <= |n|, ++ * (1) -sign*X*a == B (mod |n|), ++ * (2) sign*Y*a == A (mod |n|) ++ */ ++ ++ /* ++ * Now divide B by the maximum possible power of two in the ++ * integers, and divide X by the same value mod |n|. When we're ++ * done, (1) still holds. ++ */ ++ shift = 0; ++ while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */ ++ shift++; ++ ++ if (BN_is_odd(X)) { ++ if (!BN_uadd(X, X, n)) ++ goto err; ++ } ++ /* ++ * now X is even, so we can easily divide it by two ++ */ ++ if (!BN_rshift1(X, X)) ++ goto err; ++ } ++ if (shift > 0) { ++ if (!BN_rshift(B, B, shift)) ++ goto err; ++ } ++ ++ /* ++ * Same for A and Y. Afterwards, (2) still holds. ++ */ ++ shift = 0; ++ while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */ ++ shift++; ++ ++ if (BN_is_odd(Y)) { ++ if (!BN_uadd(Y, Y, n)) ++ goto err; ++ } ++ /* now Y is even */ ++ if (!BN_rshift1(Y, Y)) ++ goto err; ++ } ++ if (shift > 0) { ++ if (!BN_rshift(A, A, shift)) ++ goto err; ++ } ++ ++ /*- ++ * We still have (1) and (2). ++ * Both A and B are odd. ++ * The following computations ensure that ++ * ++ * 0 <= B < |n|, ++ * 0 < A < |n|, ++ * (1) -sign*X*a == B (mod |n|), ++ * (2) sign*Y*a == A (mod |n|), ++ * ++ * and that either A or B is even in the next iteration. ++ */ ++ if (BN_ucmp(B, A) >= 0) { ++ /* -sign*(X + Y)*a == B - A (mod |n|) */ ++ if (!BN_uadd(X, X, Y)) ++ goto err; ++ /* ++ * NB: we could use BN_mod_add_quick(X, X, Y, n), but that ++ * actually makes the algorithm slower ++ */ ++ if (!BN_usub(B, B, A)) ++ goto err; ++ } else { ++ /* sign*(X + Y)*a == A - B (mod |n|) */ ++ if (!BN_uadd(Y, Y, X)) ++ goto err; ++ /* ++ * as above, BN_mod_add_quick(Y, Y, X, n) would slow things ++ * down ++ */ ++ if (!BN_usub(A, A, B)) ++ goto err; ++ } ++ } ++ } else { ++ /* general inversion algorithm */ ++ ++ while (!BN_is_zero(B)) { ++ BIGNUM *tmp; ++ ++ /*- ++ * 0 < B < A, ++ * (*) -sign*X*a == B (mod |n|), ++ * sign*Y*a == A (mod |n|) ++ */ ++ ++ /* (D, M) := (A/B, A%B) ... */ ++ if (BN_num_bits(A) == BN_num_bits(B)) { ++ if (!BN_one(D)) ++ goto err; ++ if (!BN_sub(M, A, B)) ++ goto err; ++ } else if (BN_num_bits(A) == BN_num_bits(B) + 1) { ++ /* A/B is 1, 2, or 3 */ ++ if (!BN_lshift1(T, B)) ++ goto err; ++ if (BN_ucmp(A, T) < 0) { ++ /* A < 2*B, so D=1 */ ++ if (!BN_one(D)) ++ goto err; ++ if (!BN_sub(M, A, B)) ++ goto err; ++ } else { ++ /* A >= 2*B, so D=2 or D=3 */ ++ if (!BN_sub(M, A, T)) ++ goto err; ++ if (!BN_add(D, T, B)) ++ goto err; /* use D (:= 3*B) as temp */ ++ if (BN_ucmp(A, D) < 0) { ++ /* A < 3*B, so D=2 */ ++ if (!BN_set_word(D, 2)) ++ goto err; ++ /* ++ * M (= A - 2*B) already has the correct value ++ */ ++ } else { ++ /* only D=3 remains */ ++ if (!BN_set_word(D, 3)) ++ goto err; ++ /* ++ * currently M = A - 2*B, but we need M = A - 3*B ++ */ ++ if (!BN_sub(M, M, B)) ++ goto err; ++ } ++ } ++ } else { ++ if (!BN_div(D, M, A, B, ctx)) ++ goto err; ++ } ++ ++ /*- ++ * Now ++ * A = D*B + M; ++ * thus we have ++ * (**) sign*Y*a == D*B + M (mod |n|). ++ */ ++ ++ tmp = A; /* keep the BIGNUM object, the value does not ++ * matter */ ++ ++ /* (A, B) := (B, A mod B) ... */ ++ A = B; ++ B = M; ++ /* ... so we have 0 <= B < A again */ ++ ++ /*- ++ * Since the former M is now B and the former B is now A, ++ * (**) translates into ++ * sign*Y*a == D*A + B (mod |n|), ++ * i.e. ++ * sign*Y*a - D*A == B (mod |n|). ++ * Similarly, (*) translates into ++ * -sign*X*a == A (mod |n|). ++ * ++ * Thus, ++ * sign*Y*a + D*sign*X*a == B (mod |n|), ++ * i.e. ++ * sign*(Y + D*X)*a == B (mod |n|). ++ * ++ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at ++ * -sign*X*a == B (mod |n|), ++ * sign*Y*a == A (mod |n|). ++ * Note that X and Y stay non-negative all the time. ++ */ ++ ++ /* ++ * most of the time D is very small, so we can optimize tmp := ++ * D*X+Y ++ */ ++ if (BN_is_one(D)) { ++ if (!BN_add(tmp, X, Y)) ++ goto err; ++ } else { ++ if (BN_is_word(D, 2)) { ++ if (!BN_lshift1(tmp, X)) ++ goto err; ++ } else if (BN_is_word(D, 4)) { ++ if (!BN_lshift(tmp, X, 2)) ++ goto err; ++ } else if (D->top == 1) { ++ if (!BN_copy(tmp, X)) ++ goto err; ++ if (!BN_mul_word(tmp, D->d[0])) ++ goto err; ++ } else { ++ if (!BN_mul(tmp, D, X, ctx)) ++ goto err; ++ } ++ if (!BN_add(tmp, tmp, Y)) ++ goto err; ++ } ++ ++ M = Y; /* keep the BIGNUM object, the value does not ++ * matter */ ++ Y = X; ++ X = tmp; ++ sign = -sign; ++ } ++ } ++ ++ /*- ++ * The while loop (Euclid's algorithm) ends when ++ * A == gcd(a,n); ++ * we have ++ * sign*Y*a == A (mod |n|), ++ * where Y is non-negative. ++ */ ++ ++ if (sign < 0) { ++ if (!BN_sub(Y, n, Y)) ++ goto err; ++ } ++ /* Now Y*a == A (mod |n|). */ ++ ++ if (BN_is_one(A)) { ++ /* Y*a == 1 (mod |n|) */ ++ if (!Y->neg && BN_ucmp(Y, n) < 0) { ++ if (!BN_copy(R, Y)) ++ goto err; ++ } else { ++ if (!BN_nnmod(R, Y, n, ctx)) ++ goto err; ++ } ++ } else { ++ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); ++ goto err; ++ } ++ ret = R; ++ err: ++ if ((ret == NULL) && (in == NULL)) ++ BN_free(R); ++ BN_CTX_end(ctx); ++ bn_check_top(ret); ++ return (ret); ++} ++ ++/* ++ * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does ++ * not contain branches that may leak sensitive information. + */ + static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, +- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +- { +- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; +- BIGNUM local_A, local_B; +- BIGNUM *pA, *pB; +- BIGNUM *ret=NULL; +- int sign; +- +- bn_check_top(a); +- bn_check_top(n); +- +- BN_CTX_start(ctx); +- A = BN_CTX_get(ctx); +- B = BN_CTX_get(ctx); +- X = BN_CTX_get(ctx); +- D = BN_CTX_get(ctx); +- M = BN_CTX_get(ctx); +- Y = BN_CTX_get(ctx); +- T = BN_CTX_get(ctx); +- if (T == NULL) goto err; +- +- if (in == NULL) +- R=BN_new(); +- else +- R=in; +- if (R == NULL) goto err; +- +- BN_one(X); +- BN_zero(Y); +- if (BN_copy(B,a) == NULL) goto err; +- if (BN_copy(A,n) == NULL) goto err; +- A->neg = 0; +- +- if (B->neg || (BN_ucmp(B, A) >= 0)) +- { +- /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, +- * BN_div_no_branch will be called eventually. +- */ +- pB = &local_B; +- BN_with_flags(pB, B, BN_FLG_CONSTTIME); +- if (!BN_nnmod(B, pB, A, ctx)) goto err; +- } +- sign = -1; +- /* From B = a mod |n|, A = |n| it follows that +- * +- * 0 <= B < A, +- * -sign*X*a == B (mod |n|), +- * sign*Y*a == A (mod |n|). +- */ +- +- while (!BN_is_zero(B)) +- { +- BIGNUM *tmp; +- +- /* +- * 0 < B < A, +- * (*) -sign*X*a == B (mod |n|), +- * sign*Y*a == A (mod |n|) +- */ +- +- /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, +- * BN_div_no_branch will be called eventually. +- */ +- pA = &local_A; +- BN_with_flags(pA, A, BN_FLG_CONSTTIME); +- +- /* (D, M) := (A/B, A%B) ... */ +- if (!BN_div(D,M,pA,B,ctx)) goto err; +- +- /* Now +- * A = D*B + M; +- * thus we have +- * (**) sign*Y*a == D*B + M (mod |n|). +- */ +- +- tmp=A; /* keep the BIGNUM object, the value does not matter */ +- +- /* (A, B) := (B, A mod B) ... */ +- A=B; +- B=M; +- /* ... so we have 0 <= B < A again */ +- +- /* Since the former M is now B and the former B is now A, +- * (**) translates into +- * sign*Y*a == D*A + B (mod |n|), +- * i.e. +- * sign*Y*a - D*A == B (mod |n|). +- * Similarly, (*) translates into +- * -sign*X*a == A (mod |n|). +- * +- * Thus, +- * sign*Y*a + D*sign*X*a == B (mod |n|), +- * i.e. +- * sign*(Y + D*X)*a == B (mod |n|). +- * +- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at +- * -sign*X*a == B (mod |n|), +- * sign*Y*a == A (mod |n|). +- * Note that X and Y stay non-negative all the time. +- */ +- +- if (!BN_mul(tmp,D,X,ctx)) goto err; +- if (!BN_add(tmp,tmp,Y)) goto err; +- +- M=Y; /* keep the BIGNUM object, the value does not matter */ +- Y=X; +- X=tmp; +- sign = -sign; +- } +- +- /* +- * The while loop (Euclid's algorithm) ends when +- * A == gcd(a,n); +- * we have +- * sign*Y*a == A (mod |n|), +- * where Y is non-negative. +- */ +- +- if (sign < 0) +- { +- if (!BN_sub(Y,n,Y)) goto err; +- } +- /* Now Y*a == A (mod |n|). */ +- +- if (BN_is_one(A)) +- { +- /* Y*a == 1 (mod |n|) */ +- if (!Y->neg && BN_ucmp(Y,n) < 0) +- { +- if (!BN_copy(R,Y)) goto err; +- } +- else +- { +- if (!BN_nnmod(R,Y,n,ctx)) goto err; +- } +- } +- else +- { +- BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE); +- goto err; +- } +- ret=R; +-err: +- if ((ret == NULL) && (in == NULL)) BN_free(R); +- BN_CTX_end(ctx); +- bn_check_top(ret); +- return(ret); +- } ++ const BIGNUM *a, const BIGNUM *n, ++ BN_CTX *ctx) ++{ ++ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; ++ BIGNUM local_A, local_B; ++ BIGNUM *pA, *pB; ++ BIGNUM *ret = NULL; ++ int sign; ++ ++ bn_check_top(a); ++ bn_check_top(n); ++ ++ BN_CTX_start(ctx); ++ A = BN_CTX_get(ctx); ++ B = BN_CTX_get(ctx); ++ X = BN_CTX_get(ctx); ++ D = BN_CTX_get(ctx); ++ M = BN_CTX_get(ctx); ++ Y = BN_CTX_get(ctx); ++ T = BN_CTX_get(ctx); ++ if (T == NULL) ++ goto err; ++ ++ if (in == NULL) ++ R = BN_new(); ++ else ++ R = in; ++ if (R == NULL) ++ goto err; ++ ++ BN_one(X); ++ BN_zero(Y); ++ if (BN_copy(B, a) == NULL) ++ goto err; ++ if (BN_copy(A, n) == NULL) ++ goto err; ++ A->neg = 0; ++ ++ if (B->neg || (BN_ucmp(B, A) >= 0)) { ++ /* ++ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, ++ * BN_div_no_branch will be called eventually. ++ */ ++ pB = &local_B; ++ BN_with_flags(pB, B, BN_FLG_CONSTTIME); ++ if (!BN_nnmod(B, pB, A, ctx)) ++ goto err; ++ } ++ sign = -1; ++ /*- ++ * From B = a mod |n|, A = |n| it follows that ++ * ++ * 0 <= B < A, ++ * -sign*X*a == B (mod |n|), ++ * sign*Y*a == A (mod |n|). ++ */ ++ ++ while (!BN_is_zero(B)) { ++ BIGNUM *tmp; ++ ++ /*- ++ * 0 < B < A, ++ * (*) -sign*X*a == B (mod |n|), ++ * sign*Y*a == A (mod |n|) ++ */ ++ ++ /* ++ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, ++ * BN_div_no_branch will be called eventually. ++ */ ++ pA = &local_A; ++ BN_with_flags(pA, A, BN_FLG_CONSTTIME); ++ ++ /* (D, M) := (A/B, A%B) ... */ ++ if (!BN_div(D, M, pA, B, ctx)) ++ goto err; ++ ++ /*- ++ * Now ++ * A = D*B + M; ++ * thus we have ++ * (**) sign*Y*a == D*B + M (mod |n|). ++ */ ++ ++ tmp = A; /* keep the BIGNUM object, the value does not ++ * matter */ ++ ++ /* (A, B) := (B, A mod B) ... */ ++ A = B; ++ B = M; ++ /* ... so we have 0 <= B < A again */ ++ ++ /*- ++ * Since the former M is now B and the former B is now A, ++ * (**) translates into ++ * sign*Y*a == D*A + B (mod |n|), ++ * i.e. ++ * sign*Y*a - D*A == B (mod |n|). ++ * Similarly, (*) translates into ++ * -sign*X*a == A (mod |n|). ++ * ++ * Thus, ++ * sign*Y*a + D*sign*X*a == B (mod |n|), ++ * i.e. ++ * sign*(Y + D*X)*a == B (mod |n|). ++ * ++ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at ++ * -sign*X*a == B (mod |n|), ++ * sign*Y*a == A (mod |n|). ++ * Note that X and Y stay non-negative all the time. ++ */ ++ ++ if (!BN_mul(tmp, D, X, ctx)) ++ goto err; ++ if (!BN_add(tmp, tmp, Y)) ++ goto err; ++ ++ M = Y; /* keep the BIGNUM object, the value does not ++ * matter */ ++ Y = X; ++ X = tmp; ++ sign = -sign; ++ } ++ ++ /*- ++ * The while loop (Euclid's algorithm) ends when ++ * A == gcd(a,n); ++ * we have ++ * sign*Y*a == A (mod |n|), ++ * where Y is non-negative. ++ */ ++ ++ if (sign < 0) { ++ if (!BN_sub(Y, n, Y)) ++ goto err; ++ } ++ /* Now Y*a == A (mod |n|). */ ++ ++ if (BN_is_one(A)) { ++ /* Y*a == 1 (mod |n|) */ ++ if (!Y->neg && BN_ucmp(Y, n) < 0) { ++ if (!BN_copy(R, Y)) ++ goto err; ++ } else { ++ if (!BN_nnmod(R, Y, n, ctx)) ++ goto err; ++ } ++ } else { ++ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE); ++ goto err; ++ } ++ ret = R; ++ err: ++ if ((ret == NULL) && (in == NULL)) ++ BN_free(R); ++ BN_CTX_end(ctx); ++ bn_check_top(ret); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +index 28f1fa8..3386f72 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +@@ -27,12 +27,13 @@ + * + */ + +-/* NOTE: This file is licensed pursuant to the OpenSSL license below +- * and may be modified; but after modifications, the above covenant +- * may no longer apply! In such cases, the corresponding paragraph +- * ["In addition, Sun covenants ... causes the infringement."] and +- * this note can be edited out; but please keep the Sun copyright +- * notice and attribution. */ ++/* ++ * NOTE: This file is licensed pursuant to the OpenSSL license below and may ++ * be modified; but after modifications, the above covenant may no longer ++ * apply! In such cases, the corresponding paragraph ["In addition, Sun ++ * covenants ... causes the infringement."] and this note can be edited out; ++ * but please keep the Sun copyright notice and attribution. ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +@@ -42,7 +43,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -94,1055 +95,1275 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +-/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */ ++/* ++ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should ++ * fail. ++ */ + #define MAX_ITERATIONS 50 + +-static const BN_ULONG SQR_tb[16] = +- { 0, 1, 4, 5, 16, 17, 20, 21, +- 64, 65, 68, 69, 80, 81, 84, 85 }; ++static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21, ++ 64, 65, 68, 69, 80, 81, 84, 85 ++}; ++ + /* Platform-specific macros to accelerate squaring. */ + #if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +-#define SQR1(w) \ ++# define SQR1(w) \ + SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ + SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ + SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ + SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] +-#define SQR0(w) \ ++# define SQR0(w) \ + SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ + SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + #endif + #ifdef THIRTY_TWO_BIT +-#define SQR1(w) \ ++# define SQR1(w) \ + SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ + SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] +-#define SQR0(w) \ ++# define SQR0(w) \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + #endif + #ifdef SIXTEEN_BIT +-#define SQR1(w) \ ++# define SQR1(w) \ + SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF] +-#define SQR0(w) \ ++# define SQR0(w) \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] + #endif + #ifdef EIGHT_BIT +-#define SQR1(w) \ ++# define SQR1(w) \ + SQR_tb[(w) >> 4 & 0xF] +-#define SQR0(w) \ ++# define SQR0(w) \ + SQR_tb[(w) & 15] + #endif + +-/* Product of two polynomials a, b each with degree < BN_BITS2 - 1, +- * result is a polynomial r with degree < 2 * BN_BITS - 1 +- * The caller MUST ensure that the variables have the right amount +- * of space allocated. ++/* ++ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is ++ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that ++ * the variables have the right amount of space allocated. + */ + #ifdef EIGHT_BIT +-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) +- { +- register BN_ULONG h, l, s; +- BN_ULONG tab[4], top1b = a >> 7; +- register BN_ULONG a1, a2; +- +- a1 = a & (0x7F); a2 = a1 << 1; +- +- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; +- +- s = tab[b & 0x3]; l = s; +- s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 6; +- s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4; +- s = tab[b >> 6 ]; l ^= s << 6; h ^= s >> 2; +- +- /* compensate for the top bit of a */ +- +- if (top1b & 01) { l ^= b << 7; h ^= b >> 1; } +- +- *r1 = h; *r0 = l; +- } ++static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, ++ const BN_ULONG b) ++{ ++ register BN_ULONG h, l, s; ++ BN_ULONG tab[4], top1b = a >> 7; ++ register BN_ULONG a1, a2; ++ ++ a1 = a & (0x7F); ++ a2 = a1 << 1; ++ ++ tab[0] = 0; ++ tab[1] = a1; ++ tab[2] = a2; ++ tab[3] = a1 ^ a2; ++ ++ s = tab[b & 0x3]; ++ l = s; ++ s = tab[b >> 2 & 0x3]; ++ l ^= s << 2; ++ h = s >> 6; ++ s = tab[b >> 4 & 0x3]; ++ l ^= s << 4; ++ h ^= s >> 4; ++ s = tab[b >> 6]; ++ l ^= s << 6; ++ h ^= s >> 2; ++ ++ /* compensate for the top bit of a */ ++ ++ if (top1b & 01) { ++ l ^= b << 7; ++ h ^= b >> 1; ++ } ++ ++ *r1 = h; ++ *r0 = l; ++} + #endif + #ifdef SIXTEEN_BIT +-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) +- { +- register BN_ULONG h, l, s; +- BN_ULONG tab[4], top1b = a >> 15; +- register BN_ULONG a1, a2; +- +- a1 = a & (0x7FFF); a2 = a1 << 1; +- +- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; +- +- s = tab[b & 0x3]; l = s; +- s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 14; +- s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 12; +- s = tab[b >> 6 & 0x3]; l ^= s << 6; h ^= s >> 10; +- s = tab[b >> 8 & 0x3]; l ^= s << 8; h ^= s >> 8; +- s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >> 6; +- s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >> 4; +- s = tab[b >>14 ]; l ^= s << 14; h ^= s >> 2; +- +- /* compensate for the top bit of a */ +- +- if (top1b & 01) { l ^= b << 15; h ^= b >> 1; } +- +- *r1 = h; *r0 = l; +- } ++static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, ++ const BN_ULONG b) ++{ ++ register BN_ULONG h, l, s; ++ BN_ULONG tab[4], top1b = a >> 15; ++ register BN_ULONG a1, a2; ++ ++ a1 = a & (0x7FFF); ++ a2 = a1 << 1; ++ ++ tab[0] = 0; ++ tab[1] = a1; ++ tab[2] = a2; ++ tab[3] = a1 ^ a2; ++ ++ s = tab[b & 0x3]; ++ l = s; ++ s = tab[b >> 2 & 0x3]; ++ l ^= s << 2; ++ h = s >> 14; ++ s = tab[b >> 4 & 0x3]; ++ l ^= s << 4; ++ h ^= s >> 12; ++ s = tab[b >> 6 & 0x3]; ++ l ^= s << 6; ++ h ^= s >> 10; ++ s = tab[b >> 8 & 0x3]; ++ l ^= s << 8; ++ h ^= s >> 8; ++ s = tab[b >> 10 & 0x3]; ++ l ^= s << 10; ++ h ^= s >> 6; ++ s = tab[b >> 12 & 0x3]; ++ l ^= s << 12; ++ h ^= s >> 4; ++ s = tab[b >> 14]; ++ l ^= s << 14; ++ h ^= s >> 2; ++ ++ /* compensate for the top bit of a */ ++ ++ if (top1b & 01) { ++ l ^= b << 15; ++ h ^= b >> 1; ++ } ++ ++ *r1 = h; ++ *r0 = l; ++} + #endif + #ifdef THIRTY_TWO_BIT +-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) +- { +- register BN_ULONG h, l, s; +- BN_ULONG tab[8], top2b = a >> 30; +- register BN_ULONG a1, a2, a4; +- +- a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1; +- +- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2; +- tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4; +- +- s = tab[b & 0x7]; l = s; +- s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29; +- s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26; +- s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23; +- s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20; +- s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17; +- s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14; +- s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11; +- s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8; +- s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5; +- s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2; +- +- /* compensate for the top two bits of a */ +- +- if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } +- if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } +- +- *r1 = h; *r0 = l; +- } ++static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, ++ const BN_ULONG b) ++{ ++ register BN_ULONG h, l, s; ++ BN_ULONG tab[8], top2b = a >> 30; ++ register BN_ULONG a1, a2, a4; ++ ++ a1 = a & (0x3FFFFFFF); ++ a2 = a1 << 1; ++ a4 = a2 << 1; ++ ++ tab[0] = 0; ++ tab[1] = a1; ++ tab[2] = a2; ++ tab[3] = a1 ^ a2; ++ tab[4] = a4; ++ tab[5] = a1 ^ a4; ++ tab[6] = a2 ^ a4; ++ tab[7] = a1 ^ a2 ^ a4; ++ ++ s = tab[b & 0x7]; ++ l = s; ++ s = tab[b >> 3 & 0x7]; ++ l ^= s << 3; ++ h = s >> 29; ++ s = tab[b >> 6 & 0x7]; ++ l ^= s << 6; ++ h ^= s >> 26; ++ s = tab[b >> 9 & 0x7]; ++ l ^= s << 9; ++ h ^= s >> 23; ++ s = tab[b >> 12 & 0x7]; ++ l ^= s << 12; ++ h ^= s >> 20; ++ s = tab[b >> 15 & 0x7]; ++ l ^= s << 15; ++ h ^= s >> 17; ++ s = tab[b >> 18 & 0x7]; ++ l ^= s << 18; ++ h ^= s >> 14; ++ s = tab[b >> 21 & 0x7]; ++ l ^= s << 21; ++ h ^= s >> 11; ++ s = tab[b >> 24 & 0x7]; ++ l ^= s << 24; ++ h ^= s >> 8; ++ s = tab[b >> 27 & 0x7]; ++ l ^= s << 27; ++ h ^= s >> 5; ++ s = tab[b >> 30]; ++ l ^= s << 30; ++ h ^= s >> 2; ++ ++ /* compensate for the top two bits of a */ ++ ++ if (top2b & 01) { ++ l ^= b << 30; ++ h ^= b >> 2; ++ } ++ if (top2b & 02) { ++ l ^= b << 31; ++ h ^= b >> 1; ++ } ++ ++ *r1 = h; ++ *r0 = l; ++} + #endif + #if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) +- { +- register BN_ULONG h, l, s; +- BN_ULONG tab[16], top3b = a >> 61; +- register BN_ULONG a1, a2, a4, a8; +- +- a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1; +- +- tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2; +- tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4; +- tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8; +- tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8; +- +- s = tab[b & 0xF]; l = s; +- s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60; +- s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56; +- s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52; +- s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48; +- s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44; +- s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40; +- s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36; +- s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32; +- s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28; +- s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24; +- s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20; +- s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16; +- s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12; +- s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8; +- s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4; +- +- /* compensate for the top three bits of a */ +- +- if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } +- if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } +- if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } +- +- *r1 = h; *r0 = l; +- } ++static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, ++ const BN_ULONG b) ++{ ++ register BN_ULONG h, l, s; ++ BN_ULONG tab[16], top3b = a >> 61; ++ register BN_ULONG a1, a2, a4, a8; ++ ++ a1 = a & (0x1FFFFFFFFFFFFFFFULL); ++ a2 = a1 << 1; ++ a4 = a2 << 1; ++ a8 = a4 << 1; ++ ++ tab[0] = 0; ++ tab[1] = a1; ++ tab[2] = a2; ++ tab[3] = a1 ^ a2; ++ tab[4] = a4; ++ tab[5] = a1 ^ a4; ++ tab[6] = a2 ^ a4; ++ tab[7] = a1 ^ a2 ^ a4; ++ tab[8] = a8; ++ tab[9] = a1 ^ a8; ++ tab[10] = a2 ^ a8; ++ tab[11] = a1 ^ a2 ^ a8; ++ tab[12] = a4 ^ a8; ++ tab[13] = a1 ^ a4 ^ a8; ++ tab[14] = a2 ^ a4 ^ a8; ++ tab[15] = a1 ^ a2 ^ a4 ^ a8; ++ ++ s = tab[b & 0xF]; ++ l = s; ++ s = tab[b >> 4 & 0xF]; ++ l ^= s << 4; ++ h = s >> 60; ++ s = tab[b >> 8 & 0xF]; ++ l ^= s << 8; ++ h ^= s >> 56; ++ s = tab[b >> 12 & 0xF]; ++ l ^= s << 12; ++ h ^= s >> 52; ++ s = tab[b >> 16 & 0xF]; ++ l ^= s << 16; ++ h ^= s >> 48; ++ s = tab[b >> 20 & 0xF]; ++ l ^= s << 20; ++ h ^= s >> 44; ++ s = tab[b >> 24 & 0xF]; ++ l ^= s << 24; ++ h ^= s >> 40; ++ s = tab[b >> 28 & 0xF]; ++ l ^= s << 28; ++ h ^= s >> 36; ++ s = tab[b >> 32 & 0xF]; ++ l ^= s << 32; ++ h ^= s >> 32; ++ s = tab[b >> 36 & 0xF]; ++ l ^= s << 36; ++ h ^= s >> 28; ++ s = tab[b >> 40 & 0xF]; ++ l ^= s << 40; ++ h ^= s >> 24; ++ s = tab[b >> 44 & 0xF]; ++ l ^= s << 44; ++ h ^= s >> 20; ++ s = tab[b >> 48 & 0xF]; ++ l ^= s << 48; ++ h ^= s >> 16; ++ s = tab[b >> 52 & 0xF]; ++ l ^= s << 52; ++ h ^= s >> 12; ++ s = tab[b >> 56 & 0xF]; ++ l ^= s << 56; ++ h ^= s >> 8; ++ s = tab[b >> 60]; ++ l ^= s << 60; ++ h ^= s >> 4; ++ ++ /* compensate for the top three bits of a */ ++ ++ if (top3b & 01) { ++ l ^= b << 61; ++ h ^= b >> 3; ++ } ++ if (top3b & 02) { ++ l ^= b << 62; ++ h ^= b >> 2; ++ } ++ if (top3b & 04) { ++ l ^= b << 63; ++ h ^= b >> 1; ++ } ++ ++ *r1 = h; ++ *r0 = l; ++} + #endif + +-/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, +- * result is a polynomial r with degree < 4 * BN_BITS2 - 1 +- * The caller MUST ensure that the variables have the right amount +- * of space allocated. ++/* ++ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, ++ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST ++ * ensure that the variables have the right amount of space allocated. + */ +-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0) +- { +- BN_ULONG m1, m0; +- /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ +- bn_GF2m_mul_1x1(r+3, r+2, a1, b1); +- bn_GF2m_mul_1x1(r+1, r, a0, b0); +- bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); +- /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ +- r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ +- r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ +- } +- +- +-/* Add polynomials a and b and store result in r; r could be a or b, a and b ++static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, ++ const BN_ULONG b1, const BN_ULONG b0) ++{ ++ BN_ULONG m1, m0; ++ /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ ++ bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1); ++ bn_GF2m_mul_1x1(r + 1, r, a0, b0); ++ bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); ++ /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ ++ r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ ++ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ ++} ++ ++/* ++ * Add polynomials a and b and store result in r; r could be a or b, a and b + * could be equal; r is the bitwise XOR of a and b. + */ +-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +- { +- int i; +- const BIGNUM *at, *bt; +- +- bn_check_top(a); +- bn_check_top(b); +- +- if (a->top < b->top) { at = b; bt = a; } +- else { at = a; bt = b; } +- +- if(bn_wexpand(r, at->top) == NULL) +- return 0; +- +- for (i = 0; i < bt->top; i++) +- { +- r->d[i] = at->d[i] ^ bt->d[i]; +- } +- for (; i < at->top; i++) +- { +- r->d[i] = at->d[i]; +- } +- +- r->top = at->top; +- bn_correct_top(r); +- +- return 1; +- } +- +- +-/* Some functions allow for representation of the irreducible polynomials ++int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) ++{ ++ int i; ++ const BIGNUM *at, *bt; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ if (a->top < b->top) { ++ at = b; ++ bt = a; ++ } else { ++ at = a; ++ bt = b; ++ } ++ ++ if (bn_wexpand(r, at->top) == NULL) ++ return 0; ++ ++ for (i = 0; i < bt->top; i++) { ++ r->d[i] = at->d[i] ^ bt->d[i]; ++ } ++ for (; i < at->top; i++) { ++ r->d[i] = at->d[i]; ++ } ++ ++ r->top = at->top; ++ bn_correct_top(r); ++ ++ return 1; ++} ++ ++/*- ++ * Some functions allow for representation of the irreducible polynomials + * as an int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ + +- + /* Performs modular reduction of a and store result in r. r could be a. */ + int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]) +- { +- int j, k; +- int n, dN, d0, d1; +- BN_ULONG zz, *z; +- +- bn_check_top(a); +- +- if (!p[0]) +- { +- /* reduction mod 1 => return 0 */ +- BN_zero(r); +- return 1; +- } +- +- /* Since the algorithm does reduction in the r value, if a != r, copy +- * the contents of a into r so we can do reduction in r. +- */ +- if (a != r) +- { +- if (!bn_wexpand(r, a->top)) return 0; +- for (j = 0; j < a->top; j++) +- { +- r->d[j] = a->d[j]; +- } +- r->top = a->top; +- } +- z = r->d; +- +- /* start reduction */ +- dN = p[0] / BN_BITS2; +- for (j = r->top - 1; j > dN;) +- { +- zz = z[j]; +- if (z[j] == 0) { j--; continue; } +- z[j] = 0; +- +- for (k = 1; p[k] != 0; k++) +- { +- /* reducing component t^p[k] */ +- n = p[0] - p[k]; +- d0 = n % BN_BITS2; d1 = BN_BITS2 - d0; +- n /= BN_BITS2; +- z[j-n] ^= (zz>>d0); +- if (d0) z[j-n-1] ^= (zz<> d0); +- if (d0) z[j-n-1] ^= (zz << d1); +- } +- +- /* final round of reduction */ +- while (j == dN) +- { +- +- d0 = p[0] % BN_BITS2; +- zz = z[dN] >> d0; +- if (zz == 0) break; +- d1 = BN_BITS2 - d0; +- +- /* clear up the top d1 bits */ +- if (d0) +- z[dN] = (z[dN] << d1) >> d1; +- else +- z[dN] = 0; +- z[0] ^= zz; /* reduction t^0 component */ +- +- for (k = 1; p[k] != 0; k++) +- { +- BN_ULONG tmp_ulong; +- +- /* reducing component t^p[k]*/ +- n = p[k] / BN_BITS2; +- d0 = p[k] % BN_BITS2; +- d1 = BN_BITS2 - d0; +- z[n] ^= (zz << d0); +- tmp_ulong = zz >> d1; +- if (d0 && tmp_ulong) +- z[n+1] ^= tmp_ulong; +- } +- +- +- } +- +- bn_correct_top(r); +- return 1; +- } +- +-/* Performs modular reduction of a by p and store result in r. r could be a. +- * ++{ ++ int j, k; ++ int n, dN, d0, d1; ++ BN_ULONG zz, *z; ++ ++ bn_check_top(a); ++ ++ if (!p[0]) { ++ /* reduction mod 1 => return 0 */ ++ BN_zero(r); ++ return 1; ++ } ++ ++ /* ++ * Since the algorithm does reduction in the r value, if a != r, copy the ++ * contents of a into r so we can do reduction in r. ++ */ ++ if (a != r) { ++ if (!bn_wexpand(r, a->top)) ++ return 0; ++ for (j = 0; j < a->top; j++) { ++ r->d[j] = a->d[j]; ++ } ++ r->top = a->top; ++ } ++ z = r->d; ++ ++ /* start reduction */ ++ dN = p[0] / BN_BITS2; ++ for (j = r->top - 1; j > dN;) { ++ zz = z[j]; ++ if (z[j] == 0) { ++ j--; ++ continue; ++ } ++ z[j] = 0; ++ ++ for (k = 1; p[k] != 0; k++) { ++ /* reducing component t^p[k] */ ++ n = p[0] - p[k]; ++ d0 = n % BN_BITS2; ++ d1 = BN_BITS2 - d0; ++ n /= BN_BITS2; ++ z[j - n] ^= (zz >> d0); ++ if (d0) ++ z[j - n - 1] ^= (zz << d1); ++ } ++ ++ /* reducing component t^0 */ ++ n = dN; ++ d0 = p[0] % BN_BITS2; ++ d1 = BN_BITS2 - d0; ++ z[j - n] ^= (zz >> d0); ++ if (d0) ++ z[j - n - 1] ^= (zz << d1); ++ } ++ ++ /* final round of reduction */ ++ while (j == dN) { ++ ++ d0 = p[0] % BN_BITS2; ++ zz = z[dN] >> d0; ++ if (zz == 0) ++ break; ++ d1 = BN_BITS2 - d0; ++ ++ /* clear up the top d1 bits */ ++ if (d0) ++ z[dN] = (z[dN] << d1) >> d1; ++ else ++ z[dN] = 0; ++ z[0] ^= zz; /* reduction t^0 component */ ++ ++ for (k = 1; p[k] != 0; k++) { ++ BN_ULONG tmp_ulong; ++ ++ /* reducing component t^p[k] */ ++ n = p[k] / BN_BITS2; ++ d0 = p[k] % BN_BITS2; ++ d1 = BN_BITS2 - d0; ++ z[n] ^= (zz << d0); ++ tmp_ulong = zz >> d1; ++ if (d0 && tmp_ulong) ++ z[n + 1] ^= tmp_ulong; ++ } ++ ++ } ++ ++ bn_correct_top(r); ++ return 1; ++} ++ ++/* ++ * Performs modular reduction of a by p and store result in r. r could be a. + * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper +- * function is only provided for convenience; for best performance, use the ++ * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_arr function. + */ +-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) +- { +- int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr=NULL; +- bn_check_top(a); +- bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) +- { +- BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH); +- goto err; +- } +- ret = BN_GF2m_mod_arr(r, a, arr); +- bn_check_top(r); +-err: +- if (arr) OPENSSL_free(arr); +- return ret; +- } +- +- +-/* Compute the product of two polynomials a and b, reduce modulo p, and store ++int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) ++{ ++ int ret = 0; ++ const int max = BN_num_bits(p); ++ unsigned int *arr = NULL; ++ bn_check_top(a); ++ bn_check_top(p); ++ if ((arr = ++ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ goto err; ++ ret = BN_GF2m_poly2arr(p, arr, max); ++ if (!ret || ret > max) { ++ BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); ++ goto err; ++ } ++ ret = BN_GF2m_mod_arr(r, a, arr); ++ bn_check_top(r); ++ err: ++ if (arr) ++ OPENSSL_free(arr); ++ return ret; ++} ++ ++/* ++ * Compute the product of two polynomials a and b, reduce modulo p, and store + * the result in r. r could be a or b; a could be b. + */ +-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) +- { +- int zlen, i, j, k, ret = 0; +- BIGNUM *s; +- BN_ULONG x1, x0, y1, y0, zz[4]; +- +- bn_check_top(a); +- bn_check_top(b); +- +- if (a == b) +- { +- return BN_GF2m_mod_sqr_arr(r, a, p, ctx); +- } +- +- BN_CTX_start(ctx); +- if ((s = BN_CTX_get(ctx)) == NULL) goto err; +- +- zlen = a->top + b->top + 4; +- if (!bn_wexpand(s, zlen)) goto err; +- s->top = zlen; +- +- for (i = 0; i < zlen; i++) s->d[i] = 0; +- +- for (j = 0; j < b->top; j += 2) +- { +- y0 = b->d[j]; +- y1 = ((j+1) == b->top) ? 0 : b->d[j+1]; +- for (i = 0; i < a->top; i += 2) +- { +- x0 = a->d[i]; +- x1 = ((i+1) == a->top) ? 0 : a->d[i+1]; +- bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); +- for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k]; +- } +- } +- +- bn_correct_top(s); +- if (BN_GF2m_mod_arr(r, s, p)) +- ret = 1; +- bn_check_top(r); +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Compute the product of two polynomials a and b, reduce modulo p, and store +- * the result in r. r could be a or b; a could equal b. +- * +- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper +- * function is only provided for convenience; for best performance, use the ++int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const unsigned int p[], BN_CTX *ctx) ++{ ++ int zlen, i, j, k, ret = 0; ++ BIGNUM *s; ++ BN_ULONG x1, x0, y1, y0, zz[4]; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ if (a == b) { ++ return BN_GF2m_mod_sqr_arr(r, a, p, ctx); ++ } ++ ++ BN_CTX_start(ctx); ++ if ((s = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ ++ zlen = a->top + b->top + 4; ++ if (!bn_wexpand(s, zlen)) ++ goto err; ++ s->top = zlen; ++ ++ for (i = 0; i < zlen; i++) ++ s->d[i] = 0; ++ ++ for (j = 0; j < b->top; j += 2) { ++ y0 = b->d[j]; ++ y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1]; ++ for (i = 0; i < a->top; i += 2) { ++ x0 = a->d[i]; ++ x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1]; ++ bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); ++ for (k = 0; k < 4; k++) ++ s->d[i + j + k] ^= zz[k]; ++ } ++ } ++ ++ bn_correct_top(s); ++ if (BN_GF2m_mod_arr(r, s, p)) ++ ret = 1; ++ bn_check_top(r); ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/* ++ * Compute the product of two polynomials a and b, reduce modulo p, and store ++ * the result in r. r could be a or b; a could equal b. This function calls ++ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is ++ * only provided for convenience; for best performance, use the + * BN_GF2m_mod_mul_arr function. + */ +-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) +- { +- int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr=NULL; +- bn_check_top(a); +- bn_check_top(b); +- bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) +- { +- BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH); +- goto err; +- } +- ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); +- bn_check_top(r); +-err: +- if (arr) OPENSSL_free(arr); +- return ret; +- } +- ++int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx) ++{ ++ int ret = 0; ++ const int max = BN_num_bits(p); ++ unsigned int *arr = NULL; ++ bn_check_top(a); ++ bn_check_top(b); ++ bn_check_top(p); ++ if ((arr = ++ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ goto err; ++ ret = BN_GF2m_poly2arr(p, arr, max); ++ if (!ret || ret > max) { ++ BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH); ++ goto err; ++ } ++ ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); ++ bn_check_top(r); ++ err: ++ if (arr) ++ OPENSSL_free(arr); ++ return ret; ++} + + /* Square a, reduce the result mod p, and store it in a. r could be a. */ +-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) +- { +- int i, ret = 0; +- BIGNUM *s; +- +- bn_check_top(a); +- BN_CTX_start(ctx); +- if ((s = BN_CTX_get(ctx)) == NULL) return 0; +- if (!bn_wexpand(s, 2 * a->top)) goto err; +- +- for (i = a->top - 1; i >= 0; i--) +- { +- s->d[2*i+1] = SQR1(a->d[i]); +- s->d[2*i ] = SQR0(a->d[i]); +- } +- +- s->top = 2 * a->top; +- bn_correct_top(s); +- if (!BN_GF2m_mod_arr(r, s, p)) goto err; +- bn_check_top(r); +- ret = 1; +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Square a, reduce the result mod p, and store it in a. r could be a. +- * +- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper +- * function is only provided for convenience; for best performance, use the +- * BN_GF2m_mod_sqr_arr function. ++int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], ++ BN_CTX *ctx) ++{ ++ int i, ret = 0; ++ BIGNUM *s; ++ ++ bn_check_top(a); ++ BN_CTX_start(ctx); ++ if ((s = BN_CTX_get(ctx)) == NULL) ++ return 0; ++ if (!bn_wexpand(s, 2 * a->top)) ++ goto err; ++ ++ for (i = a->top - 1; i >= 0; i--) { ++ s->d[2 * i + 1] = SQR1(a->d[i]); ++ s->d[2 * i] = SQR0(a->d[i]); ++ } ++ ++ s->top = 2 * a->top; ++ bn_correct_top(s); ++ if (!BN_GF2m_mod_arr(r, s, p)) ++ goto err; ++ bn_check_top(r); ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/* ++ * Square a, reduce the result mod p, and store it in a. r could be a. This ++ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this ++ * wrapper function is only provided for convenience; for best performance, ++ * use the BN_GF2m_mod_sqr_arr function. + */ +-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +- { +- int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr=NULL; +- +- bn_check_top(a); +- bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) +- { +- BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH); +- goto err; +- } +- ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); +- bn_check_top(r); +-err: +- if (arr) OPENSSL_free(arr); +- return ret; +- } +- +- +-/* Invert a, reduce modulo p, and store the result in r. r could be a. +- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from +- * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation +- * of Elliptic Curve Cryptography Over Binary Fields". ++int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ++{ ++ int ret = 0; ++ const int max = BN_num_bits(p); ++ unsigned int *arr = NULL; ++ ++ bn_check_top(a); ++ bn_check_top(p); ++ if ((arr = ++ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ goto err; ++ ret = BN_GF2m_poly2arr(p, arr, max); ++ if (!ret || ret > max) { ++ BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH); ++ goto err; ++ } ++ ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); ++ bn_check_top(r); ++ err: ++ if (arr) ++ OPENSSL_free(arr); ++ return ret; ++} ++ ++/* ++ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses ++ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D., ++ * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic ++ * Curve Cryptography Over Binary Fields". + */ + int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +- { +- BIGNUM *b, *c, *u, *v, *tmp; +- int ret = 0; +- +- bn_check_top(a); +- bn_check_top(p); +- +- BN_CTX_start(ctx); +- +- b = BN_CTX_get(ctx); +- c = BN_CTX_get(ctx); +- u = BN_CTX_get(ctx); +- v = BN_CTX_get(ctx); +- if (v == NULL) goto err; +- +- if (!BN_one(b)) goto err; +- if (!BN_GF2m_mod(u, a, p)) goto err; +- if (!BN_copy(v, p)) goto err; +- +- if (BN_is_zero(u)) goto err; +- +- while (1) +- { +- while (!BN_is_odd(u)) +- { +- if (BN_is_zero(u)) goto err; +- if (!BN_rshift1(u, u)) goto err; +- if (BN_is_odd(b)) +- { +- if (!BN_GF2m_add(b, b, p)) goto err; +- } +- if (!BN_rshift1(b, b)) goto err; +- } +- +- if (BN_abs_is_word(u, 1)) break; +- +- if (BN_num_bits(u) < BN_num_bits(v)) +- { +- tmp = u; u = v; v = tmp; +- tmp = b; b = c; c = tmp; +- } +- +- if (!BN_GF2m_add(u, u, v)) goto err; +- if (!BN_GF2m_add(b, b, c)) goto err; +- } +- +- +- if (!BN_copy(r, b)) goto err; +- bn_check_top(r); +- ret = 1; +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Invert xx, reduce modulo p, and store the result in r. r could be xx. +- * +- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper +- * function is only provided for convenience; for best performance, use the +- * BN_GF2m_mod_inv function. +- */ +-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) +- { +- BIGNUM *field; +- int ret = 0; +- +- bn_check_top(xx); +- BN_CTX_start(ctx); +- if ((field = BN_CTX_get(ctx)) == NULL) goto err; +- if (!BN_GF2m_arr2poly(p, field)) goto err; +- +- ret = BN_GF2m_mod_inv(r, xx, field, ctx); +- bn_check_top(r); +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } ++{ ++ BIGNUM *b, *c, *u, *v, *tmp; ++ int ret = 0; ++ ++ bn_check_top(a); ++ bn_check_top(p); ++ ++ BN_CTX_start(ctx); ++ ++ b = BN_CTX_get(ctx); ++ c = BN_CTX_get(ctx); ++ u = BN_CTX_get(ctx); ++ v = BN_CTX_get(ctx); ++ if (v == NULL) ++ goto err; ++ ++ if (!BN_one(b)) ++ goto err; ++ if (!BN_GF2m_mod(u, a, p)) ++ goto err; ++ if (!BN_copy(v, p)) ++ goto err; ++ ++ if (BN_is_zero(u)) ++ goto err; ++ ++ while (1) { ++ while (!BN_is_odd(u)) { ++ if (BN_is_zero(u)) ++ goto err; ++ if (!BN_rshift1(u, u)) ++ goto err; ++ if (BN_is_odd(b)) { ++ if (!BN_GF2m_add(b, b, p)) ++ goto err; ++ } ++ if (!BN_rshift1(b, b)) ++ goto err; ++ } ++ ++ if (BN_abs_is_word(u, 1)) ++ break; ++ ++ if (BN_num_bits(u) < BN_num_bits(v)) { ++ tmp = u; ++ u = v; ++ v = tmp; ++ tmp = b; ++ b = c; ++ c = tmp; ++ } ++ ++ if (!BN_GF2m_add(u, u, v)) ++ goto err; ++ if (!BN_GF2m_add(b, b, c)) ++ goto err; ++ } ++ ++ if (!BN_copy(r, b)) ++ goto err; ++ bn_check_top(r); ++ ret = 1; ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} + ++/* ++ * Invert xx, reduce modulo p, and store the result in r. r could be xx. ++ * This function calls down to the BN_GF2m_mod_inv implementation; this ++ * wrapper function is only provided for convenience; for best performance, ++ * use the BN_GF2m_mod_inv function. ++ */ ++int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], ++ BN_CTX *ctx) ++{ ++ BIGNUM *field; ++ int ret = 0; ++ ++ bn_check_top(xx); ++ BN_CTX_start(ctx); ++ if ((field = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ if (!BN_GF2m_arr2poly(p, field)) ++ goto err; ++ ++ ret = BN_GF2m_mod_inv(r, xx, field, ctx); ++ bn_check_top(r); ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} + + #ifndef OPENSSL_SUN_GF2M_DIV +-/* Divide y by x, reduce modulo p, and store the result in r. r could be x ++/* ++ * Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. + */ +-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) +- { +- BIGNUM *xinv = NULL; +- int ret = 0; +- +- bn_check_top(y); +- bn_check_top(x); +- bn_check_top(p); +- +- BN_CTX_start(ctx); +- xinv = BN_CTX_get(ctx); +- if (xinv == NULL) goto err; +- +- if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err; +- if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err; +- bn_check_top(r); +- ret = 1; +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } ++int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, ++ const BIGNUM *p, BN_CTX *ctx) ++{ ++ BIGNUM *xinv = NULL; ++ int ret = 0; ++ ++ bn_check_top(y); ++ bn_check_top(x); ++ bn_check_top(p); ++ ++ BN_CTX_start(ctx); ++ xinv = BN_CTX_get(ctx); ++ if (xinv == NULL) ++ goto err; ++ ++ if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) ++ goto err; ++ if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) ++ goto err; ++ bn_check_top(r); ++ ret = 1; ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} + #else +-/* Divide y by x, reduce modulo p, and store the result in r. r could be x +- * or y, x could equal y. +- * Uses algorithm Modular_Division_GF(2^m) from +- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to +- * the Great Divide". ++/* ++ * Divide y by x, reduce modulo p, and store the result in r. r could be x ++ * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from ++ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the ++ * Great Divide". + */ +-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx) +- { +- BIGNUM *a, *b, *u, *v; +- int ret = 0; +- +- bn_check_top(y); +- bn_check_top(x); +- bn_check_top(p); +- +- BN_CTX_start(ctx); +- +- a = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- u = BN_CTX_get(ctx); +- v = BN_CTX_get(ctx); +- if (v == NULL) goto err; +- +- /* reduce x and y mod p */ +- if (!BN_GF2m_mod(u, y, p)) goto err; +- if (!BN_GF2m_mod(a, x, p)) goto err; +- if (!BN_copy(b, p)) goto err; +- +- while (!BN_is_odd(a)) +- { +- if (!BN_rshift1(a, a)) goto err; +- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; +- if (!BN_rshift1(u, u)) goto err; +- } +- +- do +- { +- if (BN_GF2m_cmp(b, a) > 0) +- { +- if (!BN_GF2m_add(b, b, a)) goto err; +- if (!BN_GF2m_add(v, v, u)) goto err; +- do +- { +- if (!BN_rshift1(b, b)) goto err; +- if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err; +- if (!BN_rshift1(v, v)) goto err; +- } while (!BN_is_odd(b)); +- } +- else if (BN_abs_is_word(a, 1)) +- break; +- else +- { +- if (!BN_GF2m_add(a, a, b)) goto err; +- if (!BN_GF2m_add(u, u, v)) goto err; +- do +- { +- if (!BN_rshift1(a, a)) goto err; +- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err; +- if (!BN_rshift1(u, u)) goto err; +- } while (!BN_is_odd(a)); +- } +- } while (1); +- +- if (!BN_copy(r, u)) goto err; +- bn_check_top(r); +- ret = 1; +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } ++int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, ++ const BIGNUM *p, BN_CTX *ctx) ++{ ++ BIGNUM *a, *b, *u, *v; ++ int ret = 0; ++ ++ bn_check_top(y); ++ bn_check_top(x); ++ bn_check_top(p); ++ ++ BN_CTX_start(ctx); ++ ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ u = BN_CTX_get(ctx); ++ v = BN_CTX_get(ctx); ++ if (v == NULL) ++ goto err; ++ ++ /* reduce x and y mod p */ ++ if (!BN_GF2m_mod(u, y, p)) ++ goto err; ++ if (!BN_GF2m_mod(a, x, p)) ++ goto err; ++ if (!BN_copy(b, p)) ++ goto err; ++ ++ while (!BN_is_odd(a)) { ++ if (!BN_rshift1(a, a)) ++ goto err; ++ if (BN_is_odd(u)) ++ if (!BN_GF2m_add(u, u, p)) ++ goto err; ++ if (!BN_rshift1(u, u)) ++ goto err; ++ } ++ ++ do { ++ if (BN_GF2m_cmp(b, a) > 0) { ++ if (!BN_GF2m_add(b, b, a)) ++ goto err; ++ if (!BN_GF2m_add(v, v, u)) ++ goto err; ++ do { ++ if (!BN_rshift1(b, b)) ++ goto err; ++ if (BN_is_odd(v)) ++ if (!BN_GF2m_add(v, v, p)) ++ goto err; ++ if (!BN_rshift1(v, v)) ++ goto err; ++ } while (!BN_is_odd(b)); ++ } else if (BN_abs_is_word(a, 1)) ++ break; ++ else { ++ if (!BN_GF2m_add(a, a, b)) ++ goto err; ++ if (!BN_GF2m_add(u, u, v)) ++ goto err; ++ do { ++ if (!BN_rshift1(a, a)) ++ goto err; ++ if (BN_is_odd(u)) ++ if (!BN_GF2m_add(u, u, p)) ++ goto err; ++ if (!BN_rshift1(u, u)) ++ goto err; ++ } while (!BN_is_odd(a)); ++ } ++ } while (1); ++ ++ if (!BN_copy(r, u)) ++ goto err; ++ bn_check_top(r); ++ ret = 1; ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} + #endif + +-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx +- * or yy, xx could equal yy. +- * +- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper +- * function is only provided for convenience; for best performance, use the +- * BN_GF2m_mod_div function. ++/* ++ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx ++ * * or yy, xx could equal yy. This function calls down to the ++ * BN_GF2m_mod_div implementation; this wrapper function is only provided for ++ * convenience; for best performance, use the BN_GF2m_mod_div function. + */ +-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx) +- { +- BIGNUM *field; +- int ret = 0; +- +- bn_check_top(yy); +- bn_check_top(xx); +- +- BN_CTX_start(ctx); +- if ((field = BN_CTX_get(ctx)) == NULL) goto err; +- if (!BN_GF2m_arr2poly(p, field)) goto err; +- +- ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); +- bn_check_top(r); +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +- +-/* Compute the bth power of a, reduce modulo p, and store +- * the result in r. r could be a. +- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363. ++int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, ++ const unsigned int p[], BN_CTX *ctx) ++{ ++ BIGNUM *field; ++ int ret = 0; ++ ++ bn_check_top(yy); ++ bn_check_top(xx); ++ ++ BN_CTX_start(ctx); ++ if ((field = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ if (!BN_GF2m_arr2poly(p, field)) ++ goto err; ++ ++ ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); ++ bn_check_top(r); ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/* ++ * Compute the bth power of a, reduce modulo p, and store the result in r. r ++ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE ++ * P1363. + */ +-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx) +- { +- int ret = 0, i, n; +- BIGNUM *u; +- +- bn_check_top(a); +- bn_check_top(b); +- +- if (BN_is_zero(b)) +- return(BN_one(r)); +- +- if (BN_abs_is_word(b, 1)) +- return (BN_copy(r, a) != NULL); +- +- BN_CTX_start(ctx); +- if ((u = BN_CTX_get(ctx)) == NULL) goto err; +- +- if (!BN_GF2m_mod_arr(u, a, p)) goto err; +- +- n = BN_num_bits(b) - 1; +- for (i = n - 1; i >= 0; i--) +- { +- if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err; +- if (BN_is_bit_set(b, i)) +- { +- if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err; +- } +- } +- if (!BN_copy(r, u)) goto err; +- bn_check_top(r); +- ret = 1; +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Compute the bth power of a, reduce modulo p, and store +- * the result in r. r could be a. +- * +- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper +- * function is only provided for convenience; for best performance, use the +- * BN_GF2m_mod_exp_arr function. ++int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const unsigned int p[], BN_CTX *ctx) ++{ ++ int ret = 0, i, n; ++ BIGNUM *u; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ if (BN_is_zero(b)) ++ return (BN_one(r)); ++ ++ if (BN_abs_is_word(b, 1)) ++ return (BN_copy(r, a) != NULL); ++ ++ BN_CTX_start(ctx); ++ if ((u = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ ++ if (!BN_GF2m_mod_arr(u, a, p)) ++ goto err; ++ ++ n = BN_num_bits(b) - 1; ++ for (i = n - 1; i >= 0; i--) { ++ if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) ++ goto err; ++ if (BN_is_bit_set(b, i)) { ++ if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) ++ goto err; ++ } ++ } ++ if (!BN_copy(r, u)) ++ goto err; ++ bn_check_top(r); ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/* ++ * Compute the bth power of a, reduce modulo p, and store the result in r. r ++ * could be a. This function calls down to the BN_GF2m_mod_exp_arr ++ * implementation; this wrapper function is only provided for convenience; ++ * for best performance, use the BN_GF2m_mod_exp_arr function. + */ +-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx) +- { +- int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr=NULL; +- bn_check_top(a); +- bn_check_top(b); +- bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) +- { +- BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH); +- goto err; +- } +- ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); +- bn_check_top(r); +-err: +- if (arr) OPENSSL_free(arr); +- return ret; +- } +- +-/* Compute the square root of a, reduce modulo p, and store +- * the result in r. r could be a. +- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363. ++int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx) ++{ ++ int ret = 0; ++ const int max = BN_num_bits(p); ++ unsigned int *arr = NULL; ++ bn_check_top(a); ++ bn_check_top(b); ++ bn_check_top(p); ++ if ((arr = ++ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ goto err; ++ ret = BN_GF2m_poly2arr(p, arr, max); ++ if (!ret || ret > max) { ++ BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH); ++ goto err; ++ } ++ ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); ++ bn_check_top(r); ++ err: ++ if (arr) ++ OPENSSL_free(arr); ++ return ret; ++} ++ ++/* ++ * Compute the square root of a, reduce modulo p, and store the result in r. ++ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363. + */ +-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx) +- { +- int ret = 0; +- BIGNUM *u; +- +- bn_check_top(a); +- +- if (!p[0]) +- { +- /* reduction mod 1 => return 0 */ +- BN_zero(r); +- return 1; +- } +- +- BN_CTX_start(ctx); +- if ((u = BN_CTX_get(ctx)) == NULL) goto err; +- +- if (!BN_set_bit(u, p[0] - 1)) goto err; +- ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); +- bn_check_top(r); +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Compute the square root of a, reduce modulo p, and store +- * the result in r. r could be a. +- * +- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper +- * function is only provided for convenience; for best performance, use the +- * BN_GF2m_mod_sqrt_arr function. ++int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], ++ BN_CTX *ctx) ++{ ++ int ret = 0; ++ BIGNUM *u; ++ ++ bn_check_top(a); ++ ++ if (!p[0]) { ++ /* reduction mod 1 => return 0 */ ++ BN_zero(r); ++ return 1; ++ } ++ ++ BN_CTX_start(ctx); ++ if ((u = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ ++ if (!BN_set_bit(u, p[0] - 1)) ++ goto err; ++ ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); ++ bn_check_top(r); ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/* ++ * Compute the square root of a, reduce modulo p, and store the result in r. ++ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr ++ * implementation; this wrapper function is only provided for convenience; ++ * for best performance, use the BN_GF2m_mod_sqrt_arr function. + */ + int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +- { +- int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr=NULL; +- bn_check_top(a); +- bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) +- { +- BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH); +- goto err; +- } +- ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); +- bn_check_top(r); +-err: +- if (arr) OPENSSL_free(arr); +- return ret; +- } +- +-/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. +- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363. ++{ ++ int ret = 0; ++ const int max = BN_num_bits(p); ++ unsigned int *arr = NULL; ++ bn_check_top(a); ++ bn_check_top(p); ++ if ((arr = ++ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) ++ goto err; ++ ret = BN_GF2m_poly2arr(p, arr, max); ++ if (!ret || ret > max) { ++ BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH); ++ goto err; ++ } ++ ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); ++ bn_check_top(r); ++ err: ++ if (arr) ++ OPENSSL_free(arr); ++ return ret; ++} ++ ++/* ++ * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns ++ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363. + */ +-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx) +- { +- int ret = 0, count = 0; +- unsigned int j; +- BIGNUM *a, *z, *rho, *w, *w2, *tmp; +- +- bn_check_top(a_); +- +- if (!p[0]) +- { +- /* reduction mod 1 => return 0 */ +- BN_zero(r); +- return 1; +- } +- +- BN_CTX_start(ctx); +- a = BN_CTX_get(ctx); +- z = BN_CTX_get(ctx); +- w = BN_CTX_get(ctx); +- if (w == NULL) goto err; +- +- if (!BN_GF2m_mod_arr(a, a_, p)) goto err; +- +- if (BN_is_zero(a)) +- { +- BN_zero(r); +- ret = 1; +- goto err; +- } +- +- if (p[0] & 0x1) /* m is odd */ +- { +- /* compute half-trace of a */ +- if (!BN_copy(z, a)) goto err; +- for (j = 1; j <= (p[0] - 1) / 2; j++) +- { +- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; +- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; +- if (!BN_GF2m_add(z, z, a)) goto err; +- } +- +- } +- else /* m is even */ +- { +- rho = BN_CTX_get(ctx); +- w2 = BN_CTX_get(ctx); +- tmp = BN_CTX_get(ctx); +- if (tmp == NULL) goto err; +- do +- { +- if (!BN_rand(rho, p[0], 0, 0)) goto err; +- if (!BN_GF2m_mod_arr(rho, rho, p)) goto err; +- BN_zero(z); +- if (!BN_copy(w, rho)) goto err; +- for (j = 1; j <= p[0] - 1; j++) +- { +- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err; +- if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err; +- if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err; +- if (!BN_GF2m_add(z, z, tmp)) goto err; +- if (!BN_GF2m_add(w, w2, rho)) goto err; +- } +- count++; +- } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); +- if (BN_is_zero(w)) +- { +- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS); +- goto err; +- } +- } +- +- if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err; +- if (!BN_GF2m_add(w, z, w)) goto err; +- if (BN_GF2m_cmp(w, a)) +- { +- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); +- goto err; +- } +- +- if (!BN_copy(r, z)) goto err; +- bn_check_top(r); +- +- ret = 1; +- +-err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. +- * +- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper +- * function is only provided for convenience; for best performance, use the +- * BN_GF2m_mod_solve_quad_arr function. ++int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, ++ const unsigned int p[], BN_CTX *ctx) ++{ ++ int ret = 0, count = 0; ++ unsigned int j; ++ BIGNUM *a, *z, *rho, *w, *w2, *tmp; ++ ++ bn_check_top(a_); ++ ++ if (!p[0]) { ++ /* reduction mod 1 => return 0 */ ++ BN_zero(r); ++ return 1; ++ } ++ ++ BN_CTX_start(ctx); ++ a = BN_CTX_get(ctx); ++ z = BN_CTX_get(ctx); ++ w = BN_CTX_get(ctx); ++ if (w == NULL) ++ goto err; ++ ++ if (!BN_GF2m_mod_arr(a, a_, p)) ++ goto err; ++ ++ if (BN_is_zero(a)) { ++ BN_zero(r); ++ ret = 1; ++ goto err; ++ } ++ ++ if (p[0] & 0x1) { /* m is odd */ ++ /* compute half-trace of a */ ++ if (!BN_copy(z, a)) ++ goto err; ++ for (j = 1; j <= (p[0] - 1) / 2; j++) { ++ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) ++ goto err; ++ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z, z, a)) ++ goto err; ++ } ++ ++ } else { /* m is even */ ++ ++ rho = BN_CTX_get(ctx); ++ w2 = BN_CTX_get(ctx); ++ tmp = BN_CTX_get(ctx); ++ if (tmp == NULL) ++ goto err; ++ do { ++ if (!BN_rand(rho, p[0], 0, 0)) ++ goto err; ++ if (!BN_GF2m_mod_arr(rho, rho, p)) ++ goto err; ++ BN_zero(z); ++ if (!BN_copy(w, rho)) ++ goto err; ++ for (j = 1; j <= p[0] - 1; j++) { ++ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) ++ goto err; ++ if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) ++ goto err; ++ if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z, z, tmp)) ++ goto err; ++ if (!BN_GF2m_add(w, w2, rho)) ++ goto err; ++ } ++ count++; ++ } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); ++ if (BN_is_zero(w)) { ++ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS); ++ goto err; ++ } ++ } ++ ++ if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) ++ goto err; ++ if (!BN_GF2m_add(w, z, w)) ++ goto err; ++ if (BN_GF2m_cmp(w, a)) { ++ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION); ++ goto err; ++ } ++ ++ if (!BN_copy(r, z)) ++ goto err; ++ bn_check_top(r); ++ ++ ret = 1; ++ ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/* ++ * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns ++ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr ++ * implementation; this wrapper function is only provided for convenience; ++ * for best performance, use the BN_GF2m_mod_solve_quad_arr function. + */ +-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +- { +- int ret = 0; +- const int max = BN_num_bits(p); +- unsigned int *arr=NULL; +- bn_check_top(a); +- bn_check_top(p); +- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * +- max)) == NULL) goto err; +- ret = BN_GF2m_poly2arr(p, arr, max); +- if (!ret || ret > max) +- { +- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH); +- goto err; +- } +- ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); +- bn_check_top(r); +-err: +- if (arr) OPENSSL_free(arr); +- return ret; +- } +- +-/* Convert the bit-string representation of a polynomial +- * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array +- * of integers corresponding to the bits with non-zero coefficient. +- * Up to max elements of the array will be filled. Return value is total +- * number of coefficients that would be extracted if array was large enough. ++int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx) ++{ ++ int ret = 0; ++ const int max = BN_num_bits(p); ++ unsigned int *arr = NULL; ++ bn_check_top(a); ++ bn_check_top(p); ++ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * ++ max)) == NULL) ++ goto err; ++ ret = BN_GF2m_poly2arr(p, arr, max); ++ if (!ret || ret > max) { ++ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH); ++ goto err; ++ } ++ ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); ++ bn_check_top(r); ++ err: ++ if (arr) ++ OPENSSL_free(arr); ++ return ret; ++} ++ ++/* ++ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * ++ * x^i , where a_0 is *not* zero) into an array of integers corresponding to ++ * the bits with non-zero coefficient. Up to max elements of the array will ++ * be filled. Return value is total number of coefficients that would be ++ * extracted if array was large enough. + */ + int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max) +- { +- int i, j, k = 0; +- BN_ULONG mask; +- +- if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) +- /* a_0 == 0 => return error (the unsigned int array +- * must be terminated by 0) +- */ +- return 0; +- +- for (i = a->top - 1; i >= 0; i--) +- { +- if (!a->d[i]) +- /* skip word if a->d[i] == 0 */ +- continue; +- mask = BN_TBIT; +- for (j = BN_BITS2 - 1; j >= 0; j--) +- { +- if (a->d[i] & mask) +- { +- if (k < max) p[k] = BN_BITS2 * i + j; +- k++; +- } +- mask >>= 1; +- } +- } +- +- return k; +- } +- +-/* Convert the coefficient array representation of a polynomial to a ++{ ++ int i, j, k = 0; ++ BN_ULONG mask; ++ ++ if (BN_is_zero(a) || !BN_is_bit_set(a, 0)) ++ /* ++ * a_0 == 0 => return error (the unsigned int array must be ++ * terminated by 0) ++ */ ++ return 0; ++ ++ for (i = a->top - 1; i >= 0; i--) { ++ if (!a->d[i]) ++ /* skip word if a->d[i] == 0 */ ++ continue; ++ mask = BN_TBIT; ++ for (j = BN_BITS2 - 1; j >= 0; j--) { ++ if (a->d[i] & mask) { ++ if (k < max) ++ p[k] = BN_BITS2 * i + j; ++ k++; ++ } ++ mask >>= 1; ++ } ++ } ++ ++ return k; ++} ++ ++/* ++ * Convert the coefficient array representation of a polynomial to a + * bit-string. The array must be terminated by 0. + */ + int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) +- { +- int i; +- +- bn_check_top(a); +- BN_zero(a); +- for (i = 0; p[i] != 0; i++) +- { +- if (BN_set_bit(a, p[i]) == 0) +- return 0; +- } +- BN_set_bit(a, 0); +- bn_check_top(a); +- +- return 1; +- } +- +-/* +- * Constant-time conditional swap of a and b. ++{ ++ int i; ++ ++ bn_check_top(a); ++ BN_zero(a); ++ for (i = 0; p[i] != 0; i++) { ++ if (BN_set_bit(a, p[i]) == 0) ++ return 0; ++ } ++ BN_set_bit(a, 0); ++ bn_check_top(a); ++ ++ return 1; ++} ++ ++/* ++ * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ + void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) +- { +- BN_ULONG t; +- int i; ++{ ++ BN_ULONG t; ++ int i; + +- bn_wcheck_size(a, nwords); +- bn_wcheck_size(b, nwords); ++ bn_wcheck_size(a, nwords); ++ bn_wcheck_size(b, nwords); + +- assert(a != b); +- assert((condition & (condition - 1)) == 0); +- assert(sizeof(BN_ULONG) >= sizeof(int)); ++ assert(a != b); ++ assert((condition & (condition - 1)) == 0); ++ assert(sizeof(BN_ULONG) >= sizeof(int)); + +- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; ++ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + +- t = (a->top^b->top) & condition; +- a->top ^= t; +- b->top ^= t; ++ t = (a->top ^ b->top) & condition; ++ a->top ^= t; ++ b->top ^= t; + + #define BN_CONSTTIME_SWAP(ind) \ +- do { \ +- t = (a->d[ind] ^ b->d[ind]) & condition; \ +- a->d[ind] ^= t; \ +- b->d[ind] ^= t; \ +- } while (0) +- +- +- switch (nwords) { +- default: +- for (i = 10; i < nwords; i++) +- BN_CONSTTIME_SWAP(i); +- /* Fallthrough */ +- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ +- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ +- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ +- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ +- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ +- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ +- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ +- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ +- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ +- case 1: BN_CONSTTIME_SWAP(0); +- } ++ do { \ ++ t = (a->d[ind] ^ b->d[ind]) & condition; \ ++ a->d[ind] ^= t; \ ++ b->d[ind] ^= t; \ ++ } while (0) ++ ++ switch (nwords) { ++ default: ++ for (i = 10; i < nwords; i++) ++ BN_CONSTTIME_SWAP(i); ++ /* Fallthrough */ ++ case 10: ++ BN_CONSTTIME_SWAP(9); /* Fallthrough */ ++ case 9: ++ BN_CONSTTIME_SWAP(8); /* Fallthrough */ ++ case 8: ++ BN_CONSTTIME_SWAP(7); /* Fallthrough */ ++ case 7: ++ BN_CONSTTIME_SWAP(6); /* Fallthrough */ ++ case 6: ++ BN_CONSTTIME_SWAP(5); /* Fallthrough */ ++ case 5: ++ BN_CONSTTIME_SWAP(4); /* Fallthrough */ ++ case 4: ++ BN_CONSTTIME_SWAP(3); /* Fallthrough */ ++ case 3: ++ BN_CONSTTIME_SWAP(2); /* Fallthrough */ ++ case 2: ++ BN_CONSTTIME_SWAP(1); /* Fallthrough */ ++ case 1: ++ BN_CONSTTIME_SWAP(0); ++ } + #undef BN_CONSTTIME_SWAP + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +index 740359b..88d731a 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,124 +61,126 @@ + + /* Returns -2 for errors because both -1 and 0 are valid results. */ + int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- int i; +- int ret = -2; /* avoid 'uninitialized' warning */ +- int err = 0; +- BIGNUM *A, *B, *tmp; +- /* In 'tab', only odd-indexed entries are relevant: +- * For any odd BIGNUM n, +- * tab[BN_lsw(n) & 7] +- * is $(-1)^{(n^2-1)/8}$ (using TeX notation). +- * Note that the sign of n does not matter. +- */ +- static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; +- +- bn_check_top(a); +- bn_check_top(b); +- +- BN_CTX_start(ctx); +- A = BN_CTX_get(ctx); +- B = BN_CTX_get(ctx); +- if (B == NULL) goto end; +- +- err = !BN_copy(A, a); +- if (err) goto end; +- err = !BN_copy(B, b); +- if (err) goto end; +- +- /* +- * Kronecker symbol, imlemented according to Henri Cohen, +- * "A Course in Computational Algebraic Number Theory" +- * (algorithm 1.4.10). +- */ +- +- /* Cohen's step 1: */ +- +- if (BN_is_zero(B)) +- { +- ret = BN_abs_is_word(A, 1); +- goto end; +- } +- +- /* Cohen's step 2: */ +- +- if (!BN_is_odd(A) && !BN_is_odd(B)) +- { +- ret = 0; +- goto end; +- } +- +- /* now B is non-zero */ +- i = 0; +- while (!BN_is_bit_set(B, i)) +- i++; +- err = !BN_rshift(B, B, i); +- if (err) goto end; +- if (i & 1) +- { +- /* i is odd */ +- /* (thus B was even, thus A must be odd!) */ +- +- /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ +- ret = tab[BN_lsw(A) & 7]; +- } +- else +- { +- /* i is even */ +- ret = 1; +- } +- +- if (B->neg) +- { +- B->neg = 0; +- if (A->neg) +- ret = -ret; +- } +- +- /* now B is positive and odd, so what remains to be done is +- * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */ +- +- while (1) +- { +- /* Cohen's step 3: */ +- +- /* B is positive and odd */ +- +- if (BN_is_zero(A)) +- { +- ret = BN_is_one(B) ? ret : 0; +- goto end; +- } +- +- /* now A is non-zero */ +- i = 0; +- while (!BN_is_bit_set(A, i)) +- i++; +- err = !BN_rshift(A, A, i); +- if (err) goto end; +- if (i & 1) +- { +- /* i is odd */ +- /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ +- ret = ret * tab[BN_lsw(B) & 7]; +- } +- +- /* Cohen's step 4: */ +- /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ +- if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) +- ret = -ret; +- +- /* (A, B) := (B mod |A|, |A|) */ +- err = !BN_nnmod(B, B, A, ctx); +- if (err) goto end; +- tmp = A; A = B; B = tmp; +- tmp->neg = 0; +- } +-end: +- BN_CTX_end(ctx); +- if (err) +- return -2; +- else +- return ret; +- } ++{ ++ int i; ++ int ret = -2; /* avoid 'uninitialized' warning */ ++ int err = 0; ++ BIGNUM *A, *B, *tmp; ++ /*- ++ * In 'tab', only odd-indexed entries are relevant: ++ * For any odd BIGNUM n, ++ * tab[BN_lsw(n) & 7] ++ * is $(-1)^{(n^2-1)/8}$ (using TeX notation). ++ * Note that the sign of n does not matter. ++ */ ++ static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ BN_CTX_start(ctx); ++ A = BN_CTX_get(ctx); ++ B = BN_CTX_get(ctx); ++ if (B == NULL) ++ goto end; ++ ++ err = !BN_copy(A, a); ++ if (err) ++ goto end; ++ err = !BN_copy(B, b); ++ if (err) ++ goto end; ++ ++ /* ++ * Kronecker symbol, imlemented according to Henri Cohen, ++ * "A Course in Computational Algebraic Number Theory" ++ * (algorithm 1.4.10). ++ */ ++ ++ /* Cohen's step 1: */ ++ ++ if (BN_is_zero(B)) { ++ ret = BN_abs_is_word(A, 1); ++ goto end; ++ } ++ ++ /* Cohen's step 2: */ ++ ++ if (!BN_is_odd(A) && !BN_is_odd(B)) { ++ ret = 0; ++ goto end; ++ } ++ ++ /* now B is non-zero */ ++ i = 0; ++ while (!BN_is_bit_set(B, i)) ++ i++; ++ err = !BN_rshift(B, B, i); ++ if (err) ++ goto end; ++ if (i & 1) { ++ /* i is odd */ ++ /* (thus B was even, thus A must be odd!) */ ++ ++ /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ ++ ret = tab[BN_lsw(A) & 7]; ++ } else { ++ /* i is even */ ++ ret = 1; ++ } ++ ++ if (B->neg) { ++ B->neg = 0; ++ if (A->neg) ++ ret = -ret; ++ } ++ ++ /* ++ * now B is positive and odd, so what remains to be done is to compute ++ * the Jacobi symbol (A/B) and multiply it by 'ret' ++ */ ++ ++ while (1) { ++ /* Cohen's step 3: */ ++ ++ /* B is positive and odd */ ++ ++ if (BN_is_zero(A)) { ++ ret = BN_is_one(B) ? ret : 0; ++ goto end; ++ } ++ ++ /* now A is non-zero */ ++ i = 0; ++ while (!BN_is_bit_set(A, i)) ++ i++; ++ err = !BN_rshift(A, A, i); ++ if (err) ++ goto end; ++ if (i & 1) { ++ /* i is odd */ ++ /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ ++ ret = ret * tab[BN_lsw(B) & 7]; ++ } ++ ++ /* Cohen's step 4: */ ++ /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ ++ if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) ++ ret = -ret; ++ ++ /* (A, B) := (B mod |A|, |A|) */ ++ err = !BN_nnmod(B, B, A, ctx); ++ if (err) ++ goto end; ++ tmp = A; ++ A = B; ++ B = tmp; ++ tmp->neg = 0; ++ } ++ end: ++ BN_CTX_end(ctx); ++ if (err) ++ return -2; ++ else ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +index c288844..becb957 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,7 +57,7 @@ + */ + + #ifndef BN_DEBUG +-# undef NDEBUG /* avoid conflicting definitions */ ++# undef NDEBUG /* avoid conflicting definitions */ + # define NDEBUG + #endif + +@@ -67,11 +67,12 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; ++const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; + + /* This stuff appears to be completely unused, so is deprecated */ + #ifndef OPENSSL_NO_DEPRECATED +-/* For a 32 bit machine ++/*- ++ * For a 32 bit machine + * 2 - 4 == 128 + * 3 - 8 == 256 + * 4 - 16 == 512 +@@ -80,756 +81,774 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT; + * 7 - 128 == 4096 + * 8 - 256 == 8192 + */ +-static int bn_limit_bits=0; +-static int bn_limit_num=8; /* (1<= 0) +- { +- if (mult > (int)(sizeof(int)*8)-1) +- mult=sizeof(int)*8-1; +- bn_limit_bits=mult; +- bn_limit_num=1<= 0) +- { +- if (high > (int)(sizeof(int)*8)-1) +- high=sizeof(int)*8-1; +- bn_limit_bits_high=high; +- bn_limit_num_high=1<= 0) +- { +- if (low > (int)(sizeof(int)*8)-1) +- low=sizeof(int)*8-1; +- bn_limit_bits_low=low; +- bn_limit_num_low=1<= 0) +- { +- if (mont > (int)(sizeof(int)*8)-1) +- mont=sizeof(int)*8-1; +- bn_limit_bits_mont=mont; +- bn_limit_num_mont=1<= 0) { ++ if (mult > (int)(sizeof(int) * 8) - 1) ++ mult = sizeof(int) * 8 - 1; ++ bn_limit_bits = mult; ++ bn_limit_num = 1 << mult; ++ } ++ if (high >= 0) { ++ if (high > (int)(sizeof(int) * 8) - 1) ++ high = sizeof(int) * 8 - 1; ++ bn_limit_bits_high = high; ++ bn_limit_num_high = 1 << high; ++ } ++ if (low >= 0) { ++ if (low > (int)(sizeof(int) * 8) - 1) ++ low = sizeof(int) * 8 - 1; ++ bn_limit_bits_low = low; ++ bn_limit_num_low = 1 << low; ++ } ++ if (mont >= 0) { ++ if (mont > (int)(sizeof(int) * 8) - 1) ++ mont = sizeof(int) * 8 - 1; ++ bn_limit_bits_mont = mont; ++ bn_limit_num_mont = 1 << mont; ++ } ++} + + int BN_get_params(int which) +- { +- if (which == 0) return(bn_limit_bits); +- else if (which == 1) return(bn_limit_bits_high); +- else if (which == 2) return(bn_limit_bits_low); +- else if (which == 3) return(bn_limit_bits_mont); +- else return(0); +- } ++{ ++ if (which == 0) ++ return (bn_limit_bits); ++ else if (which == 1) ++ return (bn_limit_bits_high); ++ else if (which == 2) ++ return (bn_limit_bits_low); ++ else if (which == 3) ++ return (bn_limit_bits_mont); ++ else ++ return (0); ++} + #endif + + const BIGNUM *BN_value_one(void) +- { +- static BN_ULONG data_one=1L; +- static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA}; ++{ ++ static BN_ULONG data_one = 1L; ++ static BIGNUM const_one = { &data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; + +- return(&const_one); +- } ++ return (&const_one); ++} + + int BN_num_bits_word(BN_ULONG l) +- { +- static const char bits[256]={ +- 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, +- 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, +- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, +- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, +- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, +- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, +- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, +- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, +- }; ++{ ++ static const char bits[256] = { ++ 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, ++ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, ++ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, ++ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, ++ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, ++ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, ++ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, ++ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, ++ }; + + #if defined(SIXTY_FOUR_BIT_LONG) +- if (l & 0xffffffff00000000L) +- { +- if (l & 0xffff000000000000L) +- { +- if (l & 0xff00000000000000L) +- { +- return(bits[(int)(l>>56)]+56); +- } +- else return(bits[(int)(l>>48)]+48); +- } +- else +- { +- if (l & 0x0000ff0000000000L) +- { +- return(bits[(int)(l>>40)]+40); +- } +- else return(bits[(int)(l>>32)]+32); +- } +- } +- else ++ if (l & 0xffffffff00000000L) { ++ if (l & 0xffff000000000000L) { ++ if (l & 0xff00000000000000L) { ++ return (bits[(int)(l >> 56)] + 56); ++ } else ++ return (bits[(int)(l >> 48)] + 48); ++ } else { ++ if (l & 0x0000ff0000000000L) { ++ return (bits[(int)(l >> 40)] + 40); ++ } else ++ return (bits[(int)(l >> 32)] + 32); ++ } ++ } else + #else +-#ifdef SIXTY_FOUR_BIT +- if (l & 0xffffffff00000000LL) +- { +- if (l & 0xffff000000000000LL) +- { +- if (l & 0xff00000000000000LL) +- { +- return(bits[(int)(l>>56)]+56); +- } +- else return(bits[(int)(l>>48)]+48); +- } +- else +- { +- if (l & 0x0000ff0000000000LL) +- { +- return(bits[(int)(l>>40)]+40); +- } +- else return(bits[(int)(l>>32)]+32); +- } +- } +- else +-#endif ++# ifdef SIXTY_FOUR_BIT ++ if (l & 0xffffffff00000000LL) { ++ if (l & 0xffff000000000000LL) { ++ if (l & 0xff00000000000000LL) { ++ return (bits[(int)(l >> 56)] + 56); ++ } else ++ return (bits[(int)(l >> 48)] + 48); ++ } else { ++ if (l & 0x0000ff0000000000LL) { ++ return (bits[(int)(l >> 40)] + 40); ++ } else ++ return (bits[(int)(l >> 32)] + 32); ++ } ++ } else ++# endif + #endif +- { ++ { + #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +- if (l & 0xffff0000L) +- { +- if (l & 0xff000000L) +- return(bits[(int)(l>>24L)]+24); +- else return(bits[(int)(l>>16L)]+16); +- } +- else ++ if (l & 0xffff0000L) { ++ if (l & 0xff000000L) ++ return (bits[(int)(l >> 24L)] + 24); ++ else ++ return (bits[(int)(l >> 16L)] + 16); ++ } else + #endif +- { ++ { + #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) +- if (l & 0xff00L) +- return(bits[(int)(l>>8)]+8); +- else ++ if (l & 0xff00L) ++ return (bits[(int)(l >> 8)] + 8); ++ else + #endif +- return(bits[(int)(l )] ); +- } +- } +- } ++ return (bits[(int)(l)]); ++ } ++ } ++} + + int BN_num_bits(const BIGNUM *a) +- { +- int i = a->top - 1; +- bn_check_top(a); ++{ ++ int i = a->top - 1; ++ bn_check_top(a); + +- if (BN_is_zero(a)) return 0; +- return ((i*BN_BITS2) + BN_num_bits_word(a->d[i])); +- } ++ if (BN_is_zero(a)) ++ return 0; ++ return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); ++} + + void BN_clear_free(BIGNUM *a) +- { +- int i; +- +- if (a == NULL) return; +- bn_check_top(a); +- if (a->d != NULL) +- { +- OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0])); +- if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) +- OPENSSL_free(a->d); +- } +- i=BN_get_flags(a,BN_FLG_MALLOCED); +- OPENSSL_cleanse(a,sizeof(BIGNUM)); +- if (i) +- OPENSSL_free(a); +- } ++{ ++ int i; ++ ++ if (a == NULL) ++ return; ++ bn_check_top(a); ++ if (a->d != NULL) { ++ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); ++ if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) ++ OPENSSL_free(a->d); ++ } ++ i = BN_get_flags(a, BN_FLG_MALLOCED); ++ OPENSSL_cleanse(a, sizeof(BIGNUM)); ++ if (i) ++ OPENSSL_free(a); ++} + + void BN_free(BIGNUM *a) +- { +- if (a == NULL) return; +- bn_check_top(a); +- if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) +- OPENSSL_free(a->d); +- if (a->flags & BN_FLG_MALLOCED) +- OPENSSL_free(a); +- else +- { ++{ ++ if (a == NULL) ++ return; ++ bn_check_top(a); ++ if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) ++ OPENSSL_free(a->d); ++ if (a->flags & BN_FLG_MALLOCED) ++ OPENSSL_free(a); ++ else { + #ifndef OPENSSL_NO_DEPRECATED +- a->flags|=BN_FLG_FREE; ++ a->flags |= BN_FLG_FREE; + #endif +- a->d = NULL; +- } +- } ++ a->d = NULL; ++ } ++} + + void BN_init(BIGNUM *a) +- { +- memset(a,0,sizeof(BIGNUM)); +- bn_check_top(a); +- } ++{ ++ memset(a, 0, sizeof(BIGNUM)); ++ bn_check_top(a); ++} + + BIGNUM *BN_new(void) +- { +- BIGNUM *ret; +- +- if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) +- { +- BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- ret->flags=BN_FLG_MALLOCED; +- ret->top=0; +- ret->neg=0; +- ret->dmax=0; +- ret->d=NULL; +- bn_check_top(ret); +- return(ret); +- } ++{ ++ BIGNUM *ret; ++ ++ if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { ++ BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ret->flags = BN_FLG_MALLOCED; ++ ret->top = 0; ++ ret->neg = 0; ++ ret->dmax = 0; ++ ret->d = NULL; ++ bn_check_top(ret); ++ return (ret); ++} + + /* This is used both by bn_expand2() and bn_dup_expand() */ + /* The caller MUST check that words > b->dmax before calling this */ + static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) +- { +- BN_ULONG *A,*a = NULL; +- const BN_ULONG *B; +- int i; +- +- bn_check_top(b); +- +- if (words > (INT_MAX/(4*BN_BITS2))) +- { +- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); +- return NULL; +- } +- if (BN_get_flags(b,BN_FLG_STATIC_DATA)) +- { +- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); +- return(NULL); +- } +- a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words); +- if (A == NULL) +- { +- BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } ++{ ++ BN_ULONG *A, *a = NULL; ++ const BN_ULONG *B; ++ int i; ++ ++ bn_check_top(b); ++ ++ if (words > (INT_MAX / (4 * BN_BITS2))) { ++ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); ++ return NULL; ++ } ++ if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { ++ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); ++ return (NULL); ++ } ++ a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); ++ if (A == NULL) { ++ BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } + #ifdef PURIFY +- /* Valgrind complains in BN_consttime_swap because we process the whole +- * array even if it's not initialised yet. This doesn't matter in that +- * function - what's important is constant time operation (we're not +- * actually going to use the data) +- */ +- memset(a, 0, sizeof(BN_ULONG)*words); ++ /* ++ * Valgrind complains in BN_consttime_swap because we process the whole ++ * array even if it's not initialised yet. This doesn't matter in that ++ * function - what's important is constant time operation (we're not ++ * actually going to use the data) ++ */ ++ memset(a, 0, sizeof(BN_ULONG) * words); + #endif + + #if 1 +- B=b->d; +- /* Check if the previous number needs to be copied */ +- if (B != NULL) +- { +- for (i=b->top>>2; i>0; i--,A+=4,B+=4) +- { +- /* +- * The fact that the loop is unrolled +- * 4-wise is a tribute to Intel. It's +- * the one that doesn't have enough +- * registers to accomodate more data. +- * I'd unroll it 8-wise otherwise:-) +- * +- * +- */ +- BN_ULONG a0,a1,a2,a3; +- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; +- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; +- } +- switch (b->top&3) +- { +- case 3: A[2]=B[2]; +- case 2: A[1]=B[1]; +- case 1: A[0]=B[0]; +- case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does +- * the switch table by doing a=top&3; a--; goto jump_table[a]; +- * which fails for top== 0 */ +- ; +- } +- } +- ++ B = b->d; ++ /* Check if the previous number needs to be copied */ ++ if (B != NULL) { ++ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { ++ /* ++ * The fact that the loop is unrolled ++ * 4-wise is a tribute to Intel. It's ++ * the one that doesn't have enough ++ * registers to accomodate more data. ++ * I'd unroll it 8-wise otherwise:-) ++ * ++ * ++ */ ++ BN_ULONG a0, a1, a2, a3; ++ a0 = B[0]; ++ a1 = B[1]; ++ a2 = B[2]; ++ a3 = B[3]; ++ A[0] = a0; ++ A[1] = a1; ++ A[2] = a2; ++ A[3] = a3; ++ } ++ /* ++ * workaround for ultrix cc: without 'case 0', the optimizer does ++ * the switch table by doing a=top&3; a--; goto jump_table[a]; ++ * which fails for top== 0 ++ */ ++ switch (b->top & 3) { ++ case 3: ++ A[2] = B[2]; ++ case 2: ++ A[1] = B[1]; ++ case 1: ++ A[0] = B[0]; ++ case 0: ++ ; ++ } ++ } + #else +- memset(A,0,sizeof(BN_ULONG)*words); +- memcpy(A,b->d,sizeof(b->d[0])*b->top); ++ memset(A, 0, sizeof(BN_ULONG) * words); ++ memcpy(A, b->d, sizeof(b->d[0]) * b->top); + #endif +- +- return(a); +- } +- +-/* This is an internal function that can be used instead of bn_expand2() +- * when there is a need to copy BIGNUMs instead of only expanding the +- * data part, while still expanding them. +- * Especially useful when needing to expand BIGNUMs that are declared +- * 'const' and should therefore not be changed. +- * The reason to use this instead of a BN_dup() followed by a bn_expand2() +- * is memory allocation overhead. A BN_dup() followed by a bn_expand2() +- * will allocate new memory for the BIGNUM data twice, and free it once, +- * while bn_dup_expand() makes sure allocation is made only once. ++ ++ return (a); ++} ++ ++/* ++ * This is an internal function that can be used instead of bn_expand2() when ++ * there is a need to copy BIGNUMs instead of only expanding the data part, ++ * while still expanding them. Especially useful when needing to expand ++ * BIGNUMs that are declared 'const' and should therefore not be changed. The ++ * reason to use this instead of a BN_dup() followed by a bn_expand2() is ++ * memory allocation overhead. A BN_dup() followed by a bn_expand2() will ++ * allocate new memory for the BIGNUM data twice, and free it once, while ++ * bn_dup_expand() makes sure allocation is made only once. + */ + + #ifndef OPENSSL_NO_DEPRECATED + BIGNUM *bn_dup_expand(const BIGNUM *b, int words) +- { +- BIGNUM *r = NULL; +- +- bn_check_top(b); +- +- /* This function does not work if +- * words <= b->dmax && top < words +- * because BN_dup() does not preserve 'dmax'! +- * (But bn_dup_expand() is not used anywhere yet.) +- */ +- +- if (words > b->dmax) +- { +- BN_ULONG *a = bn_expand_internal(b, words); +- +- if (a) +- { +- r = BN_new(); +- if (r) +- { +- r->top = b->top; +- r->dmax = words; +- r->neg = b->neg; +- r->d = a; +- } +- else +- { +- /* r == NULL, BN_new failure */ +- OPENSSL_free(a); +- } +- } +- /* If a == NULL, there was an error in allocation in +- bn_expand_internal(), and NULL should be returned */ +- } +- else +- { +- r = BN_dup(b); +- } +- +- bn_check_top(r); +- return r; +- } ++{ ++ BIGNUM *r = NULL; ++ ++ bn_check_top(b); ++ ++ /* ++ * This function does not work if words <= b->dmax && top < words because ++ * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used ++ * anywhere yet.) ++ */ ++ ++ if (words > b->dmax) { ++ BN_ULONG *a = bn_expand_internal(b, words); ++ ++ if (a) { ++ r = BN_new(); ++ if (r) { ++ r->top = b->top; ++ r->dmax = words; ++ r->neg = b->neg; ++ r->d = a; ++ } else { ++ /* r == NULL, BN_new failure */ ++ OPENSSL_free(a); ++ } ++ } ++ /* ++ * If a == NULL, there was an error in allocation in ++ * bn_expand_internal(), and NULL should be returned ++ */ ++ } else { ++ r = BN_dup(b); ++ } ++ ++ bn_check_top(r); ++ return r; ++} + #endif + +-/* This is an internal function that should not be used in applications. +- * It ensures that 'b' has enough room for a 'words' word number +- * and initialises any unused part of b->d with leading zeros. +- * It is mostly used by the various BIGNUM routines. If there is an error, +- * NULL is returned. If not, 'b' is returned. */ ++/* ++ * This is an internal function that should not be used in applications. It ++ * ensures that 'b' has enough room for a 'words' word number and initialises ++ * any unused part of b->d with leading zeros. It is mostly used by the ++ * various BIGNUM routines. If there is an error, NULL is returned. If not, ++ * 'b' is returned. ++ */ + + BIGNUM *bn_expand2(BIGNUM *b, int words) +- { +- bn_check_top(b); +- +- if (words > b->dmax) +- { +- BN_ULONG *a = bn_expand_internal(b, words); +- if(!a) return NULL; +- if(b->d) OPENSSL_free(b->d); +- b->d=a; +- b->dmax=words; +- } ++{ ++ bn_check_top(b); ++ ++ if (words > b->dmax) { ++ BN_ULONG *a = bn_expand_internal(b, words); ++ if (!a) ++ return NULL; ++ if (b->d) ++ OPENSSL_free(b->d); ++ b->d = a; ++ b->dmax = words; ++ } + + /* None of this should be necessary because of what b->top means! */ + #if 0 +- /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ +- if (b->top < b->dmax) +- { +- int i; +- BN_ULONG *A = &(b->d[b->top]); +- for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) +- { +- A[0]=0; A[1]=0; A[2]=0; A[3]=0; +- A[4]=0; A[5]=0; A[6]=0; A[7]=0; +- } +- for (i=(b->dmax - b->top)&7; i>0; i--,A++) +- A[0]=0; +- assert(A == &(b->d[b->dmax])); +- } ++ /* ++ * NB: bn_wexpand() calls this only if the BIGNUM really has to grow ++ */ ++ if (b->top < b->dmax) { ++ int i; ++ BN_ULONG *A = &(b->d[b->top]); ++ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { ++ A[0] = 0; ++ A[1] = 0; ++ A[2] = 0; ++ A[3] = 0; ++ A[4] = 0; ++ A[5] = 0; ++ A[6] = 0; ++ A[7] = 0; ++ } ++ for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) ++ A[0] = 0; ++ assert(A == &(b->d[b->dmax])); ++ } + #endif +- bn_check_top(b); +- return b; +- } ++ bn_check_top(b); ++ return b; ++} + + BIGNUM *BN_dup(const BIGNUM *a) +- { +- BIGNUM *t; +- +- if (a == NULL) return NULL; +- bn_check_top(a); +- +- t = BN_new(); +- if (t == NULL) return NULL; +- if(!BN_copy(t, a)) +- { +- BN_free(t); +- return NULL; +- } +- bn_check_top(t); +- return t; +- } ++{ ++ BIGNUM *t; ++ ++ if (a == NULL) ++ return NULL; ++ bn_check_top(a); ++ ++ t = BN_new(); ++ if (t == NULL) ++ return NULL; ++ if (!BN_copy(t, a)) { ++ BN_free(t); ++ return NULL; ++ } ++ bn_check_top(t); ++ return t; ++} + + BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) +- { +- int i; +- BN_ULONG *A; +- const BN_ULONG *B; ++{ ++ int i; ++ BN_ULONG *A; ++ const BN_ULONG *B; + +- bn_check_top(b); ++ bn_check_top(b); + +- if (a == b) return(a); +- if (bn_wexpand(a,b->top) == NULL) return(NULL); ++ if (a == b) ++ return (a); ++ if (bn_wexpand(a, b->top) == NULL) ++ return (NULL); + + #if 1 +- A=a->d; +- B=b->d; +- for (i=b->top>>2; i>0; i--,A+=4,B+=4) +- { +- BN_ULONG a0,a1,a2,a3; +- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; +- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; +- } +- switch (b->top&3) +- { +- case 3: A[2]=B[2]; +- case 2: A[1]=B[1]; +- case 1: A[0]=B[0]; +- case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ +- } ++ A = a->d; ++ B = b->d; ++ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { ++ BN_ULONG a0, a1, a2, a3; ++ a0 = B[0]; ++ a1 = B[1]; ++ a2 = B[2]; ++ a3 = B[3]; ++ A[0] = a0; ++ A[1] = a1; ++ A[2] = a2; ++ A[3] = a3; ++ } ++ /* ultrix cc workaround, see comments in bn_expand_internal */ ++ switch (b->top & 3) { ++ case 3: ++ A[2] = B[2]; ++ case 2: ++ A[1] = B[1]; ++ case 1: ++ A[0] = B[0]; ++ case 0:; ++ } + #else +- memcpy(a->d,b->d,sizeof(b->d[0])*b->top); ++ memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); + #endif + +- a->top=b->top; +- a->neg=b->neg; +- bn_check_top(a); +- return(a); +- } ++ a->top = b->top; ++ a->neg = b->neg; ++ bn_check_top(a); ++ return (a); ++} + + void BN_swap(BIGNUM *a, BIGNUM *b) +- { +- int flags_old_a, flags_old_b; +- BN_ULONG *tmp_d; +- int tmp_top, tmp_dmax, tmp_neg; +- +- bn_check_top(a); +- bn_check_top(b); +- +- flags_old_a = a->flags; +- flags_old_b = b->flags; +- +- tmp_d = a->d; +- tmp_top = a->top; +- tmp_dmax = a->dmax; +- tmp_neg = a->neg; +- +- a->d = b->d; +- a->top = b->top; +- a->dmax = b->dmax; +- a->neg = b->neg; +- +- b->d = tmp_d; +- b->top = tmp_top; +- b->dmax = tmp_dmax; +- b->neg = tmp_neg; +- +- a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); +- b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); +- bn_check_top(a); +- bn_check_top(b); +- } ++{ ++ int flags_old_a, flags_old_b; ++ BN_ULONG *tmp_d; ++ int tmp_top, tmp_dmax, tmp_neg; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ flags_old_a = a->flags; ++ flags_old_b = b->flags; ++ ++ tmp_d = a->d; ++ tmp_top = a->top; ++ tmp_dmax = a->dmax; ++ tmp_neg = a->neg; ++ ++ a->d = b->d; ++ a->top = b->top; ++ a->dmax = b->dmax; ++ a->neg = b->neg; ++ ++ b->d = tmp_d; ++ b->top = tmp_top; ++ b->dmax = tmp_dmax; ++ b->neg = tmp_neg; ++ ++ a->flags = ++ (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); ++ b->flags = ++ (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); ++ bn_check_top(a); ++ bn_check_top(b); ++} + + void BN_clear(BIGNUM *a) +- { +- bn_check_top(a); +- if (a->d != NULL) +- memset(a->d,0,a->dmax*sizeof(a->d[0])); +- a->top=0; +- a->neg=0; +- } ++{ ++ bn_check_top(a); ++ if (a->d != NULL) ++ memset(a->d, 0, a->dmax * sizeof(a->d[0])); ++ a->top = 0; ++ a->neg = 0; ++} + + BN_ULONG BN_get_word(const BIGNUM *a) +- { +- if (a->top > 1) +- return BN_MASK2; +- else if (a->top == 1) +- return a->d[0]; +- /* a->top == 0 */ +- return 0; +- } ++{ ++ if (a->top > 1) ++ return BN_MASK2; ++ else if (a->top == 1) ++ return a->d[0]; ++ /* a->top == 0 */ ++ return 0; ++} + + int BN_set_word(BIGNUM *a, BN_ULONG w) +- { +- bn_check_top(a); +- if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0); +- a->neg = 0; +- a->d[0] = w; +- a->top = (w ? 1 : 0); +- bn_check_top(a); +- return(1); +- } ++{ ++ bn_check_top(a); ++ if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) ++ return (0); ++ a->neg = 0; ++ a->d[0] = w; ++ a->top = (w ? 1 : 0); ++ bn_check_top(a); ++ return (1); ++} + + BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) +- { +- unsigned int i,m; +- unsigned int n; +- BN_ULONG l; +- BIGNUM *bn = NULL; +- +- if (ret == NULL) +- ret = bn = BN_new(); +- if (ret == NULL) return(NULL); +- bn_check_top(ret); +- l=0; +- n=len; +- if (n == 0) +- { +- ret->top=0; +- return(ret); +- } +- i=((n-1)/BN_BYTES)+1; +- m=((n-1)%(BN_BYTES)); +- if (bn_wexpand(ret, (int)i) == NULL) +- { +- if (bn) BN_free(bn); +- return NULL; +- } +- ret->top=i; +- ret->neg=0; +- while (n--) +- { +- l=(l<<8L)| *(s++); +- if (m-- == 0) +- { +- ret->d[--i]=l; +- l=0; +- m=BN_BYTES-1; +- } +- } +- /* need to call this due to clear byte at top if avoiding +- * having the top bit set (-ve number) */ +- bn_correct_top(ret); +- return(ret); +- } ++{ ++ unsigned int i, m; ++ unsigned int n; ++ BN_ULONG l; ++ BIGNUM *bn = NULL; ++ ++ if (ret == NULL) ++ ret = bn = BN_new(); ++ if (ret == NULL) ++ return (NULL); ++ bn_check_top(ret); ++ l = 0; ++ n = len; ++ if (n == 0) { ++ ret->top = 0; ++ return (ret); ++ } ++ i = ((n - 1) / BN_BYTES) + 1; ++ m = ((n - 1) % (BN_BYTES)); ++ if (bn_wexpand(ret, (int)i) == NULL) { ++ if (bn) ++ BN_free(bn); ++ return NULL; ++ } ++ ret->top = i; ++ ret->neg = 0; ++ while (n--) { ++ l = (l << 8L) | *(s++); ++ if (m-- == 0) { ++ ret->d[--i] = l; ++ l = 0; ++ m = BN_BYTES - 1; ++ } ++ } ++ /* ++ * need to call this due to clear byte at top if avoiding having the top ++ * bit set (-ve number) ++ */ ++ bn_correct_top(ret); ++ return (ret); ++} + + /* ignore negative */ + int BN_bn2bin(const BIGNUM *a, unsigned char *to) +- { +- int n,i; +- BN_ULONG l; +- +- bn_check_top(a); +- n=i=BN_num_bytes(a); +- while (i--) +- { +- l=a->d[i/BN_BYTES]; +- *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; +- } +- return(n); +- } ++{ ++ int n, i; ++ BN_ULONG l; ++ ++ bn_check_top(a); ++ n = i = BN_num_bytes(a); ++ while (i--) { ++ l = a->d[i / BN_BYTES]; ++ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; ++ } ++ return (n); ++} + + int BN_ucmp(const BIGNUM *a, const BIGNUM *b) +- { +- int i; +- BN_ULONG t1,t2,*ap,*bp; +- +- bn_check_top(a); +- bn_check_top(b); +- +- i=a->top-b->top; +- if (i != 0) return(i); +- ap=a->d; +- bp=b->d; +- for (i=a->top-1; i>=0; i--) +- { +- t1= ap[i]; +- t2= bp[i]; +- if (t1 != t2) +- return((t1 > t2) ? 1 : -1); +- } +- return(0); +- } ++{ ++ int i; ++ BN_ULONG t1, t2, *ap, *bp; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ i = a->top - b->top; ++ if (i != 0) ++ return (i); ++ ap = a->d; ++ bp = b->d; ++ for (i = a->top - 1; i >= 0; i--) { ++ t1 = ap[i]; ++ t2 = bp[i]; ++ if (t1 != t2) ++ return ((t1 > t2) ? 1 : -1); ++ } ++ return (0); ++} + + int BN_cmp(const BIGNUM *a, const BIGNUM *b) +- { +- int i; +- int gt,lt; +- BN_ULONG t1,t2; +- +- if ((a == NULL) || (b == NULL)) +- { +- if (a != NULL) +- return(-1); +- else if (b != NULL) +- return(1); +- else +- return(0); +- } +- +- bn_check_top(a); +- bn_check_top(b); +- +- if (a->neg != b->neg) +- { +- if (a->neg) +- return(-1); +- else return(1); +- } +- if (a->neg == 0) +- { gt=1; lt= -1; } +- else { gt= -1; lt=1; } +- +- if (a->top > b->top) return(gt); +- if (a->top < b->top) return(lt); +- for (i=a->top-1; i>=0; i--) +- { +- t1=a->d[i]; +- t2=b->d[i]; +- if (t1 > t2) return(gt); +- if (t1 < t2) return(lt); +- } +- return(0); +- } ++{ ++ int i; ++ int gt, lt; ++ BN_ULONG t1, t2; ++ ++ if ((a == NULL) || (b == NULL)) { ++ if (a != NULL) ++ return (-1); ++ else if (b != NULL) ++ return (1); ++ else ++ return (0); ++ } ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ ++ if (a->neg != b->neg) { ++ if (a->neg) ++ return (-1); ++ else ++ return (1); ++ } ++ if (a->neg == 0) { ++ gt = 1; ++ lt = -1; ++ } else { ++ gt = -1; ++ lt = 1; ++ } ++ ++ if (a->top > b->top) ++ return (gt); ++ if (a->top < b->top) ++ return (lt); ++ for (i = a->top - 1; i >= 0; i--) { ++ t1 = a->d[i]; ++ t2 = b->d[i]; ++ if (t1 > t2) ++ return (gt); ++ if (t1 < t2) ++ return (lt); ++ } ++ return (0); ++} + + int BN_set_bit(BIGNUM *a, int n) +- { +- int i,j,k; +- +- if (n < 0) +- return 0; +- +- i=n/BN_BITS2; +- j=n%BN_BITS2; +- if (a->top <= i) +- { +- if (bn_wexpand(a,i+1) == NULL) return(0); +- for(k=a->top; kd[k]=0; +- a->top=i+1; +- } +- +- a->d[i]|=(((BN_ULONG)1)<top <= i) { ++ if (bn_wexpand(a, i + 1) == NULL) ++ return (0); ++ for (k = a->top; k < i + 1; k++) ++ a->d[k] = 0; ++ a->top = i + 1; ++ } ++ ++ a->d[i] |= (((BN_ULONG)1) << j); ++ bn_check_top(a); ++ return (1); ++} + + int BN_clear_bit(BIGNUM *a, int n) +- { +- int i,j; ++{ ++ int i, j; + +- bn_check_top(a); +- if (n < 0) return 0; ++ bn_check_top(a); ++ if (n < 0) ++ return 0; + +- i=n/BN_BITS2; +- j=n%BN_BITS2; +- if (a->top <= i) return(0); ++ i = n / BN_BITS2; ++ j = n % BN_BITS2; ++ if (a->top <= i) ++ return (0); + +- a->d[i]&=(~(((BN_ULONG)1)<d[i] &= (~(((BN_ULONG)1) << j)); ++ bn_correct_top(a); ++ return (1); ++} + + int BN_is_bit_set(const BIGNUM *a, int n) +- { +- int i,j; +- +- bn_check_top(a); +- if (n < 0) return 0; +- i=n/BN_BITS2; +- j=n%BN_BITS2; +- if (a->top <= i) return 0; +- return(((a->d[i])>>j)&((BN_ULONG)1)); +- } ++{ ++ int i, j; ++ ++ bn_check_top(a); ++ if (n < 0) ++ return 0; ++ i = n / BN_BITS2; ++ j = n % BN_BITS2; ++ if (a->top <= i) ++ return 0; ++ return (((a->d[i]) >> j) & ((BN_ULONG)1)); ++} + + int BN_mask_bits(BIGNUM *a, int n) +- { +- int b,w; +- +- bn_check_top(a); +- if (n < 0) return 0; +- +- w=n/BN_BITS2; +- b=n%BN_BITS2; +- if (w >= a->top) return 0; +- if (b == 0) +- a->top=w; +- else +- { +- a->top=w+1; +- a->d[w]&= ~(BN_MASK2<= a->top) ++ return 0; ++ if (b == 0) ++ a->top = w; ++ else { ++ a->top = w + 1; ++ a->d[w] &= ~(BN_MASK2 << b); ++ } ++ bn_correct_top(a); ++ return (1); ++} + + void BN_set_negative(BIGNUM *a, int b) +- { +- if (b && !BN_is_zero(a)) +- a->neg = 1; +- else +- a->neg = 0; +- } ++{ ++ if (b && !BN_is_zero(a)) ++ a->neg = 1; ++ else ++ a->neg = 0; ++} + + int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) +- { +- int i; +- BN_ULONG aa,bb; +- +- aa=a[n-1]; +- bb=b[n-1]; +- if (aa != bb) return((aa > bb)?1:-1); +- for (i=n-2; i>=0; i--) +- { +- aa=a[i]; +- bb=b[i]; +- if (aa != bb) return((aa > bb)?1:-1); +- } +- return(0); +- } +- +-/* Here follows a specialised variants of bn_cmp_words(). It has the +- property of performing the operation on arrays of different sizes. +- The sizes of those arrays is expressed through cl, which is the +- common length ( basicall, min(len(a),len(b)) ), and dl, which is the +- delta between the two lengths, calculated as len(a)-len(b). +- All lengths are the number of BN_ULONGs... */ +- +-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, +- int cl, int dl) +- { +- int n,i; +- n = cl-1; +- +- if (dl < 0) +- { +- for (i=dl; i<0; i++) +- { +- if (b[n-i] != 0) +- return -1; /* a < b */ +- } +- } +- if (dl > 0) +- { +- for (i=dl; i>0; i--) +- { +- if (a[n+i] != 0) +- return 1; /* a > b */ +- } +- } +- return bn_cmp_words(a,b,cl); +- } ++{ ++ int i; ++ BN_ULONG aa, bb; ++ ++ aa = a[n - 1]; ++ bb = b[n - 1]; ++ if (aa != bb) ++ return ((aa > bb) ? 1 : -1); ++ for (i = n - 2; i >= 0; i--) { ++ aa = a[i]; ++ bb = b[i]; ++ if (aa != bb) ++ return ((aa > bb) ? 1 : -1); ++ } ++ return (0); ++} ++ ++/* ++ * Here follows a specialised variants of bn_cmp_words(). It has the ++ * property of performing the operation on arrays of different sizes. The ++ * sizes of those arrays is expressed through cl, which is the common length ++ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the ++ * two lengths, calculated as len(a)-len(b). All lengths are the number of ++ * BN_ULONGs... ++ */ ++ ++int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) ++{ ++ int n, i; ++ n = cl - 1; ++ ++ if (dl < 0) { ++ for (i = dl; i < 0; i++) { ++ if (b[n - i] != 0) ++ return -1; /* a < b */ ++ } ++ } ++ if (dl > 0) { ++ for (i = dl; i > 0; i--) { ++ if (a[n + i] != 0) ++ return 1; /* a > b */ ++ } ++ } ++ return bn_cmp_words(a, b, cl); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +index 77d6ddb..ffbce89 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +@@ -1,6 +1,8 @@ + /* crypto/bn/bn_mod.c */ +-/* Includes code written by Lenka Fibikova +- * for the OpenSSL project. */ ++/* ++ * Includes code written by Lenka Fibikova ++ * for the OpenSSL project. ++ */ + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * +@@ -9,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,21 +62,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -89,10 +91,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -104,7 +106,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -114,188 +116,201 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +- +-#if 0 /* now just a #define */ ++#if 0 /* now just a #define */ + int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) +- { +- return(BN_div(NULL,rem,m,d,ctx)); +- /* note that rem->neg == m->neg (unless the remainder is zero) */ +- } ++{ ++ return (BN_div(NULL, rem, m, d, ctx)); ++ /* note that rem->neg == m->neg (unless the remainder is zero) */ ++} + #endif + +- + int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) +- { +- /* like BN_mod, but returns non-negative remainder +- * (i.e., 0 <= r < |d| always holds) */ +- +- if (!(BN_mod(r,m,d,ctx))) +- return 0; +- if (!r->neg) +- return 1; +- /* now -|d| < r < 0, so we have to set r := r + |d| */ +- return (d->neg ? BN_sub : BN_add)(r, r, d); ++{ ++ /* ++ * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d| ++ * always holds) ++ */ ++ ++ if (!(BN_mod(r, m, d, ctx))) ++ return 0; ++ if (!r->neg) ++ return 1; ++ /* now -|d| < r < 0, so we have to set r := r + |d| */ ++ return (d->neg ? BN_sub : BN_add) (r, r, d); + } + ++int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx) ++{ ++ if (!BN_add(r, a, b)) ++ return 0; ++ return BN_nnmod(r, r, m, ctx); ++} + +-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) +- { +- if (!BN_add(r, a, b)) return 0; +- return BN_nnmod(r, r, m, ctx); +- } +- +- +-/* BN_mod_add variant that may be used if both a and b are non-negative +- * and less than m */ +-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) +- { +- if (!BN_uadd(r, a, b)) return 0; +- if (BN_ucmp(r, m) >= 0) +- return BN_usub(r, r, m); +- return 1; +- } +- +- +-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) +- { +- if (!BN_sub(r, a, b)) return 0; +- return BN_nnmod(r, r, m, ctx); +- } +- ++/* ++ * BN_mod_add variant that may be used if both a and b are non-negative and ++ * less than m ++ */ ++int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m) ++{ ++ if (!BN_uadd(r, a, b)) ++ return 0; ++ if (BN_ucmp(r, m) >= 0) ++ return BN_usub(r, r, m); ++ return 1; ++} + +-/* BN_mod_sub variant that may be used if both a and b are non-negative +- * and less than m */ +-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) +- { +- if (!BN_sub(r, a, b)) return 0; +- if (r->neg) +- return BN_add(r, r, m); +- return 1; +- } ++int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx) ++{ ++ if (!BN_sub(r, a, b)) ++ return 0; ++ return BN_nnmod(r, r, m, ctx); ++} + ++/* ++ * BN_mod_sub variant that may be used if both a and b are non-negative and ++ * less than m ++ */ ++int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m) ++{ ++ if (!BN_sub(r, a, b)) ++ return 0; ++ if (r->neg) ++ return BN_add(r, r, m); ++ return 1; ++} + + /* slow but works */ + int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, +- BN_CTX *ctx) +- { +- BIGNUM *t; +- int ret=0; +- +- bn_check_top(a); +- bn_check_top(b); +- bn_check_top(m); +- +- BN_CTX_start(ctx); +- if ((t = BN_CTX_get(ctx)) == NULL) goto err; +- if (a == b) +- { if (!BN_sqr(t,a,ctx)) goto err; } +- else +- { if (!BN_mul(t,a,b,ctx)) goto err; } +- if (!BN_nnmod(r,t,m,ctx)) goto err; +- bn_check_top(r); +- ret=1; +-err: +- BN_CTX_end(ctx); +- return(ret); +- } +- ++ BN_CTX *ctx) ++{ ++ BIGNUM *t; ++ int ret = 0; ++ ++ bn_check_top(a); ++ bn_check_top(b); ++ bn_check_top(m); ++ ++ BN_CTX_start(ctx); ++ if ((t = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ if (a == b) { ++ if (!BN_sqr(t, a, ctx)) ++ goto err; ++ } else { ++ if (!BN_mul(t, a, b, ctx)) ++ goto err; ++ } ++ if (!BN_nnmod(r, t, m, ctx)) ++ goto err; ++ bn_check_top(r); ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return (ret); ++} + + int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) +- { +- if (!BN_sqr(r, a, ctx)) return 0; +- /* r->neg == 0, thus we don't need BN_nnmod */ +- return BN_mod(r, r, m, ctx); +- } +- ++{ ++ if (!BN_sqr(r, a, ctx)) ++ return 0; ++ /* r->neg == 0, thus we don't need BN_nnmod */ ++ return BN_mod(r, r, m, ctx); ++} + + int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) +- { +- if (!BN_lshift1(r, a)) return 0; +- bn_check_top(r); +- return BN_nnmod(r, r, m, ctx); +- } +- ++{ ++ if (!BN_lshift1(r, a)) ++ return 0; ++ bn_check_top(r); ++ return BN_nnmod(r, r, m, ctx); ++} + +-/* BN_mod_lshift1 variant that may be used if a is non-negative +- * and less than m */ ++/* ++ * BN_mod_lshift1 variant that may be used if a is non-negative and less than ++ * m ++ */ + int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) +- { +- if (!BN_lshift1(r, a)) return 0; +- bn_check_top(r); +- if (BN_cmp(r, m) >= 0) +- return BN_sub(r, r, m); +- return 1; +- } +- ++{ ++ if (!BN_lshift1(r, a)) ++ return 0; ++ bn_check_top(r); ++ if (BN_cmp(r, m) >= 0) ++ return BN_sub(r, r, m); ++ return 1; ++} + +-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) +- { +- BIGNUM *abs_m = NULL; +- int ret; ++int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ++ BN_CTX *ctx) ++{ ++ BIGNUM *abs_m = NULL; ++ int ret; + +- if (!BN_nnmod(r, a, m, ctx)) return 0; ++ if (!BN_nnmod(r, a, m, ctx)) ++ return 0; + +- if (m->neg) +- { +- abs_m = BN_dup(m); +- if (abs_m == NULL) return 0; +- abs_m->neg = 0; +- } +- +- ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); +- bn_check_top(r); ++ if (m->neg) { ++ abs_m = BN_dup(m); ++ if (abs_m == NULL) ++ return 0; ++ abs_m->neg = 0; ++ } + +- if (abs_m) +- BN_free(abs_m); +- return ret; +- } ++ ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); ++ bn_check_top(r); + ++ if (abs_m) ++ BN_free(abs_m); ++ return ret; ++} + +-/* BN_mod_lshift variant that may be used if a is non-negative +- * and less than m */ ++/* ++ * BN_mod_lshift variant that may be used if a is non-negative and less than ++ * m ++ */ + int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) +- { +- if (r != a) +- { +- if (BN_copy(r, a) == NULL) return 0; +- } +- +- while (n > 0) +- { +- int max_shift; +- +- /* 0 < r < m */ +- max_shift = BN_num_bits(m) - BN_num_bits(r); +- /* max_shift >= 0 */ +- +- if (max_shift < 0) +- { +- BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); +- return 0; +- } +- +- if (max_shift > n) +- max_shift = n; +- +- if (max_shift) +- { +- if (!BN_lshift(r, r, max_shift)) return 0; +- n -= max_shift; +- } +- else +- { +- if (!BN_lshift1(r, r)) return 0; +- --n; +- } +- +- /* BN_num_bits(r) <= BN_num_bits(m) */ +- +- if (BN_cmp(r, m) >= 0) +- { +- if (!BN_sub(r, r, m)) return 0; +- } +- } +- bn_check_top(r); +- +- return 1; +- } ++{ ++ if (r != a) { ++ if (BN_copy(r, a) == NULL) ++ return 0; ++ } ++ ++ while (n > 0) { ++ int max_shift; ++ ++ /* 0 < r < m */ ++ max_shift = BN_num_bits(m) - BN_num_bits(r); ++ /* max_shift >= 0 */ ++ ++ if (max_shift < 0) { ++ BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); ++ return 0; ++ } ++ ++ if (max_shift > n) ++ max_shift = n; ++ ++ if (max_shift) { ++ if (!BN_lshift(r, r, max_shift)) ++ return 0; ++ n -= max_shift; ++ } else { ++ if (!BN_lshift1(r, r)) ++ return 0; ++ --n; ++ } ++ ++ /* BN_num_bits(r) <= BN_num_bits(m) */ ++ ++ if (BN_cmp(r, m) >= 0) { ++ if (!BN_sub(r, r, m)) ++ return 0; ++ } ++ } ++ bn_check_top(r); ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +index 27cafb1..bf40e82 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -120,619 +120,682 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +-#define MONT_WORD /* use the faster word-based algorithm */ ++#define MONT_WORD /* use the faster word-based algorithm */ + + #if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) +-/* This condition means we have a specific non-default build: +- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any +- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required. +- * I.e., if we are here, the user intentionally deviates from the +- * normal stable build to get better Montgomery performance from +- * the 0.9.9-dev backport. +- * +- * In this case only, we also enable BN_from_montgomery_word() +- * (another non-stable feature from 0.9.9-dev). ++/* ++ * This condition means we have a specific non-default build: In the 0.9.8 ++ * branch, OPENSSL_BN_ASM_MONT is normally not set for any BN_BITS2<=32 ++ * platform; an explicit "enable-montasm" is required. I.e., if we are here, ++ * the user intentionally deviates from the normal stable build to get better ++ * Montgomery performance from the 0.9.9-dev backport. In this case only, we ++ * also enable BN_from_montgomery_word() (another non-stable feature from ++ * 0.9.9-dev). + */ +-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD ++# define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD + #endif + + #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD + static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); + #endif + +- +- + int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, +- BN_MONT_CTX *mont, BN_CTX *ctx) +- { +- BIGNUM *tmp; +- int ret=0; ++ BN_MONT_CTX *mont, BN_CTX *ctx) ++{ ++ BIGNUM *tmp; ++ int ret = 0; + #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) +- int num = mont->N.top; ++ int num = mont->N.top; + +- if (num>1 && a->top==num && b->top==num) +- { +- if (bn_wexpand(r,num) == NULL) return(0); +-#if 0 /* for OpenSSL 0.9.9 mont->n0 */ +- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num)) +-#else +- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num)) +-#endif +- { +- r->neg = a->neg^b->neg; +- r->top = num; +- bn_correct_top(r); +- return(1); +- } +- } ++ if (num > 1 && a->top == num && b->top == num) { ++ if (bn_wexpand(r, num) == NULL) ++ return (0); ++# if 0 /* for OpenSSL 0.9.9 mont->n0 */ ++ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) ++# else ++ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, &mont->n0, num)) ++# endif ++ { ++ r->neg = a->neg ^ b->neg; ++ r->top = num; ++ bn_correct_top(r); ++ return (1); ++ } ++ } + #endif + +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- if (tmp == NULL) goto err; +- +- bn_check_top(tmp); +- if (a == b) +- { +- if (!BN_sqr(tmp,a,ctx)) goto err; +- } +- else +- { +- if (!BN_mul(tmp,a,b,ctx)) goto err; +- } +- /* reduce from aRR to aR */ ++ BN_CTX_start(ctx); ++ tmp = BN_CTX_get(ctx); ++ if (tmp == NULL) ++ goto err; ++ ++ bn_check_top(tmp); ++ if (a == b) { ++ if (!BN_sqr(tmp, a, ctx)) ++ goto err; ++ } else { ++ if (!BN_mul(tmp, a, b, ctx)) ++ goto err; ++ } ++ /* reduce from aRR to aR */ + #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD +- if (!BN_from_montgomery_word(r,tmp,mont)) goto err; ++ if (!BN_from_montgomery_word(r, tmp, mont)) ++ goto err; + #else +- if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; ++ if (!BN_from_montgomery(r, tmp, mont, ctx)) ++ goto err; + #endif +- bn_check_top(r); +- ret=1; +-err: +- BN_CTX_end(ctx); +- return(ret); +- } ++ bn_check_top(r); ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return (ret); ++} + + #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD + static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +- { +- BIGNUM *n; +- BN_ULONG *ap,*np,*rp,n0,v,*nrp; +- int al,nl,max,i,x,ri; +- +- n= &(mont->N); +- /* mont->ri is the size of mont->N in bits (rounded up +- to the word size) */ +- al=ri=mont->ri/BN_BITS2; +- +- nl=n->top; +- if ((al == 0) || (nl == 0)) { ret->top=0; return(1); } +- +- max=(nl+al+1); /* allow for overflow (no?) XXX */ +- if (bn_wexpand(r,max) == NULL) return(0); +- +- r->neg^=n->neg; +- np=n->d; +- rp=r->d; +- nrp= &(r->d[nl]); +- +- /* clear the top words of T */ +- for (i=r->top; id[i]=0; +- +- r->top=max; +-#if 0 /* for OpenSSL 0.9.9 mont->n0 */ +- n0=mont->n0[0]; +-#else +- n0=mont->n0; +-#endif ++{ ++ BIGNUM *n; ++ BN_ULONG *ap, *np, *rp, n0, v, *nrp; ++ int al, nl, max, i, x, ri; ++ ++ n = &(mont->N); ++ /* ++ * mont->ri is the size of mont->N in bits (rounded up to the word size) ++ */ ++ al = ri = mont->ri / BN_BITS2; ++ ++ nl = n->top; ++ if ((al == 0) || (nl == 0)) { ++ ret->top = 0; ++ return (1); ++ } ++ ++ max = (nl + al + 1); /* allow for overflow (no?) XXX */ ++ if (bn_wexpand(r, max) == NULL) ++ return (0); ++ ++ r->neg ^= n->neg; ++ np = n->d; ++ rp = r->d; ++ nrp = &(r->d[nl]); ++ ++ /* clear the top words of T */ ++ for (i = r->top; i < max; i++) /* memset? XXX */ ++ r->d[i] = 0; ++ ++ r->top = max; ++# if 0 /* for OpenSSL 0.9.9 mont->n0 */ ++ n0 = mont->n0[0]; ++# else ++ n0 = mont->n0; ++# endif + +-#ifdef BN_COUNT +- fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl); +-#endif +- for (i=0; i= v) +- continue; +- else +- { +- if (((++nrp[0])&BN_MASK2) != 0) continue; +- if (((++nrp[1])&BN_MASK2) != 0) continue; +- for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; +- } +- } +- bn_correct_top(r); +- +- /* mont->ri will be a multiple of the word size and below code +- * is kind of BN_rshift(ret,r,mont->ri) equivalent */ +- if (r->top <= ri) +- { +- ret->top=0; +- return(1); +- } +- al=r->top-ri; +- +- if (bn_wexpand(ret,ri) == NULL) return(0); +- x=0-(((al-ri)>>(sizeof(al)*8-1))&1); +- ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ +- ret->neg=r->neg; +- +- rp=ret->d; +- ap=&(r->d[ri]); +- +- { +- size_t m1,m2; +- +- v=bn_sub_words(rp,ap,np,ri); +- /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ +- /* in other words if subtraction result is real, then +- * trick unconditional memcpy below to perform in-place +- * "refresh" instead of actual copy. */ +- m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ +- m1|=m2; /* (al!=ri) */ +- m1|=(0-(size_t)v); /* (al!=ri || v) */ +- m1&=~m2; /* (al!=ri || v) && !al>ri */ +- nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); +- } +- +- /* 'i= v) ++ continue; ++ else { ++ if (((++nrp[0]) & BN_MASK2) != 0) ++ continue; ++ if (((++nrp[1]) & BN_MASK2) != 0) ++ continue; ++ for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ; ++ } ++ } ++ bn_correct_top(r); ++ ++ /* ++ * mont->ri will be a multiple of the word size and below code is kind of ++ * BN_rshift(ret,r,mont->ri) equivalent ++ */ ++ if (r->top <= ri) { ++ ret->top = 0; ++ return (1); ++ } ++ al = r->top - ri; ++ ++ if (bn_wexpand(ret, ri) == NULL) ++ return (0); ++ x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1); ++ ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */ ++ ret->neg = r->neg; ++ ++ rp = ret->d; ++ ap = &(r->d[ri]); ++ ++ { ++ size_t m1, m2; ++ ++ v = bn_sub_words(rp, ap, np, ri); ++ /* ++ * this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ ++ /* ++ * in other words if subtraction result is real, then trick ++ * unconditional memcpy below to perform in-place "refresh" instead ++ * of actual copy. ++ */ ++ m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al> (sizeof(al) * 8 - 1)) & 1); /* al>ri */ ++ m1 |= m2; /* (al!=ri) */ ++ m1 |= (0 - (size_t)v); /* (al!=ri || v) */ ++ m1 &= ~m2; /* (al!=ri || v) && !al>ri */ ++ nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1)); ++ } ++ ++ /* ++ * 'iN); +- +- ap=a->d; +- /* mont->ri is the size of mont->N in bits (rounded up +- to the word size) */ +- al=ri=mont->ri/BN_BITS2; +- +- nl=n->top; +- if ((al == 0) || (nl == 0)) { r->top=0; return(1); } +- +- max=(nl+al+1); /* allow for overflow (no?) XXX */ +- if (bn_wexpand(r,max) == NULL) goto err; +- +- r->neg=a->neg^n->neg; +- np=n->d; +- rp=r->d; +- nrp= &(r->d[nl]); +- +- /* clear the top words of T */ +-#if 1 +- for (i=r->top; id[i]=0; +-#else +- memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); +-#endif +- +- r->top=max; +- n0=mont->n0; +- +-#ifdef BN_COUNT +- fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); +-#endif +- for (i=0; i= v) +- continue; +- else +- { +- if (((++nrp[0])&BN_MASK2) != 0) continue; +- if (((++nrp[1])&BN_MASK2) != 0) continue; +- for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; +- } +- } +- bn_correct_top(r); +- +- /* mont->ri will be a multiple of the word size and below code +- * is kind of BN_rshift(ret,r,mont->ri) equivalent */ +- if (r->top <= ri) +- { +- ret->top=0; +- retn=1; +- goto err; +- } +- al=r->top-ri; +- +-# define BRANCH_FREE 1 +-# if BRANCH_FREE +- if (bn_wexpand(ret,ri) == NULL) goto err; +- x=0-(((al-ri)>>(sizeof(al)*8-1))&1); +- ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */ +- ret->neg=r->neg; +- +- rp=ret->d; +- ap=&(r->d[ri]); +- +- { +- size_t m1,m2; +- +- v=bn_sub_words(rp,ap,np,ri); +- /* this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ +- /* in other words if subtraction result is real, then +- * trick unconditional memcpy below to perform in-place +- * "refresh" instead of actual copy. */ +- m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al>(sizeof(al)*8-1))&1); /* al>ri */ +- m1|=m2; /* (al!=ri) */ +- m1|=(0-(size_t)v); /* (al!=ri || v) */ +- m1&=~m2; /* (al!=ri || v) && !al>ri */ +- nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1)); +- } +- +- /* 'itop=al; +- ret->neg=r->neg; +- +- rp=ret->d; +- ap=&(r->d[ri]); +- al-=4; +- for (i=0; iN); ++ ++ ap = a->d; ++ /* ++ * mont->ri is the size of mont->N in bits (rounded up to the word size) ++ */ ++ al = ri = mont->ri / BN_BITS2; ++ ++ nl = n->top; ++ if ((al == 0) || (nl == 0)) { ++ r->top = 0; ++ return (1); ++ } ++ ++ max = (nl + al + 1); /* allow for overflow (no?) XXX */ ++ if (bn_wexpand(r, max) == NULL) ++ goto err; ++ ++ r->neg = a->neg ^ n->neg; ++ np = n->d; ++ rp = r->d; ++ nrp = &(r->d[nl]); ++ ++ /* clear the top words of T */ ++# if 1 ++ for (i = r->top; i < max; i++) /* memset? XXX */ ++ r->d[i] = 0; ++# else ++ memset(&(r->d[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); ++# endif ++ ++ r->top = max; ++ n0 = mont->n0; ++ ++# ifdef BN_COUNT ++ fprintf(stderr, "word BN_from_montgomery %d * %d\n", nl, nl); ++# endif ++ for (i = 0; i < nl; i++) { ++# ifdef __TANDEM ++ { ++ long long t1; ++ long long t2; ++ long long t3; ++ t1 = rp[0] * (n0 & 0177777); ++ t2 = 037777600000l; ++ t2 = n0 & t2; ++ t3 = rp[0] & 0177777; ++ t2 = (t3 * t2) & BN_MASK2; ++ t1 = t1 + t2; ++ v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); ++ } ++# else ++ v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); ++# endif ++ nrp++; ++ rp++; ++ if (((nrp[-1] += v) & BN_MASK2) >= v) ++ continue; ++ else { ++ if (((++nrp[0]) & BN_MASK2) != 0) ++ continue; ++ if (((++nrp[1]) & BN_MASK2) != 0) ++ continue; ++ for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ; ++ } ++ } ++ bn_correct_top(r); ++ ++ /* ++ * mont->ri will be a multiple of the word size and below code is kind of ++ * BN_rshift(ret,r,mont->ri) equivalent ++ */ ++ if (r->top <= ri) { ++ ret->top = 0; ++ retn = 1; ++ goto err; ++ } ++ al = r->top - ri; ++ ++# define BRANCH_FREE 1 ++# if BRANCH_FREE ++ if (bn_wexpand(ret, ri) == NULL) ++ goto err; ++ x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1); ++ ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */ ++ ret->neg = r->neg; ++ ++ rp = ret->d; ++ ap = &(r->d[ri]); ++ ++ { ++ size_t m1, m2; ++ ++ v = bn_sub_words(rp, ap, np, ri); ++ /* ++ * this ----------------^^ works even in alri) nrp=rp; else nrp=ap; */ ++ /* ++ * in other words if subtraction result is real, then trick ++ * unconditional memcpy below to perform in-place "refresh" instead ++ * of actual copy. ++ */ ++ m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al> (sizeof(al) * 8 - 1)) & 1); /* al>ri */ ++ m1 |= m2; /* (al!=ri) */ ++ m1 |= (0 - (size_t)v); /* (al!=ri || v) */ ++ m1 &= ~m2; /* (al!=ri || v) && !al>ri */ ++ nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1)); ++ } ++ ++ /* ++ * 'itop = al; ++ ret->neg = r->neg; ++ ++ rp = ret->d; ++ ap = &(r->d[ri]); ++ al -= 4; ++ for (i = 0; i < al; i += 4) { ++ BN_ULONG t1, t2, t3, t4; ++ ++ t1 = ap[i + 0]; ++ t2 = ap[i + 1]; ++ t3 = ap[i + 2]; ++ t4 = ap[i + 3]; ++ rp[i + 0] = t1; ++ rp[i + 1] = t2; ++ rp[i + 2] = t3; ++ rp[i + 3] = t4; ++ } ++ al += 4; ++ for (; i < al; i++) ++ rp[i] = ap[i]; ++# endif ++# else /* !MONT_WORD */ ++ BIGNUM *t1, *t2; ++ ++ BN_CTX_start(ctx); ++ t1 = BN_CTX_get(ctx); ++ t2 = BN_CTX_get(ctx); ++ if (t1 == NULL || t2 == NULL) ++ goto err; ++ ++ if (!BN_copy(t1, a)) ++ goto err; ++ BN_mask_bits(t1, mont->ri); ++ ++ if (!BN_mul(t2, t1, &mont->Ni, ctx)) ++ goto err; ++ BN_mask_bits(t2, mont->ri); ++ ++ if (!BN_mul(t1, t2, &mont->N, ctx)) ++ goto err; ++ if (!BN_add(t2, a, t1)) ++ goto err; ++ if (!BN_rshift(ret, t2, mont->ri)) ++ goto err; ++# endif /* MONT_WORD */ ++ ++# if !defined(BRANCH_FREE) || BRANCH_FREE==0 ++ if (BN_ucmp(ret, &(mont->N)) >= 0) { ++ if (!BN_usub(ret, ret, &(mont->N))) ++ goto err; ++ } + # endif +-#else /* !MONT_WORD */ +- BIGNUM *t1,*t2; +- +- BN_CTX_start(ctx); +- t1 = BN_CTX_get(ctx); +- t2 = BN_CTX_get(ctx); +- if (t1 == NULL || t2 == NULL) goto err; +- +- if (!BN_copy(t1,a)) goto err; +- BN_mask_bits(t1,mont->ri); +- +- if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; +- BN_mask_bits(t2,mont->ri); +- +- if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; +- if (!BN_add(t2,a,t1)) goto err; +- if (!BN_rshift(ret,t2,mont->ri)) goto err; +-#endif /* MONT_WORD */ +- +-#if !defined(BRANCH_FREE) || BRANCH_FREE==0 +- if (BN_ucmp(ret, &(mont->N)) >= 0) +- { +- if (!BN_usub(ret,ret,&(mont->N))) goto err; +- } +-#endif +- retn=1; +- bn_check_top(ret); ++ retn = 1; ++ bn_check_top(ret); + err: +- BN_CTX_end(ctx); +- return(retn); +- } +-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ ++ BN_CTX_end(ctx); ++ return (retn); ++} ++#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */ + + BN_MONT_CTX *BN_MONT_CTX_new(void) +- { +- BN_MONT_CTX *ret; ++{ ++ BN_MONT_CTX *ret; + +- if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) +- return(NULL); ++ if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) ++ return (NULL); + +- BN_MONT_CTX_init(ret); +- ret->flags=BN_FLG_MALLOCED; +- return(ret); +- } ++ BN_MONT_CTX_init(ret); ++ ret->flags = BN_FLG_MALLOCED; ++ return (ret); ++} + + void BN_MONT_CTX_init(BN_MONT_CTX *ctx) +- { +- ctx->ri=0; +- BN_init(&(ctx->RR)); +- BN_init(&(ctx->N)); +- BN_init(&(ctx->Ni)); +-#if 0 /* for OpenSSL 0.9.9 mont->n0 */ +- ctx->n0[0] = ctx->n0[1] = 0; ++{ ++ ctx->ri = 0; ++ BN_init(&(ctx->RR)); ++ BN_init(&(ctx->N)); ++ BN_init(&(ctx->Ni)); ++#if 0 /* for OpenSSL 0.9.9 mont->n0 */ ++ ctx->n0[0] = ctx->n0[1] = 0; + #else +- ctx->n0 = 0; ++ ctx->n0 = 0; + #endif +- ctx->flags=0; +- } ++ ctx->flags = 0; ++} + + void BN_MONT_CTX_free(BN_MONT_CTX *mont) +- { +- if(mont == NULL) +- return; ++{ ++ if (mont == NULL) ++ return; + +- BN_free(&(mont->RR)); +- BN_free(&(mont->N)); +- BN_free(&(mont->Ni)); +- if (mont->flags & BN_FLG_MALLOCED) +- OPENSSL_free(mont); +- } ++ BN_free(&(mont->RR)); ++ BN_free(&(mont->N)); ++ BN_free(&(mont->Ni)); ++ if (mont->flags & BN_FLG_MALLOCED) ++ OPENSSL_free(mont); ++} + + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) +- { +- int ret = 0; +- BIGNUM *Ri,*R; +- +- BN_CTX_start(ctx); +- if((Ri = BN_CTX_get(ctx)) == NULL) goto err; +- R= &(mont->RR); /* grab RR as a temp */ +- if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */ +- mont->N.neg = 0; ++{ ++ int ret = 0; ++ BIGNUM *Ri, *R; ++ ++ BN_CTX_start(ctx); ++ if ((Ri = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ R = &(mont->RR); /* grab RR as a temp */ ++ if (!BN_copy(&(mont->N), mod)) ++ goto err; /* Set N */ ++ mont->N.neg = 0; + + #ifdef MONT_WORD +- { +- BIGNUM tmod; +- BN_ULONG buf[2]; +- +- mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; +- BN_zero(R); +-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)", +- only certain BN_BITS2<=32 platforms actually need this */ +- if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */ +-#else +- if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ +-#endif ++ { ++ BIGNUM tmod; ++ BN_ULONG buf[2]; ++ ++ mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; ++ BN_zero(R); ++# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if ++ * defined(OPENSSL_BN_ASM_MONT) && ++ * (BN_BITS2<=32)", only certain BN_BITS2<=32 ++ * platforms actually need this */ ++ if (!(BN_set_bit(R, 2 * BN_BITS2))) ++ goto err; /* R */ ++# else ++ if (!(BN_set_bit(R, BN_BITS2))) ++ goto err; /* R */ ++# endif + +- buf[0]=mod->d[0]; /* tmod = N mod word size */ +- buf[1]=0; +- +- BN_init(&tmod); +- tmod.d=buf; +- tmod.top = buf[0] != 0 ? 1 : 0; +- tmod.dmax=2; +- tmod.neg=0; +- +-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)"; +- only certain BN_BITS2<=32 platforms actually need this */ +- tmod.top=0; +- if ((buf[0] = mod->d[0])) tmod.top=1; +- if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2; +- +- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) +- goto err; +- if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */ +- if (!BN_is_zero(Ri)) +- { +- if (!BN_sub_word(Ri,1)) goto err; +- } +- else /* if N mod word size == 1 */ +- { +- if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL) +- goto err; +- /* Ri-- (mod double word size) */ +- Ri->neg=0; +- Ri->d[0]=BN_MASK2; +- Ri->d[1]=BN_MASK2; +- Ri->top=2; +- } +- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; +- /* Ni = (R*Ri-1)/N, +- * keep only couple of least significant words: */ +- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; +- mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; +-#else +- /* Ri = R^-1 mod N*/ +- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL) +- goto err; +- if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */ +- if (!BN_is_zero(Ri)) +- { +- if (!BN_sub_word(Ri,1)) goto err; +- } +- else /* if N mod word size == 1 */ +- { +- if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ +- } +- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err; +- /* Ni = (R*Ri-1)/N, +- * keep only least significant word: */ +-# if 0 /* for OpenSSL 0.9.9 mont->n0 */ +- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; +- mont->n0[1] = 0; ++ buf[0] = mod->d[0]; /* tmod = N mod word size */ ++ buf[1] = 0; ++ ++ BN_init(&tmod); ++ tmod.d = buf; ++ tmod.top = buf[0] != 0 ? 1 : 0; ++ tmod.dmax = 2; ++ tmod.neg = 0; ++ ++# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if ++ * defined(OPENSSL_BN_ASM_MONT) && ++ * (BN_BITS2<=32)"; only certain BN_BITS2<=32 ++ * platforms actually need this */ ++ tmod.top = 0; ++ if ((buf[0] = mod->d[0])) ++ tmod.top = 1; ++ if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) ++ tmod.top = 2; ++ ++ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) ++ goto err; ++ if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) ++ goto err; /* R*Ri */ ++ if (!BN_is_zero(Ri)) { ++ if (!BN_sub_word(Ri, 1)) ++ goto err; ++ } else { /* if N mod word size == 1 */ ++ ++ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) ++ goto err; ++ /* Ri-- (mod double word size) */ ++ Ri->neg = 0; ++ Ri->d[0] = BN_MASK2; ++ Ri->d[1] = BN_MASK2; ++ Ri->top = 2; ++ } ++ if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) ++ goto err; ++ /* ++ * Ni = (R*Ri-1)/N, keep only couple of least significant words: ++ */ ++ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; ++ mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; + # else +- mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; ++ /* Ri = R^-1 mod N */ ++ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) ++ goto err; ++ if (!BN_lshift(Ri, Ri, BN_BITS2)) ++ goto err; /* R*Ri */ ++ if (!BN_is_zero(Ri)) { ++ if (!BN_sub_word(Ri, 1)) ++ goto err; ++ } else { /* if N mod word size == 1 */ ++ ++ if (!BN_set_word(Ri, BN_MASK2)) ++ goto err; /* Ri-- (mod word size) */ ++ } ++ if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) ++ goto err; ++ /* ++ * Ni = (R*Ri-1)/N, keep only least significant word: ++ */ ++# if 0 /* for OpenSSL 0.9.9 mont->n0 */ ++ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; ++ mont->n0[1] = 0; ++# else ++ mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0; ++# endif + # endif +-#endif +- } +-#else /* !MONT_WORD */ +- { /* bignum version */ +- mont->ri=BN_num_bits(&mont->N); +- BN_zero(R); +- if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ +- /* Ri = R^-1 mod N*/ +- if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL) +- goto err; +- if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */ +- if (!BN_sub_word(Ri,1)) goto err; +- /* Ni = (R*Ri-1) / N */ +- if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err; +- } ++ } ++#else /* !MONT_WORD */ ++ { /* bignum version */ ++ mont->ri = BN_num_bits(&mont->N); ++ BN_zero(R); ++ if (!BN_set_bit(R, mont->ri)) ++ goto err; /* R = 2^ri */ ++ /* Ri = R^-1 mod N */ ++ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL) ++ goto err; ++ if (!BN_lshift(Ri, Ri, mont->ri)) ++ goto err; /* R*Ri */ ++ if (!BN_sub_word(Ri, 1)) ++ goto err; ++ /* ++ * Ni = (R*Ri-1) / N ++ */ ++ if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx)) ++ goto err; ++ } + #endif + +- /* setup RR for conversions */ +- BN_zero(&(mont->RR)); +- if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; +- if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; ++ /* setup RR for conversions */ ++ BN_zero(&(mont->RR)); ++ if (!BN_set_bit(&(mont->RR), mont->ri * 2)) ++ goto err; ++ if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) ++ goto err; + +- ret = 1; +-err: +- BN_CTX_end(ctx); +- return ret; +- } ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return ret; ++} + + BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) +- { +- if (to == from) return(to); +- +- if (!BN_copy(&(to->RR),&(from->RR))) return NULL; +- if (!BN_copy(&(to->N),&(from->N))) return NULL; +- if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; +- to->ri=from->ri; +-#if 0 /* for OpenSSL 0.9.9 mont->n0 */ +- to->n0[0]=from->n0[0]; +- to->n0[1]=from->n0[1]; ++{ ++ if (to == from) ++ return (to); ++ ++ if (!BN_copy(&(to->RR), &(from->RR))) ++ return NULL; ++ if (!BN_copy(&(to->N), &(from->N))) ++ return NULL; ++ if (!BN_copy(&(to->Ni), &(from->Ni))) ++ return NULL; ++ to->ri = from->ri; ++#if 0 /* for OpenSSL 0.9.9 mont->n0 */ ++ to->n0[0] = from->n0[0]; ++ to->n0[1] = from->n0[1]; + #else +- to->n0=from->n0; ++ to->n0 = from->n0; + #endif +- return(to); +- } ++ return (to); ++} + + BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, +- const BIGNUM *mod, BN_CTX *ctx) +- { +- BN_MONT_CTX *ret; +- +- CRYPTO_r_lock(lock); +- ret = *pmont; +- CRYPTO_r_unlock(lock); +- if (ret) +- return ret; +- +- /* We don't want to serialise globally while doing our lazy-init math in +- * BN_MONT_CTX_set. That punishes threads that are doing independent +- * things. Instead, punish the case where more than one thread tries to +- * lazy-init the same 'pmont', by having each do the lazy-init math work +- * independently and only use the one from the thread that wins the race +- * (the losers throw away the work they've done). */ +- ret = BN_MONT_CTX_new(); +- if (!ret) +- return NULL; +- if (!BN_MONT_CTX_set(ret, mod, ctx)) +- { +- BN_MONT_CTX_free(ret); +- return NULL; +- } +- +- /* The locked compare-and-set, after the local work is done. */ +- CRYPTO_w_lock(lock); +- if (*pmont) +- { +- BN_MONT_CTX_free(ret); +- ret = *pmont; +- } +- else +- *pmont = ret; +- CRYPTO_w_unlock(lock); +- return ret; +- } ++ const BIGNUM *mod, BN_CTX *ctx) ++{ ++ BN_MONT_CTX *ret; ++ ++ CRYPTO_r_lock(lock); ++ ret = *pmont; ++ CRYPTO_r_unlock(lock); ++ if (ret) ++ return ret; ++ ++ /* ++ * We don't want to serialise globally while doing our lazy-init math in ++ * BN_MONT_CTX_set. That punishes threads that are doing independent ++ * things. Instead, punish the case where more than one thread tries to ++ * lazy-init the same 'pmont', by having each do the lazy-init math work ++ * independently and only use the one from the thread that wins the race ++ * (the losers throw away the work they've done). ++ */ ++ ret = BN_MONT_CTX_new(); ++ if (!ret) ++ return NULL; ++ if (!BN_MONT_CTX_set(ret, mod, ctx)) { ++ BN_MONT_CTX_free(ret); ++ return NULL; ++ } ++ ++ /* The locked compare-and-set, after the local work is done. */ ++ CRYPTO_w_lock(lock); ++ if (*pmont) { ++ BN_MONT_CTX_free(ret); ++ ret = *pmont; ++ } else ++ *pmont = ret; ++ CRYPTO_w_unlock(lock); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +index a054d21..3bd40bb 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,70 +61,68 @@ + #include "bn_lcl.h" + + int BN_bn2mpi(const BIGNUM *a, unsigned char *d) +- { +- int bits; +- int num=0; +- int ext=0; +- long l; ++{ ++ int bits; ++ int num = 0; ++ int ext = 0; ++ long l; + +- bits=BN_num_bits(a); +- num=(bits+7)/8; +- if (bits > 0) +- { +- ext=((bits & 0x07) == 0); +- } +- if (d == NULL) +- return(num+4+ext); ++ bits = BN_num_bits(a); ++ num = (bits + 7) / 8; ++ if (bits > 0) { ++ ext = ((bits & 0x07) == 0); ++ } ++ if (d == NULL) ++ return (num + 4 + ext); + +- l=num+ext; +- d[0]=(unsigned char)(l>>24)&0xff; +- d[1]=(unsigned char)(l>>16)&0xff; +- d[2]=(unsigned char)(l>> 8)&0xff; +- d[3]=(unsigned char)(l )&0xff; +- if (ext) d[4]=0; +- num=BN_bn2bin(a,&(d[4+ext])); +- if (a->neg) +- d[4]|=0x80; +- return(num+4+ext); +- } ++ l = num + ext; ++ d[0] = (unsigned char)(l >> 24) & 0xff; ++ d[1] = (unsigned char)(l >> 16) & 0xff; ++ d[2] = (unsigned char)(l >> 8) & 0xff; ++ d[3] = (unsigned char)(l) & 0xff; ++ if (ext) ++ d[4] = 0; ++ num = BN_bn2bin(a, &(d[4 + ext])); ++ if (a->neg) ++ d[4] |= 0x80; ++ return (num + 4 + ext); ++} + + BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) +- { +- long len; +- int neg=0; +- +- if (n < 4) +- { +- BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); +- return(NULL); +- } +- len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3]; +- if ((len+4) != n) +- { +- BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); +- return(NULL); +- } ++{ ++ long len; ++ int neg = 0; + +- if (a == NULL) a=BN_new(); +- if (a == NULL) return(NULL); ++ if (n < 4) { ++ BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); ++ return (NULL); ++ } ++ len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) ++ d[3]; ++ if ((len + 4) != n) { ++ BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); ++ return (NULL); ++ } + +- if (len == 0) +- { +- a->neg=0; +- a->top=0; +- return(a); +- } +- d+=4; +- if ((*d) & 0x80) +- neg=1; +- if (BN_bin2bn(d,(int)len,a) == NULL) +- return(NULL); +- a->neg=neg; +- if (neg) +- { +- BN_clear_bit(a,BN_num_bits(a)-1); +- } +- bn_check_top(a); +- return(a); +- } ++ if (a == NULL) ++ a = BN_new(); ++ if (a == NULL) ++ return (NULL); + ++ if (len == 0) { ++ a->neg = 0; ++ a->top = 0; ++ return (a); ++ } ++ d += 4; ++ if ((*d) & 0x80) ++ neg = 1; ++ if (BN_bin2bn(d, (int)len, a) == NULL) ++ return (NULL); ++ a->neg = neg; ++ if (neg) { ++ BN_clear_bit(a, BN_num_bits(a) - 1); ++ } ++ bn_check_top(a); ++ return (a); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +index 12e5be8..b174850 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,7 +57,7 @@ + */ + + #ifndef BN_DEBUG +-# undef NDEBUG /* avoid conflicting definitions */ ++# undef NDEBUG /* avoid conflicting definitions */ + # define NDEBUG + #endif + +@@ -67,319 +67,353 @@ + #include "bn_lcl.h" + + #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) +-/* Here follows specialised variants of bn_add_words() and +- bn_sub_words(). They have the property performing operations on +- arrays of different sizes. The sizes of those arrays is expressed through +- cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, +- which is the delta between the two lengths, calculated as len(a)-len(b). +- All lengths are the number of BN_ULONGs... For the operations that require +- a result array as parameter, it must have the length cl+abs(dl). +- These functions should probably end up in bn_asm.c as soon as there are +- assembler counterparts for the systems that use assembler files. */ ++/* ++ * Here follows specialised variants of bn_add_words() and bn_sub_words(). ++ * They have the property performing operations on arrays of different sizes. ++ * The sizes of those arrays is expressed through cl, which is the common ++ * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta ++ * between the two lengths, calculated as len(a)-len(b). All lengths are the ++ * number of BN_ULONGs... For the operations that require a result array as ++ * parameter, it must have the length cl+abs(dl). These functions should ++ * probably end up in bn_asm.c as soon as there are assembler counterparts ++ * for the systems that use assembler files. ++ */ + + BN_ULONG bn_sub_part_words(BN_ULONG *r, +- const BN_ULONG *a, const BN_ULONG *b, +- int cl, int dl) +- { +- BN_ULONG c, t; ++ const BN_ULONG *a, const BN_ULONG *b, ++ int cl, int dl) ++{ ++ BN_ULONG c, t; + +- assert(cl >= 0); +- c = bn_sub_words(r, a, b, cl); ++ assert(cl >= 0); ++ c = bn_sub_words(r, a, b, cl); + +- if (dl == 0) +- return c; ++ if (dl == 0) ++ return c; + +- r += cl; +- a += cl; +- b += cl; ++ r += cl; ++ a += cl; ++ b += cl; + +- if (dl < 0) +- { +-#ifdef BN_COUNT +- fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); +-#endif +- for (;;) +- { +- t = b[0]; +- r[0] = (0-t-c)&BN_MASK2; +- if (t != 0) c=1; +- if (++dl >= 0) break; +- +- t = b[1]; +- r[1] = (0-t-c)&BN_MASK2; +- if (t != 0) c=1; +- if (++dl >= 0) break; +- +- t = b[2]; +- r[2] = (0-t-c)&BN_MASK2; +- if (t != 0) c=1; +- if (++dl >= 0) break; +- +- t = b[3]; +- r[3] = (0-t-c)&BN_MASK2; +- if (t != 0) c=1; +- if (++dl >= 0) break; +- +- b += 4; +- r += 4; +- } +- } +- else +- { +- int save_dl = dl; +-#ifdef BN_COUNT +- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); +-#endif +- while(c) +- { +- t = a[0]; +- r[0] = (t-c)&BN_MASK2; +- if (t != 0) c=0; +- if (--dl <= 0) break; +- +- t = a[1]; +- r[1] = (t-c)&BN_MASK2; +- if (t != 0) c=0; +- if (--dl <= 0) break; +- +- t = a[2]; +- r[2] = (t-c)&BN_MASK2; +- if (t != 0) c=0; +- if (--dl <= 0) break; +- +- t = a[3]; +- r[3] = (t-c)&BN_MASK2; +- if (t != 0) c=0; +- if (--dl <= 0) break; +- +- save_dl = dl; +- a += 4; +- r += 4; +- } +- if (dl > 0) +- { +-#ifdef BN_COUNT +- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); +-#endif +- if (save_dl > dl) +- { +- switch (save_dl - dl) +- { +- case 1: +- r[1] = a[1]; +- if (--dl <= 0) break; +- case 2: +- r[2] = a[2]; +- if (--dl <= 0) break; +- case 3: +- r[3] = a[3]; +- if (--dl <= 0) break; +- } +- a += 4; +- r += 4; +- } +- } +- if (dl > 0) +- { +-#ifdef BN_COUNT +- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); +-#endif +- for(;;) +- { +- r[0] = a[0]; +- if (--dl <= 0) break; +- r[1] = a[1]; +- if (--dl <= 0) break; +- r[2] = a[2]; +- if (--dl <= 0) break; +- r[3] = a[3]; +- if (--dl <= 0) break; +- +- a += 4; +- r += 4; +- } +- } +- } +- return c; +- } ++ if (dl < 0) { ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, ++ dl, c); ++# endif ++ for (;;) { ++ t = b[0]; ++ r[0] = (0 - t - c) & BN_MASK2; ++ if (t != 0) ++ c = 1; ++ if (++dl >= 0) ++ break; ++ ++ t = b[1]; ++ r[1] = (0 - t - c) & BN_MASK2; ++ if (t != 0) ++ c = 1; ++ if (++dl >= 0) ++ break; ++ ++ t = b[2]; ++ r[2] = (0 - t - c) & BN_MASK2; ++ if (t != 0) ++ c = 1; ++ if (++dl >= 0) ++ break; ++ ++ t = b[3]; ++ r[3] = (0 - t - c) & BN_MASK2; ++ if (t != 0) ++ c = 1; ++ if (++dl >= 0) ++ break; ++ ++ b += 4; ++ r += 4; ++ } ++ } else { ++ int save_dl = dl; ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, ++ dl, c); ++# endif ++ while (c) { ++ t = a[0]; ++ r[0] = (t - c) & BN_MASK2; ++ if (t != 0) ++ c = 0; ++ if (--dl <= 0) ++ break; ++ ++ t = a[1]; ++ r[1] = (t - c) & BN_MASK2; ++ if (t != 0) ++ c = 0; ++ if (--dl <= 0) ++ break; ++ ++ t = a[2]; ++ r[2] = (t - c) & BN_MASK2; ++ if (t != 0) ++ c = 0; ++ if (--dl <= 0) ++ break; ++ ++ t = a[3]; ++ r[3] = (t - c) & BN_MASK2; ++ if (t != 0) ++ c = 0; ++ if (--dl <= 0) ++ break; ++ ++ save_dl = dl; ++ a += 4; ++ r += 4; ++ } ++ if (dl > 0) { ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", ++ cl, dl); ++# endif ++ if (save_dl > dl) { ++ switch (save_dl - dl) { ++ case 1: ++ r[1] = a[1]; ++ if (--dl <= 0) ++ break; ++ case 2: ++ r[2] = a[2]; ++ if (--dl <= 0) ++ break; ++ case 3: ++ r[3] = a[3]; ++ if (--dl <= 0) ++ break; ++ } ++ a += 4; ++ r += 4; ++ } ++ } ++ if (dl > 0) { ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", ++ cl, dl); ++# endif ++ for (;;) { ++ r[0] = a[0]; ++ if (--dl <= 0) ++ break; ++ r[1] = a[1]; ++ if (--dl <= 0) ++ break; ++ r[2] = a[2]; ++ if (--dl <= 0) ++ break; ++ r[3] = a[3]; ++ if (--dl <= 0) ++ break; ++ ++ a += 4; ++ r += 4; ++ } ++ } ++ } ++ return c; ++} + #endif + + BN_ULONG bn_add_part_words(BN_ULONG *r, +- const BN_ULONG *a, const BN_ULONG *b, +- int cl, int dl) +- { +- BN_ULONG c, l, t; ++ const BN_ULONG *a, const BN_ULONG *b, ++ int cl, int dl) ++{ ++ BN_ULONG c, l, t; + +- assert(cl >= 0); +- c = bn_add_words(r, a, b, cl); ++ assert(cl >= 0); ++ c = bn_add_words(r, a, b, cl); + +- if (dl == 0) +- return c; ++ if (dl == 0) ++ return c; + +- r += cl; +- a += cl; +- b += cl; ++ r += cl; ++ a += cl; ++ b += cl; + +- if (dl < 0) +- { +- int save_dl = dl; ++ if (dl < 0) { ++ int save_dl = dl; + #ifdef BN_COUNT +- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); ++ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, ++ dl, c); + #endif +- while (c) +- { +- l=(c+b[0])&BN_MASK2; +- c=(l < c); +- r[0]=l; +- if (++dl >= 0) break; +- +- l=(c+b[1])&BN_MASK2; +- c=(l < c); +- r[1]=l; +- if (++dl >= 0) break; +- +- l=(c+b[2])&BN_MASK2; +- c=(l < c); +- r[2]=l; +- if (++dl >= 0) break; +- +- l=(c+b[3])&BN_MASK2; +- c=(l < c); +- r[3]=l; +- if (++dl >= 0) break; +- +- save_dl = dl; +- b+=4; +- r+=4; +- } +- if (dl < 0) +- { ++ while (c) { ++ l = (c + b[0]) & BN_MASK2; ++ c = (l < c); ++ r[0] = l; ++ if (++dl >= 0) ++ break; ++ ++ l = (c + b[1]) & BN_MASK2; ++ c = (l < c); ++ r[1] = l; ++ if (++dl >= 0) ++ break; ++ ++ l = (c + b[2]) & BN_MASK2; ++ c = (l < c); ++ r[2] = l; ++ if (++dl >= 0) ++ break; ++ ++ l = (c + b[3]) & BN_MASK2; ++ c = (l < c); ++ r[3] = l; ++ if (++dl >= 0) ++ break; ++ ++ save_dl = dl; ++ b += 4; ++ r += 4; ++ } ++ if (dl < 0) { + #ifdef BN_COUNT +- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); ++ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", ++ cl, dl); + #endif +- if (save_dl < dl) +- { +- switch (dl - save_dl) +- { +- case 1: +- r[1] = b[1]; +- if (++dl >= 0) break; +- case 2: +- r[2] = b[2]; +- if (++dl >= 0) break; +- case 3: +- r[3] = b[3]; +- if (++dl >= 0) break; +- } +- b += 4; +- r += 4; +- } +- } +- if (dl < 0) +- { ++ if (save_dl < dl) { ++ switch (dl - save_dl) { ++ case 1: ++ r[1] = b[1]; ++ if (++dl >= 0) ++ break; ++ case 2: ++ r[2] = b[2]; ++ if (++dl >= 0) ++ break; ++ case 3: ++ r[3] = b[3]; ++ if (++dl >= 0) ++ break; ++ } ++ b += 4; ++ r += 4; ++ } ++ } ++ if (dl < 0) { + #ifdef BN_COUNT +- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); ++ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", ++ cl, dl); + #endif +- for(;;) +- { +- r[0] = b[0]; +- if (++dl >= 0) break; +- r[1] = b[1]; +- if (++dl >= 0) break; +- r[2] = b[2]; +- if (++dl >= 0) break; +- r[3] = b[3]; +- if (++dl >= 0) break; +- +- b += 4; +- r += 4; +- } +- } +- } +- else +- { +- int save_dl = dl; ++ for (;;) { ++ r[0] = b[0]; ++ if (++dl >= 0) ++ break; ++ r[1] = b[1]; ++ if (++dl >= 0) ++ break; ++ r[2] = b[2]; ++ if (++dl >= 0) ++ break; ++ r[3] = b[3]; ++ if (++dl >= 0) ++ break; ++ ++ b += 4; ++ r += 4; ++ } ++ } ++ } else { ++ int save_dl = dl; + #ifdef BN_COUNT +- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); ++ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); + #endif +- while (c) +- { +- t=(a[0]+c)&BN_MASK2; +- c=(t < c); +- r[0]=t; +- if (--dl <= 0) break; +- +- t=(a[1]+c)&BN_MASK2; +- c=(t < c); +- r[1]=t; +- if (--dl <= 0) break; +- +- t=(a[2]+c)&BN_MASK2; +- c=(t < c); +- r[2]=t; +- if (--dl <= 0) break; +- +- t=(a[3]+c)&BN_MASK2; +- c=(t < c); +- r[3]=t; +- if (--dl <= 0) break; +- +- save_dl = dl; +- a+=4; +- r+=4; +- } ++ while (c) { ++ t = (a[0] + c) & BN_MASK2; ++ c = (t < c); ++ r[0] = t; ++ if (--dl <= 0) ++ break; ++ ++ t = (a[1] + c) & BN_MASK2; ++ c = (t < c); ++ r[1] = t; ++ if (--dl <= 0) ++ break; ++ ++ t = (a[2] + c) & BN_MASK2; ++ c = (t < c); ++ r[2] = t; ++ if (--dl <= 0) ++ break; ++ ++ t = (a[3] + c) & BN_MASK2; ++ c = (t < c); ++ r[3] = t; ++ if (--dl <= 0) ++ break; ++ ++ save_dl = dl; ++ a += 4; ++ r += 4; ++ } + #ifdef BN_COUNT +- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); ++ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, ++ dl); + #endif +- if (dl > 0) +- { +- if (save_dl > dl) +- { +- switch (save_dl - dl) +- { +- case 1: +- r[1] = a[1]; +- if (--dl <= 0) break; +- case 2: +- r[2] = a[2]; +- if (--dl <= 0) break; +- case 3: +- r[3] = a[3]; +- if (--dl <= 0) break; +- } +- a += 4; +- r += 4; +- } +- } +- if (dl > 0) +- { ++ if (dl > 0) { ++ if (save_dl > dl) { ++ switch (save_dl - dl) { ++ case 1: ++ r[1] = a[1]; ++ if (--dl <= 0) ++ break; ++ case 2: ++ r[2] = a[2]; ++ if (--dl <= 0) ++ break; ++ case 3: ++ r[3] = a[3]; ++ if (--dl <= 0) ++ break; ++ } ++ a += 4; ++ r += 4; ++ } ++ } ++ if (dl > 0) { + #ifdef BN_COUNT +- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); ++ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", ++ cl, dl); + #endif +- for(;;) +- { +- r[0] = a[0]; +- if (--dl <= 0) break; +- r[1] = a[1]; +- if (--dl <= 0) break; +- r[2] = a[2]; +- if (--dl <= 0) break; +- r[3] = a[3]; +- if (--dl <= 0) break; +- +- a += 4; +- r += 4; +- } +- } +- } +- return c; +- } ++ for (;;) { ++ r[0] = a[0]; ++ if (--dl <= 0) ++ break; ++ r[1] = a[1]; ++ if (--dl <= 0) ++ break; ++ r[2] = a[2]; ++ if (--dl <= 0) ++ break; ++ r[3] = a[3]; ++ if (--dl <= 0) ++ break; ++ ++ a += 4; ++ r += 4; ++ } ++ } ++ } ++ return c; ++} + + #ifdef BN_RECURSION +-/* Karatsuba recursive multiplication algorithm +- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ ++/* ++ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of ++ * Computer Programming, Vol. 2) ++ */ + +-/* r is 2*n2 words in size, ++/*- ++ * r is 2*n2 words in size, + * a and b are both n2 words in size. + * n2 must be a power of 2. + * We multiply and return the result. +@@ -391,776 +425,740 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + */ + /* dnX may not be positive, but n2/2+dnX has to be */ + void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, +- int dna, int dnb, BN_ULONG *t) +- { +- int n=n2/2,c1,c2; +- int tna=n+dna, tnb=n+dnb; +- unsigned int neg,zero; +- BN_ULONG ln,lo,*p; ++ int dna, int dnb, BN_ULONG *t) ++{ ++ int n = n2 / 2, c1, c2; ++ int tna = n + dna, tnb = n + dnb; ++ unsigned int neg, zero; ++ BN_ULONG ln, lo, *p; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); ++ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); + # endif + # ifdef BN_MUL_COMBA + # if 0 +- if (n2 == 4) +- { +- bn_mul_comba4(r,a,b); +- return; +- } ++ if (n2 == 4) { ++ bn_mul_comba4(r, a, b); ++ return; ++ } + # endif +- /* Only call bn_mul_comba 8 if n2 == 8 and the +- * two arrays are complete [steve] +- */ +- if (n2 == 8 && dna == 0 && dnb == 0) +- { +- bn_mul_comba8(r,a,b); +- return; +- } +-# endif /* BN_MUL_COMBA */ +- /* Else do normal multiply */ +- if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) +- { +- bn_mul_normal(r,a,n2+dna,b,n2+dnb); +- if ((dna + dnb) < 0) +- memset(&r[2*n2 + dna + dnb], 0, +- sizeof(BN_ULONG) * -(dna + dnb)); +- return; +- } +- /* r=(a[0]-a[1])*(b[1]-b[0]) */ +- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); +- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); +- zero=neg=0; +- switch (c1*3+c2) +- { +- case -4: +- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ +- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ +- break; +- case -3: +- zero=1; +- break; +- case -2: +- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ +- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ +- neg=1; +- break; +- case -1: +- case 0: +- case 1: +- zero=1; +- break; +- case 2: +- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ +- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ +- neg=1; +- break; +- case 3: +- zero=1; +- break; +- case 4: +- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); +- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); +- break; +- } ++ /* ++ * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete ++ * [steve] ++ */ ++ if (n2 == 8 && dna == 0 && dnb == 0) { ++ bn_mul_comba8(r, a, b); ++ return; ++ } ++# endif /* BN_MUL_COMBA */ ++ /* Else do normal multiply */ ++ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { ++ bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); ++ if ((dna + dnb) < 0) ++ memset(&r[2 * n2 + dna + dnb], 0, ++ sizeof(BN_ULONG) * -(dna + dnb)); ++ return; ++ } ++ /* r=(a[0]-a[1])*(b[1]-b[0]) */ ++ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); ++ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); ++ zero = neg = 0; ++ switch (c1 * 3 + c2) { ++ case -4: ++ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ ++ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ ++ break; ++ case -3: ++ zero = 1; ++ break; ++ case -2: ++ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ ++ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ ++ neg = 1; ++ break; ++ case -1: ++ case 0: ++ case 1: ++ zero = 1; ++ break; ++ case 2: ++ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ ++ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ ++ neg = 1; ++ break; ++ case 3: ++ zero = 1; ++ break; ++ case 4: ++ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); ++ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); ++ break; ++ } + + # ifdef BN_MUL_COMBA +- if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take +- extra args to do this well */ +- { +- if (!zero) +- bn_mul_comba4(&(t[n2]),t,&(t[n])); +- else +- memset(&(t[n2]),0,8*sizeof(BN_ULONG)); +- +- bn_mul_comba4(r,a,b); +- bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); +- } +- else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could +- take extra args to do this +- well */ +- { +- if (!zero) +- bn_mul_comba8(&(t[n2]),t,&(t[n])); +- else +- memset(&(t[n2]),0,16*sizeof(BN_ULONG)); +- +- bn_mul_comba8(r,a,b); +- bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); +- } +- else +-# endif /* BN_MUL_COMBA */ +- { +- p= &(t[n2*2]); +- if (!zero) +- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); +- else +- memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); +- bn_mul_recursive(r,a,b,n,0,0,p); +- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); +- } +- +- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign +- * r[10] holds (a[0]*b[0]) +- * r[32] holds (b[1]*b[1]) +- */ +- +- c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); +- +- if (neg) /* if t[32] is negative */ +- { +- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); +- } +- else +- { +- /* Might have a carry */ +- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); +- } +- +- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) +- * r[10] holds (a[0]*b[0]) +- * r[32] holds (b[1]*b[1]) +- * c1 holds the carry bits +- */ +- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); +- if (c1) +- { +- p= &(r[n+n2]); +- lo= *p; +- ln=(lo+c1)&BN_MASK2; +- *p=ln; +- +- /* The overflow will stop before we over write +- * words we should not overwrite */ +- if (ln < (BN_ULONG)c1) +- { +- do { +- p++; +- lo= *p; +- ln=(lo+1)&BN_MASK2; +- *p=ln; +- } while (ln == 0); +- } +- } +- } +- +-/* n+tn is the word length +- * t needs to be n*4 is size, as does r */ ++ if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take ++ * extra args to do this well */ ++ if (!zero) ++ bn_mul_comba4(&(t[n2]), t, &(t[n])); ++ else ++ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); ++ ++ bn_mul_comba4(r, a, b); ++ bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); ++ } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could ++ * take extra args to do ++ * this well */ ++ if (!zero) ++ bn_mul_comba8(&(t[n2]), t, &(t[n])); ++ else ++ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); ++ ++ bn_mul_comba8(r, a, b); ++ bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); ++ } else ++# endif /* BN_MUL_COMBA */ ++ { ++ p = &(t[n2 * 2]); ++ if (!zero) ++ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); ++ else ++ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); ++ bn_mul_recursive(r, a, b, n, 0, 0, p); ++ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); ++ } ++ ++ /*- ++ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign ++ * r[10] holds (a[0]*b[0]) ++ * r[32] holds (b[1]*b[1]) ++ */ ++ ++ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); ++ ++ if (neg) { /* if t[32] is negative */ ++ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); ++ } else { ++ /* Might have a carry */ ++ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); ++ } ++ ++ /*- ++ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) ++ * r[10] holds (a[0]*b[0]) ++ * r[32] holds (b[1]*b[1]) ++ * c1 holds the carry bits ++ */ ++ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); ++ if (c1) { ++ p = &(r[n + n2]); ++ lo = *p; ++ ln = (lo + c1) & BN_MASK2; ++ *p = ln; ++ ++ /* ++ * The overflow will stop before we over write words we should not ++ * overwrite ++ */ ++ if (ln < (BN_ULONG)c1) { ++ do { ++ p++; ++ lo = *p; ++ ln = (lo + 1) & BN_MASK2; ++ *p = ln; ++ } while (ln == 0); ++ } ++ } ++} ++ ++/* ++ * n+tn is the word length t needs to be n*4 is size, as does r ++ */ + /* tnX may not be negative but less than n */ + void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, +- int tna, int tnb, BN_ULONG *t) +- { +- int i,j,n2=n*2; +- int c1,c2,neg; +- BN_ULONG ln,lo,*p; ++ int tna, int tnb, BN_ULONG *t) ++{ ++ int i, j, n2 = n * 2; ++ int c1, c2, neg; ++ BN_ULONG ln, lo, *p; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", +- n, tna, n, tnb); ++ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", ++ n, tna, n, tnb); + # endif +- if (n < 8) +- { +- bn_mul_normal(r,a,n+tna,b,n+tnb); +- return; +- } +- +- /* r=(a[0]-a[1])*(b[1]-b[0]) */ +- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); +- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); +- neg=0; +- switch (c1*3+c2) +- { +- case -4: +- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ +- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ +- break; +- case -3: +- /* break; */ +- case -2: +- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ +- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ +- neg=1; +- break; +- case -1: +- case 0: +- case 1: +- /* break; */ +- case 2: +- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ +- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ +- neg=1; +- break; +- case 3: +- /* break; */ +- case 4: +- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); +- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); +- break; +- } +- /* The zero case isn't yet implemented here. The speedup +- would probably be negligible. */ ++ if (n < 8) { ++ bn_mul_normal(r, a, n + tna, b, n + tnb); ++ return; ++ } ++ ++ /* r=(a[0]-a[1])*(b[1]-b[0]) */ ++ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); ++ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); ++ neg = 0; ++ switch (c1 * 3 + c2) { ++ case -4: ++ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ ++ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ ++ break; ++ case -3: ++ /* break; */ ++ case -2: ++ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ ++ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ ++ neg = 1; ++ break; ++ case -1: ++ case 0: ++ case 1: ++ /* break; */ ++ case 2: ++ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ ++ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ ++ neg = 1; ++ break; ++ case 3: ++ /* break; */ ++ case 4: ++ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); ++ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); ++ break; ++ } ++ /* ++ * The zero case isn't yet implemented here. The speedup would probably ++ * be negligible. ++ */ + # if 0 +- if (n == 4) +- { +- bn_mul_comba4(&(t[n2]),t,&(t[n])); +- bn_mul_comba4(r,a,b); +- bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); +- memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); +- } +- else ++ if (n == 4) { ++ bn_mul_comba4(&(t[n2]), t, &(t[n])); ++ bn_mul_comba4(r, a, b); ++ bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); ++ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); ++ } else + # endif +- if (n == 8) +- { +- bn_mul_comba8(&(t[n2]),t,&(t[n])); +- bn_mul_comba8(r,a,b); +- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); +- memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); +- } +- else +- { +- p= &(t[n2*2]); +- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); +- bn_mul_recursive(r,a,b,n,0,0,p); +- i=n/2; +- /* If there is only a bottom half to the number, +- * just do it */ +- if (tna > tnb) +- j = tna - i; +- else +- j = tnb - i; +- if (j == 0) +- { +- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), +- i,tna-i,tnb-i,p); +- memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); +- } +- else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ +- { +- bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), +- i,tna-i,tnb-i,p); +- memset(&(r[n2+tna+tnb]),0, +- sizeof(BN_ULONG)*(n2-tna-tnb)); +- } +- else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ +- { +- memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); +- if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL +- && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) +- { +- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); +- } +- else +- { +- for (;;) +- { +- i/=2; +- /* these simplified conditions work +- * exclusively because difference +- * between tna and tnb is 1 or 0 */ +- if (i < tna || i < tnb) +- { +- bn_mul_part_recursive(&(r[n2]), +- &(a[n]),&(b[n]), +- i,tna-i,tnb-i,p); +- break; +- } +- else if (i == tna || i == tnb) +- { +- bn_mul_recursive(&(r[n2]), +- &(a[n]),&(b[n]), +- i,tna-i,tnb-i,p); +- break; +- } +- } +- } +- } +- } +- +- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign +- * r[10] holds (a[0]*b[0]) +- * r[32] holds (b[1]*b[1]) +- */ +- +- c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); +- +- if (neg) /* if t[32] is negative */ +- { +- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); +- } +- else +- { +- /* Might have a carry */ +- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); +- } +- +- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) +- * r[10] holds (a[0]*b[0]) +- * r[32] holds (b[1]*b[1]) +- * c1 holds the carry bits +- */ +- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); +- if (c1) +- { +- p= &(r[n+n2]); +- lo= *p; +- ln=(lo+c1)&BN_MASK2; +- *p=ln; +- +- /* The overflow will stop before we over write +- * words we should not overwrite */ +- if (ln < (BN_ULONG)c1) +- { +- do { +- p++; +- lo= *p; +- ln=(lo+1)&BN_MASK2; +- *p=ln; +- } while (ln == 0); +- } +- } +- } +- +-/* a and b must be the same size, which is n2. ++ if (n == 8) { ++ bn_mul_comba8(&(t[n2]), t, &(t[n])); ++ bn_mul_comba8(r, a, b); ++ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); ++ memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); ++ } else { ++ p = &(t[n2 * 2]); ++ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); ++ bn_mul_recursive(r, a, b, n, 0, 0, p); ++ i = n / 2; ++ /* ++ * If there is only a bottom half to the number, just do it ++ */ ++ if (tna > tnb) ++ j = tna - i; ++ else ++ j = tnb - i; ++ if (j == 0) { ++ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), ++ i, tna - i, tnb - i, p); ++ memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); ++ } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ ++ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), ++ i, tna - i, tnb - i, p); ++ memset(&(r[n2 + tna + tnb]), 0, ++ sizeof(BN_ULONG) * (n2 - tna - tnb)); ++ } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ ++ ++ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); ++ if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL ++ && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { ++ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); ++ } else { ++ for (;;) { ++ i /= 2; ++ /* ++ * these simplified conditions work exclusively because ++ * difference between tna and tnb is 1 or 0 ++ */ ++ if (i < tna || i < tnb) { ++ bn_mul_part_recursive(&(r[n2]), ++ &(a[n]), &(b[n]), ++ i, tna - i, tnb - i, p); ++ break; ++ } else if (i == tna || i == tnb) { ++ bn_mul_recursive(&(r[n2]), ++ &(a[n]), &(b[n]), ++ i, tna - i, tnb - i, p); ++ break; ++ } ++ } ++ } ++ } ++ } ++ ++ /*- ++ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign ++ * r[10] holds (a[0]*b[0]) ++ * r[32] holds (b[1]*b[1]) ++ */ ++ ++ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); ++ ++ if (neg) { /* if t[32] is negative */ ++ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); ++ } else { ++ /* Might have a carry */ ++ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); ++ } ++ ++ /*- ++ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) ++ * r[10] holds (a[0]*b[0]) ++ * r[32] holds (b[1]*b[1]) ++ * c1 holds the carry bits ++ */ ++ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); ++ if (c1) { ++ p = &(r[n + n2]); ++ lo = *p; ++ ln = (lo + c1) & BN_MASK2; ++ *p = ln; ++ ++ /* ++ * The overflow will stop before we over write words we should not ++ * overwrite ++ */ ++ if (ln < (BN_ULONG)c1) { ++ do { ++ p++; ++ lo = *p; ++ ln = (lo + 1) & BN_MASK2; ++ *p = ln; ++ } while (ln == 0); ++ } ++ } ++} ++ ++/*- ++ * a and b must be the same size, which is n2. + * r needs to be n2 words and t needs to be n2*2 + */ + void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, +- BN_ULONG *t) +- { +- int n=n2/2; ++ BN_ULONG *t) ++{ ++ int n = n2 / 2; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); ++ fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); + # endif + +- bn_mul_recursive(r,a,b,n,0,0,&(t[0])); +- if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) +- { +- bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); +- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); +- bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2])); +- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); +- } +- else +- { +- bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n); +- bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n); +- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); +- bn_add_words(&(r[n]),&(r[n]),&(t[n]),n); +- } +- } +- +-/* a and b must be the same size, which is n2. ++ bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); ++ if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { ++ bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); ++ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); ++ bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2])); ++ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); ++ } else { ++ bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n); ++ bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n); ++ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); ++ bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); ++ } ++} ++ ++/*- ++ * a and b must be the same size, which is n2. + * r needs to be n2 words and t needs to be n2*2 + * l is the low words of the output. + * t needs to be n2*3 + */ + void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, +- BN_ULONG *t) +- { +- int i,n; +- int c1,c2; +- int neg,oneg,zero; +- BN_ULONG ll,lc,*lp,*mp; ++ BN_ULONG *t) ++{ ++ int i, n; ++ int c1, c2; ++ int neg, oneg, zero; ++ BN_ULONG ll, lc, *lp, *mp; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); ++ fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); + # endif +- n=n2/2; +- +- /* Calculate (al-ah)*(bh-bl) */ +- neg=zero=0; +- c1=bn_cmp_words(&(a[0]),&(a[n]),n); +- c2=bn_cmp_words(&(b[n]),&(b[0]),n); +- switch (c1*3+c2) +- { +- case -4: +- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); +- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); +- break; +- case -3: +- zero=1; +- break; +- case -2: +- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); +- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); +- neg=1; +- break; +- case -1: +- case 0: +- case 1: +- zero=1; +- break; +- case 2: +- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); +- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); +- neg=1; +- break; +- case 3: +- zero=1; +- break; +- case 4: +- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); +- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); +- break; +- } +- +- oneg=neg; +- /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ +- /* r[10] = (a[1]*b[1]) */ ++ n = n2 / 2; ++ ++ /* Calculate (al-ah)*(bh-bl) */ ++ neg = zero = 0; ++ c1 = bn_cmp_words(&(a[0]), &(a[n]), n); ++ c2 = bn_cmp_words(&(b[n]), &(b[0]), n); ++ switch (c1 * 3 + c2) { ++ case -4: ++ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); ++ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); ++ break; ++ case -3: ++ zero = 1; ++ break; ++ case -2: ++ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); ++ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); ++ neg = 1; ++ break; ++ case -1: ++ case 0: ++ case 1: ++ zero = 1; ++ break; ++ case 2: ++ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); ++ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); ++ neg = 1; ++ break; ++ case 3: ++ zero = 1; ++ break; ++ case 4: ++ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); ++ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); ++ break; ++ } ++ ++ oneg = neg; ++ /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ ++ /* r[10] = (a[1]*b[1]) */ + # ifdef BN_MUL_COMBA +- if (n == 8) +- { +- bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); +- bn_mul_comba8(r,&(a[n]),&(b[n])); +- } +- else ++ if (n == 8) { ++ bn_mul_comba8(&(t[0]), &(r[0]), &(r[n])); ++ bn_mul_comba8(r, &(a[n]), &(b[n])); ++ } else + # endif +- { +- bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); +- bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); +- } +- +- /* s0 == low(al*bl) +- * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) +- * We know s0 and s1 so the only unknown is high(al*bl) +- * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) +- * high(al*bl) == s1 - (r[0]+l[0]+t[0]) +- */ +- if (l != NULL) +- { +- lp= &(t[n2+n]); +- c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n)); +- } +- else +- { +- c1=0; +- lp= &(r[0]); +- } +- +- if (neg) +- neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n)); +- else +- { +- bn_add_words(&(t[n2]),lp,&(t[0]),n); +- neg=0; +- } +- +- if (l != NULL) +- { +- bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n); +- } +- else +- { +- lp= &(t[n2+n]); +- mp= &(t[n2]); +- for (i=0; i 0) +- { +- lc=c1; +- do { +- ll=(r[i]+lc)&BN_MASK2; +- r[i++]=ll; +- lc=(lc > ll); +- } while (lc); +- } +- else +- { +- lc= -c1; +- do { +- ll=r[i]; +- r[i++]=(ll-lc)&BN_MASK2; +- lc=(lc > ll); +- } while (lc); +- } +- } +- if (c2 != 0) /* Add starting at r[1] */ +- { +- i=n; +- if (c2 > 0) +- { +- lc=c2; +- do { +- ll=(r[i]+lc)&BN_MASK2; +- r[i++]=ll; +- lc=(lc > ll); +- } while (lc); +- } +- else +- { +- lc= -c2; +- do { +- ll=r[i]; +- r[i++]=(ll-lc)&BN_MASK2; +- lc=(lc > ll); +- } while (lc); +- } +- } +- } +-#endif /* BN_RECURSION */ ++ { ++ bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2])); ++ bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2])); ++ } ++ ++ /*- ++ * s0 == low(al*bl) ++ * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) ++ * We know s0 and s1 so the only unknown is high(al*bl) ++ * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) ++ * high(al*bl) == s1 - (r[0]+l[0]+t[0]) ++ */ ++ if (l != NULL) { ++ lp = &(t[n2 + n]); ++ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); ++ } else { ++ c1 = 0; ++ lp = &(r[0]); ++ } ++ ++ if (neg) ++ neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n)); ++ else { ++ bn_add_words(&(t[n2]), lp, &(t[0]), n); ++ neg = 0; ++ } ++ ++ if (l != NULL) { ++ bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n); ++ } else { ++ lp = &(t[n2 + n]); ++ mp = &(t[n2]); ++ for (i = 0; i < n; i++) ++ lp[i] = ((~mp[i]) + 1) & BN_MASK2; ++ } ++ ++ /*- ++ * s[0] = low(al*bl) ++ * t[3] = high(al*bl) ++ * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign ++ * r[10] = (a[1]*b[1]) ++ */ ++ /*- ++ * R[10] = al*bl ++ * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) ++ * R[32] = ah*bh ++ */ ++ /*- ++ * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) ++ * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) ++ * R[3]=r[1]+(carry/borrow) ++ */ ++ if (l != NULL) { ++ lp = &(t[n2]); ++ c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n)); ++ } else { ++ lp = &(t[n2 + n]); ++ c1 = 0; ++ } ++ c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n)); ++ if (oneg) ++ c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n)); ++ else ++ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n)); ++ ++ c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n)); ++ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n)); ++ if (oneg) ++ c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n)); ++ else ++ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n)); ++ ++ if (c1 != 0) { /* Add starting at r[0], could be +ve or -ve */ ++ i = 0; ++ if (c1 > 0) { ++ lc = c1; ++ do { ++ ll = (r[i] + lc) & BN_MASK2; ++ r[i++] = ll; ++ lc = (lc > ll); ++ } while (lc); ++ } else { ++ lc = -c1; ++ do { ++ ll = r[i]; ++ r[i++] = (ll - lc) & BN_MASK2; ++ lc = (lc > ll); ++ } while (lc); ++ } ++ } ++ if (c2 != 0) { /* Add starting at r[1] */ ++ i = n; ++ if (c2 > 0) { ++ lc = c2; ++ do { ++ ll = (r[i] + lc) & BN_MASK2; ++ r[i++] = ll; ++ lc = (lc > ll); ++ } while (lc); ++ } else { ++ lc = -c2; ++ do { ++ ll = r[i]; ++ r[i++] = (ll - lc) & BN_MASK2; ++ lc = (lc > ll); ++ } while (lc); ++ } ++ } ++} ++#endif /* BN_RECURSION */ + + int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- int ret=0; +- int top,al,bl; +- BIGNUM *rr; ++{ ++ int ret = 0; ++ int top, al, bl; ++ BIGNUM *rr; + #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) +- int i; ++ int i; + #endif + #ifdef BN_RECURSION +- BIGNUM *t=NULL; +- int j=0,k; ++ BIGNUM *t = NULL; ++ int j = 0, k; + #endif + + #ifdef BN_COUNT +- fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); ++ fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); + #endif + +- bn_check_top(a); +- bn_check_top(b); +- bn_check_top(r); +- +- al=a->top; +- bl=b->top; +- +- if ((al == 0) || (bl == 0)) +- { +- BN_zero(r); +- return(1); +- } +- top=al+bl; +- +- BN_CTX_start(ctx); +- if ((r == a) || (r == b)) +- { +- if ((rr = BN_CTX_get(ctx)) == NULL) goto err; +- } +- else +- rr = r; +- rr->neg=a->neg^b->neg; ++ bn_check_top(a); ++ bn_check_top(b); ++ bn_check_top(r); ++ ++ al = a->top; ++ bl = b->top; ++ ++ if ((al == 0) || (bl == 0)) { ++ BN_zero(r); ++ return (1); ++ } ++ top = al + bl; ++ ++ BN_CTX_start(ctx); ++ if ((r == a) || (r == b)) { ++ if ((rr = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ } else ++ rr = r; ++ rr->neg = a->neg ^ b->neg; + + #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) +- i = al-bl; ++ i = al - bl; + #endif + #ifdef BN_MUL_COMBA +- if (i == 0) +- { ++ if (i == 0) { + # if 0 +- if (al == 4) +- { +- if (bn_wexpand(rr,8) == NULL) goto err; +- rr->top=8; +- bn_mul_comba4(rr->d,a->d,b->d); +- goto end; +- } ++ if (al == 4) { ++ if (bn_wexpand(rr, 8) == NULL) ++ goto err; ++ rr->top = 8; ++ bn_mul_comba4(rr->d, a->d, b->d); ++ goto end; ++ } + # endif +- if (al == 8) +- { +- if (bn_wexpand(rr,16) == NULL) goto err; +- rr->top=16; +- bn_mul_comba8(rr->d,a->d,b->d); +- goto end; +- } +- } +-#endif /* BN_MUL_COMBA */ ++ if (al == 8) { ++ if (bn_wexpand(rr, 16) == NULL) ++ goto err; ++ rr->top = 16; ++ bn_mul_comba8(rr->d, a->d, b->d); ++ goto end; ++ } ++ } ++#endif /* BN_MUL_COMBA */ + #ifdef BN_RECURSION +- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) +- { +- if (i >= -1 && i <= 1) +- { +- /* Find out the power of two lower or equal +- to the longest of the two numbers */ +- if (i >= 0) +- { +- j = BN_num_bits_word((BN_ULONG)al); +- } +- if (i == -1) +- { +- j = BN_num_bits_word((BN_ULONG)bl); +- } +- j = 1<<(j-1); +- assert(j <= al || j <= bl); +- k = j+j; +- t = BN_CTX_get(ctx); +- if (t == NULL) +- goto err; +- if (al > j || bl > j) +- { +- if (bn_wexpand(t,k*4) == NULL) goto err; +- if (bn_wexpand(rr,k*4) == NULL) goto err; +- bn_mul_part_recursive(rr->d,a->d,b->d, +- j,al-j,bl-j,t->d); +- } +- else /* al <= j || bl <= j */ +- { +- if (bn_wexpand(t,k*2) == NULL) goto err; +- if (bn_wexpand(rr,k*2) == NULL) goto err; +- bn_mul_recursive(rr->d,a->d,b->d, +- j,al-j,bl-j,t->d); +- } +- rr->top=top; +- goto end; +- } +-#if 0 +- if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) +- { +- BIGNUM *tmp_bn = (BIGNUM *)b; +- if (bn_wexpand(tmp_bn,al) == NULL) goto err; +- tmp_bn->d[bl]=0; +- bl++; +- i--; +- } +- else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) +- { +- BIGNUM *tmp_bn = (BIGNUM *)a; +- if (bn_wexpand(tmp_bn,bl) == NULL) goto err; +- tmp_bn->d[al]=0; +- al++; +- i++; +- } +- if (i == 0) +- { +- /* symmetric and > 4 */ +- /* 16 or larger */ +- j=BN_num_bits_word((BN_ULONG)al); +- j=1<<(j-1); +- k=j+j; +- t = BN_CTX_get(ctx); +- if (al == j) /* exact multiple */ +- { +- if (bn_wexpand(t,k*2) == NULL) goto err; +- if (bn_wexpand(rr,k*2) == NULL) goto err; +- bn_mul_recursive(rr->d,a->d,b->d,al,t->d); +- } +- else +- { +- if (bn_wexpand(t,k*4) == NULL) goto err; +- if (bn_wexpand(rr,k*4) == NULL) goto err; +- bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); +- } +- rr->top=top; +- goto end; +- } +-#endif +- } +-#endif /* BN_RECURSION */ +- if (bn_wexpand(rr,top) == NULL) goto err; +- rr->top=top; +- bn_mul_normal(rr->d,a->d,al,b->d,bl); ++ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { ++ if (i >= -1 && i <= 1) { ++ /* ++ * Find out the power of two lower or equal to the longest of the ++ * two numbers ++ */ ++ if (i >= 0) { ++ j = BN_num_bits_word((BN_ULONG)al); ++ } ++ if (i == -1) { ++ j = BN_num_bits_word((BN_ULONG)bl); ++ } ++ j = 1 << (j - 1); ++ assert(j <= al || j <= bl); ++ k = j + j; ++ t = BN_CTX_get(ctx); ++ if (t == NULL) ++ goto err; ++ if (al > j || bl > j) { ++ if (bn_wexpand(t, k * 4) == NULL) ++ goto err; ++ if (bn_wexpand(rr, k * 4) == NULL) ++ goto err; ++ bn_mul_part_recursive(rr->d, a->d, b->d, ++ j, al - j, bl - j, t->d); ++ } else { /* al <= j || bl <= j */ ++ ++ if (bn_wexpand(t, k * 2) == NULL) ++ goto err; ++ if (bn_wexpand(rr, k * 2) == NULL) ++ goto err; ++ bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); ++ } ++ rr->top = top; ++ goto end; ++ } ++# if 0 ++ if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { ++ BIGNUM *tmp_bn = (BIGNUM *)b; ++ if (bn_wexpand(tmp_bn, al) == NULL) ++ goto err; ++ tmp_bn->d[bl] = 0; ++ bl++; ++ i--; ++ } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { ++ BIGNUM *tmp_bn = (BIGNUM *)a; ++ if (bn_wexpand(tmp_bn, bl) == NULL) ++ goto err; ++ tmp_bn->d[al] = 0; ++ al++; ++ i++; ++ } ++ if (i == 0) { ++ /* symmetric and > 4 */ ++ /* 16 or larger */ ++ j = BN_num_bits_word((BN_ULONG)al); ++ j = 1 << (j - 1); ++ k = j + j; ++ t = BN_CTX_get(ctx); ++ if (al == j) { /* exact multiple */ ++ if (bn_wexpand(t, k * 2) == NULL) ++ goto err; ++ if (bn_wexpand(rr, k * 2) == NULL) ++ goto err; ++ bn_mul_recursive(rr->d, a->d, b->d, al, t->d); ++ } else { ++ if (bn_wexpand(t, k * 4) == NULL) ++ goto err; ++ if (bn_wexpand(rr, k * 4) == NULL) ++ goto err; ++ bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d); ++ } ++ rr->top = top; ++ goto end; ++ } ++# endif ++ } ++#endif /* BN_RECURSION */ ++ if (bn_wexpand(rr, top) == NULL) ++ goto err; ++ rr->top = top; ++ bn_mul_normal(rr->d, a->d, al, b->d, bl); + + #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) +-end: ++ end: + #endif +- bn_correct_top(rr); +- if (r != rr) BN_copy(r,rr); +- ret=1; +-err: +- bn_check_top(r); +- BN_CTX_end(ctx); +- return(ret); +- } ++ bn_correct_top(rr); ++ if (r != rr) ++ BN_copy(r, rr); ++ ret = 1; ++ err: ++ bn_check_top(r); ++ BN_CTX_end(ctx); ++ return (ret); ++} + + void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) +- { +- BN_ULONG *rr; ++{ ++ BN_ULONG *rr; + + #ifdef BN_COUNT +- fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); ++ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); + #endif + +- if (na < nb) +- { +- int itmp; +- BN_ULONG *ltmp; +- +- itmp=na; na=nb; nb=itmp; +- ltmp=a; a=b; b=ltmp; +- +- } +- rr= &(r[na]); +- if (nb <= 0) +- { +- (void)bn_mul_words(r,a,na,0); +- return; +- } +- else +- rr[0]=bn_mul_words(r,a,na,b[0]); +- +- for (;;) +- { +- if (--nb <= 0) return; +- rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); +- if (--nb <= 0) return; +- rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); +- if (--nb <= 0) return; +- rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); +- if (--nb <= 0) return; +- rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); +- rr+=4; +- r+=4; +- b+=4; +- } +- } ++ if (na < nb) { ++ int itmp; ++ BN_ULONG *ltmp; ++ ++ itmp = na; ++ na = nb; ++ nb = itmp; ++ ltmp = a; ++ a = b; ++ b = ltmp; ++ ++ } ++ rr = &(r[na]); ++ if (nb <= 0) { ++ (void)bn_mul_words(r, a, na, 0); ++ return; ++ } else ++ rr[0] = bn_mul_words(r, a, na, b[0]); ++ ++ for (;;) { ++ if (--nb <= 0) ++ return; ++ rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]); ++ if (--nb <= 0) ++ return; ++ rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]); ++ if (--nb <= 0) ++ return; ++ rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]); ++ if (--nb <= 0) ++ return; ++ rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]); ++ rr += 4; ++ r += 4; ++ b += 4; ++ } ++} + + void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +- { ++{ + #ifdef BN_COUNT +- fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); ++ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); + #endif +- bn_mul_words(r,a,n,b[0]); +- +- for (;;) +- { +- if (--n <= 0) return; +- bn_mul_add_words(&(r[1]),a,n,b[1]); +- if (--n <= 0) return; +- bn_mul_add_words(&(r[2]),a,n,b[2]); +- if (--n <= 0) return; +- bn_mul_add_words(&(r[3]),a,n,b[3]); +- if (--n <= 0) return; +- bn_mul_add_words(&(r[4]),a,n,b[4]); +- r+=4; +- b+=4; +- } +- } ++ bn_mul_words(r, a, n, b[0]); ++ ++ for (;;) { ++ if (--n <= 0) ++ return; ++ bn_mul_add_words(&(r[1]), a, n, b[1]); ++ if (--n <= 0) ++ return; ++ bn_mul_add_words(&(r[2]), a, n, b[2]); ++ if (--n <= 0) ++ return; ++ bn_mul_add_words(&(r[3]), a, n, b[3]); ++ if (--n <= 0) ++ return; ++ bn_mul_add_words(&(r[4]), a, n, b[4]); ++ r += 4; ++ b += 4; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +index 2ca5b01..66b2eb6 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -59,778 +59,817 @@ + #include "bn_lcl.h" + #include "cryptlib.h" + +- +-#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 +-#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 +-#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 +-#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 +-#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 ++#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 ++#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 ++#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 ++#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 ++#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 + + /* pre-computed tables are "carry-less" values of modulus*(i+1) */ + #if BN_BITS2 == 64 + static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { +- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL}, +- {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL}, +- {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL} +- }; ++ {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL}, ++ {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL}, ++ {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL} ++}; ++ + static const BN_ULONG _nist_p_192_sqr[] = { +- 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL, +- 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL +- }; ++ 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL, ++ 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL ++}; ++ + static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { +- {0x0000000000000001ULL,0xFFFFFFFF00000000ULL, +- 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}, +- {0x0000000000000002ULL,0xFFFFFFFE00000000ULL, +- 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */ +- }; ++ {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL}, ++ {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is ++ * "carry-full" */ ++}; ++ + static const BN_ULONG _nist_p_224_sqr[] = { +- 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, +- 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL, +- 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL, +- 0xFFFFFFFFFFFFFFFFULL +- }; ++ 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL, ++ 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL, ++ 0xFFFFFFFFFFFFFFFFULL ++}; ++ + static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { +- {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL, +- 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}, +- {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL, +- 0x0000000000000000ULL,0xFFFFFFFE00000002ULL}, +- {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL, +- 0x0000000000000000ULL,0xFFFFFFFD00000003ULL}, +- {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL, +- 0x0000000000000000ULL,0xFFFFFFFC00000004ULL}, +- {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL, +- 0x0000000000000000ULL,0xFFFFFFFB00000005ULL}, +- }; ++ {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, ++ 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL}, ++ {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, ++ 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL}, ++ {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, ++ 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL}, ++ {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, ++ 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL}, ++ {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, ++ 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL}, ++}; ++ + static const BN_ULONG _nist_p_256_sqr[] = { +- 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, +- 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL, +- 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL, +- 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL +- }; ++ 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL, ++ 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL, ++ 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL ++}; ++ + static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { +- {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, +- {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, +- {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, +- {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, +- {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, +- }; ++ {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, ++ {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, ++ {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, ++ {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, ++ {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, ++}; ++ + static const BN_ULONG _nist_p_384_sqr[] = { +- 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL, +- 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL, +- 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL +- }; ++ 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL, ++ 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL, ++ 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL ++}; ++ + static const BN_ULONG _nist_p_521[] = +- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, +- 0x00000000000001FFULL}; ++ { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, ++ 0x00000000000001FFULL ++}; ++ + static const BN_ULONG _nist_p_521_sqr[] = { +- 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL, +- 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL, +- 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, +- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, +- 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL +- }; ++ 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, ++ 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, ++ 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, ++ 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL ++}; + #elif BN_BITS2 == 32 + static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { +- {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} +- }; ++ {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} ++}; ++ + static const BN_ULONG _nist_p_192_sqr[] = { +- 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000, +- 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF +- }; ++ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000, ++ 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF ++}; ++ + static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { +- {0x00000001,0x00000000,0x00000000,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0x00000002,0x00000000,0x00000000,0xFFFFFFFE, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} +- }; ++ {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} ++}; ++ + static const BN_ULONG _nist_p_224_sqr[] = { +- 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, +- 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002, +- 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF +- }; ++ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002, ++ 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF ++}; ++ + static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { +- {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000, +- 0x00000000,0x00000000,0x00000001,0xFFFFFFFF}, +- {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001, +- 0x00000000,0x00000000,0x00000002,0xFFFFFFFE}, +- {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002, +- 0x00000000,0x00000000,0x00000003,0xFFFFFFFD}, +- {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003, +- 0x00000000,0x00000000,0x00000004,0xFFFFFFFC}, +- {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004, +- 0x00000000,0x00000000,0x00000005,0xFFFFFFFB}, +- }; ++ {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, ++ 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}, ++ {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, ++ 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE}, ++ {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, ++ 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD}, ++ {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, ++ 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC}, ++ {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, ++ 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB}, ++}; ++ + static const BN_ULONG _nist_p_256_sqr[] = { +- 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001, +- 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001, +- 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE +- }; ++ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, ++ 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, ++ 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE ++}; ++ + static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { +- {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, +- }; ++ {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++ {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, ++}; ++ + static const BN_ULONG _nist_p_384_sqr[] = { +- 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE, +- 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000, +- 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF +- }; +-static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, +- 0xFFFFFFFF,0x000001FF}; ++ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE, ++ 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, ++ 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF ++}; ++ ++static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0x000001FF ++}; ++ + static const BN_ULONG _nist_p_521_sqr[] = { +- 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, +- 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, +- 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, +- 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF +- }; ++ 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, ++ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, ++ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, ++ 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF ++}; + #else +-#error "unsupported BN_BITS2" ++# error "unsupported BN_BITS2" + #endif + +- +-static const BIGNUM _bignum_nist_p_192 = +- { +- (BN_ULONG *)_nist_p_192[0], +- BN_NIST_192_TOP, +- BN_NIST_192_TOP, +- 0, +- BN_FLG_STATIC_DATA +- }; +- +-static const BIGNUM _bignum_nist_p_224 = +- { +- (BN_ULONG *)_nist_p_224[0], +- BN_NIST_224_TOP, +- BN_NIST_224_TOP, +- 0, +- BN_FLG_STATIC_DATA +- }; +- +-static const BIGNUM _bignum_nist_p_256 = +- { +- (BN_ULONG *)_nist_p_256[0], +- BN_NIST_256_TOP, +- BN_NIST_256_TOP, +- 0, +- BN_FLG_STATIC_DATA +- }; +- +-static const BIGNUM _bignum_nist_p_384 = +- { +- (BN_ULONG *)_nist_p_384[0], +- BN_NIST_384_TOP, +- BN_NIST_384_TOP, +- 0, +- BN_FLG_STATIC_DATA +- }; +- +-static const BIGNUM _bignum_nist_p_521 = +- { +- (BN_ULONG *)_nist_p_521, +- BN_NIST_521_TOP, +- BN_NIST_521_TOP, +- 0, +- BN_FLG_STATIC_DATA +- }; +- ++static const BIGNUM _bignum_nist_p_192 = { ++ (BN_ULONG *)_nist_p_192[0], ++ BN_NIST_192_TOP, ++ BN_NIST_192_TOP, ++ 0, ++ BN_FLG_STATIC_DATA ++}; ++ ++static const BIGNUM _bignum_nist_p_224 = { ++ (BN_ULONG *)_nist_p_224[0], ++ BN_NIST_224_TOP, ++ BN_NIST_224_TOP, ++ 0, ++ BN_FLG_STATIC_DATA ++}; ++ ++static const BIGNUM _bignum_nist_p_256 = { ++ (BN_ULONG *)_nist_p_256[0], ++ BN_NIST_256_TOP, ++ BN_NIST_256_TOP, ++ 0, ++ BN_FLG_STATIC_DATA ++}; ++ ++static const BIGNUM _bignum_nist_p_384 = { ++ (BN_ULONG *)_nist_p_384[0], ++ BN_NIST_384_TOP, ++ BN_NIST_384_TOP, ++ 0, ++ BN_FLG_STATIC_DATA ++}; ++ ++static const BIGNUM _bignum_nist_p_521 = { ++ (BN_ULONG *)_nist_p_521, ++ BN_NIST_521_TOP, ++ BN_NIST_521_TOP, ++ 0, ++ BN_FLG_STATIC_DATA ++}; + + const BIGNUM *BN_get0_nist_prime_192(void) +- { +- return &_bignum_nist_p_192; +- } ++{ ++ return &_bignum_nist_p_192; ++} + + const BIGNUM *BN_get0_nist_prime_224(void) +- { +- return &_bignum_nist_p_224; +- } ++{ ++ return &_bignum_nist_p_224; ++} + + const BIGNUM *BN_get0_nist_prime_256(void) +- { +- return &_bignum_nist_p_256; +- } ++{ ++ return &_bignum_nist_p_256; ++} + + const BIGNUM *BN_get0_nist_prime_384(void) +- { +- return &_bignum_nist_p_384; +- } ++{ ++ return &_bignum_nist_p_384; ++} + + const BIGNUM *BN_get0_nist_prime_521(void) +- { +- return &_bignum_nist_p_521; +- } +- ++{ ++ return &_bignum_nist_p_521; ++} + + static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) +- { +- int i; +- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); ++{ ++ int i; ++ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); + + #ifdef BN_DEBUG +- OPENSSL_assert(top <= max); ++ OPENSSL_assert(top <= max); + #endif +- for (i = (top); i != 0; i--) +- *_tmp1++ = *_tmp2++; +- for (i = (max) - (top); i != 0; i--) +- *_tmp1++ = (BN_ULONG) 0; +- } ++ for (i = (top); i != 0; i--) ++ *_tmp1++ = *_tmp2++; ++ for (i = (max) - (top); i != 0; i--) ++ *_tmp1++ = (BN_ULONG)0; ++} + + static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) +- { +- int i; +- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); +- for (i = (top); i != 0; i--) +- *_tmp1++ = *_tmp2++; +- } ++{ ++ int i; ++ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); ++ for (i = (top); i != 0; i--) ++ *_tmp1++ = *_tmp2++; ++} + + #if BN_BITS2 == 64 +-#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; +-#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; ++# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; ++# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; + /* + * two following macros are implemented under assumption that they + * are called in a sequence with *ascending* n, i.e. as they are... + */ +-#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ +- :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) +-#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); +-#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) ++# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ ++ :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) ++# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); ++# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) + #else +-#define bn_cp_64(to, n, from, m) \ +- { \ +- bn_cp_32(to, (n)*2, from, (m)*2); \ +- bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ +- } +-#define bn_64_set_0(to, n) \ +- { \ +- bn_32_set_0(to, (n)*2); \ +- bn_32_set_0(to, (n)*2+1); \ +- } +-#if BN_BITS2 == 32 +-#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; +-#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +-#endif +-#endif /* BN_BITS2 != 64 */ +- ++# define bn_cp_64(to, n, from, m) \ ++ { \ ++ bn_cp_32(to, (n)*2, from, (m)*2); \ ++ bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ ++ } ++# define bn_64_set_0(to, n) \ ++ { \ ++ bn_32_set_0(to, (n)*2); \ ++ bn_32_set_0(to, (n)*2+1); \ ++ } ++# if BN_BITS2 == 32 ++# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; ++# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; ++# endif ++#endif /* BN_BITS2 != 64 */ + + #define nist_set_192(to, from, a1, a2, a3) \ +- { \ +- bn_cp_64(to, 0, from, (a3) - 3) \ +- bn_cp_64(to, 1, from, (a2) - 3) \ +- bn_cp_64(to, 2, from, (a1) - 3) \ +- } ++ { \ ++ bn_cp_64(to, 0, from, (a3) - 3) \ ++ bn_cp_64(to, 1, from, (a2) - 3) \ ++ bn_cp_64(to, 2, from, (a1) - 3) \ ++ } + + int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, +- BN_CTX *ctx) +- { +- int top = a->top, i; +- int carry; +- register BN_ULONG *r_d, *a_d = a->d; +- BN_ULONG t_d[BN_NIST_192_TOP], +- buf[BN_NIST_192_TOP], +- c_d[BN_NIST_192_TOP], +- *res; +- size_t mask; +- static const BIGNUM _bignum_nist_p_192_sqr = { +- (BN_ULONG *)_nist_p_192_sqr, +- sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), +- sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), +- 0,BN_FLG_STATIC_DATA }; +- +- field = &_bignum_nist_p_192; /* just to make sure */ +- +- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) +- return BN_nnmod(r, a, field, ctx); +- +- i = BN_ucmp(field, a); +- if (i == 0) +- { +- BN_zero(r); +- return 1; +- } +- else if (i > 0) +- return (r == a) ? 1 : (BN_copy(r ,a) != NULL); +- +- if (r != a) +- { +- if (!bn_wexpand(r, BN_NIST_192_TOP)) +- return 0; +- r_d = r->d; +- nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); +- } +- else +- r_d = a_d; +- +- nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); +- +- nist_set_192(t_d, buf, 0, 3, 3); +- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); +- nist_set_192(t_d, buf, 4, 4, 0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); +- nist_set_192(t_d, buf, 5, 5, 5) +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); +- +- if (carry > 0) +- carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP); +- else +- carry = 1; +- +- /* +- * we need 'if (carry==0 || result>=modulus) result-=modulus;' +- * as comparison implies subtraction, we can write +- * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' +- * this is what happens below, but without explicit if:-) a. +- */ +- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); +- mask &= 0-(size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); +- nist_cp_bn(r_d, res, BN_NIST_192_TOP); +- r->top = BN_NIST_192_TOP; +- bn_correct_top(r); +- +- return 1; +- } +- +-typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int); ++ BN_CTX *ctx) ++{ ++ int top = a->top, i; ++ int carry; ++ register BN_ULONG *r_d, *a_d = a->d; ++ BN_ULONG t_d[BN_NIST_192_TOP], ++ buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res; ++ size_t mask; ++ static const BIGNUM _bignum_nist_p_192_sqr = { ++ (BN_ULONG *)_nist_p_192_sqr, ++ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), ++ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), ++ 0, BN_FLG_STATIC_DATA ++ }; ++ ++ field = &_bignum_nist_p_192; /* just to make sure */ ++ ++ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0) ++ return BN_nnmod(r, a, field, ctx); ++ ++ i = BN_ucmp(field, a); ++ if (i == 0) { ++ BN_zero(r); ++ return 1; ++ } else if (i > 0) ++ return (r == a) ? 1 : (BN_copy(r, a) != NULL); ++ ++ if (r != a) { ++ if (!bn_wexpand(r, BN_NIST_192_TOP)) ++ return 0; ++ r_d = r->d; ++ nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); ++ } else ++ r_d = a_d; ++ ++ nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, ++ BN_NIST_192_TOP); ++ ++ nist_set_192(t_d, buf, 0, 3, 3); ++ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++ nist_set_192(t_d, buf, 4, 4, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++ nist_set_192(t_d, buf, 5, 5, 5) ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); ++ ++ if (carry > 0) ++ carry = ++ (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], ++ BN_NIST_192_TOP); ++ else ++ carry = 1; ++ ++ /* ++ * we need 'if (carry==0 || result>=modulus) result-=modulus;' ++ * as comparison implies subtraction, we can write ++ * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' ++ * this is what happens below, but without explicit if:-) a. ++ */ ++ mask = ++ 0 - (size_t)bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP); ++ mask &= 0 - (size_t)carry; ++ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ nist_cp_bn(r_d, res, BN_NIST_192_TOP); ++ r->top = BN_NIST_192_TOP; ++ bn_correct_top(r); ++ ++ return 1; ++} ++ ++typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *, ++ const BN_ULONG *, int); + + #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ +- { \ +- bn_cp_32(to, 0, from, (a7) - 7) \ +- bn_cp_32(to, 1, from, (a6) - 7) \ +- bn_cp_32(to, 2, from, (a5) - 7) \ +- bn_cp_32(to, 3, from, (a4) - 7) \ +- bn_cp_32(to, 4, from, (a3) - 7) \ +- bn_cp_32(to, 5, from, (a2) - 7) \ +- bn_cp_32(to, 6, from, (a1) - 7) \ +- } ++ { \ ++ bn_cp_32(to, 0, from, (a7) - 7) \ ++ bn_cp_32(to, 1, from, (a6) - 7) \ ++ bn_cp_32(to, 2, from, (a5) - 7) \ ++ bn_cp_32(to, 3, from, (a4) - 7) \ ++ bn_cp_32(to, 4, from, (a3) - 7) \ ++ bn_cp_32(to, 5, from, (a2) - 7) \ ++ bn_cp_32(to, 6, from, (a1) - 7) \ ++ } + + int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, +- BN_CTX *ctx) +- { +- int top = a->top, i; +- int carry; +- BN_ULONG *r_d, *a_d = a->d; +- BN_ULONG t_d[BN_NIST_224_TOP], +- buf[BN_NIST_224_TOP], +- c_d[BN_NIST_224_TOP], +- *res; +- size_t mask; +- union { bn_addsub_f f; size_t p; } u; +- static const BIGNUM _bignum_nist_p_224_sqr = { +- (BN_ULONG *)_nist_p_224_sqr, +- sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), +- sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), +- 0,BN_FLG_STATIC_DATA }; +- +- +- field = &_bignum_nist_p_224; /* just to make sure */ +- +- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) +- return BN_nnmod(r, a, field, ctx); +- +- i = BN_ucmp(field, a); +- if (i == 0) +- { +- BN_zero(r); +- return 1; +- } +- else if (i > 0) +- return (r == a)? 1 : (BN_copy(r ,a) != NULL); +- +- if (r != a) +- { +- if (!bn_wexpand(r, BN_NIST_224_TOP)) +- return 0; +- r_d = r->d; +- nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); +- } +- else +- r_d = a_d; ++ BN_CTX *ctx) ++{ ++ int top = a->top, i; ++ int carry; ++ BN_ULONG *r_d, *a_d = a->d; ++ BN_ULONG t_d[BN_NIST_224_TOP], ++ buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res; ++ size_t mask; ++ union { ++ bn_addsub_f f; ++ size_t p; ++ } u; ++ static const BIGNUM _bignum_nist_p_224_sqr = { ++ (BN_ULONG *)_nist_p_224_sqr, ++ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), ++ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), ++ 0, BN_FLG_STATIC_DATA ++ }; ++ ++ field = &_bignum_nist_p_224; /* just to make sure */ ++ ++ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0) ++ return BN_nnmod(r, a, field, ctx); ++ ++ i = BN_ucmp(field, a); ++ if (i == 0) { ++ BN_zero(r); ++ return 1; ++ } else if (i > 0) ++ return (r == a) ? 1 : (BN_copy(r, a) != NULL); ++ ++ if (r != a) { ++ if (!bn_wexpand(r, BN_NIST_224_TOP)) ++ return 0; ++ r_d = r->d; ++ nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); ++ } else ++ r_d = a_d; + + #if BN_BITS2==64 +- /* copy upper 256 bits of 448 bit number ... */ +- nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); +- /* ... and right shift by 32 to obtain upper 224 bits */ +- nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); +- /* truncate lower part to 224 bits too */ +- r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; ++ /* copy upper 256 bits of 448 bit number ... */ ++ nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP - 1), ++ top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); ++ /* ... and right shift by 32 to obtain upper 224 bits */ ++ nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); ++ /* truncate lower part to 224 bits too */ ++ r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; + #else +- nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); ++ nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, ++ BN_NIST_224_TOP); + #endif +- nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); +- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); +- nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); +- nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); +- nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); ++ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); ++ nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); + + #if BN_BITS2==64 +- carry = (int)(r_d[BN_NIST_224_TOP-1]>>32); ++ carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); + #endif +- u.f = bn_sub_words; +- if (carry > 0) +- { +- carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP); ++ u.f = bn_sub_words; ++ if (carry > 0) { ++ carry = ++ (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], ++ BN_NIST_224_TOP); + #if BN_BITS2==64 +- carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1; ++ carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1; + #endif +- } +- else if (carry < 0) +- { +- /* it's a bit more comlicated logic in this case. +- * if bn_add_words yields no carry, then result +- * has to be adjusted by unconditionally *adding* +- * the modulus. but if it does, then result has +- * to be compared to the modulus and conditionally +- * adjusted by *subtracting* the latter. */ +- carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); +- mask = 0-(size_t)carry; +- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); +- } +- else +- carry = 1; +- +- /* otherwise it's effectively same as in BN_nist_mod_192... */ +- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); +- mask &= 0-(size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); +- nist_cp_bn(r_d, res, BN_NIST_224_TOP); +- r->top = BN_NIST_224_TOP; +- bn_correct_top(r); +- +- return 1; +- } ++ } else if (carry < 0) { ++ /* ++ * it's a bit more comlicated logic in this case. if bn_add_words ++ * yields no carry, then result has to be adjusted by unconditionally ++ * *adding* the modulus. but if it does, then result has to be ++ * compared to the modulus and conditionally adjusted by ++ * *subtracting* the latter. ++ */ ++ carry = ++ (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], ++ BN_NIST_224_TOP); ++ mask = 0 - (size_t)carry; ++ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); ++ } else ++ carry = 1; ++ ++ /* otherwise it's effectively same as in BN_nist_mod_192... */ ++ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); ++ mask &= 0 - (size_t)carry; ++ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ nist_cp_bn(r_d, res, BN_NIST_224_TOP); ++ r->top = BN_NIST_224_TOP; ++ bn_correct_top(r); ++ ++ return 1; ++} + + #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ +- { \ +- bn_cp_32(to, 0, from, (a8) - 8) \ +- bn_cp_32(to, 1, from, (a7) - 8) \ +- bn_cp_32(to, 2, from, (a6) - 8) \ +- bn_cp_32(to, 3, from, (a5) - 8) \ +- bn_cp_32(to, 4, from, (a4) - 8) \ +- bn_cp_32(to, 5, from, (a3) - 8) \ +- bn_cp_32(to, 6, from, (a2) - 8) \ +- bn_cp_32(to, 7, from, (a1) - 8) \ +- } ++ { \ ++ bn_cp_32(to, 0, from, (a8) - 8) \ ++ bn_cp_32(to, 1, from, (a7) - 8) \ ++ bn_cp_32(to, 2, from, (a6) - 8) \ ++ bn_cp_32(to, 3, from, (a5) - 8) \ ++ bn_cp_32(to, 4, from, (a4) - 8) \ ++ bn_cp_32(to, 5, from, (a3) - 8) \ ++ bn_cp_32(to, 6, from, (a2) - 8) \ ++ bn_cp_32(to, 7, from, (a1) - 8) \ ++ } + + int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, +- BN_CTX *ctx) +- { +- int i, top = a->top; +- int carry = 0; +- register BN_ULONG *a_d = a->d, *r_d; +- BN_ULONG t_d[BN_NIST_256_TOP], +- buf[BN_NIST_256_TOP], +- c_d[BN_NIST_256_TOP], +- *res; +- size_t mask; +- union { bn_addsub_f f; size_t p; } u; +- static const BIGNUM _bignum_nist_p_256_sqr = { +- (BN_ULONG *)_nist_p_256_sqr, +- sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), +- sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), +- 0,BN_FLG_STATIC_DATA }; +- +- field = &_bignum_nist_p_256; /* just to make sure */ +- +- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) +- return BN_nnmod(r, a, field, ctx); +- +- i = BN_ucmp(field, a); +- if (i == 0) +- { +- BN_zero(r); +- return 1; +- } +- else if (i > 0) +- return (r == a)? 1 : (BN_copy(r ,a) != NULL); +- +- if (r != a) +- { +- if (!bn_wexpand(r, BN_NIST_256_TOP)) +- return 0; +- r_d = r->d; +- nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); +- } +- else +- r_d = a_d; +- +- nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP); +- +- /*S1*/ +- nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); +- /*S2*/ +- nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); +- carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); +- /* left shift */ +- { +- register BN_ULONG *ap,t,c; +- ap = t_d; +- c=0; +- for (i = BN_NIST_256_TOP; i != 0; --i) +- { +- t= *ap; +- *(ap++)=((t<<1)|c)&BN_MASK2; +- c=(t & BN_TBIT)?1:0; +- } +- carry <<= 1; +- carry |= c; +- } +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /*S3*/ +- nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /*S4*/ +- nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /*D1*/ +- nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /*D2*/ +- nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /*D3*/ +- nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- /*D4*/ +- nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); +- +- /* see BN_nist_mod_224 for explanation */ +- u.f = bn_sub_words; +- if (carry > 0) +- carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP); +- else if (carry < 0) +- { +- carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); +- mask = 0-(size_t)carry; +- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); +- } +- else +- carry = 1; +- +- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); +- mask &= 0-(size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); +- nist_cp_bn(r_d, res, BN_NIST_256_TOP); +- r->top = BN_NIST_256_TOP; +- bn_correct_top(r); +- +- return 1; +- } ++ BN_CTX *ctx) ++{ ++ int i, top = a->top; ++ int carry = 0; ++ register BN_ULONG *a_d = a->d, *r_d; ++ BN_ULONG t_d[BN_NIST_256_TOP], ++ buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res; ++ size_t mask; ++ union { ++ bn_addsub_f f; ++ size_t p; ++ } u; ++ static const BIGNUM _bignum_nist_p_256_sqr = { ++ (BN_ULONG *)_nist_p_256_sqr, ++ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), ++ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), ++ 0, BN_FLG_STATIC_DATA ++ }; ++ ++ field = &_bignum_nist_p_256; /* just to make sure */ ++ ++ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0) ++ return BN_nnmod(r, a, field, ctx); ++ ++ i = BN_ucmp(field, a); ++ if (i == 0) { ++ BN_zero(r); ++ return 1; ++ } else if (i > 0) ++ return (r == a) ? 1 : (BN_copy(r, a) != NULL); ++ ++ if (r != a) { ++ if (!bn_wexpand(r, BN_NIST_256_TOP)) ++ return 0; ++ r_d = r->d; ++ nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); ++ } else ++ r_d = a_d; ++ ++ nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, ++ BN_NIST_256_TOP); ++ ++ /* ++ * S1 ++ */ ++ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); ++ /* ++ * S2 ++ */ ++ nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); ++ carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); ++ /* left shift */ ++ { ++ register BN_ULONG *ap, t, c; ++ ap = t_d; ++ c = 0; ++ for (i = BN_NIST_256_TOP; i != 0; --i) { ++ t = *ap; ++ *(ap++) = ((t << 1) | c) & BN_MASK2; ++ c = (t & BN_TBIT) ? 1 : 0; ++ } ++ carry <<= 1; ++ carry |= c; ++ } ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * S3 ++ */ ++ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * S4 ++ */ ++ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D1 ++ */ ++ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D2 ++ */ ++ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D3 ++ */ ++ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ /* ++ * D4 ++ */ ++ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); ++ ++ /* see BN_nist_mod_224 for explanation */ ++ u.f = bn_sub_words; ++ if (carry > 0) ++ carry = ++ (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], ++ BN_NIST_256_TOP); ++ else if (carry < 0) { ++ carry = ++ (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], ++ BN_NIST_256_TOP); ++ mask = 0 - (size_t)carry; ++ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); ++ } else ++ carry = 1; ++ ++ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); ++ mask &= 0 - (size_t)carry; ++ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ nist_cp_bn(r_d, res, BN_NIST_256_TOP); ++ r->top = BN_NIST_256_TOP; ++ bn_correct_top(r); ++ ++ return 1; ++} + + #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ +- { \ +- bn_cp_32(to, 0, from, (a12) - 12) \ +- bn_cp_32(to, 1, from, (a11) - 12) \ +- bn_cp_32(to, 2, from, (a10) - 12) \ +- bn_cp_32(to, 3, from, (a9) - 12) \ +- bn_cp_32(to, 4, from, (a8) - 12) \ +- bn_cp_32(to, 5, from, (a7) - 12) \ +- bn_cp_32(to, 6, from, (a6) - 12) \ +- bn_cp_32(to, 7, from, (a5) - 12) \ +- bn_cp_32(to, 8, from, (a4) - 12) \ +- bn_cp_32(to, 9, from, (a3) - 12) \ +- bn_cp_32(to, 10, from, (a2) - 12) \ +- bn_cp_32(to, 11, from, (a1) - 12) \ +- } ++ { \ ++ bn_cp_32(to, 0, from, (a12) - 12) \ ++ bn_cp_32(to, 1, from, (a11) - 12) \ ++ bn_cp_32(to, 2, from, (a10) - 12) \ ++ bn_cp_32(to, 3, from, (a9) - 12) \ ++ bn_cp_32(to, 4, from, (a8) - 12) \ ++ bn_cp_32(to, 5, from, (a7) - 12) \ ++ bn_cp_32(to, 6, from, (a6) - 12) \ ++ bn_cp_32(to, 7, from, (a5) - 12) \ ++ bn_cp_32(to, 8, from, (a4) - 12) \ ++ bn_cp_32(to, 9, from, (a3) - 12) \ ++ bn_cp_32(to, 10, from, (a2) - 12) \ ++ bn_cp_32(to, 11, from, (a1) - 12) \ ++ } + + int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, +- BN_CTX *ctx) +- { +- int i, top = a->top; +- int carry = 0; +- register BN_ULONG *r_d, *a_d = a->d; +- BN_ULONG t_d[BN_NIST_384_TOP], +- buf[BN_NIST_384_TOP], +- c_d[BN_NIST_384_TOP], +- *res; +- size_t mask; +- union { bn_addsub_f f; size_t p; } u; +- static const BIGNUM _bignum_nist_p_384_sqr = { +- (BN_ULONG *)_nist_p_384_sqr, +- sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), +- sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), +- 0,BN_FLG_STATIC_DATA }; +- +- +- field = &_bignum_nist_p_384; /* just to make sure */ +- +- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) +- return BN_nnmod(r, a, field, ctx); +- +- i = BN_ucmp(field, a); +- if (i == 0) +- { +- BN_zero(r); +- return 1; +- } +- else if (i > 0) +- return (r == a)? 1 : (BN_copy(r ,a) != NULL); +- +- if (r != a) +- { +- if (!bn_wexpand(r, BN_NIST_384_TOP)) +- return 0; +- r_d = r->d; +- nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); +- } +- else +- r_d = a_d; +- +- nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP); +- +- /*S1*/ +- nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4); +- /* left shift */ +- { +- register BN_ULONG *ap,t,c; +- ap = t_d; +- c=0; +- for (i = 3; i != 0; --i) +- { +- t= *ap; +- *(ap++)=((t<<1)|c)&BN_MASK2; +- c=(t & BN_TBIT)?1:0; +- } +- *ap=c; +- } +- carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), +- t_d, BN_NIST_256_TOP); +- /*S2 */ +- carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); +- /*S3*/ +- nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /*S4*/ +- nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /*S5*/ +- nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /*S6*/ +- nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); +- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /*D1*/ +- nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /*D2*/ +- nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- /*D3*/ +- nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); +- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); +- +- /* see BN_nist_mod_224 for explanation */ +- u.f = bn_sub_words; +- if (carry > 0) +- carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP); +- else if (carry < 0) +- { +- carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); +- mask = 0-(size_t)carry; +- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); +- } +- else +- carry = 1; +- +- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); +- mask &= 0-(size_t)carry; +- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); +- nist_cp_bn(r_d, res, BN_NIST_384_TOP); +- r->top = BN_NIST_384_TOP; +- bn_correct_top(r); +- +- return 1; +- } +- +-#define BN_NIST_521_RSHIFT (521%BN_BITS2) +-#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) +-#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) ++ BN_CTX *ctx) ++{ ++ int i, top = a->top; ++ int carry = 0; ++ register BN_ULONG *r_d, *a_d = a->d; ++ BN_ULONG t_d[BN_NIST_384_TOP], ++ buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res; ++ size_t mask; ++ union { ++ bn_addsub_f f; ++ size_t p; ++ } u; ++ static const BIGNUM _bignum_nist_p_384_sqr = { ++ (BN_ULONG *)_nist_p_384_sqr, ++ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), ++ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), ++ 0, BN_FLG_STATIC_DATA ++ }; ++ ++ field = &_bignum_nist_p_384; /* just to make sure */ ++ ++ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0) ++ return BN_nnmod(r, a, field, ctx); ++ ++ i = BN_ucmp(field, a); ++ if (i == 0) { ++ BN_zero(r); ++ return 1; ++ } else if (i > 0) ++ return (r == a) ? 1 : (BN_copy(r, a) != NULL); ++ ++ if (r != a) { ++ if (!bn_wexpand(r, BN_NIST_384_TOP)) ++ return 0; ++ r_d = r->d; ++ nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); ++ } else ++ r_d = a_d; ++ ++ nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, ++ BN_NIST_384_TOP); ++ ++ /* ++ * S1 ++ */ ++ nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); ++ /* left shift */ ++ { ++ register BN_ULONG *ap, t, c; ++ ap = t_d; ++ c = 0; ++ for (i = 3; i != 0; --i) { ++ t = *ap; ++ *(ap++) = ((t << 1) | c) & BN_MASK2; ++ c = (t & BN_TBIT) ? 1 : 0; ++ } ++ *ap = c; ++ } ++ carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), ++ t_d, BN_NIST_256_TOP); ++ /* ++ * S2 ++ */ ++ carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); ++ /* ++ * S3 ++ */ ++ nist_set_384(t_d, buf, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, 21); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S4 ++ */ ++ nist_set_384(t_d, buf, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S5 ++ */ ++ nist_set_384(t_d, buf, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * S6 ++ */ ++ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20); ++ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * D1 ++ */ ++ nist_set_384(t_d, buf, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * D2 ++ */ ++ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ /* ++ * D3 ++ */ ++ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); ++ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); ++ ++ /* see BN_nist_mod_224 for explanation */ ++ u.f = bn_sub_words; ++ if (carry > 0) ++ carry = ++ (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], ++ BN_NIST_384_TOP); ++ else if (carry < 0) { ++ carry = ++ (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], ++ BN_NIST_384_TOP); ++ mask = 0 - (size_t)carry; ++ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask); ++ } else ++ carry = 1; ++ ++ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); ++ mask &= 0 - (size_t)carry; ++ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask)); ++ nist_cp_bn(r_d, res, BN_NIST_384_TOP); ++ r->top = BN_NIST_384_TOP; ++ bn_correct_top(r); ++ ++ return 1; ++} ++ ++#define BN_NIST_521_RSHIFT (521%BN_BITS2) ++#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) ++#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) + + int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, +- BN_CTX *ctx) +- { +- int top = a->top, i; +- BN_ULONG *r_d, *a_d = a->d, +- t_d[BN_NIST_521_TOP], +- val,tmp,*res; +- size_t mask; +- static const BIGNUM _bignum_nist_p_521_sqr = { +- (BN_ULONG *)_nist_p_521_sqr, +- sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), +- sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), +- 0,BN_FLG_STATIC_DATA }; +- +- field = &_bignum_nist_p_521; /* just to make sure */ +- +- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) +- return BN_nnmod(r, a, field, ctx); +- +- i = BN_ucmp(field, a); +- if (i == 0) +- { +- BN_zero(r); +- return 1; +- } +- else if (i > 0) +- return (r == a)? 1 : (BN_copy(r ,a) != NULL); +- +- if (r != a) +- { +- if (!bn_wexpand(r,BN_NIST_521_TOP)) +- return 0; +- r_d = r->d; +- nist_cp_bn(r_d,a_d, BN_NIST_521_TOP); +- } +- else +- r_d = a_d; +- +- /* upper 521 bits, copy ... */ +- nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP); +- /* ... and right shift */ +- for (val=t_d[0],i=0; i>BN_NIST_521_RSHIFT; +- val = t_d[i+1]; +- t_d[i] = (tmp | val<>BN_NIST_521_RSHIFT; +- /* lower 521 bits */ +- r_d[i] &= BN_NIST_521_TOP_MASK; +- +- bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); +- mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); +- res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); +- nist_cp_bn(r_d,res,BN_NIST_521_TOP); +- r->top = BN_NIST_521_TOP; +- bn_correct_top(r); +- +- return 1; +- } ++ BN_CTX *ctx) ++{ ++ int top = a->top, i; ++ BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; ++ size_t mask; ++ static const BIGNUM _bignum_nist_p_521_sqr = { ++ (BN_ULONG *)_nist_p_521_sqr, ++ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), ++ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), ++ 0, BN_FLG_STATIC_DATA ++ }; ++ ++ field = &_bignum_nist_p_521; /* just to make sure */ ++ ++ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0) ++ return BN_nnmod(r, a, field, ctx); ++ ++ i = BN_ucmp(field, a); ++ if (i == 0) { ++ BN_zero(r); ++ return 1; ++ } else if (i > 0) ++ return (r == a) ? 1 : (BN_copy(r, a) != NULL); ++ ++ if (r != a) { ++ if (!bn_wexpand(r, BN_NIST_521_TOP)) ++ return 0; ++ r_d = r->d; ++ nist_cp_bn(r_d, a_d, BN_NIST_521_TOP); ++ } else ++ r_d = a_d; ++ ++ /* upper 521 bits, copy ... */ ++ nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1), ++ top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); ++ /* ... and right shift */ ++ for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { ++ tmp = val >> BN_NIST_521_RSHIFT; ++ val = t_d[i + 1]; ++ t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; ++ } ++ t_d[i] = val >> BN_NIST_521_RSHIFT; ++ /* lower 521 bits */ ++ r_d[i] &= BN_NIST_521_TOP_MASK; ++ ++ bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); ++ mask = 0 - (size_t)bn_sub_words(t_d, r_d, _nist_p_521, BN_NIST_521_TOP); ++ res = (BN_ULONG *)(((size_t)t_d & ~mask) | ((size_t)r_d & mask)); ++ nist_cp_bn(r_d, res, BN_NIST_521_TOP); ++ r->top = BN_NIST_521_TOP; ++ bn_correct_top(r); ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c +index 21cbb38..efdebdd 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,7 +57,7 @@ + */ + + #ifndef BN_DEBUG +-# undef NDEBUG /* avoid conflicting definitions */ ++# undef NDEBUG /* avoid conflicting definitions */ + # define NDEBUG + #endif + +@@ -68,20 +68,19 @@ + #include "bn_lcl.h" + + char *BN_options(void) +- { +- static int init=0; +- static char data[16]; ++{ ++ static int init = 0; ++ static char data[16]; + +- if (!init) +- { +- init++; ++ if (!init) { ++ init++; + #ifdef BN_LLONG +- BIO_snprintf(data,sizeof data,"bn(%d,%d)", +- (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); ++ BIO_snprintf(data, sizeof data, "bn(%d,%d)", ++ (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); + #else +- BIO_snprintf(data,sizeof data,"bn(%d,%d)", +- (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); ++ BIO_snprintf(data, sizeof data, "bn(%d,%d)", ++ (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); + #endif +- } +- return(data); +- } ++ } ++ return (data); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +index 7b25979..1d25687 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -115,380 +115,401 @@ + #include "bn_lcl.h" + #include + +-/* NB: these functions have been "upgraded", the deprecated versions (which are +- * compatibility wrappers using these functions) are in bn_depr.c. +- * - Geoff ++/* ++ * NB: these functions have been "upgraded", the deprecated versions (which ++ * are compatibility wrappers using these functions) are in bn_depr.c. - ++ * Geoff + */ + +-/* The quick sieve algorithm approach to weeding out primes is +- * Philip Zimmermann's, as implemented in PGP. I have had a read of +- * his comments and implemented my own version. ++/* ++ * The quick sieve algorithm approach to weeding out primes is Philip ++ * Zimmermann's, as implemented in PGP. I have had a read of his comments ++ * and implemented my own version. + */ + #include "bn_prime.h" + + static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, +- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); ++ const BIGNUM *a1_odd, int k, BN_CTX *ctx, ++ BN_MONT_CTX *mont); + static int probable_prime(BIGNUM *rnd, int bits); + static int probable_prime_dh(BIGNUM *rnd, int bits, +- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); +-static int probable_prime_dh_safe(BIGNUM *rnd, int bits, +- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); ++ const BIGNUM *add, const BIGNUM *rem, ++ BN_CTX *ctx); ++static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, ++ const BIGNUM *rem, BN_CTX *ctx); + + int BN_GENCB_call(BN_GENCB *cb, int a, int b) +- { +- /* No callback means continue */ +- if(!cb) return 1; +- switch(cb->ver) +- { +- case 1: +- /* Deprecated-style callbacks */ +- if(!cb->cb.cb_1) +- return 1; +- cb->cb.cb_1(a, b, cb->arg); +- return 1; +- case 2: +- /* New-style callbacks */ +- return cb->cb.cb_2(a, b, cb); +- default: +- break; +- } +- /* Unrecognised callback type */ +- return 0; +- } ++{ ++ /* No callback means continue */ ++ if (!cb) ++ return 1; ++ switch (cb->ver) { ++ case 1: ++ /* Deprecated-style callbacks */ ++ if (!cb->cb.cb_1) ++ return 1; ++ cb->cb.cb_1(a, b, cb->arg); ++ return 1; ++ case 2: ++ /* New-style callbacks */ ++ return cb->cb.cb_2(a, b, cb); ++ default: ++ break; ++ } ++ /* Unrecognised callback type */ ++ return 0; ++} + + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, +- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) +- { +- BIGNUM *t; +- int found=0; +- int i,j,c1=0; +- BN_CTX *ctx; +- int checks = BN_prime_checks_for_size(bits); +- +- ctx=BN_CTX_new(); +- if (ctx == NULL) goto err; +- BN_CTX_start(ctx); +- t = BN_CTX_get(ctx); +- if(!t) goto err; +-loop: +- /* make a random number and set the top and bottom bits */ +- if (add == NULL) +- { +- if (!probable_prime(ret,bits)) goto err; +- } +- else +- { +- if (safe) +- { +- if (!probable_prime_dh_safe(ret,bits,add,rem,ctx)) +- goto err; +- } +- else +- { +- if (!probable_prime_dh(ret,bits,add,rem,ctx)) +- goto err; +- } +- } +- /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ +- if(!BN_GENCB_call(cb, 0, c1++)) +- /* aborted */ +- goto err; +- +- if (!safe) +- { +- i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb); +- if (i == -1) goto err; +- if (i == 0) goto loop; +- } +- else +- { +- /* for "safe prime" generation, +- * check that (p-1)/2 is prime. +- * Since a prime is odd, We just +- * need to divide by 2 */ +- if (!BN_rshift1(t,ret)) goto err; +- +- for (i=0; i a is prime if and only if a == 2 */ +- return BN_is_word(a, 2); +- if (do_trial_division) +- { +- for (i = 1; i < NUMPRIMES; i++) +- if (BN_mod_word(a, primes[i]) == 0) +- return 0; +- if(!BN_GENCB_call(cb, 1, -1)) +- goto err; +- } +- +- if (ctx_passed != NULL) +- ctx = ctx_passed; +- else +- if ((ctx=BN_CTX_new()) == NULL) +- goto err; +- BN_CTX_start(ctx); +- +- /* A := abs(a) */ +- if (a->neg) +- { +- BIGNUM *t; +- if ((t = BN_CTX_get(ctx)) == NULL) goto err; +- BN_copy(t, a); +- t->neg = 0; +- A = t; +- } +- else +- A = a; +- A1 = BN_CTX_get(ctx); +- A1_odd = BN_CTX_get(ctx); +- check = BN_CTX_get(ctx); +- if (check == NULL) goto err; +- +- /* compute A1 := A - 1 */ +- if (!BN_copy(A1, A)) +- goto err; +- if (!BN_sub_word(A1, 1)) +- goto err; +- if (BN_is_zero(A1)) +- { +- ret = 0; +- goto err; +- } +- +- /* write A1 as A1_odd * 2^k */ +- k = 1; +- while (!BN_is_bit_set(A1, k)) +- k++; +- if (!BN_rshift(A1_odd, A1, k)) +- goto err; +- +- /* Montgomery setup for computations mod A */ +- mont = BN_MONT_CTX_new(); +- if (mont == NULL) +- goto err; +- if (!BN_MONT_CTX_set(mont, A, ctx)) +- goto err; +- +- for (i = 0; i < checks; i++) +- { +- if (!BN_pseudo_rand_range(check, A1)) +- goto err; +- if (!BN_add_word(check, 1)) +- goto err; +- /* now 1 <= check < A */ +- +- j = witness(check, A, A1, A1_odd, k, ctx, mont); +- if (j == -1) goto err; +- if (j) +- { +- ret=0; +- goto err; +- } +- if(!BN_GENCB_call(cb, 1, i)) +- goto err; +- } +- ret=1; +-err: +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- if (ctx_passed == NULL) +- BN_CTX_free(ctx); +- } +- if (mont != NULL) +- BN_MONT_CTX_free(mont); +- +- return(ret); +- } ++ int do_trial_division, BN_GENCB *cb) ++{ ++ int i, j, ret = -1; ++ int k; ++ BN_CTX *ctx = NULL; ++ BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ ++ BN_MONT_CTX *mont = NULL; ++ const BIGNUM *A = NULL; ++ ++ if (BN_cmp(a, BN_value_one()) <= 0) ++ return 0; ++ ++ if (checks == BN_prime_checks) ++ checks = BN_prime_checks_for_size(BN_num_bits(a)); ++ ++ /* first look for small factors */ ++ if (!BN_is_odd(a)) ++ /* a is even => a is prime if and only if a == 2 */ ++ return BN_is_word(a, 2); ++ if (do_trial_division) { ++ for (i = 1; i < NUMPRIMES; i++) ++ if (BN_mod_word(a, primes[i]) == 0) ++ return 0; ++ if (!BN_GENCB_call(cb, 1, -1)) ++ goto err; ++ } ++ ++ if (ctx_passed != NULL) ++ ctx = ctx_passed; ++ else if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ ++ /* A := abs(a) */ ++ if (a->neg) { ++ BIGNUM *t; ++ if ((t = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ BN_copy(t, a); ++ t->neg = 0; ++ A = t; ++ } else ++ A = a; ++ A1 = BN_CTX_get(ctx); ++ A1_odd = BN_CTX_get(ctx); ++ check = BN_CTX_get(ctx); ++ if (check == NULL) ++ goto err; ++ ++ /* compute A1 := A - 1 */ ++ if (!BN_copy(A1, A)) ++ goto err; ++ if (!BN_sub_word(A1, 1)) ++ goto err; ++ if (BN_is_zero(A1)) { ++ ret = 0; ++ goto err; ++ } ++ ++ /* write A1 as A1_odd * 2^k */ ++ k = 1; ++ while (!BN_is_bit_set(A1, k)) ++ k++; ++ if (!BN_rshift(A1_odd, A1, k)) ++ goto err; ++ ++ /* Montgomery setup for computations mod A */ ++ mont = BN_MONT_CTX_new(); ++ if (mont == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, A, ctx)) ++ goto err; ++ ++ for (i = 0; i < checks; i++) { ++ if (!BN_pseudo_rand_range(check, A1)) ++ goto err; ++ if (!BN_add_word(check, 1)) ++ goto err; ++ /* now 1 <= check < A */ ++ ++ j = witness(check, A, A1, A1_odd, k, ctx, mont); ++ if (j == -1) ++ goto err; ++ if (j) { ++ ret = 0; ++ goto err; ++ } ++ if (!BN_GENCB_call(cb, 1, i)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ if (ctx_passed == NULL) ++ BN_CTX_free(ctx); ++ } ++ if (mont != NULL) ++ BN_MONT_CTX_free(mont); ++ ++ return (ret); ++} + + static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, +- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) +- { +- if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ +- return -1; +- if (BN_is_one(w)) +- return 0; /* probably prime */ +- if (BN_cmp(w, a1) == 0) +- return 0; /* w == -1 (mod a), 'a' is probably prime */ +- while (--k) +- { +- if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ +- return -1; +- if (BN_is_one(w)) +- return 1; /* 'a' is composite, otherwise a previous 'w' would +- * have been == -1 (mod 'a') */ +- if (BN_cmp(w, a1) == 0) +- return 0; /* w == -1 (mod a), 'a' is probably prime */ +- } +- /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', +- * and it is neither -1 nor +1 -- so 'a' cannot be prime */ +- bn_check_top(w); +- return 1; +- } ++ const BIGNUM *a1_odd, int k, BN_CTX *ctx, ++ BN_MONT_CTX *mont) ++{ ++ if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ ++ return -1; ++ if (BN_is_one(w)) ++ return 0; /* probably prime */ ++ if (BN_cmp(w, a1) == 0) ++ return 0; /* w == -1 (mod a), 'a' is probably prime */ ++ while (--k) { ++ if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ ++ return -1; ++ if (BN_is_one(w)) ++ return 1; /* 'a' is composite, otherwise a previous 'w' ++ * would have been == -1 (mod 'a') */ ++ if (BN_cmp(w, a1) == 0) ++ return 0; /* w == -1 (mod a), 'a' is probably prime */ ++ } ++ /* ++ * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and ++ * it is neither -1 nor +1 -- so 'a' cannot be prime ++ */ ++ bn_check_top(w); ++ return 1; ++} + + static int probable_prime(BIGNUM *rnd, int bits) +- { +- int i; +- prime_t mods[NUMPRIMES]; +- BN_ULONG delta,maxdelta; +- +-again: +- if (!BN_rand(rnd,bits,1,1)) return(0); +- /* we now have a random number 'rand' to test. */ +- for (i=1; i maxdelta) goto again; +- goto loop; +- } +- } +- if (!BN_add_word(rnd,delta)) return(0); +- bn_check_top(rnd); +- return(1); +- } ++{ ++ int i; ++ prime_t mods[NUMPRIMES]; ++ BN_ULONG delta, maxdelta; ++ ++ again: ++ if (!BN_rand(rnd, bits, 1, 1)) ++ return (0); ++ /* we now have a random number 'rand' to test. */ ++ for (i = 1; i < NUMPRIMES; i++) ++ mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); ++ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; ++ delta = 0; ++ loop:for (i = 1; i < NUMPRIMES; i++) { ++ /* ++ * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 ++ * (except for 2) ++ */ ++ if (((mods[i] + delta) % primes[i]) <= 1) { ++ delta += 2; ++ if (delta > maxdelta) ++ goto again; ++ goto loop; ++ } ++ } ++ if (!BN_add_word(rnd, delta)) ++ return (0); ++ bn_check_top(rnd); ++ return (1); ++} + + static int probable_prime_dh(BIGNUM *rnd, int bits, +- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) +- { +- int i,ret=0; +- BIGNUM *t1; +- +- BN_CTX_start(ctx); +- if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; +- +- if (!BN_rand(rnd,bits,0,1)) goto err; +- +- /* we need ((rnd-rem) % add) == 0 */ +- +- if (!BN_mod(t1,rnd,add,ctx)) goto err; +- if (!BN_sub(rnd,rnd,t1)) goto err; +- if (rem == NULL) +- { if (!BN_add_word(rnd,1)) goto err; } +- else +- { if (!BN_add(rnd,rnd,rem)) goto err; } +- +- /* we now have a random number 'rand' to test. */ +- +- loop: for (i=1; i + #include "bn_lcl.h" + +-static const char Hex[]="0123456789ABCDEF"; ++static const char Hex[] = "0123456789ABCDEF"; + + /* Must 'OPENSSL_free' the returned data */ + char *BN_bn2hex(const BIGNUM *a) +- { +- int i,j,v,z=0; +- char *buf; +- char *p; ++{ ++ int i, j, v, z = 0; ++ char *buf; ++ char *p; + +- buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2); +- if (buf == NULL) +- { +- BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p=buf; +- if (a->neg) *(p++)='-'; +- if (BN_is_zero(a)) *(p++)='0'; +- for (i=a->top-1; i >=0; i--) +- { +- for (j=BN_BITS2-8; j >= 0; j-=8) +- { +- /* strip leading zeros */ +- v=((int)(a->d[i]>>(long)j))&0xff; +- if (z || (v != 0)) +- { +- *(p++)=Hex[v>>4]; +- *(p++)=Hex[v&0x0f]; +- z=1; +- } +- } +- } +- *p='\0'; +-err: +- return(buf); +- } ++ buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); ++ if (buf == NULL) { ++ BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = buf; ++ if (a->neg) ++ *(p++) = '-'; ++ if (BN_is_zero(a)) ++ *(p++) = '0'; ++ for (i = a->top - 1; i >= 0; i--) { ++ for (j = BN_BITS2 - 8; j >= 0; j -= 8) { ++ /* strip leading zeros */ ++ v = ((int)(a->d[i] >> (long)j)) & 0xff; ++ if (z || (v != 0)) { ++ *(p++) = Hex[v >> 4]; ++ *(p++) = Hex[v & 0x0f]; ++ z = 1; ++ } ++ } ++ } ++ *p = '\0'; ++ err: ++ return (buf); ++} + + /* Must 'OPENSSL_free' the returned data */ + char *BN_bn2dec(const BIGNUM *a) +- { +- int i=0,num, ok = 0; +- char *buf=NULL; +- char *p; +- BIGNUM *t=NULL; +- BN_ULONG *bn_data=NULL,*lp; ++{ ++ int i = 0, num, ok = 0; ++ char *buf = NULL; ++ char *p; ++ BIGNUM *t = NULL; ++ BN_ULONG *bn_data = NULL, *lp; + +- /* get an upper bound for the length of the decimal integer +- * num <= (BN_num_bits(a) + 1) * log(2) +- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) +- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 +- */ +- i=BN_num_bits(a)*3; +- num=(i/10+i/1000+1)+1; +- bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); +- buf=(char *)OPENSSL_malloc(num+3); +- if ((buf == NULL) || (bn_data == NULL)) +- { +- BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((t=BN_dup(a)) == NULL) goto err; ++ /*- ++ * get an upper bound for the length of the decimal integer ++ * num <= (BN_num_bits(a) + 1) * log(2) ++ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) ++ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 ++ */ ++ i = BN_num_bits(a) * 3; ++ num = (i / 10 + i / 1000 + 1) + 1; ++ bn_data = ++ (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG)); ++ buf = (char *)OPENSSL_malloc(num + 3); ++ if ((buf == NULL) || (bn_data == NULL)) { ++ BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if ((t = BN_dup(a)) == NULL) ++ goto err; + + #define BUF_REMAIN (num+3 - (size_t)(p - buf)) +- p=buf; +- lp=bn_data; +- if (BN_is_zero(t)) +- { +- *(p++)='0'; +- *(p++)='\0'; +- } +- else +- { +- if (BN_is_negative(t)) +- *p++ = '-'; ++ p = buf; ++ lp = bn_data; ++ if (BN_is_zero(t)) { ++ *(p++) = '0'; ++ *(p++) = '\0'; ++ } else { ++ if (BN_is_negative(t)) ++ *p++ = '-'; + +- i=0; +- while (!BN_is_zero(t)) +- { +- *lp=BN_div_word(t,BN_DEC_CONV); +- lp++; +- } +- lp--; +- /* We now have a series of blocks, BN_DEC_NUM chars +- * in length, where the last one needs truncation. +- * The blocks need to be reversed in order. */ +- BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp); +- while (*p) p++; +- while (lp != bn_data) +- { +- lp--; +- BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp); +- while (*p) p++; +- } +- } +- ok = 1; +-err: +- if (bn_data != NULL) OPENSSL_free(bn_data); +- if (t != NULL) BN_free(t); +- if (!ok && buf) +- { +- OPENSSL_free(buf); +- buf = NULL; +- } ++ i = 0; ++ while (!BN_is_zero(t)) { ++ *lp = BN_div_word(t, BN_DEC_CONV); ++ lp++; ++ } ++ lp--; ++ /* ++ * We now have a series of blocks, BN_DEC_NUM chars in length, where ++ * the last one needs truncation. The blocks need to be reversed in ++ * order. ++ */ ++ BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); ++ while (*p) ++ p++; ++ while (lp != bn_data) { ++ lp--; ++ BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); ++ while (*p) ++ p++; ++ } ++ } ++ ok = 1; ++ err: ++ if (bn_data != NULL) ++ OPENSSL_free(bn_data); ++ if (t != NULL) ++ BN_free(t); ++ if (!ok && buf) { ++ OPENSSL_free(buf); ++ buf = NULL; ++ } + +- return(buf); +- } ++ return (buf); ++} + + int BN_hex2bn(BIGNUM **bn, const char *a) +- { +- BIGNUM *ret=NULL; +- BN_ULONG l=0; +- int neg=0,h,m,i,j,k,c; +- int num; ++{ ++ BIGNUM *ret = NULL; ++ BN_ULONG l = 0; ++ int neg = 0, h, m, i, j, k, c; ++ int num; + +- if ((a == NULL) || (*a == '\0')) return(0); ++ if ((a == NULL) || (*a == '\0')) ++ return (0); + +- if (*a == '-') { neg=1; a++; } ++ if (*a == '-') { ++ neg = 1; ++ a++; ++ } + +- for (i=0; isxdigit((unsigned char) a[i]); i++) +- ; ++ for (i = 0; isxdigit((unsigned char)a[i]); i++) ; + +- num=i+neg; +- if (bn == NULL) return(num); ++ num = i + neg; ++ if (bn == NULL) ++ return (num); + +- /* a is the start of the hex digits, and it is 'i' long */ +- if (*bn == NULL) +- { +- if ((ret=BN_new()) == NULL) return(0); +- } +- else +- { +- ret= *bn; +- BN_zero(ret); +- } ++ /* a is the start of the hex digits, and it is 'i' long */ ++ if (*bn == NULL) { ++ if ((ret = BN_new()) == NULL) ++ return (0); ++ } else { ++ ret = *bn; ++ BN_zero(ret); ++ } + +- /* i is the number of hex digests; */ +- if (bn_expand(ret,i*4) == NULL) goto err; ++ /* i is the number of hex digests; */ ++ if (bn_expand(ret, i * 4) == NULL) ++ goto err; + +- j=i; /* least significant 'hex' */ +- m=0; +- h=0; +- while (j > 0) +- { +- m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j; +- l=0; +- for (;;) +- { +- c=a[j-m]; +- if ((c >= '0') && (c <= '9')) k=c-'0'; +- else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10; +- else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10; +- else k=0; /* paranoia */ +- l=(l<<4)|k; ++ j = i; /* least significant 'hex' */ ++ m = 0; ++ h = 0; ++ while (j > 0) { ++ m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j; ++ l = 0; ++ for (;;) { ++ c = a[j - m]; ++ if ((c >= '0') && (c <= '9')) ++ k = c - '0'; ++ else if ((c >= 'a') && (c <= 'f')) ++ k = c - 'a' + 10; ++ else if ((c >= 'A') && (c <= 'F')) ++ k = c - 'A' + 10; ++ else ++ k = 0; /* paranoia */ ++ l = (l << 4) | k; + +- if (--m <= 0) +- { +- ret->d[h++]=l; +- break; +- } +- } +- j-=(BN_BYTES*2); +- } +- ret->top=h; +- bn_correct_top(ret); +- ret->neg=neg; ++ if (--m <= 0) { ++ ret->d[h++] = l; ++ break; ++ } ++ } ++ j -= (BN_BYTES * 2); ++ } ++ ret->top = h; ++ bn_correct_top(ret); ++ ret->neg = neg; + +- *bn=ret; +- bn_check_top(ret); +- return(num); +-err: +- if (*bn == NULL) BN_free(ret); +- return(0); +- } ++ *bn = ret; ++ bn_check_top(ret); ++ return (num); ++ err: ++ if (*bn == NULL) ++ BN_free(ret); ++ return (0); ++} + + int BN_dec2bn(BIGNUM **bn, const char *a) +- { +- BIGNUM *ret=NULL; +- BN_ULONG l=0; +- int neg=0,i,j; +- int num; ++{ ++ BIGNUM *ret = NULL; ++ BN_ULONG l = 0; ++ int neg = 0, i, j; ++ int num; + +- if ((a == NULL) || (*a == '\0')) return(0); +- if (*a == '-') { neg=1; a++; } ++ if ((a == NULL) || (*a == '\0')) ++ return (0); ++ if (*a == '-') { ++ neg = 1; ++ a++; ++ } + +- for (i=0; isdigit((unsigned char) a[i]); i++) +- ; ++ for (i = 0; isdigit((unsigned char)a[i]); i++) ; + +- num=i+neg; +- if (bn == NULL) return(num); ++ num = i + neg; ++ if (bn == NULL) ++ return (num); + +- /* a is the start of the digits, and it is 'i' long. +- * We chop it into BN_DEC_NUM digits at a time */ +- if (*bn == NULL) +- { +- if ((ret=BN_new()) == NULL) return(0); +- } +- else +- { +- ret= *bn; +- BN_zero(ret); +- } ++ /* ++ * a is the start of the digits, and it is 'i' long. We chop it into ++ * BN_DEC_NUM digits at a time ++ */ ++ if (*bn == NULL) { ++ if ((ret = BN_new()) == NULL) ++ return (0); ++ } else { ++ ret = *bn; ++ BN_zero(ret); ++ } + +- /* i is the number of digests, a bit of an over expand; */ +- if (bn_expand(ret,i*4) == NULL) goto err; ++ /* i is the number of digests, a bit of an over expand; */ ++ if (bn_expand(ret, i * 4) == NULL) ++ goto err; + +- j=BN_DEC_NUM-(i%BN_DEC_NUM); +- if (j == BN_DEC_NUM) j=0; +- l=0; +- while (*a) +- { +- l*=10; +- l+= *a-'0'; +- a++; +- if (++j == BN_DEC_NUM) +- { +- BN_mul_word(ret,BN_DEC_CONV); +- BN_add_word(ret,l); +- l=0; +- j=0; +- } +- } +- ret->neg=neg; ++ j = BN_DEC_NUM - (i % BN_DEC_NUM); ++ if (j == BN_DEC_NUM) ++ j = 0; ++ l = 0; ++ while (*a) { ++ l *= 10; ++ l += *a - '0'; ++ a++; ++ if (++j == BN_DEC_NUM) { ++ BN_mul_word(ret, BN_DEC_CONV); ++ BN_add_word(ret, l); ++ l = 0; ++ j = 0; ++ } ++ } ++ ret->neg = neg; + +- bn_correct_top(ret); +- *bn=ret; +- bn_check_top(ret); +- return(num); +-err: +- if (*bn == NULL) BN_free(ret); +- return(0); +- } ++ bn_correct_top(ret); ++ *bn = ret; ++ bn_check_top(ret); ++ return (num); ++ err: ++ if (*bn == NULL) ++ BN_free(ret); ++ return (0); ++} + + #ifndef OPENSSL_NO_BIO +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int BN_print_fp(FILE *fp, const BIGNUM *a) +- { +- BIO *b; +- int ret; ++{ ++ BIO *b; ++ int ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- return(0); +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=BN_print(b,a); +- BIO_free(b); +- return(ret); +- } +-#endif ++ if ((b = BIO_new(BIO_s_file())) == NULL) ++ return (0); ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = BN_print(b, a); ++ BIO_free(b); ++ return (ret); ++} ++# endif + + int BN_print(BIO *bp, const BIGNUM *a) +- { +- int i,j,v,z=0; +- int ret=0; ++{ ++ int i, j, v, z = 0; ++ int ret = 0; + +- if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; +- if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end; +- for (i=a->top-1; i >=0; i--) +- { +- for (j=BN_BITS2-4; j >= 0; j-=4) +- { +- /* strip leading zeros */ +- v=((int)(a->d[i]>>(long)j))&0x0f; +- if (z || (v != 0)) +- { +- if (BIO_write(bp,&(Hex[v]),1) != 1) +- goto end; +- z=1; +- } +- } +- } +- ret=1; +-end: +- return(ret); +- } ++ if ((a->neg) && (BIO_write(bp, "-", 1) != 1)) ++ goto end; ++ if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1)) ++ goto end; ++ for (i = a->top - 1; i >= 0; i--) { ++ for (j = BN_BITS2 - 4; j >= 0; j -= 4) { ++ /* strip leading zeros */ ++ v = ((int)(a->d[i] >> (long)j)) & 0x0f; ++ if (z || (v != 0)) { ++ if (BIO_write(bp, &(Hex[v]), 1) != 1) ++ goto end; ++ z = 1; ++ } ++ } ++ } ++ ret = 1; ++ end: ++ return (ret); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +index b376c28..7ac71ec 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -116,190 +116,174 @@ + #include + + static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) +- { +- unsigned char *buf=NULL; +- int ret=0,bit,bytes,mask; +- time_t tim; ++{ ++ unsigned char *buf = NULL; ++ int ret = 0, bit, bytes, mask; ++ time_t tim; + +- if (bits == 0) +- { +- BN_zero(rnd); +- return 1; +- } ++ if (bits == 0) { ++ BN_zero(rnd); ++ return 1; ++ } + +- bytes=(bits+7)/8; +- bit=(bits-1)%8; +- mask=0xff<<(bit+1); ++ bytes = (bits + 7) / 8; ++ bit = (bits - 1) % 8; ++ mask = 0xff << (bit + 1); + +- buf=(unsigned char *)OPENSSL_malloc(bytes); +- if (buf == NULL) +- { +- BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ buf = (unsigned char *)OPENSSL_malloc(bytes); ++ if (buf == NULL) { ++ BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- /* make a random number and set the top and bottom bits */ +- time(&tim); +- RAND_add(&tim,sizeof(tim),0.0); ++ /* make a random number and set the top and bottom bits */ ++ time(&tim); ++ RAND_add(&tim, sizeof(tim), 0.0); + +- if (pseudorand) +- { +- if (RAND_pseudo_bytes(buf, bytes) == -1) +- goto err; +- } +- else +- { +- if (RAND_bytes(buf, bytes) <= 0) +- goto err; +- } ++ if (pseudorand) { ++ if (RAND_pseudo_bytes(buf, bytes) == -1) ++ goto err; ++ } else { ++ if (RAND_bytes(buf, bytes) <= 0) ++ goto err; ++ } + + #if 1 +- if (pseudorand == 2) +- { +- /* generate patterns that are more likely to trigger BN +- library bugs */ +- int i; +- unsigned char c; ++ if (pseudorand == 2) { ++ /* ++ * generate patterns that are more likely to trigger BN library bugs ++ */ ++ int i; ++ unsigned char c; + +- for (i = 0; i < bytes; i++) +- { +- RAND_pseudo_bytes(&c, 1); +- if (c >= 128 && i > 0) +- buf[i] = buf[i-1]; +- else if (c < 42) +- buf[i] = 0; +- else if (c < 84) +- buf[i] = 255; +- } +- } ++ for (i = 0; i < bytes; i++) { ++ RAND_pseudo_bytes(&c, 1); ++ if (c >= 128 && i > 0) ++ buf[i] = buf[i - 1]; ++ else if (c < 42) ++ buf[i] = 0; ++ else if (c < 84) ++ buf[i] = 255; ++ } ++ } + #endif + +- if (top != -1) +- { +- if (top) +- { +- if (bit == 0) +- { +- buf[0]=1; +- buf[1]|=0x80; +- } +- else +- { +- buf[0]|=(3<<(bit-1)); +- } +- } +- else +- { +- buf[0]|=(1<neg || BN_is_zero(range)) +- { +- BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); +- return 0; +- } ++ if (range->neg || BN_is_zero(range)) { ++ BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); ++ return 0; ++ } + +- n = BN_num_bits(range); /* n > 0 */ ++ n = BN_num_bits(range); /* n > 0 */ + +- /* BN_is_bit_set(range, n - 1) always holds */ ++ /* BN_is_bit_set(range, n - 1) always holds */ + +- if (n == 1) +- BN_zero(r); +- else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) +- { +- /* range = 100..._2, +- * so 3*range (= 11..._2) is exactly one bit longer than range */ +- do +- { +- if (!bn_rand(r, n + 1, -1, 0)) return 0; +- /* If r < 3*range, use r := r MOD range +- * (which is either r, r - range, or r - 2*range). +- * Otherwise, iterate once more. +- * Since 3*range = 11..._2, each iteration succeeds with +- * probability >= .75. */ +- if (BN_cmp(r ,range) >= 0) +- { +- if (!BN_sub(r, r, range)) return 0; +- if (BN_cmp(r, range) >= 0) +- if (!BN_sub(r, r, range)) return 0; +- } ++ if (n == 1) ++ BN_zero(r); ++ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { ++ /* ++ * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer ++ * than range ++ */ ++ do { ++ if (!bn_rand(r, n + 1, -1, 0)) ++ return 0; ++ /* ++ * If r < 3*range, use r := r MOD range (which is either r, r - ++ * range, or r - 2*range). Otherwise, iterate once more. Since ++ * 3*range = 11..._2, each iteration succeeds with probability >= ++ * .75. ++ */ ++ if (BN_cmp(r, range) >= 0) { ++ if (!BN_sub(r, r, range)) ++ return 0; ++ if (BN_cmp(r, range) >= 0) ++ if (!BN_sub(r, r, range)) ++ return 0; ++ } + +- if (!--count) +- { +- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); +- return 0; +- } +- +- } +- while (BN_cmp(r, range) >= 0); +- } +- else +- { +- do +- { +- /* range = 11..._2 or range = 101..._2 */ +- if (!bn_rand(r, n, -1, 0)) return 0; ++ if (!--count) { ++ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); ++ return 0; ++ } + +- if (!--count) +- { +- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); +- return 0; +- } +- } +- while (BN_cmp(r, range) >= 0); +- } ++ } ++ while (BN_cmp(r, range) >= 0); ++ } else { ++ do { ++ /* range = 11..._2 or range = 101..._2 */ ++ if (!bn_rand(r, n, -1, 0)) ++ return 0; + +- bn_check_top(r); +- return 1; +- } ++ if (!--count) { ++ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS); ++ return 0; ++ } ++ } ++ while (BN_cmp(r, range) >= 0); ++ } + ++ bn_check_top(r); ++ return 1; ++} + +-int BN_rand_range(BIGNUM *r, const BIGNUM *range) +- { +- return bn_rand_range(0, r, range); +- } ++int BN_rand_range(BIGNUM *r, const BIGNUM *range) ++{ ++ return bn_rand_range(0, r, range); ++} + +-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) +- { +- return bn_rand_range(1, r, range); +- } ++int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) ++{ ++ return bn_rand_range(1, r, range); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +index 2e8efb8..6826f93 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,174 +61,189 @@ + #include "bn_lcl.h" + + void BN_RECP_CTX_init(BN_RECP_CTX *recp) +- { +- BN_init(&(recp->N)); +- BN_init(&(recp->Nr)); +- recp->num_bits=0; +- recp->flags=0; +- } ++{ ++ BN_init(&(recp->N)); ++ BN_init(&(recp->Nr)); ++ recp->num_bits = 0; ++ recp->flags = 0; ++} + + BN_RECP_CTX *BN_RECP_CTX_new(void) +- { +- BN_RECP_CTX *ret; ++{ ++ BN_RECP_CTX *ret; + +- if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) +- return(NULL); ++ if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) ++ return (NULL); + +- BN_RECP_CTX_init(ret); +- ret->flags=BN_FLG_MALLOCED; +- return(ret); +- } ++ BN_RECP_CTX_init(ret); ++ ret->flags = BN_FLG_MALLOCED; ++ return (ret); ++} + + void BN_RECP_CTX_free(BN_RECP_CTX *recp) +- { +- if(recp == NULL) +- return; ++{ ++ if (recp == NULL) ++ return; + +- BN_free(&(recp->N)); +- BN_free(&(recp->Nr)); +- if (recp->flags & BN_FLG_MALLOCED) +- OPENSSL_free(recp); +- } ++ BN_free(&(recp->N)); ++ BN_free(&(recp->Nr)); ++ if (recp->flags & BN_FLG_MALLOCED) ++ OPENSSL_free(recp); ++} + + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) +- { +- if (!BN_copy(&(recp->N),d)) return 0; +- BN_zero(&(recp->Nr)); +- recp->num_bits=BN_num_bits(d); +- recp->shift=0; +- return(1); +- } ++{ ++ if (!BN_copy(&(recp->N), d)) ++ return 0; ++ BN_zero(&(recp->Nr)); ++ recp->num_bits = BN_num_bits(d); ++ recp->shift = 0; ++ return (1); ++} + + int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, +- BN_RECP_CTX *recp, BN_CTX *ctx) +- { +- int ret=0; +- BIGNUM *a; +- const BIGNUM *ca; +- +- BN_CTX_start(ctx); +- if ((a = BN_CTX_get(ctx)) == NULL) goto err; +- if (y != NULL) +- { +- if (x == y) +- { if (!BN_sqr(a,x,ctx)) goto err; } +- else +- { if (!BN_mul(a,x,y,ctx)) goto err; } +- ca = a; +- } +- else +- ca=x; /* Just do the mod */ +- +- ret = BN_div_recp(NULL,r,ca,recp,ctx); +-err: +- BN_CTX_end(ctx); +- bn_check_top(r); +- return(ret); +- } ++ BN_RECP_CTX *recp, BN_CTX *ctx) ++{ ++ int ret = 0; ++ BIGNUM *a; ++ const BIGNUM *ca; ++ ++ BN_CTX_start(ctx); ++ if ((a = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ if (y != NULL) { ++ if (x == y) { ++ if (!BN_sqr(a, x, ctx)) ++ goto err; ++ } else { ++ if (!BN_mul(a, x, y, ctx)) ++ goto err; ++ } ++ ca = a; ++ } else ++ ca = x; /* Just do the mod */ ++ ++ ret = BN_div_recp(NULL, r, ca, recp, ctx); ++ err: ++ BN_CTX_end(ctx); ++ bn_check_top(r); ++ return (ret); ++} + + int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, +- BN_RECP_CTX *recp, BN_CTX *ctx) +- { +- int i,j,ret=0; +- BIGNUM *a,*b,*d,*r; +- +- BN_CTX_start(ctx); +- a=BN_CTX_get(ctx); +- b=BN_CTX_get(ctx); +- if (dv != NULL) +- d=dv; +- else +- d=BN_CTX_get(ctx); +- if (rem != NULL) +- r=rem; +- else +- r=BN_CTX_get(ctx); +- if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; +- +- if (BN_ucmp(m,&(recp->N)) < 0) +- { +- BN_zero(d); +- if (!BN_copy(r,m)) return 0; +- BN_CTX_end(ctx); +- return(1); +- } +- +- /* We want the remainder +- * Given input of ABCDEF / ab +- * we need multiply ABCDEF by 3 digests of the reciprocal of ab +- * +- */ +- +- /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ +- i=BN_num_bits(m); +- j=recp->num_bits<<1; +- if (j>i) i=j; +- +- /* Nr := round(2^i / N) */ +- if (i != recp->shift) +- recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), +- i,ctx); /* BN_reciprocal returns i, or -1 for an error */ +- if (recp->shift == -1) goto err; +- +- /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| +- * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| +- * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| +- * = |m/N| +- */ +- if (!BN_rshift(a,m,recp->num_bits)) goto err; +- if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; +- if (!BN_rshift(d,b,i-recp->num_bits)) goto err; +- d->neg=0; +- +- if (!BN_mul(b,&(recp->N),d,ctx)) goto err; +- if (!BN_usub(r,m,b)) goto err; +- r->neg=0; ++ BN_RECP_CTX *recp, BN_CTX *ctx) ++{ ++ int i, j, ret = 0; ++ BIGNUM *a, *b, *d, *r; ++ ++ BN_CTX_start(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ if (dv != NULL) ++ d = dv; ++ else ++ d = BN_CTX_get(ctx); ++ if (rem != NULL) ++ r = rem; ++ else ++ r = BN_CTX_get(ctx); ++ if (a == NULL || b == NULL || d == NULL || r == NULL) ++ goto err; ++ ++ if (BN_ucmp(m, &(recp->N)) < 0) { ++ BN_zero(d); ++ if (!BN_copy(r, m)) ++ return 0; ++ BN_CTX_end(ctx); ++ return (1); ++ } ++ ++ /* ++ * We want the remainder Given input of ABCDEF / ab we need multiply ++ * ABCDEF by 3 digests of the reciprocal of ab ++ */ ++ ++ /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ ++ i = BN_num_bits(m); ++ j = recp->num_bits << 1; ++ if (j > i) ++ i = j; ++ ++ /* Nr := round(2^i / N) */ ++ if (i != recp->shift) ++ recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); ++ /* BN_reciprocal could have returned -1 for an error */ ++ if (recp->shift == -1) ++ goto err; ++ ++ /*- ++ * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| ++ * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| ++ * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| ++ * = |m/N| ++ */ ++ if (!BN_rshift(a, m, recp->num_bits)) ++ goto err; ++ if (!BN_mul(b, a, &(recp->Nr), ctx)) ++ goto err; ++ if (!BN_rshift(d, b, i - recp->num_bits)) ++ goto err; ++ d->neg = 0; ++ ++ if (!BN_mul(b, &(recp->N), d, ctx)) ++ goto err; ++ if (!BN_usub(r, m, b)) ++ goto err; ++ r->neg = 0; + + #if 1 +- j=0; +- while (BN_ucmp(r,&(recp->N)) >= 0) +- { +- if (j++ > 2) +- { +- BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL); +- goto err; +- } +- if (!BN_usub(r,r,&(recp->N))) goto err; +- if (!BN_add_word(d,1)) goto err; +- } ++ j = 0; ++ while (BN_ucmp(r, &(recp->N)) >= 0) { ++ if (j++ > 2) { ++ BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL); ++ goto err; ++ } ++ if (!BN_usub(r, r, &(recp->N))) ++ goto err; ++ if (!BN_add_word(d, 1)) ++ goto err; ++ } + #endif + +- r->neg=BN_is_zero(r)?0:m->neg; +- d->neg=m->neg^recp->N.neg; +- ret=1; +-err: +- BN_CTX_end(ctx); +- bn_check_top(dv); +- bn_check_top(rem); +- return(ret); +- } +- +-/* len is the expected size of the result +- * We actually calculate with an extra word of precision, so +- * we can do faster division if the remainder is not required. ++ r->neg = BN_is_zero(r) ? 0 : m->neg; ++ d->neg = m->neg ^ recp->N.neg; ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ bn_check_top(dv); ++ bn_check_top(rem); ++ return (ret); ++} ++ ++/* ++ * len is the expected size of the result We actually calculate with an extra ++ * word of precision, so we can do faster division if the remainder is not ++ * required. + */ + /* r := 2^len / m */ + int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) +- { +- int ret= -1; +- BIGNUM *t; +- +- BN_CTX_start(ctx); +- if((t = BN_CTX_get(ctx)) == NULL) goto err; +- +- if (!BN_set_bit(t,len)) goto err; +- +- if (!BN_div(r,NULL,t,m,ctx)) goto err; +- +- ret=len; +-err: +- bn_check_top(r); +- BN_CTX_end(ctx); +- return(ret); +- } ++{ ++ int ret = -1; ++ BIGNUM *t; ++ ++ BN_CTX_start(ctx); ++ if ((t = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ ++ if (!BN_set_bit(t, len)) ++ goto err; ++ ++ if (!BN_div(r, NULL, t, m, ctx)) ++ goto err; ++ ++ ret = len; ++ err: ++ bn_check_top(r); ++ BN_CTX_end(ctx); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +index c4d301a..67904c9 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,160 +61,149 @@ + #include "bn_lcl.h" + + int BN_lshift1(BIGNUM *r, const BIGNUM *a) +- { +- register BN_ULONG *ap,*rp,t,c; +- int i; ++{ ++ register BN_ULONG *ap, *rp, t, c; ++ int i; + +- bn_check_top(r); +- bn_check_top(a); ++ bn_check_top(r); ++ bn_check_top(a); + +- if (r != a) +- { +- r->neg=a->neg; +- if (bn_wexpand(r,a->top+1) == NULL) return(0); +- r->top=a->top; +- } +- else +- { +- if (bn_wexpand(r,a->top+1) == NULL) return(0); +- } +- ap=a->d; +- rp=r->d; +- c=0; +- for (i=0; itop; i++) +- { +- t= *(ap++); +- *(rp++)=((t<<1)|c)&BN_MASK2; +- c=(t & BN_TBIT)?1:0; +- } +- if (c) +- { +- *rp=1; +- r->top++; +- } +- bn_check_top(r); +- return(1); +- } ++ if (r != a) { ++ r->neg = a->neg; ++ if (bn_wexpand(r, a->top + 1) == NULL) ++ return (0); ++ r->top = a->top; ++ } else { ++ if (bn_wexpand(r, a->top + 1) == NULL) ++ return (0); ++ } ++ ap = a->d; ++ rp = r->d; ++ c = 0; ++ for (i = 0; i < a->top; i++) { ++ t = *(ap++); ++ *(rp++) = ((t << 1) | c) & BN_MASK2; ++ c = (t & BN_TBIT) ? 1 : 0; ++ } ++ if (c) { ++ *rp = 1; ++ r->top++; ++ } ++ bn_check_top(r); ++ return (1); ++} + + int BN_rshift1(BIGNUM *r, const BIGNUM *a) +- { +- BN_ULONG *ap,*rp,t,c; +- int i; ++{ ++ BN_ULONG *ap, *rp, t, c; ++ int i; + +- bn_check_top(r); +- bn_check_top(a); ++ bn_check_top(r); ++ bn_check_top(a); + +- if (BN_is_zero(a)) +- { +- BN_zero(r); +- return(1); +- } +- if (a != r) +- { +- if (bn_wexpand(r,a->top) == NULL) return(0); +- r->top=a->top; +- r->neg=a->neg; +- } +- ap=a->d; +- rp=r->d; +- c=0; +- for (i=a->top-1; i>=0; i--) +- { +- t=ap[i]; +- rp[i]=((t>>1)&BN_MASK2)|c; +- c=(t&1)?BN_TBIT:0; +- } +- bn_correct_top(r); +- bn_check_top(r); +- return(1); +- } ++ if (BN_is_zero(a)) { ++ BN_zero(r); ++ return (1); ++ } ++ if (a != r) { ++ if (bn_wexpand(r, a->top) == NULL) ++ return (0); ++ r->top = a->top; ++ r->neg = a->neg; ++ } ++ ap = a->d; ++ rp = r->d; ++ c = 0; ++ for (i = a->top - 1; i >= 0; i--) { ++ t = ap[i]; ++ rp[i] = ((t >> 1) & BN_MASK2) | c; ++ c = (t & 1) ? BN_TBIT : 0; ++ } ++ bn_correct_top(r); ++ bn_check_top(r); ++ return (1); ++} + + int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) +- { +- int i,nw,lb,rb; +- BN_ULONG *t,*f; +- BN_ULONG l; ++{ ++ int i, nw, lb, rb; ++ BN_ULONG *t, *f; ++ BN_ULONG l; + +- bn_check_top(r); +- bn_check_top(a); ++ bn_check_top(r); ++ bn_check_top(a); + +- r->neg=a->neg; +- nw=n/BN_BITS2; +- if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); +- lb=n%BN_BITS2; +- rb=BN_BITS2-lb; +- f=a->d; +- t=r->d; +- t[a->top+nw]=0; +- if (lb == 0) +- for (i=a->top-1; i>=0; i--) +- t[nw+i]=f[i]; +- else +- for (i=a->top-1; i>=0; i--) +- { +- l=f[i]; +- t[nw+i+1]|=(l>>rb)&BN_MASK2; +- t[nw+i]=(l<top=a->top+nw+1; +- bn_correct_top(r); +- bn_check_top(r); +- return(1); +- } ++ r->neg = a->neg; ++ nw = n / BN_BITS2; ++ if (bn_wexpand(r, a->top + nw + 1) == NULL) ++ return (0); ++ lb = n % BN_BITS2; ++ rb = BN_BITS2 - lb; ++ f = a->d; ++ t = r->d; ++ t[a->top + nw] = 0; ++ if (lb == 0) ++ for (i = a->top - 1; i >= 0; i--) ++ t[nw + i] = f[i]; ++ else ++ for (i = a->top - 1; i >= 0; i--) { ++ l = f[i]; ++ t[nw + i + 1] |= (l >> rb) & BN_MASK2; ++ t[nw + i] = (l << lb) & BN_MASK2; ++ } ++ memset(t, 0, nw * sizeof(t[0])); ++ /* ++ * for (i=0; itop = a->top + nw + 1; ++ bn_correct_top(r); ++ bn_check_top(r); ++ return (1); ++} + + int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) +- { +- int i,j,nw,lb,rb; +- BN_ULONG *t,*f; +- BN_ULONG l,tmp; ++{ ++ int i, j, nw, lb, rb; ++ BN_ULONG *t, *f; ++ BN_ULONG l, tmp; + +- bn_check_top(r); +- bn_check_top(a); ++ bn_check_top(r); ++ bn_check_top(a); + +- nw=n/BN_BITS2; +- rb=n%BN_BITS2; +- lb=BN_BITS2-rb; +- if (nw >= a->top || a->top == 0) +- { +- BN_zero(r); +- return(1); +- } +- if (r != a) +- { +- r->neg=a->neg; +- if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); +- } +- else +- { +- if (n == 0) +- return 1; /* or the copying loop will go berserk */ +- } ++ nw = n / BN_BITS2; ++ rb = n % BN_BITS2; ++ lb = BN_BITS2 - rb; ++ if (nw >= a->top || a->top == 0) { ++ BN_zero(r); ++ return (1); ++ } ++ if (r != a) { ++ r->neg = a->neg; ++ if (bn_wexpand(r, a->top - nw + 1) == NULL) ++ return (0); ++ } else { ++ if (n == 0) ++ return 1; /* or the copying loop will go berserk */ ++ } + +- f= &(a->d[nw]); +- t=r->d; +- j=a->top-nw; +- r->top=j; ++ f = &(a->d[nw]); ++ t = r->d; ++ j = a->top - nw; ++ r->top = j; + +- if (rb == 0) +- { +- for (i=j; i != 0; i--) +- *(t++)= *(f++); +- } +- else +- { +- l= *(f++); +- for (i=j-1; i != 0; i--) +- { +- tmp =(l>>rb)&BN_MASK2; +- l= *(f++); +- *(t++) =(tmp|(l<>rb)&BN_MASK2; +- } +- bn_correct_top(r); +- bn_check_top(r); +- return(1); +- } ++ if (rb == 0) { ++ for (i = j; i != 0; i--) ++ *(t++) = *(f++); ++ } else { ++ l = *(f++); ++ for (i = j - 1; i != 0; i--) { ++ tmp = (l >> rb) & BN_MASK2; ++ l = *(f++); ++ *(t++) = (tmp | (l << lb)) & BN_MASK2; ++ } ++ *(t++) = (l >> rb) & BN_MASK2; ++ } ++ bn_correct_top(r); ++ bn_check_top(r); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +index 65bbf16..3ca6987 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,140 +61,137 @@ + #include "bn_lcl.h" + + /* r must not be a */ +-/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ ++/* ++ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 ++ */ + int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +- { +- int max,al; +- int ret = 0; +- BIGNUM *tmp,*rr; ++{ ++ int max, al; ++ int ret = 0; ++ BIGNUM *tmp, *rr; + + #ifdef BN_COUNT +- fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top); ++ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); + #endif +- bn_check_top(a); ++ bn_check_top(a); + +- al=a->top; +- if (al <= 0) +- { +- r->top=0; +- r->neg = 0; +- return 1; +- } ++ al = a->top; ++ if (al <= 0) { ++ r->top = 0; ++ r->neg = 0; ++ return 1; ++ } + +- BN_CTX_start(ctx); +- rr=(a != r) ? r : BN_CTX_get(ctx); +- tmp=BN_CTX_get(ctx); +- if (!rr || !tmp) goto err; ++ BN_CTX_start(ctx); ++ rr = (a != r) ? r : BN_CTX_get(ctx); ++ tmp = BN_CTX_get(ctx); ++ if (!rr || !tmp) ++ goto err; + +- max = 2 * al; /* Non-zero (from above) */ +- if (bn_wexpand(rr,max) == NULL) goto err; ++ max = 2 * al; /* Non-zero (from above) */ ++ if (bn_wexpand(rr, max) == NULL) ++ goto err; + +- if (al == 4) +- { ++ if (al == 4) { + #ifndef BN_SQR_COMBA +- BN_ULONG t[8]; +- bn_sqr_normal(rr->d,a->d,4,t); ++ BN_ULONG t[8]; ++ bn_sqr_normal(rr->d, a->d, 4, t); + #else +- bn_sqr_comba4(rr->d,a->d); ++ bn_sqr_comba4(rr->d, a->d); + #endif +- } +- else if (al == 8) +- { ++ } else if (al == 8) { + #ifndef BN_SQR_COMBA +- BN_ULONG t[16]; +- bn_sqr_normal(rr->d,a->d,8,t); ++ BN_ULONG t[16]; ++ bn_sqr_normal(rr->d, a->d, 8, t); + #else +- bn_sqr_comba8(rr->d,a->d); ++ bn_sqr_comba8(rr->d, a->d); + #endif +- } +- else +- { ++ } else { + #if defined(BN_RECURSION) +- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) +- { +- BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2]; +- bn_sqr_normal(rr->d,a->d,al,t); +- } +- else +- { +- int j,k; ++ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) { ++ BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2]; ++ bn_sqr_normal(rr->d, a->d, al, t); ++ } else { ++ int j, k; + +- j=BN_num_bits_word((BN_ULONG)al); +- j=1<<(j-1); +- k=j+j; +- if (al == j) +- { +- if (bn_wexpand(tmp,k*2) == NULL) goto err; +- bn_sqr_recursive(rr->d,a->d,al,tmp->d); +- } +- else +- { +- if (bn_wexpand(tmp,max) == NULL) goto err; +- bn_sqr_normal(rr->d,a->d,al,tmp->d); +- } +- } ++ j = BN_num_bits_word((BN_ULONG)al); ++ j = 1 << (j - 1); ++ k = j + j; ++ if (al == j) { ++ if (bn_wexpand(tmp, k * 2) == NULL) ++ goto err; ++ bn_sqr_recursive(rr->d, a->d, al, tmp->d); ++ } else { ++ if (bn_wexpand(tmp, max) == NULL) ++ goto err; ++ bn_sqr_normal(rr->d, a->d, al, tmp->d); ++ } ++ } + #else +- if (bn_wexpand(tmp,max) == NULL) goto err; +- bn_sqr_normal(rr->d,a->d,al,tmp->d); ++ if (bn_wexpand(tmp, max) == NULL) ++ goto err; ++ bn_sqr_normal(rr->d, a->d, al, tmp->d); + #endif +- } ++ } + +- rr->neg=0; +- /* If the most-significant half of the top word of 'a' is zero, then +- * the square of 'a' will max-1 words. */ +- if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) +- rr->top = max - 1; +- else +- rr->top = max; +- if (rr != r) BN_copy(r,rr); +- ret = 1; ++ rr->neg = 0; ++ /* ++ * If the most-significant half of the top word of 'a' is zero, then the ++ * square of 'a' will max-1 words. ++ */ ++ if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) ++ rr->top = max - 1; ++ else ++ rr->top = max; ++ if (rr != r) ++ BN_copy(r, rr); ++ ret = 1; + err: +- bn_check_top(rr); +- bn_check_top(tmp); +- BN_CTX_end(ctx); +- return(ret); +- } ++ bn_check_top(rr); ++ bn_check_top(tmp); ++ BN_CTX_end(ctx); ++ return (ret); ++} + + /* tmp must have 2*n words */ + void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) +- { +- int i,j,max; +- const BN_ULONG *ap; +- BN_ULONG *rp; ++{ ++ int i, j, max; ++ const BN_ULONG *ap; ++ BN_ULONG *rp; + +- max=n*2; +- ap=a; +- rp=r; +- rp[0]=rp[max-1]=0; +- rp++; +- j=n; ++ max = n * 2; ++ ap = a; ++ rp = r; ++ rp[0] = rp[max - 1] = 0; ++ rp++; ++ j = n; + +- if (--j > 0) +- { +- ap++; +- rp[j]=bn_mul_words(rp,ap,j,ap[-1]); +- rp+=2; +- } ++ if (--j > 0) { ++ ap++; ++ rp[j] = bn_mul_words(rp, ap, j, ap[-1]); ++ rp += 2; ++ } + +- for (i=n-2; i>0; i--) +- { +- j--; +- ap++; +- rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]); +- rp+=2; +- } ++ for (i = n - 2; i > 0; i--) { ++ j--; ++ ap++; ++ rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]); ++ rp += 2; ++ } + +- bn_add_words(r,r,r,max); ++ bn_add_words(r, r, r, max); + +- /* There will not be a carry */ ++ /* There will not be a carry */ + +- bn_sqr_words(tmp,a,n); ++ bn_sqr_words(tmp, a, n); + +- bn_add_words(r,r,tmp,max); +- } ++ bn_add_words(r, r, tmp, max); ++} + + #ifdef BN_RECURSION +-/* r is 2*n words in size, ++/*- ++ * r is 2*n words in size, + * a and b are both n words in size. (There's not actually a 'b' here ...) + * n must be a power of 2. + * We multiply and return the result. +@@ -205,91 +202,89 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) + * a[1]*b[1] + */ + void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) +- { +- int n=n2/2; +- int zero,c1; +- BN_ULONG ln,lo,*p; ++{ ++ int n = n2 / 2; ++ int zero, c1; ++ BN_ULONG ln, lo, *p; + +-#ifdef BN_COUNT +- fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2); +-#endif +- if (n2 == 4) +- { +-#ifndef BN_SQR_COMBA +- bn_sqr_normal(r,a,4,t); +-#else +- bn_sqr_comba4(r,a); +-#endif +- return; +- } +- else if (n2 == 8) +- { +-#ifndef BN_SQR_COMBA +- bn_sqr_normal(r,a,8,t); +-#else +- bn_sqr_comba8(r,a); +-#endif +- return; +- } +- if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) +- { +- bn_sqr_normal(r,a,n2,t); +- return; +- } +- /* r=(a[0]-a[1])*(a[1]-a[0]) */ +- c1=bn_cmp_words(a,&(a[n]),n); +- zero=0; +- if (c1 > 0) +- bn_sub_words(t,a,&(a[n]),n); +- else if (c1 < 0) +- bn_sub_words(t,&(a[n]),a,n); +- else +- zero=1; ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); ++# endif ++ if (n2 == 4) { ++# ifndef BN_SQR_COMBA ++ bn_sqr_normal(r, a, 4, t); ++# else ++ bn_sqr_comba4(r, a); ++# endif ++ return; ++ } else if (n2 == 8) { ++# ifndef BN_SQR_COMBA ++ bn_sqr_normal(r, a, 8, t); ++# else ++ bn_sqr_comba8(r, a); ++# endif ++ return; ++ } ++ if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) { ++ bn_sqr_normal(r, a, n2, t); ++ return; ++ } ++ /* r=(a[0]-a[1])*(a[1]-a[0]) */ ++ c1 = bn_cmp_words(a, &(a[n]), n); ++ zero = 0; ++ if (c1 > 0) ++ bn_sub_words(t, a, &(a[n]), n); ++ else if (c1 < 0) ++ bn_sub_words(t, &(a[n]), a, n); ++ else ++ zero = 1; + +- /* The result will always be negative unless it is zero */ +- p= &(t[n2*2]); ++ /* The result will always be negative unless it is zero */ ++ p = &(t[n2 * 2]); + +- if (!zero) +- bn_sqr_recursive(&(t[n2]),t,n,p); +- else +- memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); +- bn_sqr_recursive(r,a,n,p); +- bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); ++ if (!zero) ++ bn_sqr_recursive(&(t[n2]), t, n, p); ++ else ++ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); ++ bn_sqr_recursive(r, a, n, p); ++ bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); + +- /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero +- * r[10] holds (a[0]*b[0]) +- * r[32] holds (b[1]*b[1]) +- */ ++ /*- ++ * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero ++ * r[10] holds (a[0]*b[0]) ++ * r[32] holds (b[1]*b[1]) ++ */ + +- c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); ++ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); + +- /* t[32] is negative */ +- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); ++ /* t[32] is negative */ ++ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); + +- /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) +- * r[10] holds (a[0]*a[0]) +- * r[32] holds (a[1]*a[1]) +- * c1 holds the carry bits +- */ +- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); +- if (c1) +- { +- p= &(r[n+n2]); +- lo= *p; +- ln=(lo+c1)&BN_MASK2; +- *p=ln; ++ /*- ++ * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) ++ * r[10] holds (a[0]*a[0]) ++ * r[32] holds (a[1]*a[1]) ++ * c1 holds the carry bits ++ */ ++ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); ++ if (c1) { ++ p = &(r[n + n2]); ++ lo = *p; ++ ln = (lo + c1) & BN_MASK2; ++ *p = ln; + +- /* The overflow will stop before we over write +- * words we should not overwrite */ +- if (ln < (BN_ULONG)c1) +- { +- do { +- p++; +- lo= *p; +- ln=(lo+1)&BN_MASK2; +- *p=ln; +- } while (ln == 0); +- } +- } +- } ++ /* ++ * The overflow will stop before we over write words we should not ++ * overwrite ++ */ ++ if (ln < (BN_ULONG)c1) { ++ do { ++ p++; ++ lo = *p; ++ ln = (lo + 1) & BN_MASK2; ++ *p = ln; ++ } while (ln == 0); ++ } ++ } ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +index 6beaf9e..232af99 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +@@ -1,6 +1,8 @@ + /* crypto/bn/bn_sqrt.c */ +-/* Written by Lenka Fibikova +- * and Bodo Moeller for the OpenSSL project. */ ++/* ++ * Written by Lenka Fibikova and Bodo ++ * Moeller for the OpenSSL project. ++ */ + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * +@@ -9,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,336 +60,350 @@ + #include "cryptlib.h" + #include "bn_lcl.h" + +- +-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +-/* Returns 'ret' such that +- * ret^2 == a (mod p), +- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course +- * in Algebraic Computational Number Theory", algorithm 1.5.1). +- * 'p' must be prime! ++BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ++/* ++ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks ++ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number ++ * Theory", algorithm 1.5.1). 'p' must be prime! + */ +- { +- BIGNUM *ret = in; +- int err = 1; +- int r; +- BIGNUM *A, *b, *q, *t, *x, *y; +- int e, i, j; +- +- if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) +- { +- if (BN_abs_is_word(p, 2)) +- { +- if (ret == NULL) +- ret = BN_new(); +- if (ret == NULL) +- goto end; +- if (!BN_set_word(ret, BN_is_bit_set(a, 0))) +- { +- if (ret != in) +- BN_free(ret); +- return NULL; +- } +- bn_check_top(ret); +- return ret; +- } +- +- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); +- return(NULL); +- } +- +- if (BN_is_zero(a) || BN_is_one(a)) +- { +- if (ret == NULL) +- ret = BN_new(); +- if (ret == NULL) +- goto end; +- if (!BN_set_word(ret, BN_is_one(a))) +- { +- if (ret != in) +- BN_free(ret); +- return NULL; +- } +- bn_check_top(ret); +- return ret; +- } +- +- BN_CTX_start(ctx); +- A = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- q = BN_CTX_get(ctx); +- t = BN_CTX_get(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) goto end; +- +- if (ret == NULL) +- ret = BN_new(); +- if (ret == NULL) goto end; +- +- /* A = a mod p */ +- if (!BN_nnmod(A, a, p, ctx)) goto end; +- +- /* now write |p| - 1 as 2^e*q where q is odd */ +- e = 1; +- while (!BN_is_bit_set(p, e)) +- e++; +- /* we'll set q later (if needed) */ +- +- if (e == 1) +- { +- /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse +- * modulo (|p|-1)/2, and square roots can be computed +- * directly by modular exponentiation. +- * We have +- * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), +- * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. +- */ +- if (!BN_rshift(q, p, 2)) goto end; +- q->neg = 0; +- if (!BN_add_word(q, 1)) goto end; +- if (!BN_mod_exp(ret, A, q, p, ctx)) goto end; +- err = 0; +- goto vrfy; +- } +- +- if (e == 2) +- { +- /* |p| == 5 (mod 8) +- * +- * In this case 2 is always a non-square since +- * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. +- * So if a really is a square, then 2*a is a non-square. +- * Thus for +- * b := (2*a)^((|p|-5)/8), +- * i := (2*a)*b^2 +- * we have +- * i^2 = (2*a)^((1 + (|p|-5)/4)*2) +- * = (2*a)^((p-1)/2) +- * = -1; +- * so if we set +- * x := a*b*(i-1), +- * then +- * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) +- * = a^2 * b^2 * (-2*i) +- * = a*(-i)*(2*a*b^2) +- * = a*(-i)*i +- * = a. +- * +- * (This is due to A.O.L. Atkin, +- * , +- * November 1992.) +- */ +- +- /* t := 2*a */ +- if (!BN_mod_lshift1_quick(t, A, p)) goto end; +- +- /* b := (2*a)^((|p|-5)/8) */ +- if (!BN_rshift(q, p, 3)) goto end; +- q->neg = 0; +- if (!BN_mod_exp(b, t, q, p, ctx)) goto end; +- +- /* y := b^2 */ +- if (!BN_mod_sqr(y, b, p, ctx)) goto end; +- +- /* t := (2*a)*b^2 - 1*/ +- if (!BN_mod_mul(t, t, y, p, ctx)) goto end; +- if (!BN_sub_word(t, 1)) goto end; +- +- /* x = a*b*t */ +- if (!BN_mod_mul(x, A, b, p, ctx)) goto end; +- if (!BN_mod_mul(x, x, t, p, ctx)) goto end; +- +- if (!BN_copy(ret, x)) goto end; +- err = 0; +- goto vrfy; +- } +- +- /* e > 2, so we really have to use the Tonelli/Shanks algorithm. +- * First, find some y that is not a square. */ +- if (!BN_copy(q, p)) goto end; /* use 'q' as temp */ +- q->neg = 0; +- i = 2; +- do +- { +- /* For efficiency, try small numbers first; +- * if this fails, try random numbers. +- */ +- if (i < 22) +- { +- if (!BN_set_word(y, i)) goto end; +- } +- else +- { +- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end; +- if (BN_ucmp(y, p) >= 0) +- { +- if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end; +- } +- /* now 0 <= y < |p| */ +- if (BN_is_zero(y)) +- if (!BN_set_word(y, i)) goto end; +- } +- +- r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ +- if (r < -1) goto end; +- if (r == 0) +- { +- /* m divides p */ +- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); +- goto end; +- } +- } +- while (r == 1 && ++i < 82); +- +- if (r != -1) +- { +- /* Many rounds and still no non-square -- this is more likely +- * a bug than just bad luck. +- * Even if p is not prime, we should have found some y +- * such that r == -1. +- */ +- BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); +- goto end; +- } +- +- /* Here's our actual 'q': */ +- if (!BN_rshift(q, q, e)) goto end; +- +- /* Now that we have some non-square, we can find an element +- * of order 2^e by computing its q'th power. */ +- if (!BN_mod_exp(y, y, q, p, ctx)) goto end; +- if (BN_is_one(y)) +- { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); +- goto end; +- } +- +- /* Now we know that (if p is indeed prime) there is an integer +- * k, 0 <= k < 2^e, such that +- * +- * a^q * y^k == 1 (mod p). +- * +- * As a^q is a square and y is not, k must be even. +- * q+1 is even, too, so there is an element +- * +- * X := a^((q+1)/2) * y^(k/2), +- * +- * and it satisfies +- * +- * X^2 = a^q * a * y^k +- * = a, +- * +- * so it is the square root that we are looking for. +- */ +- +- /* t := (q-1)/2 (note that q is odd) */ +- if (!BN_rshift1(t, q)) goto end; +- +- /* x := a^((q-1)/2) */ +- if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ +- { +- if (!BN_nnmod(t, A, p, ctx)) goto end; +- if (BN_is_zero(t)) +- { +- /* special case: a == 0 (mod p) */ +- BN_zero(ret); +- err = 0; +- goto end; +- } +- else +- if (!BN_one(x)) goto end; +- } +- else +- { +- if (!BN_mod_exp(x, A, t, p, ctx)) goto end; +- if (BN_is_zero(x)) +- { +- /* special case: a == 0 (mod p) */ +- BN_zero(ret); +- err = 0; +- goto end; +- } +- } +- +- /* b := a*x^2 (= a^q) */ +- if (!BN_mod_sqr(b, x, p, ctx)) goto end; +- if (!BN_mod_mul(b, b, A, p, ctx)) goto end; +- +- /* x := a*x (= a^((q+1)/2)) */ +- if (!BN_mod_mul(x, x, A, p, ctx)) goto end; +- +- while (1) +- { +- /* Now b is a^q * y^k for some even k (0 <= k < 2^E +- * where E refers to the original value of e, which we +- * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). +- * +- * We have a*b = x^2, +- * y^2^(e-1) = -1, +- * b^2^(e-1) = 1. +- */ +- +- if (BN_is_one(b)) +- { +- if (!BN_copy(ret, x)) goto end; +- err = 0; +- goto vrfy; +- } +- +- +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) goto end; +- while (!BN_is_one(t)) +- { +- i++; +- if (i == e) +- { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- goto end; +- } +- if (!BN_mod_mul(t, t, t, p, ctx)) goto end; +- } +- +- +- /* t := y^2^(e - i - 1) */ +- if (!BN_copy(t, y)) goto end; +- for (j = e - i - 1; j > 0; j--) +- { +- if (!BN_mod_sqr(t, t, p, ctx)) goto end; +- } +- if (!BN_mod_mul(y, t, t, p, ctx)) goto end; +- if (!BN_mod_mul(x, x, t, p, ctx)) goto end; +- if (!BN_mod_mul(b, b, y, p, ctx)) goto end; +- e = i; +- } ++{ ++ BIGNUM *ret = in; ++ int err = 1; ++ int r; ++ BIGNUM *A, *b, *q, *t, *x, *y; ++ int e, i, j; ++ ++ if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) { ++ if (BN_abs_is_word(p, 2)) { ++ if (ret == NULL) ++ ret = BN_new(); ++ if (ret == NULL) ++ goto end; ++ if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { ++ if (ret != in) ++ BN_free(ret); ++ return NULL; ++ } ++ bn_check_top(ret); ++ return ret; ++ } ++ ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); ++ return (NULL); ++ } ++ ++ if (BN_is_zero(a) || BN_is_one(a)) { ++ if (ret == NULL) ++ ret = BN_new(); ++ if (ret == NULL) ++ goto end; ++ if (!BN_set_word(ret, BN_is_one(a))) { ++ if (ret != in) ++ BN_free(ret); ++ return NULL; ++ } ++ bn_check_top(ret); ++ return ret; ++ } ++ ++ BN_CTX_start(ctx); ++ A = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ q = BN_CTX_get(ctx); ++ t = BN_CTX_get(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (y == NULL) ++ goto end; ++ ++ if (ret == NULL) ++ ret = BN_new(); ++ if (ret == NULL) ++ goto end; ++ ++ /* A = a mod p */ ++ if (!BN_nnmod(A, a, p, ctx)) ++ goto end; ++ ++ /* now write |p| - 1 as 2^e*q where q is odd */ ++ e = 1; ++ while (!BN_is_bit_set(p, e)) ++ e++; ++ /* we'll set q later (if needed) */ ++ ++ if (e == 1) { ++ /*- ++ * The easy case: (|p|-1)/2 is odd, so 2 has an inverse ++ * modulo (|p|-1)/2, and square roots can be computed ++ * directly by modular exponentiation. ++ * We have ++ * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), ++ * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. ++ */ ++ if (!BN_rshift(q, p, 2)) ++ goto end; ++ q->neg = 0; ++ if (!BN_add_word(q, 1)) ++ goto end; ++ if (!BN_mod_exp(ret, A, q, p, ctx)) ++ goto end; ++ err = 0; ++ goto vrfy; ++ } ++ ++ if (e == 2) { ++ /*- ++ * |p| == 5 (mod 8) ++ * ++ * In this case 2 is always a non-square since ++ * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. ++ * So if a really is a square, then 2*a is a non-square. ++ * Thus for ++ * b := (2*a)^((|p|-5)/8), ++ * i := (2*a)*b^2 ++ * we have ++ * i^2 = (2*a)^((1 + (|p|-5)/4)*2) ++ * = (2*a)^((p-1)/2) ++ * = -1; ++ * so if we set ++ * x := a*b*(i-1), ++ * then ++ * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) ++ * = a^2 * b^2 * (-2*i) ++ * = a*(-i)*(2*a*b^2) ++ * = a*(-i)*i ++ * = a. ++ * ++ * (This is due to A.O.L. Atkin, ++ * , ++ * November 1992.) ++ */ ++ ++ /* t := 2*a */ ++ if (!BN_mod_lshift1_quick(t, A, p)) ++ goto end; ++ ++ /* b := (2*a)^((|p|-5)/8) */ ++ if (!BN_rshift(q, p, 3)) ++ goto end; ++ q->neg = 0; ++ if (!BN_mod_exp(b, t, q, p, ctx)) ++ goto end; ++ ++ /* y := b^2 */ ++ if (!BN_mod_sqr(y, b, p, ctx)) ++ goto end; ++ ++ /* t := (2*a)*b^2 - 1 */ ++ if (!BN_mod_mul(t, t, y, p, ctx)) ++ goto end; ++ if (!BN_sub_word(t, 1)) ++ goto end; ++ ++ /* x = a*b*t */ ++ if (!BN_mod_mul(x, A, b, p, ctx)) ++ goto end; ++ if (!BN_mod_mul(x, x, t, p, ctx)) ++ goto end; ++ ++ if (!BN_copy(ret, x)) ++ goto end; ++ err = 0; ++ goto vrfy; ++ } ++ ++ /* ++ * e > 2, so we really have to use the Tonelli/Shanks algorithm. First, ++ * find some y that is not a square. ++ */ ++ if (!BN_copy(q, p)) ++ goto end; /* use 'q' as temp */ ++ q->neg = 0; ++ i = 2; ++ do { ++ /* ++ * For efficiency, try small numbers first; if this fails, try random ++ * numbers. ++ */ ++ if (i < 22) { ++ if (!BN_set_word(y, i)) ++ goto end; ++ } else { ++ if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) ++ goto end; ++ if (BN_ucmp(y, p) >= 0) { ++ if (!(p->neg ? BN_add : BN_sub) (y, y, p)) ++ goto end; ++ } ++ /* now 0 <= y < |p| */ ++ if (BN_is_zero(y)) ++ if (!BN_set_word(y, i)) ++ goto end; ++ } ++ ++ r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ ++ if (r < -1) ++ goto end; ++ if (r == 0) { ++ /* m divides p */ ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); ++ goto end; ++ } ++ } ++ while (r == 1 && ++i < 82); ++ ++ if (r != -1) { ++ /* ++ * Many rounds and still no non-square -- this is more likely a bug ++ * than just bad luck. Even if p is not prime, we should have found ++ * some y such that r == -1. ++ */ ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); ++ goto end; ++ } ++ ++ /* Here's our actual 'q': */ ++ if (!BN_rshift(q, q, e)) ++ goto end; ++ ++ /* ++ * Now that we have some non-square, we can find an element of order 2^e ++ * by computing its q'th power. ++ */ ++ if (!BN_mod_exp(y, y, q, p, ctx)) ++ goto end; ++ if (BN_is_one(y)) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); ++ goto end; ++ } ++ ++ /*- ++ * Now we know that (if p is indeed prime) there is an integer ++ * k, 0 <= k < 2^e, such that ++ * ++ * a^q * y^k == 1 (mod p). ++ * ++ * As a^q is a square and y is not, k must be even. ++ * q+1 is even, too, so there is an element ++ * ++ * X := a^((q+1)/2) * y^(k/2), ++ * ++ * and it satisfies ++ * ++ * X^2 = a^q * a * y^k ++ * = a, ++ * ++ * so it is the square root that we are looking for. ++ */ ++ ++ /* t := (q-1)/2 (note that q is odd) */ ++ if (!BN_rshift1(t, q)) ++ goto end; ++ ++ /* x := a^((q-1)/2) */ ++ if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ ++ if (!BN_nnmod(t, A, p, ctx)) ++ goto end; ++ if (BN_is_zero(t)) { ++ /* special case: a == 0 (mod p) */ ++ BN_zero(ret); ++ err = 0; ++ goto end; ++ } else if (!BN_one(x)) ++ goto end; ++ } else { ++ if (!BN_mod_exp(x, A, t, p, ctx)) ++ goto end; ++ if (BN_is_zero(x)) { ++ /* special case: a == 0 (mod p) */ ++ BN_zero(ret); ++ err = 0; ++ goto end; ++ } ++ } ++ ++ /* b := a*x^2 (= a^q) */ ++ if (!BN_mod_sqr(b, x, p, ctx)) ++ goto end; ++ if (!BN_mod_mul(b, b, A, p, ctx)) ++ goto end; ++ ++ /* x := a*x (= a^((q+1)/2)) */ ++ if (!BN_mod_mul(x, x, A, p, ctx)) ++ goto end; ++ ++ while (1) { ++ /*- ++ * Now b is a^q * y^k for some even k (0 <= k < 2^E ++ * where E refers to the original value of e, which we ++ * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). ++ * ++ * We have a*b = x^2, ++ * y^2^(e-1) = -1, ++ * b^2^(e-1) = 1. ++ */ ++ ++ if (BN_is_one(b)) { ++ if (!BN_copy(ret, x)) ++ goto end; ++ err = 0; ++ goto vrfy; ++ } ++ ++ /* find smallest i such that b^(2^i) = 1 */ ++ i = 1; ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ while (!BN_is_one(t)) { ++ i++; ++ if (i == e) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ goto end; ++ } ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; ++ } ++ ++ /* t := y^2^(e - i - 1) */ ++ if (!BN_copy(t, y)) ++ goto end; ++ for (j = e - i - 1; j > 0; j--) { ++ if (!BN_mod_sqr(t, t, p, ctx)) ++ goto end; ++ } ++ if (!BN_mod_mul(y, t, t, p, ctx)) ++ goto end; ++ if (!BN_mod_mul(x, x, t, p, ctx)) ++ goto end; ++ if (!BN_mod_mul(b, b, y, p, ctx)) ++ goto end; ++ e = i; ++ } + + vrfy: +- if (!err) +- { +- /* verify the result -- the input might have been not a square +- * (test added in 0.9.8) */ +- +- if (!BN_mod_sqr(x, ret, p, ctx)) +- err = 1; +- +- if (!err && 0 != BN_cmp(x, A)) +- { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- err = 1; +- } +- } ++ if (!err) { ++ /* ++ * verify the result -- the input might have been not a square (test ++ * added in 0.9.8) ++ */ ++ ++ if (!BN_mod_sqr(x, ret, p, ctx)) ++ err = 1; ++ ++ if (!err && 0 != BN_cmp(x, A)) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ err = 1; ++ } ++ } + + end: +- if (err) +- { +- if (ret != NULL && ret != in) +- { +- BN_clear_free(ret); +- } +- ret = NULL; +- } +- BN_CTX_end(ctx); +- bn_check_top(ret); +- return ret; +- } ++ if (err) { ++ if (ret != NULL && ret != in) { ++ BN_clear_free(ret); ++ } ++ ret = NULL; ++ } ++ BN_CTX_end(ctx); ++ bn_check_top(ret); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +index de83a15..b031a60 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,178 +61,167 @@ + #include "bn_lcl.h" + + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) +- { ++{ + #ifndef BN_LLONG +- BN_ULONG ret=0; ++ BN_ULONG ret = 0; + #else +- BN_ULLONG ret=0; ++ BN_ULLONG ret = 0; + #endif +- int i; ++ int i; + +- if (w == 0) +- return (BN_ULONG)-1; ++ if (w == 0) ++ return (BN_ULONG)-1; + +- bn_check_top(a); +- w&=BN_MASK2; +- for (i=a->top-1; i>=0; i--) +- { ++ bn_check_top(a); ++ w &= BN_MASK2; ++ for (i = a->top - 1; i >= 0; i--) { + #ifndef BN_LLONG +- ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%w; +- ret=((ret<d[i]&BN_MASK2l))%w; ++ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w; ++ ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; + #else +- ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% +- (BN_ULLONG)w); ++ ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) % ++ (BN_ULLONG) w); + #endif +- } +- return((BN_ULONG)ret); +- } ++ } ++ return ((BN_ULONG)ret); ++} + + BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) +- { +- BN_ULONG ret = 0; +- int i, j; +- +- bn_check_top(a); +- w &= BN_MASK2; +- +- if (!w) +- /* actually this an error (division by zero) */ +- return (BN_ULONG)-1; +- if (a->top == 0) +- return 0; +- +- /* normalize input (so bn_div_words doesn't complain) */ +- j = BN_BITS2 - BN_num_bits_word(w); +- w <<= j; +- if (!BN_lshift(a, a, j)) +- return (BN_ULONG)-1; +- +- for (i=a->top-1; i>=0; i--) +- { +- BN_ULONG l,d; +- +- l=a->d[i]; +- d=bn_div_words(ret,l,w); +- ret=(l-((d*w)&BN_MASK2))&BN_MASK2; +- a->d[i]=d; +- } +- if ((a->top > 0) && (a->d[a->top-1] == 0)) +- a->top--; +- ret >>= j; +- bn_check_top(a); +- return(ret); +- } ++{ ++ BN_ULONG ret = 0; ++ int i, j; ++ ++ bn_check_top(a); ++ w &= BN_MASK2; ++ ++ if (!w) ++ /* actually this an error (division by zero) */ ++ return (BN_ULONG)-1; ++ if (a->top == 0) ++ return 0; ++ ++ /* normalize input (so bn_div_words doesn't complain) */ ++ j = BN_BITS2 - BN_num_bits_word(w); ++ w <<= j; ++ if (!BN_lshift(a, a, j)) ++ return (BN_ULONG)-1; ++ ++ for (i = a->top - 1; i >= 0; i--) { ++ BN_ULONG l, d; ++ ++ l = a->d[i]; ++ d = bn_div_words(ret, l, w); ++ ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2; ++ a->d[i] = d; ++ } ++ if ((a->top > 0) && (a->d[a->top - 1] == 0)) ++ a->top--; ++ ret >>= j; ++ bn_check_top(a); ++ return (ret); ++} + + int BN_add_word(BIGNUM *a, BN_ULONG w) +- { +- BN_ULONG l; +- int i; +- +- bn_check_top(a); +- w &= BN_MASK2; +- +- /* degenerate case: w is zero */ +- if (!w) return 1; +- /* degenerate case: a is zero */ +- if(BN_is_zero(a)) return BN_set_word(a, w); +- /* handle 'a' when negative */ +- if (a->neg) +- { +- a->neg=0; +- i=BN_sub_word(a,w); +- if (!BN_is_zero(a)) +- a->neg=!(a->neg); +- return(i); +- } +- for (i=0;w!=0 && itop;i++) +- { +- a->d[i] = l = (a->d[i]+w)&BN_MASK2; +- w = (w>l)?1:0; +- } +- if (w && i==a->top) +- { +- if (bn_wexpand(a,a->top+1) == NULL) return 0; +- a->top++; +- a->d[i]=w; +- } +- bn_check_top(a); +- return(1); +- } ++{ ++ BN_ULONG l; ++ int i; ++ ++ bn_check_top(a); ++ w &= BN_MASK2; ++ ++ /* degenerate case: w is zero */ ++ if (!w) ++ return 1; ++ /* degenerate case: a is zero */ ++ if (BN_is_zero(a)) ++ return BN_set_word(a, w); ++ /* handle 'a' when negative */ ++ if (a->neg) { ++ a->neg = 0; ++ i = BN_sub_word(a, w); ++ if (!BN_is_zero(a)) ++ a->neg = !(a->neg); ++ return (i); ++ } ++ for (i = 0; w != 0 && i < a->top; i++) { ++ a->d[i] = l = (a->d[i] + w) & BN_MASK2; ++ w = (w > l) ? 1 : 0; ++ } ++ if (w && i == a->top) { ++ if (bn_wexpand(a, a->top + 1) == NULL) ++ return 0; ++ a->top++; ++ a->d[i] = w; ++ } ++ bn_check_top(a); ++ return (1); ++} + + int BN_sub_word(BIGNUM *a, BN_ULONG w) +- { +- int i; +- +- bn_check_top(a); +- w &= BN_MASK2; +- +- /* degenerate case: w is zero */ +- if (!w) return 1; +- /* degenerate case: a is zero */ +- if(BN_is_zero(a)) +- { +- i = BN_set_word(a,w); +- if (i != 0) +- BN_set_negative(a, 1); +- return i; +- } +- /* handle 'a' when negative */ +- if (a->neg) +- { +- a->neg=0; +- i=BN_add_word(a,w); +- a->neg=1; +- return(i); +- } +- +- if ((a->top == 1) && (a->d[0] < w)) +- { +- a->d[0]=w-a->d[0]; +- a->neg=1; +- return(1); +- } +- i=0; +- for (;;) +- { +- if (a->d[i] >= w) +- { +- a->d[i]-=w; +- break; +- } +- else +- { +- a->d[i]=(a->d[i]-w)&BN_MASK2; +- i++; +- w=1; +- } +- } +- if ((a->d[i] == 0) && (i == (a->top-1))) +- a->top--; +- bn_check_top(a); +- return(1); +- } ++{ ++ int i; ++ ++ bn_check_top(a); ++ w &= BN_MASK2; ++ ++ /* degenerate case: w is zero */ ++ if (!w) ++ return 1; ++ /* degenerate case: a is zero */ ++ if (BN_is_zero(a)) { ++ i = BN_set_word(a, w); ++ if (i != 0) ++ BN_set_negative(a, 1); ++ return i; ++ } ++ /* handle 'a' when negative */ ++ if (a->neg) { ++ a->neg = 0; ++ i = BN_add_word(a, w); ++ a->neg = 1; ++ return (i); ++ } ++ ++ if ((a->top == 1) && (a->d[0] < w)) { ++ a->d[0] = w - a->d[0]; ++ a->neg = 1; ++ return (1); ++ } ++ i = 0; ++ for (;;) { ++ if (a->d[i] >= w) { ++ a->d[i] -= w; ++ break; ++ } else { ++ a->d[i] = (a->d[i] - w) & BN_MASK2; ++ i++; ++ w = 1; ++ } ++ } ++ if ((a->d[i] == 0) && (i == (a->top - 1))) ++ a->top--; ++ bn_check_top(a); ++ return (1); ++} + + int BN_mul_word(BIGNUM *a, BN_ULONG w) +- { +- BN_ULONG ll; +- +- bn_check_top(a); +- w&=BN_MASK2; +- if (a->top) +- { +- if (w == 0) +- BN_zero(a); +- else +- { +- ll=bn_mul_words(a->d,a->d,a->top,w); +- if (ll) +- { +- if (bn_wexpand(a,a->top+1) == NULL) return(0); +- a->d[a->top++]=ll; +- } +- } +- } +- bn_check_top(a); +- return(1); +- } +- ++{ ++ BN_ULONG ll; ++ ++ bn_check_top(a); ++ w &= BN_MASK2; ++ if (a->top) { ++ if (w == 0) ++ BN_zero(a); ++ else { ++ ll = bn_mul_words(a->d, a->d, a->top, w); ++ if (ll) { ++ if (bn_wexpand(a, a->top + 1) == NULL) ++ return (0); ++ a->d[a->top++] = ll; ++ } ++ } ++ } ++ bn_check_top(a); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +index 04c5c87..6d76b12 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +@@ -1,6 +1,7 @@ + /* bn_x931p.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2005. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. + */ + /* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,212 +62,213 @@ + + /* X9.31 routines for prime derivation */ + +-/* X9.31 prime derivation. This is used to generate the primes pi +- * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd +- * integers. ++/* ++ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2, ++ * q1, q2) from a parameter Xpi by checking successive odd integers. + */ + + static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, +- BN_GENCB *cb) +- { +- int i = 0; +- if (!BN_copy(pi, Xpi)) +- return 0; +- if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) +- return 0; +- for(;;) +- { +- i++; +- BN_GENCB_call(cb, 0, i); +- /* NB 27 MR is specificed in X9.31 */ +- if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) +- break; +- if (!BN_add_word(pi, 2)) +- return 0; +- } +- BN_GENCB_call(cb, 2, i); +- return 1; +- } +- +-/* This is the main X9.31 prime derivation function. From parameters +- * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are +- * not NULL they will be returned too: this is needed for testing. ++ BN_GENCB *cb) ++{ ++ int i = 0; ++ if (!BN_copy(pi, Xpi)) ++ return 0; ++ if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) ++ return 0; ++ for (;;) { ++ i++; ++ BN_GENCB_call(cb, 0, i); ++ /* NB 27 MR is specificed in X9.31 */ ++ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) ++ break; ++ if (!BN_add_word(pi, 2)) ++ return 0; ++ } ++ BN_GENCB_call(cb, 2, i); ++ return 1; ++} ++ ++/* ++ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2 ++ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they ++ * will be returned too: this is needed for testing. + */ + + int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) +- { +- int ret = 0; ++ const BIGNUM *Xp, const BIGNUM *Xp1, ++ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, ++ BN_GENCB *cb) ++{ ++ int ret = 0; + +- BIGNUM *t, *p1p2, *pm1; ++ BIGNUM *t, *p1p2, *pm1; + +- /* Only even e supported */ +- if (!BN_is_odd(e)) +- return 0; ++ /* Only even e supported */ ++ if (!BN_is_odd(e)) ++ return 0; + +- BN_CTX_start(ctx); +- if (!p1) +- p1 = BN_CTX_get(ctx); ++ BN_CTX_start(ctx); ++ if (!p1) ++ p1 = BN_CTX_get(ctx); + +- if (!p2) +- p2 = BN_CTX_get(ctx); ++ if (!p2) ++ p2 = BN_CTX_get(ctx); + +- t = BN_CTX_get(ctx); ++ t = BN_CTX_get(ctx); + +- p1p2 = BN_CTX_get(ctx); ++ p1p2 = BN_CTX_get(ctx); + +- pm1 = BN_CTX_get(ctx); ++ pm1 = BN_CTX_get(ctx); + +- if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) +- goto err; ++ if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) ++ goto err; + +- if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) +- goto err; ++ if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) ++ goto err; + +- if (!BN_mul(p1p2, p1, p2, ctx)) +- goto err; ++ if (!BN_mul(p1p2, p1, p2, ctx)) ++ goto err; + +- /* First set p to value of Rp */ ++ /* First set p to value of Rp */ + +- if (!BN_mod_inverse(p, p2, p1, ctx)) +- goto err; ++ if (!BN_mod_inverse(p, p2, p1, ctx)) ++ goto err; + +- if (!BN_mul(p, p, p2, ctx)) +- goto err; ++ if (!BN_mul(p, p, p2, ctx)) ++ goto err; + +- if (!BN_mod_inverse(t, p1, p2, ctx)) +- goto err; ++ if (!BN_mod_inverse(t, p1, p2, ctx)) ++ goto err; + +- if (!BN_mul(t, t, p1, ctx)) +- goto err; ++ if (!BN_mul(t, t, p1, ctx)) ++ goto err; + +- if (!BN_sub(p, p, t)) +- goto err; ++ if (!BN_sub(p, p, t)) ++ goto err; + +- if (p->neg && !BN_add(p, p, p1p2)) +- goto err; ++ if (p->neg && !BN_add(p, p, p1p2)) ++ goto err; + +- /* p now equals Rp */ ++ /* p now equals Rp */ + +- if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) +- goto err; ++ if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) ++ goto err; + +- if (!BN_add(p, p, Xp)) +- goto err; ++ if (!BN_add(p, p, Xp)) ++ goto err; + +- /* p now equals Yp0 */ ++ /* p now equals Yp0 */ + +- for (;;) +- { +- int i = 1; +- BN_GENCB_call(cb, 0, i++); +- if (!BN_copy(pm1, p)) +- goto err; +- if (!BN_sub_word(pm1, 1)) +- goto err; +- if (!BN_gcd(t, pm1, e, ctx)) +- goto err; +- if (BN_is_one(t) +- /* X9.31 specifies 8 MR and 1 Lucas test or any prime test +- * offering similar or better guarantees 50 MR is considerably +- * better. +- */ +- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) +- break; +- if (!BN_add(p, p, p1p2)) +- goto err; +- } ++ for (;;) { ++ int i = 1; ++ BN_GENCB_call(cb, 0, i++); ++ if (!BN_copy(pm1, p)) ++ goto err; ++ if (!BN_sub_word(pm1, 1)) ++ goto err; ++ if (!BN_gcd(t, pm1, e, ctx)) ++ goto err; ++ if (BN_is_one(t) ++ /* ++ * X9.31 specifies 8 MR and 1 Lucas test or any prime test ++ * offering similar or better guarantees 50 MR is considerably ++ * better. ++ */ ++ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) ++ break; ++ if (!BN_add(p, p, p1p2)) ++ goto err; ++ } + +- BN_GENCB_call(cb, 3, 0); ++ BN_GENCB_call(cb, 3, 0); + +- ret = 1; ++ ret = 1; + +- err: ++ err: + +- BN_CTX_end(ctx); ++ BN_CTX_end(ctx); + +- return ret; +- } ++ return ret; ++} + +-/* Generate pair of paramters Xp, Xq for X9.31 prime generation. +- * Note: nbits paramter is sum of number of bits in both. ++/* ++ * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits ++ * paramter is sum of number of bits in both. + */ + + int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) +- { +- BIGNUM *t; +- int i; +- /* Number of bits for each prime is of the form +- * 512+128s for s = 0, 1, ... +- */ +- if ((nbits < 1024) || (nbits & 0xff)) +- return 0; +- nbits >>= 1; +- /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and +- * 2^nbits - 1. By setting the top two bits we ensure that the lower +- * bound is exceeded. +- */ +- if (!BN_rand(Xp, nbits, 1, 0)) +- return 0; +- +- BN_CTX_start(ctx); +- t = BN_CTX_get(ctx); +- +- for (i = 0; i < 1000; i++) +- { +- if (!BN_rand(Xq, nbits, 1, 0)) +- return 0; +- /* Check that |Xp - Xq| > 2^(nbits - 100) */ +- BN_sub(t, Xp, Xq); +- if (BN_num_bits(t) > (nbits - 100)) +- break; +- } +- +- BN_CTX_end(ctx); +- +- if (i < 1000) +- return 1; +- +- return 0; +- +- } +- +-/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 +- * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL +- * the relevant parameter will be stored in it. +- * +- * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq +- * are generated using the previous function and supplied as input. ++{ ++ BIGNUM *t; ++ int i; ++ /* ++ * Number of bits for each prime is of the form 512+128s for s = 0, 1, ++ * ... ++ */ ++ if ((nbits < 1024) || (nbits & 0xff)) ++ return 0; ++ nbits >>= 1; ++ /* ++ * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits ++ * - 1. By setting the top two bits we ensure that the lower bound is ++ * exceeded. ++ */ ++ if (!BN_rand(Xp, nbits, 1, 0)) ++ return 0; ++ ++ BN_CTX_start(ctx); ++ t = BN_CTX_get(ctx); ++ ++ for (i = 0; i < 1000; i++) { ++ if (!BN_rand(Xq, nbits, 1, 0)) ++ return 0; ++ /* Check that |Xp - Xq| > 2^(nbits - 100) */ ++ BN_sub(t, Xp, Xq); ++ if (BN_num_bits(t) > (nbits - 100)) ++ break; ++ } ++ ++ BN_CTX_end(ctx); ++ ++ if (i < 1000) ++ return 1; ++ ++ return 0; ++ ++} ++ ++/* ++ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and ++ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the ++ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| > ++ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the ++ * previous function and supplied as input. + */ + + int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, +- BIGNUM *Xp1, BIGNUM *Xp2, +- const BIGNUM *Xp, +- const BIGNUM *e, BN_CTX *ctx, +- BN_GENCB *cb) +- { +- int ret = 0; +- +- BN_CTX_start(ctx); +- if (!Xp1) +- Xp1 = BN_CTX_get(ctx); +- if (!Xp2) +- Xp2 = BN_CTX_get(ctx); ++ BIGNUM *Xp1, BIGNUM *Xp2, ++ const BIGNUM *Xp, ++ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) ++{ ++ int ret = 0; + +- if (!BN_rand(Xp1, 101, 0, 0)) +- goto error; +- if (!BN_rand(Xp2, 101, 0, 0)) +- goto error; +- if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) +- goto error; ++ BN_CTX_start(ctx); ++ if (!Xp1) ++ Xp1 = BN_CTX_get(ctx); ++ if (!Xp2) ++ Xp2 = BN_CTX_get(ctx); + +- ret = 1; ++ if (!BN_rand(Xp1, 101, 0, 0)) ++ goto error; ++ if (!BN_rand(Xp2, 101, 0, 0)) ++ goto error; ++ if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) ++ goto error; + +- error: +- BN_CTX_end(ctx); ++ ret = 1; + +- return ret; ++ error: ++ BN_CTX_end(ctx); + +- } ++ return ret; + ++} +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +index 3e25bbe..dfb8e85 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,35 +66,32 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) + +-static ERR_STRING_DATA BUF_str_functs[]= +- { +-{ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, +-{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, +-{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, +-{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, +-{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, +-{ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA BUF_str_functs[] = { ++ {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, ++ {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, ++ {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, ++ {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, ++ {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, ++ {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA BUF_str_reasons[]= +- { +-{0,NULL} +- }; ++static ERR_STRING_DATA BUF_str_reasons[] = { ++ {0, NULL} ++}; + + #endif + + void ERR_load_BUF_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,BUF_str_functs); +- ERR_load_strings(0,BUF_str_reasons); +- } ++ if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, BUF_str_functs); ++ ERR_load_strings(0, BUF_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +index 28dd1e4..88be76f 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,59 +58,59 @@ + #include + + char *BUF_strdup(const char *str) +- { +- if (str == NULL) return(NULL); +- return BUF_strndup(str, strlen(str)); +- } ++{ ++ if (str == NULL) ++ return (NULL); ++ return BUF_strndup(str, strlen(str)); ++} + + char *BUF_strndup(const char *str, size_t siz) +- { +- char *ret; ++{ ++ char *ret; + +- if (str == NULL) return(NULL); ++ if (str == NULL) ++ return (NULL); + +- ret=OPENSSL_malloc(siz+1); +- if (ret == NULL) +- { +- BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- BUF_strlcpy(ret,str,siz+1); +- return(ret); +- } ++ ret = OPENSSL_malloc(siz + 1); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ BUF_strlcpy(ret, str, siz + 1); ++ return (ret); ++} + + void *BUF_memdup(const void *data, size_t siz) +- { +- void *ret; ++{ ++ void *ret; + +- if (data == NULL) return(NULL); ++ if (data == NULL) ++ return (NULL); + +- ret=OPENSSL_malloc(siz); +- if (ret == NULL) +- { +- BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- return memcpy(ret, data, siz); +- } ++ ret = OPENSSL_malloc(siz); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ return memcpy(ret, data, siz); ++} + + size_t BUF_strlcpy(char *dst, const char *src, size_t size) +- { +- size_t l = 0; +- for(; size > 1 && *src; size--) +- { +- *dst++ = *src++; +- l++; +- } +- if (size) +- *dst = '\0'; +- return l + strlen(src); +- } ++{ ++ size_t l = 0; ++ for (; size > 1 && *src; size--) { ++ *dst++ = *src++; ++ l++; ++ } ++ if (size) ++ *dst = '\0'; ++ return l + strlen(src); ++} + + size_t BUF_strlcat(char *dst, const char *src, size_t size) +- { +- size_t l = 0; +- for(; size > 0 && *dst; size--, dst++) +- l++; +- return l + BUF_strlcpy(dst, src, size); +- } ++{ ++ size_t l = 0; ++ for (; size > 0 && *dst; size--, dst++) ++ l++; ++ return l + BUF_strlcpy(dst, src, size); ++} +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +index 3b4c79f..f59849f 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buffer.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,131 +60,117 @@ + #include "cryptlib.h" + #include + +-/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That +- * function is applied in several functions in this file and this limit ensures +- * that the result fits in an int. */ ++/* ++ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That ++ * function is applied in several functions in this file and this limit ++ * ensures that the result fits in an int. ++ */ + #define LIMIT_BEFORE_EXPANSION 0x5ffffffc + + BUF_MEM *BUF_MEM_new(void) +- { +- BUF_MEM *ret; ++{ ++ BUF_MEM *ret; + +- ret=OPENSSL_malloc(sizeof(BUF_MEM)); +- if (ret == NULL) +- { +- BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- ret->length=0; +- ret->max=0; +- ret->data=NULL; +- return(ret); +- } ++ ret = OPENSSL_malloc(sizeof(BUF_MEM)); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ret->length = 0; ++ ret->max = 0; ++ ret->data = NULL; ++ return (ret); ++} + + void BUF_MEM_free(BUF_MEM *a) +- { +- if(a == NULL) +- return; ++{ ++ if (a == NULL) ++ return; + +- if (a->data != NULL) +- { +- memset(a->data,0,(unsigned int)a->max); +- OPENSSL_free(a->data); +- } +- OPENSSL_free(a); +- } ++ if (a->data != NULL) { ++ memset(a->data, 0, (unsigned int)a->max); ++ OPENSSL_free(a->data); ++ } ++ OPENSSL_free(a); ++} + + int BUF_MEM_grow(BUF_MEM *str, int len) +- { +- char *ret; +- unsigned int n; ++{ ++ char *ret; ++ unsigned int n; + +- if (len < 0) +- { +- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (str->length >= len) +- { +- str->length=len; +- return(len); +- } +- if (str->max >= len) +- { +- memset(&str->data[str->length],0,len-str->length); +- str->length=len; +- return(len); +- } +- /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ +- if (len > LIMIT_BEFORE_EXPANSION) +- { +- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- n=(len+3)/3*4; +- if (str->data == NULL) +- ret=OPENSSL_malloc(n); +- else +- ret=OPENSSL_realloc(str->data,n); +- if (ret == NULL) +- { +- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); +- len=0; +- } +- else +- { +- str->data=ret; +- str->max=n; +- memset(&str->data[str->length],0,len-str->length); +- str->length=len; +- } +- return(len); +- } ++ if (len < 0) { ++ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (str->length >= len) { ++ str->length = len; ++ return (len); ++ } ++ if (str->max >= len) { ++ memset(&str->data[str->length], 0, len - str->length); ++ str->length = len; ++ return (len); ++ } ++ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ ++ if (len > LIMIT_BEFORE_EXPANSION) { ++ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ n = (len + 3) / 3 * 4; ++ if (str->data == NULL) ++ ret = OPENSSL_malloc(n); ++ else ++ ret = OPENSSL_realloc(str->data, n); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE); ++ len = 0; ++ } else { ++ str->data = ret; ++ str->max = n; ++ memset(&str->data[str->length], 0, len - str->length); ++ str->length = len; ++ } ++ return (len); ++} + + int BUF_MEM_grow_clean(BUF_MEM *str, int len) +- { +- char *ret; +- unsigned int n; ++{ ++ char *ret; ++ unsigned int n; + +- if (len < 0) +- { +- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (str->length >= len) +- { +- memset(&str->data[len],0,str->length-len); +- str->length=len; +- return(len); +- } +- if (str->max >= len) +- { +- memset(&str->data[str->length],0,len-str->length); +- str->length=len; +- return(len); +- } +- /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ +- if (len > LIMIT_BEFORE_EXPANSION) +- { +- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- n=(len+3)/3*4; +- if (str->data == NULL) +- ret=OPENSSL_malloc(n); +- else +- ret=OPENSSL_realloc_clean(str->data,str->max,n); +- if (ret == NULL) +- { +- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE); +- len=0; +- } +- else +- { +- str->data=ret; +- str->max=n; +- memset(&str->data[str->length],0,len-str->length); +- str->length=len; +- } +- return(len); +- } ++ if (len < 0) { ++ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (str->length >= len) { ++ memset(&str->data[len], 0, str->length - len); ++ str->length = len; ++ return (len); ++ } ++ if (str->max >= len) { ++ memset(&str->data[str->length], 0, len - str->length); ++ str->length = len; ++ return (len); ++ } ++ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ ++ if (len > LIMIT_BEFORE_EXPANSION) { ++ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ n = (len + 3) / 3 * 4; ++ if (str->data == NULL) ++ ret = OPENSSL_malloc(n); ++ else ++ ret = OPENSSL_realloc_clean(str->data, str->max, n); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); ++ len = 0; ++ } else { ++ str->data = ret; ++ str->max = n; ++ memset(&str->data[str->length], 0, len - str->length); ++ str->length = len; ++ } ++ return (len); ++} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c +index dcec13a..f2f16e5 100644 +--- a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c ++++ b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,63 +59,65 @@ + #include + #include "cast_lcl.h" + +-/* The input and output encrypted as though 64bit cfb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + + void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *schedule, unsigned char *ivec, +- int *num, int enc) +- { +- register CAST_LONG v0,v1,t; +- register int n= *num; +- register long l=length; +- CAST_LONG ti[2]; +- unsigned char *iv,c,cc; ++ long length, const CAST_KEY *schedule, ++ unsigned char *ivec, int *num, int enc) ++{ ++ register CAST_LONG v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ CAST_LONG ti[2]; ++ unsigned char *iv, c, cc; + +- iv=ivec; +- if (enc) +- { +- while (l--) +- { +- if (n == 0) +- { +- n2l(iv,v0); ti[0]=v0; +- n2l(iv,v1); ti[1]=v1; +- CAST_encrypt((CAST_LONG *)ti,schedule); +- iv=ivec; +- t=ti[0]; l2n(t,iv); +- t=ti[1]; l2n(t,iv); +- iv=ivec; +- } +- c= *(in++)^iv[n]; +- *(out++)=c; +- iv[n]=c; +- n=(n+1)&0x07; +- } +- } +- else +- { +- while (l--) +- { +- if (n == 0) +- { +- n2l(iv,v0); ti[0]=v0; +- n2l(iv,v1); ti[1]=v1; +- CAST_encrypt((CAST_LONG *)ti,schedule); +- iv=ivec; +- t=ti[0]; l2n(t,iv); +- t=ti[1]; l2n(t,iv); +- iv=ivec; +- } +- cc= *(in++); +- c=iv[n]; +- iv[n]=cc; +- *(out++)=c^cc; +- n=(n+1)&0x07; +- } +- } +- v0=v1=ti[0]=ti[1]=t=c=cc=0; +- *num=n; +- } ++ iv = ivec; ++ if (enc) { ++ while (l--) { ++ if (n == 0) { ++ n2l(iv, v0); ++ ti[0] = v0; ++ n2l(iv, v1); ++ ti[1] = v1; ++ CAST_encrypt((CAST_LONG *)ti, schedule); ++ iv = ivec; ++ t = ti[0]; ++ l2n(t, iv); ++ t = ti[1]; ++ l2n(t, iv); ++ iv = ivec; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ n2l(iv, v0); ++ ti[0] = v0; ++ n2l(iv, v1); ++ ti[1] = v1; ++ CAST_encrypt((CAST_LONG *)ti, schedule); ++ iv = ivec; ++ t = ti[0]; ++ l2n(t, iv); ++ t = ti[1]; ++ l2n(t, iv); ++ iv = ivec; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c +index b6a3b1f..4793f28 100644 +--- a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c ++++ b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,20 +60,24 @@ + #include "cast_lcl.h" + #include + +-const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT; ++const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT; + + void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, +- const CAST_KEY *ks, int enc) +- { +- CAST_LONG l,d[2]; ++ const CAST_KEY *ks, int enc) ++{ ++ CAST_LONG l, d[2]; + +- n2l(in,l); d[0]=l; +- n2l(in,l); d[1]=l; +- if (enc) +- CAST_encrypt(d,ks); +- else +- CAST_decrypt(d,ks); +- l=d[0]; l2n(l,out); +- l=d[1]; l2n(l,out); +- l=d[0]=d[1]=0; +- } ++ n2l(in, l); ++ d[0] = l; ++ n2l(in, l); ++ d[1] = l; ++ if (enc) ++ CAST_encrypt(d, ks); ++ else ++ CAST_decrypt(d, ks); ++ l = d[0]; ++ l2n(l, out); ++ l = d[1]; ++ l2n(l, out); ++ l = d[0] = d[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c +index 357c41e..6e1d50f 100644 +--- a/Cryptlib/OpenSSL/crypto/cast/c_enc.c ++++ b/Cryptlib/OpenSSL/crypto/cast/c_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,149 +60,141 @@ + #include "cast_lcl.h" + + void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) +- { +- register CAST_LONG l,r,t; +- const register CAST_LONG *k; ++{ ++ register CAST_LONG l, r, t; ++ const register CAST_LONG *k; + +- k= &(key->data[0]); +- l=data[0]; +- r=data[1]; ++ k = &(key->data[0]); ++ l = data[0]; ++ r = data[1]; + +- E_CAST( 0,k,l,r,+,^,-); +- E_CAST( 1,k,r,l,^,-,+); +- E_CAST( 2,k,l,r,-,+,^); +- E_CAST( 3,k,r,l,+,^,-); +- E_CAST( 4,k,l,r,^,-,+); +- E_CAST( 5,k,r,l,-,+,^); +- E_CAST( 6,k,l,r,+,^,-); +- E_CAST( 7,k,r,l,^,-,+); +- E_CAST( 8,k,l,r,-,+,^); +- E_CAST( 9,k,r,l,+,^,-); +- E_CAST(10,k,l,r,^,-,+); +- E_CAST(11,k,r,l,-,+,^); +- if(!key->short_key) +- { +- E_CAST(12,k,l,r,+,^,-); +- E_CAST(13,k,r,l,^,-,+); +- E_CAST(14,k,l,r,-,+,^); +- E_CAST(15,k,r,l,+,^,-); +- } ++ E_CAST(0, k, l, r, +, ^, -); ++ E_CAST(1, k, r, l, ^, -, +); ++ E_CAST(2, k, l, r, -, +, ^); ++ E_CAST(3, k, r, l, +, ^, -); ++ E_CAST(4, k, l, r, ^, -, +); ++ E_CAST(5, k, r, l, -, +, ^); ++ E_CAST(6, k, l, r, +, ^, -); ++ E_CAST(7, k, r, l, ^, -, +); ++ E_CAST(8, k, l, r, -, +, ^); ++ E_CAST(9, k, r, l, +, ^, -); ++ E_CAST(10, k, l, r, ^, -, +); ++ E_CAST(11, k, r, l, -, +, ^); ++ if (!key->short_key) { ++ E_CAST(12, k, l, r, +, ^, -); ++ E_CAST(13, k, r, l, ^, -, +); ++ E_CAST(14, k, l, r, -, +, ^); ++ E_CAST(15, k, r, l, +, ^, -); ++ } + +- data[1]=l&0xffffffffL; +- data[0]=r&0xffffffffL; +- } ++ data[1] = l & 0xffffffffL; ++ data[0] = r & 0xffffffffL; ++} + + void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) +- { +- register CAST_LONG l,r,t; +- const register CAST_LONG *k; ++{ ++ register CAST_LONG l, r, t; ++ const register CAST_LONG *k; + +- k= &(key->data[0]); +- l=data[0]; +- r=data[1]; ++ k = &(key->data[0]); ++ l = data[0]; ++ r = data[1]; + +- if(!key->short_key) +- { +- E_CAST(15,k,l,r,+,^,-); +- E_CAST(14,k,r,l,-,+,^); +- E_CAST(13,k,l,r,^,-,+); +- E_CAST(12,k,r,l,+,^,-); +- } +- E_CAST(11,k,l,r,-,+,^); +- E_CAST(10,k,r,l,^,-,+); +- E_CAST( 9,k,l,r,+,^,-); +- E_CAST( 8,k,r,l,-,+,^); +- E_CAST( 7,k,l,r,^,-,+); +- E_CAST( 6,k,r,l,+,^,-); +- E_CAST( 5,k,l,r,-,+,^); +- E_CAST( 4,k,r,l,^,-,+); +- E_CAST( 3,k,l,r,+,^,-); +- E_CAST( 2,k,r,l,-,+,^); +- E_CAST( 1,k,l,r,^,-,+); +- E_CAST( 0,k,r,l,+,^,-); ++ if (!key->short_key) { ++ E_CAST(15, k, l, r, +, ^, -); ++ E_CAST(14, k, r, l, -, +, ^); ++ E_CAST(13, k, l, r, ^, -, +); ++ E_CAST(12, k, r, l, +, ^, -); ++ } ++ E_CAST(11, k, l, r, -, +, ^); ++ E_CAST(10, k, r, l, ^, -, +); ++ E_CAST(9, k, l, r, +, ^, -); ++ E_CAST(8, k, r, l, -, +, ^); ++ E_CAST(7, k, l, r, ^, -, +); ++ E_CAST(6, k, r, l, +, ^, -); ++ E_CAST(5, k, l, r, -, +, ^); ++ E_CAST(4, k, r, l, ^, -, +); ++ E_CAST(3, k, l, r, +, ^, -); ++ E_CAST(2, k, r, l, -, +, ^); ++ E_CAST(1, k, l, r, ^, -, +); ++ E_CAST(0, k, r, l, +, ^, -); + +- data[1]=l&0xffffffffL; +- data[0]=r&0xffffffffL; +- } ++ data[1] = l & 0xffffffffL; ++ data[0] = r & 0xffffffffL; ++} + +-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- const CAST_KEY *ks, unsigned char *iv, int enc) +- { +- register CAST_LONG tin0,tin1; +- register CAST_LONG tout0,tout1,xor0,xor1; +- register long l=length; +- CAST_LONG tin[2]; ++void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ long length, const CAST_KEY *ks, unsigned char *iv, ++ int enc) ++{ ++ register CAST_LONG tin0, tin1; ++ register CAST_LONG tout0, tout1, xor0, xor1; ++ register long l = length; ++ CAST_LONG tin[2]; + +- if (enc) +- { +- n2l(iv,tout0); +- n2l(iv,tout1); +- iv-=8; +- for (l-=8; l>=0; l-=8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- CAST_encrypt(tin,ks); +- tout0=tin[0]; +- tout1=tin[1]; +- l2n(tout0,out); +- l2n(tout1,out); +- } +- if (l != -8) +- { +- n2ln(in,tin0,tin1,l+8); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- CAST_encrypt(tin,ks); +- tout0=tin[0]; +- tout1=tin[1]; +- l2n(tout0,out); +- l2n(tout1,out); +- } +- l2n(tout0,iv); +- l2n(tout1,iv); +- } +- else +- { +- n2l(iv,xor0); +- n2l(iv,xor1); +- iv-=8; +- for (l-=8; l>=0; l-=8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin[0]=tin0; +- tin[1]=tin1; +- CAST_decrypt(tin,ks); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2n(tout0,out); +- l2n(tout1,out); +- xor0=tin0; +- xor1=tin1; +- } +- if (l != -8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin[0]=tin0; +- tin[1]=tin1; +- CAST_decrypt(tin,ks); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2nn(tout0,tout1,out,l+8); +- xor0=tin0; +- xor1=tin1; +- } +- l2n(xor0,iv); +- l2n(xor1,iv); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; +- } ++ if (enc) { ++ n2l(iv, tout0); ++ n2l(iv, tout1); ++ iv -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ CAST_encrypt(tin, ks); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ } ++ if (l != -8) { ++ n2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ CAST_encrypt(tin, ks); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ } ++ l2n(tout0, iv); ++ l2n(tout1, iv); ++ } else { ++ n2l(iv, xor0); ++ n2l(iv, xor1); ++ iv -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin[0] = tin0; ++ tin[1] = tin1; ++ CAST_decrypt(tin, ks); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin[0] = tin0; ++ tin[1] = tin1; ++ CAST_decrypt(tin, ks); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2nn(tout0, tout1, out, l + 8); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ l2n(xor0, iv); ++ l2n(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c +index cb32224..4e0a7c2 100644 +--- a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c ++++ b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,52 +59,52 @@ + #include + #include "cast_lcl.h" + +-/* The input and output encrypted as though 64bit ofb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, const CAST_KEY *schedule, unsigned char *ivec, +- int *num) +- { +- register CAST_LONG v0,v1,t; +- register int n= *num; +- register long l=length; +- unsigned char d[8]; +- register char *dp; +- CAST_LONG ti[2]; +- unsigned char *iv; +- int save=0; ++ long length, const CAST_KEY *schedule, ++ unsigned char *ivec, int *num) ++{ ++ register CAST_LONG v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ unsigned char d[8]; ++ register char *dp; ++ CAST_LONG ti[2]; ++ unsigned char *iv; ++ int save = 0; + +- iv=ivec; +- n2l(iv,v0); +- n2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- dp=(char *)d; +- l2n(v0,dp); +- l2n(v1,dp); +- while (l--) +- { +- if (n == 0) +- { +- CAST_encrypt((CAST_LONG *)ti,schedule); +- dp=(char *)d; +- t=ti[0]; l2n(t,dp); +- t=ti[1]; l2n(t,dp); +- save++; +- } +- *(out++)= *(in++)^d[n]; +- n=(n+1)&0x07; +- } +- if (save) +- { +- v0=ti[0]; +- v1=ti[1]; +- iv=ivec; +- l2n(v0,iv); +- l2n(v1,iv); +- } +- t=v0=v1=ti[0]=ti[1]=0; +- *num=n; +- } ++ iv = ivec; ++ n2l(iv, v0); ++ n2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = (char *)d; ++ l2n(v0, dp); ++ l2n(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ CAST_encrypt((CAST_LONG *)ti, schedule); ++ dp = (char *)d; ++ t = ti[0]; ++ l2n(t, dp); ++ t = ti[1]; ++ l2n(t, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++ v0 = ti[0]; ++ v1 = ti[1]; ++ iv = ivec; ++ l2n(v0, iv); ++ l2n(v1, iv); ++ } ++ t = v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c +index 68e690a..a04f86a 100644 +--- a/Cryptlib/OpenSSL/crypto/cast/c_skey.c ++++ b/Cryptlib/OpenSSL/crypto/cast/c_skey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,18 +59,18 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include "cast_lcl.h" + #include "cast_s.h" + + #define CAST_exp(l,A,a,n) \ +- A[n/4]=l; \ +- a[n+3]=(l )&0xff; \ +- a[n+2]=(l>> 8)&0xff; \ +- a[n+1]=(l>>16)&0xff; \ +- a[n+0]=(l>>24)&0xff; ++ A[n/4]=l; \ ++ a[n+3]=(l )&0xff; \ ++ a[n+2]=(l>> 8)&0xff; \ ++ a[n+1]=(l>>16)&0xff; \ ++ a[n+0]=(l>>24)&0xff; + + #define S4 CAST_S_table4 + #define S5 CAST_S_table5 +@@ -78,94 +78,95 @@ + #define S7 CAST_S_table7 + + FIPS_NON_FIPS_VCIPHER_Init(CAST) +- { +- CAST_LONG x[16]; +- CAST_LONG z[16]; +- CAST_LONG k[32]; +- CAST_LONG X[4],Z[4]; +- CAST_LONG l,*K; +- int i; +- +- for (i=0; i<16; i++) x[i]=0; +- if (len > 16) len=16; +- for (i=0; ishort_key=1; +- else +- key->short_key=0; +- +- K= &k[0]; +- X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; +- X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL; +- X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL; +- X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL; +- +- for (;;) +- { +- l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; +- CAST_exp(l,Z,z, 0); +- l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; +- CAST_exp(l,Z,z, 4); +- l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; +- CAST_exp(l,Z,z, 8); +- l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; +- CAST_exp(l,Z,z,12); +- +- K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]]; +- K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]]; +- K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]]; +- K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]]; +- +- l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; +- CAST_exp(l,X,x, 0); +- l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; +- CAST_exp(l,X,x, 4); +- l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; +- CAST_exp(l,X,x, 8); +- l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; +- CAST_exp(l,X,x,12); +- +- K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]]; +- K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]]; +- K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]]; +- K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]]; +- +- l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]]; +- CAST_exp(l,Z,z, 0); +- l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]]; +- CAST_exp(l,Z,z, 4); +- l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]]; +- CAST_exp(l,Z,z, 8); +- l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]]; +- CAST_exp(l,Z,z,12); +- +- K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]]; +- K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]]; +- K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]]; +- K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]]; +- +- l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]]; +- CAST_exp(l,X,x, 0); +- l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]]; +- CAST_exp(l,X,x, 4); +- l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]]; +- CAST_exp(l,X,x, 8); +- l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]]; +- CAST_exp(l,X,x,12); +- +- K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]]; +- K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]]; +- K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]]; +- K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]]; +- if (K != k) break; +- K+=16; +- } +- +- for (i=0; i<16; i++) +- { +- key->data[i*2]=k[i]; +- key->data[i*2+1]=((k[i+16])+16)&0x1f; +- } +- } +- ++{ ++ CAST_LONG x[16]; ++ CAST_LONG z[16]; ++ CAST_LONG k[32]; ++ CAST_LONG X[4], Z[4]; ++ CAST_LONG l, *K; ++ int i; ++ ++ for (i = 0; i < 16; i++) ++ x[i] = 0; ++ if (len > 16) ++ len = 16; ++ for (i = 0; i < len; i++) ++ x[i] = data[i]; ++ if (len <= 10) ++ key->short_key = 1; ++ else ++ key->short_key = 0; ++ ++ K = &k[0]; ++ X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL; ++ X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL; ++ X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL; ++ X[3] = ++ ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; ++ ++ for (;;) { ++ l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; ++ CAST_exp(l, Z, z, 0); ++ l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; ++ CAST_exp(l, Z, z, 4); ++ l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; ++ CAST_exp(l, Z, z, 8); ++ l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; ++ CAST_exp(l, Z, z, 12); ++ ++ K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]]; ++ K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]]; ++ K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]]; ++ K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]]; ++ ++ l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; ++ CAST_exp(l, X, x, 0); ++ l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; ++ CAST_exp(l, X, x, 4); ++ l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; ++ CAST_exp(l, X, x, 8); ++ l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; ++ CAST_exp(l, X, x, 12); ++ ++ K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]]; ++ K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]]; ++ K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]]; ++ K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]]; ++ ++ l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; ++ CAST_exp(l, Z, z, 0); ++ l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; ++ CAST_exp(l, Z, z, 4); ++ l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; ++ CAST_exp(l, Z, z, 8); ++ l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; ++ CAST_exp(l, Z, z, 12); ++ ++ K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]]; ++ K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]]; ++ K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]]; ++ K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]]; ++ ++ l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; ++ CAST_exp(l, X, x, 0); ++ l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; ++ CAST_exp(l, X, x, 4); ++ l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; ++ CAST_exp(l, X, x, 8); ++ l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; ++ CAST_exp(l, X, x, 12); ++ ++ K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]]; ++ K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]]; ++ K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]]; ++ K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]]; ++ if (K != k) ++ break; ++ K += 16; ++ } ++ ++ for (i = 0; i < 16; i++) { ++ key->data[i * 2] = k[i]; ++ key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +index 18bceae..adf1663 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/c_rle.c ++++ b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +@@ -5,57 +5,58 @@ + #include + + static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen); ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); + static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen); +- +-static COMP_METHOD rle_method={ +- NID_rle_compression, +- LN_rle_compression, +- NULL, +- NULL, +- rle_compress_block, +- rle_expand_block, +- NULL, +- NULL, +- }; ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); ++ ++static COMP_METHOD rle_method = { ++ NID_rle_compression, ++ LN_rle_compression, ++ NULL, ++ NULL, ++ rle_compress_block, ++ rle_expand_block, ++ NULL, ++ NULL, ++}; + + COMP_METHOD *COMP_rle(void) +- { +- return(&rle_method); +- } ++{ ++ return (&rle_method); ++} + + static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen) +- { +- /* int i; */ ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ /* int i; */ + +- if (olen < (ilen+1)) +- { +- /* ZZZZZZZZZZZZZZZZZZZZZZ */ +- return(-1); +- } ++ if (olen < (ilen + 1)) { ++ /* ZZZZZZZZZZZZZZZZZZZZZZ */ ++ return (-1); ++ } + +- *(out++)=0; +- memcpy(out,in,ilen); +- return(ilen+1); +- } ++ *(out++) = 0; ++ memcpy(out, in, ilen); ++ return (ilen + 1); ++} + + static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen) +- { +- int i; +- +- if (ilen == 0 || olen < (ilen-1)) +- { +- /* ZZZZZZZZZZZZZZZZZZZZZZ */ +- return(-1); +- } +- +- i= *(in++); +- if (i == 0) +- { +- memcpy(out,in,ilen-1); +- } +- return(ilen-1); +- } ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ int i; ++ ++ if (ilen == 0 || olen < (ilen - 1)) { ++ /* ZZZZZZZZZZZZZZZZZZZZZZ */ ++ return (-1); ++ } ++ ++ i = *(in++); ++ if (i == 0) { ++ memcpy(out, in, ilen - 1); ++ } ++ return (ilen - 1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +index 8df7792..07ef739 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c ++++ b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +@@ -5,324 +5,326 @@ + #include + #include + +-COMP_METHOD *COMP_zlib(void ); +- +-static COMP_METHOD zlib_method_nozlib={ +- NID_undef, +- "(undef)", +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- }; ++COMP_METHOD *COMP_zlib(void); ++ ++static COMP_METHOD zlib_method_nozlib = { ++ NID_undef, ++ "(undef)", ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++}; + + #ifndef ZLIB +-#undef ZLIB_SHARED ++# undef ZLIB_SHARED + #else + +-#include ++# include + + static int zlib_stateful_init(COMP_CTX *ctx); + static void zlib_stateful_finish(COMP_CTX *ctx); + static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen); ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); + static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen); +- ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); + + /* memory allocations functions for zlib intialization */ +-static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size) ++static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) + { +- void *p; +- +- p=OPENSSL_malloc(no*size); +- if (p) +- memset(p, 0, no*size); +- return p; +-} ++ void *p; + ++ p = OPENSSL_malloc(no * size); ++ if (p) ++ memset(p, 0, no * size); ++ return p; ++} + +-static void zlib_zfree(void* opaque, void* address) ++static void zlib_zfree(void *opaque, void *address) + { +- OPENSSL_free(address); ++ OPENSSL_free(address); + } + +-#if 0 ++# if 0 + static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen); ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); + static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen); +- +-static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, +- uLong sourceLen); +- +-static COMP_METHOD zlib_stateless_method={ +- NID_zlib_compression, +- LN_zlib_compression, +- NULL, +- NULL, +- zlib_compress_block, +- zlib_expand_block, +- NULL, +- NULL, +- }; +-#endif +- +-static COMP_METHOD zlib_stateful_method={ +- NID_zlib_compression, +- LN_zlib_compression, +- zlib_stateful_init, +- zlib_stateful_finish, +- zlib_stateful_compress_block, +- zlib_stateful_expand_block, +- NULL, +- NULL, +- }; +- +-/* ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); ++ ++static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, ++ uLong sourceLen); ++ ++static COMP_METHOD zlib_stateless_method = { ++ NID_zlib_compression, ++ LN_zlib_compression, ++ NULL, ++ NULL, ++ zlib_compress_block, ++ zlib_expand_block, ++ NULL, ++ NULL, ++}; ++# endif ++ ++static COMP_METHOD zlib_stateful_method = { ++ NID_zlib_compression, ++ LN_zlib_compression, ++ zlib_stateful_init, ++ zlib_stateful_finish, ++ zlib_stateful_compress_block, ++ zlib_stateful_expand_block, ++ NULL, ++ NULL, ++}; ++ ++/* + * When OpenSSL is built on Windows, we do not want to require that + * the ZLIB.DLL be available in order for the OpenSSL DLLs to + * work. Therefore, all ZLIB routines are loaded at run time + * and we do not link to a .LIB file when ZLIB_SHARED is set. + */ +-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +-# include +-#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ++# include ++# endif /* !(OPENSSL_SYS_WINDOWS || ++ * OPENSSL_SYS_WIN32) */ + +-#ifdef ZLIB_SHARED +-#include ++# ifdef ZLIB_SHARED ++# include + + /* Function pointers */ +-typedef int (*compress_ft)(Bytef *dest,uLongf *destLen, +- const Bytef *source, uLong sourceLen); +-typedef int (*inflateEnd_ft)(z_streamp strm); +-typedef int (*inflate_ft)(z_streamp strm, int flush); +-typedef int (*inflateInit__ft)(z_streamp strm, +- const char * version, int stream_size); +-typedef int (*deflateEnd_ft)(z_streamp strm); +-typedef int (*deflate_ft)(z_streamp strm, int flush); +-typedef int (*deflateInit__ft)(z_streamp strm, int level, +- const char * version, int stream_size); +-typedef const char * (*zError__ft)(int err); +-static compress_ft p_compress=NULL; +-static inflateEnd_ft p_inflateEnd=NULL; +-static inflate_ft p_inflate=NULL; +-static inflateInit__ft p_inflateInit_=NULL; +-static deflateEnd_ft p_deflateEnd=NULL; +-static deflate_ft p_deflate=NULL; +-static deflateInit__ft p_deflateInit_=NULL; +-static zError__ft p_zError=NULL; ++typedef int (*compress_ft) (Bytef *dest, uLongf * destLen, ++ const Bytef *source, uLong sourceLen); ++typedef int (*inflateEnd_ft) (z_streamp strm); ++typedef int (*inflate_ft) (z_streamp strm, int flush); ++typedef int (*inflateInit__ft) (z_streamp strm, ++ const char *version, int stream_size); ++typedef int (*deflateEnd_ft) (z_streamp strm); ++typedef int (*deflate_ft) (z_streamp strm, int flush); ++typedef int (*deflateInit__ft) (z_streamp strm, int level, ++ const char *version, int stream_size); ++typedef const char *(*zError__ft) (int err); ++static compress_ft p_compress = NULL; ++static inflateEnd_ft p_inflateEnd = NULL; ++static inflate_ft p_inflate = NULL; ++static inflateInit__ft p_inflateInit_ = NULL; ++static deflateEnd_ft p_deflateEnd = NULL; ++static deflate_ft p_deflate = NULL; ++static deflateInit__ft p_deflateInit_ = NULL; ++static zError__ft p_zError = NULL; + + static int zlib_loaded = 0; /* only attempt to init func pts once */ + static DSO *zlib_dso = NULL; + +-#define compress p_compress +-#define inflateEnd p_inflateEnd +-#define inflate p_inflate +-#define inflateInit_ p_inflateInit_ +-#define deflateEnd p_deflateEnd +-#define deflate p_deflate +-#define deflateInit_ p_deflateInit_ +-#define zError p_zError +-#endif /* ZLIB_SHARED */ +- +-struct zlib_state +- { +- z_stream istream; +- z_stream ostream; +- }; ++# define compress p_compress ++# define inflateEnd p_inflateEnd ++# define inflate p_inflate ++# define inflateInit_ p_inflateInit_ ++# define deflateEnd p_deflateEnd ++# define deflate p_deflate ++# define deflateInit_ p_deflateInit_ ++# define zError p_zError ++# endif /* ZLIB_SHARED */ ++ ++struct zlib_state { ++ z_stream istream; ++ z_stream ostream; ++}; + + static int zlib_stateful_ex_idx = -1; + + static int zlib_stateful_init(COMP_CTX *ctx) +- { +- int err; +- struct zlib_state *state = +- (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); +- +- if (state == NULL) +- goto err; +- +- state->istream.zalloc = zlib_zalloc; +- state->istream.zfree = zlib_zfree; +- state->istream.opaque = Z_NULL; +- state->istream.next_in = Z_NULL; +- state->istream.next_out = Z_NULL; +- state->istream.avail_in = 0; +- state->istream.avail_out = 0; +- err = inflateInit_(&state->istream, +- ZLIB_VERSION, sizeof(z_stream)); +- if (err != Z_OK) +- goto err; +- +- state->ostream.zalloc = zlib_zalloc; +- state->ostream.zfree = zlib_zfree; +- state->ostream.opaque = Z_NULL; +- state->ostream.next_in = Z_NULL; +- state->ostream.next_out = Z_NULL; +- state->ostream.avail_in = 0; +- state->ostream.avail_out = 0; +- err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION, +- ZLIB_VERSION, sizeof(z_stream)); +- if (err != Z_OK) +- goto err; +- +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); +- CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state); +- return 1; ++{ ++ int err; ++ struct zlib_state *state = ++ (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); ++ ++ if (state == NULL) ++ goto err; ++ ++ state->istream.zalloc = zlib_zalloc; ++ state->istream.zfree = zlib_zfree; ++ state->istream.opaque = Z_NULL; ++ state->istream.next_in = Z_NULL; ++ state->istream.next_out = Z_NULL; ++ state->istream.avail_in = 0; ++ state->istream.avail_out = 0; ++ err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream)); ++ if (err != Z_OK) ++ goto err; ++ ++ state->ostream.zalloc = zlib_zalloc; ++ state->ostream.zfree = zlib_zfree; ++ state->ostream.opaque = Z_NULL; ++ state->ostream.next_in = Z_NULL; ++ state->ostream.next_out = Z_NULL; ++ state->ostream.avail_in = 0; ++ state->ostream.avail_out = 0; ++ err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, ++ ZLIB_VERSION, sizeof(z_stream)); ++ if (err != Z_OK) ++ goto err; ++ ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); ++ CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); ++ return 1; + err: +- if (state) OPENSSL_free(state); +- return 0; +- } ++ if (state) ++ OPENSSL_free(state); ++ return 0; ++} + + static void zlib_stateful_finish(COMP_CTX *ctx) +- { +- struct zlib_state *state = +- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, +- zlib_stateful_ex_idx); +- inflateEnd(&state->istream); +- deflateEnd(&state->ostream); +- OPENSSL_free(state); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); +- } ++{ ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); ++ inflateEnd(&state->istream); ++ deflateEnd(&state->ostream); ++ OPENSSL_free(state); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); ++} + + static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen) +- { +- int err = Z_OK; +- struct zlib_state *state = +- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, +- zlib_stateful_ex_idx); +- +- if (state == NULL) +- return -1; +- +- state->ostream.next_in = in; +- state->ostream.avail_in = ilen; +- state->ostream.next_out = out; +- state->ostream.avail_out = olen; +- if (ilen > 0) +- err = deflate(&state->ostream, Z_SYNC_FLUSH); +- if (err != Z_OK) +- return -1; +-#ifdef DEBUG_ZLIB +- fprintf(stderr,"compress(%4d)->%4d %s\n", +- ilen,olen - state->ostream.avail_out, +- (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); +-#endif +- return olen - state->ostream.avail_out; +- } ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ int err = Z_OK; ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); ++ ++ if (state == NULL) ++ return -1; ++ ++ state->ostream.next_in = in; ++ state->ostream.avail_in = ilen; ++ state->ostream.next_out = out; ++ state->ostream.avail_out = olen; ++ if (ilen > 0) ++ err = deflate(&state->ostream, Z_SYNC_FLUSH); ++ if (err != Z_OK) ++ return -1; ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "compress(%4d)->%4d %s\n", ++ ilen, olen - state->ostream.avail_out, ++ (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear"); ++# endif ++ return olen - state->ostream.avail_out; ++} + + static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen) +- { +- int err = Z_OK; +- +- struct zlib_state *state = +- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, +- zlib_stateful_ex_idx); +- +- if (state == NULL) +- return 0; +- +- state->istream.next_in = in; +- state->istream.avail_in = ilen; +- state->istream.next_out = out; +- state->istream.avail_out = olen; +- if (ilen > 0) +- err = inflate(&state->istream, Z_SYNC_FLUSH); +- if (err != Z_OK) +- return -1; +-#ifdef DEBUG_ZLIB +- fprintf(stderr,"expand(%4d)->%4d %s\n", +- ilen,olen - state->istream.avail_out, +- (ilen != olen - state->istream.avail_out)?"zlib":"clear"); +-#endif +- return olen - state->istream.avail_out; +- } ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ int err = Z_OK; ++ ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); ++ ++ if (state == NULL) ++ return 0; ++ ++ state->istream.next_in = in; ++ state->istream.avail_in = ilen; ++ state->istream.next_out = out; ++ state->istream.avail_out = olen; ++ if (ilen > 0) ++ err = inflate(&state->istream, Z_SYNC_FLUSH); ++ if (err != Z_OK) ++ return -1; ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "expand(%4d)->%4d %s\n", ++ ilen, olen - state->istream.avail_out, ++ (ilen != olen - state->istream.avail_out) ? "zlib" : "clear"); ++# endif ++ return olen - state->istream.avail_out; ++} + +-#if 0 ++# if 0 + static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen) +- { +- unsigned long l; +- int i; +- int clear=1; +- +- if (ilen > 128) +- { +- out[0]=1; +- l=olen-1; +- i=compress(&(out[1]),&l,in,(unsigned long)ilen); +- if (i != Z_OK) +- return(-1); +- if (ilen > l) +- { +- clear=0; +- l++; +- } +- } +- if (clear) +- { +- out[0]=0; +- memcpy(&(out[1]),in,ilen); +- l=ilen+1; +- } +-#ifdef DEBUG_ZLIB +- fprintf(stderr,"compress(%4d)->%4d %s\n", +- ilen,(int)l,(clear)?"clear":"zlib"); +-#endif +- return((int)l); +- } ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ unsigned long l; ++ int i; ++ int clear = 1; ++ ++ if (ilen > 128) { ++ out[0] = 1; ++ l = olen - 1; ++ i = compress(&(out[1]), &l, in, (unsigned long)ilen); ++ if (i != Z_OK) ++ return (-1); ++ if (ilen > l) { ++ clear = 0; ++ l++; ++ } ++ } ++ if (clear) { ++ out[0] = 0; ++ memcpy(&(out[1]), in, ilen); ++ l = ilen + 1; ++ } ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "compress(%4d)->%4d %s\n", ++ ilen, (int)l, (clear) ? "clear" : "zlib"); ++# endif ++ return ((int)l); ++} + + static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, +- unsigned int olen, unsigned char *in, unsigned int ilen) +- { +- unsigned long l; +- int i; +- +- if (in[0]) +- { +- l=olen; +- i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1); +- if (i != Z_OK) +- return(-1); +- } +- else +- { +- memcpy(out,&(in[1]),ilen-1); +- l=ilen-1; +- } +-#ifdef DEBUG_ZLIB +- fprintf(stderr,"expand (%4d)->%4d %s\n", +- ilen,(int)l,in[0]?"zlib":"clear"); +-#endif +- return((int)l); +- } ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ unsigned long l; ++ int i; ++ ++ if (in[0]) { ++ l = olen; ++ i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1); ++ if (i != Z_OK) ++ return (-1); ++ } else { ++ memcpy(out, &(in[1]), ilen - 1); ++ l = ilen - 1; ++ } ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "expand (%4d)->%4d %s\n", ++ ilen, (int)l, in[0] ? "zlib" : "clear"); ++# endif ++ return ((int)l); ++} + +-static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, +- uLong sourceLen) ++static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, ++ uLong sourceLen) + { + z_stream stream; + int err; + +- stream.next_in = (Bytef*)source; +- stream.avail_in = (uInt)sourceLen; ++ stream.next_in = (Bytef *)source; ++ stream.avail_in = (uInt) sourceLen; + /* Check for source > 64K on 16-bit machine: */ +- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; ++ if ((uLong) stream.avail_in != sourceLen) ++ return Z_BUF_ERROR; + + stream.next_out = dest; +- stream.avail_out = (uInt)*destLen; +- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; ++ stream.avail_out = (uInt) * destLen; ++ if ((uLong) stream.avail_out != *destLen) ++ return Z_BUF_ERROR; + +- stream.zalloc = (alloc_func)0; +- stream.zfree = (free_func)0; ++ stream.zalloc = (alloc_func) 0; ++ stream.zfree = (free_func) 0; + +- err = inflateInit_(&stream, +- ZLIB_VERSION, sizeof(z_stream)); +- if (err != Z_OK) return err; ++ err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream)); ++ if (err != Z_OK) ++ return err; + + err = inflate(&stream, Z_FINISH); + if (err != Z_STREAM_END) { +@@ -334,112 +336,97 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, + err = inflateEnd(&stream); + return err; + } +-#endif ++# endif + + #endif + + COMP_METHOD *COMP_zlib(void) +- { +- COMP_METHOD *meth = &zlib_method_nozlib; ++{ ++ COMP_METHOD *meth = &zlib_method_nozlib; + + #ifdef ZLIB_SHARED +- if (!zlib_loaded) +- { +-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +- zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); +-#else +- zlib_dso = DSO_load(NULL, "z", NULL, 0); +-#endif +- if (zlib_dso != NULL) +- { +- p_compress +- = (compress_ft) DSO_bind_func(zlib_dso, +- "compress"); +- p_inflateEnd +- = (inflateEnd_ft) DSO_bind_func(zlib_dso, +- "inflateEnd"); +- p_inflate +- = (inflate_ft) DSO_bind_func(zlib_dso, +- "inflate"); +- p_inflateInit_ +- = (inflateInit__ft) DSO_bind_func(zlib_dso, +- "inflateInit_"); +- p_deflateEnd +- = (deflateEnd_ft) DSO_bind_func(zlib_dso, +- "deflateEnd"); +- p_deflate +- = (deflate_ft) DSO_bind_func(zlib_dso, +- "deflate"); +- p_deflateInit_ +- = (deflateInit__ft) DSO_bind_func(zlib_dso, +- "deflateInit_"); +- p_zError +- = (zError__ft) DSO_bind_func(zlib_dso, +- "zError"); +- +- if (p_compress && p_inflateEnd && p_inflate +- && p_inflateInit_ && p_deflateEnd +- && p_deflate && p_deflateInit_ && p_zError) +- zlib_loaded++; +- } +- } +- ++ if (!zlib_loaded) { ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ++ zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); ++# else ++ zlib_dso = DSO_load(NULL, "z", NULL, 0); ++# endif ++ if (zlib_dso != NULL) { ++ p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress"); ++ p_inflateEnd ++ = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd"); ++ p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate"); ++ p_inflateInit_ ++ = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_"); ++ p_deflateEnd ++ = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd"); ++ p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate"); ++ p_deflateInit_ ++ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); ++ p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError"); ++ ++ if (p_compress && p_inflateEnd && p_inflate ++ && p_inflateInit_ && p_deflateEnd ++ && p_deflate && p_deflateInit_ && p_zError) ++ zlib_loaded++; ++ } ++ } + #endif + #ifdef ZLIB_SHARED +- if (zlib_loaded) ++ if (zlib_loaded) + #endif + #if defined(ZLIB) || defined(ZLIB_SHARED) +- { +- /* init zlib_stateful_ex_idx here so that in a multi-process +- * application it's enough to intialize openssl before forking +- * (idx will be inherited in all the children) */ +- if (zlib_stateful_ex_idx == -1) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_COMP); +- if (zlib_stateful_ex_idx == -1) +- zlib_stateful_ex_idx = +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, +- 0,NULL,NULL,NULL,NULL); +- CRYPTO_w_unlock(CRYPTO_LOCK_COMP); +- if (zlib_stateful_ex_idx == -1) +- goto err; +- } +- +- meth = &zlib_stateful_method; +- } +-err: ++ { ++ /* ++ * init zlib_stateful_ex_idx here so that in a multi-process ++ * application it's enough to intialize openssl before forking (idx ++ * will be inherited in all the children) ++ */ ++ if (zlib_stateful_ex_idx == -1) { ++ CRYPTO_w_lock(CRYPTO_LOCK_COMP); ++ if (zlib_stateful_ex_idx == -1) ++ zlib_stateful_ex_idx = ++ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, ++ 0, NULL, NULL, NULL, NULL); ++ CRYPTO_w_unlock(CRYPTO_LOCK_COMP); ++ if (zlib_stateful_ex_idx == -1) ++ goto err; ++ } ++ ++ meth = &zlib_stateful_method; ++ } ++ err: + #endif + +- return(meth); +- } ++ return (meth); ++} + + void COMP_zlib_cleanup(void) +- { ++{ + #ifdef ZLIB_SHARED +- if (zlib_dso) +- DSO_free(zlib_dso); ++ if (zlib_dso) ++ DSO_free(zlib_dso); + #endif +- } ++} + + #ifdef ZLIB + + /* Zlib based compression/decompression filter BIO */ + +-typedef struct +- { +- unsigned char *ibuf; /* Input buffer */ +- int ibufsize; /* Buffer size */ +- z_stream zin; /* Input decompress context */ +- unsigned char *obuf; /* Output buffer */ +- int obufsize; /* Output buffer size */ +- unsigned char *optr; /* Position in output buffer */ +- int ocount; /* Amount of data in output buffer */ +- int odone; /* deflate EOF */ +- int comp_level; /* Compression level to use */ +- z_stream zout; /* Output compression context */ +- } BIO_ZLIB_CTX; +- +-#define ZLIB_DEFAULT_BUFSIZE 1024 ++typedef struct { ++ unsigned char *ibuf; /* Input buffer */ ++ int ibufsize; /* Buffer size */ ++ z_stream zin; /* Input decompress context */ ++ unsigned char *obuf; /* Output buffer */ ++ int obufsize; /* Output buffer size */ ++ unsigned char *optr; /* Position in output buffer */ ++ int ocount; /* Amount of data in output buffer */ ++ int odone; /* deflate EOF */ ++ int comp_level; /* Compression level to use */ ++ z_stream zout; /* Output compression context */ ++} BIO_ZLIB_CTX; ++ ++# define ZLIB_DEFAULT_BUFSIZE 1024 + + static int bio_zlib_new(BIO *bi); + static int bio_zlib_free(BIO *bi); +@@ -448,351 +435,327 @@ static int bio_zlib_write(BIO *b, const char *in, int inl); + static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); + static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); + +-static BIO_METHOD bio_meth_zlib = +- { +- BIO_TYPE_COMP, +- "zlib", +- bio_zlib_write, +- bio_zlib_read, +- NULL, +- NULL, +- bio_zlib_ctrl, +- bio_zlib_new, +- bio_zlib_free, +- bio_zlib_callback_ctrl +- }; ++static BIO_METHOD bio_meth_zlib = { ++ BIO_TYPE_COMP, ++ "zlib", ++ bio_zlib_write, ++ bio_zlib_read, ++ NULL, ++ NULL, ++ bio_zlib_ctrl, ++ bio_zlib_new, ++ bio_zlib_free, ++ bio_zlib_callback_ctrl ++}; + + BIO_METHOD *BIO_f_zlib(void) +- { +- return &bio_meth_zlib; +- } +- ++{ ++ return &bio_meth_zlib; ++} + + static int bio_zlib_new(BIO *bi) +- { +- BIO_ZLIB_CTX *ctx; +-#ifdef ZLIB_SHARED +- (void)COMP_zlib(); +- if (!zlib_loaded) +- { +- COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); +- return 0; +- } +-#endif +- ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); +- if(!ctx) +- { +- COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ctx->ibuf = NULL; +- ctx->obuf = NULL; +- ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; +- ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; +- ctx->zin.zalloc = Z_NULL; +- ctx->zin.zfree = Z_NULL; +- ctx->zin.next_in = NULL; +- ctx->zin.avail_in = 0; +- ctx->zin.next_out = NULL; +- ctx->zin.avail_out = 0; +- ctx->zout.zalloc = Z_NULL; +- ctx->zout.zfree = Z_NULL; +- ctx->zout.next_in = NULL; +- ctx->zout.avail_in = 0; +- ctx->zout.next_out = NULL; +- ctx->zout.avail_out = 0; +- ctx->odone = 0; +- ctx->comp_level = Z_DEFAULT_COMPRESSION; +- bi->init = 1; +- bi->ptr = (char *)ctx; +- bi->flags = 0; +- return 1; +- } ++{ ++ BIO_ZLIB_CTX *ctx; ++# ifdef ZLIB_SHARED ++ (void)COMP_zlib(); ++ if (!zlib_loaded) { ++ COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED); ++ return 0; ++ } ++# endif ++ ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); ++ if (!ctx) { ++ COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ctx->ibuf = NULL; ++ ctx->obuf = NULL; ++ ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; ++ ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; ++ ctx->zin.zalloc = Z_NULL; ++ ctx->zin.zfree = Z_NULL; ++ ctx->zin.next_in = NULL; ++ ctx->zin.avail_in = 0; ++ ctx->zin.next_out = NULL; ++ ctx->zin.avail_out = 0; ++ ctx->zout.zalloc = Z_NULL; ++ ctx->zout.zfree = Z_NULL; ++ ctx->zout.next_in = NULL; ++ ctx->zout.avail_in = 0; ++ ctx->zout.next_out = NULL; ++ ctx->zout.avail_out = 0; ++ ctx->odone = 0; ++ ctx->comp_level = Z_DEFAULT_COMPRESSION; ++ bi->init = 1; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return 1; ++} + + static int bio_zlib_free(BIO *bi) +- { +- BIO_ZLIB_CTX *ctx; +- if(!bi) return 0; +- ctx = (BIO_ZLIB_CTX *)bi->ptr; +- if(ctx->ibuf) +- { +- /* Destroy decompress context */ +- inflateEnd(&ctx->zin); +- OPENSSL_free(ctx->ibuf); +- } +- if(ctx->obuf) +- { +- /* Destroy compress context */ +- deflateEnd(&ctx->zout); +- OPENSSL_free(ctx->obuf); +- } +- OPENSSL_free(ctx); +- bi->ptr = NULL; +- bi->init = 0; +- bi->flags = 0; +- return 1; +- } ++{ ++ BIO_ZLIB_CTX *ctx; ++ if (!bi) ++ return 0; ++ ctx = (BIO_ZLIB_CTX *) bi->ptr; ++ if (ctx->ibuf) { ++ /* Destroy decompress context */ ++ inflateEnd(&ctx->zin); ++ OPENSSL_free(ctx->ibuf); ++ } ++ if (ctx->obuf) { ++ /* Destroy compress context */ ++ deflateEnd(&ctx->zout); ++ OPENSSL_free(ctx->obuf); ++ } ++ OPENSSL_free(ctx); ++ bi->ptr = NULL; ++ bi->init = 0; ++ bi->flags = 0; ++ return 1; ++} + + static int bio_zlib_read(BIO *b, char *out, int outl) +- { +- BIO_ZLIB_CTX *ctx; +- int ret; +- z_stream *zin; +- if(!out || !outl) return 0; +- ctx = (BIO_ZLIB_CTX *)b->ptr; +- zin = &ctx->zin; +- BIO_clear_retry_flags(b); +- if(!ctx->ibuf) +- { +- ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); +- if(!ctx->ibuf) +- { +- COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- inflateInit(zin); +- zin->next_in = ctx->ibuf; +- zin->avail_in = 0; +- } +- +- /* Copy output data directly to supplied buffer */ +- zin->next_out = (unsigned char *)out; +- zin->avail_out = (unsigned int)outl; +- for(;;) +- { +- /* Decompress while data available */ +- while(zin->avail_in) +- { +- ret = inflate(zin, 0); +- if((ret != Z_OK) && (ret != Z_STREAM_END)) +- { +- COMPerr(COMP_F_BIO_ZLIB_READ, +- COMP_R_ZLIB_INFLATE_ERROR); +- ERR_add_error_data(2, "zlib error:", +- zError(ret)); +- return 0; +- } +- /* If EOF or we've read everything then return */ +- if((ret == Z_STREAM_END) || !zin->avail_out) +- return outl - zin->avail_out; +- } +- +- /* No data in input buffer try to read some in, +- * if an error then return the total data read. +- */ +- ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); +- if(ret <= 0) +- { +- /* Total data read */ +- int tot = outl - zin->avail_out; +- BIO_copy_next_retry(b); +- if(ret < 0) return (tot > 0) ? tot : ret; +- return tot; +- } +- zin->avail_in = ret; +- zin->next_in = ctx->ibuf; +- } +- } ++{ ++ BIO_ZLIB_CTX *ctx; ++ int ret; ++ z_stream *zin; ++ if (!out || !outl) ++ return 0; ++ ctx = (BIO_ZLIB_CTX *) b->ptr; ++ zin = &ctx->zin; ++ BIO_clear_retry_flags(b); ++ if (!ctx->ibuf) { ++ ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); ++ if (!ctx->ibuf) { ++ COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ inflateInit(zin); ++ zin->next_in = ctx->ibuf; ++ zin->avail_in = 0; ++ } ++ ++ /* Copy output data directly to supplied buffer */ ++ zin->next_out = (unsigned char *)out; ++ zin->avail_out = (unsigned int)outl; ++ for (;;) { ++ /* Decompress while data available */ ++ while (zin->avail_in) { ++ ret = inflate(zin, 0); ++ if ((ret != Z_OK) && (ret != Z_STREAM_END)) { ++ COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR); ++ ERR_add_error_data(2, "zlib error:", zError(ret)); ++ return 0; ++ } ++ /* If EOF or we've read everything then return */ ++ if ((ret == Z_STREAM_END) || !zin->avail_out) ++ return outl - zin->avail_out; ++ } ++ ++ /* ++ * No data in input buffer try to read some in, if an error then ++ * return the total data read. ++ */ ++ ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); ++ if (ret <= 0) { ++ /* Total data read */ ++ int tot = outl - zin->avail_out; ++ BIO_copy_next_retry(b); ++ if (ret < 0) ++ return (tot > 0) ? tot : ret; ++ return tot; ++ } ++ zin->avail_in = ret; ++ zin->next_in = ctx->ibuf; ++ } ++} + + static int bio_zlib_write(BIO *b, const char *in, int inl) +- { +- BIO_ZLIB_CTX *ctx; +- int ret; +- z_stream *zout; +- if(!in || !inl) return 0; +- ctx = (BIO_ZLIB_CTX *)b->ptr; +- if(ctx->odone) return 0; +- zout = &ctx->zout; +- BIO_clear_retry_flags(b); +- if(!ctx->obuf) +- { +- ctx->obuf = OPENSSL_malloc(ctx->obufsize); +- /* Need error here */ +- if(!ctx->obuf) +- { +- COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ctx->optr = ctx->obuf; +- ctx->ocount = 0; +- deflateInit(zout, ctx->comp_level); +- zout->next_out = ctx->obuf; +- zout->avail_out = ctx->obufsize; +- } +- /* Obtain input data directly from supplied buffer */ +- zout->next_in = (void *)in; +- zout->avail_in = inl; +- for(;;) +- { +- /* If data in output buffer write it first */ +- while(ctx->ocount) { +- ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); +- if(ret <= 0) +- { +- /* Total data written */ +- int tot = inl - zout->avail_in; +- BIO_copy_next_retry(b); +- if(ret < 0) return (tot > 0) ? tot : ret; +- return tot; +- } +- ctx->optr += ret; +- ctx->ocount -= ret; +- } +- +- /* Have we consumed all supplied data? */ +- if(!zout->avail_in) +- return inl; +- +- /* Compress some more */ +- +- /* Reset buffer */ +- ctx->optr = ctx->obuf; +- zout->next_out = ctx->obuf; +- zout->avail_out = ctx->obufsize; +- /* Compress some more */ +- ret = deflate(zout, 0); +- if(ret != Z_OK) +- { +- COMPerr(COMP_F_BIO_ZLIB_WRITE, +- COMP_R_ZLIB_DEFLATE_ERROR); +- ERR_add_error_data(2, "zlib error:", zError(ret)); +- return 0; +- } +- ctx->ocount = ctx->obufsize - zout->avail_out; +- } +- } ++{ ++ BIO_ZLIB_CTX *ctx; ++ int ret; ++ z_stream *zout; ++ if (!in || !inl) ++ return 0; ++ ctx = (BIO_ZLIB_CTX *) b->ptr; ++ if (ctx->odone) ++ return 0; ++ zout = &ctx->zout; ++ BIO_clear_retry_flags(b); ++ if (!ctx->obuf) { ++ ctx->obuf = OPENSSL_malloc(ctx->obufsize); ++ /* Need error here */ ++ if (!ctx->obuf) { ++ COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ctx->optr = ctx->obuf; ++ ctx->ocount = 0; ++ deflateInit(zout, ctx->comp_level); ++ zout->next_out = ctx->obuf; ++ zout->avail_out = ctx->obufsize; ++ } ++ /* Obtain input data directly from supplied buffer */ ++ zout->next_in = (void *)in; ++ zout->avail_in = inl; ++ for (;;) { ++ /* If data in output buffer write it first */ ++ while (ctx->ocount) { ++ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); ++ if (ret <= 0) { ++ /* Total data written */ ++ int tot = inl - zout->avail_in; ++ BIO_copy_next_retry(b); ++ if (ret < 0) ++ return (tot > 0) ? tot : ret; ++ return tot; ++ } ++ ctx->optr += ret; ++ ctx->ocount -= ret; ++ } ++ ++ /* Have we consumed all supplied data? */ ++ if (!zout->avail_in) ++ return inl; ++ ++ /* Compress some more */ ++ ++ /* Reset buffer */ ++ ctx->optr = ctx->obuf; ++ zout->next_out = ctx->obuf; ++ zout->avail_out = ctx->obufsize; ++ /* Compress some more */ ++ ret = deflate(zout, 0); ++ if (ret != Z_OK) { ++ COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR); ++ ERR_add_error_data(2, "zlib error:", zError(ret)); ++ return 0; ++ } ++ ctx->ocount = ctx->obufsize - zout->avail_out; ++ } ++} + + static int bio_zlib_flush(BIO *b) +- { +- BIO_ZLIB_CTX *ctx; +- int ret; +- z_stream *zout; +- ctx = (BIO_ZLIB_CTX *)b->ptr; +- /* If no data written or already flush show success */ +- if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1; +- zout = &ctx->zout; +- BIO_clear_retry_flags(b); +- /* No more input data */ +- zout->next_in = NULL; +- zout->avail_in = 0; +- for(;;) +- { +- /* If data in output buffer write it first */ +- while(ctx->ocount) +- { +- ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); +- if(ret <= 0) +- { +- BIO_copy_next_retry(b); +- return ret; +- } +- ctx->optr += ret; +- ctx->ocount -= ret; +- } +- if(ctx->odone) return 1; +- +- /* Compress some more */ +- +- /* Reset buffer */ +- ctx->optr = ctx->obuf; +- zout->next_out = ctx->obuf; +- zout->avail_out = ctx->obufsize; +- /* Compress some more */ +- ret = deflate(zout, Z_FINISH); +- if(ret == Z_STREAM_END) ctx->odone = 1; +- else if(ret != Z_OK) +- { +- COMPerr(COMP_F_BIO_ZLIB_FLUSH, +- COMP_R_ZLIB_DEFLATE_ERROR); +- ERR_add_error_data(2, "zlib error:", zError(ret)); +- return 0; +- } +- ctx->ocount = ctx->obufsize - zout->avail_out; +- } +- } ++{ ++ BIO_ZLIB_CTX *ctx; ++ int ret; ++ z_stream *zout; ++ ctx = (BIO_ZLIB_CTX *) b->ptr; ++ /* If no data written or already flush show success */ ++ if (!ctx->obuf || (ctx->odone && !ctx->ocount)) ++ return 1; ++ zout = &ctx->zout; ++ BIO_clear_retry_flags(b); ++ /* No more input data */ ++ zout->next_in = NULL; ++ zout->avail_in = 0; ++ for (;;) { ++ /* If data in output buffer write it first */ ++ while (ctx->ocount) { ++ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); ++ if (ret <= 0) { ++ BIO_copy_next_retry(b); ++ return ret; ++ } ++ ctx->optr += ret; ++ ctx->ocount -= ret; ++ } ++ if (ctx->odone) ++ return 1; ++ ++ /* Compress some more */ ++ ++ /* Reset buffer */ ++ ctx->optr = ctx->obuf; ++ zout->next_out = ctx->obuf; ++ zout->avail_out = ctx->obufsize; ++ /* Compress some more */ ++ ret = deflate(zout, Z_FINISH); ++ if (ret == Z_STREAM_END) ++ ctx->odone = 1; ++ else if (ret != Z_OK) { ++ COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR); ++ ERR_add_error_data(2, "zlib error:", zError(ret)); ++ return 0; ++ } ++ ctx->ocount = ctx->obufsize - zout->avail_out; ++ } ++} + + static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- BIO_ZLIB_CTX *ctx; +- int ret, *ip; +- int ibs, obs; +- if(!b->next_bio) return 0; +- ctx = (BIO_ZLIB_CTX *)b->ptr; +- switch (cmd) +- { +- +- case BIO_CTRL_RESET: +- ctx->ocount = 0; +- ctx->odone = 0; +- ret = 1; +- break; +- +- case BIO_CTRL_FLUSH: +- ret = bio_zlib_flush(b); +- if (ret > 0) +- ret = BIO_flush(b->next_bio); +- break; +- +- case BIO_C_SET_BUFF_SIZE: +- ibs = -1; +- obs = -1; +- if (ptr != NULL) +- { +- ip = ptr; +- if (*ip == 0) +- ibs = (int) num; +- else +- obs = (int) num; +- } +- else +- { +- ibs = (int)num; +- obs = ibs; +- } +- +- if (ibs != -1) +- { +- if (ctx->ibuf) +- { +- OPENSSL_free(ctx->ibuf); +- ctx->ibuf = NULL; +- } +- ctx->ibufsize = ibs; +- } +- +- if (obs != -1) +- { +- if (ctx->obuf) +- { +- OPENSSL_free(ctx->obuf); +- ctx->obuf = NULL; +- } +- ctx->obufsize = obs; +- } +- ret = 1; +- break; +- +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- BIO_copy_next_retry(b); +- break; +- +- default: +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- break; +- } +- +- return ret; +- } ++{ ++ BIO_ZLIB_CTX *ctx; ++ int ret, *ip; ++ int ibs, obs; ++ if (!b->next_bio) ++ return 0; ++ ctx = (BIO_ZLIB_CTX *) b->ptr; ++ switch (cmd) { ++ ++ case BIO_CTRL_RESET: ++ ctx->ocount = 0; ++ ctx->odone = 0; ++ ret = 1; ++ break; ++ ++ case BIO_CTRL_FLUSH: ++ ret = bio_zlib_flush(b); ++ if (ret > 0) ++ ret = BIO_flush(b->next_bio); ++ break; ++ ++ case BIO_C_SET_BUFF_SIZE: ++ ibs = -1; ++ obs = -1; ++ if (ptr != NULL) { ++ ip = ptr; ++ if (*ip == 0) ++ ibs = (int)num; ++ else ++ obs = (int)num; ++ } else { ++ ibs = (int)num; ++ obs = ibs; ++ } ++ ++ if (ibs != -1) { ++ if (ctx->ibuf) { ++ OPENSSL_free(ctx->ibuf); ++ ctx->ibuf = NULL; ++ } ++ ctx->ibufsize = ibs; ++ } ++ ++ if (obs != -1) { ++ if (ctx->obuf) { ++ OPENSSL_free(ctx->obuf); ++ ctx->obuf = NULL; ++ } ++ ctx->obufsize = obs; ++ } ++ ret = 1; ++ break; ++ ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } + ++ return ret; ++} + + static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- if(!b->next_bio) +- return 0; +- return +- BIO_callback_ctrl(b->next_bio, cmd, fp); +- } ++{ ++ if (!b->next_bio) ++ return 0; ++ return BIO_callback_ctrl(b->next_bio, cmd, fp); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +index 187d68b..edc8819 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/comp_err.c ++++ b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,36 +66,33 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) + +-static ERR_STRING_DATA COMP_str_functs[]= +- { +-{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, +-{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, +-{ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, +-{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA COMP_str_functs[] = { ++ {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA COMP_str_reasons[]= +- { +-{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"}, +-{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"}, +-{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA COMP_str_reasons[] = { ++ {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"}, ++ {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"}, ++ {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_COMP_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,COMP_str_functs); +- ERR_load_strings(0,COMP_str_reasons); +- } ++ if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, COMP_str_functs); ++ ERR_load_strings(0, COMP_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c +index b60ae37..bd4eb7a 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c +@@ -5,68 +5,62 @@ + #include + + COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) +- { +- COMP_CTX *ret; ++{ ++ COMP_CTX *ret; + +- if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) +- { +- /* ZZZZZZZZZZZZZZZZ */ +- return(NULL); +- } +- memset(ret,0,sizeof(COMP_CTX)); +- ret->meth=meth; +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { +- OPENSSL_free(ret); +- ret=NULL; +- } +- return(ret); +- } ++ if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) { ++ /* ZZZZZZZZZZZZZZZZ */ ++ return (NULL); ++ } ++ memset(ret, 0, sizeof(COMP_CTX)); ++ ret->meth = meth; ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} + + void COMP_CTX_free(COMP_CTX *ctx) +- { +- if(ctx == NULL) +- return; ++{ ++ if (ctx == NULL) ++ return; + +- if (ctx->meth->finish != NULL) +- ctx->meth->finish(ctx); ++ if (ctx->meth->finish != NULL) ++ ctx->meth->finish(ctx); + +- OPENSSL_free(ctx); +- } ++ OPENSSL_free(ctx); ++} + + int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, +- unsigned char *in, int ilen) +- { +- int ret; +- if (ctx->meth->compress == NULL) +- { +- /* ZZZZZZZZZZZZZZZZZ */ +- return(-1); +- } +- ret=ctx->meth->compress(ctx,out,olen,in,ilen); +- if (ret > 0) +- { +- ctx->compress_in+=ilen; +- ctx->compress_out+=ret; +- } +- return(ret); +- } ++ unsigned char *in, int ilen) ++{ ++ int ret; ++ if (ctx->meth->compress == NULL) { ++ /* ZZZZZZZZZZZZZZZZZ */ ++ return (-1); ++ } ++ ret = ctx->meth->compress(ctx, out, olen, in, ilen); ++ if (ret > 0) { ++ ctx->compress_in += ilen; ++ ctx->compress_out += ret; ++ } ++ return (ret); ++} + + int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, +- unsigned char *in, int ilen) +- { +- int ret; ++ unsigned char *in, int ilen) ++{ ++ int ret; + +- if (ctx->meth->expand == NULL) +- { +- /* ZZZZZZZZZZZZZZZZZ */ +- return(-1); +- } +- ret=ctx->meth->expand(ctx,out,olen,in,ilen); +- if (ret > 0) +- { +- ctx->expand_in+=ilen; +- ctx->expand_out+=ret; +- } +- return(ret); +- } ++ if (ctx->meth->expand == NULL) { ++ /* ZZZZZZZZZZZZZZZZZ */ ++ return (-1); ++ } ++ ret = ctx->meth->expand(ctx, out, olen, in, ilen); ++ if (ret > 0) { ++ ctx->expand_in += ilen; ++ ctx->expand_out += ret; ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +index 55d1d50..d994ef8 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,7 +59,7 @@ + /* Part of the code in here was originally in conf.c, which is now removed */ + + #ifndef CONF_DEBUG +-# undef NDEBUG /* avoid conflicting definitions */ ++# undef NDEBUG /* avoid conflicting definitions */ + # define NDEBUG + #endif + +@@ -71,239 +71,240 @@ + #include "e_os.h" + + static void value_free_hash(CONF_VALUE *a, LHASH *conf); +-static void value_free_stack(CONF_VALUE *a,LHASH *conf); ++static void value_free_stack(CONF_VALUE *a, LHASH *conf); + static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *) + static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *) +-/* We don't use function pointer casting or wrapper functions - but cast each +- * callback parameter inside the callback functions. */ ++/* ++ * We don't use function pointer casting or wrapper functions - but cast each ++ * callback parameter inside the callback functions. ++ */ + /* static unsigned long hash(CONF_VALUE *v); */ + static unsigned long hash(const void *v_void); + /* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */ +-static int cmp_conf(const void *a_void,const void *b_void); ++static int cmp_conf(const void *a_void, const void *b_void); + + /* Up until OpenSSL 0.9.5a, this was get_section */ + CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) +- { +- CONF_VALUE *v,vv; ++{ ++ CONF_VALUE *v, vv; + +- if ((conf == NULL) || (section == NULL)) return(NULL); +- vv.name=NULL; +- vv.section=(char *)section; +- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); +- return(v); +- } ++ if ((conf == NULL) || (section == NULL)) ++ return (NULL); ++ vv.name = NULL; ++ vv.section = (char *)section; ++ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); ++ return (v); ++} + + /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ + STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, +- const char *section) +- { +- CONF_VALUE *v; ++ const char *section) ++{ ++ CONF_VALUE *v; + +- v=_CONF_get_section(conf,section); +- if (v != NULL) +- return((STACK_OF(CONF_VALUE) *)v->value); +- else +- return(NULL); +- } ++ v = _CONF_get_section(conf, section); ++ if (v != NULL) ++ return ((STACK_OF(CONF_VALUE) *)v->value); ++ else ++ return (NULL); ++} + + int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) +- { +- CONF_VALUE *v = NULL; +- STACK_OF(CONF_VALUE) *ts; +- +- ts = (STACK_OF(CONF_VALUE) *)section->value; +- +- value->section=section->section; +- if (!sk_CONF_VALUE_push(ts,value)) +- { +- return 0; +- } +- +- v = (CONF_VALUE *)lh_insert(conf->data, value); +- if (v != NULL) +- { +- (void)sk_CONF_VALUE_delete_ptr(ts,v); +- OPENSSL_free(v->name); +- OPENSSL_free(v->value); +- OPENSSL_free(v); +- } +- return 1; +- } +- +-char *_CONF_get_string(const CONF *conf, const char *section, const char *name) +- { +- CONF_VALUE *v,vv; +- char *p; +- +- if (name == NULL) return(NULL); +- if (conf != NULL) +- { +- if (section != NULL) +- { +- vv.name=(char *)name; +- vv.section=(char *)section; +- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); +- if (v != NULL) return(v->value); +- if (strcmp(section,"ENV") == 0) +- { +- p=Getenv(name); +- if (p != NULL) return(p); +- } +- } +- vv.section="default"; +- vv.name=(char *)name; +- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); +- if (v != NULL) +- return(v->value); +- else +- return(NULL); +- } +- else +- return(Getenv(name)); +- } +- +-#if 0 /* There's no way to provide error checking with this function, so +- force implementors of the higher levels to get a string and read +- the number themselves. */ ++{ ++ CONF_VALUE *v = NULL; ++ STACK_OF(CONF_VALUE) *ts; ++ ++ ts = (STACK_OF(CONF_VALUE) *)section->value; ++ ++ value->section = section->section; ++ if (!sk_CONF_VALUE_push(ts, value)) { ++ return 0; ++ } ++ ++ v = (CONF_VALUE *)lh_insert(conf->data, value); ++ if (v != NULL) { ++ (void)sk_CONF_VALUE_delete_ptr(ts, v); ++ OPENSSL_free(v->name); ++ OPENSSL_free(v->value); ++ OPENSSL_free(v); ++ } ++ return 1; ++} ++ ++char *_CONF_get_string(const CONF *conf, const char *section, ++ const char *name) ++{ ++ CONF_VALUE *v, vv; ++ char *p; ++ ++ if (name == NULL) ++ return (NULL); ++ if (conf != NULL) { ++ if (section != NULL) { ++ vv.name = (char *)name; ++ vv.section = (char *)section; ++ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); ++ if (v != NULL) ++ return (v->value); ++ if (strcmp(section, "ENV") == 0) { ++ p = Getenv(name); ++ if (p != NULL) ++ return (p); ++ } ++ } ++ vv.section = "default"; ++ vv.name = (char *)name; ++ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv); ++ if (v != NULL) ++ return (v->value); ++ else ++ return (NULL); ++ } else ++ return (Getenv(name)); ++} ++ ++#if 0 /* There's no way to provide error checking ++ * with this function, so force implementors ++ * of the higher levels to get a string and ++ * read the number themselves. */ + long _CONF_get_number(CONF *conf, char *section, char *name) +- { +- char *str; +- long ret=0; +- +- str=_CONF_get_string(conf,section,name); +- if (str == NULL) return(0); +- for (;;) +- { +- if (conf->meth->is_number(conf, *str)) +- ret=ret*10+conf->meth->to_int(conf, *str); +- else +- return(ret); +- str++; +- } +- } ++{ ++ char *str; ++ long ret = 0; ++ ++ str = _CONF_get_string(conf, section, name); ++ if (str == NULL) ++ return (0); ++ for (;;) { ++ if (conf->meth->is_number(conf, *str)) ++ ret = ret * 10 + conf->meth->to_int(conf, *str); ++ else ++ return (ret); ++ str++; ++ } ++} + #endif + + int _CONF_new_data(CONF *conf) +- { +- if (conf == NULL) +- { +- return 0; +- } +- if (conf->data == NULL) +- if ((conf->data = lh_new(hash, cmp_conf)) == NULL) +- { +- return 0; +- } +- return 1; +- } ++{ ++ if (conf == NULL) { ++ return 0; ++ } ++ if (conf->data == NULL) ++ if ((conf->data = lh_new(hash, cmp_conf)) == NULL) { ++ return 0; ++ } ++ return 1; ++} + + void _CONF_free_data(CONF *conf) +- { +- if (conf == NULL || conf->data == NULL) return; ++{ ++ if (conf == NULL || conf->data == NULL) ++ return; + +- conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' +- * works as expected */ +- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), +- conf->data); ++ conf->data->down_load = 0; /* evil thing to make sure the ++ * 'OPENSSL_free()' works as expected */ ++ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), conf->data); + +- /* We now have only 'section' entries in the hash table. +- * Due to problems with */ ++ /* ++ * We now have only 'section' entries in the hash table. Due to problems ++ * with ++ */ + +- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), +- conf->data); +- lh_free(conf->data); +- } ++ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), ++ conf->data); ++ lh_free(conf->data); ++} + + static void value_free_hash(CONF_VALUE *a, LHASH *conf) +- { +- if (a->name != NULL) +- { +- a=(CONF_VALUE *)lh_delete(conf,a); +- } +- } ++{ ++ if (a->name != NULL) { ++ a = (CONF_VALUE *)lh_delete(conf, a); ++ } ++} + + static void value_free_stack(CONF_VALUE *a, LHASH *conf) +- { +- CONF_VALUE *vv; +- STACK *sk; +- int i; +- +- if (a->name != NULL) return; +- +- sk=(STACK *)a->value; +- for (i=sk_num(sk)-1; i>=0; i--) +- { +- vv=(CONF_VALUE *)sk_value(sk,i); +- OPENSSL_free(vv->value); +- OPENSSL_free(vv->name); +- OPENSSL_free(vv); +- } +- if (sk != NULL) sk_free(sk); +- OPENSSL_free(a->section); +- OPENSSL_free(a); +- } ++{ ++ CONF_VALUE *vv; ++ STACK *sk; ++ int i; ++ ++ if (a->name != NULL) ++ return; ++ ++ sk = (STACK *) a->value; ++ for (i = sk_num(sk) - 1; i >= 0; i--) { ++ vv = (CONF_VALUE *)sk_value(sk, i); ++ OPENSSL_free(vv->value); ++ OPENSSL_free(vv->name); ++ OPENSSL_free(vv); ++ } ++ if (sk != NULL) ++ sk_free(sk); ++ OPENSSL_free(a->section); ++ OPENSSL_free(a); ++} + + /* static unsigned long hash(CONF_VALUE *v) */ + static unsigned long hash(const void *v_void) +- { +- CONF_VALUE *v = (CONF_VALUE *)v_void; +- return((lh_strhash(v->section)<<2)^lh_strhash(v->name)); +- } ++{ ++ CONF_VALUE *v = (CONF_VALUE *)v_void; ++ return ((lh_strhash(v->section) << 2) ^ lh_strhash(v->name)); ++} + + /* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */ +-static int cmp_conf(const void *a_void,const void *b_void) +- { +- int i; +- CONF_VALUE *a = (CONF_VALUE *)a_void; +- CONF_VALUE *b = (CONF_VALUE *)b_void; +- +- if (a->section != b->section) +- { +- i=strcmp(a->section,b->section); +- if (i) return(i); +- } +- +- if ((a->name != NULL) && (b->name != NULL)) +- { +- i=strcmp(a->name,b->name); +- return(i); +- } +- else if (a->name == b->name) +- return(0); +- else +- return((a->name == NULL)?-1:1); +- } ++static int cmp_conf(const void *a_void, const void *b_void) ++{ ++ int i; ++ CONF_VALUE *a = (CONF_VALUE *)a_void; ++ CONF_VALUE *b = (CONF_VALUE *)b_void; ++ ++ if (a->section != b->section) { ++ i = strcmp(a->section, b->section); ++ if (i) ++ return (i); ++ } ++ ++ if ((a->name != NULL) && (b->name != NULL)) { ++ i = strcmp(a->name, b->name); ++ return (i); ++ } else if (a->name == b->name) ++ return (0); ++ else ++ return ((a->name == NULL) ? -1 : 1); ++} + + /* Up until OpenSSL 0.9.5a, this was new_section */ + CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) +- { +- STACK *sk=NULL; +- int ok=0,i; +- CONF_VALUE *v=NULL,*vv; +- +- if ((sk=sk_new_null()) == NULL) +- goto err; +- if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) +- goto err; +- i=strlen(section)+1; +- if ((v->section=(char *)OPENSSL_malloc(i)) == NULL) +- goto err; +- +- memcpy(v->section,section,i); +- v->name=NULL; +- v->value=(char *)sk; +- +- vv=(CONF_VALUE *)lh_insert(conf->data,v); +- OPENSSL_assert(vv == NULL); +- ok=1; +-err: +- if (!ok) +- { +- if (sk != NULL) sk_free(sk); +- if (v != NULL) OPENSSL_free(v); +- v=NULL; +- } +- return(v); +- } ++{ ++ STACK *sk = NULL; ++ int ok = 0, i; ++ CONF_VALUE *v = NULL, *vv; ++ ++ if ((sk = sk_new_null()) == NULL) ++ goto err; ++ if ((v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) ++ goto err; ++ i = strlen(section) + 1; ++ if ((v->section = (char *)OPENSSL_malloc(i)) == NULL) ++ goto err; ++ ++ memcpy(v->section, section, i); ++ v->name = NULL; ++ v->value = (char *)sk; ++ ++ vv = (CONF_VALUE *)lh_insert(conf->data, v); ++ OPENSSL_assert(vv == NULL); ++ ok = 1; ++ err: ++ if (!ok) { ++ if (sk != NULL) ++ sk_free(sk); ++ if (v != NULL) ++ OPENSSL_free(v); ++ v = NULL; ++ } ++ return (v); ++} + + IMPLEMENT_STACK_OF(CONF_VALUE) +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +index a168339..8ca68e1 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -72,10 +72,10 @@ + static char *eat_ws(CONF *conf, char *p); + static char *eat_alpha_numeric(CONF *conf, char *p); + static void clear_comments(CONF *conf, char *p); +-static int str_copy(CONF *conf,char *section,char **to, char *from); ++static int str_copy(CONF *conf, char *section, char **to, char *from); + static char *scan_quote(CONF *conf, char *p); + static char *scan_dquote(CONF *conf, char *p); +-#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) ++#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) + + static CONF *def_create(CONF_METHOD *meth); + static int def_init_default(CONF *conf); +@@ -88,660 +88,622 @@ static int def_dump(const CONF *conf, BIO *bp); + static int def_is_number(const CONF *conf, char c); + static int def_to_int(const CONF *conf, char c); + +-const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT; ++const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT; + + static CONF_METHOD default_method = { +- "OpenSSL default", +- def_create, +- def_init_default, +- def_destroy, +- def_destroy_data, +- def_load_bio, +- def_dump, +- def_is_number, +- def_to_int, +- def_load +- }; ++ "OpenSSL default", ++ def_create, ++ def_init_default, ++ def_destroy, ++ def_destroy_data, ++ def_load_bio, ++ def_dump, ++ def_is_number, ++ def_to_int, ++ def_load ++}; + + static CONF_METHOD WIN32_method = { +- "WIN32", +- def_create, +- def_init_WIN32, +- def_destroy, +- def_destroy_data, +- def_load_bio, +- def_dump, +- def_is_number, +- def_to_int, +- def_load +- }; ++ "WIN32", ++ def_create, ++ def_init_WIN32, ++ def_destroy, ++ def_destroy_data, ++ def_load_bio, ++ def_dump, ++ def_is_number, ++ def_to_int, ++ def_load ++}; + + CONF_METHOD *NCONF_default() +- { +- return &default_method; +- } ++{ ++ return &default_method; ++} ++ + CONF_METHOD *NCONF_WIN32() +- { +- return &WIN32_method; +- } ++{ ++ return &WIN32_method; ++} + + static CONF *def_create(CONF_METHOD *meth) +- { +- CONF *ret; +- +- ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); +- if (ret) +- if (meth->init(ret) == 0) +- { +- OPENSSL_free(ret); +- ret = NULL; +- } +- return ret; +- } +- ++{ ++ CONF *ret; ++ ++ ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); ++ if (ret) ++ if (meth->init(ret) == 0) { ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return ret; ++} ++ + static int def_init_default(CONF *conf) +- { +- if (conf == NULL) +- return 0; ++{ ++ if (conf == NULL) ++ return 0; + +- conf->meth = &default_method; +- conf->meth_data = (void *)CONF_type_default; +- conf->data = NULL; ++ conf->meth = &default_method; ++ conf->meth_data = (void *)CONF_type_default; ++ conf->data = NULL; + +- return 1; +- } ++ return 1; ++} + + static int def_init_WIN32(CONF *conf) +- { +- if (conf == NULL) +- return 0; ++{ ++ if (conf == NULL) ++ return 0; + +- conf->meth = &WIN32_method; +- conf->meth_data = (void *)CONF_type_win32; +- conf->data = NULL; ++ conf->meth = &WIN32_method; ++ conf->meth_data = (void *)CONF_type_win32; ++ conf->data = NULL; + +- return 1; +- } ++ return 1; ++} + + static int def_destroy(CONF *conf) +- { +- if (def_destroy_data(conf)) +- { +- OPENSSL_free(conf); +- return 1; +- } +- return 0; +- } ++{ ++ if (def_destroy_data(conf)) { ++ OPENSSL_free(conf); ++ return 1; ++ } ++ return 0; ++} + + static int def_destroy_data(CONF *conf) +- { +- if (conf == NULL) +- return 0; +- _CONF_free_data(conf); +- return 1; +- } ++{ ++ if (conf == NULL) ++ return 0; ++ _CONF_free_data(conf); ++ return 1; ++} + + static int def_load(CONF *conf, const char *name, long *line) +- { +- int ret; +- BIO *in=NULL; ++{ ++ int ret; ++ BIO *in = NULL; + + #ifdef OPENSSL_SYS_VMS +- in=BIO_new_file(name, "r"); ++ in = BIO_new_file(name, "r"); + #else +- in=BIO_new_file(name, "rb"); ++ in = BIO_new_file(name, "rb"); + #endif +- if (in == NULL) +- { +- if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) +- CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE); +- else +- CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB); +- return 0; +- } ++ if (in == NULL) { ++ if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) ++ CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE); ++ else ++ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB); ++ return 0; ++ } + +- ret = def_load_bio(conf, in, line); +- BIO_free(in); ++ ret = def_load_bio(conf, in, line); ++ BIO_free(in); + +- return ret; +- } ++ return ret; ++} + + static int def_load_bio(CONF *conf, BIO *in, long *line) +- { ++{ + /* The macro BUFSIZE conflicts with a system macro in VxWorks */ +-#define CONFBUFSIZE 512 +- int bufnum=0,i,ii; +- BUF_MEM *buff=NULL; +- char *s,*p,*end; +- int again; +- long eline=0; +- char btmp[DECIMAL_SIZE(eline)+1]; +- CONF_VALUE *v=NULL,*tv; +- CONF_VALUE *sv=NULL; +- char *section=NULL,*buf; +-/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/ +-/* STACK_OF(CONF_VALUE) *ts=NULL;*/ +- char *start,*psection,*pname; +- void *h = (void *)(conf->data); +- +- if ((buff=BUF_MEM_new()) == NULL) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); +- goto err; +- } +- +- section=(char *)OPENSSL_malloc(10); +- if (section == NULL) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- BUF_strlcpy(section,"default",10); +- +- if (_CONF_new_data(conf) == 0) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- sv=_CONF_new_section(conf,section); +- if (sv == NULL) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- CONF_R_UNABLE_TO_CREATE_NEW_SECTION); +- goto err; +- } +-/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ +- +- bufnum=0; +- again=0; +- for (;;) +- { +- if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE)) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB); +- goto err; +- } +- p= &(buff->data[bufnum]); +- *p='\0'; +- BIO_gets(in, p, CONFBUFSIZE-1); +- p[CONFBUFSIZE-1]='\0'; +- ii=i=strlen(p); +- if (i == 0 && !again) break; +- again=0; +- while (i > 0) +- { +- if ((p[i-1] != '\r') && (p[i-1] != '\n')) +- break; +- else +- i--; +- } +- /* we removed some trailing stuff so there is a new +- * line on the end. */ +- if (ii && i == ii) +- again=1; /* long line */ +- else +- { +- p[i]='\0'; +- eline++; /* another input line */ +- } +- +- /* we now have a line with trailing \r\n removed */ +- +- /* i is the number of bytes */ +- bufnum+=i; +- +- v=NULL; +- /* check for line continuation */ +- if (bufnum >= 1) +- { +- /* If we have bytes and the last char '\\' and +- * second last char is not '\\' */ +- p= &(buff->data[bufnum-1]); +- if (IS_ESC(conf,p[0]) && +- ((bufnum <= 1) || !IS_ESC(conf,p[-1]))) +- { +- bufnum--; +- again=1; +- } +- } +- if (again) continue; +- bufnum=0; +- buf=buff->data; +- +- clear_comments(conf, buf); +- s=eat_ws(conf, buf); +- if (IS_EOF(conf,*s)) continue; /* blank line */ +- if (*s == '[') +- { +- char *ss; +- +- s++; +- start=eat_ws(conf, s); +- ss=start; +-again: +- end=eat_alpha_numeric(conf, ss); +- p=eat_ws(conf, end); +- if (*p != ']') +- { +- if (*p != '\0' && ss != p) +- { +- ss=p; +- goto again; +- } +- CONFerr(CONF_F_DEF_LOAD_BIO, +- CONF_R_MISSING_CLOSE_SQUARE_BRACKET); +- goto err; +- } +- *end='\0'; +- if (!str_copy(conf,NULL,§ion,start)) goto err; +- if ((sv=_CONF_get_section(conf,section)) == NULL) +- sv=_CONF_new_section(conf,section); +- if (sv == NULL) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- CONF_R_UNABLE_TO_CREATE_NEW_SECTION); +- goto err; +- } +-/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ +- continue; +- } +- else +- { +- pname=s; +- psection=NULL; +- end=eat_alpha_numeric(conf, s); +- if ((end[0] == ':') && (end[1] == ':')) +- { +- *end='\0'; +- end+=2; +- psection=pname; +- pname=end; +- end=eat_alpha_numeric(conf, end); +- } +- p=eat_ws(conf, end); +- if (*p != '=') +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- CONF_R_MISSING_EQUAL_SIGN); +- goto err; +- } +- *end='\0'; +- p++; +- start=eat_ws(conf, p); +- while (!IS_EOF(conf,*p)) +- p++; +- p--; +- while ((p != start) && (IS_WS(conf,*p))) +- p--; +- p++; +- *p='\0'; +- +- if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (psection == NULL) psection=section; +- v->name=(char *)OPENSSL_malloc(strlen(pname)+1); +- v->value=NULL; +- if (v->name == NULL) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- BUF_strlcpy(v->name,pname,strlen(pname)+1); +- if (!str_copy(conf,psection,&(v->value),start)) goto err; +- +- if (strcmp(psection,section) != 0) +- { +- if ((tv=_CONF_get_section(conf,psection)) +- == NULL) +- tv=_CONF_new_section(conf,psection); +- if (tv == NULL) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- CONF_R_UNABLE_TO_CREATE_NEW_SECTION); +- goto err; +- } +-/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/ +- } +- else +- { +- tv=sv; +-/* ts=section_sk;*/ +- } ++#define CONFBUFSIZE 512 ++ int bufnum = 0, i, ii; ++ BUF_MEM *buff = NULL; ++ char *s, *p, *end; ++ int again; ++ long eline = 0; ++ char btmp[DECIMAL_SIZE(eline) + 1]; ++ CONF_VALUE *v = NULL, *tv; ++ CONF_VALUE *sv = NULL; ++ char *section = NULL, *buf; ++/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/ ++/* STACK_OF(CONF_VALUE) *ts=NULL;*/ ++ char *start, *psection, *pname; ++ void *h = (void *)(conf->data); ++ ++ if ((buff = BUF_MEM_new()) == NULL) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); ++ goto err; ++ } ++ ++ section = (char *)OPENSSL_malloc(10); ++ if (section == NULL) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ BUF_strlcpy(section, "default", 10); ++ ++ if (_CONF_new_data(conf) == 0) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ sv = _CONF_new_section(conf, section); ++ if (sv == NULL) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); ++ goto err; ++ } ++/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ ++ ++ bufnum = 0; ++ again = 0; ++ for (;;) { ++ if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB); ++ goto err; ++ } ++ p = &(buff->data[bufnum]); ++ *p = '\0'; ++ BIO_gets(in, p, CONFBUFSIZE - 1); ++ p[CONFBUFSIZE - 1] = '\0'; ++ ii = i = strlen(p); ++ if (i == 0 && !again) ++ break; ++ again = 0; ++ while (i > 0) { ++ if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) ++ break; ++ else ++ i--; ++ } ++ /* ++ * we removed some trailing stuff so there is a new line on the end. ++ */ ++ if (ii && i == ii) ++ again = 1; /* long line */ ++ else { ++ p[i] = '\0'; ++ eline++; /* another input line */ ++ } ++ ++ /* we now have a line with trailing \r\n removed */ ++ ++ /* i is the number of bytes */ ++ bufnum += i; ++ ++ v = NULL; ++ /* check for line continuation */ ++ if (bufnum >= 1) { ++ /* ++ * If we have bytes and the last char '\\' and second last char ++ * is not '\\' ++ */ ++ p = &(buff->data[bufnum - 1]); ++ if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { ++ bufnum--; ++ again = 1; ++ } ++ } ++ if (again) ++ continue; ++ bufnum = 0; ++ buf = buff->data; ++ ++ clear_comments(conf, buf); ++ s = eat_ws(conf, buf); ++ if (IS_EOF(conf, *s)) ++ continue; /* blank line */ ++ if (*s == '[') { ++ char *ss; ++ ++ s++; ++ start = eat_ws(conf, s); ++ ss = start; ++ again: ++ end = eat_alpha_numeric(conf, ss); ++ p = eat_ws(conf, end); ++ if (*p != ']') { ++ if (*p != '\0' && ss != p) { ++ ss = p; ++ goto again; ++ } ++ CONFerr(CONF_F_DEF_LOAD_BIO, ++ CONF_R_MISSING_CLOSE_SQUARE_BRACKET); ++ goto err; ++ } ++ *end = '\0'; ++ if (!str_copy(conf, NULL, §ion, start)) ++ goto err; ++ if ((sv = _CONF_get_section(conf, section)) == NULL) ++ sv = _CONF_new_section(conf, section); ++ if (sv == NULL) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ++ CONF_R_UNABLE_TO_CREATE_NEW_SECTION); ++ goto err; ++ } ++/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/ ++ continue; ++ } else { ++ pname = s; ++ psection = NULL; ++ end = eat_alpha_numeric(conf, s); ++ if ((end[0] == ':') && (end[1] == ':')) { ++ *end = '\0'; ++ end += 2; ++ psection = pname; ++ pname = end; ++ end = eat_alpha_numeric(conf, end); ++ } ++ p = eat_ws(conf, end); ++ if (*p != '=') { ++ CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN); ++ goto err; ++ } ++ *end = '\0'; ++ p++; ++ start = eat_ws(conf, p); ++ while (!IS_EOF(conf, *p)) ++ p++; ++ p--; ++ while ((p != start) && (IS_WS(conf, *p))) ++ p--; ++ p++; ++ *p = '\0'; ++ ++ if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (psection == NULL) ++ psection = section; ++ v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); ++ v->value = NULL; ++ if (v->name == NULL) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ BUF_strlcpy(v->name, pname, strlen(pname) + 1); ++ if (!str_copy(conf, psection, &(v->value), start)) ++ goto err; ++ ++ if (strcmp(psection, section) != 0) { ++ if ((tv = _CONF_get_section(conf, psection)) ++ == NULL) ++ tv = _CONF_new_section(conf, psection); ++ if (tv == NULL) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ++ CONF_R_UNABLE_TO_CREATE_NEW_SECTION); ++ goto err; ++ } ++/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/ ++ } else { ++ tv = sv; ++/* ts=section_sk;*/ ++ } + #if 1 +- if (_CONF_add_string(conf, tv, v) == 0) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ if (_CONF_add_string(conf, tv, v) == 0) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + #else +- v->section=tv->section; +- if (!sk_CONF_VALUE_push(ts,v)) +- { +- CONFerr(CONF_F_DEF_LOAD_BIO, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- vv=(CONF_VALUE *)lh_insert(conf->data,v); +- if (vv != NULL) +- { +- sk_CONF_VALUE_delete_ptr(ts,vv); +- OPENSSL_free(vv->name); +- OPENSSL_free(vv->value); +- OPENSSL_free(vv); +- } ++ v->section = tv->section; ++ if (!sk_CONF_VALUE_push(ts, v)) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ vv = (CONF_VALUE *)lh_insert(conf->data, v); ++ if (vv != NULL) { ++ sk_CONF_VALUE_delete_ptr(ts, vv); ++ OPENSSL_free(vv->name); ++ OPENSSL_free(vv->value); ++ OPENSSL_free(vv); ++ } + #endif +- v=NULL; +- } +- } +- if (buff != NULL) BUF_MEM_free(buff); +- if (section != NULL) OPENSSL_free(section); +- return(1); +-err: +- if (buff != NULL) BUF_MEM_free(buff); +- if (section != NULL) OPENSSL_free(section); +- if (line != NULL) *line=eline; +- BIO_snprintf(btmp,sizeof btmp,"%ld",eline); +- ERR_add_error_data(2,"line ",btmp); +- if ((h != conf->data) && (conf->data != NULL)) +- { +- CONF_free(conf->data); +- conf->data=NULL; +- } +- if (v != NULL) +- { +- if (v->name != NULL) OPENSSL_free(v->name); +- if (v->value != NULL) OPENSSL_free(v->value); +- if (v != NULL) OPENSSL_free(v); +- } +- return(0); +- } ++ v = NULL; ++ } ++ } ++ if (buff != NULL) ++ BUF_MEM_free(buff); ++ if (section != NULL) ++ OPENSSL_free(section); ++ return (1); ++ err: ++ if (buff != NULL) ++ BUF_MEM_free(buff); ++ if (section != NULL) ++ OPENSSL_free(section); ++ if (line != NULL) ++ *line = eline; ++ BIO_snprintf(btmp, sizeof btmp, "%ld", eline); ++ ERR_add_error_data(2, "line ", btmp); ++ if ((h != conf->data) && (conf->data != NULL)) { ++ CONF_free(conf->data); ++ conf->data = NULL; ++ } ++ if (v != NULL) { ++ if (v->name != NULL) ++ OPENSSL_free(v->name); ++ if (v->value != NULL) ++ OPENSSL_free(v->value); ++ if (v != NULL) ++ OPENSSL_free(v); ++ } ++ return (0); ++} + + static void clear_comments(CONF *conf, char *p) +- { +- for (;;) +- { +- if (IS_FCOMMENT(conf,*p)) +- { +- *p='\0'; +- return; +- } +- if (!IS_WS(conf,*p)) +- { +- break; +- } +- p++; +- } +- +- for (;;) +- { +- if (IS_COMMENT(conf,*p)) +- { +- *p='\0'; +- return; +- } +- if (IS_DQUOTE(conf,*p)) +- { +- p=scan_dquote(conf, p); +- continue; +- } +- if (IS_QUOTE(conf,*p)) +- { +- p=scan_quote(conf, p); +- continue; +- } +- if (IS_ESC(conf,*p)) +- { +- p=scan_esc(conf,p); +- continue; +- } +- if (IS_EOF(conf,*p)) +- return; +- else +- p++; +- } +- } ++{ ++ for (;;) { ++ if (IS_FCOMMENT(conf, *p)) { ++ *p = '\0'; ++ return; ++ } ++ if (!IS_WS(conf, *p)) { ++ break; ++ } ++ p++; ++ } ++ ++ for (;;) { ++ if (IS_COMMENT(conf, *p)) { ++ *p = '\0'; ++ return; ++ } ++ if (IS_DQUOTE(conf, *p)) { ++ p = scan_dquote(conf, p); ++ continue; ++ } ++ if (IS_QUOTE(conf, *p)) { ++ p = scan_quote(conf, p); ++ continue; ++ } ++ if (IS_ESC(conf, *p)) { ++ p = scan_esc(conf, p); ++ continue; ++ } ++ if (IS_EOF(conf, *p)) ++ return; ++ else ++ p++; ++ } ++} + + static int str_copy(CONF *conf, char *section, char **pto, char *from) +- { +- int q,r,rr=0,to=0,len=0; +- char *s,*e,*rp,*p,*rrp,*np,*cp,v; +- BUF_MEM *buf; +- +- if ((buf=BUF_MEM_new()) == NULL) return(0); +- +- len=strlen(from)+1; +- if (!BUF_MEM_grow(buf,len)) goto err; +- +- for (;;) +- { +- if (IS_QUOTE(conf,*from)) +- { +- q= *from; +- from++; +- while (!IS_EOF(conf,*from) && (*from != q)) +- { +- if (IS_ESC(conf,*from)) +- { +- from++; +- if (IS_EOF(conf,*from)) break; +- } +- buf->data[to++]= *(from++); +- } +- if (*from == q) from++; +- } +- else if (IS_DQUOTE(conf,*from)) +- { +- q= *from; +- from++; +- while (!IS_EOF(conf,*from)) +- { +- if (*from == q) +- { +- if (*(from+1) == q) +- { +- from++; +- } +- else +- { +- break; +- } +- } +- buf->data[to++]= *(from++); +- } +- if (*from == q) from++; +- } +- else if (IS_ESC(conf,*from)) +- { +- from++; +- v= *(from++); +- if (IS_EOF(conf,v)) break; +- else if (v == 'r') v='\r'; +- else if (v == 'n') v='\n'; +- else if (v == 'b') v='\b'; +- else if (v == 't') v='\t'; +- buf->data[to++]= v; +- } +- else if (IS_EOF(conf,*from)) +- break; +- else if (*from == '$') +- { +- /* try to expand it */ +- rrp=NULL; +- s= &(from[1]); +- if (*s == '{') +- q='}'; +- else if (*s == '(') +- q=')'; +- else q=0; +- +- if (q) s++; +- cp=section; +- e=np=s; +- while (IS_ALPHA_NUMERIC(conf,*e)) +- e++; +- if ((e[0] == ':') && (e[1] == ':')) +- { +- cp=np; +- rrp=e; +- rr= *e; +- *rrp='\0'; +- e+=2; +- np=e; +- while (IS_ALPHA_NUMERIC(conf,*e)) +- e++; +- } +- r= *e; +- *e='\0'; +- rp=e; +- if (q) +- { +- if (r != q) +- { +- CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE); +- goto err; +- } +- e++; +- } +- /* So at this point we have +- * np which is the start of the name string which is +- * '\0' terminated. +- * cp which is the start of the section string which is +- * '\0' terminated. +- * e is the 'next point after'. +- * r and rr are the chars replaced by the '\0' +- * rp and rrp is where 'r' and 'rr' came from. +- */ +- p=_CONF_get_string(conf,cp,np); +- if (rrp != NULL) *rrp=rr; +- *rp=r; +- if (p == NULL) +- { +- CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); +- goto err; +- } +- BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from))); +- while (*p) +- buf->data[to++]= *(p++); +- +- /* Since we change the pointer 'from', we also have +- to change the perceived length of the string it +- points at. /RL */ +- len -= e-from; +- from=e; +- +- /* In case there were no braces or parenthesis around +- the variable reference, we have to put back the +- character that was replaced with a '\0'. /RL */ +- *rp = r; +- } +- else +- buf->data[to++]= *(from++); +- } +- buf->data[to]='\0'; +- if (*pto != NULL) OPENSSL_free(*pto); +- *pto=buf->data; +- OPENSSL_free(buf); +- return(1); +-err: +- if (buf != NULL) BUF_MEM_free(buf); +- return(0); +- } ++{ ++ int q, r, rr = 0, to = 0, len = 0; ++ char *s, *e, *rp, *p, *rrp, *np, *cp, v; ++ BUF_MEM *buf; ++ ++ if ((buf = BUF_MEM_new()) == NULL) ++ return (0); ++ ++ len = strlen(from) + 1; ++ if (!BUF_MEM_grow(buf, len)) ++ goto err; ++ ++ for (;;) { ++ if (IS_QUOTE(conf, *from)) { ++ q = *from; ++ from++; ++ while (!IS_EOF(conf, *from) && (*from != q)) { ++ if (IS_ESC(conf, *from)) { ++ from++; ++ if (IS_EOF(conf, *from)) ++ break; ++ } ++ buf->data[to++] = *(from++); ++ } ++ if (*from == q) ++ from++; ++ } else if (IS_DQUOTE(conf, *from)) { ++ q = *from; ++ from++; ++ while (!IS_EOF(conf, *from)) { ++ if (*from == q) { ++ if (*(from + 1) == q) { ++ from++; ++ } else { ++ break; ++ } ++ } ++ buf->data[to++] = *(from++); ++ } ++ if (*from == q) ++ from++; ++ } else if (IS_ESC(conf, *from)) { ++ from++; ++ v = *(from++); ++ if (IS_EOF(conf, v)) ++ break; ++ else if (v == 'r') ++ v = '\r'; ++ else if (v == 'n') ++ v = '\n'; ++ else if (v == 'b') ++ v = '\b'; ++ else if (v == 't') ++ v = '\t'; ++ buf->data[to++] = v; ++ } else if (IS_EOF(conf, *from)) ++ break; ++ else if (*from == '$') { ++ /* try to expand it */ ++ rrp = NULL; ++ s = &(from[1]); ++ if (*s == '{') ++ q = '}'; ++ else if (*s == '(') ++ q = ')'; ++ else ++ q = 0; ++ ++ if (q) ++ s++; ++ cp = section; ++ e = np = s; ++ while (IS_ALPHA_NUMERIC(conf, *e)) ++ e++; ++ if ((e[0] == ':') && (e[1] == ':')) { ++ cp = np; ++ rrp = e; ++ rr = *e; ++ *rrp = '\0'; ++ e += 2; ++ np = e; ++ while (IS_ALPHA_NUMERIC(conf, *e)) ++ e++; ++ } ++ r = *e; ++ *e = '\0'; ++ rp = e; ++ if (q) { ++ if (r != q) { ++ CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE); ++ goto err; ++ } ++ e++; ++ } ++ /*- ++ * So at this point we have ++ * np which is the start of the name string which is ++ * '\0' terminated. ++ * cp which is the start of the section string which is ++ * '\0' terminated. ++ * e is the 'next point after'. ++ * r and rr are the chars replaced by the '\0' ++ * rp and rrp is where 'r' and 'rr' came from. ++ */ ++ p = _CONF_get_string(conf, cp, np); ++ if (rrp != NULL) ++ *rrp = rr; ++ *rp = r; ++ if (p == NULL) { ++ CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE); ++ goto err; ++ } ++ BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from))); ++ while (*p) ++ buf->data[to++] = *(p++); ++ ++ /* ++ * Since we change the pointer 'from', we also have to change the ++ * perceived length of the string it points at. /RL ++ */ ++ len -= e - from; ++ from = e; ++ ++ /* ++ * In case there were no braces or parenthesis around the ++ * variable reference, we have to put back the character that was ++ * replaced with a '\0'. /RL ++ */ ++ *rp = r; ++ } else ++ buf->data[to++] = *(from++); ++ } ++ buf->data[to] = '\0'; ++ if (*pto != NULL) ++ OPENSSL_free(*pto); ++ *pto = buf->data; ++ OPENSSL_free(buf); ++ return (1); ++ err: ++ if (buf != NULL) ++ BUF_MEM_free(buf); ++ return (0); ++} + + static char *eat_ws(CONF *conf, char *p) +- { +- while (IS_WS(conf,*p) && (!IS_EOF(conf,*p))) +- p++; +- return(p); +- } ++{ ++ while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) ++ p++; ++ return (p); ++} + + static char *eat_alpha_numeric(CONF *conf, char *p) +- { +- for (;;) +- { +- if (IS_ESC(conf,*p)) +- { +- p=scan_esc(conf,p); +- continue; +- } +- if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p)) +- return(p); +- p++; +- } +- } ++{ ++ for (;;) { ++ if (IS_ESC(conf, *p)) { ++ p = scan_esc(conf, p); ++ continue; ++ } ++ if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p)) ++ return (p); ++ p++; ++ } ++} + + static char *scan_quote(CONF *conf, char *p) +- { +- int q= *p; +- +- p++; +- while (!(IS_EOF(conf,*p)) && (*p != q)) +- { +- if (IS_ESC(conf,*p)) +- { +- p++; +- if (IS_EOF(conf,*p)) return(p); +- } +- p++; +- } +- if (*p == q) p++; +- return(p); +- } +- ++{ ++ int q = *p; ++ ++ p++; ++ while (!(IS_EOF(conf, *p)) && (*p != q)) { ++ if (IS_ESC(conf, *p)) { ++ p++; ++ if (IS_EOF(conf, *p)) ++ return (p); ++ } ++ p++; ++ } ++ if (*p == q) ++ p++; ++ return (p); ++} + + static char *scan_dquote(CONF *conf, char *p) +- { +- int q= *p; +- +- p++; +- while (!(IS_EOF(conf,*p))) +- { +- if (*p == q) +- { +- if (*(p+1) == q) +- { +- p++; +- } +- else +- { +- break; +- } +- } +- p++; +- } +- if (*p == q) p++; +- return(p); +- } ++{ ++ int q = *p; ++ ++ p++; ++ while (!(IS_EOF(conf, *p))) { ++ if (*p == q) { ++ if (*(p + 1) == q) { ++ p++; ++ } else { ++ break; ++ } ++ } ++ p++; ++ } ++ if (*p == q) ++ p++; ++ return (p); ++} + + static void dump_value(CONF_VALUE *a, BIO *out) +- { +- if (a->name) +- BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); +- else +- BIO_printf(out, "[[%s]]\n", a->section); +- } ++{ ++ if (a->name) ++ BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); ++ else ++ BIO_printf(out, "[[%s]]\n", a->section); ++} + + static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *) + + static int def_dump(const CONF *conf, BIO *out) +- { +- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); +- return 1; +- } ++{ ++ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); ++ return 1; ++} + + static int def_is_number(const CONF *conf, char c) +- { +- return IS_NUMBER(conf,c); +- } ++{ ++ return IS_NUMBER(conf, c); ++} + + static int def_to_int(const CONF *conf, char c) +- { +- return c - '0'; +- } +- ++{ ++ return c - '0'; ++} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +index a16a5e0..20fb12c 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_err.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,65 +66,66 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) + +-static ERR_STRING_DATA CONF_str_functs[]= +- { +-{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, +-{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, +-{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, +-{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, +-{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, +-{ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, +-{ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, +-{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, +-{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, +-{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, +-{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, +-{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, +-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, +-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, +-{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, +-{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, +-{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"}, +-{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, +-{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, +-{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, +-{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA CONF_str_functs[] = { ++ {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, ++ {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, ++ {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, ++ {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, ++ {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, ++ {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, ++ {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, ++ {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, ++ {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, ++ {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, ++ {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, ++ {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, ++ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, ++ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, ++ {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, ++ {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, ++ {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"}, ++ {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, ++ {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, ++ {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, ++ {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA CONF_str_reasons[]= +- { +-{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"}, +-{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"}, +-{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"}, +-{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"}, +-{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"}, +-{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"}, +-{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"}, +-{ERR_REASON(CONF_R_NO_CONF) ,"no conf"}, +-{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"}, +-{ERR_REASON(CONF_R_NO_SECTION) ,"no section"}, +-{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"}, +-{ERR_REASON(CONF_R_NO_VALUE) ,"no value"}, +-{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"}, +-{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"}, +-{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA CONF_str_reasons[] = { ++ {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"}, ++ {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), ++ "missing close square bracket"}, ++ {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"}, ++ {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"}, ++ {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"}, ++ {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR), ++ "module initialization error"}, ++ {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"}, ++ {ERR_REASON(CONF_R_NO_CONF), "no conf"}, ++ {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), ++ "no conf or environment variable"}, ++ {ERR_REASON(CONF_R_NO_SECTION), "no section"}, ++ {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"}, ++ {ERR_REASON(CONF_R_NO_VALUE), "no value"}, ++ {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), ++ "unable to create new section"}, ++ {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"}, ++ {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_CONF_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,CONF_str_functs); +- ERR_load_strings(0,CONF_str_reasons); +- } ++ if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, CONF_str_functs); ++ ERR_load_strings(0, CONF_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +index 2a3399d..5d5aef8 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +@@ -1,6 +1,7 @@ + /* conf_lib.c */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -63,339 +64,322 @@ + #include + #include + +-const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT; ++const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT; + +-static CONF_METHOD *default_CONF_method=NULL; ++static CONF_METHOD *default_CONF_method = NULL; + + /* Init a 'CONF' structure from an old LHASH */ + + void CONF_set_nconf(CONF *conf, LHASH *hash) +- { +- if (default_CONF_method == NULL) +- default_CONF_method = NCONF_default(); ++{ ++ if (default_CONF_method == NULL) ++ default_CONF_method = NCONF_default(); + +- default_CONF_method->init(conf); +- conf->data = hash; +- } ++ default_CONF_method->init(conf); ++ conf->data = hash; ++} + +-/* The following section contains the "CONF classic" functions, +- rewritten in terms of the new CONF interface. */ ++/* ++ * The following section contains the "CONF classic" functions, rewritten in ++ * terms of the new CONF interface. ++ */ + + int CONF_set_default_method(CONF_METHOD *meth) +- { +- default_CONF_method = meth; +- return 1; +- } ++{ ++ default_CONF_method = meth; ++ return 1; ++} + + LHASH *CONF_load(LHASH *conf, const char *file, long *eline) +- { +- LHASH *ltmp; +- BIO *in=NULL; ++{ ++ LHASH *ltmp; ++ BIO *in = NULL; + + #ifdef OPENSSL_SYS_VMS +- in=BIO_new_file(file, "r"); ++ in = BIO_new_file(file, "r"); + #else +- in=BIO_new_file(file, "rb"); ++ in = BIO_new_file(file, "rb"); + #endif +- if (in == NULL) +- { +- CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); +- return NULL; +- } ++ if (in == NULL) { ++ CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB); ++ return NULL; ++ } + +- ltmp = CONF_load_bio(conf, in, eline); +- BIO_free(in); ++ ltmp = CONF_load_bio(conf, in, eline); ++ BIO_free(in); + +- return ltmp; +- } ++ return ltmp; ++} + + #ifndef OPENSSL_NO_FP_API +-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) +- { +- BIO *btmp; +- LHASH *ltmp; +- if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { +- CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB); +- return NULL; +- } +- ltmp = CONF_load_bio(conf, btmp, eline); +- BIO_free(btmp); +- return ltmp; +- } ++LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline) ++{ ++ BIO *btmp; ++ LHASH *ltmp; ++ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { ++ CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB); ++ return NULL; ++ } ++ ltmp = CONF_load_bio(conf, btmp, eline); ++ BIO_free(btmp); ++ return ltmp; ++} + #endif + +-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) +- { +- CONF ctmp; +- int ret; +- +- CONF_set_nconf(&ctmp, conf); +- +- ret = NCONF_load_bio(&ctmp, bp, eline); +- if (ret) +- return ctmp.data; +- return NULL; +- } +- +-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section) +- { +- if (conf == NULL) +- { +- return NULL; +- } +- else +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return NCONF_get_section(&ctmp, section); +- } +- } +- +-char *CONF_get_string(LHASH *conf,const char *group,const char *name) +- { +- if (conf == NULL) +- { +- return NCONF_get_string(NULL, group, name); +- } +- else +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return NCONF_get_string(&ctmp, group, name); +- } +- } +- +-long CONF_get_number(LHASH *conf,const char *group,const char *name) +- { +- int status; +- long result = 0; +- +- if (conf == NULL) +- { +- status = NCONF_get_number_e(NULL, group, name, &result); +- } +- else +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- status = NCONF_get_number_e(&ctmp, group, name, &result); +- } +- +- if (status == 0) +- { +- /* This function does not believe in errors... */ +- ERR_clear_error(); +- } +- return result; +- } ++LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline) ++{ ++ CONF ctmp; ++ int ret; ++ ++ CONF_set_nconf(&ctmp, conf); ++ ++ ret = NCONF_load_bio(&ctmp, bp, eline); ++ if (ret) ++ return ctmp.data; ++ return NULL; ++} ++ ++STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section) ++{ ++ if (conf == NULL) { ++ return NULL; ++ } else { ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return NCONF_get_section(&ctmp, section); ++ } ++} ++ ++char *CONF_get_string(LHASH *conf, const char *group, const char *name) ++{ ++ if (conf == NULL) { ++ return NCONF_get_string(NULL, group, name); ++ } else { ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return NCONF_get_string(&ctmp, group, name); ++ } ++} ++ ++long CONF_get_number(LHASH *conf, const char *group, const char *name) ++{ ++ int status; ++ long result = 0; ++ ++ if (conf == NULL) { ++ status = NCONF_get_number_e(NULL, group, name, &result); ++ } else { ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ status = NCONF_get_number_e(&ctmp, group, name, &result); ++ } ++ ++ if (status == 0) { ++ /* This function does not believe in errors... */ ++ ERR_clear_error(); ++ } ++ return result; ++} + + void CONF_free(LHASH *conf) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- NCONF_free_data(&ctmp); +- } ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ NCONF_free_data(&ctmp); ++} + + #ifndef OPENSSL_NO_FP_API + int CONF_dump_fp(LHASH *conf, FILE *out) +- { +- BIO *btmp; +- int ret; +- +- if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { +- CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB); +- return 0; +- } +- ret = CONF_dump_bio(conf, btmp); +- BIO_free(btmp); +- return ret; +- } ++{ ++ BIO *btmp; ++ int ret; ++ ++ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { ++ CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB); ++ return 0; ++ } ++ ret = CONF_dump_bio(conf, btmp); ++ BIO_free(btmp); ++ return ret; ++} + #endif + + int CONF_dump_bio(LHASH *conf, BIO *out) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return NCONF_dump_bio(&ctmp, out); +- } +- +-/* The following section contains the "New CONF" functions. They are +- completely centralised around a new CONF structure that may contain +- basically anything, but at least a method pointer and a table of data. +- These functions are also written in terms of the bridge functions used +- by the "CONF classic" functions, for consistency. */ ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return NCONF_dump_bio(&ctmp, out); ++} ++ ++/* ++ * The following section contains the "New CONF" functions. They are ++ * completely centralised around a new CONF structure that may contain ++ * basically anything, but at least a method pointer and a table of data. ++ * These functions are also written in terms of the bridge functions used by ++ * the "CONF classic" functions, for consistency. ++ */ + + CONF *NCONF_new(CONF_METHOD *meth) +- { +- CONF *ret; ++{ ++ CONF *ret; + +- if (meth == NULL) +- meth = NCONF_default(); ++ if (meth == NULL) ++ meth = NCONF_default(); + +- ret = meth->create(meth); +- if (ret == NULL) +- { +- CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } ++ ret = meth->create(meth); ++ if (ret == NULL) { ++ CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } + +- return ret; +- } ++ return ret; ++} + + void NCONF_free(CONF *conf) +- { +- if (conf == NULL) +- return; +- conf->meth->destroy(conf); +- } ++{ ++ if (conf == NULL) ++ return; ++ conf->meth->destroy(conf); ++} + + void NCONF_free_data(CONF *conf) +- { +- if (conf == NULL) +- return; +- conf->meth->destroy_data(conf); +- } ++{ ++ if (conf == NULL) ++ return; ++ conf->meth->destroy_data(conf); ++} + + int NCONF_load(CONF *conf, const char *file, long *eline) +- { +- if (conf == NULL) +- { +- CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF); +- return 0; +- } ++{ ++ if (conf == NULL) { ++ CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF); ++ return 0; ++ } + +- return conf->meth->load(conf, file, eline); +- } ++ return conf->meth->load(conf, file, eline); ++} + + #ifndef OPENSSL_NO_FP_API +-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) +- { +- BIO *btmp; +- int ret; +- if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) +- { +- CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB); +- return 0; +- } +- ret = NCONF_load_bio(conf, btmp, eline); +- BIO_free(btmp); +- return ret; +- } ++int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) ++{ ++ BIO *btmp; ++ int ret; ++ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { ++ CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB); ++ return 0; ++ } ++ ret = NCONF_load_bio(conf, btmp, eline); ++ BIO_free(btmp); ++ return ret; ++} + #endif + +-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline) +- { +- if (conf == NULL) +- { +- CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF); +- return 0; +- } +- +- return conf->meth->load_bio(conf, bp, eline); +- } +- +-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section) +- { +- if (conf == NULL) +- { +- CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF); +- return NULL; +- } +- +- if (section == NULL) +- { +- CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION); +- return NULL; +- } +- +- return _CONF_get_section_values(conf, section); +- } +- +-char *NCONF_get_string(const CONF *conf,const char *group,const char *name) +- { +- char *s = _CONF_get_string(conf, group, name); +- +- /* Since we may get a value from an environment variable even +- if conf is NULL, let's check the value first */ +- if (s) return s; +- +- if (conf == NULL) +- { +- CONFerr(CONF_F_NCONF_GET_STRING, +- CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); +- return NULL; +- } +- CONFerr(CONF_F_NCONF_GET_STRING, +- CONF_R_NO_VALUE); +- ERR_add_error_data(4,"group=",group," name=",name); +- return NULL; +- } +- +-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, +- long *result) +- { +- char *str; +- +- if (result == NULL) +- { +- CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- str = NCONF_get_string(conf,group,name); +- +- if (str == NULL) +- return 0; +- +- for (*result = 0;conf->meth->is_number(conf, *str);) +- { +- *result = (*result)*10 + conf->meth->to_int(conf, *str); +- str++; +- } +- +- return 1; +- } ++int NCONF_load_bio(CONF *conf, BIO *bp, long *eline) ++{ ++ if (conf == NULL) { ++ CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF); ++ return 0; ++ } ++ ++ return conf->meth->load_bio(conf, bp, eline); ++} ++ ++STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section) ++{ ++ if (conf == NULL) { ++ CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF); ++ return NULL; ++ } ++ ++ if (section == NULL) { ++ CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION); ++ return NULL; ++ } ++ ++ return _CONF_get_section_values(conf, section); ++} ++ ++char *NCONF_get_string(const CONF *conf, const char *group, const char *name) ++{ ++ char *s = _CONF_get_string(conf, group, name); ++ ++ /* ++ * Since we may get a value from an environment variable even if conf is ++ * NULL, let's check the value first ++ */ ++ if (s) ++ return s; ++ ++ if (conf == NULL) { ++ CONFerr(CONF_F_NCONF_GET_STRING, ++ CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); ++ return NULL; ++ } ++ CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE); ++ ERR_add_error_data(4, "group=", group, " name=", name); ++ return NULL; ++} ++ ++int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, ++ long *result) ++{ ++ char *str; ++ ++ if (result == NULL) { ++ CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ str = NCONF_get_string(conf, group, name); ++ ++ if (str == NULL) ++ return 0; ++ ++ for (*result = 0; conf->meth->is_number(conf, *str);) { ++ *result = (*result) * 10 + conf->meth->to_int(conf, *str); ++ str++; ++ } ++ ++ return 1; ++} + + #ifndef OPENSSL_NO_FP_API + int NCONF_dump_fp(const CONF *conf, FILE *out) +- { +- BIO *btmp; +- int ret; +- if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { +- CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB); +- return 0; +- } +- ret = NCONF_dump_bio(conf, btmp); +- BIO_free(btmp); +- return ret; +- } ++{ ++ BIO *btmp; ++ int ret; ++ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { ++ CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB); ++ return 0; ++ } ++ ret = NCONF_dump_bio(conf, btmp); ++ BIO_free(btmp); ++ return ret; ++} + #endif + + int NCONF_dump_bio(const CONF *conf, BIO *out) +- { +- if (conf == NULL) +- { +- CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF); +- return 0; +- } +- +- return conf->meth->dump(conf, out); +- } ++{ ++ if (conf == NULL) { ++ CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF); ++ return 0; ++ } + ++ return conf->meth->dump(conf, out); ++} + + /* This function should be avoided */ + #if 0 +-long NCONF_get_number(CONF *conf,char *group,char *name) +- { +- int status; +- long ret=0; +- +- status = NCONF_get_number_e(conf, group, name, &ret); +- if (status == 0) +- { +- /* This function does not believe in errors... */ +- ERR_get_error(); +- } +- return ret; +- } ++long NCONF_get_number(CONF *conf, char *group, char *name) ++{ ++ int status; ++ long ret = 0; ++ ++ status = NCONF_get_number_e(conf, group, name, &ret); ++ if (status == 0) { ++ /* This function does not believe in errors... */ ++ ERR_get_error(); ++ } ++ return ret; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +index 1cc1fd5..4123eba 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +@@ -1,6 +1,7 @@ + /* conf_mall.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,18 +66,17 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + + /* Load all OpenSSL builtin modules */ + + void OPENSSL_load_builtin_modules(void) +- { +- /* Add builtin modules here */ +- ASN1_add_oid_module(); ++{ ++ /* Add builtin modules here */ ++ ASN1_add_oid_module(); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_add_conf_module(); ++ ENGINE_add_conf_module(); + #endif +- EVP_add_alg_module(); +- } +- ++ EVP_add_alg_module(); ++} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +index ee9c677..ffc477c 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +@@ -1,6 +1,7 @@ + /* conf_mod.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,45 +65,41 @@ + #include + #include + +- + #define DSO_mod_init_name "OPENSSL_init" + #define DSO_mod_finish_name "OPENSSL_finish" + +- +-/* This structure contains a data about supported modules. +- * entries in this table correspond to either dynamic or +- * static modules. ++/* ++ * This structure contains a data about supported modules. entries in this ++ * table correspond to either dynamic or static modules. + */ + +-struct conf_module_st +- { +- /* DSO of this module or NULL if static */ +- DSO *dso; +- /* Name of the module */ +- char *name; +- /* Init function */ +- conf_init_func *init; +- /* Finish function */ +- conf_finish_func *finish; +- /* Number of successfully initialized modules */ +- int links; +- void *usr_data; +- }; +- +- +-/* This structure contains information about modules that have been +- * successfully initialized. There may be more than one entry for a +- * given module. ++struct conf_module_st { ++ /* DSO of this module or NULL if static */ ++ DSO *dso; ++ /* Name of the module */ ++ char *name; ++ /* Init function */ ++ conf_init_func *init; ++ /* Finish function */ ++ conf_finish_func *finish; ++ /* Number of successfully initialized modules */ ++ int links; ++ void *usr_data; ++}; ++ ++/* ++ * This structure contains information about modules that have been ++ * successfully initialized. There may be more than one entry for a given ++ * module. + */ + +-struct conf_imodule_st +- { +- CONF_MODULE *pmod; +- char *name; +- char *value; +- unsigned long flags; +- void *usr_data; +- }; ++struct conf_imodule_st { ++ CONF_MODULE *pmod; ++ char *name; ++ char *value; ++ unsigned long flags; ++ void *usr_data; ++}; + + static STACK_OF(CONF_MODULE) *supported_modules = NULL; + static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; +@@ -110,508 +107,486 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; + static void module_free(CONF_MODULE *md); + static void module_finish(CONF_IMODULE *imod); + static int module_run(const CONF *cnf, char *name, char *value, +- unsigned long flags); ++ unsigned long flags); + static CONF_MODULE *module_add(DSO *dso, const char *name, +- conf_init_func *ifunc, conf_finish_func *ffunc); ++ conf_init_func *ifunc, ++ conf_finish_func *ffunc); + static CONF_MODULE *module_find(char *name); + static int module_init(CONF_MODULE *pmod, char *name, char *value, +- const CONF *cnf); ++ const CONF *cnf); + static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, +- unsigned long flags); ++ unsigned long flags); + + /* Main function: load modules from a CONF structure */ + + int CONF_modules_load(const CONF *cnf, const char *appname, +- unsigned long flags) +- { +- STACK_OF(CONF_VALUE) *values; +- CONF_VALUE *vl; +- char *vsection = NULL; ++ unsigned long flags) ++{ ++ STACK_OF(CONF_VALUE) *values; ++ CONF_VALUE *vl; ++ char *vsection = NULL; + +- int ret, i; ++ int ret, i; + +- if (!cnf) +- return 1; ++ if (!cnf) ++ return 1; + +- if (appname) +- vsection = NCONF_get_string(cnf, NULL, appname); ++ if (appname) ++ vsection = NCONF_get_string(cnf, NULL, appname); + +- if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) +- vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); ++ if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) ++ vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); + +- if (!vsection) +- { +- ERR_clear_error(); +- return 1; +- } ++ if (!vsection) { ++ ERR_clear_error(); ++ return 1; ++ } + +- values = NCONF_get_section(cnf, vsection); ++ values = NCONF_get_section(cnf, vsection); + +- if (!values) +- return 0; ++ if (!values) ++ return 0; + +- for (i = 0; i < sk_CONF_VALUE_num(values); i++) +- { +- vl = sk_CONF_VALUE_value(values, i); +- ret = module_run(cnf, vl->name, vl->value, flags); +- if (ret <= 0) +- if(!(flags & CONF_MFLAGS_IGNORE_ERRORS)) +- return ret; +- } ++ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { ++ vl = sk_CONF_VALUE_value(values, i); ++ ret = module_run(cnf, vl->name, vl->value, flags); ++ if (ret <= 0) ++ if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) ++ return ret; ++ } + +- return 1; ++ return 1; + +- } ++} + + int CONF_modules_load_file(const char *filename, const char *appname, +- unsigned long flags) +- { +- char *file = NULL; +- CONF *conf = NULL; +- int ret = 0; +- conf = NCONF_new(NULL); +- if (!conf) +- goto err; +- +- if (filename == NULL) +- { +- file = CONF_get1_default_config_file(); +- if (!file) +- goto err; +- } +- else +- file = (char *)filename; +- +- if (NCONF_load(conf, file, NULL) <= 0) +- { +- if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && +- (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) +- { +- ERR_clear_error(); +- ret = 1; +- } +- goto err; +- } +- +- ret = CONF_modules_load(conf, appname, flags); +- +- err: +- if (filename == NULL) +- OPENSSL_free(file); +- NCONF_free(conf); +- +- return ret; +- } ++ unsigned long flags) ++{ ++ char *file = NULL; ++ CONF *conf = NULL; ++ int ret = 0; ++ conf = NCONF_new(NULL); ++ if (!conf) ++ goto err; ++ ++ if (filename == NULL) { ++ file = CONF_get1_default_config_file(); ++ if (!file) ++ goto err; ++ } else ++ file = (char *)filename; ++ ++ if (NCONF_load(conf, file, NULL) <= 0) { ++ if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && ++ (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { ++ ERR_clear_error(); ++ ret = 1; ++ } ++ goto err; ++ } ++ ++ ret = CONF_modules_load(conf, appname, flags); ++ ++ err: ++ if (filename == NULL) ++ OPENSSL_free(file); ++ NCONF_free(conf); ++ ++ return ret; ++} + + static int module_run(const CONF *cnf, char *name, char *value, +- unsigned long flags) +- { +- CONF_MODULE *md; +- int ret; +- +- md = module_find(name); +- +- /* Module not found: try to load DSO */ +- if (!md && !(flags & CONF_MFLAGS_NO_DSO)) +- md = module_load_dso(cnf, name, value, flags); +- +- if (!md) +- { +- if (!(flags & CONF_MFLAGS_SILENT)) +- { +- CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); +- ERR_add_error_data(2, "module=", name); +- } +- return -1; +- } +- +- ret = module_init(md, name, value, cnf); +- +- if (ret <= 0) +- { +- if (!(flags & CONF_MFLAGS_SILENT)) +- { +- char rcode[DECIMAL_SIZE(ret)+1]; +- CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); +- BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); +- ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); +- } +- } +- +- return ret; +- } ++ unsigned long flags) ++{ ++ CONF_MODULE *md; ++ int ret; ++ ++ md = module_find(name); ++ ++ /* Module not found: try to load DSO */ ++ if (!md && !(flags & CONF_MFLAGS_NO_DSO)) ++ md = module_load_dso(cnf, name, value, flags); ++ ++ if (!md) { ++ if (!(flags & CONF_MFLAGS_SILENT)) { ++ CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); ++ ERR_add_error_data(2, "module=", name); ++ } ++ return -1; ++ } ++ ++ ret = module_init(md, name, value, cnf); ++ ++ if (ret <= 0) { ++ if (!(flags & CONF_MFLAGS_SILENT)) { ++ char rcode[DECIMAL_SIZE(ret) + 1]; ++ CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); ++ BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); ++ ERR_add_error_data(6, "module=", name, ", value=", value, ++ ", retcode=", rcode); ++ } ++ } ++ ++ return ret; ++} + + /* Load a module from a DSO */ + static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, +- unsigned long flags) +- { +- DSO *dso = NULL; +- conf_init_func *ifunc; +- conf_finish_func *ffunc; +- char *path = NULL; +- int errcode = 0; +- CONF_MODULE *md; +- /* Look for alternative path in module section */ +- path = NCONF_get_string(cnf, value, "path"); +- if (!path) +- { +- ERR_clear_error(); +- path = name; +- } +- dso = DSO_load(NULL, path, NULL, 0); +- if (!dso) +- { +- errcode = CONF_R_ERROR_LOADING_DSO; +- goto err; +- } +- ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); +- if (!ifunc) +- { +- errcode = CONF_R_MISSING_INIT_FUNCTION; +- goto err; +- } +- ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); +- /* All OK, add module */ +- md = module_add(dso, name, ifunc, ffunc); +- +- if (!md) +- goto err; +- +- return md; +- +- err: +- if (dso) +- DSO_free(dso); +- CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); +- ERR_add_error_data(4, "module=", name, ", path=", path); +- return NULL; +- } ++ unsigned long flags) ++{ ++ DSO *dso = NULL; ++ conf_init_func *ifunc; ++ conf_finish_func *ffunc; ++ char *path = NULL; ++ int errcode = 0; ++ CONF_MODULE *md; ++ /* Look for alternative path in module section */ ++ path = NCONF_get_string(cnf, value, "path"); ++ if (!path) { ++ ERR_clear_error(); ++ path = name; ++ } ++ dso = DSO_load(NULL, path, NULL, 0); ++ if (!dso) { ++ errcode = CONF_R_ERROR_LOADING_DSO; ++ goto err; ++ } ++ ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); ++ if (!ifunc) { ++ errcode = CONF_R_MISSING_INIT_FUNCTION; ++ goto err; ++ } ++ ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); ++ /* All OK, add module */ ++ md = module_add(dso, name, ifunc, ffunc); ++ ++ if (!md) ++ goto err; ++ ++ return md; ++ ++ err: ++ if (dso) ++ DSO_free(dso); ++ CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); ++ ERR_add_error_data(4, "module=", name, ", path=", path); ++ return NULL; ++} + + /* add module to list */ + static CONF_MODULE *module_add(DSO *dso, const char *name, +- conf_init_func *ifunc, conf_finish_func *ffunc) +- { +- CONF_MODULE *tmod = NULL; +- if (supported_modules == NULL) +- supported_modules = sk_CONF_MODULE_new_null(); +- if (supported_modules == NULL) +- return NULL; +- tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); +- if (tmod == NULL) +- return NULL; +- +- tmod->dso = dso; +- tmod->name = BUF_strdup(name); +- tmod->init = ifunc; +- tmod->finish = ffunc; +- tmod->links = 0; +- +- if (!sk_CONF_MODULE_push(supported_modules, tmod)) +- { +- OPENSSL_free(tmod); +- return NULL; +- } +- +- return tmod; +- } +- +-/* Find a module from the list. We allow module names of the +- * form modname.XXXX to just search for modname to allow the +- * same module to be initialized more than once. ++ conf_init_func *ifunc, conf_finish_func *ffunc) ++{ ++ CONF_MODULE *tmod = NULL; ++ if (supported_modules == NULL) ++ supported_modules = sk_CONF_MODULE_new_null(); ++ if (supported_modules == NULL) ++ return NULL; ++ tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); ++ if (tmod == NULL) ++ return NULL; ++ ++ tmod->dso = dso; ++ tmod->name = BUF_strdup(name); ++ tmod->init = ifunc; ++ tmod->finish = ffunc; ++ tmod->links = 0; ++ ++ if (!sk_CONF_MODULE_push(supported_modules, tmod)) { ++ OPENSSL_free(tmod); ++ return NULL; ++ } ++ ++ return tmod; ++} ++ ++/* ++ * Find a module from the list. We allow module names of the form ++ * modname.XXXX to just search for modname to allow the same module to be ++ * initialized more than once. + */ + + static CONF_MODULE *module_find(char *name) +- { +- CONF_MODULE *tmod; +- int i, nchar; +- char *p; +- p = strrchr(name, '.'); ++{ ++ CONF_MODULE *tmod; ++ int i, nchar; ++ char *p; ++ p = strrchr(name, '.'); + +- if (p) +- nchar = p - name; +- else +- nchar = strlen(name); ++ if (p) ++ nchar = p - name; ++ else ++ nchar = strlen(name); + +- for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) +- { +- tmod = sk_CONF_MODULE_value(supported_modules, i); +- if (!strncmp(tmod->name, name, nchar)) +- return tmod; +- } ++ for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { ++ tmod = sk_CONF_MODULE_value(supported_modules, i); ++ if (!strncmp(tmod->name, name, nchar)) ++ return tmod; ++ } + +- return NULL; ++ return NULL; + +- } ++} + + /* initialize a module */ + static int module_init(CONF_MODULE *pmod, char *name, char *value, +- const CONF *cnf) +- { +- int ret = 1; +- int init_called = 0; +- CONF_IMODULE *imod = NULL; +- +- /* Otherwise add initialized module to list */ +- imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); +- if (!imod) +- goto err; +- +- imod->pmod = pmod; +- imod->name = BUF_strdup(name); +- imod->value = BUF_strdup(value); +- imod->usr_data = NULL; +- +- if (!imod->name || !imod->value) +- goto memerr; +- +- /* Try to initialize module */ +- if(pmod->init) +- { +- ret = pmod->init(imod, cnf); +- init_called = 1; +- /* Error occurred, exit */ +- if (ret <= 0) +- goto err; +- } +- +- if (initialized_modules == NULL) +- { +- initialized_modules = sk_CONF_IMODULE_new_null(); +- if (!initialized_modules) +- { +- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (!sk_CONF_IMODULE_push(initialized_modules, imod)) +- { +- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- pmod->links++; +- +- return ret; +- +- err: +- +- /* We've started the module so we'd better finish it */ +- if (pmod->finish && init_called) +- pmod->finish(imod); +- +- memerr: +- if (imod) +- { +- if (imod->name) +- OPENSSL_free(imod->name); +- if (imod->value) +- OPENSSL_free(imod->value); +- OPENSSL_free(imod); +- } +- +- return -1; +- +- } +- +-/* Unload any dynamic modules that have a link count of zero: +- * i.e. have no active initialized modules. If 'all' is set +- * then all modules are unloaded including static ones. ++ const CONF *cnf) ++{ ++ int ret = 1; ++ int init_called = 0; ++ CONF_IMODULE *imod = NULL; ++ ++ /* Otherwise add initialized module to list */ ++ imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); ++ if (!imod) ++ goto err; ++ ++ imod->pmod = pmod; ++ imod->name = BUF_strdup(name); ++ imod->value = BUF_strdup(value); ++ imod->usr_data = NULL; ++ ++ if (!imod->name || !imod->value) ++ goto memerr; ++ ++ /* Try to initialize module */ ++ if (pmod->init) { ++ ret = pmod->init(imod, cnf); ++ init_called = 1; ++ /* Error occurred, exit */ ++ if (ret <= 0) ++ goto err; ++ } ++ ++ if (initialized_modules == NULL) { ++ initialized_modules = sk_CONF_IMODULE_new_null(); ++ if (!initialized_modules) { ++ CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (!sk_CONF_IMODULE_push(initialized_modules, imod)) { ++ CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pmod->links++; ++ ++ return ret; ++ ++ err: ++ ++ /* We've started the module so we'd better finish it */ ++ if (pmod->finish && init_called) ++ pmod->finish(imod); ++ ++ memerr: ++ if (imod) { ++ if (imod->name) ++ OPENSSL_free(imod->name); ++ if (imod->value) ++ OPENSSL_free(imod->value); ++ OPENSSL_free(imod); ++ } ++ ++ return -1; ++ ++} ++ ++/* ++ * Unload any dynamic modules that have a link count of zero: i.e. have no ++ * active initialized modules. If 'all' is set then all modules are unloaded ++ * including static ones. + */ + + void CONF_modules_unload(int all) +- { +- int i; +- CONF_MODULE *md; +- CONF_modules_finish(); +- /* unload modules in reverse order */ +- for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) +- { +- md = sk_CONF_MODULE_value(supported_modules, i); +- /* If static or in use and 'all' not set ignore it */ +- if (((md->links > 0) || !md->dso) && !all) +- continue; +- /* Since we're working in reverse this is OK */ +- (void)sk_CONF_MODULE_delete(supported_modules, i); +- module_free(md); +- } +- if (sk_CONF_MODULE_num(supported_modules) == 0) +- { +- sk_CONF_MODULE_free(supported_modules); +- supported_modules = NULL; +- } +- } ++{ ++ int i; ++ CONF_MODULE *md; ++ CONF_modules_finish(); ++ /* unload modules in reverse order */ ++ for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) { ++ md = sk_CONF_MODULE_value(supported_modules, i); ++ /* If static or in use and 'all' not set ignore it */ ++ if (((md->links > 0) || !md->dso) && !all) ++ continue; ++ /* Since we're working in reverse this is OK */ ++ (void)sk_CONF_MODULE_delete(supported_modules, i); ++ module_free(md); ++ } ++ if (sk_CONF_MODULE_num(supported_modules) == 0) { ++ sk_CONF_MODULE_free(supported_modules); ++ supported_modules = NULL; ++ } ++} + + /* unload a single module */ + static void module_free(CONF_MODULE *md) +- { +- if (md->dso) +- DSO_free(md->dso); +- OPENSSL_free(md->name); +- OPENSSL_free(md); +- } ++{ ++ if (md->dso) ++ DSO_free(md->dso); ++ OPENSSL_free(md->name); ++ OPENSSL_free(md); ++} + + /* finish and free up all modules instances */ + + void CONF_modules_finish(void) +- { +- CONF_IMODULE *imod; +- while (sk_CONF_IMODULE_num(initialized_modules) > 0) +- { +- imod = sk_CONF_IMODULE_pop(initialized_modules); +- module_finish(imod); +- } +- sk_CONF_IMODULE_free(initialized_modules); +- initialized_modules = NULL; +- } ++{ ++ CONF_IMODULE *imod; ++ while (sk_CONF_IMODULE_num(initialized_modules) > 0) { ++ imod = sk_CONF_IMODULE_pop(initialized_modules); ++ module_finish(imod); ++ } ++ sk_CONF_IMODULE_free(initialized_modules); ++ initialized_modules = NULL; ++} + + /* finish a module instance */ + + static void module_finish(CONF_IMODULE *imod) +- { +- if (imod->pmod->finish) +- imod->pmod->finish(imod); +- imod->pmod->links--; +- OPENSSL_free(imod->name); +- OPENSSL_free(imod->value); +- OPENSSL_free(imod); +- } ++{ ++ if (imod->pmod->finish) ++ imod->pmod->finish(imod); ++ imod->pmod->links--; ++ OPENSSL_free(imod->name); ++ OPENSSL_free(imod->value); ++ OPENSSL_free(imod); ++} + + /* Add a static module to OpenSSL */ + +-int CONF_module_add(const char *name, conf_init_func *ifunc, +- conf_finish_func *ffunc) +- { +- if (module_add(NULL, name, ifunc, ffunc)) +- return 1; +- else +- return 0; +- } ++int CONF_module_add(const char *name, conf_init_func *ifunc, ++ conf_finish_func *ffunc) ++{ ++ if (module_add(NULL, name, ifunc, ffunc)) ++ return 1; ++ else ++ return 0; ++} + + void CONF_modules_free(void) +- { +- CONF_modules_finish(); +- CONF_modules_unload(1); +- } ++{ ++ CONF_modules_finish(); ++ CONF_modules_unload(1); ++} + + /* Utility functions */ + + const char *CONF_imodule_get_name(const CONF_IMODULE *md) +- { +- return md->name; +- } ++{ ++ return md->name; ++} + + const char *CONF_imodule_get_value(const CONF_IMODULE *md) +- { +- return md->value; +- } ++{ ++ return md->value; ++} + + void *CONF_imodule_get_usr_data(const CONF_IMODULE *md) +- { +- return md->usr_data; +- } ++{ ++ return md->usr_data; ++} + + void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) +- { +- md->usr_data = usr_data; +- } ++{ ++ md->usr_data = usr_data; ++} + + CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md) +- { +- return md->pmod; +- } ++{ ++ return md->pmod; ++} + + unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md) +- { +- return md->flags; +- } ++{ ++ return md->flags; ++} + + void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) +- { +- md->flags = flags; +- } ++{ ++ md->flags = flags; ++} + + void *CONF_module_get_usr_data(CONF_MODULE *pmod) +- { +- return pmod->usr_data; +- } ++{ ++ return pmod->usr_data; ++} + + void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) +- { +- pmod->usr_data = usr_data; +- } ++{ ++ pmod->usr_data = usr_data; ++} + + /* Return default config file name */ + + char *CONF_get1_default_config_file(void) +- { +- char *file; +- int len; ++{ ++ char *file; ++ int len; + +- file = getenv("OPENSSL_CONF"); +- if (file) +- return BUF_strdup(file); ++ file = getenv("OPENSSL_CONF"); ++ if (file) ++ return BUF_strdup(file); + +- len = strlen(X509_get_default_cert_area()); ++ len = strlen(X509_get_default_cert_area()); + #ifndef OPENSSL_SYS_VMS +- len++; ++ len++; + #endif +- len += strlen(OPENSSL_CONF); ++ len += strlen(OPENSSL_CONF); + +- file = OPENSSL_malloc(len + 1); ++ file = OPENSSL_malloc(len + 1); + +- if (!file) +- return NULL; +- BUF_strlcpy(file,X509_get_default_cert_area(),len + 1); ++ if (!file) ++ return NULL; ++ BUF_strlcpy(file, X509_get_default_cert_area(), len + 1); + #ifndef OPENSSL_SYS_VMS +- BUF_strlcat(file,"/",len + 1); ++ BUF_strlcat(file, "/", len + 1); + #endif +- BUF_strlcat(file,OPENSSL_CONF,len + 1); ++ BUF_strlcat(file, OPENSSL_CONF, len + 1); + +- return file; +- } ++ return file; ++} + +-/* This function takes a list separated by 'sep' and calls the +- * callback function giving the start and length of each member +- * optionally stripping leading and trailing whitespace. This can +- * be used to parse comma separated lists for example. ++/* ++ * This function takes a list separated by 'sep' and calls the callback ++ * function giving the start and length of each member optionally stripping ++ * leading and trailing whitespace. This can be used to parse comma separated ++ * lists for example. + */ + + int CONF_parse_list(const char *list_, int sep, int nospc, +- int (*list_cb)(const char *elem, int len, void *usr), void *arg) +- { +- int ret; +- const char *lstart, *tmpend, *p; +- lstart = list_; +- +- for(;;) +- { +- if (nospc) +- { +- while(*lstart && isspace((unsigned char)*lstart)) +- lstart++; +- } +- p = strchr(lstart, sep); +- if (p == lstart || !*lstart) +- ret = list_cb(NULL, 0, arg); +- else +- { +- if (p) +- tmpend = p - 1; +- else +- tmpend = lstart + strlen(lstart) - 1; +- if (nospc) +- { +- while(isspace((unsigned char)*tmpend)) +- tmpend--; +- } +- ret = list_cb(lstart, tmpend - lstart + 1, arg); +- } +- if (ret <= 0) +- return ret; +- if (p == NULL) +- return 1; +- lstart = p + 1; +- } +- } +- ++ int (*list_cb) (const char *elem, int len, void *usr), ++ void *arg) ++{ ++ int ret; ++ const char *lstart, *tmpend, *p; ++ lstart = list_; ++ ++ for (;;) { ++ if (nospc) { ++ while (*lstart && isspace((unsigned char)*lstart)) ++ lstart++; ++ } ++ p = strchr(lstart, sep); ++ if (p == lstart || !*lstart) ++ ret = list_cb(NULL, 0, arg); ++ else { ++ if (p) ++ tmpend = p - 1; ++ else ++ tmpend = lstart + strlen(lstart) - 1; ++ if (nospc) { ++ while (isspace((unsigned char)*tmpend)) ++ tmpend--; ++ } ++ ret = list_cb(lstart, tmpend - lstart + 1, arg); ++ } ++ if (ret <= 0) ++ return ret; ++ if (p == NULL) ++ return 1; ++ lstart = p + 1; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +index 760dc26..d03de24 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +@@ -1,6 +1,7 @@ + /* conf_sap.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,48 +65,47 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + +-/* This is the automatic configuration loader: it is called automatically by +- * OpenSSL when any of a number of standard initialisation functions are called, +- * unless this is overridden by calling OPENSSL_no_config() ++/* ++ * This is the automatic configuration loader: it is called automatically by ++ * OpenSSL when any of a number of standard initialisation functions are ++ * called, unless this is overridden by calling OPENSSL_no_config() + */ + + static int openssl_configured = 0; + + void OPENSSL_config(const char *config_name) +- { +- if (openssl_configured) +- return; ++{ ++ if (openssl_configured) ++ return; + +- OPENSSL_load_builtin_modules(); ++ OPENSSL_load_builtin_modules(); + #ifndef OPENSSL_NO_ENGINE +- /* Need to load ENGINEs */ +- ENGINE_load_builtin_engines(); ++ /* Need to load ENGINEs */ ++ ENGINE_load_builtin_engines(); + #endif +- /* Add others here? */ ++ /* Add others here? */ + ++ ERR_clear_error(); ++ if (CONF_modules_load_file(NULL, config_name, ++ CONF_MFLAGS_DEFAULT_SECTION | ++ CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { ++ BIO *bio_err; ++ ERR_load_crypto_strings(); ++ if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { ++ BIO_printf(bio_err, "Auto configuration failed\n"); ++ ERR_print_errors(bio_err); ++ BIO_free(bio_err); ++ } ++ exit(1); ++ } + +- ERR_clear_error(); +- if (CONF_modules_load_file(NULL, config_name, +- CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) +- { +- BIO *bio_err; +- ERR_load_crypto_strings(); +- if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) +- { +- BIO_printf(bio_err,"Auto configuration failed\n"); +- ERR_print_errors(bio_err); +- BIO_free(bio_err); +- } +- exit(1); +- } +- +- return; +- } ++ return; ++} + + void OPENSSL_no_config() +- { +- openssl_configured = 1; +- } ++{ ++ openssl_configured = 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/constant_time_locl.h b/Cryptlib/OpenSSL/crypto/constant_time_locl.h +new file mode 100644 +index 0000000..c786aea +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/constant_time_locl.h +@@ -0,0 +1,211 @@ ++/* crypto/constant_time_locl.h */ ++/*- ++ * Utilities for constant-time cryptography. ++ * ++ * Author: Emilia Kasper (emilia@openssl.org) ++ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley ++ * (Google). ++ * ==================================================================== ++ * Copyright (c) 2014 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_CONSTANT_TIME_LOCL_H ++# define HEADER_CONSTANT_TIME_LOCL_H ++ ++# include "e_os.h" /* For 'inline' */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/*- ++ * The boolean methods return a bitmask of all ones (0xff...f) for true ++ * and 0 for false. This is useful for choosing a value based on the result ++ * of a conditional in constant time. For example, ++ * ++ * if (a < b) { ++ * c = a; ++ * } else { ++ * c = b; ++ * } ++ * ++ * can be written as ++ * ++ * unsigned int lt = constant_time_lt(a, b); ++ * c = constant_time_select(lt, a, b); ++ */ ++ ++/* ++ * Returns the given value with the MSB copied to all the other ++ * bits. Uses the fact that arithmetic shift shifts-in the sign bit. ++ * However, this is not ensured by the C standard so you may need to ++ * replace this with something else on odd CPUs. ++ */ ++static inline unsigned int constant_time_msb(unsigned int a); ++ ++/* ++ * Returns 0xff..f if a < b and 0 otherwise. ++ */ ++static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_lt_8(unsigned int a, ++ unsigned int b); ++ ++/* ++ * Returns 0xff..f if a >= b and 0 otherwise. ++ */ ++static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_ge_8(unsigned int a, ++ unsigned int b); ++ ++/* ++ * Returns 0xff..f if a == 0 and 0 otherwise. ++ */ ++static inline unsigned int constant_time_is_zero(unsigned int a); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_is_zero_8(unsigned int a); ++ ++/* ++ * Returns 0xff..f if a == b and 0 otherwise. ++ */ ++static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_eq_8(unsigned int a, ++ unsigned int b); ++/* Signed integers. */ ++static inline unsigned int constant_time_eq_int(int a, int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_eq_int_8(int a, int b); ++ ++/*- ++ * Returns (mask & a) | (~mask & b). ++ * ++ * When |mask| is all 1s or all 0s (as returned by the methods above), ++ * the select methods return either |a| (if |mask| is nonzero) or |b| ++ * (if |mask| is zero). ++ */ ++static inline unsigned int constant_time_select(unsigned int mask, ++ unsigned int a, ++ unsigned int b); ++/* Convenience method for unsigned chars. */ ++static inline unsigned char constant_time_select_8(unsigned char mask, ++ unsigned char a, ++ unsigned char b); ++/* Convenience method for signed integers. */ ++static inline int constant_time_select_int(unsigned int mask, int a, int b); ++ ++static inline unsigned int constant_time_msb(unsigned int a) ++{ ++ return 0 - (a >> (sizeof(a) * 8 - 1)); ++} ++ ++static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) ++{ ++ return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); ++} ++ ++static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) ++{ ++ return (unsigned char)(constant_time_lt(a, b)); ++} ++ ++static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) ++{ ++ return ~constant_time_lt(a, b); ++} ++ ++static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) ++{ ++ return (unsigned char)(constant_time_ge(a, b)); ++} ++ ++static inline unsigned int constant_time_is_zero(unsigned int a) ++{ ++ return constant_time_msb(~a & (a - 1)); ++} ++ ++static inline unsigned char constant_time_is_zero_8(unsigned int a) ++{ ++ return (unsigned char)(constant_time_is_zero(a)); ++} ++ ++static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) ++{ ++ return constant_time_is_zero(a ^ b); ++} ++ ++static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) ++{ ++ return (unsigned char)(constant_time_eq(a, b)); ++} ++ ++static inline unsigned int constant_time_eq_int(int a, int b) ++{ ++ return constant_time_eq((unsigned)(a), (unsigned)(b)); ++} ++ ++static inline unsigned char constant_time_eq_int_8(int a, int b) ++{ ++ return constant_time_eq_8((unsigned)(a), (unsigned)(b)); ++} ++ ++static inline unsigned int constant_time_select(unsigned int mask, ++ unsigned int a, ++ unsigned int b) ++{ ++ return (mask & a) | (~mask & b); ++} ++ ++static inline unsigned char constant_time_select_8(unsigned char mask, ++ unsigned char a, ++ unsigned char b) ++{ ++ return (unsigned char)(constant_time_select(mask, a, b)); ++} ++ ++static inline int constant_time_select_int(unsigned int mask, int a, int b) ++{ ++ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); ++} ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* HEADER_CONSTANT_TIME_LOCL_H */ +diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c +index 9fd41ff..a3a7201 100644 +--- a/Cryptlib/OpenSSL/crypto/cpt_err.c ++++ b/Cryptlib/OpenSSL/crypto/cpt_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,39 +66,37 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) + +-static ERR_STRING_DATA CRYPTO_str_functs[]= +- { +-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, +-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, +-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, +-{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, +-{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, +-{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, +-{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, +-{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, +-{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA CRYPTO_str_functs[] = { ++ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, ++ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, ++ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, ++ {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, ++ {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, ++ {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, ++ {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, ++ {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, ++ {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA CRYPTO_str_reasons[]= +- { +-{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA CRYPTO_str_reasons[] = { ++ {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK), ++ "no dynlock create callback"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_CRYPTO_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,CRYPTO_str_functs); +- ERR_load_strings(0,CRYPTO_str_reasons); +- } ++ if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, CRYPTO_str_functs); ++ ERR_load_strings(0, CRYPTO_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +index dec3286..0864a9b 100644 +--- a/Cryptlib/OpenSSL/crypto/cryptlib.c ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,21 +58,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -87,10 +87,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -102,7 +102,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -110,7 +110,7 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +@@ -118,443 +118,490 @@ + #include + + #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ ++static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ + #endif + +-static void (MS_FAR *locking_callback)(int mode,int type, +- const char *file,int line)=NULL; +-static int (MS_FAR *add_lock_callback)(int *pointer,int amount, +- int type,const char *file,int line)=NULL; +-static unsigned long (MS_FAR *id_callback)(void)=NULL; ++static void (MS_FAR *locking_callback) (int mode, int type, ++ const char *file, int line) = NULL; ++static int (MS_FAR *add_lock_callback) (int *pointer, int amount, ++ int type, const char *file, ++ int line) = NULL; ++static unsigned long (MS_FAR *id_callback) (void) = NULL; + + int CRYPTO_num_locks(void) +- { +- return CRYPTO_NUM_LOCKS; +- } +- +-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, +- int line) +- { +- return(locking_callback); +- } +- +-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, +- const char *file,int line) +- { +- return(add_lock_callback); +- } +- +-void CRYPTO_set_locking_callback(void (*func)(int mode,int type, +- const char *file,int line)) +- { +- locking_callback=func; +- } +- +-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, +- const char *file,int line)) +- { +- add_lock_callback=func; +- } +- +-unsigned long (*CRYPTO_get_id_callback(void))(void) +- { +- return(id_callback); +- } +- +-void CRYPTO_set_id_callback(unsigned long (*func)(void)) +- { +- id_callback=func; +- } ++{ ++ return CRYPTO_NUM_LOCKS; ++} ++ ++void (*CRYPTO_get_locking_callback(void)) (int mode, int type, ++ const char *file, int line) { ++ return (locking_callback); ++} ++ ++int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, ++ const char *file, int line) { ++ return (add_lock_callback); ++} ++ ++void CRYPTO_set_locking_callback(void (*func) (int mode, int type, ++ const char *file, int line)) ++{ ++ locking_callback = func; ++} ++ ++void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, ++ const char *file, int line)) ++{ ++ add_lock_callback = func; ++} ++ ++unsigned long (*CRYPTO_get_id_callback(void)) (void) { ++ return (id_callback); ++} ++ ++void CRYPTO_set_id_callback(unsigned long (*func) (void)) ++{ ++ id_callback = func; ++} + + unsigned long CRYPTO_thread_id(void) +- { +- unsigned long ret=0; ++{ ++ unsigned long ret = 0; + +- if (id_callback == NULL) +- { ++ if (id_callback == NULL) { + #ifdef OPENSSL_SYS_WIN16 +- ret=(unsigned long)GetCurrentTask(); ++ ret = (unsigned long)GetCurrentTask(); + #elif defined(OPENSSL_SYS_WIN32) +- ret=(unsigned long)GetCurrentThreadId(); ++ ret = (unsigned long)GetCurrentThreadId(); + #elif defined(GETPID_IS_MEANINGLESS) +- ret=1L; ++ ret = 1L; + #else +- ret=(unsigned long)getpid(); ++ ret = (unsigned long)getpid(); + #endif +- } +- else +- ret=id_callback(); +- return(ret); +- } ++ } else ++ ret = id_callback(); ++ return (ret); ++} + +-static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); ++static void (*do_dynlock_cb) (int mode, int type, const char *file, int line); + +-void int_CRYPTO_set_do_dynlock_callback( +- void (*dyn_cb)(int mode, int type, const char *file, int line)) +- { +- do_dynlock_cb = dyn_cb; +- } ++void int_CRYPTO_set_do_dynlock_callback(void (*dyn_cb) ++ (int mode, int type, ++ const char *file, int line)) ++{ ++ do_dynlock_cb = dyn_cb; ++} + + void CRYPTO_lock(int mode, int type, const char *file, int line) +- { ++{ + #ifdef LOCK_DEBUG +- { +- char *rw_text,*operation_text; +- +- if (mode & CRYPTO_LOCK) +- operation_text="lock "; +- else if (mode & CRYPTO_UNLOCK) +- operation_text="unlock"; +- else +- operation_text="ERROR "; +- +- if (mode & CRYPTO_READ) +- rw_text="r"; +- else if (mode & CRYPTO_WRITE) +- rw_text="w"; +- else +- rw_text="ERROR"; +- +- fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", +- CRYPTO_thread_id(), rw_text, operation_text, +- CRYPTO_get_lock_name(type), file, line); +- } ++ { ++ char *rw_text, *operation_text; ++ ++ if (mode & CRYPTO_LOCK) ++ operation_text = "lock "; ++ else if (mode & CRYPTO_UNLOCK) ++ operation_text = "unlock"; ++ else ++ operation_text = "ERROR "; ++ ++ if (mode & CRYPTO_READ) ++ rw_text = "r"; ++ else if (mode & CRYPTO_WRITE) ++ rw_text = "w"; ++ else ++ rw_text = "ERROR"; ++ ++ fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n", ++ CRYPTO_thread_id(), rw_text, operation_text, ++ CRYPTO_get_lock_name(type), file, line); ++ } + #endif +- if (type < 0) +- { +- if (do_dynlock_cb) +- do_dynlock_cb(mode, type, file, line); +- } +- else +- if (locking_callback != NULL) +- locking_callback(mode,type,file,line); +- } ++ if (type < 0) { ++ if (do_dynlock_cb) ++ do_dynlock_cb(mode, type, file, line); ++ } else if (locking_callback != NULL) ++ locking_callback(mode, type, file, line); ++} + + int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, +- int line) +- { +- int ret = 0; ++ int line) ++{ ++ int ret = 0; + +- if (add_lock_callback != NULL) +- { ++ if (add_lock_callback != NULL) { + #ifdef LOCK_DEBUG +- int before= *pointer; ++ int before = *pointer; + #endif + +- ret=add_lock_callback(pointer,amount,type,file,line); ++ ret = add_lock_callback(pointer, amount, type, file, line); + #ifdef LOCK_DEBUG +- fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", +- CRYPTO_thread_id(), +- before,amount,ret, +- CRYPTO_get_lock_name(type), +- file,line); ++ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", ++ CRYPTO_thread_id(), ++ before, amount, ret, CRYPTO_get_lock_name(type), file, line); + #endif +- } +- else +- { +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line); ++ } else { ++ CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line); + +- ret= *pointer+amount; ++ ret = *pointer + amount; + #ifdef LOCK_DEBUG +- fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", +- CRYPTO_thread_id(), +- *pointer,amount,ret, +- CRYPTO_get_lock_name(type), +- file,line); ++ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", ++ CRYPTO_thread_id(), ++ *pointer, amount, ret, ++ CRYPTO_get_lock_name(type), file, line); + #endif +- *pointer=ret; +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); +- } +- return(ret); +- } ++ *pointer = ret; ++ CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line); ++ } ++ return (ret); ++} + +-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +- defined(__INTEL__) || \ +- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) ++#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++ defined(__INTEL__) || \ ++ defined(__x86_64) || defined(__x86_64__) || \ ++ defined(_M_AMD64) || defined(_M_X64) + +-unsigned long OPENSSL_ia32cap_P=0; +-unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } ++unsigned long OPENSSL_ia32cap_P = 0; ++unsigned long *OPENSSL_ia32cap_loc(void) ++{ ++ return &OPENSSL_ia32cap_P; ++} + +-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +-#define OPENSSL_CPUID_SETUP ++# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) ++# define OPENSSL_CPUID_SETUP + void OPENSSL_cpuid_setup(void) +-{ static int trigger=0; +- unsigned long OPENSSL_ia32_cpuid(void); +- char *env; ++{ ++ static int trigger = 0; ++ unsigned long OPENSSL_ia32_cpuid(void); ++ char *env; + +- if (trigger) return; ++ if (trigger) ++ return; + +- trigger=1; +- if ((env=getenv("OPENSSL_ia32cap"))) +- OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10); ++ trigger = 1; ++ if ((env = getenv("OPENSSL_ia32cap"))) ++ OPENSSL_ia32cap_P = strtoul(env, NULL, 0) | (1 << 10); + else +- OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10); ++ OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid() | (1 << 10); + /* + * |(1<<10) sets a reserved bit to signal that variable + * was initialized already... This is to avoid interference + * with cpuid snippets in ELF .init segment. + */ + } +-#endif ++# endif + + #else +-unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; } ++unsigned long *OPENSSL_ia32cap_loc(void) ++{ ++ return NULL; ++} + #endif + int OPENSSL_NONPIC_relocated = 0; + #if !defined(OPENSSL_CPUID_SETUP) +-void OPENSSL_cpuid_setup(void) {} ++void OPENSSL_cpuid_setup(void) ++{ ++} + #endif + + #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + +-#include +-#if defined(__GNUC__) && __GNUC__>=2 +-static int DllInit(void) __attribute__((constructor)); +-#elif defined(_MSC_VER) ++# include ++# if defined(__GNUC__) && __GNUC__>=2 ++static int DllInit(void) __attribute__ ((constructor)); ++# elif defined(_MSC_VER) + static int DllInit(void); +-# ifdef _WIN64 +-# pragma section(".CRT$XCU",read) +- __declspec(allocate(".CRT$XCU")) +-# else +-# pragma data_seg(".CRT$XCU") +-# endif +- static int (*p)(void) = DllInit; +-# pragma data_seg() +-#endif ++# ifdef _WIN64 ++# pragma section(".CRT$XCU",read) ++__declspec(allocate(".CRT$XCU")) ++# else ++# pragma data_seg(".CRT$XCU") ++# endif ++static int (*p) (void) = DllInit; ++# pragma data_seg() ++# endif + + static int DllInit(void) + { +-#if defined(_WIN32_WINNT) +- union { int(*f)(void); BYTE *p; } t = { DllInit }; +- HANDLE hModuleSnap = INVALID_HANDLE_VALUE; +- IMAGE_DOS_HEADER *dos_header; +- IMAGE_NT_HEADERS *nt_headers; +- MODULEENTRY32 me32 = {sizeof(me32)}; +- +- hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); +- if (hModuleSnap != INVALID_HANDLE_VALUE && +- Module32First(hModuleSnap,&me32)) do +- { +- if (t.p >= me32.modBaseAddr && +- t.p < me32.modBaseAddr+me32.modBaseSize) +- { +- dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; +- if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) +- { +- nt_headers=(IMAGE_NT_HEADERS *) +- ((BYTE *)dos_header+dos_header->e_lfanew); +- if (nt_headers->Signature==IMAGE_NT_SIGNATURE && +- me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) +- OPENSSL_NONPIC_relocated=1; +- } +- break; +- } +- } while (Module32Next(hModuleSnap,&me32)); +- +- if (hModuleSnap != INVALID_HANDLE_VALUE) +- CloseHandle(hModuleSnap); +-#endif +- OPENSSL_cpuid_setup(); +- return 0; ++# if defined(_WIN32_WINNT) ++ union { ++ int (*f) (void); ++ BYTE *p; ++ } t = { ++ DllInit ++ }; ++ HANDLE hModuleSnap = INVALID_HANDLE_VALUE; ++ IMAGE_DOS_HEADER *dos_header; ++ IMAGE_NT_HEADERS *nt_headers; ++ MODULEENTRY32 me32 = { sizeof(me32) }; ++ ++ hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0); ++ if (hModuleSnap != INVALID_HANDLE_VALUE && ++ Module32First(hModuleSnap, &me32)) ++ do { ++ if (t.p >= me32.modBaseAddr && ++ t.p < me32.modBaseAddr + me32.modBaseSize) { ++ dos_header = (IMAGE_DOS_HEADER *) me32.modBaseAddr; ++ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { ++ nt_headers = (IMAGE_NT_HEADERS *) ++ ((BYTE *) dos_header + dos_header->e_lfanew); ++ if (nt_headers->Signature == IMAGE_NT_SIGNATURE && ++ me32.modBaseAddr != ++ (BYTE *) nt_headers->OptionalHeader.ImageBase) ++ OPENSSL_NONPIC_relocated = 1; ++ } ++ break; ++ } ++ } while (Module32Next(hModuleSnap, &me32)); ++ ++ if (hModuleSnap != INVALID_HANDLE_VALUE) ++ CloseHandle(hModuleSnap); ++# endif ++ OPENSSL_cpuid_setup(); ++ return 0; + } + +-#else ++# else + +-#ifdef __CYGWIN__ ++# ifdef __CYGWIN__ + /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ +-#include +-#endif ++# include ++# endif + +-/* All we really need to do is remove the 'error' state when a thread +- * detaches */ +- +-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, +- LPVOID lpvReserved) +- { +- switch(fdwReason) +- { +- case DLL_PROCESS_ATTACH: +- OPENSSL_cpuid_setup(); +-#if defined(_WIN32_WINNT) +- { +- IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL; +- IMAGE_NT_HEADERS *nt_headers; +- +- if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) +- { +- nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header +- + dos_header->e_lfanew); +- if (nt_headers->Signature==IMAGE_NT_SIGNATURE && +- hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase)) +- OPENSSL_NONPIC_relocated=1; +- } +- } +-#endif +- break; +- case DLL_THREAD_ATTACH: +- break; +- case DLL_THREAD_DETACH: +- break; +- case DLL_PROCESS_DETACH: +- break; +- } +- return(TRUE); +- } +-#endif ++/* ++ * All we really need to do is remove the 'error' state when a thread ++ * detaches ++ */ ++ ++BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) ++{ ++ switch (fdwReason) { ++ case DLL_PROCESS_ATTACH: ++ OPENSSL_cpuid_setup(); ++# if defined(_WIN32_WINNT) ++ { ++ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; ++ IMAGE_NT_HEADERS *nt_headers; ++ ++ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { ++ nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header ++ + dos_header->e_lfanew); ++ if (nt_headers->Signature == IMAGE_NT_SIGNATURE && ++ hinstDLL != ++ (HINSTANCE) (nt_headers->OptionalHeader.ImageBase)) ++ OPENSSL_NONPIC_relocated = 1; ++ } ++ } ++# endif ++ break; ++ case DLL_THREAD_ATTACH: ++ break; ++ case DLL_THREAD_DETACH: ++ break; ++ case DLL_PROCESS_DETACH: ++ break; ++ } ++ return (TRUE); ++} ++# endif + + #endif + + #if defined(_WIN32) && !defined(__CYGWIN__) +-#include ++# include + +-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 ++# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 + int OPENSSL_isservice(void) +-{ HWINSTA h; +- DWORD len; +- WCHAR *name; ++{ ++ HWINSTA h; ++ DWORD len; ++ WCHAR *name; + +- (void)GetDesktopWindow(); /* return value is ignored */ ++ (void)GetDesktopWindow(); /* return value is ignored */ + + h = GetProcessWindowStation(); +- if (h==NULL) return -1; +- +- if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) || +- GetLastError() != ERROR_INSUFFICIENT_BUFFER) +- return -1; +- +- if (len>512) return -1; /* paranoia */ +- len++,len&=~1; /* paranoia */ +-#ifdef _MSC_VER +- name=(WCHAR *)_alloca(len+sizeof(WCHAR)); +-#else +- name=(WCHAR *)alloca(len+sizeof(WCHAR)); +-#endif +- if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len)) +- return -1; +- +- len++,len&=~1; /* paranoia */ +- name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */ +-#if 1 +- /* This doesn't cover "interactive" services [working with real +- * WinSta0's] nor programs started non-interactively by Task +- * Scheduler [those are working with SAWinSta]. */ +- if (wcsstr(name,L"Service-0x")) return 1; +-#else ++ if (h == NULL) ++ return -1; ++ ++ if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) || ++ GetLastError() != ERROR_INSUFFICIENT_BUFFER) ++ return -1; ++ ++ if (len > 512) ++ return -1; /* paranoia */ ++ len++, len &= ~1; /* paranoia */ ++# ifdef _MSC_VER ++ name = (WCHAR *)_alloca(len + sizeof(WCHAR)); ++# else ++ name = (WCHAR *)alloca(len + sizeof(WCHAR)); ++# endif ++ if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len)) ++ return -1; ++ ++ len++, len &= ~1; /* paranoia */ ++ name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */ ++# if 1 ++ /* ++ * This doesn't cover "interactive" services [working with real ++ * WinSta0's] nor programs started non-interactively by Task Scheduler ++ * [those are working with SAWinSta]. ++ */ ++ if (wcsstr(name, L"Service-0x")) ++ return 1; ++# else + /* This covers all non-interactive programs such as services. */ +- if (!wcsstr(name,L"WinSta0")) return 1; +-#endif +- else return 0; ++ if (!wcsstr(name, L"WinSta0")) ++ return 1; ++# endif ++ else ++ return 0; + } +-#else +-int OPENSSL_isservice(void) { return 0; } +-#endif ++# else ++int OPENSSL_isservice(void) ++{ ++ return 0; ++} ++# endif + +-void OPENSSL_showfatal (const char *fmta,...) +-{ va_list ap; +- TCHAR buf[256]; +- const TCHAR *fmt; +-#ifdef STD_ERROR_HANDLE /* what a dirty trick! */ +- HANDLE h; +- +- if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL && +- GetFileType(h)!=FILE_TYPE_UNKNOWN) +- { /* must be console application */ +- va_start (ap,fmta); +- vfprintf (stderr,fmta,ap); +- va_end (ap); +- return; ++void OPENSSL_showfatal(const char *fmta, ...) ++{ ++ va_list ap; ++ TCHAR buf[256]; ++ const TCHAR *fmt; ++# ifdef STD_ERROR_HANDLE /* what a dirty trick! */ ++ HANDLE h; ++ ++ if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && ++ GetFileType(h) != FILE_TYPE_UNKNOWN) { ++ /* must be console application */ ++ va_start(ap, fmta); ++ vfprintf(stderr, fmta, ap); ++ va_end(ap); ++ return; + } +-#endif +- +- if (sizeof(TCHAR)==sizeof(char)) +- fmt=(const TCHAR *)fmta; +- else do +- { int keepgoing; +- size_t len_0=strlen(fmta)+1,i; +- WCHAR *fmtw; ++# endif + +-#ifdef _MSC_VER +- fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); +-#else +- fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); +-#endif +- if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; } ++ if (sizeof(TCHAR) == sizeof(char)) ++ fmt = (const TCHAR *)fmta; ++ else ++ do { ++ int keepgoing; ++ size_t len_0 = strlen(fmta) + 1, i; ++ WCHAR *fmtw; + +-#ifndef OPENSSL_NO_MULTIBYTE +- if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0)) +-#endif +- for (i=0;i=0x0333 ++# ifdef _MSC_VER ++ fmtw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR)); ++# else ++ fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); ++# endif ++ if (fmtw == NULL) { ++ fmt = (const TCHAR *)L"no stack?"; ++ break; ++ } ++# ifndef OPENSSL_NO_MULTIBYTE ++ if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) ++# endif ++ for (i = 0; i < len_0; i++) ++ fmtw[i] = (WCHAR)fmta[i]; ++ ++ for (i = 0; i < len_0; i++) { ++ if (fmtw[i] == L'%') ++ do { ++ keepgoing = 0; ++ switch (fmtw[i + 1]) { ++ case L'0': ++ case L'1': ++ case L'2': ++ case L'3': ++ case L'4': ++ case L'5': ++ case L'6': ++ case L'7': ++ case L'8': ++ case L'9': ++ case L'.': ++ case L'*': ++ case L'-': ++ i++; ++ keepgoing = 1; ++ break; ++ case L's': ++ fmtw[i + 1] = L'S'; ++ break; ++ case L'S': ++ fmtw[i + 1] = L's'; ++ break; ++ case L'c': ++ fmtw[i + 1] = L'C'; ++ break; ++ case L'C': ++ fmtw[i + 1] = L'c'; ++ break; ++ } ++ } while (keepgoing); ++ } ++ fmt = (const TCHAR *)fmtw; ++ } while (0); ++ ++ va_start(ap, fmta); ++ _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap); ++ buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0'); ++ va_end(ap); ++ ++# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 + /* this -------------v--- guards NT-specific calls */ +- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) +- { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); +- const TCHAR *pmsg=buf; +- ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); +- DeregisterEventSource(h); +- } +- else +-#endif +- MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); ++ if (check_winnt() && OPENSSL_isservice() > 0) { ++ HANDLE h = RegisterEventSource(0, _T("OPENSSL")); ++ const TCHAR *pmsg = buf; ++ ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0); ++ DeregisterEventSource(h); ++ } else ++# endif ++ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP); + } + #else +-void OPENSSL_showfatal (const char *fmta,...) +-{ va_list ap; ++void OPENSSL_showfatal(const char *fmta, ...) ++{ ++ va_list ap; ++ ++ va_start(ap, fmta); ++ vfprintf(stderr, fmta, ap); ++ va_end(ap); ++} + +- va_start (ap,fmta); +- vfprintf (stderr,fmta,ap); +- va_end (ap); ++int OPENSSL_isservice(void) ++{ ++ return 0; + } +-int OPENSSL_isservice (void) { return 0; } + #endif + +-void OpenSSLDie(const char *file,int line,const char *assertion) +- { +- OPENSSL_showfatal( +- "%s(%d): OpenSSL internal error, assertion failed: %s\n", +- file,line,assertion); +- abort(); +- } ++void OpenSSLDie(const char *file, int line, const char *assertion) ++{ ++ OPENSSL_showfatal ++ ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, ++ assertion); ++ abort(); ++} + +-void *OPENSSL_stderr(void) { return stderr; } ++void *OPENSSL_stderr(void) ++{ ++ return stderr; ++} + + #ifndef OPENSSL_FIPS + + int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) +- { +- size_t i; +- const unsigned char *a = in_a; +- const unsigned char *b = in_b; +- unsigned char x = 0; ++{ ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; + +- for (i = 0; i < len; i++) +- x |= a[i] ^ b[i]; ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; + +- return x; +- } ++ return x; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c +index ea9f25f..0280225 100644 +--- a/Cryptlib/OpenSSL/crypto/cversion.c ++++ b/Cryptlib/OpenSSL/crypto/cversion.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,59 +59,54 @@ + #include "cryptlib.h" + + #ifndef NO_WINDOWS_BRAINDEATH +-#include "buildinf.h" ++# include "buildinf.h" + #endif + + const char *SSLeay_version(int t) +- { +- if (t == SSLEAY_VERSION) +- return OPENSSL_VERSION_TEXT; +- if (t == SSLEAY_BUILT_ON) +- { ++{ ++ if (t == SSLEAY_VERSION) ++ return OPENSSL_VERSION_TEXT; ++ if (t == SSLEAY_BUILT_ON) { + #ifdef DATE +- static char buf[sizeof(DATE)+11]; ++ static char buf[sizeof(DATE) + 11]; + +- BIO_snprintf(buf,sizeof buf,"built on: %s",DATE); +- return(buf); ++ BIO_snprintf(buf, sizeof buf, "built on: %s", DATE); ++ return (buf); + #else +- return("built on: date not available"); ++ return ("built on: date not available"); + #endif +- } +- if (t == SSLEAY_CFLAGS) +- { ++ } ++ if (t == SSLEAY_CFLAGS) { + #ifdef CFLAGS +- static char buf[sizeof(CFLAGS)+11]; ++ static char buf[sizeof(CFLAGS) + 11]; + +- BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS); +- return(buf); ++ BIO_snprintf(buf, sizeof buf, "compiler: %s", CFLAGS); ++ return (buf); + #else +- return("compiler: information not available"); ++ return ("compiler: information not available"); + #endif +- } +- if (t == SSLEAY_PLATFORM) +- { ++ } ++ if (t == SSLEAY_PLATFORM) { + #ifdef PLATFORM +- static char buf[sizeof(PLATFORM)+11]; ++ static char buf[sizeof(PLATFORM) + 11]; + +- BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM); +- return(buf); ++ BIO_snprintf(buf, sizeof buf, "platform: %s", PLATFORM); ++ return (buf); + #else +- return("platform: information not available"); ++ return ("platform: information not available"); + #endif +- } +- if (t == SSLEAY_DIR) +- { ++ } ++ if (t == SSLEAY_DIR) { + #ifdef OPENSSLDIR +- return "OPENSSLDIR: \"" OPENSSLDIR "\""; ++ return "OPENSSLDIR: \"" OPENSSLDIR "\""; + #else +- return "OPENSSLDIR: N/A"; ++ return "OPENSSLDIR: N/A"; + #endif +- } +- return("not available"); +- } ++ } ++ return ("not available"); ++} + + unsigned long SSLeay(void) +- { +- return(SSLEAY_VERSION_NUMBER); +- } +- ++{ ++ return (SSLEAY_VERSION_NUMBER); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c +index 09a7ba5..f89b5b9 100644 +--- a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c ++++ b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,48 +59,45 @@ + #include "des_locl.h" + + DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, +- long length, DES_key_schedule *schedule, +- const_DES_cblock *ivec) +- { +- register DES_LONG tout0,tout1,tin0,tin1; +- register long l=length; +- DES_LONG tin[2]; +- unsigned char *out = &(*output)[0]; +- const unsigned char *iv = &(*ivec)[0]; ++ long length, DES_key_schedule *schedule, ++ const_DES_cblock *ivec) ++{ ++ register DES_LONG tout0, tout1, tin0, tin1; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *out = &(*output)[0]; ++ const unsigned char *iv = &(*ivec)[0]; ++ ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (; l > 0; l -= 8) { ++ if (l >= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ } else ++ c2ln(in, tin0, tin1, l); + +- c2l(iv,tout0); +- c2l(iv,tout1); +- for (; l>0; l-=8) +- { +- if (l >= 8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- } +- else +- c2ln(in,tin0,tin1,l); +- +- tin0^=tout0; tin[0]=tin0; +- tin1^=tout1; tin[1]=tin1; +- DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); +- /* fix 15/10/91 eay - thanks to keithr@sco.COM */ +- tout0=tin[0]; +- tout1=tin[1]; +- } +- if (out != NULL) +- { +- l2c(tout0,out); +- l2c(tout1,out); +- } +- tout0=tin0=tin1=tin[0]=tin[1]=0; +- /* +- Transform the data in tout1 so that it will +- match the return value that the MIT Kerberos +- mit_des_cbc_cksum API returns. +- */ +- tout1 = ((tout1 >> 24L) & 0x000000FF) +- | ((tout1 >> 8L) & 0x0000FF00) +- | ((tout1 << 8L) & 0x00FF0000) +- | ((tout1 << 24L) & 0xFF000000); +- return(tout1); +- } ++ tin0 ^= tout0; ++ tin[0] = tin0; ++ tin1 ^= tout1; ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); ++ /* fix 15/10/91 eay - thanks to keithr@sco.COM */ ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ } ++ if (out != NULL) { ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; ++ /* ++ * Transform the data in tout1 so that it will match the return value ++ * that the MIT Kerberos mit_des_cbc_cksum API returns. ++ */ ++ tout1 = ((tout1 >> 24L) & 0x000000FF) ++ | ((tout1 >> 8L) & 0x0000FF00) ++ | ((tout1 << 8L) & 0x00FF0000) ++ | ((tout1 << 24L) & 0xFF000000); ++ return (tout1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c +index 677903a..7ee3599 100644 +--- a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,4 +58,4 @@ + + #define CBC_ENC_C__DONT_UPDATE_IV + +-#include "ncbc_enc.c" /* des_cbc_encrypt */ ++#include "ncbc_enc.c" /* des_cbc_encrypt */ +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c +index de34ecc..5d709c1 100644 +--- a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c ++++ b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,196 +59,191 @@ + #include "des_locl.h" + #include "e_os.h" + +-/* The input and output encrypted as though 64bit cfb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + + void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, DES_key_schedule *ks1, +- DES_key_schedule *ks2, DES_key_schedule *ks3, +- DES_cblock *ivec, int *num, int enc) +- { +- register DES_LONG v0,v1; +- register long l=length; +- register int n= *num; +- DES_LONG ti[2]; +- unsigned char *iv,c,cc; ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int *num, int enc) ++{ ++ register DES_LONG v0, v1; ++ register long l = length; ++ register int n = *num; ++ DES_LONG ti[2]; ++ unsigned char *iv, c, cc; + +- iv=&(*ivec)[0]; +- if (enc) +- { +- while (l--) +- { +- if (n == 0) +- { +- c2l(iv,v0); +- c2l(iv,v1); ++ iv = &(*ivec)[0]; ++ if (enc) { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ c2l(iv, v1); + +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt3(ti,ks1,ks2,ks3); +- v0=ti[0]; +- v1=ti[1]; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ v0 = ti[0]; ++ v1 = ti[1]; + +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- iv = &(*ivec)[0]; +- } +- c= *(in++)^iv[n]; +- *(out++)=c; +- iv[n]=c; +- n=(n+1)&0x07; +- } +- } +- else +- { +- while (l--) +- { +- if (n == 0) +- { +- c2l(iv,v0); +- c2l(iv,v1); ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ iv = &(*ivec)[0]; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ c2l(iv, v1); + +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt3(ti,ks1,ks2,ks3); +- v0=ti[0]; +- v1=ti[1]; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ v0 = ti[0]; ++ v1 = ti[1]; + +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- iv = &(*ivec)[0]; +- } +- cc= *(in++); +- c=iv[n]; +- iv[n]=cc; +- *(out++)=c^cc; +- n=(n+1)&0x07; +- } +- } +- v0=v1=ti[0]=ti[1]=c=cc=0; +- *num=n; +- } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ iv = &(*ivec)[0]; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = c = cc = 0; ++ *num = n; ++} + +-#ifdef undef /* MACRO */ +-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, +- DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec), +- int *num, int enc) +- { +- DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); +- } ++#ifdef undef /* MACRO */ ++void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule ks1, ++ DES_key_schedule ks2, DES_cblock (*ivec), ++ int *num, int enc) ++{ ++ DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc); ++} + #endif + +-/* This is compatible with the single key CFB-r for DES, even thought that's ++/* ++ * This is compatible with the single key CFB-r for DES, even thought that's + * not what EVP needs. + */ + +-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, +- int numbits,long length,DES_key_schedule *ks1, +- DES_key_schedule *ks2,DES_key_schedule *ks3, +- DES_cblock *ivec,int enc) +- { +- register DES_LONG d0,d1,v0,v1; +- register unsigned long l=length,n=((unsigned int)numbits+7)/8; +- register int num=numbits,i; +- DES_LONG ti[2]; +- unsigned char *iv; +- unsigned char ovec[16]; +- +- if (num > 64) return; +- iv = &(*ivec)[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- if (enc) +- { +- while (l >= n) +- { +- l-=n; +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt3(ti,ks1,ks2,ks3); +- c2ln(in,d0,d1,n); +- in+=n; +- d0^=ti[0]; +- d1^=ti[1]; +- l2cn(d0,d1,out,n); +- out+=n; +- /* 30-08-94 - eay - changed because l>>32 and +- * l<<32 are bad under gcc :-( */ +- if (num == 32) +- { v0=v1; v1=d0; } +- else if (num == 64) +- { v0=d0; v1=d1; } +- else +- { +- iv=&ovec[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- l2c(d0,iv); +- l2c(d1,iv); +- /* shift ovec left most of the bits... */ +- memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); +- /* now the remaining bits */ +- if(num%8 != 0) +- for(i=0 ; i < 8 ; ++i) +- { +- ovec[i]<<=num%8; +- ovec[i]|=ovec[i+1]>>(8-num%8); +- } +- iv=&ovec[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- } +- } +- } +- else +- { +- while (l >= n) +- { +- l-=n; +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt3(ti,ks1,ks2,ks3); +- c2ln(in,d0,d1,n); +- in+=n; +- /* 30-08-94 - eay - changed because l>>32 and +- * l<<32 are bad under gcc :-( */ +- if (num == 32) +- { v0=v1; v1=d0; } +- else if (num == 64) +- { v0=d0; v1=d1; } +- else +- { +- iv=&ovec[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- l2c(d0,iv); +- l2c(d1,iv); +- /* shift ovec left most of the bits... */ +- memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); +- /* now the remaining bits */ +- if(num%8 != 0) +- for(i=0 ; i < 8 ; ++i) +- { +- ovec[i]<<=num%8; +- ovec[i]|=ovec[i+1]>>(8-num%8); +- } +- iv=&ovec[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- } +- d0^=ti[0]; +- d1^=ti[1]; +- l2cn(d0,d1,out,n); +- out+=n; +- } +- } +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- v0=v1=d0=d1=ti[0]=ti[1]=0; +- } ++void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, ++ int numbits, long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG d0, d1, v0, v1; ++ register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8; ++ register int num = numbits, i; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ unsigned char ovec[16]; + ++ if (num > 64) ++ return; ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ if (enc) { ++ while (l >= n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ c2ln(in, d0, d1, n); ++ in += n; ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (num == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (num == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); ++ /* shift ovec left most of the bits... */ ++ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); ++ /* now the remaining bits */ ++ if (num % 8 != 0) ++ for (i = 0; i < 8; ++i) { ++ ovec[i] <<= num % 8; ++ ovec[i] |= ovec[i + 1] >> (8 - num % 8); ++ } ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ } ++ } ++ } else { ++ while (l >= n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ c2ln(in, d0, d1, n); ++ in += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (num == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (num == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); ++ /* shift ovec left most of the bits... */ ++ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); ++ /* now the remaining bits */ ++ if (num % 8 != 0) ++ for (i = 0; i < 8; ++i) { ++ ovec[i] <<= num % 8; ++ ovec[i] |= ovec[i + 1] >> (8 - num % 8); ++ } ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ } ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ } ++ } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c +index 5ec8683..7346774 100644 +--- a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,64 +58,65 @@ + + #include "des_locl.h" + +-/* The input and output encrypted as though 64bit cfb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + + void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, DES_key_schedule *schedule, +- DES_cblock *ivec, int *num, int enc) +- { +- register DES_LONG v0,v1; +- register long l=length; +- register int n= *num; +- DES_LONG ti[2]; +- unsigned char *iv,c,cc; +- +- iv = &(*ivec)[0]; +- if (enc) +- { +- while (l--) +- { +- if (n == 0) +- { +- c2l(iv,v0); ti[0]=v0; +- c2l(iv,v1); ti[1]=v1; +- DES_encrypt1(ti,schedule,DES_ENCRYPT); +- iv = &(*ivec)[0]; +- v0=ti[0]; l2c(v0,iv); +- v0=ti[1]; l2c(v0,iv); +- iv = &(*ivec)[0]; +- } +- c= *(in++)^iv[n]; +- *(out++)=c; +- iv[n]=c; +- n=(n+1)&0x07; +- } +- } +- else +- { +- while (l--) +- { +- if (n == 0) +- { +- c2l(iv,v0); ti[0]=v0; +- c2l(iv,v1); ti[1]=v1; +- DES_encrypt1(ti,schedule,DES_ENCRYPT); +- iv = &(*ivec)[0]; +- v0=ti[0]; l2c(v0,iv); +- v0=ti[1]; l2c(v0,iv); +- iv = &(*ivec)[0]; +- } +- cc= *(in++); +- c=iv[n]; +- iv[n]=cc; +- *(out++)=c^cc; +- n=(n+1)&0x07; +- } +- } +- v0=v1=ti[0]=ti[1]=c=cc=0; +- *num=n; +- } ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int *num, int enc) ++{ ++ register DES_LONG v0, v1; ++ register long l = length; ++ register int n = *num; ++ DES_LONG ti[2]; ++ unsigned char *iv, c, cc; + ++ iv = &(*ivec)[0]; ++ if (enc) { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ ti[0] = v0; ++ c2l(iv, v1); ++ ti[1] = v1; ++ DES_encrypt1(ti, schedule, DES_ENCRYPT); ++ iv = &(*ivec)[0]; ++ v0 = ti[0]; ++ l2c(v0, iv); ++ v0 = ti[1]; ++ l2c(v0, iv); ++ iv = &(*ivec)[0]; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ ti[0] = v0; ++ c2l(iv, v1); ++ ti[1] = v1; ++ DES_encrypt1(ti, schedule, DES_ENCRYPT); ++ iv = &(*ivec)[0]; ++ v0 = ti[0]; ++ l2c(v0, iv); ++ v0 = ti[1]; ++ l2c(v0, iv); ++ iv = &(*ivec)[0]; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = c = cc = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c +index 720f29a..bd0e299 100644 +--- a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,136 +60,140 @@ + #include "des_locl.h" + #include + +-/* The input and output are loaded in multiples of 8 bits. +- * What this means is that if you hame numbits=12 and length=2 +- * the first 12 bits will be retrieved from the first byte and half +- * the second. The second 12 bits will come from the 3rd and half the 4th +- * byte. ++/* ++ * The input and output are loaded in multiples of 8 bits. What this means is ++ * that if you hame numbits=12 and length=2 the first 12 bits will be ++ * retrieved from the first byte and half the second. The second 12 bits ++ * will come from the 3rd and half the 4th byte. ++ */ ++/* ++ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it ++ * will not be compatible with any encryption prior to that date. Ben. + */ +-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it +- * will not be compatible with any encryption prior to that date. Ben. */ + void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, +- long length, DES_key_schedule *schedule, DES_cblock *ivec, +- int enc) +- { +- register DES_LONG d0,d1,v0,v1; +- register unsigned long l=length; +- register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8; +- DES_LONG ti[2]; +- unsigned char *iv; ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG d0, d1, v0, v1; ++ register unsigned long l = length; ++ register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = ++ numbits % 8; ++ DES_LONG ti[2]; ++ unsigned char *iv; + #ifndef L_ENDIAN +- unsigned char ovec[16]; ++ unsigned char ovec[16]; + #else +- unsigned int sh[4]; +- unsigned char *ovec=(unsigned char *)sh; ++ unsigned int sh[4]; ++ unsigned char *ovec = (unsigned char *)sh; ++ ++ /* I kind of count that compiler optimizes away this assertioni, */ ++ assert(sizeof(sh[0]) == 4); /* as this holds true for all, */ ++ /* but 16-bit platforms... */ + +- /* I kind of count that compiler optimizes away this assertioni,*/ +- assert (sizeof(sh[0])==4); /* as this holds true for all, */ +- /* but 16-bit platforms... */ +- + #endif + +- if (numbits<=0 || numbits > 64) return; +- iv = &(*ivec)[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- if (enc) +- { +- while (l >= (unsigned long)n) +- { +- l-=n; +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); +- c2ln(in,d0,d1,n); +- in+=n; +- d0^=ti[0]; +- d1^=ti[1]; +- l2cn(d0,d1,out,n); +- out+=n; +- /* 30-08-94 - eay - changed because l>>32 and +- * l<<32 are bad under gcc :-( */ +- if (numbits == 32) +- { v0=v1; v1=d0; } +- else if (numbits == 64) +- { v0=d0; v1=d1; } +- else +- { ++ if (numbits <= 0 || numbits > 64) ++ return; ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ if (enc) { ++ while (l >= (unsigned long)n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); ++ c2ln(in, d0, d1, n); ++ in += n; ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (numbits == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (numbits == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { + #ifndef L_ENDIAN +- iv=&ovec[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- l2c(d0,iv); +- l2c(d1,iv); ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); + #else +- sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; ++ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; + #endif +- if (rem==0) +- memmove(ovec,ovec+num,8); +- else +- for(i=0 ; i < 8 ; ++i) +- ovec[i]=ovec[i+num]<>(8-rem); ++ if (rem == 0) ++ memmove(ovec, ovec + num, 8); ++ else ++ for (i = 0; i < 8; ++i) ++ ovec[i] = ovec[i + num] << rem | ++ ovec[i + num + 1] >> (8 - rem); + #ifdef L_ENDIAN +- v0=sh[0], v1=sh[1]; ++ v0 = sh[0], v1 = sh[1]; + #else +- iv=&ovec[0]; +- c2l(iv,v0); +- c2l(iv,v1); ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); + #endif +- } +- } +- } +- else +- { +- while (l >= (unsigned long)n) +- { +- l-=n; +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); +- c2ln(in,d0,d1,n); +- in+=n; +- /* 30-08-94 - eay - changed because l>>32 and +- * l<<32 are bad under gcc :-( */ +- if (numbits == 32) +- { v0=v1; v1=d0; } +- else if (numbits == 64) +- { v0=d0; v1=d1; } +- else +- { ++ } ++ } ++ } else { ++ while (l >= (unsigned long)n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); ++ c2ln(in, d0, d1, n); ++ in += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (numbits == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (numbits == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { + #ifndef L_ENDIAN +- iv=&ovec[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- l2c(d0,iv); +- l2c(d1,iv); ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); + #else +- sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; ++ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; + #endif +- if (rem==0) +- memmove(ovec,ovec+num,8); +- else +- for(i=0 ; i < 8 ; ++i) +- ovec[i]=ovec[i+num]<>(8-rem); ++ if (rem == 0) ++ memmove(ovec, ovec + num, 8); ++ else ++ for (i = 0; i < 8; ++i) ++ ovec[i] = ovec[i + num] << rem | ++ ovec[i + num + 1] >> (8 - rem); + #ifdef L_ENDIAN +- v0=sh[0], v1=sh[1]; ++ v0 = sh[0], v1 = sh[1]; + #else +- iv=&ovec[0]; +- c2l(iv,v0); +- c2l(iv,v1); ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); + #endif +- } +- d0^=ti[0]; +- d1^=ti[1]; +- l2cn(d0,d1,out,n); +- out+=n; +- } +- } +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- v0=v1=d0=d1=ti[0]=ti[1]=0; +- } +- ++ } ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ } ++ } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c +index cf71965..7be2a35 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/des_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,353 +59,342 @@ + #include "des_locl.h" + + void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) +- { +- register DES_LONG l,r,t,u; ++{ ++ register DES_LONG l, r, t, u; + #ifdef DES_PTR +- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; ++ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; + #endif + #ifndef DES_UNROLL +- register int i; ++ register int i; + #endif +- register DES_LONG *s; +- +- r=data[0]; +- l=data[1]; +- +- IP(r,l); +- /* Things have been modified so that the initial rotate is +- * done outside the loop. This required the +- * DES_SPtrans values in sp.h to be rotated 1 bit to the right. +- * One perl script later and things have a 5% speed up on a sparc2. +- * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> +- * for pointing this out. */ +- /* clear the top bits on machines with 8byte longs */ +- /* shift left by 2 */ +- r=ROTATE(r,29)&0xffffffffL; +- l=ROTATE(l,29)&0xffffffffL; +- +- s=ks->ks->deslong; +- /* I don't know if it is worth the effort of loop unrolling the +- * inner loop */ +- if (enc) +- { ++ register DES_LONG *s; ++ ++ r = data[0]; ++ l = data[1]; ++ ++ IP(r, l); ++ /* ++ * Things have been modified so that the initial rotate is done outside ++ * the loop. This required the DES_SPtrans values in sp.h to be rotated ++ * 1 bit to the right. One perl script later and things have a 5% speed ++ * up on a sparc2. Thanks to Richard Outerbridge ++ * <71755.204@CompuServe.COM> for pointing this out. ++ */ ++ /* clear the top bits on machines with 8byte longs */ ++ /* shift left by 2 */ ++ r = ROTATE(r, 29) & 0xffffffffL; ++ l = ROTATE(l, 29) & 0xffffffffL; ++ ++ s = ks->ks->deslong; ++ /* ++ * I don't know if it is worth the effort of loop unrolling the inner ++ * loop ++ */ ++ if (enc) { + #ifdef DES_UNROLL +- D_ENCRYPT(l,r, 0); /* 1 */ +- D_ENCRYPT(r,l, 2); /* 2 */ +- D_ENCRYPT(l,r, 4); /* 3 */ +- D_ENCRYPT(r,l, 6); /* 4 */ +- D_ENCRYPT(l,r, 8); /* 5 */ +- D_ENCRYPT(r,l,10); /* 6 */ +- D_ENCRYPT(l,r,12); /* 7 */ +- D_ENCRYPT(r,l,14); /* 8 */ +- D_ENCRYPT(l,r,16); /* 9 */ +- D_ENCRYPT(r,l,18); /* 10 */ +- D_ENCRYPT(l,r,20); /* 11 */ +- D_ENCRYPT(r,l,22); /* 12 */ +- D_ENCRYPT(l,r,24); /* 13 */ +- D_ENCRYPT(r,l,26); /* 14 */ +- D_ENCRYPT(l,r,28); /* 15 */ +- D_ENCRYPT(r,l,30); /* 16 */ ++ D_ENCRYPT(l, r, 0); /* 1 */ ++ D_ENCRYPT(r, l, 2); /* 2 */ ++ D_ENCRYPT(l, r, 4); /* 3 */ ++ D_ENCRYPT(r, l, 6); /* 4 */ ++ D_ENCRYPT(l, r, 8); /* 5 */ ++ D_ENCRYPT(r, l, 10); /* 6 */ ++ D_ENCRYPT(l, r, 12); /* 7 */ ++ D_ENCRYPT(r, l, 14); /* 8 */ ++ D_ENCRYPT(l, r, 16); /* 9 */ ++ D_ENCRYPT(r, l, 18); /* 10 */ ++ D_ENCRYPT(l, r, 20); /* 11 */ ++ D_ENCRYPT(r, l, 22); /* 12 */ ++ D_ENCRYPT(l, r, 24); /* 13 */ ++ D_ENCRYPT(r, l, 26); /* 14 */ ++ D_ENCRYPT(l, r, 28); /* 15 */ ++ D_ENCRYPT(r, l, 30); /* 16 */ + #else +- for (i=0; i<32; i+=8) +- { +- D_ENCRYPT(l,r,i+0); /* 1 */ +- D_ENCRYPT(r,l,i+2); /* 2 */ +- D_ENCRYPT(l,r,i+4); /* 3 */ +- D_ENCRYPT(r,l,i+6); /* 4 */ +- } ++ for (i = 0; i < 32; i += 8) { ++ D_ENCRYPT(l, r, i + 0); /* 1 */ ++ D_ENCRYPT(r, l, i + 2); /* 2 */ ++ D_ENCRYPT(l, r, i + 4); /* 3 */ ++ D_ENCRYPT(r, l, i + 6); /* 4 */ ++ } + #endif +- } +- else +- { ++ } else { + #ifdef DES_UNROLL +- D_ENCRYPT(l,r,30); /* 16 */ +- D_ENCRYPT(r,l,28); /* 15 */ +- D_ENCRYPT(l,r,26); /* 14 */ +- D_ENCRYPT(r,l,24); /* 13 */ +- D_ENCRYPT(l,r,22); /* 12 */ +- D_ENCRYPT(r,l,20); /* 11 */ +- D_ENCRYPT(l,r,18); /* 10 */ +- D_ENCRYPT(r,l,16); /* 9 */ +- D_ENCRYPT(l,r,14); /* 8 */ +- D_ENCRYPT(r,l,12); /* 7 */ +- D_ENCRYPT(l,r,10); /* 6 */ +- D_ENCRYPT(r,l, 8); /* 5 */ +- D_ENCRYPT(l,r, 6); /* 4 */ +- D_ENCRYPT(r,l, 4); /* 3 */ +- D_ENCRYPT(l,r, 2); /* 2 */ +- D_ENCRYPT(r,l, 0); /* 1 */ ++ D_ENCRYPT(l, r, 30); /* 16 */ ++ D_ENCRYPT(r, l, 28); /* 15 */ ++ D_ENCRYPT(l, r, 26); /* 14 */ ++ D_ENCRYPT(r, l, 24); /* 13 */ ++ D_ENCRYPT(l, r, 22); /* 12 */ ++ D_ENCRYPT(r, l, 20); /* 11 */ ++ D_ENCRYPT(l, r, 18); /* 10 */ ++ D_ENCRYPT(r, l, 16); /* 9 */ ++ D_ENCRYPT(l, r, 14); /* 8 */ ++ D_ENCRYPT(r, l, 12); /* 7 */ ++ D_ENCRYPT(l, r, 10); /* 6 */ ++ D_ENCRYPT(r, l, 8); /* 5 */ ++ D_ENCRYPT(l, r, 6); /* 4 */ ++ D_ENCRYPT(r, l, 4); /* 3 */ ++ D_ENCRYPT(l, r, 2); /* 2 */ ++ D_ENCRYPT(r, l, 0); /* 1 */ + #else +- for (i=30; i>0; i-=8) +- { +- D_ENCRYPT(l,r,i-0); /* 16 */ +- D_ENCRYPT(r,l,i-2); /* 15 */ +- D_ENCRYPT(l,r,i-4); /* 14 */ +- D_ENCRYPT(r,l,i-6); /* 13 */ +- } ++ for (i = 30; i > 0; i -= 8) { ++ D_ENCRYPT(l, r, i - 0); /* 16 */ ++ D_ENCRYPT(r, l, i - 2); /* 15 */ ++ D_ENCRYPT(l, r, i - 4); /* 14 */ ++ D_ENCRYPT(r, l, i - 6); /* 13 */ ++ } + #endif +- } ++ } + +- /* rotate and clear the top bits on machines with 8byte longs */ +- l=ROTATE(l,3)&0xffffffffL; +- r=ROTATE(r,3)&0xffffffffL; ++ /* rotate and clear the top bits on machines with 8byte longs */ ++ l = ROTATE(l, 3) & 0xffffffffL; ++ r = ROTATE(r, 3) & 0xffffffffL; + +- FP(r,l); +- data[0]=l; +- data[1]=r; +- l=r=t=u=0; +- } ++ FP(r, l); ++ data[0] = l; ++ data[1] = r; ++ l = r = t = u = 0; ++} + + void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) +- { +- register DES_LONG l,r,t,u; ++{ ++ register DES_LONG l, r, t, u; + #ifdef DES_PTR +- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; ++ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; + #endif + #ifndef DES_UNROLL +- register int i; ++ register int i; + #endif +- register DES_LONG *s; +- +- r=data[0]; +- l=data[1]; +- +- /* Things have been modified so that the initial rotate is +- * done outside the loop. This required the +- * DES_SPtrans values in sp.h to be rotated 1 bit to the right. +- * One perl script later and things have a 5% speed up on a sparc2. +- * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> +- * for pointing this out. */ +- /* clear the top bits on machines with 8byte longs */ +- r=ROTATE(r,29)&0xffffffffL; +- l=ROTATE(l,29)&0xffffffffL; +- +- s=ks->ks->deslong; +- /* I don't know if it is worth the effort of loop unrolling the +- * inner loop */ +- if (enc) +- { ++ register DES_LONG *s; ++ ++ r = data[0]; ++ l = data[1]; ++ ++ /* ++ * Things have been modified so that the initial rotate is done outside ++ * the loop. This required the DES_SPtrans values in sp.h to be rotated ++ * 1 bit to the right. One perl script later and things have a 5% speed ++ * up on a sparc2. Thanks to Richard Outerbridge ++ * <71755.204@CompuServe.COM> for pointing this out. ++ */ ++ /* clear the top bits on machines with 8byte longs */ ++ r = ROTATE(r, 29) & 0xffffffffL; ++ l = ROTATE(l, 29) & 0xffffffffL; ++ ++ s = ks->ks->deslong; ++ /* ++ * I don't know if it is worth the effort of loop unrolling the inner ++ * loop ++ */ ++ if (enc) { + #ifdef DES_UNROLL +- D_ENCRYPT(l,r, 0); /* 1 */ +- D_ENCRYPT(r,l, 2); /* 2 */ +- D_ENCRYPT(l,r, 4); /* 3 */ +- D_ENCRYPT(r,l, 6); /* 4 */ +- D_ENCRYPT(l,r, 8); /* 5 */ +- D_ENCRYPT(r,l,10); /* 6 */ +- D_ENCRYPT(l,r,12); /* 7 */ +- D_ENCRYPT(r,l,14); /* 8 */ +- D_ENCRYPT(l,r,16); /* 9 */ +- D_ENCRYPT(r,l,18); /* 10 */ +- D_ENCRYPT(l,r,20); /* 11 */ +- D_ENCRYPT(r,l,22); /* 12 */ +- D_ENCRYPT(l,r,24); /* 13 */ +- D_ENCRYPT(r,l,26); /* 14 */ +- D_ENCRYPT(l,r,28); /* 15 */ +- D_ENCRYPT(r,l,30); /* 16 */ ++ D_ENCRYPT(l, r, 0); /* 1 */ ++ D_ENCRYPT(r, l, 2); /* 2 */ ++ D_ENCRYPT(l, r, 4); /* 3 */ ++ D_ENCRYPT(r, l, 6); /* 4 */ ++ D_ENCRYPT(l, r, 8); /* 5 */ ++ D_ENCRYPT(r, l, 10); /* 6 */ ++ D_ENCRYPT(l, r, 12); /* 7 */ ++ D_ENCRYPT(r, l, 14); /* 8 */ ++ D_ENCRYPT(l, r, 16); /* 9 */ ++ D_ENCRYPT(r, l, 18); /* 10 */ ++ D_ENCRYPT(l, r, 20); /* 11 */ ++ D_ENCRYPT(r, l, 22); /* 12 */ ++ D_ENCRYPT(l, r, 24); /* 13 */ ++ D_ENCRYPT(r, l, 26); /* 14 */ ++ D_ENCRYPT(l, r, 28); /* 15 */ ++ D_ENCRYPT(r, l, 30); /* 16 */ + #else +- for (i=0; i<32; i+=8) +- { +- D_ENCRYPT(l,r,i+0); /* 1 */ +- D_ENCRYPT(r,l,i+2); /* 2 */ +- D_ENCRYPT(l,r,i+4); /* 3 */ +- D_ENCRYPT(r,l,i+6); /* 4 */ +- } ++ for (i = 0; i < 32; i += 8) { ++ D_ENCRYPT(l, r, i + 0); /* 1 */ ++ D_ENCRYPT(r, l, i + 2); /* 2 */ ++ D_ENCRYPT(l, r, i + 4); /* 3 */ ++ D_ENCRYPT(r, l, i + 6); /* 4 */ ++ } + #endif +- } +- else +- { ++ } else { + #ifdef DES_UNROLL +- D_ENCRYPT(l,r,30); /* 16 */ +- D_ENCRYPT(r,l,28); /* 15 */ +- D_ENCRYPT(l,r,26); /* 14 */ +- D_ENCRYPT(r,l,24); /* 13 */ +- D_ENCRYPT(l,r,22); /* 12 */ +- D_ENCRYPT(r,l,20); /* 11 */ +- D_ENCRYPT(l,r,18); /* 10 */ +- D_ENCRYPT(r,l,16); /* 9 */ +- D_ENCRYPT(l,r,14); /* 8 */ +- D_ENCRYPT(r,l,12); /* 7 */ +- D_ENCRYPT(l,r,10); /* 6 */ +- D_ENCRYPT(r,l, 8); /* 5 */ +- D_ENCRYPT(l,r, 6); /* 4 */ +- D_ENCRYPT(r,l, 4); /* 3 */ +- D_ENCRYPT(l,r, 2); /* 2 */ +- D_ENCRYPT(r,l, 0); /* 1 */ ++ D_ENCRYPT(l, r, 30); /* 16 */ ++ D_ENCRYPT(r, l, 28); /* 15 */ ++ D_ENCRYPT(l, r, 26); /* 14 */ ++ D_ENCRYPT(r, l, 24); /* 13 */ ++ D_ENCRYPT(l, r, 22); /* 12 */ ++ D_ENCRYPT(r, l, 20); /* 11 */ ++ D_ENCRYPT(l, r, 18); /* 10 */ ++ D_ENCRYPT(r, l, 16); /* 9 */ ++ D_ENCRYPT(l, r, 14); /* 8 */ ++ D_ENCRYPT(r, l, 12); /* 7 */ ++ D_ENCRYPT(l, r, 10); /* 6 */ ++ D_ENCRYPT(r, l, 8); /* 5 */ ++ D_ENCRYPT(l, r, 6); /* 4 */ ++ D_ENCRYPT(r, l, 4); /* 3 */ ++ D_ENCRYPT(l, r, 2); /* 2 */ ++ D_ENCRYPT(r, l, 0); /* 1 */ + #else +- for (i=30; i>0; i-=8) +- { +- D_ENCRYPT(l,r,i-0); /* 16 */ +- D_ENCRYPT(r,l,i-2); /* 15 */ +- D_ENCRYPT(l,r,i-4); /* 14 */ +- D_ENCRYPT(r,l,i-6); /* 13 */ +- } ++ for (i = 30; i > 0; i -= 8) { ++ D_ENCRYPT(l, r, i - 0); /* 16 */ ++ D_ENCRYPT(r, l, i - 2); /* 15 */ ++ D_ENCRYPT(l, r, i - 4); /* 14 */ ++ D_ENCRYPT(r, l, i - 6); /* 13 */ ++ } + #endif +- } +- /* rotate and clear the top bits on machines with 8byte longs */ +- data[0]=ROTATE(l,3)&0xffffffffL; +- data[1]=ROTATE(r,3)&0xffffffffL; +- l=r=t=u=0; +- } ++ } ++ /* rotate and clear the top bits on machines with 8byte longs */ ++ data[0] = ROTATE(l, 3) & 0xffffffffL; ++ data[1] = ROTATE(r, 3) & 0xffffffffL; ++ l = r = t = u = 0; ++} + + void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, +- DES_key_schedule *ks2, DES_key_schedule *ks3) +- { +- register DES_LONG l,r; +- +- l=data[0]; +- r=data[1]; +- IP(l,r); +- data[0]=l; +- data[1]=r; +- DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); +- DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); +- DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); +- l=data[0]; +- r=data[1]; +- FP(r,l); +- data[0]=l; +- data[1]=r; +- } ++ DES_key_schedule *ks2, DES_key_schedule *ks3) ++{ ++ register DES_LONG l, r; ++ ++ l = data[0]; ++ r = data[1]; ++ IP(l, r); ++ data[0] = l; ++ data[1] = r; ++ DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT); ++ DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT); ++ DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT); ++ l = data[0]; ++ r = data[1]; ++ FP(r, l); ++ data[0] = l; ++ data[1] = r; ++} + + void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, +- DES_key_schedule *ks2, DES_key_schedule *ks3) +- { +- register DES_LONG l,r; +- +- l=data[0]; +- r=data[1]; +- IP(l,r); +- data[0]=l; +- data[1]=r; +- DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); +- DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); +- DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); +- l=data[0]; +- r=data[1]; +- FP(r,l); +- data[0]=l; +- data[1]=r; +- } ++ DES_key_schedule *ks2, DES_key_schedule *ks3) ++{ ++ register DES_LONG l, r; ++ ++ l = data[0]; ++ r = data[1]; ++ IP(l, r); ++ data[0] = l; ++ data[1] = r; ++ DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT); ++ DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT); ++ DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT); ++ l = data[0]; ++ r = data[1]; ++ FP(r, l); ++ data[0] = l; ++ data[1] = r; ++} + + #ifndef DES_DEFAULT_OPTIONS + +-#if !defined(OPENSSL_FIPS_DES_ASM) ++# if !defined(OPENSSL_FIPS_DES_ASM) + +-#undef CBC_ENC_C__DONT_UPDATE_IV +-#include "ncbc_enc.c" /* DES_ncbc_encrypt */ ++# undef CBC_ENC_C__DONT_UPDATE_IV ++# include "ncbc_enc.c" /* DES_ncbc_encrypt */ + + void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +- long length, DES_key_schedule *ks1, +- DES_key_schedule *ks2, DES_key_schedule *ks3, +- DES_cblock *ivec, int enc) +- { +- register DES_LONG tin0,tin1; +- register DES_LONG tout0,tout1,xor0,xor1; +- register const unsigned char *in; +- unsigned char *out; +- register long l=length; +- DES_LONG tin[2]; +- unsigned char *iv; +- +- in=input; +- out=output; +- iv = &(*ivec)[0]; +- +- if (enc) +- { +- c2l(iv,tout0); +- c2l(iv,tout1); +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- tin0^=tout0; +- tin1^=tout1; +- +- tin[0]=tin0; +- tin[1]=tin1; +- DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); +- tout0=tin[0]; +- tout1=tin[1]; +- +- l2c(tout0,out); +- l2c(tout1,out); +- } +- if (l != -8) +- { +- c2ln(in,tin0,tin1,l+8); +- tin0^=tout0; +- tin1^=tout1; +- +- tin[0]=tin0; +- tin[1]=tin1; +- DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); +- tout0=tin[0]; +- tout1=tin[1]; +- +- l2c(tout0,out); +- l2c(tout1,out); +- } +- iv = &(*ivec)[0]; +- l2c(tout0,iv); +- l2c(tout1,iv); +- } +- else +- { +- register DES_LONG t0,t1; +- +- c2l(iv,xor0); +- c2l(iv,xor1); +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- +- t0=tin0; +- t1=tin1; +- +- tin[0]=tin0; +- tin[1]=tin1; +- DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); +- tout0=tin[0]; +- tout1=tin[1]; +- +- tout0^=xor0; +- tout1^=xor1; +- l2c(tout0,out); +- l2c(tout1,out); +- xor0=t0; +- xor1=t1; +- } +- if (l != -8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- +- t0=tin0; +- t1=tin1; +- +- tin[0]=tin0; +- tin[1]=tin1; +- DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); +- tout0=tin[0]; +- tout1=tin[1]; +- +- tout0^=xor0; +- tout1^=xor1; +- l2cn(tout0,tout1,out,l+8); +- xor0=t0; +- xor1=t1; +- } +- +- iv = &(*ivec)[0]; +- l2c(xor0,iv); +- l2c(xor1,iv); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; +- } +- +-#endif +- +-#endif /* DES_DEFAULT_OPTIONS */ ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1; ++ register const unsigned char *in; ++ unsigned char *out; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv; ++ ++ in = input; ++ out = output; ++ iv = &(*ivec)[0]; ++ ++ if (enc) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ iv = &(*ivec)[0]; ++ l2c(tout0, iv); ++ l2c(tout1, iv); ++ } else { ++ register DES_LONG t0, t1; ++ ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ ++ t0 = tin0; ++ t1 = tin1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ tout0 ^= xor0; ++ tout1 ^= xor1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = t0; ++ xor1 = t1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ ++ t0 = tin0; ++ t1 = tin1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ tout0 ^= xor0; ++ tout1 ^= xor1; ++ l2cn(tout0, tout1, out, l + 8); ++ xor0 = t0; ++ xor1 = t1; ++ } ++ ++ iv = &(*ivec)[0]; ++ l2c(xor0, iv); ++ l2c(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} ++ ++# endif ++ ++#endif /* DES_DEFAULT_OPTIONS */ +diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c +index d4b3047..391fe4c 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_lib.c ++++ b/Cryptlib/OpenSSL/crypto/des/des_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,46 +61,44 @@ + #include + #include + +-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT; +-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT; ++OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT; ++OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT; + + const char *DES_options(void) +- { +- static int init=1; +- static char buf[32]; ++{ ++ static int init = 1; ++ static char buf[32]; + +- if (init) +- { +- const char *ptr,*unroll,*risc,*size; ++ if (init) { ++ const char *ptr, *unroll, *risc, *size; + + #ifdef DES_PTR +- ptr="ptr"; ++ ptr = "ptr"; + #else +- ptr="idx"; ++ ptr = "idx"; + #endif + #if defined(DES_RISC1) || defined(DES_RISC2) +-#ifdef DES_RISC1 +- risc="risc1"; +-#endif +-#ifdef DES_RISC2 +- risc="risc2"; +-#endif ++# ifdef DES_RISC1 ++ risc = "risc1"; ++# endif ++# ifdef DES_RISC2 ++ risc = "risc2"; ++# endif + #else +- risc="cisc"; ++ risc = "cisc"; + #endif + #ifdef DES_UNROLL +- unroll="16"; ++ unroll = "16"; + #else +- unroll="4"; ++ unroll = "4"; + #endif +- if (sizeof(DES_LONG) != sizeof(long)) +- size="int"; +- else +- size="long"; +- BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, +- size); +- init=0; +- } +- return(buf); +- } +- ++ if (sizeof(DES_LONG) != sizeof(long)) ++ size = "int"; ++ else ++ size = "long"; ++ BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, ++ size); ++ init = 0; ++ } ++ return (buf); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c +index 7c33ed7..54b0968 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_old.c ++++ b/Cryptlib/OpenSSL/crypto/des/des_old.c +@@ -1,6 +1,7 @@ + /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ + +-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++/*- ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + * + * The function names in here are deprecated and are only present to + * provide an interface compatible with libdes. OpenSSL now provides +@@ -15,8 +16,9 @@ + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING + */ + +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +@@ -26,7 +28,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -77,197 +79,267 @@ + #include + + const char *_ossl_old_des_options(void) +- { +- return DES_options(); +- } +-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- des_key_schedule ks1,des_key_schedule ks2, +- des_key_schedule ks3, int enc) +- { +- DES_ecb3_encrypt((const_DES_cblock *)input, output, +- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, +- (DES_key_schedule *)ks3, enc); +- } +-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) +- { +- return DES_cbc_cksum((unsigned char *)input, output, length, +- (DES_key_schedule *)schedule, ivec); +- } +-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) +- { +- DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, +- length, (DES_key_schedule *)schedule, ivec, enc); +- } +-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) +- { +- DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, +- length, (DES_key_schedule *)schedule, ivec, enc); +- } +-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- des_key_schedule schedule,_ossl_old_des_cblock *ivec, +- _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc) +- { +- DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, +- length, (DES_key_schedule *)schedule, ivec, inw, outw, enc); +- } +-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, +- long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) +- { +- DES_cfb_encrypt(in, out, numbits, length, +- (DES_key_schedule *)schedule, ivec, enc); +- } +-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- des_key_schedule ks,int enc) +- { +- DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); +- } +-void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc) +- { +- DES_encrypt1(data, (DES_key_schedule *)ks, enc); +- } +-void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc) +- { +- DES_encrypt2(data, (DES_key_schedule *)ks, enc); +- } ++{ ++ return DES_options(); ++} ++ ++void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ des_key_schedule ks1, des_key_schedule ks2, ++ des_key_schedule ks3, int enc) ++{ ++ DES_ecb3_encrypt((const_DES_cblock *)input, output, ++ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3, enc); ++} ++ ++DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec) ++{ ++ return DES_cbc_cksum((unsigned char *)input, output, length, ++ (DES_key_schedule *)schedule, ivec); ++} ++ ++void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, ++ _ossl_old_des_cblock *inw, ++ _ossl_old_des_cblock *outw, int enc) ++{ ++ DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, inw, outw, ++ enc); ++} ++ ++void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_cfb_encrypt(in, out, numbits, length, ++ (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ des_key_schedule ks, int enc) ++{ ++ DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); ++} ++ ++void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) ++{ ++ DES_encrypt1(data, (DES_key_schedule *)ks, enc); ++} ++ ++void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) ++{ ++ DES_encrypt2(data, (DES_key_schedule *)ks, enc); ++} ++ + void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, +- des_key_schedule ks2, des_key_schedule ks3) +- { +- DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, +- (DES_key_schedule *)ks3); +- } ++ des_key_schedule ks2, des_key_schedule ks3) ++{ ++ DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3); ++} ++ + void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, +- des_key_schedule ks2, des_key_schedule ks3) +- { +- DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, +- (DES_key_schedule *)ks3); +- } +-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, +- long length, des_key_schedule ks1, des_key_schedule ks2, +- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc) +- { +- DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, +- length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, +- (DES_key_schedule *)ks3, ivec, enc); +- } ++ des_key_schedule ks2, des_key_schedule ks3) ++{ ++ DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3); ++} ++ ++void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule ks1, ++ des_key_schedule ks2, ++ des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)ks1, ++ (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, ++ ivec, enc); ++} ++ + void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, +- long length, des_key_schedule ks1, des_key_schedule ks2, +- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc) +- { +- DES_ede3_cfb64_encrypt(in, out, length, +- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, +- (DES_key_schedule *)ks3, ivec, num, enc); +- } ++ long length, des_key_schedule ks1, ++ des_key_schedule ks2, ++ des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc) ++{ ++ DES_ede3_cfb64_encrypt(in, out, length, ++ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3, ivec, num, enc); ++} ++ + void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, +- long length, des_key_schedule ks1, des_key_schedule ks2, +- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num) +- { +- DES_ede3_ofb64_encrypt(in, out, length, +- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, +- (DES_key_schedule *)ks3, ivec, num); +- } +- +-#if 0 /* broken code, preserved just in case anyone specifically looks for this */ +-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), +- _ossl_old_des_cblock (*out_white)) +- { +- DES_xwhite_in2out(des_key, in_white, out_white); +- } ++ long length, des_key_schedule ks1, ++ des_key_schedule ks2, ++ des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num) ++{ ++ DES_ede3_ofb64_encrypt(in, out, length, ++ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3, ivec, num); ++} ++ ++#if 0 /* broken code, preserved just in case anyone ++ * specifically looks for this */ ++void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), ++ _ossl_old_des_cblock (*in_white), ++ _ossl_old_des_cblock (*out_white)) ++{ ++ DES_xwhite_in2out(des_key, in_white, out_white); ++} + #endif + +-int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, +- _ossl_old_des_cblock *iv) +- { +- return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); +- } +-int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched, +- _ossl_old_des_cblock *iv) +- { +- return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); +- } +-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret) +- { +- return DES_fcrypt(buf, salt, ret); +- } +-char *_ossl_old_des_crypt(const char *buf,const char *salt) +- { +- return DES_crypt(buf, salt); +- } +-char *_ossl_old_crypt(const char *buf,const char *salt) +- { +- return DES_crypt(buf, salt); +- } +-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, +- int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) +- { +- DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, +- ivec); +- } +-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, +- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) +- { +- DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, +- length, (DES_key_schedule *)schedule, ivec, enc); +- } +-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, +- long length,int out_count,_ossl_old_des_cblock *seed) +- { +- return DES_quad_cksum((unsigned char *)input, output, length, +- out_count, seed); +- } ++int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, ++ _ossl_old_des_cblock *iv) ++{ ++ return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); ++} ++ ++int _ossl_old_des_enc_write(int fd, char *buf, int len, ++ des_key_schedule sched, _ossl_old_des_cblock *iv) ++{ ++ return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); ++} ++ ++char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret) ++{ ++ return DES_fcrypt(buf, salt, ret); ++} ++ ++char *_ossl_old_des_crypt(const char *buf, const char *salt) ++{ ++ return DES_crypt(buf, salt); ++} ++ ++char *_ossl_old_crypt(const char *buf, const char *salt) ++{ ++ return DES_crypt(buf, salt); ++} ++ ++void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec) ++{ ++ DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, ++ ivec); ++} ++ ++void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ int out_count, _ossl_old_des_cblock *seed) ++{ ++ return DES_quad_cksum((unsigned char *)input, output, length, ++ out_count, seed); ++} ++ + void _ossl_old_des_random_seed(_ossl_old_des_cblock key) +- { +- RAND_seed(key, sizeof(_ossl_old_des_cblock)); +- } ++{ ++ RAND_seed(key, sizeof(_ossl_old_des_cblock)); ++} ++ + void _ossl_old_des_random_key(_ossl_old_des_cblock ret) +- { +- DES_random_key((DES_cblock *)ret); +- } ++{ ++ DES_random_key((DES_cblock *)ret); ++} ++ + int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, +- int verify) +- { +- return DES_read_password(key, prompt, verify); +- } +-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2, +- const char *prompt, int verify) +- { +- return DES_read_2passwords(key1, key2, prompt, verify); +- } ++ int verify) ++{ ++ return DES_read_password(key, prompt, verify); ++} ++ ++int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2, ++ const char *prompt, int verify) ++{ ++ return DES_read_2passwords(key1, key2, prompt, verify); ++} ++ + void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) +- { +- DES_set_odd_parity(key); +- } ++{ ++ DES_set_odd_parity(key); ++} ++ + int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) +- { +- return DES_is_weak_key(key); +- } +-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule) +- { +- return DES_set_key(key, (DES_key_schedule *)schedule); +- } +-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule) +- { +- return DES_key_sched(key, (DES_key_schedule *)schedule); +- } +-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key) +- { +- DES_string_to_key(str, key); +- } +-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2) +- { +- DES_string_to_2keys(str, key1, key2); +- } +-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, +- des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc) +- { +- DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, +- ivec, num, enc); +- } +-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, +- des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num) +- { +- DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, +- ivec, num); +- } ++{ ++ return DES_is_weak_key(key); ++} ++ ++int _ossl_old_des_set_key(_ossl_old_des_cblock *key, ++ des_key_schedule schedule) ++{ ++ return DES_set_key(key, (DES_key_schedule *)schedule); ++} ++ ++int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, ++ des_key_schedule schedule) ++{ ++ return DES_key_sched(key, (DES_key_schedule *)schedule); ++} ++ ++void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key) ++{ ++ DES_string_to_key(str, key); ++} ++ ++void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2) ++{ ++ DES_string_to_2keys(str, key1, key2); ++} ++ ++void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc) ++{ ++ DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, ++ ivec, num, enc); ++} ++ ++void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num) ++{ ++ DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, ++ ivec, num); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c +index c8fa3ee..f7d28a6 100644 +--- a/Cryptlib/OpenSSL/crypto/des/des_old2.c ++++ b/Cryptlib/OpenSSL/crypto/des/des_old2.c +@@ -1,22 +1,20 @@ + /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ + +-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +- * +- * The function names in here are deprecated and are only present to +- * provide an interface compatible with OpenSSL 0.9.6c. OpenSSL now +- * provides functions where "des_" has been replaced with "DES_" in +- * the names, to make it possible to make incompatible changes that +- * are needed for C type security and other stuff. +- * +- * Please consider starting to use the DES_ functions rather than the +- * des_ ones. The des_ functions will dissapear completely before +- * OpenSSL 1.0! +- * +- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++/* ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The ++ * function names in here are deprecated and are only present to provide an ++ * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions ++ * where "des_" has been replaced with "DES_" in the names, to make it ++ * possible to make incompatible changes that are needed for C type security ++ * and other stuff. Please consider starting to use the DES_ functions ++ * rather than the des_ ones. The des_ functions will dissapear completely ++ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING ++ * WARNING WARNING + */ + +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +@@ -26,7 +24,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -77,6 +75,6 @@ + #include + + void _ossl_096_des_random_seed(DES_cblock *key) +- { +- RAND_seed(key, sizeof(DES_cblock)); +- } ++{ ++ RAND_seed(key, sizeof(DES_cblock)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c +index c3437bc..c49fbd4 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,25 +59,24 @@ + #include "des_locl.h" + + void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +- DES_key_schedule *ks1, DES_key_schedule *ks2, +- DES_key_schedule *ks3, +- int enc) +- { +- register DES_LONG l0,l1; +- DES_LONG ll[2]; +- const unsigned char *in = &(*input)[0]; +- unsigned char *out = &(*output)[0]; ++ DES_key_schedule *ks1, DES_key_schedule *ks2, ++ DES_key_schedule *ks3, int enc) ++{ ++ register DES_LONG l0, l1; ++ DES_LONG ll[2]; ++ const unsigned char *in = &(*input)[0]; ++ unsigned char *out = &(*output)[0]; + +- c2l(in,l0); +- c2l(in,l1); +- ll[0]=l0; +- ll[1]=l1; +- if (enc) +- DES_encrypt3(ll,ks1,ks2,ks3); +- else +- DES_decrypt3(ll,ks1,ks2,ks3); +- l0=ll[0]; +- l1=ll[1]; +- l2c(l0,out); +- l2c(l1,out); +- } ++ c2l(in, l0); ++ c2l(in, l1); ++ ll[0] = l0; ++ ll[1] = l1; ++ if (enc) ++ DES_encrypt3(ll, ks1, ks2, ks3); ++ else ++ DES_decrypt3(ll, ks1, ks2, ks3); ++ l0 = ll[0]; ++ l1 = ll[1]; ++ l2c(l0, out); ++ l2c(l1, out); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +index 75ae6cf..63f44cf 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,17 +60,21 @@ + #include "spr.h" + + void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +- DES_key_schedule *ks, int enc) +- { +- register DES_LONG l; +- DES_LONG ll[2]; +- const unsigned char *in = &(*input)[0]; +- unsigned char *out = &(*output)[0]; ++ DES_key_schedule *ks, int enc) ++{ ++ register DES_LONG l; ++ DES_LONG ll[2]; ++ const unsigned char *in = &(*input)[0]; ++ unsigned char *out = &(*output)[0]; + +- c2l(in,l); ll[0]=l; +- c2l(in,l); ll[1]=l; +- DES_encrypt1(ll,ks,enc); +- l=ll[0]; l2c(l,out); +- l=ll[1]; l2c(l,out); +- l=ll[0]=ll[1]=0; +- } ++ c2l(in, l); ++ ll[0] = l; ++ c2l(in, l); ++ ll[1] = l; ++ DES_encrypt1(ll, ks, enc); ++ l = ll[0]; ++ l2c(l, out); ++ l = ll[1]; ++ l2c(l, out); ++ l = ll[0] = ll[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c +index adfcb75..86f27d0 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c +@@ -1,6 +1,7 @@ + /* ede_cbcm_enc.c */ +-/* Written by Ben Laurie for the OpenSSL +- * project 13 Feb 1999. ++/* ++ * Written by Ben Laurie for the OpenSSL project 13 Feb ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,143 +58,132 @@ + */ + + /* +- +-This is an implementation of Triple DES Cipher Block Chaining with Output +-Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). +- +-Note that there is a known attack on this by Biham and Knudsen but it takes +-a lot of work: +- +-http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz +- +-*/ ++ * ++ * This is an implementation of Triple DES Cipher Block Chaining with Output ++ * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). ++ * ++ * Note that there is a known attack on this by Biham and Knudsen but it ++ * takes a lot of work: ++ * ++ * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz ++ * ++ */ + + #include /* To see if OPENSSL_NO_DESCBCM is defined */ + + #ifndef OPENSSL_NO_DESCBCM +-#include "des_locl.h" ++# include "des_locl.h" + + void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, +- long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +- DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, +- int enc) +- { +- register DES_LONG tin0,tin1; +- register DES_LONG tout0,tout1,xor0,xor1,m0,m1; +- register long l=length; ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec1, DES_cblock *ivec2, int enc) ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1, m0, m1; ++ register long l = length; + DES_LONG tin[2]; +- unsigned char *iv1,*iv2; ++ unsigned char *iv1, *iv2; + + iv1 = &(*ivec1)[0]; + iv2 = &(*ivec2)[0]; + +- if (enc) +- { +- c2l(iv1,m0); +- c2l(iv1,m1); +- c2l(iv2,tout0); +- c2l(iv2,tout1); +- for (l-=8; l>=-7; l-=8) +- { +- tin[0]=m0; +- tin[1]=m1; +- DES_encrypt1(tin,ks3,1); +- m0=tin[0]; +- m1=tin[1]; +- +- if(l < 0) +- { +- c2ln(in,tin0,tin1,l+8); +- } +- else +- { +- c2l(in,tin0); +- c2l(in,tin1); +- } +- tin0^=tout0; +- tin1^=tout1; +- +- tin[0]=tin0; +- tin[1]=tin1; +- DES_encrypt1(tin,ks1,1); +- tin[0]^=m0; +- tin[1]^=m1; +- DES_encrypt1(tin,ks2,0); +- tin[0]^=m0; +- tin[1]^=m1; +- DES_encrypt1(tin,ks1,1); +- tout0=tin[0]; +- tout1=tin[1]; +- +- l2c(tout0,out); +- l2c(tout1,out); +- } +- iv1=&(*ivec1)[0]; +- l2c(m0,iv1); +- l2c(m1,iv1); +- +- iv2=&(*ivec2)[0]; +- l2c(tout0,iv2); +- l2c(tout1,iv2); +- } +- else +- { +- register DES_LONG t0,t1; +- +- c2l(iv1,m0); +- c2l(iv1,m1); +- c2l(iv2,xor0); +- c2l(iv2,xor1); +- for (l-=8; l>=-7; l-=8) +- { +- tin[0]=m0; +- tin[1]=m1; +- DES_encrypt1(tin,ks3,1); +- m0=tin[0]; +- m1=tin[1]; +- +- c2l(in,tin0); +- c2l(in,tin1); +- +- t0=tin0; +- t1=tin1; +- +- tin[0]=tin0; +- tin[1]=tin1; +- DES_encrypt1(tin,ks1,0); +- tin[0]^=m0; +- tin[1]^=m1; +- DES_encrypt1(tin,ks2,1); +- tin[0]^=m0; +- tin[1]^=m1; +- DES_encrypt1(tin,ks1,0); +- tout0=tin[0]; +- tout1=tin[1]; +- +- tout0^=xor0; +- tout1^=xor1; +- if(l < 0) +- { +- l2cn(tout0,tout1,out,l+8); +- } +- else +- { +- l2c(tout0,out); +- l2c(tout1,out); +- } +- xor0=t0; +- xor1=t1; +- } +- +- iv1=&(*ivec1)[0]; +- l2c(m0,iv1); +- l2c(m1,iv1); +- +- iv2=&(*ivec2)[0]; +- l2c(xor0,iv2); +- l2c(xor1,iv2); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; ++ if (enc) { ++ c2l(iv1, m0); ++ c2l(iv1, m1); ++ c2l(iv2, tout0); ++ c2l(iv2, tout1); ++ for (l -= 8; l >= -7; l -= 8) { ++ tin[0] = m0; ++ tin[1] = m1; ++ DES_encrypt1(tin, ks3, 1); ++ m0 = tin[0]; ++ m1 = tin[1]; ++ ++ if (l < 0) { ++ c2ln(in, tin0, tin1, l + 8); ++ } else { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ } ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt1(tin, ks1, 1); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks2, 0); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks1, 1); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ iv1 = &(*ivec1)[0]; ++ l2c(m0, iv1); ++ l2c(m1, iv1); ++ ++ iv2 = &(*ivec2)[0]; ++ l2c(tout0, iv2); ++ l2c(tout1, iv2); ++ } else { ++ register DES_LONG t0, t1; ++ ++ c2l(iv1, m0); ++ c2l(iv1, m1); ++ c2l(iv2, xor0); ++ c2l(iv2, xor1); ++ for (l -= 8; l >= -7; l -= 8) { ++ tin[0] = m0; ++ tin[1] = m1; ++ DES_encrypt1(tin, ks3, 1); ++ m0 = tin[0]; ++ m1 = tin[1]; ++ ++ c2l(in, tin0); ++ c2l(in, tin1); ++ ++ t0 = tin0; ++ t1 = tin1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt1(tin, ks1, 0); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks2, 1); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks1, 0); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ tout0 ^= xor0; ++ tout1 ^= xor1; ++ if (l < 0) { ++ l2cn(tout0, tout1, out, l + 8); ++ } else { ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ xor0 = t0; ++ xor1 = t1; ++ } ++ ++ iv1 = &(*ivec1)[0]; ++ l2c(m0, iv1); ++ l2c(m1, iv1); ++ ++ iv2 = &(*ivec2)[0]; ++ l2c(xor0, iv2); ++ l2c(xor1, iv2); + } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c +index e7da2ec..8746e8b 100644 +--- a/Cryptlib/OpenSSL/crypto/des/enc_read.c ++++ b/Cryptlib/OpenSSL/crypto/des/enc_read.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,11 +62,12 @@ + #include "des_locl.h" + + /* This has some uglies in it but it works - even over sockets. */ +-/*extern int errno;*/ +-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; +- +- + /* ++ * extern int errno; ++ */ ++OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode) = DES_PCBC_MODE; ++ ++/*- + * WARNINGS: + * + * - The data format used by DES_enc_write() and DES_enc_read() +@@ -83,150 +84,145 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; + * used on multiple files. + */ + +- + int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, +- DES_cblock *iv) +- { +- /* data to be unencrypted */ +- int net_num=0; +- static unsigned char *net=NULL; +- /* extra unencrypted data +- * for when a block of 100 comes in but is des_read one byte at +- * a time. */ +- static unsigned char *unnet=NULL; +- static int unnet_start=0; +- static int unnet_left=0; +- static unsigned char *tmpbuf=NULL; +- int i; +- long num=0,rnum; +- unsigned char *p; +- +- if (tmpbuf == NULL) +- { +- tmpbuf=OPENSSL_malloc(BSIZE); +- if (tmpbuf == NULL) return(-1); +- } +- if (net == NULL) +- { +- net=OPENSSL_malloc(BSIZE); +- if (net == NULL) return(-1); +- } +- if (unnet == NULL) +- { +- unnet=OPENSSL_malloc(BSIZE); +- if (unnet == NULL) return(-1); +- } +- /* left over data from last decrypt */ +- if (unnet_left != 0) +- { +- if (unnet_left < len) +- { +- /* we still still need more data but will return +- * with the number of bytes we have - should always +- * check the return value */ +- memcpy(buf,&(unnet[unnet_start]), +- unnet_left); +- /* eay 26/08/92 I had the next 2 lines +- * reversed :-( */ +- i=unnet_left; +- unnet_start=unnet_left=0; +- } +- else +- { +- memcpy(buf,&(unnet[unnet_start]),len); +- unnet_start+=len; +- unnet_left-=len; +- i=len; +- } +- return(i); +- } +- +- /* We need to get more data. */ +- if (len > MAXWRITE) len=MAXWRITE; +- +- /* first - get the length */ +- while (net_num < HDRSIZE) +- { ++ DES_cblock *iv) ++{ ++ /* data to be unencrypted */ ++ int net_num = 0; ++ static unsigned char *net = NULL; ++ /* ++ * extra unencrypted data for when a block of 100 comes in but is ++ * des_read one byte at a time. ++ */ ++ static unsigned char *unnet = NULL; ++ static int unnet_start = 0; ++ static int unnet_left = 0; ++ static unsigned char *tmpbuf = NULL; ++ int i; ++ long num = 0, rnum; ++ unsigned char *p; ++ ++ if (tmpbuf == NULL) { ++ tmpbuf = OPENSSL_malloc(BSIZE); ++ if (tmpbuf == NULL) ++ return (-1); ++ } ++ if (net == NULL) { ++ net = OPENSSL_malloc(BSIZE); ++ if (net == NULL) ++ return (-1); ++ } ++ if (unnet == NULL) { ++ unnet = OPENSSL_malloc(BSIZE); ++ if (unnet == NULL) ++ return (-1); ++ } ++ /* left over data from last decrypt */ ++ if (unnet_left != 0) { ++ if (unnet_left < len) { ++ /* ++ * we still still need more data but will return with the number ++ * of bytes we have - should always check the return value ++ */ ++ memcpy(buf, &(unnet[unnet_start]), unnet_left); ++ /* ++ * eay 26/08/92 I had the next 2 lines reversed :-( ++ */ ++ i = unnet_left; ++ unnet_start = unnet_left = 0; ++ } else { ++ memcpy(buf, &(unnet[unnet_start]), len); ++ unnet_start += len; ++ unnet_left -= len; ++ i = len; ++ } ++ return (i); ++ } ++ ++ /* We need to get more data. */ ++ if (len > MAXWRITE) ++ len = MAXWRITE; ++ ++ /* first - get the length */ ++ while (net_num < HDRSIZE) { + #ifndef _WIN32 +- i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); ++ i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); + #else +- i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); ++ i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); + #endif + #ifdef EINTR +- if ((i == -1) && (errno == EINTR)) continue; ++ if ((i == -1) && (errno == EINTR)) ++ continue; + #endif +- if (i <= 0) return(0); +- net_num+=i; +- } +- +- /* we now have at net_num bytes in net */ +- p=net; +- /* num=0; */ +- n2l(p,num); +- /* num should be rounded up to the next group of eight +- * we make sure that we have read a multiple of 8 bytes from the net. +- */ +- if ((num > MAXWRITE) || (num < 0)) /* error */ +- return(-1); +- rnum=(num < 8)?8:((num+7)/8*8); +- +- net_num=0; +- while (net_num < rnum) +- { +- i=read(fd,(void *)&(net[net_num]),rnum-net_num); ++ if (i <= 0) ++ return (0); ++ net_num += i; ++ } ++ ++ /* we now have at net_num bytes in net */ ++ p = net; ++ /* num=0; */ ++ n2l(p, num); ++ /* ++ * num should be rounded up to the next group of eight we make sure that ++ * we have read a multiple of 8 bytes from the net. ++ */ ++ if ((num > MAXWRITE) || (num < 0)) /* error */ ++ return (-1); ++ rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8); ++ ++ net_num = 0; ++ while (net_num < rnum) { ++ i = read(fd, (void *)&(net[net_num]), rnum - net_num); + #ifdef EINTR +- if ((i == -1) && (errno == EINTR)) continue; ++ if ((i == -1) && (errno == EINTR)) ++ continue; + #endif +- if (i <= 0) return(0); +- net_num+=i; +- } +- +- /* Check if there will be data left over. */ +- if (len < num) +- { +- if (DES_rw_mode & DES_PCBC_MODE) +- DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); +- else +- DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); +- memcpy(buf,unnet,len); +- unnet_start=len; +- unnet_left=num-len; +- +- /* The following line is done because we return num +- * as the number of bytes read. */ +- num=len; +- } +- else +- { +- /* >output is a multiple of 8 byes, if len < rnum +- * >we must be careful. The user must be aware that this +- * >routine will write more bytes than he asked for. +- * >The length of the buffer must be correct. +- * FIXED - Should be ok now 18-9-90 - eay */ +- if (len < rnum) +- { +- +- if (DES_rw_mode & DES_PCBC_MODE) +- DES_pcbc_encrypt(net,tmpbuf,num,sched,iv, +- DES_DECRYPT); +- else +- DES_cbc_encrypt(net,tmpbuf,num,sched,iv, +- DES_DECRYPT); +- +- /* eay 26/08/92 fix a bug that returned more +- * bytes than you asked for (returned len bytes :-( */ +- memcpy(buf,tmpbuf,num); +- } +- else +- { +- if (DES_rw_mode & DES_PCBC_MODE) +- DES_pcbc_encrypt(net,buf,num,sched,iv, +- DES_DECRYPT); +- else +- DES_cbc_encrypt(net,buf,num,sched,iv, +- DES_DECRYPT); +- } +- } +- return num; +- } +- ++ if (i <= 0) ++ return (0); ++ net_num += i; ++ } ++ ++ /* Check if there will be data left over. */ ++ if (len < num) { ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); ++ else ++ DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); ++ memcpy(buf, unnet, len); ++ unnet_start = len; ++ unnet_left = num - len; ++ ++ /* ++ * The following line is done because we return num as the number of ++ * bytes read. ++ */ ++ num = len; ++ } else { ++ /*- ++ * >output is a multiple of 8 byes, if len < rnum ++ * >we must be careful. The user must be aware that this ++ * >routine will write more bytes than he asked for. ++ * >The length of the buffer must be correct. ++ * FIXED - Should be ok now 18-9-90 - eay */ ++ if (len < rnum) { ++ ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); ++ else ++ DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); ++ ++ /* ++ * eay 26/08/92 fix a bug that returned more bytes than you asked ++ * for (returned len bytes :-( ++ */ ++ memcpy(buf, tmpbuf, num); ++ } else { ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); ++ else ++ DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); ++ } ++ } ++ return num; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +index c2f032c..f9437eb 100644 +--- a/Cryptlib/OpenSSL/crypto/des/enc_writ.c ++++ b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + #include "des_locl.h" + #include + +-/* ++/*- + * WARNINGS: + * + * - The data format used by DES_enc_write() and DES_enc_read() +@@ -78,98 +78,96 @@ + */ + + int DES_enc_write(int fd, const void *_buf, int len, +- DES_key_schedule *sched, DES_cblock *iv) +- { ++ DES_key_schedule *sched, DES_cblock *iv) ++{ + #ifdef _LIBC +- extern unsigned long time(); +- extern int write(); ++ extern unsigned long time(); ++ extern int write(); + #endif +- const unsigned char *buf=_buf; +- long rnum; +- int i,j,k,outnum; +- static unsigned char *outbuf=NULL; +- unsigned char shortbuf[8]; +- unsigned char *p; +- const unsigned char *cp; +- static int start=1; ++ const unsigned char *buf = _buf; ++ long rnum; ++ int i, j, k, outnum; ++ static unsigned char *outbuf = NULL; ++ unsigned char shortbuf[8]; ++ unsigned char *p; ++ const unsigned char *cp; ++ static int start = 1; + +- if (outbuf == NULL) +- { +- outbuf=OPENSSL_malloc(BSIZE+HDRSIZE); +- if (outbuf == NULL) return(-1); +- } +- /* If we are sending less than 8 bytes, the same char will look +- * the same if we don't pad it out with random bytes */ +- if (start) +- { +- start=0; +- } ++ if (outbuf == NULL) { ++ outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); ++ if (outbuf == NULL) ++ return (-1); ++ } ++ /* ++ * If we are sending less than 8 bytes, the same char will look the same ++ * if we don't pad it out with random bytes ++ */ ++ if (start) { ++ start = 0; ++ } + +- /* lets recurse if we want to send the data in small chunks */ +- if (len > MAXWRITE) +- { +- j=0; +- for (i=0; i MAXWRITE)?MAXWRITE:(len-i),sched,iv); +- if (k < 0) +- return(k); +- else +- j+=k; +- } +- return(j); +- } ++ /* lets recurse if we want to send the data in small chunks */ ++ if (len > MAXWRITE) { ++ j = 0; ++ for (i = 0; i < len; i += k) { ++ k = DES_enc_write(fd, &(buf[i]), ++ ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), ++ sched, iv); ++ if (k < 0) ++ return (k); ++ else ++ j += k; ++ } ++ return (j); ++ } + +- /* write length first */ +- p=outbuf; +- l2n(len,p); ++ /* write length first */ ++ p = outbuf; ++ l2n(len, p); + +- /* pad short strings */ +- if (len < 8) +- { +- cp=shortbuf; +- memcpy(shortbuf,buf,len); +- RAND_pseudo_bytes(shortbuf+len, 8-len); +- rnum=8; +- } +- else +- { +- cp=buf; +- rnum=((len+7)/8*8); /* round up to nearest eight */ +- } ++ /* pad short strings */ ++ if (len < 8) { ++ cp = shortbuf; ++ memcpy(shortbuf, buf, len); ++ RAND_pseudo_bytes(shortbuf + len, 8 - len); ++ rnum = 8; ++ } else { ++ cp = buf; ++ rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */ ++ } + +- if (DES_rw_mode & DES_PCBC_MODE) +- DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv, +- DES_ENCRYPT); +- else +- DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv, +- DES_ENCRYPT); ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, ++ iv, DES_ENCRYPT); ++ else ++ DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, ++ iv, DES_ENCRYPT); + +- /* output */ +- outnum=rnum+HDRSIZE; ++ /* output */ ++ outnum = rnum + HDRSIZE; + +- for (j=0; j + #ifdef _OSD_POSIX +-#ifndef CHARSET_EBCDIC +-#define CHARSET_EBCDIC 1 +-#endif ++# ifndef CHARSET_EBCDIC ++# define CHARSET_EBCDIC 1 ++# endif + #endif + #ifdef CHARSET_EBCDIC +-#include ++# include + #endif + +-/* This version of crypt has been developed from my MIT compatible +- * DES library. +- * Eric Young (eay@cryptsoft.com) ++/* ++ * This version of crypt has been developed from my MIT compatible DES ++ * library. Eric Young (eay@cryptsoft.com) + */ + +-/* Modification by Jens Kupferschmidt (Cu) +- * I have included directive PARA for shared memory computers. +- * I have included a directive LONGCRYPT to using this routine to cipher +- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN +- * definition is the maximum of length of password and can changed. I have +- * defined 24. ++/* ++ * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for ++ * shared memory computers. I have included a directive LONGCRYPT to using ++ * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it ++ * used. The MAXPLEN definition is the maximum of length of password and can ++ * changed. I have defined 24. + */ + + #include "des_locl.h" + +-/* Added more values to handle illegal salt values the way normal +- * crypt() implementations do. The patch was sent by +- * Bjorn Gronvall ++/* ++ * Added more values to handle illegal salt values the way normal crypt() ++ * implementations do. The patch was sent by Bjorn Gronvall + */ +-static unsigned const char con_salt[128]={ +-0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9, +-0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1, +-0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9, +-0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1, +-0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9, +-0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01, +-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09, +-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A, +-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12, +-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A, +-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22, +-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24, +-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C, +-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34, +-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C, +-0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44, ++static unsigned const char con_salt[128] = { ++ 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, ++ 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, ++ 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, ++ 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, ++ 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, ++ 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, ++ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, ++ 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, ++ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, ++ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, ++ 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, ++ 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, ++ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, ++ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, ++ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, ++ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, + }; + +-static unsigned const char cov_2char[64]={ +-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35, +-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44, +-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C, +-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54, +-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62, +-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A, +-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72, +-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A ++static unsigned const char cov_2char[64] = { ++ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, ++ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, ++ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, ++ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, ++ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, ++ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, ++ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, ++ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A + }; + + char *DES_crypt(const char *buf, const char *salt) +- { +- static char buff[14]; ++{ ++ static char buff[14]; + + #ifndef CHARSET_EBCDIC +- return(DES_fcrypt(buf,salt,buff)); ++ return (DES_fcrypt(buf, salt, buff)); + #else +- char e_salt[2+1]; +- char e_buf[32+1]; /* replace 32 by 8 ? */ +- char *ret; ++ char e_salt[2 + 1]; ++ char e_buf[32 + 1]; /* replace 32 by 8 ? */ ++ char *ret; + +- /* Copy at most 2 chars of salt */ +- if ((e_salt[0] = salt[0]) != '\0') +- e_salt[1] = salt[1]; ++ /* Copy at most 2 chars of salt */ ++ if ((e_salt[0] = salt[0]) != '\0') ++ e_salt[1] = salt[1]; + +- /* Copy at most 32 chars of password */ +- strncpy (e_buf, buf, sizeof(e_buf)); ++ /* Copy at most 32 chars of password */ ++ strncpy(e_buf, buf, sizeof(e_buf)); + +- /* Make sure we have a delimiter */ +- e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0'; ++ /* Make sure we have a delimiter */ ++ e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; + +- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ +- ebcdic2ascii(e_salt, e_salt, sizeof e_salt); ++ /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ ++ ebcdic2ascii(e_salt, e_salt, sizeof e_salt); + +- /* Convert the cleartext password to ASCII */ +- ebcdic2ascii(e_buf, e_buf, sizeof e_buf); ++ /* Convert the cleartext password to ASCII */ ++ ebcdic2ascii(e_buf, e_buf, sizeof e_buf); + +- /* Encrypt it (from/to ASCII) */ +- ret = DES_fcrypt(e_buf,e_salt,buff); ++ /* Encrypt it (from/to ASCII) */ ++ ret = DES_fcrypt(e_buf, e_salt, buff); + +- /* Convert the result back to EBCDIC */ +- ascii2ebcdic(ret, ret, strlen(ret)); +- +- return ret; +-#endif +- } ++ /* Convert the result back to EBCDIC */ ++ ascii2ebcdic(ret, ret, strlen(ret)); + ++ return ret; ++#endif ++} + + char *DES_fcrypt(const char *buf, const char *salt, char *ret) +- { +- unsigned int i,j,x,y; +- DES_LONG Eswap0,Eswap1; +- DES_LONG out[2],ll; +- DES_cblock key; +- DES_key_schedule ks; +- unsigned char bb[9]; +- unsigned char *b=bb; +- unsigned char c,u; +- +- /* eay 25/08/92 +- * If you call crypt("pwd","*") as often happens when you +- * have * as the pwd field in /etc/passwd, the function +- * returns *\0XXXXXXXXX +- * The \0 makes the string look like * so the pwd "*" would +- * crypt to "*". This was found when replacing the crypt in +- * our shared libraries. People found that the disabled +- * accounts effectively had no passwd :-(. */ ++{ ++ unsigned int i, j, x, y; ++ DES_LONG Eswap0, Eswap1; ++ DES_LONG out[2], ll; ++ DES_cblock key; ++ DES_key_schedule ks; ++ unsigned char bb[9]; ++ unsigned char *b = bb; ++ unsigned char c, u; ++ ++ /* ++ * eay 25/08/92 If you call crypt("pwd","*") as often happens when you ++ * have * as the pwd field in /etc/passwd, the function returns ++ * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would ++ * crypt to "*". This was found when replacing the crypt in our shared ++ * libraries. People found that the disabled accounts effectively had no ++ * passwd :-(. ++ */ + #ifndef CHARSET_EBCDIC +- x=ret[0]=((salt[0] == '\0')?'A':salt[0]); +- Eswap0=con_salt[x]<<2; +- x=ret[1]=((salt[1] == '\0')?'A':salt[1]); +- Eswap1=con_salt[x]<<6; ++ x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]); ++ Eswap0 = con_salt[x] << 2; ++ x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]); ++ Eswap1 = con_salt[x] << 6; + #else +- x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]); +- Eswap0=con_salt[x]<<2; +- x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]); +- Eswap1=con_salt[x]<<6; ++ x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]); ++ Eswap0 = con_salt[x] << 2; ++ x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]); ++ Eswap1 = con_salt[x] << 6; + #endif + +-/* EAY +-r=strlen(buf); +-r=(r+7)/8; +-*/ +- for (i=0; i<8; i++) +- { +- c= *(buf++); +- if (!c) break; +- key[i]=(c<<1); +- } +- for (; i<8; i++) +- key[i]=0; +- +- DES_set_key_unchecked(&key,&ks); +- fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1); +- +- ll=out[0]; l2c(ll,b); +- ll=out[1]; l2c(ll,b); +- y=0; +- u=0x80; +- bb[8]=0; +- for (i=2; i<13; i++) +- { +- c=0; +- for (j=0; j<6; j++) +- { +- c<<=1; +- if (bb[y] & u) c|=1; +- u>>=1; +- if (!u) +- { +- y++; +- u=0x80; +- } +- } +- ret[i]=cov_2char[c]; +- } +- ret[13]='\0'; +- return(ret); +- } +- ++ /* ++ * EAY r=strlen(buf); r=(r+7)/8; ++ */ ++ for (i = 0; i < 8; i++) { ++ c = *(buf++); ++ if (!c) ++ break; ++ key[i] = (c << 1); ++ } ++ for (; i < 8; i++) ++ key[i] = 0; ++ ++ DES_set_key_unchecked(&key, &ks); ++ fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); ++ ++ ll = out[0]; ++ l2c(ll, b); ++ ll = out[1]; ++ l2c(ll, b); ++ y = 0; ++ u = 0x80; ++ bb[8] = 0; ++ for (i = 2; i < 13; i++) { ++ c = 0; ++ for (j = 0; j < 6; j++) { ++ c <<= 1; ++ if (bb[y] & u) ++ c |= 1; ++ u >>= 1; ++ if (!u) { ++ y++; ++ u = 0x80; ++ } ++ } ++ ret[i] = cov_2char[c]; ++ } ++ ret[13] = '\0'; ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +index 1390138..f6c88e1 100644 +--- a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c ++++ b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,9 +58,9 @@ + + #include + +-/* This version of crypt has been developed from my MIT compatible +- * DES library. +- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au ++/* ++ * This version of crypt has been developed from my MIT compatible DES ++ * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au + * Eric Young (eay@cryptsoft.com) + */ + +@@ -70,76 +70,73 @@ + + #undef PERM_OP + #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ +- (b)^=(t),\ +- (a)^=((t)<<(n))) ++ (b)^=(t),\ ++ (a)^=((t)<<(n))) + + #undef HPERM_OP + #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ +- (a)=(a)^(t)^(t>>(16-(n))))\ ++ (a)=(a)^(t)^(t>>(16-(n))))\ + + void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, +- DES_LONG Eswap1) +- { +- register DES_LONG l,r,t,u; ++ DES_LONG Eswap1) ++{ ++ register DES_LONG l, r, t, u; + #ifdef DES_PTR +- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; ++ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; + #endif +- register DES_LONG *s; +- register int j; +- register DES_LONG E0,E1; ++ register DES_LONG *s; ++ register int j; ++ register DES_LONG E0, E1; + +- l=0; +- r=0; ++ l = 0; ++ r = 0; + +- s=(DES_LONG *)ks; +- E0=Eswap0; +- E1=Eswap1; ++ s = (DES_LONG *)ks; ++ E0 = Eswap0; ++ E1 = Eswap1; + +- for (j=0; j<25; j++) +- { ++ for (j = 0; j < 25; j++) { + #ifndef DES_UNROLL +- register int i; ++ register int i; + +- for (i=0; i<32; i+=8) +- { +- D_ENCRYPT(l,r,i+0); /* 1 */ +- D_ENCRYPT(r,l,i+2); /* 2 */ +- D_ENCRYPT(l,r,i+4); /* 1 */ +- D_ENCRYPT(r,l,i+6); /* 2 */ +- } ++ for (i = 0; i < 32; i += 8) { ++ D_ENCRYPT(l, r, i + 0); /* 1 */ ++ D_ENCRYPT(r, l, i + 2); /* 2 */ ++ D_ENCRYPT(l, r, i + 4); /* 1 */ ++ D_ENCRYPT(r, l, i + 6); /* 2 */ ++ } + #else +- D_ENCRYPT(l,r, 0); /* 1 */ +- D_ENCRYPT(r,l, 2); /* 2 */ +- D_ENCRYPT(l,r, 4); /* 3 */ +- D_ENCRYPT(r,l, 6); /* 4 */ +- D_ENCRYPT(l,r, 8); /* 5 */ +- D_ENCRYPT(r,l,10); /* 6 */ +- D_ENCRYPT(l,r,12); /* 7 */ +- D_ENCRYPT(r,l,14); /* 8 */ +- D_ENCRYPT(l,r,16); /* 9 */ +- D_ENCRYPT(r,l,18); /* 10 */ +- D_ENCRYPT(l,r,20); /* 11 */ +- D_ENCRYPT(r,l,22); /* 12 */ +- D_ENCRYPT(l,r,24); /* 13 */ +- D_ENCRYPT(r,l,26); /* 14 */ +- D_ENCRYPT(l,r,28); /* 15 */ +- D_ENCRYPT(r,l,30); /* 16 */ ++ D_ENCRYPT(l, r, 0); /* 1 */ ++ D_ENCRYPT(r, l, 2); /* 2 */ ++ D_ENCRYPT(l, r, 4); /* 3 */ ++ D_ENCRYPT(r, l, 6); /* 4 */ ++ D_ENCRYPT(l, r, 8); /* 5 */ ++ D_ENCRYPT(r, l, 10); /* 6 */ ++ D_ENCRYPT(l, r, 12); /* 7 */ ++ D_ENCRYPT(r, l, 14); /* 8 */ ++ D_ENCRYPT(l, r, 16); /* 9 */ ++ D_ENCRYPT(r, l, 18); /* 10 */ ++ D_ENCRYPT(l, r, 20); /* 11 */ ++ D_ENCRYPT(r, l, 22); /* 12 */ ++ D_ENCRYPT(l, r, 24); /* 13 */ ++ D_ENCRYPT(r, l, 26); /* 14 */ ++ D_ENCRYPT(l, r, 28); /* 15 */ ++ D_ENCRYPT(r, l, 30); /* 16 */ + #endif + +- t=l; +- l=r; +- r=t; +- } +- l=ROTATE(l,3)&0xffffffffL; +- r=ROTATE(r,3)&0xffffffffL; +- +- PERM_OP(l,r,t, 1,0x55555555L); +- PERM_OP(r,l,t, 8,0x00ff00ffL); +- PERM_OP(l,r,t, 2,0x33333333L); +- PERM_OP(r,l,t,16,0x0000ffffL); +- PERM_OP(l,r,t, 4,0x0f0f0f0fL); ++ t = l; ++ l = r; ++ r = t; ++ } ++ l = ROTATE(l, 3) & 0xffffffffL; ++ r = ROTATE(r, 3) & 0xffffffffL; + +- out[0]=r; +- out[1]=l; +- } ++ PERM_OP(l, r, t, 1, 0x55555555L); ++ PERM_OP(r, l, t, 8, 0x00ff00ffL); ++ PERM_OP(l, r, t, 2, 0x33333333L); ++ PERM_OP(r, l, t, 16, 0x0000ffffL); ++ PERM_OP(l, r, t, 4, 0x0f0f0f0fL); + ++ out[0] = r; ++ out[1] = l; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c +index 26bbf9a..45c6750 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c ++++ b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,68 +58,66 @@ + + #include "des_locl.h" + +-/* The input and output encrypted as though 64bit ofb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + void DES_ede3_ofb64_encrypt(register const unsigned char *in, +- register unsigned char *out, long length, +- DES_key_schedule *k1, DES_key_schedule *k2, +- DES_key_schedule *k3, DES_cblock *ivec, +- int *num) +- { +- register DES_LONG v0,v1; +- register int n= *num; +- register long l=length; +- DES_cblock d; +- register char *dp; +- DES_LONG ti[2]; +- unsigned char *iv; +- int save=0; ++ register unsigned char *out, long length, ++ DES_key_schedule *k1, DES_key_schedule *k2, ++ DES_key_schedule *k3, DES_cblock *ivec, int *num) ++{ ++ register DES_LONG v0, v1; ++ register int n = *num; ++ register long l = length; ++ DES_cblock d; ++ register char *dp; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ int save = 0; + +- iv = &(*ivec)[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- dp=(char *)d; +- l2c(v0,dp); +- l2c(v1,dp); +- while (l--) +- { +- if (n == 0) +- { +- /* ti[0]=v0; */ +- /* ti[1]=v1; */ +- DES_encrypt3(ti,k1,k2,k3); +- v0=ti[0]; +- v1=ti[1]; ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = (char *)d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ /* ti[0]=v0; */ ++ /* ti[1]=v1; */ ++ DES_encrypt3(ti, k1, k2, k3); ++ v0 = ti[0]; ++ v1 = ti[1]; + +- dp=(char *)d; +- l2c(v0,dp); +- l2c(v1,dp); +- save++; +- } +- *(out++)= *(in++)^d[n]; +- n=(n+1)&0x07; +- } +- if (save) +- { +-/* v0=ti[0]; +- v1=ti[1];*/ +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- } +- v0=v1=ti[0]=ti[1]=0; +- *num=n; +- } ++ dp = (char *)d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++/*- v0=ti[0]; ++ v1=ti[1];*/ ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ } ++ v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} + +-#ifdef undef /* MACRO */ ++#ifdef undef /* MACRO */ + void DES_ede2_ofb64_encrypt(register unsigned char *in, +- register unsigned char *out, long length, DES_key_schedule k1, +- DES_key_schedule k2, DES_cblock (*ivec), int *num) +- { +- DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); +- } ++ register unsigned char *out, long length, ++ DES_key_schedule k1, DES_key_schedule k2, ++ DES_cblock (*ivec), int *num) ++{ ++ DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c +index 8ca3d49..8e72dec 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,53 +58,52 @@ + + #include "des_locl.h" + +-/* The input and output encrypted as though 64bit ofb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + void DES_ofb64_encrypt(register const unsigned char *in, +- register unsigned char *out, long length, +- DES_key_schedule *schedule, DES_cblock *ivec, int *num) +- { +- register DES_LONG v0,v1,t; +- register int n= *num; +- register long l=length; +- DES_cblock d; +- register unsigned char *dp; +- DES_LONG ti[2]; +- unsigned char *iv; +- int save=0; +- +- iv = &(*ivec)[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- dp=d; +- l2c(v0,dp); +- l2c(v1,dp); +- while (l--) +- { +- if (n == 0) +- { +- DES_encrypt1(ti,schedule,DES_ENCRYPT); +- dp=d; +- t=ti[0]; l2c(t,dp); +- t=ti[1]; l2c(t,dp); +- save++; +- } +- *(out++)= *(in++)^d[n]; +- n=(n+1)&0x07; +- } +- if (save) +- { +- v0=ti[0]; +- v1=ti[1]; +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- } +- t=v0=v1=ti[0]=ti[1]=0; +- *num=n; +- } ++ register unsigned char *out, long length, ++ DES_key_schedule *schedule, DES_cblock *ivec, int *num) ++{ ++ register DES_LONG v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ DES_cblock d; ++ register unsigned char *dp; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ int save = 0; + ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ DES_encrypt1(ti, schedule, DES_ENCRYPT); ++ dp = d; ++ t = ti[0]; ++ l2c(t, dp); ++ t = ti[1]; ++ l2c(t, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++ v0 = ti[0]; ++ v1 = ti[1]; ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ } ++ t = v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c +index e887a3c..02a7877 100644 +--- a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,78 +58,74 @@ + + #include "des_locl.h" + +-/* The input and output are loaded in multiples of 8 bits. +- * What this means is that if you hame numbits=12 and length=2 +- * the first 12 bits will be retrieved from the first byte and half +- * the second. The second 12 bits will come from the 3rd and half the 4th +- * byte. ++/* ++ * The input and output are loaded in multiples of 8 bits. What this means is ++ * that if you hame numbits=12 and length=2 the first 12 bits will be ++ * retrieved from the first byte and half the second. The second 12 bits ++ * will come from the 3rd and half the 4th byte. + */ + void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, +- long length, DES_key_schedule *schedule, +- DES_cblock *ivec) +- { +- register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8; +- register DES_LONG mask0,mask1; +- register long l=length; +- register int num=numbits; +- DES_LONG ti[2]; +- unsigned char *iv; ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec) ++{ ++ register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8; ++ register DES_LONG mask0, mask1; ++ register long l = length; ++ register int num = numbits; ++ DES_LONG ti[2]; ++ unsigned char *iv; + +- if (num > 64) return; +- if (num > 32) +- { +- mask0=0xffffffffL; +- if (num >= 64) +- mask1=mask0; +- else +- mask1=(1L<<(num-32))-1; +- } +- else +- { +- if (num == 32) +- mask0=0xffffffffL; +- else +- mask0=(1L< 64) ++ return; ++ if (num > 32) { ++ mask0 = 0xffffffffL; ++ if (num >= 64) ++ mask1 = mask0; ++ else ++ mask1 = (1L << (num - 32)) - 1; ++ } else { ++ if (num == 32) ++ mask0 = 0xffffffffL; ++ else ++ mask0 = (1L << num) - 1; ++ mask1 = 0x00000000L; ++ } + +- iv = &(*ivec)[0]; +- c2l(iv,v0); +- c2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- while (l-- > 0) +- { +- ti[0]=v0; +- ti[1]=v1; +- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); +- vv0=ti[0]; +- vv1=ti[1]; +- c2ln(in,d0,d1,n); +- in+=n; +- d0=(d0^vv0)&mask0; +- d1=(d1^vv1)&mask1; +- l2cn(d0,d1,out,n); +- out+=n; ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ while (l-- > 0) { ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); ++ vv0 = ti[0]; ++ vv1 = ti[1]; ++ c2ln(in, d0, d1, n); ++ in += n; ++ d0 = (d0 ^ vv0) & mask0; ++ d1 = (d1 ^ vv1) & mask1; ++ l2cn(d0, d1, out, n); ++ out += n; + +- if (num == 32) +- { v0=v1; v1=vv0; } +- else if (num == 64) +- { v0=vv0; v1=vv1; } +- else if (num > 32) /* && num != 64 */ +- { +- v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL; +- v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL; +- } +- else /* num < 32 */ +- { +- v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; +- v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL; +- } +- } +- iv = &(*ivec)[0]; +- l2c(v0,iv); +- l2c(v1,iv); +- v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0; +- } ++ if (num == 32) { ++ v0 = v1; ++ v1 = vv0; ++ } else if (num == 64) { ++ v0 = vv0; ++ v1 = vv1; ++ } else if (num > 32) { /* && num != 64 */ ++ v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL; ++ v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL; ++ } else { /* num < 32 */ + ++ v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL; ++ v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL; ++ } ++ } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c +index 17a40f9..144d5ed 100644 +--- a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,65 +59,57 @@ + #include "des_locl.h" + + void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +- long length, DES_key_schedule *schedule, +- DES_cblock *ivec, int enc) +- { +- register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; +- DES_LONG tin[2]; +- const unsigned char *in; +- unsigned char *out,*iv; ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; ++ DES_LONG tin[2]; ++ const unsigned char *in; ++ unsigned char *out, *iv; + +- in=input; +- out=output; +- iv = &(*ivec)[0]; ++ in = input; ++ out = output; ++ iv = &(*ivec)[0]; + +- if (enc) +- { +- c2l(iv,xor0); +- c2l(iv,xor1); +- for (; length>0; length-=8) +- { +- if (length >= 8) +- { +- c2l(in,sin0); +- c2l(in,sin1); +- } +- else +- c2ln(in,sin0,sin1,length); +- tin[0]=sin0^xor0; +- tin[1]=sin1^xor1; +- DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); +- tout0=tin[0]; +- tout1=tin[1]; +- xor0=sin0^tout0; +- xor1=sin1^tout1; +- l2c(tout0,out); +- l2c(tout1,out); +- } +- } +- else +- { +- c2l(iv,xor0); c2l(iv,xor1); +- for (; length>0; length-=8) +- { +- c2l(in,sin0); +- c2l(in,sin1); +- tin[0]=sin0; +- tin[1]=sin1; +- DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- if (length >= 8) +- { +- l2c(tout0,out); +- l2c(tout1,out); +- } +- else +- l2cn(tout0,tout1,out,length); +- xor0=tout0^sin0; +- xor1=tout1^sin1; +- } +- } +- tin[0]=tin[1]=0; +- sin0=sin1=xor0=xor1=tout0=tout1=0; +- } ++ if (enc) { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (; length > 0; length -= 8) { ++ if (length >= 8) { ++ c2l(in, sin0); ++ c2l(in, sin1); ++ } else ++ c2ln(in, sin0, sin1, length); ++ tin[0] = sin0 ^ xor0; ++ tin[1] = sin1 ^ xor1; ++ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ xor0 = sin0 ^ tout0; ++ xor1 = sin1 ^ tout1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (; length > 0; length -= 8) { ++ c2l(in, sin0); ++ c2l(in, sin1); ++ tin[0] = sin0; ++ tin[1] = sin1; ++ DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ if (length >= 8) { ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } else ++ l2cn(tout0, tout1, out, length); ++ xor0 = tout0 ^ sin0; ++ xor1 = tout1 ^ sin1; ++ } ++ } ++ tin[0] = tin[1] = 0; ++ sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c +index dac2012..2a168a5 100644 +--- a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c ++++ b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,91 +49,95 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer +- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 +- * This module in only based on the code in this paper and is +- * almost definitely not the same as the MIT implementation. ++/* ++ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE ++ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in ++ * only based on the code in this paper and is almost definitely not the same ++ * as the MIT implementation. + */ + #include "des_locl.h" + + /* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */ +-#define Q_B0(a) (((DES_LONG)(a))) +-#define Q_B1(a) (((DES_LONG)(a))<<8) +-#define Q_B2(a) (((DES_LONG)(a))<<16) +-#define Q_B3(a) (((DES_LONG)(a))<<24) ++#define Q_B0(a) (((DES_LONG)(a))) ++#define Q_B1(a) (((DES_LONG)(a))<<8) ++#define Q_B2(a) (((DES_LONG)(a))<<16) ++#define Q_B3(a) (((DES_LONG)(a))<<24) + + /* used to scramble things a bit */ + /* Got the value MIT uses via brute force :-) 2/10/90 eay */ +-#define NOISE ((DES_LONG)83653421L) ++#define NOISE ((DES_LONG)83653421L) + + DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +- long length, int out_count, DES_cblock *seed) +- { +- DES_LONG z0,z1,t0,t1; +- int i; +- long l; +- const unsigned char *cp; ++ long length, int out_count, DES_cblock *seed) ++{ ++ DES_LONG z0, z1, t0, t1; ++ int i; ++ long l; ++ const unsigned char *cp; + #ifdef _CRAY +- struct lp_st { int a:32; int b:32; } *lp; ++ struct lp_st { ++ int a:32; ++ int b:32; ++ } *lp; + #else +- DES_LONG *lp; ++ DES_LONG *lp; + #endif + +- if (out_count < 1) out_count=1; ++ if (out_count < 1) ++ out_count = 1; + #ifdef _CRAY +- lp = (struct lp_st *) &(output[0])[0]; ++ lp = (struct lp_st *)&(output[0])[0]; + #else +- lp = (DES_LONG *) &(output[0])[0]; ++ lp = (DES_LONG *)&(output[0])[0]; + #endif + +- z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]); +- z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]); ++ z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | ++ Q_B3((*seed)[3]); ++ z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | ++ Q_B3((*seed)[7]); + +- for (i=0; ((i<4)&&(i 0) +- { +- if (l > 1) +- { +- t0= (DES_LONG)(*(cp++)); +- t0|=(DES_LONG)Q_B1(*(cp++)); +- l--; +- } +- else +- t0= (DES_LONG)(*(cp++)); +- l--; +- /* add */ +- t0+=z0; +- t0&=0xffffffffL; +- t1=z1; +- /* square, well sort of square */ +- z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL)) +- &0xffffffffL)%0x7fffffffL; +- z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL; +- } +- if (lp != NULL) +- { +- /* The MIT library assumes that the checksum is +- * composed of 2*out_count 32 bit ints */ ++ for (i = 0; ((i < 4) && (i < out_count)); i++) { ++ cp = input; ++ l = length; ++ while (l > 0) { ++ if (l > 1) { ++ t0 = (DES_LONG)(*(cp++)); ++ t0 |= (DES_LONG)Q_B1(*(cp++)); ++ l--; ++ } else ++ t0 = (DES_LONG)(*(cp++)); ++ l--; ++ /* add */ ++ t0 += z0; ++ t0 &= 0xffffffffL; ++ t1 = z1; ++ /* square, well sort of square */ ++ z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL)) ++ & 0xffffffffL) % 0x7fffffffL; ++ z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % ++ 0x7fffffffL; ++ } ++ if (lp != NULL) { ++ /* ++ * The MIT library assumes that the checksum is composed of ++ * 2*out_count 32 bit ints ++ */ + #ifdef _CRAY +- (*lp).a = z0; +- (*lp).b = z1; +- lp++; ++ (*lp).a = z0; ++ (*lp).b = z1; ++ lp++; + #else +- *lp++ = z0; +- *lp++ = z1; ++ *lp++ = z0; ++ *lp++ = z1; + #endif +- } +- } +- return(z0); +- } +- ++ } ++ } ++ return (z0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c +index 2398165..b75cc5f 100644 +--- a/Cryptlib/OpenSSL/crypto/des/rand_key.c ++++ b/Cryptlib/OpenSSL/crypto/des/rand_key.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,12 +57,11 @@ + #include + + int DES_random_key(DES_cblock *ret) +- { +- do +- { +- if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) +- return (0); +- } while (DES_is_weak_key(ret)); +- DES_set_odd_parity(ret); +- return (1); +- } ++{ ++ do { ++ if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) ++ return (0); ++ } while (DES_is_weak_key(ret)); ++ DES_set_odd_parity(ret); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c +index ee6969f..01e275f 100644 +--- a/Cryptlib/OpenSSL/crypto/des/read2pwd.c ++++ b/Cryptlib/OpenSSL/crypto/des/read2pwd.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,21 +58,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -87,10 +87,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -102,7 +102,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -115,26 +115,26 @@ + #include + + int DES_read_password(DES_cblock *key, const char *prompt, int verify) +- { +- int ok; +- char buf[BUFSIZ],buff[BUFSIZ]; ++{ ++ int ok; ++ char buf[BUFSIZ], buff[BUFSIZ]; + +- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) +- DES_string_to_key(buf,key); +- OPENSSL_cleanse(buf,BUFSIZ); +- OPENSSL_cleanse(buff,BUFSIZ); +- return(ok); +- } ++ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) ++ DES_string_to_key(buf, key); ++ OPENSSL_cleanse(buf, BUFSIZ); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return (ok); ++} + +-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, +- int verify) +- { +- int ok; +- char buf[BUFSIZ],buff[BUFSIZ]; ++int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, ++ const char *prompt, int verify) ++{ ++ int ok; ++ char buf[BUFSIZ], buff[BUFSIZ]; + +- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) +- DES_string_to_2keys(buf,key1,key2); +- OPENSSL_cleanse(buf,BUFSIZ); +- OPENSSL_cleanse(buff,BUFSIZ); +- return(ok); +- } ++ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) ++ DES_string_to_2keys(buf, key1, key2); ++ OPENSSL_cleanse(buf, BUFSIZ); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c +index d937d08..f5a84c5 100644 +--- a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,39 +60,41 @@ + #include "des_locl.h" + #include "des_ver.h" + +-int _des_crypt(char *buf,int len,struct desparams *desp); ++int _des_crypt(char *buf, int len, struct desparams *desp); + int _des_crypt(char *buf, int len, struct desparams *desp) +- { +- DES_key_schedule ks; +- int enc; ++{ ++ DES_key_schedule ks; ++ int enc; + +- DES_set_key_unchecked(&desp->des_key,&ks); +- enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT; ++ DES_set_key_unchecked(&desp->des_key, &ks); ++ enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT; + +- if (desp->des_mode == CBC) +- DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, +- (DES_cblock *)desp->UDES.UDES_buf,&ks, +- enc); +- else +- { +- DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf, +- len,&ks,&desp->des_ivec,enc); ++ if (desp->des_mode == CBC) ++ DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, ++ (DES_cblock *)desp->UDES.UDES_buf, &ks, enc); ++ else { ++ DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf, ++ len, &ks, &desp->des_ivec, enc); + #ifdef undef +- /* len will always be %8 if called from common_crypt +- * in secure_rpc. +- * Libdes's cbc encrypt does not copy back the iv, +- * so we have to do it here. */ +- /* It does now :-) eay 20/09/95 */ ++ /* ++ * len will always be %8 if called from common_crypt in secure_rpc. ++ * Libdes's cbc encrypt does not copy back the iv, so we have to do ++ * it here. ++ */ ++ /* It does now :-) eay 20/09/95 */ + +- a=(char *)&(desp->UDES.UDES_buf[len-8]); +- b=(char *)&(desp->des_ivec[0]); ++ a = (char *)&(desp->UDES.UDES_buf[len - 8]); ++ b = (char *)&(desp->des_ivec[0]); + +- *(a++)= *(b++); *(a++)= *(b++); +- *(a++)= *(b++); *(a++)= *(b++); +- *(a++)= *(b++); *(a++)= *(b++); +- *(a++)= *(b++); *(a++)= *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); + #endif +- } +- return(1); +- } +- ++ } ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c +index c0806d5..fdc8d50 100644 +--- a/Cryptlib/OpenSSL/crypto/des/set_key.c ++++ b/Cryptlib/OpenSSL/crypto/des/set_key.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,14 +49,15 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* set_key.c v 1.4 eay 24/9/91 ++/*- ++ * set_key.c v 1.4 eay 24/9/91 + * 1.4 Speed up by 400% :-) + * 1.3 added register declarations. + * 1.2 unrolled make_key_sched a bit more +@@ -65,51 +66,61 @@ + */ + #include "des_locl.h" + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + ++OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key); /* defaults to false */ + +-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ +- +-static const unsigned char odd_parity[256]={ +- 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, +- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, +- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, +- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, +- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, +- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, +- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, +-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, +-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, +-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, +-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, +-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, +-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, +-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, +-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, +-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; ++static const unsigned char odd_parity[256] = { ++ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, ++ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, ++ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, ++ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, ++ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, ++ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, ++ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, ++ 110, ++ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, ++ 127, ++ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, ++ 143, ++ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, ++ 158, ++ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, ++ 174, ++ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, ++ 191, ++ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, ++ 206, ++ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, ++ 223, ++ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, ++ 239, ++ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, ++ 254 ++}; + + void DES_set_odd_parity(DES_cblock *key) +- { +- unsigned int i; ++{ ++ unsigned int i; + +- for (i=0; i>(n))^(b))&(m)),\ +- * (b)^=(t),\ +- * (a)=((a)^((t)<<(n)))) ++ * (b)^=(t),\ ++ * (a)=((a)^((t)<<(n)))) + */ + + #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ +- (a)=(a)^(t)^(t>>(16-(n)))) ++ (a)=(a)^(t)^(t>>(16-(n)))) + +-static const DES_LONG des_skb[8][64]={ +- { +- /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ +- 0x00000000L,0x00000010L,0x20000000L,0x20000010L, +- 0x00010000L,0x00010010L,0x20010000L,0x20010010L, +- 0x00000800L,0x00000810L,0x20000800L,0x20000810L, +- 0x00010800L,0x00010810L,0x20010800L,0x20010810L, +- 0x00000020L,0x00000030L,0x20000020L,0x20000030L, +- 0x00010020L,0x00010030L,0x20010020L,0x20010030L, +- 0x00000820L,0x00000830L,0x20000820L,0x20000830L, +- 0x00010820L,0x00010830L,0x20010820L,0x20010830L, +- 0x00080000L,0x00080010L,0x20080000L,0x20080010L, +- 0x00090000L,0x00090010L,0x20090000L,0x20090010L, +- 0x00080800L,0x00080810L,0x20080800L,0x20080810L, +- 0x00090800L,0x00090810L,0x20090800L,0x20090810L, +- 0x00080020L,0x00080030L,0x20080020L,0x20080030L, +- 0x00090020L,0x00090030L,0x20090020L,0x20090030L, +- 0x00080820L,0x00080830L,0x20080820L,0x20080830L, +- 0x00090820L,0x00090830L,0x20090820L,0x20090830L, +- },{ +- /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ +- 0x00000000L,0x02000000L,0x00002000L,0x02002000L, +- 0x00200000L,0x02200000L,0x00202000L,0x02202000L, +- 0x00000004L,0x02000004L,0x00002004L,0x02002004L, +- 0x00200004L,0x02200004L,0x00202004L,0x02202004L, +- 0x00000400L,0x02000400L,0x00002400L,0x02002400L, +- 0x00200400L,0x02200400L,0x00202400L,0x02202400L, +- 0x00000404L,0x02000404L,0x00002404L,0x02002404L, +- 0x00200404L,0x02200404L,0x00202404L,0x02202404L, +- 0x10000000L,0x12000000L,0x10002000L,0x12002000L, +- 0x10200000L,0x12200000L,0x10202000L,0x12202000L, +- 0x10000004L,0x12000004L,0x10002004L,0x12002004L, +- 0x10200004L,0x12200004L,0x10202004L,0x12202004L, +- 0x10000400L,0x12000400L,0x10002400L,0x12002400L, +- 0x10200400L,0x12200400L,0x10202400L,0x12202400L, +- 0x10000404L,0x12000404L,0x10002404L,0x12002404L, +- 0x10200404L,0x12200404L,0x10202404L,0x12202404L, +- },{ +- /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ +- 0x00000000L,0x00000001L,0x00040000L,0x00040001L, +- 0x01000000L,0x01000001L,0x01040000L,0x01040001L, +- 0x00000002L,0x00000003L,0x00040002L,0x00040003L, +- 0x01000002L,0x01000003L,0x01040002L,0x01040003L, +- 0x00000200L,0x00000201L,0x00040200L,0x00040201L, +- 0x01000200L,0x01000201L,0x01040200L,0x01040201L, +- 0x00000202L,0x00000203L,0x00040202L,0x00040203L, +- 0x01000202L,0x01000203L,0x01040202L,0x01040203L, +- 0x08000000L,0x08000001L,0x08040000L,0x08040001L, +- 0x09000000L,0x09000001L,0x09040000L,0x09040001L, +- 0x08000002L,0x08000003L,0x08040002L,0x08040003L, +- 0x09000002L,0x09000003L,0x09040002L,0x09040003L, +- 0x08000200L,0x08000201L,0x08040200L,0x08040201L, +- 0x09000200L,0x09000201L,0x09040200L,0x09040201L, +- 0x08000202L,0x08000203L,0x08040202L,0x08040203L, +- 0x09000202L,0x09000203L,0x09040202L,0x09040203L, +- },{ +- /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ +- 0x00000000L,0x00100000L,0x00000100L,0x00100100L, +- 0x00000008L,0x00100008L,0x00000108L,0x00100108L, +- 0x00001000L,0x00101000L,0x00001100L,0x00101100L, +- 0x00001008L,0x00101008L,0x00001108L,0x00101108L, +- 0x04000000L,0x04100000L,0x04000100L,0x04100100L, +- 0x04000008L,0x04100008L,0x04000108L,0x04100108L, +- 0x04001000L,0x04101000L,0x04001100L,0x04101100L, +- 0x04001008L,0x04101008L,0x04001108L,0x04101108L, +- 0x00020000L,0x00120000L,0x00020100L,0x00120100L, +- 0x00020008L,0x00120008L,0x00020108L,0x00120108L, +- 0x00021000L,0x00121000L,0x00021100L,0x00121100L, +- 0x00021008L,0x00121008L,0x00021108L,0x00121108L, +- 0x04020000L,0x04120000L,0x04020100L,0x04120100L, +- 0x04020008L,0x04120008L,0x04020108L,0x04120108L, +- 0x04021000L,0x04121000L,0x04021100L,0x04121100L, +- 0x04021008L,0x04121008L,0x04021108L,0x04121108L, +- },{ +- /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ +- 0x00000000L,0x10000000L,0x00010000L,0x10010000L, +- 0x00000004L,0x10000004L,0x00010004L,0x10010004L, +- 0x20000000L,0x30000000L,0x20010000L,0x30010000L, +- 0x20000004L,0x30000004L,0x20010004L,0x30010004L, +- 0x00100000L,0x10100000L,0x00110000L,0x10110000L, +- 0x00100004L,0x10100004L,0x00110004L,0x10110004L, +- 0x20100000L,0x30100000L,0x20110000L,0x30110000L, +- 0x20100004L,0x30100004L,0x20110004L,0x30110004L, +- 0x00001000L,0x10001000L,0x00011000L,0x10011000L, +- 0x00001004L,0x10001004L,0x00011004L,0x10011004L, +- 0x20001000L,0x30001000L,0x20011000L,0x30011000L, +- 0x20001004L,0x30001004L,0x20011004L,0x30011004L, +- 0x00101000L,0x10101000L,0x00111000L,0x10111000L, +- 0x00101004L,0x10101004L,0x00111004L,0x10111004L, +- 0x20101000L,0x30101000L,0x20111000L,0x30111000L, +- 0x20101004L,0x30101004L,0x20111004L,0x30111004L, +- },{ +- /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ +- 0x00000000L,0x08000000L,0x00000008L,0x08000008L, +- 0x00000400L,0x08000400L,0x00000408L,0x08000408L, +- 0x00020000L,0x08020000L,0x00020008L,0x08020008L, +- 0x00020400L,0x08020400L,0x00020408L,0x08020408L, +- 0x00000001L,0x08000001L,0x00000009L,0x08000009L, +- 0x00000401L,0x08000401L,0x00000409L,0x08000409L, +- 0x00020001L,0x08020001L,0x00020009L,0x08020009L, +- 0x00020401L,0x08020401L,0x00020409L,0x08020409L, +- 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, +- 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, +- 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, +- 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, +- 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, +- 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, +- 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, +- 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, +- },{ +- /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ +- 0x00000000L,0x00000100L,0x00080000L,0x00080100L, +- 0x01000000L,0x01000100L,0x01080000L,0x01080100L, +- 0x00000010L,0x00000110L,0x00080010L,0x00080110L, +- 0x01000010L,0x01000110L,0x01080010L,0x01080110L, +- 0x00200000L,0x00200100L,0x00280000L,0x00280100L, +- 0x01200000L,0x01200100L,0x01280000L,0x01280100L, +- 0x00200010L,0x00200110L,0x00280010L,0x00280110L, +- 0x01200010L,0x01200110L,0x01280010L,0x01280110L, +- 0x00000200L,0x00000300L,0x00080200L,0x00080300L, +- 0x01000200L,0x01000300L,0x01080200L,0x01080300L, +- 0x00000210L,0x00000310L,0x00080210L,0x00080310L, +- 0x01000210L,0x01000310L,0x01080210L,0x01080310L, +- 0x00200200L,0x00200300L,0x00280200L,0x00280300L, +- 0x01200200L,0x01200300L,0x01280200L,0x01280300L, +- 0x00200210L,0x00200310L,0x00280210L,0x00280310L, +- 0x01200210L,0x01200310L,0x01280210L,0x01280310L, +- },{ +- /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ +- 0x00000000L,0x04000000L,0x00040000L,0x04040000L, +- 0x00000002L,0x04000002L,0x00040002L,0x04040002L, +- 0x00002000L,0x04002000L,0x00042000L,0x04042000L, +- 0x00002002L,0x04002002L,0x00042002L,0x04042002L, +- 0x00000020L,0x04000020L,0x00040020L,0x04040020L, +- 0x00000022L,0x04000022L,0x00040022L,0x04040022L, +- 0x00002020L,0x04002020L,0x00042020L,0x04042020L, +- 0x00002022L,0x04002022L,0x00042022L,0x04042022L, +- 0x00000800L,0x04000800L,0x00040800L,0x04040800L, +- 0x00000802L,0x04000802L,0x00040802L,0x04040802L, +- 0x00002800L,0x04002800L,0x00042800L,0x04042800L, +- 0x00002802L,0x04002802L,0x00042802L,0x04042802L, +- 0x00000820L,0x04000820L,0x00040820L,0x04040820L, +- 0x00000822L,0x04000822L,0x00040822L,0x04040822L, +- 0x00002820L,0x04002820L,0x00042820L,0x04042820L, +- 0x00002822L,0x04002822L,0x00042822L,0x04042822L, +- }}; ++static const DES_LONG des_skb[8][64] = { ++ { ++ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ ++ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, ++ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, ++ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, ++ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, ++ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, ++ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, ++ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, ++ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, ++ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, ++ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, ++ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, ++ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, ++ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, ++ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, ++ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, ++ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, ++ }, ++ { ++ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ ++ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, ++ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, ++ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, ++ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, ++ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, ++ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, ++ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, ++ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, ++ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, ++ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, ++ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, ++ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, ++ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, ++ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, ++ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, ++ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, ++ }, ++ { ++ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ ++ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, ++ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, ++ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, ++ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, ++ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, ++ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, ++ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, ++ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, ++ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, ++ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, ++ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, ++ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, ++ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, ++ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, ++ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, ++ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, ++ }, ++ { ++ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ ++ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, ++ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, ++ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, ++ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, ++ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, ++ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, ++ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, ++ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, ++ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, ++ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, ++ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, ++ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, ++ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, ++ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, ++ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, ++ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ ++ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, ++ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, ++ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, ++ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, ++ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, ++ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, ++ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, ++ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, ++ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, ++ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, ++ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, ++ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, ++ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, ++ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, ++ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, ++ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ ++ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, ++ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, ++ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, ++ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, ++ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, ++ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, ++ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, ++ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, ++ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, ++ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, ++ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, ++ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, ++ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, ++ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, ++ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, ++ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ ++ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, ++ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, ++ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, ++ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, ++ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, ++ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, ++ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, ++ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, ++ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, ++ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, ++ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, ++ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, ++ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, ++ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, ++ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, ++ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ ++ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, ++ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, ++ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, ++ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, ++ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, ++ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, ++ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, ++ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, ++ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, ++ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, ++ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, ++ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, ++ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, ++ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, ++ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, ++ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, ++ } ++}; + + int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) +- { +- if (DES_check_key) +- { +- return DES_set_key_checked(key, schedule); +- } +- else +- { +- DES_set_key_unchecked(key, schedule); +- return 0; +- } +- } ++{ ++ if (DES_check_key) { ++ return DES_set_key_checked(key, schedule); ++ } else { ++ DES_set_key_unchecked(key, schedule); ++ return 0; ++ } ++} + +-/* return 0 if key parity is odd (correct), ++/*- ++ * return 0 if key parity is odd (correct), + * return -1 if key parity error, + * return -2 if illegal weak key. + */ + int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) +- { +- if (!DES_check_key_parity(key)) +- return(-1); +- if (DES_is_weak_key(key)) +- return(-2); +- DES_set_key_unchecked(key, schedule); +- return 0; +- } ++{ ++ if (!DES_check_key_parity(key)) ++ return (-1); ++ if (DES_is_weak_key(key)) ++ return (-2); ++ DES_set_key_unchecked(key, schedule); ++ return 0; ++} + + void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) +- { +- static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; +- register DES_LONG c,d,t,s,t2; +- register const unsigned char *in; +- register DES_LONG *k; +- register int i; ++{ ++ static int shifts2[16] = ++ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; ++ register DES_LONG c, d, t, s, t2; ++ register const unsigned char *in; ++ register DES_LONG *k; ++ register int i; + + #ifdef OPENBSD_DEV_CRYPTO +- memcpy(schedule->key,key,sizeof schedule->key); +- schedule->session=NULL; ++ memcpy(schedule->key, key, sizeof schedule->key); ++ schedule->session = NULL; + #endif +- k = &schedule->ks->deslong[0]; +- in = &(*key)[0]; ++ k = &schedule->ks->deslong[0]; ++ in = &(*key)[0]; + + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ FIPS_selftest_check(); + #endif + +- c2l(in,c); +- c2l(in,d); ++ c2l(in, c); ++ c2l(in, d); + +- /* do PC1 in 47 simple operations :-) +- * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) +- * for the inspiration. :-) */ +- PERM_OP (d,c,t,4,0x0f0f0f0fL); +- HPERM_OP(c,t,-2,0xcccc0000L); +- HPERM_OP(d,t,-2,0xcccc0000L); +- PERM_OP (d,c,t,1,0x55555555L); +- PERM_OP (c,d,t,8,0x00ff00ffL); +- PERM_OP (d,c,t,1,0x55555555L); +- d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) | +- ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L)); +- c&=0x0fffffffL; ++ /* ++ * do PC1 in 47 simple operations :-) Thanks to John Fletcher ++ * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-) ++ */ ++ PERM_OP(d, c, t, 4, 0x0f0f0f0fL); ++ HPERM_OP(c, t, -2, 0xcccc0000L); ++ HPERM_OP(d, t, -2, 0xcccc0000L); ++ PERM_OP(d, c, t, 1, 0x55555555L); ++ PERM_OP(c, d, t, 8, 0x00ff00ffL); ++ PERM_OP(d, c, t, 1, 0x55555555L); ++ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | ++ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); ++ c &= 0x0fffffffL; + +- for (i=0; i>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); } +- else +- { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); } +- c&=0x0fffffffL; +- d&=0x0fffffffL; +- /* could be a few less shifts but I am to lazy at this +- * point in time to investigate */ +- s= des_skb[0][ (c )&0x3f ]| +- des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]| +- des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]| +- des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) | +- ((c>>22L)&0x38)]; +- t= des_skb[4][ (d )&0x3f ]| +- des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| +- des_skb[6][ (d>>15L)&0x3f ]| +- des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)]; ++ for (i = 0; i < ITERATIONS; i++) { ++ if (shifts2[i]) { ++ c = ((c >> 2L) | (c << 26L)); ++ d = ((d >> 2L) | (d << 26L)); ++ } else { ++ c = ((c >> 1L) | (c << 27L)); ++ d = ((d >> 1L) | (d << 27L)); ++ } ++ c &= 0x0fffffffL; ++ d &= 0x0fffffffL; ++ /* ++ * could be a few less shifts but I am to lazy at this point in time ++ * to investigate ++ */ ++ s = des_skb[0][(c) & 0x3f] | ++ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | ++ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | ++ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | ++ ((c >> 22L) & 0x38)]; ++ t = des_skb[4][(d) & 0x3f] | ++ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | ++ des_skb[6][(d >> 15L) & 0x3f] | ++ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; + +- /* table contained 0213 4657 */ +- t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL; +- *(k++)=ROTATE(t2,30)&0xffffffffL; ++ /* table contained 0213 4657 */ ++ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; ++ *(k++) = ROTATE(t2, 30) & 0xffffffffL; + +- t2=((s>>16L)|(t&0xffff0000L)); +- *(k++)=ROTATE(t2,26)&0xffffffffL; +- } +- } ++ t2 = ((s >> 16L) | (t & 0xffff0000L)); ++ *(k++) = ROTATE(t2, 26) & 0xffffffffL; ++ } ++} + + int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) +- { +- return(DES_set_key(key,schedule)); +- } +-/* ++{ ++ return (DES_set_key(key, schedule)); ++} ++ ++/*- + #undef des_fixup_key_parity + void des_fixup_key_parity(des_cblock *key) +- { +- des_set_odd_parity(key); +- } ++ { ++ des_set_odd_parity(key); ++ } + */ +- +diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c +index 9c2054b..d6468b3 100644 +--- a/Cryptlib/OpenSSL/crypto/des/str2key.c ++++ b/Cryptlib/OpenSSL/crypto/des/str2key.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,115 +60,105 @@ + #include + + void DES_string_to_key(const char *str, DES_cblock *key) +- { +- DES_key_schedule ks; +- int i,length; +- register unsigned char j; ++{ ++ DES_key_schedule ks; ++ int i, length; ++ register unsigned char j; + +- memset(key,0,8); +- length=strlen(str); ++ memset(key, 0, 8); ++ length = strlen(str); + #ifdef OLD_STR_TO_KEY +- for (i=0; i>4)&0x0f); +- j=((j<<2)&0xcc)|((j>>2)&0x33); +- j=((j<<1)&0xaa)|((j>>1)&0x55); +- (*key)[7-(i%8)]^=j; +- } +- } ++ for (i = 0; i < length; i++) ++ (*key)[i % 8] ^= (str[i] << 1); ++#else /* MIT COMPATIBLE */ ++ for (i = 0; i < length; i++) { ++ j = str[i]; ++ if ((i % 16) < 8) ++ (*key)[i % 8] ^= (j << 1); ++ else { ++ /* Reverse the bit order 05/05/92 eay */ ++ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); ++ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); ++ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); ++ (*key)[7 - (i % 8)] ^= j; ++ } ++ } + #endif +- DES_set_odd_parity(key); ++ DES_set_odd_parity(key); + #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY +- if(DES_is_weak_key(key)) +- (*key)[7] ^= 0xF0; +- DES_set_key(key,&ks); ++ if (DES_is_weak_key(key)) ++ (*key)[7] ^= 0xF0; ++ DES_set_key(key, &ks); + #else +- DES_set_key_unchecked(key,&ks); ++ DES_set_key_unchecked(key, &ks); + #endif +- DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); +- OPENSSL_cleanse(&ks,sizeof(ks)); +- DES_set_odd_parity(key); +- } ++ DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); ++ OPENSSL_cleanse(&ks, sizeof(ks)); ++ DES_set_odd_parity(key); ++} + + void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) +- { +- DES_key_schedule ks; +- int i,length; +- register unsigned char j; ++{ ++ DES_key_schedule ks; ++ int i, length; ++ register unsigned char j; + +- memset(key1,0,8); +- memset(key2,0,8); +- length=strlen(str); ++ memset(key1, 0, 8); ++ memset(key2, 0, 8); ++ length = strlen(str); + #ifdef OLD_STR_TO_KEY +- if (length <= 8) +- { +- for (i=0; i>4)&0x0f); +- j=((j<<2)&0xcc)|((j>>2)&0x33); +- j=((j<<1)&0xaa)|((j>>1)&0x55); +- if ((i%16) < 8) +- (*key1)[7-(i%8)]^=j; +- else +- (*key2)[7-(i%8)]^=j; +- } +- } +- if (length <= 8) memcpy(key2,key1,8); ++ if (length <= 8) { ++ for (i = 0; i < length; i++) { ++ (*key2)[i] = (*key1)[i] = (str[i] << 1); ++ } ++ } else { ++ for (i = 0; i < length; i++) { ++ if ((i / 8) & 1) ++ (*key2)[i % 8] ^= (str[i] << 1); ++ else ++ (*key1)[i % 8] ^= (str[i] << 1); ++ } ++ } ++#else /* MIT COMPATIBLE */ ++ for (i = 0; i < length; i++) { ++ j = str[i]; ++ if ((i % 32) < 16) { ++ if ((i % 16) < 8) ++ (*key1)[i % 8] ^= (j << 1); ++ else ++ (*key2)[i % 8] ^= (j << 1); ++ } else { ++ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); ++ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); ++ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); ++ if ((i % 16) < 8) ++ (*key1)[7 - (i % 8)] ^= j; ++ else ++ (*key2)[7 - (i % 8)] ^= j; ++ } ++ } ++ if (length <= 8) ++ memcpy(key2, key1, 8); + #endif +- DES_set_odd_parity(key1); +- DES_set_odd_parity(key2); ++ DES_set_odd_parity(key1); ++ DES_set_odd_parity(key2); + #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY +- if(DES_is_weak_key(key1)) +- (*key1)[7] ^= 0xF0; +- DES_set_key(key1,&ks); ++ if (DES_is_weak_key(key1)) ++ (*key1)[7] ^= 0xF0; ++ DES_set_key(key1, &ks); + #else +- DES_set_key_unchecked(key1,&ks); ++ DES_set_key_unchecked(key1, &ks); + #endif +- DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1); ++ DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); + #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY +- if(DES_is_weak_key(key2)) +- (*key2)[7] ^= 0xF0; +- DES_set_key(key2,&ks); ++ if (DES_is_weak_key(key2)) ++ (*key2)[7] ^= 0xF0; ++ DES_set_key(key2, &ks); + #else +- DES_set_key_unchecked(key2,&ks); ++ DES_set_key_unchecked(key2, &ks); + #endif +- DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); +- OPENSSL_cleanse(&ks,sizeof(ks)); +- DES_set_odd_parity(key1); +- DES_set_odd_parity(key2); +- } ++ DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); ++ OPENSSL_cleanse(&ks, sizeof(ks)); ++ DES_set_odd_parity(key1); ++ DES_set_odd_parity(key2); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +index dc0c761..3b614f4 100644 +--- a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c ++++ b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,138 +60,157 @@ + + /* RSA's DESX */ + +-#if 0 /* broken code, preserved just in case anyone specifically looks for this */ +-static unsigned char desx_white_in2out[256]={ +-0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, +-0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, +-0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36, +-0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C, +-0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60, +-0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA, +-0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E, +-0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF, +-0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6, +-0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3, +-0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C, +-0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2, +-0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5, +-0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5, +-0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F, +-0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB, +- }; ++#if 0 /* broken code, preserved just in case anyone ++ * specifically looks for this */ ++static unsigned char desx_white_in2out[256] = { ++ 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, ++ 0x1B, 0x33, 0xFD, 0xD0, ++ 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B, ++ 0x31, 0xBB, 0x21, 0x5A, ++ 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, ++ 0x27, 0x5F, 0x80, 0x36, ++ 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0, ++ 0xA6, 0x3F, 0xD8, 0x0C, ++ 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7, ++ 0xE8, 0x07, 0xB8, 0x60, ++ 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, ++ 0x86, 0x00, 0x84, 0xFA, ++ 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12, ++ 0xBA, 0x3C, 0x06, 0x4E, ++ 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71, ++ 0x74, 0xD3, 0xE4, 0xBF, ++ 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, ++ 0x79, 0x89, 0x62, 0xC6, ++ 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02, ++ 0x75, 0xD5, 0x61, 0xE3, ++ 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57, ++ 0x63, 0xCA, 0x3D, 0x6C, ++ 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, ++ 0x58, 0xE0, 0x01, 0xE2, ++ 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B, ++ 0x82, 0xF9, 0x40, 0xB5, ++ 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28, ++ 0xAA, 0x98, 0x9D, 0xA5, ++ 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, ++ 0xDD, 0x76, 0x5C, 0x2F, ++ 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9, ++ 0x4C, 0xFF, 0x43, 0xAB, ++}; + + void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, +- DES_cblock *out_white) +- { +- int out0,out1; +- int i; +- const unsigned char *key = &(*des_key)[0]; +- const unsigned char *in = &(*in_white)[0]; +- unsigned char *out = &(*out_white)[0]; ++ DES_cblock *out_white) ++{ ++ int out0, out1; ++ int i; ++ const unsigned char *key = &(*des_key)[0]; ++ const unsigned char *in = &(*in_white)[0]; ++ unsigned char *out = &(*out_white)[0]; + +- out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0; +- out0=out1=0; +- for (i=0; i<8; i++) +- { +- out[i]=key[i]^desx_white_in2out[out0^out1]; +- out0=out1; +- out1=(int)out[i&0x07]; +- } ++ out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0; ++ out0 = out1 = 0; ++ for (i = 0; i < 8; i++) { ++ out[i] = key[i] ^ desx_white_in2out[out0 ^ out1]; ++ out0 = out1; ++ out1 = (int)out[i & 0x07]; ++ } + +- out0=out[0]; +- out1=out[i]; /* BUG: out-of-bounds read */ +- for (i=0; i<8; i++) +- { +- out[i]=in[i]^desx_white_in2out[out0^out1]; +- out0=out1; +- out1=(int)out[i&0x07]; +- } +- } ++ out0 = out[0]; ++ out1 = out[i]; /* BUG: out-of-bounds read */ ++ for (i = 0; i < 8; i++) { ++ out[i] = in[i] ^ desx_white_in2out[out0 ^ out1]; ++ out0 = out1; ++ out1 = (int)out[i & 0x07]; ++ } ++} + #endif + + void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, +- long length, DES_key_schedule *schedule, +- DES_cblock *ivec, const_DES_cblock *inw, +- const_DES_cblock *outw, int enc) +- { +- register DES_LONG tin0,tin1; +- register DES_LONG tout0,tout1,xor0,xor1; +- register DES_LONG inW0,inW1,outW0,outW1; +- register const unsigned char *in2; +- register long l=length; +- DES_LONG tin[2]; +- unsigned char *iv; +- +- in2 = &(*inw)[0]; +- c2l(in2,inW0); +- c2l(in2,inW1); +- in2 = &(*outw)[0]; +- c2l(in2,outW0); +- c2l(in2,outW1); ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, const_DES_cblock *inw, ++ const_DES_cblock *outw, int enc) ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1; ++ register DES_LONG inW0, inW1, outW0, outW1; ++ register const unsigned char *in2; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv; + +- iv = &(*ivec)[0]; ++ in2 = &(*inw)[0]; ++ c2l(in2, inW0); ++ c2l(in2, inW1); ++ in2 = &(*outw)[0]; ++ c2l(in2, outW0); ++ c2l(in2, outW1); + +- if (enc) +- { +- c2l(iv,tout0); +- c2l(iv,tout1); +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- tin0^=tout0^inW0; tin[0]=tin0; +- tin1^=tout1^inW1; tin[1]=tin1; +- DES_encrypt1(tin,schedule,DES_ENCRYPT); +- tout0=tin[0]^outW0; l2c(tout0,out); +- tout1=tin[1]^outW1; l2c(tout1,out); +- } +- if (l != -8) +- { +- c2ln(in,tin0,tin1,l+8); +- tin0^=tout0^inW0; tin[0]=tin0; +- tin1^=tout1^inW1; tin[1]=tin1; +- DES_encrypt1(tin,schedule,DES_ENCRYPT); +- tout0=tin[0]^outW0; l2c(tout0,out); +- tout1=tin[1]^outW1; l2c(tout1,out); +- } +- iv = &(*ivec)[0]; +- l2c(tout0,iv); +- l2c(tout1,iv); +- } +- else +- { +- c2l(iv,xor0); +- c2l(iv,xor1); +- for (l-=8; l>0; l-=8) +- { +- c2l(in,tin0); tin[0]=tin0^outW0; +- c2l(in,tin1); tin[1]=tin1^outW1; +- DES_encrypt1(tin,schedule,DES_DECRYPT); +- tout0=tin[0]^xor0^inW0; +- tout1=tin[1]^xor1^inW1; +- l2c(tout0,out); +- l2c(tout1,out); +- xor0=tin0; +- xor1=tin1; +- } +- if (l != -8) +- { +- c2l(in,tin0); tin[0]=tin0^outW0; +- c2l(in,tin1); tin[1]=tin1^outW1; +- DES_encrypt1(tin,schedule,DES_DECRYPT); +- tout0=tin[0]^xor0^inW0; +- tout1=tin[1]^xor1^inW1; +- l2cn(tout0,tout1,out,l+8); +- xor0=tin0; +- xor1=tin1; +- } ++ iv = &(*ivec)[0]; + +- iv = &(*ivec)[0]; +- l2c(xor0,iv); +- l2c(xor1,iv); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- inW0=inW1=outW0=outW1=0; +- tin[0]=tin[1]=0; +- } ++ if (enc) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0 ^ inW0; ++ tin[0] = tin0; ++ tin1 ^= tout1 ^ inW1; ++ tin[1] = tin1; ++ DES_encrypt1(tin, schedule, DES_ENCRYPT); ++ tout0 = tin[0] ^ outW0; ++ l2c(tout0, out); ++ tout1 = tin[1] ^ outW1; ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0 ^ inW0; ++ tin[0] = tin0; ++ tin1 ^= tout1 ^ inW1; ++ tin[1] = tin1; ++ DES_encrypt1(tin, schedule, DES_ENCRYPT); ++ tout0 = tin[0] ^ outW0; ++ l2c(tout0, out); ++ tout1 = tin[1] ^ outW1; ++ l2c(tout1, out); ++ } ++ iv = &(*ivec)[0]; ++ l2c(tout0, iv); ++ l2c(tout1, iv); ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (l -= 8; l > 0; l -= 8) { ++ c2l(in, tin0); ++ tin[0] = tin0 ^ outW0; ++ c2l(in, tin1); ++ tin[1] = tin1 ^ outW1; ++ DES_encrypt1(tin, schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0 ^ inW0; ++ tout1 = tin[1] ^ xor1 ^ inW1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ tin[0] = tin0 ^ outW0; ++ c2l(in, tin1); ++ tin[1] = tin1 ^ outW1; ++ DES_encrypt1(tin, schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0 ^ inW0; ++ tout1 = tin[1] ^ xor1 ^ inW1; ++ l2cn(tout0, tout1, out, l + 8); ++ xor0 = tin0; ++ xor1 = tin1; ++ } + ++ iv = &(*ivec)[0]; ++ l2c(xor0, iv); ++ l2c(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ inW0 = inW1 = outW0 = outW1 = 0; ++ tin[0] = tin[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +index 76740af..d534986 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +@@ -1,6 +1,7 @@ + /* dh_asn1.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,22 +67,23 @@ + /* Override the default free and new methods */ + static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_NEW_PRE) { +- *pval = (ASN1_VALUE *)DH_new(); +- if(*pval) return 2; +- return 0; +- } else if(operation == ASN1_OP_FREE_PRE) { +- DH_free((DH *)*pval); +- *pval = NULL; +- return 2; +- } +- return 1; ++ if (operation == ASN1_OP_NEW_PRE) { ++ *pval = (ASN1_VALUE *)DH_new(); ++ if (*pval) ++ return 2; ++ return 0; ++ } else if (operation == ASN1_OP_FREE_PRE) { ++ DH_free((DH *)*pval); ++ *pval = NULL; ++ return 2; ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(DHparams, dh_cb) = { +- ASN1_SIMPLE(DH, p, BIGNUM), +- ASN1_SIMPLE(DH, g, BIGNUM), +- ASN1_OPT(DH, length, ZLONG), ++ ASN1_SIMPLE(DH, p, BIGNUM), ++ ASN1_SIMPLE(DH, g, BIGNUM), ++ ASN1_OPT(DH, length, ZLONG), + } ASN1_SEQUENCE_END_cb(DH, DHparams) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +index 316cb92..7909fd6 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,7 +61,8 @@ + #include + #include + +-/* Check that p is a safe prime and ++/*- ++ * Check that p is a safe prime and + * if g is 2, 3 or 5, check that it is a suitable generator + * where + * for 2, p mod 24 == 11 +@@ -73,74 +74,78 @@ + #ifndef OPENSSL_FIPS + + int DH_check(const DH *dh, int *ret) +- { +- int ok=0; +- BN_CTX *ctx=NULL; +- BN_ULONG l; +- BIGNUM *q=NULL; ++{ ++ int ok = 0; ++ BN_CTX *ctx = NULL; ++ BN_ULONG l; ++ BIGNUM *q = NULL; + +- *ret=0; +- ctx=BN_CTX_new(); +- if (ctx == NULL) goto err; +- q=BN_new(); +- if (q == NULL) goto err; ++ *ret = 0; ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ q = BN_new(); ++ if (q == NULL) ++ goto err; + +- if (BN_is_word(dh->g,DH_GENERATOR_2)) +- { +- l=BN_mod_word(dh->p,24); +- if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; +- } +-#if 0 +- else if (BN_is_word(dh->g,DH_GENERATOR_3)) +- { +- l=BN_mod_word(dh->p,12); +- if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; +- } +-#endif +- else if (BN_is_word(dh->g,DH_GENERATOR_5)) +- { +- l=BN_mod_word(dh->p,10); +- if ((l != 3) && (l != 7)) +- *ret|=DH_NOT_SUITABLE_GENERATOR; +- } +- else +- *ret|=DH_UNABLE_TO_CHECK_GENERATOR; ++ if (BN_is_word(dh->g, DH_GENERATOR_2)) { ++ l = BN_mod_word(dh->p, 24); ++ if (l != 11) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ } ++# if 0 ++ else if (BN_is_word(dh->g, DH_GENERATOR_3)) { ++ l = BN_mod_word(dh->p, 12); ++ if (l != 5) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ } ++# endif ++ else if (BN_is_word(dh->g, DH_GENERATOR_5)) { ++ l = BN_mod_word(dh->p, 10); ++ if ((l != 3) && (l != 7)) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ } else ++ *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + +- if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL)) +- *ret|=DH_CHECK_P_NOT_PRIME; +- else +- { +- if (!BN_rshift1(q,dh->p)) goto err; +- if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL)) +- *ret|=DH_CHECK_P_NOT_SAFE_PRIME; +- } +- ok=1; +-err: +- if (ctx != NULL) BN_CTX_free(ctx); +- if (q != NULL) BN_free(q); +- return(ok); +- } ++ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) ++ *ret |= DH_CHECK_P_NOT_PRIME; ++ else { ++ if (!BN_rshift1(q, dh->p)) ++ goto err; ++ if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL)) ++ *ret |= DH_CHECK_P_NOT_SAFE_PRIME; ++ } ++ ok = 1; ++ err: ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ if (q != NULL) ++ BN_free(q); ++ return (ok); ++} + + int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) +- { +- int ok=0; +- BIGNUM *q=NULL; ++{ ++ int ok = 0; ++ BIGNUM *q = NULL; + +- *ret=0; +- q=BN_new(); +- if (q == NULL) goto err; +- BN_set_word(q,1); +- if (BN_cmp(pub_key,q) <= 0) +- *ret|=DH_CHECK_PUBKEY_TOO_SMALL; +- BN_copy(q,dh->p); +- BN_sub_word(q,1); +- if (BN_cmp(pub_key,q) >= 0) +- *ret|=DH_CHECK_PUBKEY_TOO_LARGE; ++ *ret = 0; ++ q = BN_new(); ++ if (q == NULL) ++ goto err; ++ BN_set_word(q, 1); ++ if (BN_cmp(pub_key, q) <= 0) ++ *ret |= DH_CHECK_PUBKEY_TOO_SMALL; ++ BN_copy(q, dh->p); ++ BN_sub_word(q, 1); ++ if (BN_cmp(pub_key, q) >= 0) ++ *ret |= DH_CHECK_PUBKEY_TOO_LARGE; + +- ok = 1; +-err: +- if (q != NULL) BN_free(q); +- return(ok); +- } ++ ok = 1; ++ err: ++ if (q != NULL) ++ BN_free(q); ++ return (ok); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c +index acc05f2..b622119 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,6 @@ + * + */ + +- + /* This file contains deprecated functions as wrappers to the new ones */ + + #include +@@ -61,23 +60,23 @@ + #include + #include + +-static void *dummy=&dummy; ++static void *dummy = &dummy; + + #ifndef OPENSSL_NO_DEPRECATED + DH *DH_generate_parameters(int prime_len, int generator, +- void (*callback)(int,int,void *), void *cb_arg) +- { +- BN_GENCB cb; +- DH *ret=NULL; ++ void (*callback) (int, int, void *), void *cb_arg) ++{ ++ BN_GENCB cb; ++ DH *ret = NULL; + +- if((ret=DH_new()) == NULL) +- return NULL; ++ if ((ret = DH_new()) == NULL) ++ return NULL; + +- BN_GENCB_set_old(&cb, callback, cb_arg); ++ BN_GENCB_set_old(&cb, callback, cb_arg); + +- if(DH_generate_parameters_ex(ret, prime_len, generator, &cb)) +- return ret; +- DH_free(ret); +- return NULL; +- } ++ if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) ++ return ret; ++ DH_free(ret); ++ return NULL; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +index 13263c8..7e8ce82 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,44 +66,41 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) + +-static ERR_STRING_DATA DH_str_functs[]= +- { +-{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, +-{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, +-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, +-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, +-{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, +-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, +-{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +-{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, +-{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA DH_str_functs[] = { ++ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, ++ {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, ++ {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, ++ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, ++ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, ++ {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, ++ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, ++ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA DH_str_reasons[]= +- { +-{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +-{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +-{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +-{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA DH_str_reasons[] = { ++ {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"}, ++ {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, ++ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, ++ {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, ++ {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_DH_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(DH_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,DH_str_functs); +- ERR_load_strings(0,DH_str_reasons); +- } ++ if (ERR_func_error_string(DH_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, DH_str_functs); ++ ERR_load_strings(0, DH_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +index 999e1de..560d4bb 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,16 +49,16 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* NB: These functions have been upgraded - the previous prototypes are in +- * dh_depr.c as wrappers to these ones. +- * - Geoff ++/* ++ * NB: These functions have been upgraded - the previous prototypes are in ++ * dh_depr.c as wrappers to these ones. - Geoff + */ + + #include +@@ -68,16 +68,19 @@ + + #ifndef OPENSSL_FIPS + +-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); ++static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ++ BN_GENCB *cb); + +-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +- { +- if(ret->meth->generate_params) +- return ret->meth->generate_params(ret, prime_len, generator, cb); +- return dh_builtin_genparams(ret, prime_len, generator, cb); +- } ++int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, ++ BN_GENCB *cb) ++{ ++ if (ret->meth->generate_params) ++ return ret->meth->generate_params(ret, prime_len, generator, cb); ++ return dh_builtin_genparams(ret, prime_len, generator, cb); ++} + +-/* We generate DH parameters as follows ++/*- ++ * We generate DH parameters as follows + * find a prime q which is prime_len/2 bits long. + * p=(2*q)+1 or (p-1)/2 = q + * For this case, g is a generator if +@@ -98,82 +101,93 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c + * Since DH should be using a safe prime (both p and q are prime), + * this generator function can take a very very long time to run. + */ +-/* Actually there is no reason to insist that 'generator' be a generator. ++/* ++ * Actually there is no reason to insist that 'generator' be a generator. + * It's just as OK (and in some sense better) to use a generator of the + * order-q subgroup. + */ +-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) +- { +- BIGNUM *t1,*t2; +- int g,ok= -1; +- BN_CTX *ctx=NULL; ++static int dh_builtin_genparams(DH *ret, int prime_len, int generator, ++ BN_GENCB *cb) ++{ ++ BIGNUM *t1, *t2; ++ int g, ok = -1; ++ BN_CTX *ctx = NULL; + +- ctx=BN_CTX_new(); +- if (ctx == NULL) goto err; +- BN_CTX_start(ctx); +- t1 = BN_CTX_get(ctx); +- t2 = BN_CTX_get(ctx); +- if (t1 == NULL || t2 == NULL) goto err; ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ t1 = BN_CTX_get(ctx); ++ t2 = BN_CTX_get(ctx); ++ if (t1 == NULL || t2 == NULL) ++ goto err; + +- /* Make sure 'ret' has the necessary elements */ +- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err; +- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err; +- +- if (generator <= 1) +- { +- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); +- goto err; +- } +- if (generator == DH_GENERATOR_2) +- { +- if (!BN_set_word(t1,24)) goto err; +- if (!BN_set_word(t2,11)) goto err; +- g=2; +- } +-#if 0 /* does not work for safe primes */ +- else if (generator == DH_GENERATOR_3) +- { +- if (!BN_set_word(t1,12)) goto err; +- if (!BN_set_word(t2,5)) goto err; +- g=3; +- } +-#endif +- else if (generator == DH_GENERATOR_5) +- { +- if (!BN_set_word(t1,10)) goto err; +- if (!BN_set_word(t2,3)) goto err; +- /* BN_set_word(t3,7); just have to miss +- * out on these ones :-( */ +- g=5; +- } +- else +- { +- /* in the general case, don't worry if 'generator' is a +- * generator or not: since we are using safe primes, +- * it will generate either an order-q or an order-2q group, +- * which both is OK */ +- if (!BN_set_word(t1,2)) goto err; +- if (!BN_set_word(t2,1)) goto err; +- g=generator; +- } +- +- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err; +- if(!BN_GENCB_call(cb, 3, 0)) goto err; +- if (!BN_set_word(ret->g,g)) goto err; +- ok=1; +-err: +- if (ok == -1) +- { +- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB); +- ok=0; +- } ++ /* Make sure 'ret' has the necessary elements */ ++ if (!ret->p && ((ret->p = BN_new()) == NULL)) ++ goto err; ++ if (!ret->g && ((ret->g = BN_new()) == NULL)) ++ goto err; ++ ++ if (generator <= 1) { ++ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR); ++ goto err; ++ } ++ if (generator == DH_GENERATOR_2) { ++ if (!BN_set_word(t1, 24)) ++ goto err; ++ if (!BN_set_word(t2, 11)) ++ goto err; ++ g = 2; ++ } ++# if 0 /* does not work for safe primes */ ++ else if (generator == DH_GENERATOR_3) { ++ if (!BN_set_word(t1, 12)) ++ goto err; ++ if (!BN_set_word(t2, 5)) ++ goto err; ++ g = 3; ++ } ++# endif ++ else if (generator == DH_GENERATOR_5) { ++ if (!BN_set_word(t1, 10)) ++ goto err; ++ if (!BN_set_word(t2, 3)) ++ goto err; ++ /* ++ * BN_set_word(t3,7); just have to miss out on these ones :-( ++ */ ++ g = 5; ++ } else { ++ /* ++ * in the general case, don't worry if 'generator' is a generator or ++ * not: since we are using safe primes, it will generate either an ++ * order-q or an order-2q group, which both is OK ++ */ ++ if (!BN_set_word(t1, 2)) ++ goto err; ++ if (!BN_set_word(t2, 1)) ++ goto err; ++ g = generator; ++ } ++ ++ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) ++ goto err; ++ if (!BN_GENCB_call(cb, 3, 0)) ++ goto err; ++ if (!BN_set_word(ret->g, g)) ++ goto err; ++ ok = 1; ++ err: ++ if (ok == -1) { ++ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB); ++ ok = 0; ++ } + +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- return ok; +- } ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ return ok; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +index 79dd331..4de8e27 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,201 +67,192 @@ + static int generate_key(DH *dh); + static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); + static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, +- const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); ++ const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + static int dh_init(DH *dh); + static int dh_finish(DH *dh); + + int DH_generate_key(DH *dh) +- { +- return dh->meth->generate_key(dh); +- } ++{ ++ return dh->meth->generate_key(dh); ++} + + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +- { +- return dh->meth->compute_key(key, pub_key, dh); +- } ++{ ++ return dh->meth->compute_key(key, pub_key, dh); ++} + + static DH_METHOD dh_ossl = { +-"OpenSSL DH Method", +-generate_key, +-compute_key, +-dh_bn_mod_exp, +-dh_init, +-dh_finish, +-0, +-NULL, +-NULL ++ "OpenSSL DH Method", ++ generate_key, ++ compute_key, ++ dh_bn_mod_exp, ++ dh_init, ++ dh_finish, ++ 0, ++ NULL, ++ NULL + }; + + const DH_METHOD *DH_OpenSSL(void) + { +- return &dh_ossl; ++ return &dh_ossl; + } + + static int generate_key(DH *dh) +- { +- int ok=0; +- int generate_new_key=0; +- unsigned l; +- BN_CTX *ctx; +- BN_MONT_CTX *mont=NULL; +- BIGNUM *pub_key=NULL,*priv_key=NULL; ++{ ++ int ok = 0; ++ int generate_new_key = 0; ++ unsigned l; ++ BN_CTX *ctx; ++ BN_MONT_CTX *mont = NULL; ++ BIGNUM *pub_key = NULL, *priv_key = NULL; + +- ctx = BN_CTX_new(); +- if (ctx == NULL) goto err; ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; + +- if (dh->priv_key == NULL) +- { +- priv_key=BN_new(); +- if (priv_key == NULL) goto err; +- generate_new_key=1; +- } +- else +- priv_key=dh->priv_key; ++ if (dh->priv_key == NULL) { ++ priv_key = BN_new(); ++ if (priv_key == NULL) ++ goto err; ++ generate_new_key = 1; ++ } else ++ priv_key = dh->priv_key; + +- if (dh->pub_key == NULL) +- { +- pub_key=BN_new(); +- if (pub_key == NULL) goto err; +- } +- else +- pub_key=dh->pub_key; ++ if (dh->pub_key == NULL) { ++ pub_key = BN_new(); ++ if (pub_key == NULL) ++ goto err; ++ } else ++ pub_key = dh->pub_key; + ++ if (dh->flags & DH_FLAG_CACHE_MONT_P) { ++ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, ++ CRYPTO_LOCK_DH, dh->p, ctx); ++ if (!mont) ++ goto err; ++ } + +- if (dh->flags & DH_FLAG_CACHE_MONT_P) +- { +- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, +- CRYPTO_LOCK_DH, dh->p, ctx); +- if (!mont) +- goto err; +- } ++ if (generate_new_key) { ++ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret ++ * exponent ++ * length */ ++ if (!BN_rand(priv_key, l, 0, 0)) ++ goto err; ++ } + +- if (generate_new_key) +- { +- l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ +- if (!BN_rand(priv_key, l, 0, 0)) goto err; +- } ++ { ++ BIGNUM local_prk; ++ BIGNUM *prk; + +- { +- BIGNUM local_prk; +- BIGNUM *prk; ++ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { ++ BN_init(&local_prk); ++ prk = &local_prk; ++ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); ++ } else ++ prk = priv_key; + +- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) +- { +- BN_init(&local_prk); +- prk = &local_prk; +- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); +- } +- else +- prk = priv_key; ++ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) ++ goto err; ++ } + +- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; +- } +- +- dh->pub_key=pub_key; +- dh->priv_key=priv_key; +- ok=1; +-err: +- if (ok != 1) +- DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); ++ dh->pub_key = pub_key; ++ dh->priv_key = priv_key; ++ ok = 1; ++ err: ++ if (ok != 1) ++ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); + +- if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); +- if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); +- BN_CTX_free(ctx); +- return(ok); +- } ++ if ((pub_key != NULL) && (dh->pub_key == NULL)) ++ BN_free(pub_key); ++ if ((priv_key != NULL) && (dh->priv_key == NULL)) ++ BN_free(priv_key); ++ BN_CTX_free(ctx); ++ return (ok); ++} + + static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +- { +- BN_CTX *ctx=NULL; +- BN_MONT_CTX *mont=NULL; +- BIGNUM *tmp; +- int ret= -1; +- int check_result; ++{ ++ BN_CTX *ctx = NULL; ++ BN_MONT_CTX *mont = NULL; ++ BIGNUM *tmp; ++ int ret = -1; ++ int check_result; + +- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) +- { +- DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); +- goto err; +- } ++ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { ++ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE); ++ goto err; ++ } + +- ctx = BN_CTX_new(); +- if (ctx == NULL) goto err; +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- +- if (dh->priv_key == NULL) +- { +- DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); +- goto err; +- } ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ tmp = BN_CTX_get(ctx); + +- if (dh->flags & DH_FLAG_CACHE_MONT_P) +- { +- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, +- CRYPTO_LOCK_DH, dh->p, ctx); +- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) +- { +- /* XXX */ +- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); +- } +- if (!mont) +- goto err; +- } ++ if (dh->priv_key == NULL) { ++ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE); ++ goto err; ++ } + +- if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) +- { +- DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY); +- goto err; +- } ++ if (dh->flags & DH_FLAG_CACHE_MONT_P) { ++ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, ++ CRYPTO_LOCK_DH, dh->p, ctx); ++ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { ++ /* XXX */ ++ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); ++ } ++ if (!mont) ++ goto err; ++ } + +- if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) +- { +- DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); +- goto err; +- } ++ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { ++ DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY); ++ goto err; ++ } + +- ret=BN_bn2bin(tmp,key); +-err: +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- return(ret); +- } ++ if (!dh-> ++ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) { ++ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB); ++ goto err; ++ } + +-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, +- const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx) +- { +- /* If a is only one word long and constant time is false, use the faster +- * exponenentiation function. +- */ +- if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) +- { +- BN_ULONG A = a->d[0]; +- return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); +- } +- else +- return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); +- } ++ ret = BN_bn2bin(tmp, key); ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ return (ret); ++} + ++static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, ++ const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) ++{ ++ /* ++ * If a is only one word long and constant time is false, use the faster ++ * exponenentiation function. ++ */ ++ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { ++ BN_ULONG A = a->d[0]; ++ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); ++ } else ++ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); ++} + + static int dh_init(DH *dh) +- { +- dh->flags |= DH_FLAG_CACHE_MONT_P; +- return(1); +- } ++{ ++ dh->flags |= DH_FLAG_CACHE_MONT_P; ++ return (1); ++} + + static int dh_finish(DH *dh) +- { +- if(dh->method_mont_p) +- BN_MONT_CTX_free(dh->method_mont_p); +- return(1); +- } ++{ ++ if (dh->method_mont_p) ++ BN_MONT_CTX_free(dh->method_mont_p); ++ return (1); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +index 7aef080..0b8a5a0 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,187 +61,191 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + +-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT; ++const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; + + static const DH_METHOD *default_DH_method = NULL; + + void DH_set_default_method(const DH_METHOD *meth) +- { +- default_DH_method = meth; +- } ++{ ++ default_DH_method = meth; ++} + + const DH_METHOD *DH_get_default_method(void) +- { +- if(!default_DH_method) +- default_DH_method = DH_OpenSSL(); +- return default_DH_method; +- } ++{ ++ if (!default_DH_method) ++ default_DH_method = DH_OpenSSL(); ++ return default_DH_method; ++} + + int DH_set_method(DH *dh, const DH_METHOD *meth) +- { +- /* NB: The caller is specifically setting a method, so it's not up to us +- * to deal with which ENGINE it comes from. */ +- const DH_METHOD *mtmp; +- mtmp = dh->meth; +- if (mtmp->finish) mtmp->finish(dh); ++{ ++ /* ++ * NB: The caller is specifically setting a method, so it's not up to us ++ * to deal with which ENGINE it comes from. ++ */ ++ const DH_METHOD *mtmp; ++ mtmp = dh->meth; ++ if (mtmp->finish) ++ mtmp->finish(dh); + #ifndef OPENSSL_NO_ENGINE +- if (dh->engine) +- { +- ENGINE_finish(dh->engine); +- dh->engine = NULL; +- } ++ if (dh->engine) { ++ ENGINE_finish(dh->engine); ++ dh->engine = NULL; ++ } + #endif +- dh->meth = meth; +- if (meth->init) meth->init(dh); +- return 1; +- } ++ dh->meth = meth; ++ if (meth->init) ++ meth->init(dh); ++ return 1; ++} + + DH *DH_new(void) +- { +- return DH_new_method(NULL); +- } ++{ ++ return DH_new_method(NULL); ++} + + DH *DH_new_method(ENGINE *engine) +- { +- DH *ret; ++{ ++ DH *ret; + +- ret=(DH *)OPENSSL_malloc(sizeof(DH)); +- if (ret == NULL) +- { +- DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } ++ ret = (DH *)OPENSSL_malloc(sizeof(DH)); ++ if (ret == NULL) { ++ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } + +- ret->meth = DH_get_default_method(); ++ ret->meth = DH_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- if (engine) +- { +- if (!ENGINE_init(engine)) +- { +- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); +- OPENSSL_free(ret); +- return NULL; +- } +- ret->engine = engine; +- } +- else +- ret->engine = ENGINE_get_default_DH(); +- if(ret->engine) +- { +- ret->meth = ENGINE_get_DH(ret->engine); +- if(!ret->meth) +- { +- DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } ++ if (engine) { ++ if (!ENGINE_init(engine)) { ++ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ret->engine = engine; ++ } else ++ ret->engine = ENGINE_get_default_DH(); ++ if (ret->engine) { ++ ret->meth = ENGINE_get_DH(ret->engine); ++ if (!ret->meth) { ++ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } + #endif + +- ret->pad=0; +- ret->version=0; +- ret->p=NULL; +- ret->g=NULL; +- ret->length=0; +- ret->pub_key=NULL; +- ret->priv_key=NULL; +- ret->q=NULL; +- ret->j=NULL; +- ret->seed = NULL; +- ret->seedlen = 0; +- ret->counter = NULL; +- ret->method_mont_p=NULL; +- ret->references = 1; +- ret->flags=ret->meth->flags; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { ++ ret->pad = 0; ++ ret->version = 0; ++ ret->p = NULL; ++ ret->g = NULL; ++ ret->length = 0; ++ ret->pub_key = NULL; ++ ret->priv_key = NULL; ++ ret->q = NULL; ++ ret->j = NULL; ++ ret->seed = NULL; ++ ret->seedlen = 0; ++ ret->counter = NULL; ++ ret->method_mont_p = NULL; ++ ret->references = 1; ++ ret->flags = ret->meth->flags; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + #ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); ++ if (ret->engine) ++ ENGINE_finish(ret->engine); + #endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret=NULL; +- } +- return(ret); +- } ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} + + void DH_free(DH *r) +- { +- int i; +- if(r == NULL) return; +- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); ++{ ++ int i; ++ if (r == NULL) ++ return; ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); + #ifdef REF_PRINT +- REF_PRINT("DH",r); ++ REF_PRINT("DH", r); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"DH_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "DH_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if (r->meth->finish) +- r->meth->finish(r); ++ if (r->meth->finish) ++ r->meth->finish(r); + #ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif + +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); +- +- if (r->p != NULL) BN_clear_free(r->p); +- if (r->g != NULL) BN_clear_free(r->g); +- if (r->q != NULL) BN_clear_free(r->q); +- if (r->j != NULL) BN_clear_free(r->j); +- if (r->seed) OPENSSL_free(r->seed); +- if (r->counter != NULL) BN_clear_free(r->counter); +- if (r->pub_key != NULL) BN_clear_free(r->pub_key); +- if (r->priv_key != NULL) BN_clear_free(r->priv_key); +- OPENSSL_free(r); +- } ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); ++ ++ if (r->p != NULL) ++ BN_clear_free(r->p); ++ if (r->g != NULL) ++ BN_clear_free(r->g); ++ if (r->q != NULL) ++ BN_clear_free(r->q); ++ if (r->j != NULL) ++ BN_clear_free(r->j); ++ if (r->seed) ++ OPENSSL_free(r->seed); ++ if (r->counter != NULL) ++ BN_clear_free(r->counter); ++ if (r->pub_key != NULL) ++ BN_clear_free(r->pub_key); ++ if (r->priv_key != NULL) ++ BN_clear_free(r->priv_key); ++ OPENSSL_free(r); ++} + + int DH_up_ref(DH *r) +- { +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); ++{ ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); + #ifdef REF_PRINT +- REF_PRINT("DH",r); ++ REF_PRINT("DH", r); + #endif + #ifdef REF_CHECK +- if (i < 2) +- { +- fprintf(stderr, "DH_up, bad reference count\n"); +- abort(); +- } ++ if (i < 2) { ++ fprintf(stderr, "DH_up, bad reference count\n"); ++ abort(); ++ } + #endif +- return ((i > 1) ? 1 : 0); +- } ++ return ((i > 1) ? 1 : 0); ++} + + int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, ++ new_func, dup_func, free_func); ++} + + int DH_set_ex_data(DH *d, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); ++} + + void *DH_get_ex_data(DH *d, int idx) +- { +- return(CRYPTO_get_ex_data(&d->ex_data,idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&d->ex_data, idx)); ++} + + int DH_size(const DH *dh) +- { +- return(BN_num_bytes(dh->p)); +- } ++{ ++ return (BN_num_bytes(dh->p)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c +index bc7d7a0..88f9244 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c +@@ -1,6 +1,7 @@ + /* dsa_asn1.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,29 +65,29 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +- + /* Override the default new methods */ + static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_NEW_PRE) { +- DSA_SIG *sig; +- sig = OPENSSL_malloc(sizeof(DSA_SIG)); +- sig->r = NULL; +- sig->s = NULL; +- *pval = (ASN1_VALUE *)sig; +- if(sig) return 2; +- DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- return 1; ++ if (operation == ASN1_OP_NEW_PRE) { ++ DSA_SIG *sig; ++ sig = OPENSSL_malloc(sizeof(DSA_SIG)); ++ sig->r = NULL; ++ sig->s = NULL; ++ *pval = (ASN1_VALUE *)sig; ++ if (sig) ++ return 2; ++ DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { +- ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), +- ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) ++ ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), ++ ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) + } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) +@@ -94,127 +95,137 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) + /* Override the default free and new methods */ + static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_NEW_PRE) { +- *pval = (ASN1_VALUE *)DSA_new(); +- if(*pval) return 2; +- return 0; +- } else if(operation == ASN1_OP_FREE_PRE) { +- DSA_free((DSA *)*pval); +- *pval = NULL; +- return 2; +- } +- return 1; ++ if (operation == ASN1_OP_NEW_PRE) { ++ *pval = (ASN1_VALUE *)DSA_new(); ++ if (*pval) ++ return 2; ++ return 0; ++ } else if (operation == ASN1_OP_FREE_PRE) { ++ DSA_free((DSA *)*pval); ++ *pval = NULL; ++ return 2; ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { +- ASN1_SIMPLE(DSA, version, LONG), +- ASN1_SIMPLE(DSA, p, BIGNUM), +- ASN1_SIMPLE(DSA, q, BIGNUM), +- ASN1_SIMPLE(DSA, g, BIGNUM), +- ASN1_SIMPLE(DSA, pub_key, BIGNUM), +- ASN1_SIMPLE(DSA, priv_key, BIGNUM) ++ ASN1_SIMPLE(DSA, version, LONG), ++ ASN1_SIMPLE(DSA, p, BIGNUM), ++ ASN1_SIMPLE(DSA, q, BIGNUM), ++ ASN1_SIMPLE(DSA, g, BIGNUM), ++ ASN1_SIMPLE(DSA, pub_key, BIGNUM), ++ ASN1_SIMPLE(DSA, priv_key, BIGNUM) + } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) + + ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { +- ASN1_SIMPLE(DSA, p, BIGNUM), +- ASN1_SIMPLE(DSA, q, BIGNUM), +- ASN1_SIMPLE(DSA, g, BIGNUM), ++ ASN1_SIMPLE(DSA, p, BIGNUM), ++ ASN1_SIMPLE(DSA, q, BIGNUM), ++ ASN1_SIMPLE(DSA, g, BIGNUM), + } ASN1_SEQUENCE_END_cb(DSA, DSAparams) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) + +-/* DSA public key is a bit trickier... its effectively a CHOICE type +- * decided by a field called write_params which can either write out +- * just the public key as an INTEGER or the parameters and public key +- * in a SEQUENCE ++/* ++ * DSA public key is a bit trickier... its effectively a CHOICE type decided ++ * by a field called write_params which can either write out just the public ++ * key as an INTEGER or the parameters and public key in a SEQUENCE + */ + + ASN1_SEQUENCE(dsa_pub_internal) = { +- ASN1_SIMPLE(DSA, pub_key, BIGNUM), +- ASN1_SIMPLE(DSA, p, BIGNUM), +- ASN1_SIMPLE(DSA, q, BIGNUM), +- ASN1_SIMPLE(DSA, g, BIGNUM) ++ ASN1_SIMPLE(DSA, pub_key, BIGNUM), ++ ASN1_SIMPLE(DSA, p, BIGNUM), ++ ASN1_SIMPLE(DSA, q, BIGNUM), ++ ASN1_SIMPLE(DSA, g, BIGNUM) + } ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) + + ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { +- ASN1_SIMPLE(DSA, pub_key, BIGNUM), +- ASN1_EX_COMBINE(0, 0, dsa_pub_internal) ++ ASN1_SIMPLE(DSA, pub_key, BIGNUM), ++ ASN1_EX_COMBINE(0, 0, dsa_pub_internal) + } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) + +-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, +- unsigned int *siglen, DSA *dsa) +- { +- DSA_SIG *s; ++int DSA_sign(int type, const unsigned char *dgst, int dlen, ++ unsigned char *sig, unsigned int *siglen, DSA *dsa) ++{ ++ DSA_SIG *s; + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) +- { +- DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif +- RAND_seed(dgst, dlen); +- s=DSA_do_sign(dgst,dlen,dsa); +- if (s == NULL) +- { +- *siglen=0; +- return(0); +- } +- *siglen=i2d_DSA_SIG(s,&sig); +- DSA_SIG_free(s); +- return(1); +- } ++ RAND_seed(dgst, dlen); ++ s = DSA_do_sign(dgst, dlen, dsa); ++ if (s == NULL) { ++ *siglen = 0; ++ return (0); ++ } ++ *siglen = i2d_DSA_SIG(s, &sig); ++ DSA_SIG_free(s); ++ return (1); ++} + + int DSA_size(const DSA *r) +- { +- int ret,i; +- ASN1_INTEGER bs; +- unsigned char buf[4]; /* 4 bytes looks really small. +- However, i2d_ASN1_INTEGER() will not look +- beyond the first byte, as long as the second +- parameter is NULL. */ +- +- i=BN_num_bits(r->q); +- bs.length=(i+7)/8; +- bs.data=buf; +- bs.type=V_ASN1_INTEGER; +- /* If the top bit is set the asn1 encoding is 1 larger. */ +- buf[0]=0xff; +- +- i=i2d_ASN1_INTEGER(&bs,NULL); +- i+=i; /* r and s */ +- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); +- return(ret); +- } +- +-/* data has already been hashed (probably with SHA or SHA-1). */ +-/* returns +- * 1: correct signature +- * 0: incorrect signature +- * -1: error ++{ ++ int ret, i; ++ ASN1_INTEGER bs; ++ unsigned char buf[4]; /* 4 bytes looks really small. However, ++ * i2d_ASN1_INTEGER() will not look beyond ++ * the first byte, as long as the second ++ * parameter is NULL. */ ++ ++ i = BN_num_bits(r->q); ++ bs.length = (i + 7) / 8; ++ bs.data = buf; ++ bs.type = V_ASN1_INTEGER; ++ /* If the top bit is set the asn1 encoding is 1 larger. */ ++ buf[0] = 0xff; ++ ++ i = i2d_ASN1_INTEGER(&bs, NULL); ++ i += i; /* r and s */ ++ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); ++ return (ret); ++} ++ ++/*- ++ * data has already been hashed (probably with SHA or SHA-1). */ ++/* ++ * returns 1: correct signature 0: incorrect signature -1: error + */ + int DSA_verify(int type, const unsigned char *dgst, int dgst_len, +- const unsigned char *sigbuf, int siglen, DSA *dsa) +- { +- DSA_SIG *s; +- int ret=-1; ++ const unsigned char *sigbuf, int siglen, DSA *dsa) ++{ ++ DSA_SIG *s; ++ const unsigned char *p = sigbuf; ++ unsigned char *der = NULL; ++ int derlen = -1; ++ int ret = -1; ++ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) +- { +- DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif + +- s = DSA_SIG_new(); +- if (s == NULL) return(ret); +- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; +- ret=DSA_do_verify(dgst,dgst_len,s,dsa); +-err: +- DSA_SIG_free(s); +- return(ret); +- } +- ++ s = DSA_SIG_new(); ++ if (s == NULL) ++ return (ret); ++ if (d2i_DSA_SIG(&s, &p, siglen) == NULL) ++ goto err; ++ /* Ensure signature uses DER and doesn't have trailing garbage */ ++ derlen = i2d_DSA_SIG(s, &der); ++ if (derlen != siglen || memcmp(sigbuf, der, derlen)) ++ goto err; ++ ret = DSA_do_verify(dgst, dgst_len, s, dsa); ++ err: ++ if (derlen > 0) { ++ OPENSSL_cleanse(der, derlen); ++ OPENSSL_free(der); ++ } ++ DSA_SIG_free(s); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c +index f2da680..54f88bc 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,54 +53,61 @@ + * + */ + +-/* This file contains deprecated function(s) that are now wrappers to the new +- * version(s). */ ++/* ++ * This file contains deprecated function(s) that are now wrappers to the new ++ * version(s). ++ */ + + #undef GENUINE_DSA + + #ifdef GENUINE_DSA +-/* Parameter generation follows the original release of FIPS PUB 186, +- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ +-#define HASH EVP_sha() ++/* ++ * Parameter generation follows the original release of FIPS PUB 186, ++ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) ++ */ ++# define HASH EVP_sha() + #else +-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, +- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in +- * FIPS PUB 180-1) */ +-#define HASH EVP_sha1() +-#endif ++/* ++ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, ++ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB ++ * 180-1) ++ */ ++# define HASH EVP_sha1() ++#endif + +-static void *dummy=&dummy; ++static void *dummy = &dummy; + + #ifndef OPENSSL_NO_SHA + +-#include +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include ++# include ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++# include + +-#ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_DEPRECATED + DSA *DSA_generate_parameters(int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, +- void (*callback)(int, int, void *), +- void *cb_arg) +- { +- BN_GENCB cb; +- DSA *ret; ++ unsigned char *seed_in, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ void (*callback) (int, int, void *), ++ void *cb_arg) ++{ ++ BN_GENCB cb; ++ DSA *ret; + +- if ((ret=DSA_new()) == NULL) return NULL; ++ if ((ret = DSA_new()) == NULL) ++ return NULL; + +- BN_GENCB_set_old(&cb, callback, cb_arg); ++ BN_GENCB_set_old(&cb, callback, cb_arg); + +- if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, +- counter_ret, h_ret, &cb)) +- return ret; +- DSA_free(ret); +- return NULL; +- } +-#endif ++ if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, ++ counter_ret, h_ret, &cb)) ++ return ret; ++ DSA_free(ret); ++ return NULL; ++} ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c +index 872839a..57f06fe 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,55 +66,54 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) + +-static ERR_STRING_DATA DSA_str_functs[]= +- { +-{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, +-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, +-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +-{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, +-{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, +-{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, +-{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, +-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, +-{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, +-{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, +-{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, +-{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, +-{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, +-{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, +-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, +-{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, +-{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, +-{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, +-{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA DSA_str_functs[] = { ++ {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, ++ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, ++ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, ++ {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, ++ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, ++ {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, ++ {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, ++ {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, ++ {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, ++ {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, ++ {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, ++ {ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, ++ {ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, ++ {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, ++ {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, ++ {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, ++ {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"}, ++ {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"}, ++ {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA DSA_str_reasons[]= +- { +-{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, +-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +-{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +-{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, +-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +-{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"}, +-{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA DSA_str_reasons[] = { ++ {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"}, ++ {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), ++ "data too large for key size"}, ++ {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, ++ {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"}, ++ {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, ++ {ERR_REASON(DSA_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), ++ "operation not allowed in fips mode"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_DSA_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,DSA_str_functs); +- ERR_load_strings(0,DSA_str_reasons); +- } ++ if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, DSA_str_functs); ++ ERR_load_strings(0, DSA_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c +index 7a9d188..cb2e0bb 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,266 +59,294 @@ + #undef GENUINE_DSA + + #ifdef GENUINE_DSA +-/* Parameter generation follows the original release of FIPS PUB 186, +- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ +-#define HASH EVP_sha() ++/* ++ * Parameter generation follows the original release of FIPS PUB 186, ++ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) ++ */ ++# define HASH EVP_sha() + #else +-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, +- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in +- * FIPS PUB 180-1) */ +-#define HASH EVP_sha1() +-#endif ++/* ++ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, ++ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB ++ * 180-1) ++ */ ++# define HASH EVP_sha1() ++#endif + + #include /* To see if OPENSSL_NO_SHA is defined */ + + #ifndef OPENSSL_NO_SHA + +-#include +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include ++# include ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++# include + +-#ifndef OPENSSL_FIPS ++# ifndef OPENSSL_FIPS + + static int dsa_builtin_paramgen(DSA *ret, int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); ++ unsigned char *seed_in, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb); + + int DSA_generate_parameters_ex(DSA *ret, int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +- { +- if(ret->meth->dsa_paramgen) +- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, +- counter_ret, h_ret, cb); +- return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, +- counter_ret, h_ret, cb); +- } ++ unsigned char *seed_in, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb) ++{ ++ if (ret->meth->dsa_paramgen) ++ return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, ++ counter_ret, h_ret, cb); ++ return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, ++ counter_ret, h_ret, cb); ++} + + static int dsa_builtin_paramgen(DSA *ret, int bits, +- unsigned char *seed_in, int seed_len, +- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +- { +- int ok=0; +- unsigned char seed[SHA_DIGEST_LENGTH]; +- unsigned char md[SHA_DIGEST_LENGTH]; +- unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; +- BIGNUM *r0,*W,*X,*c,*test; +- BIGNUM *g=NULL,*q=NULL,*p=NULL; +- BN_MONT_CTX *mont=NULL; +- int k,n=0,i,m=0; +- int counter=0; +- int r=0; +- BN_CTX *ctx=NULL; +- unsigned int h=2; +- +- if (bits < 512) bits=512; +- bits=(bits+63)/64*64; +- +- /* NB: seed_len == 0 is special case: copy generated seed to +- * seed_in if it is not NULL. +- */ +- if (seed_len && (seed_len < 20)) +- seed_in = NULL; /* seed buffer too small -- ignore */ +- if (seed_len > 20) +- seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, +- * but our internal buffers are restricted to 160 bits*/ +- if ((seed_in != NULL) && (seed_len == 20)) +- { +- memcpy(seed,seed_in,seed_len); +- /* set seed_in to NULL to avoid it being copied back */ +- seed_in = NULL; +- } +- +- if ((ctx=BN_CTX_new()) == NULL) goto err; +- +- if ((mont=BN_MONT_CTX_new()) == NULL) goto err; +- +- BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); +- g = BN_CTX_get(ctx); +- W = BN_CTX_get(ctx); +- q = BN_CTX_get(ctx); +- X = BN_CTX_get(ctx); +- c = BN_CTX_get(ctx); +- p = BN_CTX_get(ctx); +- test = BN_CTX_get(ctx); +- +- if (!BN_lshift(test,BN_value_one(),bits-1)) +- goto err; +- +- for (;;) +- { +- for (;;) /* find q */ +- { +- int seed_is_random; +- +- /* step 1 */ +- if(!BN_GENCB_call(cb, 0, m++)) +- goto err; +- +- if (!seed_len) +- { +- RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); +- seed_is_random = 1; +- } +- else +- { +- seed_is_random = 0; +- seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ +- } +- memcpy(buf,seed,SHA_DIGEST_LENGTH); +- memcpy(buf2,seed,SHA_DIGEST_LENGTH); +- /* precompute "SEED + 1" for step 7: */ +- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) +- { +- buf[i]++; +- if (buf[i] != 0) break; +- } +- +- /* step 2 */ +- EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); +- EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); +- for (i=0; i 0) +- break; +- if (r != 0) +- goto err; +- +- /* do a callback call */ +- /* step 5 */ +- } +- +- if(!BN_GENCB_call(cb, 2, 0)) goto err; +- if(!BN_GENCB_call(cb, 3, 0)) goto err; +- +- /* step 6 */ +- counter=0; +- /* "offset = 2" */ +- +- n=(bits-1)/160; +- +- for (;;) +- { +- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) +- goto err; +- +- /* step 7 */ +- BN_zero(W); +- /* now 'buf' contains "SEED + offset - 1" */ +- for (k=0; k<=n; k++) +- { +- /* obtain "SEED + offset + k" by incrementing: */ +- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) +- { +- buf[i]++; +- if (buf[i] != 0) break; +- } +- +- EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); +- +- /* step 8 */ +- if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) +- goto err; +- if (!BN_lshift(r0,r0,160*k)) goto err; +- if (!BN_add(W,W,r0)) goto err; +- } +- +- /* more of step 8 */ +- if (!BN_mask_bits(W,bits-1)) goto err; +- if (!BN_copy(X,W)) goto err; +- if (!BN_add(X,X,test)) goto err; +- +- /* step 9 */ +- if (!BN_lshift1(r0,q)) goto err; +- if (!BN_mod(c,X,r0,ctx)) goto err; +- if (!BN_sub(r0,c,BN_value_one())) goto err; +- if (!BN_sub(p,X,r0)) goto err; +- +- /* step 10 */ +- if (BN_cmp(p,test) >= 0) +- { +- /* step 11 */ +- r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, +- ctx, 1, cb); +- if (r > 0) +- goto end; /* found it */ +- if (r != 0) +- goto err; +- } +- +- /* step 13 */ +- counter++; +- /* "offset = offset + n + 1" */ +- +- /* step 14 */ +- if (counter >= 4096) break; +- } +- } +-end: +- if(!BN_GENCB_call(cb, 2, 1)) +- goto err; +- +- /* We now need to generate g */ +- /* Set r0=(p-1)/q */ +- if (!BN_sub(test,p,BN_value_one())) goto err; +- if (!BN_div(r0,NULL,test,q,ctx)) goto err; +- +- if (!BN_set_word(test,h)) goto err; +- if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; +- +- for (;;) +- { +- /* g=test^r0%p */ +- if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; +- if (!BN_is_one(g)) break; +- if (!BN_add(test,test,BN_value_one())) goto err; +- h++; +- } +- +- if(!BN_GENCB_call(cb, 3, 1)) +- goto err; +- +- ok=1; +-err: +- if (ok) +- { +- if(ret->p) BN_free(ret->p); +- if(ret->q) BN_free(ret->q); +- if(ret->g) BN_free(ret->g); +- ret->p=BN_dup(p); +- ret->q=BN_dup(q); +- ret->g=BN_dup(g); +- if (ret->p == NULL || ret->q == NULL || ret->g == NULL) +- { +- ok=0; +- goto err; +- } +- if (seed_in != NULL) memcpy(seed_in,seed,20); +- if (counter_ret != NULL) *counter_ret=counter; +- if (h_ret != NULL) *h_ret=h; +- } +- if(ctx) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (mont != NULL) BN_MONT_CTX_free(mont); +- return ok; +- } +-#endif ++ unsigned char *seed_in, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb) ++{ ++ int ok = 0; ++ unsigned char seed[SHA_DIGEST_LENGTH]; ++ unsigned char md[SHA_DIGEST_LENGTH]; ++ unsigned char buf[SHA_DIGEST_LENGTH], buf2[SHA_DIGEST_LENGTH]; ++ BIGNUM *r0, *W, *X, *c, *test; ++ BIGNUM *g = NULL, *q = NULL, *p = NULL; ++ BN_MONT_CTX *mont = NULL; ++ int k, n = 0, i, m = 0; ++ int counter = 0; ++ int r = 0; ++ BN_CTX *ctx = NULL; ++ unsigned int h = 2; ++ ++ if (bits < 512) ++ bits = 512; ++ bits = (bits + 63) / 64 * 64; ++ ++ /* ++ * NB: seed_len == 0 is special case: copy generated seed to seed_in if ++ * it is not NULL. ++ */ ++ if (seed_len && (seed_len < 20)) ++ seed_in = NULL; /* seed buffer too small -- ignore */ ++ if (seed_len > 20) ++ seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger ++ * SEED, but our internal buffers are ++ * restricted to 160 bits */ ++ if ((seed_in != NULL) && (seed_len == 20)) { ++ memcpy(seed, seed_in, seed_len); ++ /* set seed_in to NULL to avoid it being copied back */ ++ seed_in = NULL; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ ++ if ((mont = BN_MONT_CTX_new()) == NULL) ++ goto err; ++ ++ BN_CTX_start(ctx); ++ r0 = BN_CTX_get(ctx); ++ g = BN_CTX_get(ctx); ++ W = BN_CTX_get(ctx); ++ q = BN_CTX_get(ctx); ++ X = BN_CTX_get(ctx); ++ c = BN_CTX_get(ctx); ++ p = BN_CTX_get(ctx); ++ test = BN_CTX_get(ctx); ++ ++ if (!BN_lshift(test, BN_value_one(), bits - 1)) ++ goto err; ++ ++ for (;;) { ++ for (;;) { /* find q */ ++ int seed_is_random; ++ ++ /* step 1 */ ++ if (!BN_GENCB_call(cb, 0, m++)) ++ goto err; ++ ++ if (!seed_len) { ++ RAND_pseudo_bytes(seed, SHA_DIGEST_LENGTH); ++ seed_is_random = 1; ++ } else { ++ seed_is_random = 0; ++ seed_len = 0; /* use random seed if 'seed_in' turns out to ++ * be bad */ ++ } ++ memcpy(buf, seed, SHA_DIGEST_LENGTH); ++ memcpy(buf2, seed, SHA_DIGEST_LENGTH); ++ /* precompute "SEED + 1" for step 7: */ ++ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) { ++ buf[i]++; ++ if (buf[i] != 0) ++ break; ++ } ++ ++ /* step 2 */ ++ EVP_Digest(seed, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL); ++ EVP_Digest(buf, SHA_DIGEST_LENGTH, buf2, NULL, HASH, NULL); ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) ++ md[i] ^= buf2[i]; ++ ++ /* step 3 */ ++ md[0] |= 0x80; ++ md[SHA_DIGEST_LENGTH - 1] |= 0x01; ++ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, q)) ++ goto err; ++ ++ /* step 4 */ ++ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, ++ seed_is_random, cb); ++ if (r > 0) ++ break; ++ if (r != 0) ++ goto err; ++ ++ /* do a callback call */ ++ /* step 5 */ ++ } ++ ++ if (!BN_GENCB_call(cb, 2, 0)) ++ goto err; ++ if (!BN_GENCB_call(cb, 3, 0)) ++ goto err; ++ ++ /* step 6 */ ++ counter = 0; ++ /* "offset = 2" */ ++ ++ n = (bits - 1) / 160; ++ ++ for (;;) { ++ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) ++ goto err; ++ ++ /* step 7 */ ++ BN_zero(W); ++ /* now 'buf' contains "SEED + offset - 1" */ ++ for (k = 0; k <= n; k++) { ++ /* ++ * obtain "SEED + offset + k" by incrementing: ++ */ ++ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) { ++ buf[i]++; ++ if (buf[i] != 0) ++ break; ++ } ++ ++ EVP_Digest(buf, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL); ++ ++ /* step 8 */ ++ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, r0)) ++ goto err; ++ if (!BN_lshift(r0, r0, 160 * k)) ++ goto err; ++ if (!BN_add(W, W, r0)) ++ goto err; ++ } ++ ++ /* more of step 8 */ ++ if (!BN_mask_bits(W, bits - 1)) ++ goto err; ++ if (!BN_copy(X, W)) ++ goto err; ++ if (!BN_add(X, X, test)) ++ goto err; ++ ++ /* step 9 */ ++ if (!BN_lshift1(r0, q)) ++ goto err; ++ if (!BN_mod(c, X, r0, ctx)) ++ goto err; ++ if (!BN_sub(r0, c, BN_value_one())) ++ goto err; ++ if (!BN_sub(p, X, r0)) ++ goto err; ++ ++ /* step 10 */ ++ if (BN_cmp(p, test) >= 0) { ++ /* step 11 */ ++ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb); ++ if (r > 0) ++ goto end; /* found it */ ++ if (r != 0) ++ goto err; ++ } ++ ++ /* step 13 */ ++ counter++; ++ /* "offset = offset + n + 1" */ ++ ++ /* step 14 */ ++ if (counter >= 4096) ++ break; ++ } ++ } ++ end: ++ if (!BN_GENCB_call(cb, 2, 1)) ++ goto err; ++ ++ /* We now need to generate g */ ++ /* Set r0=(p-1)/q */ ++ if (!BN_sub(test, p, BN_value_one())) ++ goto err; ++ if (!BN_div(r0, NULL, test, q, ctx)) ++ goto err; ++ ++ if (!BN_set_word(test, h)) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, p, ctx)) ++ goto err; ++ ++ for (;;) { ++ /* g=test^r0%p */ ++ if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) ++ goto err; ++ if (!BN_is_one(g)) ++ break; ++ if (!BN_add(test, test, BN_value_one())) ++ goto err; ++ h++; ++ } ++ ++ if (!BN_GENCB_call(cb, 3, 1)) ++ goto err; ++ ++ ok = 1; ++ err: ++ if (ok) { ++ if (ret->p) ++ BN_free(ret->p); ++ if (ret->q) ++ BN_free(ret->q); ++ if (ret->g) ++ BN_free(ret->g); ++ ret->p = BN_dup(p); ++ ret->q = BN_dup(q); ++ ret->g = BN_dup(g); ++ if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { ++ ok = 0; ++ goto err; ++ } ++ if (seed_in != NULL) ++ memcpy(seed_in, seed, 20); ++ if (counter_ret != NULL) ++ *counter_ret = counter; ++ if (h_ret != NULL) ++ *h_ret = h; ++ } ++ if (ctx) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (mont != NULL) ++ BN_MONT_CTX_free(mont); ++ return ok; ++} ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c +index 5e39124..8da6016 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,73 +60,75 @@ + #include + #include "cryptlib.h" + #ifndef OPENSSL_NO_SHA +-#include +-#include +-#include ++# include ++# include ++# include + +-#ifndef OPENSSL_FIPS ++# ifndef OPENSSL_FIPS + + static int dsa_builtin_keygen(DSA *dsa); + + int DSA_generate_key(DSA *dsa) +- { +- if(dsa->meth->dsa_keygen) +- return dsa->meth->dsa_keygen(dsa); +- return dsa_builtin_keygen(dsa); +- } ++{ ++ if (dsa->meth->dsa_keygen) ++ return dsa->meth->dsa_keygen(dsa); ++ return dsa_builtin_keygen(dsa); ++} + + static int dsa_builtin_keygen(DSA *dsa) +- { +- int ok=0; +- BN_CTX *ctx=NULL; +- BIGNUM *pub_key=NULL,*priv_key=NULL; ++{ ++ int ok = 0; ++ BN_CTX *ctx = NULL; ++ BIGNUM *pub_key = NULL, *priv_key = NULL; + +- if ((ctx=BN_CTX_new()) == NULL) goto err; ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; + +- if (dsa->priv_key == NULL) +- { +- if ((priv_key=BN_new()) == NULL) goto err; +- } +- else +- priv_key=dsa->priv_key; ++ if (dsa->priv_key == NULL) { ++ if ((priv_key = BN_new()) == NULL) ++ goto err; ++ } else ++ priv_key = dsa->priv_key; + +- do +- if (!BN_rand_range(priv_key,dsa->q)) goto err; +- while (BN_is_zero(priv_key)); ++ do ++ if (!BN_rand_range(priv_key, dsa->q)) ++ goto err; ++ while (BN_is_zero(priv_key)) ; + +- if (dsa->pub_key == NULL) +- { +- if ((pub_key=BN_new()) == NULL) goto err; +- } +- else +- pub_key=dsa->pub_key; +- +- { +- BIGNUM local_prk; +- BIGNUM *prk; ++ if (dsa->pub_key == NULL) { ++ if ((pub_key = BN_new()) == NULL) ++ goto err; ++ } else ++ pub_key = dsa->pub_key; + +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) +- { +- BN_init(&local_prk); +- prk = &local_prk; +- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); +- } +- else +- prk = priv_key; ++ { ++ BIGNUM local_prk; ++ BIGNUM *prk; + +- if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err; +- } ++ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { ++ BN_init(&local_prk); ++ prk = &local_prk; ++ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); ++ } else ++ prk = priv_key; + +- dsa->priv_key=priv_key; +- dsa->pub_key=pub_key; +- ok=1; ++ if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) ++ goto err; ++ } + +-err: +- if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); +- if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); +- if (ctx != NULL) BN_CTX_free(ctx); +- return(ok); +- } +-#endif ++ dsa->priv_key = priv_key; ++ dsa->pub_key = pub_key; ++ ok = 1; ++ ++ err: ++ if ((pub_key != NULL) && (dsa->pub_key == NULL)) ++ BN_free(pub_key); ++ if ((priv_key != NULL) && (dsa->priv_key == NULL)) ++ BN_free(priv_key); ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ return (ok); ++} ++# endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c +index 85556d1..45116c5 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,253 +64,253 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + +-const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; ++const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT; + + static const DSA_METHOD *default_DSA_method = NULL; + + void DSA_set_default_method(const DSA_METHOD *meth) +- { ++{ + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) +- { +- DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); +- return; +- } ++ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) { ++ DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); ++ return; ++ } + #endif +- +- default_DSA_method = meth; +- } ++ ++ default_DSA_method = meth; ++} + + const DSA_METHOD *DSA_get_default_method(void) +- { +- if(!default_DSA_method) +- default_DSA_method = DSA_OpenSSL(); +- return default_DSA_method; +- } ++{ ++ if (!default_DSA_method) ++ default_DSA_method = DSA_OpenSSL(); ++ return default_DSA_method; ++} + + DSA *DSA_new(void) +- { +- return DSA_new_method(NULL); +- } ++{ ++ return DSA_new_method(NULL); ++} + + int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) +- { +- /* NB: The caller is specifically setting a method, so it's not up to us +- * to deal with which ENGINE it comes from. */ +- const DSA_METHOD *mtmp; ++{ ++ /* ++ * NB: The caller is specifically setting a method, so it's not up to us ++ * to deal with which ENGINE it comes from. ++ */ ++ const DSA_METHOD *mtmp; + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) +- { +- DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); +- return 0; +- } ++ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) { ++ DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); ++ return 0; ++ } + #endif +- mtmp = dsa->meth; +- if (mtmp->finish) mtmp->finish(dsa); ++ mtmp = dsa->meth; ++ if (mtmp->finish) ++ mtmp->finish(dsa); + #ifndef OPENSSL_NO_ENGINE +- if (dsa->engine) +- { +- ENGINE_finish(dsa->engine); +- dsa->engine = NULL; +- } ++ if (dsa->engine) { ++ ENGINE_finish(dsa->engine); ++ dsa->engine = NULL; ++ } + #endif +- dsa->meth = meth; +- if (meth->init) meth->init(dsa); +- return 1; +- } ++ dsa->meth = meth; ++ if (meth->init) ++ meth->init(dsa); ++ return 1; ++} + + DSA *DSA_new_method(ENGINE *engine) +- { +- DSA *ret; ++{ ++ DSA *ret; + +- ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); +- if (ret == NULL) +- { +- DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- ret->meth = DSA_get_default_method(); ++ ret = (DSA *)OPENSSL_malloc(sizeof(DSA)); ++ if (ret == NULL) { ++ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ret->meth = DSA_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- if (engine) +- { +- if (!ENGINE_init(engine)) +- { +- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- OPENSSL_free(ret); +- return NULL; +- } +- ret->engine = engine; +- } +- else +- ret->engine = ENGINE_get_default_DSA(); +- if(ret->engine) +- { +- ret->meth = ENGINE_get_DSA(ret->engine); +- if(!ret->meth) +- { +- DSAerr(DSA_F_DSA_NEW_METHOD, +- ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } ++ if (engine) { ++ if (!ENGINE_init(engine)) { ++ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ret->engine = engine; ++ } else ++ ret->engine = ENGINE_get_default_DSA(); ++ if (ret->engine) { ++ ret->meth = ENGINE_get_DSA(ret->engine); ++ if (!ret->meth) { ++ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } + #endif + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) +- { +- DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); +-#ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-#endif +- OPENSSL_free(ret); +- return NULL; +- } ++ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) { ++ DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); ++# ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++# endif ++ OPENSSL_free(ret); ++ return NULL; ++ } + #endif + +- ret->pad=0; +- ret->version=0; +- ret->write_params=1; +- ret->p=NULL; +- ret->q=NULL; +- ret->g=NULL; ++ ret->pad = 0; ++ ret->version = 0; ++ ret->write_params = 1; ++ ret->p = NULL; ++ ret->q = NULL; ++ ret->g = NULL; + +- ret->pub_key=NULL; +- ret->priv_key=NULL; ++ ret->pub_key = NULL; ++ ret->priv_key = NULL; + +- ret->kinv=NULL; +- ret->r=NULL; +- ret->method_mont_p=NULL; ++ ret->kinv = NULL; ++ ret->r = NULL; ++ ret->method_mont_p = NULL; + +- ret->references=1; +- ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { ++ ret->references = 1; ++ ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + #ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); ++ if (ret->engine) ++ ENGINE_finish(ret->engine); + #endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret=NULL; +- } +- +- return(ret); +- } ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ ++ return (ret); ++} + + void DSA_free(DSA *r) +- { +- int i; ++{ ++ int i; + +- if (r == NULL) return; ++ if (r == NULL) ++ return; + +- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA); + #ifdef REF_PRINT +- REF_PRINT("DSA",r); ++ REF_PRINT("DSA", r); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"DSA_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "DSA_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if(r->meth->finish) +- r->meth->finish(r); ++ if (r->meth->finish) ++ r->meth->finish(r); + #ifndef OPENSSL_NO_ENGINE +- if(r->engine) +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif + +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); + +- if (r->p != NULL) BN_clear_free(r->p); +- if (r->q != NULL) BN_clear_free(r->q); +- if (r->g != NULL) BN_clear_free(r->g); +- if (r->pub_key != NULL) BN_clear_free(r->pub_key); +- if (r->priv_key != NULL) BN_clear_free(r->priv_key); +- if (r->kinv != NULL) BN_clear_free(r->kinv); +- if (r->r != NULL) BN_clear_free(r->r); +- OPENSSL_free(r); +- } ++ if (r->p != NULL) ++ BN_clear_free(r->p); ++ if (r->q != NULL) ++ BN_clear_free(r->q); ++ if (r->g != NULL) ++ BN_clear_free(r->g); ++ if (r->pub_key != NULL) ++ BN_clear_free(r->pub_key); ++ if (r->priv_key != NULL) ++ BN_clear_free(r->priv_key); ++ if (r->kinv != NULL) ++ BN_clear_free(r->kinv); ++ if (r->r != NULL) ++ BN_clear_free(r->r); ++ OPENSSL_free(r); ++} + + int DSA_up_ref(DSA *r) +- { +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); ++{ ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); + #ifdef REF_PRINT +- REF_PRINT("DSA",r); ++ REF_PRINT("DSA", r); + #endif + #ifdef REF_CHECK +- if (i < 2) +- { +- fprintf(stderr, "DSA_up_ref, bad reference count\n"); +- abort(); +- } ++ if (i < 2) { ++ fprintf(stderr, "DSA_up_ref, bad reference count\n"); ++ abort(); ++ } + #endif +- return ((i > 1) ? 1 : 0); +- } ++ return ((i > 1) ? 1 : 0); ++} + + int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, ++ new_func, dup_func, free_func); ++} + + int DSA_set_ex_data(DSA *d, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); ++} + + void *DSA_get_ex_data(DSA *d, int idx) +- { +- return(CRYPTO_get_ex_data(&d->ex_data,idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&d->ex_data, idx)); ++} + + #ifndef OPENSSL_NO_DH + DH *DSA_dup_DH(const DSA *r) +- { +- /* DSA has p, q, g, optional pub_key, optional priv_key. +- * DH has p, optional length, g, optional pub_key, optional priv_key. +- */ ++{ ++ /* ++ * DSA has p, q, g, optional pub_key, optional priv_key. DH has p, ++ * optional length, g, optional pub_key, optional priv_key. ++ */ + +- DH *ret = NULL; ++ DH *ret = NULL; + +- if (r == NULL) +- goto err; +- ret = DH_new(); +- if (ret == NULL) +- goto err; +- if (r->p != NULL) +- if ((ret->p = BN_dup(r->p)) == NULL) +- goto err; +- if (r->q != NULL) +- ret->length = BN_num_bits(r->q); +- if (r->g != NULL) +- if ((ret->g = BN_dup(r->g)) == NULL) +- goto err; +- if (r->pub_key != NULL) +- if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) +- goto err; +- if (r->priv_key != NULL) +- if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) +- goto err; ++ if (r == NULL) ++ goto err; ++ ret = DH_new(); ++ if (ret == NULL) ++ goto err; ++ if (r->p != NULL) ++ if ((ret->p = BN_dup(r->p)) == NULL) ++ goto err; ++ if (r->q != NULL) ++ ret->length = BN_num_bits(r->q); ++ if (r->g != NULL) ++ if ((ret->g = BN_dup(r->g)) == NULL) ++ goto err; ++ if (r->pub_key != NULL) ++ if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) ++ goto err; ++ if (r->priv_key != NULL) ++ if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) ++ goto err; + +- return ret; ++ return ret; + + err: +- if (ret != NULL) +- DH_free(ret); +- return NULL; +- } ++ if (ret != NULL) ++ DH_free(ret); ++ return NULL; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c +index 1727760..f993844 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -68,31 +68,33 @@ + #ifndef OPENSSL_FIPS + + static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, +- DSA *dsa); ++static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp); ++static int dsa_do_verify(const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa); + static int dsa_init(DSA *dsa); + static int dsa_finish(DSA *dsa); + + static DSA_METHOD openssl_dsa_meth = { +-"OpenSSL DSA method", +-dsa_do_sign, +-dsa_sign_setup, +-dsa_do_verify, +-NULL, /* dsa_mod_exp, */ +-NULL, /* dsa_bn_mod_exp, */ +-dsa_init, +-dsa_finish, +-0, +-NULL, +-NULL, +-NULL ++ "OpenSSL DSA method", ++ dsa_do_sign, ++ dsa_sign_setup, ++ dsa_do_verify, ++ NULL, /* dsa_mod_exp, */ ++ NULL, /* dsa_bn_mod_exp, */ ++ dsa_init, ++ dsa_finish, ++ 0, ++ NULL, ++ NULL, ++ NULL + }; + +-/* These macro wrappers replace attempts to use the dsa_mod_exp() and ++/*- ++ * These macro wrappers replace attempts to use the dsa_mod_exp() and + * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of + * having a the macro work as an expression by bundling an "err_instr". So; +- * ++ * + * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, + * dsa->method_mont_p)) goto err; + * +@@ -102,296 +104,309 @@ NULL + * dsa->method_mont_p); + */ + +-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ +- do { \ +- int _tmp_res53; \ +- if((dsa)->meth->dsa_mod_exp) \ +- _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ +- (a2), (p2), (m), (ctx), (in_mont)); \ +- else \ +- _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ +- (m), (ctx), (in_mont)); \ +- if(!_tmp_res53) err_instr; \ +- } while(0) +-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ +- do { \ +- int _tmp_res53; \ +- if((dsa)->meth->bn_mod_exp) \ +- _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ +- (m), (ctx), (m_ctx)); \ +- else \ +- _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ +- if(!_tmp_res53) err_instr; \ +- } while(0) ++# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ ++ do { \ ++ int _tmp_res53; \ ++ if((dsa)->meth->dsa_mod_exp) \ ++ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ ++ (a2), (p2), (m), (ctx), (in_mont)); \ ++ else \ ++ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ ++ (m), (ctx), (in_mont)); \ ++ if(!_tmp_res53) err_instr; \ ++ } while(0) ++# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ ++ do { \ ++ int _tmp_res53; \ ++ if((dsa)->meth->bn_mod_exp) \ ++ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ ++ (m), (ctx), (m_ctx)); \ ++ else \ ++ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ ++ if(!_tmp_res53) err_instr; \ ++ } while(0) + + const DSA_METHOD *DSA_OpenSSL(void) + { +- return &openssl_dsa_meth; ++ return &openssl_dsa_meth; + } + + static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +- { +- BIGNUM *kinv=NULL,*r=NULL,*s=NULL; +- BIGNUM m; +- BIGNUM xr; +- BN_CTX *ctx=NULL; +- int i,reason=ERR_R_BN_LIB; +- DSA_SIG *ret=NULL; +- +- BN_init(&m); +- BN_init(&xr); +- +- if (!dsa->p || !dsa->q || !dsa->g) +- { +- reason=DSA_R_MISSING_PARAMETERS; +- goto err; +- } +- +- s=BN_new(); +- if (s == NULL) goto err; +- +- i=BN_num_bytes(dsa->q); /* should be 20 */ +- if ((dlen > i) || (dlen > 50)) +- { +- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; +- goto err; +- } +- +- ctx=BN_CTX_new(); +- if (ctx == NULL) goto err; +- +- if ((dsa->kinv == NULL) || (dsa->r == NULL)) +- { +- if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; +- } +- else +- { +- kinv=dsa->kinv; +- dsa->kinv=NULL; +- r=dsa->r; +- dsa->r=NULL; +- } +- +- if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; +- +- /* Compute s = inv(k) (m + xr) mod q */ +- if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ +- if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ +- if (BN_cmp(s,dsa->q) > 0) +- if (!BN_sub(s,s,dsa->q)) +- goto err; +- if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; +- +- ret=DSA_SIG_new(); +- if (ret == NULL) goto err; +- ret->r = r; +- ret->s = s; +- +-err: +- if (!ret) +- { +- DSAerr(DSA_F_DSA_DO_SIGN,reason); +- BN_free(r); +- BN_free(s); +- } +- if (ctx != NULL) BN_CTX_free(ctx); +- BN_clear_free(&m); +- BN_clear_free(&xr); +- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ +- BN_clear_free(kinv); +- return(ret); +- } +- +-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +- { +- BN_CTX *ctx; +- BIGNUM k,kq,*K,*kinv=NULL,*r=NULL; +- int ret=0; +- +- if (!dsa->p || !dsa->q || !dsa->g) +- { +- DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); +- return 0; +- } +- +- BN_init(&k); +- BN_init(&kq); +- +- if (ctx_in == NULL) +- { +- if ((ctx=BN_CTX_new()) == NULL) goto err; +- } +- else +- ctx=ctx_in; +- +- if ((r=BN_new()) == NULL) goto err; +- +- /* Get random k */ +- do +- if (!BN_rand_range(&k, dsa->q)) goto err; +- while (BN_is_zero(&k)); +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) +- { +- BN_set_flags(&k, BN_FLG_CONSTTIME); +- } +- +- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) +- { +- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, +- CRYPTO_LOCK_DSA, +- dsa->p, ctx)) +- goto err; +- } +- +- /* Compute r = (g^k mod p) mod q */ +- +- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) +- { +- if (!BN_copy(&kq, &k)) goto err; +- +- /* We do not want timing information to leak the length of k, +- * so we compute g^k using an equivalent exponent of fixed length. +- * +- * (This is a kludge that we need because the BN_mod_exp_mont() +- * does not let us specify the desired timing behaviour.) */ +- +- if (!BN_add(&kq, &kq, dsa->q)) goto err; +- if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) +- { +- if (!BN_add(&kq, &kq, dsa->q)) goto err; +- } +- +- K = &kq; +- } +- else +- { +- K = &k; +- } +- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, +- dsa->method_mont_p); +- if (!BN_mod(r,r,dsa->q,ctx)) goto err; +- +- /* Compute part of 's = inv(k) (m + xr) mod q' */ +- if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; +- +- if (*kinvp != NULL) BN_clear_free(*kinvp); +- *kinvp=kinv; +- kinv=NULL; +- if (*rp != NULL) BN_clear_free(*rp); +- *rp=r; +- ret=1; +-err: +- if (!ret) +- { +- DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); +- if (kinv != NULL) BN_clear_free(kinv); +- if (r != NULL) BN_clear_free(r); +- } +- if (ctx_in == NULL) BN_CTX_free(ctx); +- if (kinv != NULL) BN_clear_free(kinv); +- BN_clear_free(&k); +- BN_clear_free(&kq); +- return(ret); +- } +- +-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, +- DSA *dsa) +- { +- BN_CTX *ctx; +- BIGNUM u1,u2,t1; +- BN_MONT_CTX *mont=NULL; +- int ret = -1; +- if (!dsa->p || !dsa->q || !dsa->g) +- { +- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); +- return -1; +- } +- +- if (BN_num_bits(dsa->q) != 160) +- { +- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); +- return -1; +- } +- +- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) +- { +- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); +- return -1; +- } +- +- BN_init(&u1); +- BN_init(&u2); +- BN_init(&t1); +- +- if ((ctx=BN_CTX_new()) == NULL) goto err; +- +- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || +- BN_ucmp(sig->r, dsa->q) >= 0) +- { +- ret = 0; +- goto err; +- } +- if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || +- BN_ucmp(sig->s, dsa->q) >= 0) +- { +- ret = 0; +- goto err; +- } +- +- /* Calculate W = inv(S) mod Q +- * save W in u2 */ +- if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; +- +- /* save M in u1 */ +- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; +- +- /* u1 = M * w mod q */ +- if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; +- +- /* u2 = r * w mod q */ +- if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; +- +- +- if (dsa->flags & DSA_FLAG_CACHE_MONT_P) +- { +- mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, +- CRYPTO_LOCK_DSA, dsa->p, ctx); +- if (!mont) +- goto err; +- } +- +- +- DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont); +- /* BN_copy(&u1,&t1); */ +- /* let u1 = u1 mod q */ +- if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; +- +- /* V is now in u1. If the signature is correct, it will be +- * equal to R. */ +- ret=(BN_ucmp(&u1, sig->r) == 0); +- +- err: +- /* XXX: surely this is wrong - if ret is 0, it just didn't verify; +- there is no error in BN. Test should be ret == -1 (Ben) */ +- if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); +- if (ctx != NULL) BN_CTX_free(ctx); +- BN_free(&u1); +- BN_free(&u2); +- BN_free(&t1); +- return(ret); +- } ++{ ++ BIGNUM *kinv = NULL, *r = NULL, *s = NULL; ++ BIGNUM m; ++ BIGNUM xr; ++ BN_CTX *ctx = NULL; ++ int i, reason = ERR_R_BN_LIB; ++ DSA_SIG *ret = NULL; ++ ++ BN_init(&m); ++ BN_init(&xr); ++ ++ if (!dsa->p || !dsa->q || !dsa->g) { ++ reason = DSA_R_MISSING_PARAMETERS; ++ goto err; ++ } ++ ++ s = BN_new(); ++ if (s == NULL) ++ goto err; ++ ++ i = BN_num_bytes(dsa->q); /* should be 20 */ ++ if ((dlen > i) || (dlen > 50)) { ++ reason = DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; ++ goto err; ++ } ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ ++ if ((dsa->kinv == NULL) || (dsa->r == NULL)) { ++ if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) ++ goto err; ++ } else { ++ kinv = dsa->kinv; ++ dsa->kinv = NULL; ++ r = dsa->r; ++ dsa->r = NULL; ++ } ++ ++ if (BN_bin2bn(dgst, dlen, &m) == NULL) ++ goto err; ++ ++ /* Compute s = inv(k) (m + xr) mod q */ ++ if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx)) ++ goto err; /* s = xr */ ++ if (!BN_add(s, &xr, &m)) ++ goto err; /* s = m + xr */ ++ if (BN_cmp(s, dsa->q) > 0) ++ if (!BN_sub(s, s, dsa->q)) ++ goto err; ++ if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) ++ goto err; ++ ++ ret = DSA_SIG_new(); ++ if (ret == NULL) ++ goto err; ++ ret->r = r; ++ ret->s = s; ++ ++ err: ++ if (!ret) { ++ DSAerr(DSA_F_DSA_DO_SIGN, reason); ++ BN_free(r); ++ BN_free(s); ++ } ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ BN_clear_free(&m); ++ BN_clear_free(&xr); ++ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ ++ BN_clear_free(kinv); ++ return (ret); ++} ++ ++static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp) ++{ ++ BN_CTX *ctx; ++ BIGNUM k, kq, *K, *kinv = NULL, *r = NULL; ++ int ret = 0; ++ ++ if (!dsa->p || !dsa->q || !dsa->g) { ++ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS); ++ return 0; ++ } ++ ++ BN_init(&k); ++ BN_init(&kq); ++ ++ if (ctx_in == NULL) { ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ } else ++ ctx = ctx_in; ++ ++ if ((r = BN_new()) == NULL) ++ goto err; ++ ++ /* Get random k */ ++ do ++ if (!BN_rand_range(&k, dsa->q)) ++ goto err; ++ while (BN_is_zero(&k)) ; ++ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { ++ BN_set_flags(&k, BN_FLG_CONSTTIME); ++ } ++ ++ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { ++ if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, ++ CRYPTO_LOCK_DSA, dsa->p, ctx)) ++ goto err; ++ } ++ ++ /* Compute r = (g^k mod p) mod q */ ++ ++ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { ++ if (!BN_copy(&kq, &k)) ++ goto err; ++ ++ /* ++ * We do not want timing information to leak the length of k, so we ++ * compute g^k using an equivalent exponent of fixed length. (This ++ * is a kludge that we need because the BN_mod_exp_mont() does not ++ * let us specify the desired timing behaviour.) ++ */ ++ ++ if (!BN_add(&kq, &kq, dsa->q)) ++ goto err; ++ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) { ++ if (!BN_add(&kq, &kq, dsa->q)) ++ goto err; ++ } ++ ++ K = &kq; ++ } else { ++ K = &k; ++ } ++ DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, ++ dsa->method_mont_p); ++ if (!BN_mod(r, r, dsa->q, ctx)) ++ goto err; ++ ++ /* Compute part of 's = inv(k) (m + xr) mod q' */ ++ if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL) ++ goto err; ++ ++ if (*kinvp != NULL) ++ BN_clear_free(*kinvp); ++ *kinvp = kinv; ++ kinv = NULL; ++ if (*rp != NULL) ++ BN_clear_free(*rp); ++ *rp = r; ++ ret = 1; ++ err: ++ if (!ret) { ++ DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); ++ if (kinv != NULL) ++ BN_clear_free(kinv); ++ if (r != NULL) ++ BN_clear_free(r); ++ } ++ if (ctx_in == NULL) ++ BN_CTX_free(ctx); ++ if (kinv != NULL) ++ BN_clear_free(kinv); ++ BN_clear_free(&k); ++ BN_clear_free(&kq); ++ return (ret); ++} ++ ++static int dsa_do_verify(const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa) ++{ ++ BN_CTX *ctx; ++ BIGNUM u1, u2, t1; ++ BN_MONT_CTX *mont = NULL; ++ int ret = -1; ++ if (!dsa->p || !dsa->q || !dsa->g) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS); ++ return -1; ++ } ++ ++ if (BN_num_bits(dsa->q) != 160) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE); ++ return -1; ++ } ++ ++ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE); ++ return -1; ++ } ++ ++ BN_init(&u1); ++ BN_init(&u2); ++ BN_init(&t1); ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ ++ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || ++ BN_ucmp(sig->r, dsa->q) >= 0) { ++ ret = 0; ++ goto err; ++ } ++ if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || ++ BN_ucmp(sig->s, dsa->q) >= 0) { ++ ret = 0; ++ goto err; ++ } ++ ++ /* ++ * Calculate W = inv(S) mod Q save W in u2 ++ */ ++ if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL) ++ goto err; ++ ++ /* save M in u1 */ ++ if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) ++ goto err; ++ ++ /* u1 = M * w mod q */ ++ if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) ++ goto err; ++ ++ /* u2 = r * w mod q */ ++ if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) ++ goto err; ++ ++ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { ++ mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, ++ CRYPTO_LOCK_DSA, dsa->p, ctx); ++ if (!mont) ++ goto err; ++ } ++ ++ DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ++ ctx, mont); ++ /* BN_copy(&u1,&t1); */ ++ /* let u1 = u1 mod q */ ++ if (!BN_mod(&u1, &t1, dsa->q, ctx)) ++ goto err; ++ ++ /* ++ * V is now in u1. If the signature is correct, it will be equal to R. ++ */ ++ ret = (BN_ucmp(&u1, sig->r) == 0); ++ ++ err: ++ /* ++ * XXX: surely this is wrong - if ret is 0, it just didn't verify; there ++ * is no error in BN. Test should be ret == -1 (Ben) ++ */ ++ if (ret != 1) ++ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ BN_free(&u1); ++ BN_free(&u2); ++ BN_free(&t1); ++ return (ret); ++} + + static int dsa_init(DSA *dsa) + { +- dsa->flags|=DSA_FLAG_CACHE_MONT_P; +- return(1); ++ dsa->flags |= DSA_FLAG_CACHE_MONT_P; ++ return (1); + } + + static int dsa_finish(DSA *dsa) + { +- if(dsa->method_mont_p) +- BN_MONT_CTX_free(dsa->method_mont_p); +- return(1); ++ if (dsa->method_mont_p) ++ BN_MONT_CTX_free(dsa->method_mont_p); ++ return (1); + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c +index 4cfbbe5..0b32261 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,31 +65,28 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +- +-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +- { ++DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ++{ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) +- { +- DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return NULL; +- } ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return NULL; ++ } + #endif +- return dsa->meth->dsa_do_sign(dgst, dlen, dsa); +- } ++ return dsa->meth->dsa_do_sign(dgst, dlen, dsa); ++} + + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +- { ++{ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) +- { +- DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_SIGN_SETUP, ++ DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif +- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); +- } +- ++ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c +index 24c021d..6cc4479 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,32 +64,30 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + + DSA_SIG *DSA_SIG_new(void) +- { +- DSA_SIG *sig; +- sig = OPENSSL_malloc(sizeof(DSA_SIG)); +- if (!sig) +- return NULL; +- sig->r = NULL; +- sig->s = NULL; +- return sig; +- } ++{ ++ DSA_SIG *sig; ++ sig = OPENSSL_malloc(sizeof(DSA_SIG)); ++ if (!sig) ++ return NULL; ++ sig->r = NULL; ++ sig->s = NULL; ++ return sig; ++} + + void DSA_SIG_free(DSA_SIG *sig) +- { +- if (sig) +- { +- if (sig->r) +- BN_free(sig->r); +- if (sig->s) +- BN_free(sig->s); +- OPENSSL_free(sig); +- } +- } +- ++{ ++ if (sig) { ++ if (sig->r) ++ BN_free(sig->r); ++ if (sig->s) ++ BN_free(sig->s); ++ OPENSSL_free(sig); ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c +index c75e423..5a5d9e1 100644 +--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c ++++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,20 +65,19 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include + + int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, +- DSA *dsa) +- { ++ DSA *dsa) ++{ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) +- { +- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { ++ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif +- return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); +- } ++ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +index 417abb6..25c9c13 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +@@ -1,6 +1,7 @@ + /* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,292 +63,275 @@ + + #ifndef DSO_DL + DSO_METHOD *DSO_METHOD_dl(void) +- { +- return NULL; +- } ++{ ++ return NULL; ++} + #else + +-#include ++# include + + /* Part of the hack in "dl_load" ... */ +-#define DSO_MAX_TRANSLATED_SIZE 256 ++# define DSO_MAX_TRANSLATED_SIZE 256 + + static int dl_load(DSO *dso); + static int dl_unload(DSO *dso); + static void *dl_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); +-#if 0 ++# if 0 + static int dl_unbind_var(DSO *dso, char *symname, void *symptr); + static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); + static int dl_init(DSO *dso); + static int dl_finish(DSO *dso); + static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); +-#endif ++# endif + static char *dl_name_converter(DSO *dso, const char *filename); +-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); ++static char *dl_merger(DSO *dso, const char *filespec1, ++ const char *filespec2); + + static DSO_METHOD dso_meth_dl = { +- "OpenSSL 'dl' shared library method", +- dl_load, +- dl_unload, +- dl_bind_var, +- dl_bind_func, ++ "OpenSSL 'dl' shared library method", ++ dl_load, ++ dl_unload, ++ dl_bind_var, ++ dl_bind_func, + /* For now, "unbind" doesn't exist */ +-#if 0 +- NULL, /* unbind_var */ +- NULL, /* unbind_func */ +-#endif +- NULL, /* ctrl */ +- dl_name_converter, +- dl_merger, +- NULL, /* init */ +- NULL /* finish */ +- }; ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif ++ NULL, /* ctrl */ ++ dl_name_converter, ++ dl_merger, ++ NULL, /* init */ ++ NULL /* finish */ ++}; + + DSO_METHOD *DSO_METHOD_dl(void) +- { +- return(&dso_meth_dl); +- } ++{ ++ return (&dso_meth_dl); ++} + +-/* For this DSO_METHOD, our meth_data STACK will contain; +- * (i) the handle (shl_t) returned from shl_load(). +- * NB: I checked on HPUX11 and shl_t is itself a pointer +- * type so the cast is safe. ++/* ++ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle ++ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is ++ * itself a pointer type so the cast is safe. + */ + + static int dl_load(DSO *dso) +- { +- shl_t ptr = NULL; +- /* We don't do any fancy retries or anything, just take the method's +- * (or DSO's if it has the callback set) best translation of the +- * platform-independant filename and try once with that. */ +- char *filename= DSO_convert_filename(dso, NULL); ++{ ++ shl_t ptr = NULL; ++ /* ++ * We don't do any fancy retries or anything, just take the method's (or ++ * DSO's if it has the callback set) best translation of the ++ * platform-independant filename and try once with that. ++ */ ++ char *filename = DSO_convert_filename(dso, NULL); + +- if(filename == NULL) +- { +- DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); +- goto err; +- } +- ptr = shl_load(filename, BIND_IMMEDIATE | +- (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); +- ERR_add_error_data(4, "filename(", filename, "): ", +- strerror(errno)); +- goto err; +- } +- if(!sk_push(dso->meth_data, (char *)ptr)) +- { +- DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR); +- goto err; +- } +- /* Success, stick the converted filename we've loaded under into the DSO +- * (it also serves as the indicator that we are currently loaded). */ +- dso->loaded_filename = filename; +- return(1); +-err: +- /* Cleanup! */ +- if(filename != NULL) +- OPENSSL_free(filename); +- if(ptr != NULL) +- shl_unload(ptr); +- return(0); +- } ++ if (filename == NULL) { ++ DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++ ptr = shl_load(filename, BIND_IMMEDIATE | ++ (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : ++ DYNAMIC_PATH), 0L); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED); ++ ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno)); ++ goto err; ++ } ++ if (!sk_push(dso->meth_data, (char *)ptr)) { ++ DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR); ++ goto err; ++ } ++ /* ++ * Success, stick the converted filename we've loaded under into the DSO ++ * (it also serves as the indicator that we are currently loaded). ++ */ ++ dso->loaded_filename = filename; ++ return (1); ++ err: ++ /* Cleanup! */ ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ if (ptr != NULL) ++ shl_unload(ptr); ++ return (0); ++} + + static int dl_unload(DSO *dso) +- { +- shl_t ptr; +- if(dso == NULL) +- { +- DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- if(sk_num(dso->meth_data) < 1) +- return(1); +- /* Is this statement legal? */ +- ptr = (shl_t)sk_pop(dso->meth_data); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE); +- /* Should push the value back onto the stack in +- * case of a retry. */ +- sk_push(dso->meth_data, (char *)ptr); +- return(0); +- } +- shl_unload(ptr); +- return(1); +- } ++{ ++ shl_t ptr; ++ if (dso == NULL) { ++ DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (sk_num(dso->meth_data) < 1) ++ return (1); ++ /* Is this statement legal? */ ++ ptr = (shl_t) sk_pop(dso->meth_data); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE); ++ /* ++ * Should push the value back onto the stack in case of a retry. ++ */ ++ sk_push(dso->meth_data, (char *)ptr); ++ return (0); ++ } ++ shl_unload(ptr); ++ return (1); ++} + + static void *dl_bind_var(DSO *dso, const char *symname) +- { +- shl_t ptr; +- void *sym; ++{ ++ shl_t ptr; ++ void *sym; + +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR); +- return(NULL); +- } +- ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); +- return(NULL); +- } +- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) +- { +- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); +- ERR_add_error_data(4, "symname(", symname, "): ", +- strerror(errno)); +- return(NULL); +- } +- return(sym); +- } ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { ++ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); ++ return (NULL); ++ } ++ return (sym); ++} + + static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) +- { +- shl_t ptr; +- void *sym; ++{ ++ shl_t ptr; ++ void *sym; + +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR); +- return(NULL); +- } +- ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); +- return(NULL); +- } +- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) +- { +- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); +- ERR_add_error_data(4, "symname(", symname, "): ", +- strerror(errno)); +- return(NULL); +- } +- return((DSO_FUNC_TYPE)sym); +- } ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { ++ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); ++ return (NULL); ++ } ++ return ((DSO_FUNC_TYPE)sym); ++} + + static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) +- { +- char *merged; ++{ ++ char *merged; + +- if(!filespec1 && !filespec2) +- { +- DSOerr(DSO_F_DL_MERGER, +- ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- /* If the first file specification is a rooted path, it rules. +- same goes if the second file specification is missing. */ +- if (!filespec2 || filespec1[0] == '/') +- { +- merged = OPENSSL_malloc(strlen(filespec1) + 1); +- if(!merged) +- { +- DSOerr(DSO_F_DL_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec1); +- } +- /* If the first file specification is missing, the second one rules. */ +- else if (!filespec1) +- { +- merged = OPENSSL_malloc(strlen(filespec2) + 1); +- if(!merged) +- { +- DSOerr(DSO_F_DL_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec2); +- } +- else +- /* This part isn't as trivial as it looks. It assumes that +- the second file specification really is a directory, and +- makes no checks whatsoever. Therefore, the result becomes +- the concatenation of filespec2 followed by a slash followed +- by filespec1. */ +- { +- int spec2len, len; ++ if (!filespec1 && !filespec2) { ++ DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ /* ++ * If the first file specification is a rooted path, it rules. same goes ++ * if the second file specification is missing. ++ */ ++ if (!filespec2 || filespec1[0] == '/') { ++ merged = OPENSSL_malloc(strlen(filespec1) + 1); ++ if (!merged) { ++ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec1); ++ } ++ /* ++ * If the first file specification is missing, the second one rules. ++ */ ++ else if (!filespec1) { ++ merged = OPENSSL_malloc(strlen(filespec2) + 1); ++ if (!merged) { ++ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec2); ++ } else ++ /* ++ * This part isn't as trivial as it looks. It assumes that the ++ * second file specification really is a directory, and makes no ++ * checks whatsoever. Therefore, the result becomes the ++ * concatenation of filespec2 followed by a slash followed by ++ * filespec1. ++ */ ++ { ++ int spec2len, len; + +- spec2len = (filespec2 ? strlen(filespec2) : 0); +- len = spec2len + (filespec1 ? strlen(filespec1) : 0); ++ spec2len = (filespec2 ? strlen(filespec2) : 0); ++ len = spec2len + (filespec1 ? strlen(filespec1) : 0); + +- if(filespec2 && filespec2[spec2len - 1] == '/') +- { +- spec2len--; +- len--; +- } +- merged = OPENSSL_malloc(len + 2); +- if(!merged) +- { +- DSOerr(DSO_F_DL_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec2); +- merged[spec2len] = '/'; +- strcpy(&merged[spec2len + 1], filespec1); +- } +- return(merged); +- } ++ if (filespec2 && filespec2[spec2len - 1] == '/') { ++ spec2len--; ++ len--; ++ } ++ merged = OPENSSL_malloc(len + 2); ++ if (!merged) { ++ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec2); ++ merged[spec2len] = '/'; ++ strcpy(&merged[spec2len + 1], filespec1); ++ } ++ return (merged); ++} + +-/* This function is identical to the one in dso_dlfcn.c, but as it is highly +- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the +- * same time, there's no great duplicating the code. Figuring out an elegant +- * way to share one copy of the code would be more difficult and would not +- * leave the implementations independant. */ +-#if defined(__hpux) ++/* ++ * This function is identical to the one in dso_dlfcn.c, but as it is highly ++ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at ++ * the same time, there's no great duplicating the code. Figuring out an ++ * elegant way to share one copy of the code would be more difficult and ++ * would not leave the implementations independant. ++ */ ++# if defined(__hpux) + static const char extension[] = ".sl"; +-#else ++# else + static const char extension[] = ".so"; +-#endif ++# endif + static char *dl_name_converter(DSO *dso, const char *filename) +- { +- char *translated; +- int len, rsize, transform; ++{ ++ char *translated; ++ int len, rsize, transform; + +- len = strlen(filename); +- rsize = len + 1; +- transform = (strstr(filename, "/") == NULL); +- { +- /* We will convert this to "%s.s?" or "lib%s.s?" */ +- rsize += strlen(extension);/* The length of ".s?" */ +- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) +- rsize += 3; /* The length of "lib" */ +- } +- translated = OPENSSL_malloc(rsize); +- if(translated == NULL) +- { +- DSOerr(DSO_F_DL_NAME_CONVERTER, +- DSO_R_NAME_TRANSLATION_FAILED); +- return(NULL); +- } +- if(transform) +- { +- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) +- sprintf(translated, "lib%s%s", filename, extension); +- else +- sprintf(translated, "%s%s", filename, extension); +- } +- else +- sprintf(translated, "%s", filename); +- return(translated); +- } ++ len = strlen(filename); ++ rsize = len + 1; ++ transform = (strstr(filename, "/") == NULL); ++ { ++ /* We will convert this to "%s.s?" or "lib%s.s?" */ ++ rsize += strlen(extension); /* The length of ".s?" */ ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ rsize += 3; /* The length of "lib" */ ++ } ++ translated = OPENSSL_malloc(rsize); ++ if (translated == NULL) { ++ DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); ++ return (NULL); ++ } ++ if (transform) { ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ sprintf(translated, "lib%s%s", filename, extension); ++ else ++ sprintf(translated, "%s%s", filename, extension); ++ } else ++ sprintf(translated, "%s", filename); ++ return (translated); ++} + +-#endif /* DSO_DL */ ++#endif /* DSO_DL */ +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +index d91e821..f01255a 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +@@ -1,6 +1,7 @@ + /* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,320 +63,298 @@ + + #ifndef DSO_DLFCN + DSO_METHOD *DSO_METHOD_dlfcn(void) +- { +- return NULL; +- } ++{ ++ return NULL; ++} + #else + +-#ifdef HAVE_DLFCN_H +-#include +-#endif ++# ifdef HAVE_DLFCN_H ++# include ++# endif + + /* Part of the hack in "dlfcn_load" ... */ +-#define DSO_MAX_TRANSLATED_SIZE 256 ++# define DSO_MAX_TRANSLATED_SIZE 256 + + static int dlfcn_load(DSO *dso); + static int dlfcn_unload(DSO *dso); + static void *dlfcn_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); +-#if 0 ++# if 0 + static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); + static int dlfcn_init(DSO *dso); + static int dlfcn_finish(DSO *dso); + static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); +-#endif ++# endif + static char *dlfcn_name_converter(DSO *dso, const char *filename); + static char *dlfcn_merger(DSO *dso, const char *filespec1, +- const char *filespec2); ++ const char *filespec2); + + static DSO_METHOD dso_meth_dlfcn = { +- "OpenSSL 'dlfcn' shared library method", +- dlfcn_load, +- dlfcn_unload, +- dlfcn_bind_var, +- dlfcn_bind_func, ++ "OpenSSL 'dlfcn' shared library method", ++ dlfcn_load, ++ dlfcn_unload, ++ dlfcn_bind_var, ++ dlfcn_bind_func, + /* For now, "unbind" doesn't exist */ +-#if 0 +- NULL, /* unbind_var */ +- NULL, /* unbind_func */ +-#endif +- NULL, /* ctrl */ +- dlfcn_name_converter, +- dlfcn_merger, +- NULL, /* init */ +- NULL /* finish */ +- }; ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif ++ NULL, /* ctrl */ ++ dlfcn_name_converter, ++ dlfcn_merger, ++ NULL, /* init */ ++ NULL /* finish */ ++}; + + DSO_METHOD *DSO_METHOD_dlfcn(void) +- { +- return(&dso_meth_dlfcn); +- } ++{ ++ return (&dso_meth_dlfcn); ++} + +-/* Prior to using the dlopen() function, we should decide on the flag +- * we send. There's a few different ways of doing this and it's a +- * messy venn-diagram to match up which platforms support what. So +- * as we don't have autoconf yet, I'm implementing a hack that could +- * be hacked further relatively easily to deal with cases as we find +- * them. Initially this is to cope with OpenBSD. */ +-#if defined(__OpenBSD__) || defined(__NetBSD__) +-# ifdef DL_LAZY +-# define DLOPEN_FLAG DL_LAZY +-# else +-# ifdef RTLD_NOW +-# define DLOPEN_FLAG RTLD_NOW +-# else +-# define DLOPEN_FLAG 0 +-# endif +-# endif +-#else +-# ifdef OPENSSL_SYS_SUNOS +-# define DLOPEN_FLAG 1 +-# else +-# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ +-# endif +-#endif ++/* ++ * Prior to using the dlopen() function, we should decide on the flag we ++ * send. There's a few different ways of doing this and it's a messy ++ * venn-diagram to match up which platforms support what. So as we don't have ++ * autoconf yet, I'm implementing a hack that could be hacked further ++ * relatively easily to deal with cases as we find them. Initially this is to ++ * cope with OpenBSD. ++ */ ++# if defined(__OpenBSD__) || defined(__NetBSD__) ++# ifdef DL_LAZY ++# define DLOPEN_FLAG DL_LAZY ++# else ++# ifdef RTLD_NOW ++# define DLOPEN_FLAG RTLD_NOW ++# else ++# define DLOPEN_FLAG 0 ++# endif ++# endif ++# else ++# ifdef OPENSSL_SYS_SUNOS ++# define DLOPEN_FLAG 1 ++# else ++# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ ++# endif ++# endif + +-/* For this DSO_METHOD, our meth_data STACK will contain; +- * (i) the handle (void*) returned from dlopen(). ++/* ++ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle ++ * (void*) returned from dlopen(). + */ + + static int dlfcn_load(DSO *dso) +- { +- void *ptr = NULL; +- /* See applicable comments in dso_dl.c */ +- char *filename = DSO_convert_filename(dso, NULL); +- int flags = DLOPEN_FLAG; +- +- if(filename == NULL) +- { +- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); +- goto err; +- } ++{ ++ void *ptr = NULL; ++ /* See applicable comments in dso_dl.c */ ++ char *filename = DSO_convert_filename(dso, NULL); ++ int flags = DLOPEN_FLAG; + +-#ifdef RTLD_GLOBAL +- if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) +- flags |= RTLD_GLOBAL; +-#endif +- ptr = dlopen(filename, flags); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); +- ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); +- goto err; +- } +- if(!sk_push(dso->meth_data, (char *)ptr)) +- { +- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); +- goto err; +- } +- /* Success */ +- dso->loaded_filename = filename; +- return(1); +-err: +- /* Cleanup! */ +- if(filename != NULL) +- OPENSSL_free(filename); +- if(ptr != NULL) +- dlclose(ptr); +- return(0); ++ if (filename == NULL) { ++ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++# ifdef RTLD_GLOBAL ++ if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) ++ flags |= RTLD_GLOBAL; ++# endif ++ ptr = dlopen(filename, flags); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED); ++ ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); ++ goto err; ++ } ++ if (!sk_push(dso->meth_data, (char *)ptr)) { ++ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR); ++ goto err; ++ } ++ /* Success */ ++ dso->loaded_filename = filename; ++ return (1); ++ err: ++ /* Cleanup! */ ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ if (ptr != NULL) ++ dlclose(ptr); ++ return (0); + } + + static int dlfcn_unload(DSO *dso) +- { +- void *ptr; +- if(dso == NULL) +- { +- DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- if(sk_num(dso->meth_data) < 1) +- return(1); +- ptr = (void *)sk_pop(dso->meth_data); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE); +- /* Should push the value back onto the stack in +- * case of a retry. */ +- sk_push(dso->meth_data, (char *)ptr); +- return(0); +- } +- /* For now I'm not aware of any errors associated with dlclose() */ +- dlclose(ptr); +- return(1); +- } ++{ ++ void *ptr; ++ if (dso == NULL) { ++ DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (sk_num(dso->meth_data) < 1) ++ return (1); ++ ptr = (void *)sk_pop(dso->meth_data); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE); ++ /* ++ * Should push the value back onto the stack in case of a retry. ++ */ ++ sk_push(dso->meth_data, (char *)ptr); ++ return (0); ++ } ++ /* For now I'm not aware of any errors associated with dlclose() */ ++ dlclose(ptr); ++ return (1); ++} + + static void *dlfcn_bind_var(DSO *dso, const char *symname) +- { +- void *ptr, *sym; ++{ ++ void *ptr, *sym; + +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR); +- return(NULL); +- } +- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE); +- return(NULL); +- } +- sym = dlsym(ptr, symname); +- if(sym == NULL) +- { +- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE); +- ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); +- return(NULL); +- } +- return(sym); +- } ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ sym = dlsym(ptr, symname); ++ if (sym == NULL) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); ++ return (NULL); ++ } ++ return (sym); ++} + + static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) +- { +- void *ptr; +- union { +- DSO_FUNC_TYPE sym; +- void *dlret; +- } u; ++{ ++ void *ptr; ++ union { ++ DSO_FUNC_TYPE sym; ++ void *dlret; ++ } u; + +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR); +- return(NULL); +- } +- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); +- return(NULL); +- } +- u.dlret = dlsym(ptr, symname); +- if(u.dlret == NULL) +- { +- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); +- ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); +- return(NULL); +- } +- return u.sym; +- } ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ u.dlret = dlsym(ptr, symname); ++ if (u.dlret == NULL) { ++ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); ++ return (NULL); ++ } ++ return u.sym; ++} + + static char *dlfcn_merger(DSO *dso, const char *filespec1, +- const char *filespec2) +- { +- char *merged; +- +- if(!filespec1 && !filespec2) +- { +- DSOerr(DSO_F_DLFCN_MERGER, +- ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- /* If the first file specification is a rooted path, it rules. +- same goes if the second file specification is missing. */ +- if (!filespec2 || filespec1[0] == '/') +- { +- merged = OPENSSL_malloc(strlen(filespec1) + 1); +- if(!merged) +- { +- DSOerr(DSO_F_DLFCN_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec1); +- } +- /* If the first file specification is missing, the second one rules. */ +- else if (!filespec1) +- { +- merged = OPENSSL_malloc(strlen(filespec2) + 1); +- if(!merged) +- { +- DSOerr(DSO_F_DLFCN_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec2); +- } +- else +- /* This part isn't as trivial as it looks. It assumes that +- the second file specification really is a directory, and +- makes no checks whatsoever. Therefore, the result becomes +- the concatenation of filespec2 followed by a slash followed +- by filespec1. */ +- { +- int spec2len, len; ++ const char *filespec2) ++{ ++ char *merged; + +- spec2len = (filespec2 ? strlen(filespec2) : 0); +- len = spec2len + (filespec1 ? strlen(filespec1) : 0); ++ if (!filespec1 && !filespec2) { ++ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ /* ++ * If the first file specification is a rooted path, it rules. same goes ++ * if the second file specification is missing. ++ */ ++ if (!filespec2 || filespec1[0] == '/') { ++ merged = OPENSSL_malloc(strlen(filespec1) + 1); ++ if (!merged) { ++ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec1); ++ } ++ /* ++ * If the first file specification is missing, the second one rules. ++ */ ++ else if (!filespec1) { ++ merged = OPENSSL_malloc(strlen(filespec2) + 1); ++ if (!merged) { ++ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec2); ++ } else ++ /* ++ * This part isn't as trivial as it looks. It assumes that the ++ * second file specification really is a directory, and makes no ++ * checks whatsoever. Therefore, the result becomes the ++ * concatenation of filespec2 followed by a slash followed by ++ * filespec1. ++ */ ++ { ++ int spec2len, len; + +- if(filespec2 && filespec2[spec2len - 1] == '/') +- { +- spec2len--; +- len--; +- } +- merged = OPENSSL_malloc(len + 2); +- if(!merged) +- { +- DSOerr(DSO_F_DLFCN_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec2); +- merged[spec2len] = '/'; +- strcpy(&merged[spec2len + 1], filespec1); +- } +- return(merged); +- } ++ spec2len = (filespec2 ? strlen(filespec2) : 0); ++ len = spec2len + (filespec1 ? strlen(filespec1) : 0); + +-#ifdef OPENSSL_SYS_MACOSX +-#define DSO_ext ".dylib" +-#define DSO_extlen 6 +-#else +-#define DSO_ext ".so" +-#define DSO_extlen 3 +-#endif ++ if (filespec2 && filespec2[spec2len - 1] == '/') { ++ spec2len--; ++ len--; ++ } ++ merged = OPENSSL_malloc(len + 2); ++ if (!merged) { ++ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec2); ++ merged[spec2len] = '/'; ++ strcpy(&merged[spec2len + 1], filespec1); ++ } ++ return (merged); ++} + ++# ifdef OPENSSL_SYS_MACOSX ++# define DSO_ext ".dylib" ++# define DSO_extlen 6 ++# else ++# define DSO_ext ".so" ++# define DSO_extlen 3 ++# endif + + static char *dlfcn_name_converter(DSO *dso, const char *filename) +- { +- char *translated; +- int len, rsize, transform; ++{ ++ char *translated; ++ int len, rsize, transform; + +- len = strlen(filename); +- rsize = len + 1; +- transform = (strstr(filename, "/") == NULL); +- if(transform) +- { +- /* We will convert this to "%s.so" or "lib%s.so" etc */ +- rsize += DSO_extlen; /* The length of ".so" */ +- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) +- rsize += 3; /* The length of "lib" */ +- } +- translated = OPENSSL_malloc(rsize); +- if(translated == NULL) +- { +- DSOerr(DSO_F_DLFCN_NAME_CONVERTER, +- DSO_R_NAME_TRANSLATION_FAILED); +- return(NULL); +- } +- if(transform) +- { +- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) +- sprintf(translated, "lib%s" DSO_ext, filename); +- else +- sprintf(translated, "%s" DSO_ext, filename); +- } +- else +- sprintf(translated, "%s", filename); +- return(translated); +- } ++ len = strlen(filename); ++ rsize = len + 1; ++ transform = (strstr(filename, "/") == NULL); ++ if (transform) { ++ /* We will convert this to "%s.so" or "lib%s.so" etc */ ++ rsize += DSO_extlen; /* The length of ".so" */ ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ rsize += 3; /* The length of "lib" */ ++ } ++ translated = OPENSSL_malloc(rsize); ++ if (translated == NULL) { ++ DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); ++ return (NULL); ++ } ++ if (transform) { ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ sprintf(translated, "lib%s" DSO_ext, filename); ++ else ++ sprintf(translated, "%s" DSO_ext, filename); ++ } else ++ sprintf(translated, "%s", filename); ++ return (translated); ++} + +-#endif /* DSO_DLFCN */ ++#endif /* DSO_DLFCN */ +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +index a8b0a21..7a1927e 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_err.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,83 +66,81 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) + +-static ERR_STRING_DATA DSO_str_functs[]= +- { +-{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, +-{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, +-{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, +-{ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, +-{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, +-{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, +-{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, +-{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, +-{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, +-{ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, +-{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, +-{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, +-{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, +-{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, +-{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, +-{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, +-{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, +-{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, +-{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, +-{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, +-{ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, +-{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, +-{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, +-{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, +-{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, +-{ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, +-{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, +-{ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, +-{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, +-{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, +-{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, +-{ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, +-{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, +-{ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, +-{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, +-{ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, +-{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA DSO_str_functs[] = { ++ {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, ++ {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, ++ {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, ++ {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, ++ {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, ++ {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, ++ {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, ++ {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, ++ {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, ++ {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, ++ {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, ++ {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, ++ {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, ++ {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, ++ {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, ++ {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, ++ {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, ++ {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, ++ {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, ++ {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, ++ {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, ++ {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, ++ {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, ++ {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, ++ {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, ++ {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, ++ {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, ++ {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA DSO_str_reasons[]= +- { +-{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"}, +-{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"}, +-{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE) ,"empty file structure"}, +-{ERR_REASON(DSO_R_FAILURE) ,"failure"}, +-{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"}, +-{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"}, +-{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"}, +-{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"}, +-{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"}, +-{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"}, +-{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"}, +-{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"}, +-{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"}, +-{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"}, +-{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"}, +-{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"}, +-{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA DSO_str_reasons[] = { ++ {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"}, ++ {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, ++ {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"}, ++ {ERR_REASON(DSO_R_FAILURE), "failure"}, ++ {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"}, ++ {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"}, ++ {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"}, ++ {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"}, ++ {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"}, ++ {ERR_REASON(DSO_R_NO_FILENAME), "no filename"}, ++ {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"}, ++ {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"}, ++ {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"}, ++ {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"}, ++ {ERR_REASON(DSO_R_SYM_FAILURE), ++ "could not bind to the requested symbol name"}, ++ {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"}, ++ {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_DSO_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,DSO_str_functs); +- ERR_load_strings(0,DSO_str_reasons); +- } ++ if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, DSO_str_functs); ++ ERR_load_strings(0, DSO_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +index 49bdd71..f158466 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +@@ -1,6 +1,7 @@ + /* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,403 +65,365 @@ + static DSO_METHOD *default_DSO_meth = NULL; + + DSO *DSO_new(void) +- { +- return(DSO_new_method(NULL)); +- } ++{ ++ return (DSO_new_method(NULL)); ++} + + void DSO_set_default_method(DSO_METHOD *meth) +- { +- default_DSO_meth = meth; +- } ++{ ++ default_DSO_meth = meth; ++} + + DSO_METHOD *DSO_get_default_method(void) +- { +- return(default_DSO_meth); +- } ++{ ++ return (default_DSO_meth); ++} + + DSO_METHOD *DSO_get_method(DSO *dso) +- { +- return(dso->meth); +- } ++{ ++ return (dso->meth); ++} + + DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth) +- { +- DSO_METHOD *mtmp; +- mtmp = dso->meth; +- dso->meth = meth; +- return(mtmp); +- } ++{ ++ DSO_METHOD *mtmp; ++ mtmp = dso->meth; ++ dso->meth = meth; ++ return (mtmp); ++} + + DSO *DSO_new_method(DSO_METHOD *meth) +- { +- DSO *ret; +- +- if(default_DSO_meth == NULL) +- /* We default to DSO_METH_openssl() which in turn defaults +- * to stealing the "best available" method. Will fallback +- * to DSO_METH_null() in the worst case. */ +- default_DSO_meth = DSO_METHOD_openssl(); +- ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); +- if(ret == NULL) +- { +- DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- memset(ret, 0, sizeof(DSO)); +- ret->meth_data = sk_new_null(); +- if(ret->meth_data == NULL) +- { +- /* sk_new doesn't generate any errors so we do */ +- DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- OPENSSL_free(ret); +- return(NULL); +- } +- if(meth == NULL) +- ret->meth = default_DSO_meth; +- else +- ret->meth = meth; +- ret->references = 1; +- if((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { +- OPENSSL_free(ret); +- ret=NULL; +- } +- return(ret); +- } ++{ ++ DSO *ret; ++ ++ if (default_DSO_meth == NULL) ++ /* ++ * We default to DSO_METH_openssl() which in turn defaults to ++ * stealing the "best available" method. Will fallback to ++ * DSO_METH_null() in the worst case. ++ */ ++ default_DSO_meth = DSO_METHOD_openssl(); ++ ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); ++ if (ret == NULL) { ++ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ memset(ret, 0, sizeof(DSO)); ++ ret->meth_data = sk_new_null(); ++ if (ret->meth_data == NULL) { ++ /* sk_new doesn't generate any errors so we do */ ++ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(ret); ++ return (NULL); ++ } ++ if (meth == NULL) ++ ret->meth = default_DSO_meth; ++ else ++ ret->meth = meth; ++ ret->references = 1; ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} + + int DSO_free(DSO *dso) +- { +- int i; +- +- if(dso == NULL) +- { +- DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- +- i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO); ++{ ++ int i; ++ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ ++ i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO); + #ifdef REF_PRINT +- REF_PRINT("DSO",dso); ++ REF_PRINT("DSO", dso); + #endif +- if(i > 0) return(1); ++ if (i > 0) ++ return (1); + #ifdef REF_CHECK +- if(i < 0) +- { +- fprintf(stderr,"DSO_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "DSO_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) +- { +- DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED); +- return(0); +- } +- +- if((dso->meth->finish != NULL) && !dso->meth->finish(dso)) +- { +- DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED); +- return(0); +- } +- +- sk_free(dso->meth_data); +- if(dso->filename != NULL) +- OPENSSL_free(dso->filename); +- if(dso->loaded_filename != NULL) +- OPENSSL_free(dso->loaded_filename); +- +- OPENSSL_free(dso); +- return(1); +- } ++ if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { ++ DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); ++ return (0); ++ } + +-int DSO_flags(DSO *dso) +- { +- return((dso == NULL) ? 0 : dso->flags); +- } ++ if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { ++ DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED); ++ return (0); ++ } + ++ sk_free(dso->meth_data); ++ if (dso->filename != NULL) ++ OPENSSL_free(dso->filename); ++ if (dso->loaded_filename != NULL) ++ OPENSSL_free(dso->loaded_filename); ++ ++ OPENSSL_free(dso); ++ return (1); ++} ++ ++int DSO_flags(DSO *dso) ++{ ++ return ((dso == NULL) ? 0 : dso->flags); ++} + + int DSO_up_ref(DSO *dso) +- { +- if (dso == NULL) +- { +- DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } + +- CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO); +- return(1); +- } ++ CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO); ++ return (1); ++} + + DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) +- { +- DSO *ret; +- int allocated = 0; +- +- if(dso == NULL) +- { +- ret = DSO_new_method(meth); +- if(ret == NULL) +- { +- DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- allocated = 1; +- /* Pass the provided flags to the new DSO object */ +- if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) +- { +- DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED); +- goto err; +- } +- } +- else +- ret = dso; +- /* Don't load if we're currently already loaded */ +- if(ret->filename != NULL) +- { +- DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED); +- goto err; +- } +- /* filename can only be NULL if we were passed a dso that already has +- * one set. */ +- if(filename != NULL) +- if(!DSO_set_filename(ret, filename)) +- { +- DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED); +- goto err; +- } +- filename = ret->filename; +- if(filename == NULL) +- { +- DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME); +- goto err; +- } +- if(ret->meth->dso_load == NULL) +- { +- DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED); +- goto err; +- } +- if(!ret->meth->dso_load(ret)) +- { +- DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED); +- goto err; +- } +- /* Load succeeded */ +- return(ret); +-err: +- if(allocated) +- DSO_free(ret); +- return(NULL); +- } ++{ ++ DSO *ret; ++ int allocated = 0; ++ ++ if (dso == NULL) { ++ ret = DSO_new_method(meth); ++ if (ret == NULL) { ++ DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ allocated = 1; ++ /* Pass the provided flags to the new DSO object */ ++ if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) { ++ DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED); ++ goto err; ++ } ++ } else ++ ret = dso; ++ /* Don't load if we're currently already loaded */ ++ if (ret->filename != NULL) { ++ DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED); ++ goto err; ++ } ++ /* ++ * filename can only be NULL if we were passed a dso that already has one ++ * set. ++ */ ++ if (filename != NULL) ++ if (!DSO_set_filename(ret, filename)) { ++ DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED); ++ goto err; ++ } ++ filename = ret->filename; ++ if (filename == NULL) { ++ DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++ if (ret->meth->dso_load == NULL) { ++ DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED); ++ goto err; ++ } ++ if (!ret->meth->dso_load(ret)) { ++ DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED); ++ goto err; ++ } ++ /* Load succeeded */ ++ return (ret); ++ err: ++ if (allocated) ++ DSO_free(ret); ++ return (NULL); ++} + + void *DSO_bind_var(DSO *dso, const char *symname) +- { +- void *ret = NULL; +- +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(dso->meth->dso_bind_var == NULL) +- { +- DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED); +- return(NULL); +- } +- if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) +- { +- DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE); +- return(NULL); +- } +- /* Success */ +- return(ret); +- } ++{ ++ void *ret = NULL; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (dso->meth->dso_bind_var == NULL) { ++ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED); ++ return (NULL); ++ } ++ if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) { ++ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE); ++ return (NULL); ++ } ++ /* Success */ ++ return (ret); ++} + + DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) +- { +- DSO_FUNC_TYPE ret = NULL; +- +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(dso->meth->dso_bind_func == NULL) +- { +- DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED); +- return(NULL); +- } +- if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) +- { +- DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE); +- return(NULL); +- } +- /* Success */ +- return(ret); +- } +- +-/* I don't really like these *_ctrl functions very much to be perfectly +- * honest. For one thing, I think I have to return a negative value for +- * any error because possible DSO_ctrl() commands may return values +- * such as "size"s that can legitimately be zero (making the standard +- * "if(DSO_cmd(...))" form that works almost everywhere else fail at +- * odd times. I'd prefer "output" values to be passed by reference and +- * the return value as success/failure like usual ... but we conform +- * when we must... :-) */ ++{ ++ DSO_FUNC_TYPE ret = NULL; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (dso->meth->dso_bind_func == NULL) { ++ DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED); ++ return (NULL); ++ } ++ if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) { ++ DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE); ++ return (NULL); ++ } ++ /* Success */ ++ return (ret); ++} ++ ++/* ++ * I don't really like these *_ctrl functions very much to be perfectly ++ * honest. For one thing, I think I have to return a negative value for any ++ * error because possible DSO_ctrl() commands may return values such as ++ * "size"s that can legitimately be zero (making the standard ++ * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd ++ * times. I'd prefer "output" values to be passed by reference and the return ++ * value as success/failure like usual ... but we conform when we must... :-) ++ */ + long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) +- { +- if(dso == NULL) +- { +- DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER); +- return(-1); +- } +- /* We should intercept certain generic commands and only pass control +- * to the method-specific ctrl() function if it's something we don't +- * handle. */ +- switch(cmd) +- { +- case DSO_CTRL_GET_FLAGS: +- return dso->flags; +- case DSO_CTRL_SET_FLAGS: +- dso->flags = (int)larg; +- return(0); +- case DSO_CTRL_OR_FLAGS: +- dso->flags |= (int)larg; +- return(0); +- default: +- break; +- } +- if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) +- { +- DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED); +- return(-1); +- } +- return(dso->meth->dso_ctrl(dso,cmd,larg,parg)); +- } ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER); ++ return (-1); ++ } ++ /* ++ * We should intercept certain generic commands and only pass control to ++ * the method-specific ctrl() function if it's something we don't handle. ++ */ ++ switch (cmd) { ++ case DSO_CTRL_GET_FLAGS: ++ return dso->flags; ++ case DSO_CTRL_SET_FLAGS: ++ dso->flags = (int)larg; ++ return (0); ++ case DSO_CTRL_OR_FLAGS: ++ dso->flags |= (int)larg; ++ return (0); ++ default: ++ break; ++ } ++ if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) { ++ DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED); ++ return (-1); ++ } ++ return (dso->meth->dso_ctrl(dso, cmd, larg, parg)); ++} + + int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, +- DSO_NAME_CONVERTER_FUNC *oldcb) +- { +- if(dso == NULL) +- { +- DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, +- ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- if(oldcb) +- *oldcb = dso->name_converter; +- dso->name_converter = cb; +- return(1); +- } ++ DSO_NAME_CONVERTER_FUNC *oldcb) ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (oldcb) ++ *oldcb = dso->name_converter; ++ dso->name_converter = cb; ++ return (1); ++} + + const char *DSO_get_filename(DSO *dso) +- { +- if(dso == NULL) +- { +- DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- return(dso->filename); +- } ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ return (dso->filename); ++} + + int DSO_set_filename(DSO *dso, const char *filename) +- { +- char *copied; +- +- if((dso == NULL) || (filename == NULL)) +- { +- DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- if(dso->loaded_filename) +- { +- DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED); +- return(0); +- } +- /* We'll duplicate filename */ +- copied = OPENSSL_malloc(strlen(filename) + 1); +- if(copied == NULL) +- { +- DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- BUF_strlcpy(copied, filename, strlen(filename) + 1); +- if(dso->filename) +- OPENSSL_free(dso->filename); +- dso->filename = copied; +- return(1); +- } ++{ ++ char *copied; ++ ++ if ((dso == NULL) || (filename == NULL)) { ++ DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (dso->loaded_filename) { ++ DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED); ++ return (0); ++ } ++ /* We'll duplicate filename */ ++ copied = OPENSSL_malloc(strlen(filename) + 1); ++ if (copied == NULL) { ++ DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ BUF_strlcpy(copied, filename, strlen(filename) + 1); ++ if (dso->filename) ++ OPENSSL_free(dso->filename); ++ dso->filename = copied; ++ return (1); ++} + + char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) +- { +- char *result = NULL; +- +- if(dso == NULL || filespec1 == NULL) +- { +- DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(filespec1 == NULL) +- filespec1 = dso->filename; +- if(filespec1 == NULL) +- { +- DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); +- return(NULL); +- } +- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) +- { +- if(dso->merger != NULL) +- result = dso->merger(dso, filespec1, filespec2); +- else if(dso->meth->dso_merger != NULL) +- result = dso->meth->dso_merger(dso, +- filespec1, filespec2); +- } +- return(result); +- } ++{ ++ char *result = NULL; ++ ++ if (dso == NULL || filespec1 == NULL) { ++ DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (filespec1 == NULL) ++ filespec1 = dso->filename; ++ if (filespec1 == NULL) { ++ DSOerr(DSO_F_DSO_MERGE, DSO_R_NO_FILE_SPECIFICATION); ++ return (NULL); ++ } ++ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { ++ if (dso->merger != NULL) ++ result = dso->merger(dso, filespec1, filespec2); ++ else if (dso->meth->dso_merger != NULL) ++ result = dso->meth->dso_merger(dso, filespec1, filespec2); ++ } ++ return (result); ++} + + char *DSO_convert_filename(DSO *dso, const char *filename) +- { +- char *result = NULL; +- +- if(dso == NULL) +- { +- DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(filename == NULL) +- filename = dso->filename; +- if(filename == NULL) +- { +- DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); +- return(NULL); +- } +- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) +- { +- if(dso->name_converter != NULL) +- result = dso->name_converter(dso, filename); +- else if(dso->meth->dso_name_converter != NULL) +- result = dso->meth->dso_name_converter(dso, filename); +- } +- if(result == NULL) +- { +- result = OPENSSL_malloc(strlen(filename) + 1); +- if(result == NULL) +- { +- DSOerr(DSO_F_DSO_CONVERT_FILENAME, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- BUF_strlcpy(result, filename, strlen(filename) + 1); +- } +- return(result); +- } ++{ ++ char *result = NULL; ++ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (filename == NULL) ++ filename = dso->filename; ++ if (filename == NULL) { ++ DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME); ++ return (NULL); ++ } ++ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { ++ if (dso->name_converter != NULL) ++ result = dso->name_converter(dso, filename); ++ else if (dso->meth->dso_name_converter != NULL) ++ result = dso->meth->dso_name_converter(dso, filename); ++ } ++ if (result == NULL) { ++ result = OPENSSL_malloc(strlen(filename) + 1); ++ if (result == NULL) { ++ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ BUF_strlcpy(result, filename, strlen(filename) + 1); ++ } ++ return (result); ++} + + const char *DSO_get_loaded_filename(DSO *dso) +- { +- if(dso == NULL) +- { +- DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, +- ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- return(dso->loaded_filename); +- } ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ return (dso->loaded_filename); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +index 4972984..3d11272 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_null.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +@@ -1,6 +1,7 @@ + /* dso_null.c */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,33 +57,34 @@ + * + */ + +-/* This "NULL" method is provided as the fallback for systems that have +- * no appropriate support for "shared-libraries". */ ++/* ++ * This "NULL" method is provided as the fallback for systems that have no ++ * appropriate support for "shared-libraries". ++ */ + + #include + #include "cryptlib.h" + #include + + static DSO_METHOD dso_meth_null = { +- "NULL shared library method", +- NULL, /* load */ +- NULL, /* unload */ +- NULL, /* bind_var */ +- NULL, /* bind_func */ ++ "NULL shared library method", ++ NULL, /* load */ ++ NULL, /* unload */ ++ NULL, /* bind_var */ ++ NULL, /* bind_func */ + /* For now, "unbind" doesn't exist */ + #if 0 +- NULL, /* unbind_var */ +- NULL, /* unbind_func */ ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ + #endif +- NULL, /* ctrl */ +- NULL, /* dso_name_converter */ +- NULL, /* dso_merger */ +- NULL, /* init */ +- NULL /* finish */ +- }; ++ NULL, /* ctrl */ ++ NULL, /* dso_name_converter */ ++ NULL, /* dso_merger */ ++ NULL, /* init */ ++ NULL /* finish */ ++}; + + DSO_METHOD *DSO_METHOD_null(void) +- { +- return(&dso_meth_null); +- } +- ++{ ++ return (&dso_meth_null); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +index a4395eb..27b7d55 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +@@ -1,6 +1,7 @@ + /* dso_openssl.c */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -63,19 +64,18 @@ + /* We just pinch the method from an appropriate "default" method. */ + + DSO_METHOD *DSO_METHOD_openssl(void) +- { ++{ + #ifdef DEF_DSO_METHOD +- return(DEF_DSO_METHOD()); ++ return (DEF_DSO_METHOD()); + #elif defined(DSO_DLFCN) +- return(DSO_METHOD_dlfcn()); ++ return (DSO_METHOD_dlfcn()); + #elif defined(DSO_DL) +- return(DSO_METHOD_dl()); ++ return (DSO_METHOD_dl()); + #elif defined(DSO_WIN32) +- return(DSO_METHOD_win32()); ++ return (DSO_METHOD_win32()); + #elif defined(DSO_VMS) +- return(DSO_METHOD_vms()); ++ return (DSO_METHOD_vms()); + #else +- return(DSO_METHOD_null()); ++ return (DSO_METHOD_null()); + #endif +- } +- ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +index 2c434ee..12e1db3 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +@@ -1,6 +1,7 @@ + /* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,443 +63,442 @@ + #include "cryptlib.h" + #include + #ifdef OPENSSL_SYS_VMS +-#pragma message disable DOLLARID +-#include +-#include +-#include +-#include +-#include ++# pragma message disable DOLLARID ++# include ++# include ++# include ++# include ++# include + #endif + + #ifndef OPENSSL_SYS_VMS + DSO_METHOD *DSO_METHOD_vms(void) +- { +- return NULL; +- } ++{ ++ return NULL; ++} + #else +-#pragma message disable DOLLARID ++# pragma message disable DOLLARID + + static int vms_load(DSO *dso); + static int vms_unload(DSO *dso); + static void *vms_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); +-#if 0 ++# if 0 + static int vms_unbind_var(DSO *dso, char *symname, void *symptr); + static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); + static int vms_init(DSO *dso); + static int vms_finish(DSO *dso); + static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); +-#endif ++# endif + static char *vms_name_converter(DSO *dso, const char *filename); + static char *vms_merger(DSO *dso, const char *filespec1, +- const char *filespec2); ++ const char *filespec2); + + static DSO_METHOD dso_meth_vms = { +- "OpenSSL 'VMS' shared library method", +- vms_load, +- NULL, /* unload */ +- vms_bind_var, +- vms_bind_func, ++ "OpenSSL 'VMS' shared library method", ++ vms_load, ++ NULL, /* unload */ ++ vms_bind_var, ++ vms_bind_func, + /* For now, "unbind" doesn't exist */ +-#if 0 +- NULL, /* unbind_var */ +- NULL, /* unbind_func */ +-#endif +- NULL, /* ctrl */ +- vms_name_converter, +- vms_merger, +- NULL, /* init */ +- NULL /* finish */ +- }; +- +-/* On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif ++ NULL, /* ctrl */ ++ vms_name_converter, ++ vms_merger, ++ NULL, /* init */ ++ NULL /* finish */ ++}; ++ ++/* ++ * On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends + * on the reference to the file name being the same for all calls regarding + * one shared image, so we'll just store it in an instance of the following + * structure and put a pointer to that instance in the meth_data stack. + */ +-typedef struct dso_internal_st +- { +- /* This should contain the name only, no directory, +- * no extension, nothing but a name. */ +- struct dsc$descriptor_s filename_dsc; +- char filename[FILENAME_MAX+1]; +- /* This contains whatever is not in filename, if needed. +- * Normally not defined. */ +- struct dsc$descriptor_s imagename_dsc; +- char imagename[FILENAME_MAX+1]; +- } DSO_VMS_INTERNAL; +- ++typedef struct dso_internal_st { ++ /* ++ * This should contain the name only, no directory, no extension, nothing ++ * but a name. ++ */ ++ struct dsc$descriptor_s filename_dsc; ++ char filename[FILENAME_MAX + 1]; ++ /* ++ * This contains whatever is not in filename, if needed. Normally not ++ * defined. ++ */ ++ struct dsc$descriptor_s imagename_dsc; ++ char imagename[FILENAME_MAX + 1]; ++} DSO_VMS_INTERNAL; + + DSO_METHOD *DSO_METHOD_vms(void) +- { +- return(&dso_meth_vms); +- } ++{ ++ return (&dso_meth_vms); ++} + + static int vms_load(DSO *dso) +- { +- void *ptr = NULL; +- /* See applicable comments in dso_dl.c */ +- char *filename = DSO_convert_filename(dso, NULL); +- DSO_VMS_INTERNAL *p; +- const char *sp1, *sp2; /* Search result */ +- +- if(filename == NULL) +- { +- DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME); +- goto err; +- } +- +- /* A file specification may look like this: +- * +- * node::dev:[dir-spec]name.type;ver +- * +- * or (for compatibility with TOPS-20): +- * +- * node::dev:name.type;ver +- * +- * and the dir-spec uses '.' as separator. Also, a dir-spec +- * may consist of several parts, with mixed use of [] and <>: +- * +- * [dir1.] +- * +- * We need to split the file specification into the name and +- * the rest (both before and after the name itself). +- */ +- /* Start with trying to find the end of a dir-spec, and save the +- position of the byte after in sp1 */ +- sp1 = strrchr(filename, ']'); +- sp2 = strrchr(filename, '>'); +- if (sp1 == NULL) sp1 = sp2; +- if (sp2 != NULL && sp2 > sp1) sp1 = sp2; +- if (sp1 == NULL) sp1 = strrchr(filename, ':'); +- if (sp1 == NULL) +- sp1 = filename; +- else +- sp1++; /* The byte after the found character */ +- /* Now, let's see if there's a type, and save the position in sp2 */ +- sp2 = strchr(sp1, '.'); +- /* If we found it, that's where we'll cut. Otherwise, look for a +- version number and save the position in sp2 */ +- if (sp2 == NULL) sp2 = strchr(sp1, ';'); +- /* If there was still nothing to find, set sp2 to point at the end of +- the string */ +- if (sp2 == NULL) sp2 = sp1 + strlen(sp1); +- +- /* Check that we won't get buffer overflows */ +- if (sp2 - sp1 > FILENAME_MAX +- || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) +- { +- DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG); +- goto err; +- } +- +- p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); +- if(p == NULL) +- { +- DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- strncpy(p->filename, sp1, sp2-sp1); +- p->filename[sp2-sp1] = '\0'; +- +- strncpy(p->imagename, filename, sp1-filename); +- p->imagename[sp1-filename] = '\0'; +- strcat(p->imagename, sp2); +- +- p->filename_dsc.dsc$w_length = strlen(p->filename); +- p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; +- p->filename_dsc.dsc$a_pointer = p->filename; +- p->imagename_dsc.dsc$w_length = strlen(p->imagename); +- p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; +- p->imagename_dsc.dsc$a_pointer = p->imagename; +- +- if(!sk_push(dso->meth_data, (char *)p)) +- { +- DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR); +- goto err; +- } +- +- /* Success (for now, we lie. We actually do not know...) */ +- dso->loaded_filename = filename; +- return(1); +-err: +- /* Cleanup! */ +- if(p != NULL) +- OPENSSL_free(p); +- if(filename != NULL) +- OPENSSL_free(filename); +- return(0); +- } +- +-/* Note that this doesn't actually unload the shared image, as there is no ++{ ++ void *ptr = NULL; ++ /* See applicable comments in dso_dl.c */ ++ char *filename = DSO_convert_filename(dso, NULL); ++ DSO_VMS_INTERNAL *p; ++ const char *sp1, *sp2; /* Search result */ ++ ++ if (filename == NULL) { ++ DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++ ++ /*- ++ * A file specification may look like this: ++ * ++ * node::dev:[dir-spec]name.type;ver ++ * ++ * or (for compatibility with TOPS-20): ++ * ++ * node::dev:name.type;ver ++ * ++ * and the dir-spec uses '.' as separator. Also, a dir-spec ++ * may consist of several parts, with mixed use of [] and <>: ++ * ++ * [dir1.] ++ * ++ * We need to split the file specification into the name and ++ * the rest (both before and after the name itself). ++ */ ++ /* ++ * Start with trying to find the end of a dir-spec, and save the position ++ * of the byte after in sp1 ++ */ ++ sp1 = strrchr(filename, ']'); ++ sp2 = strrchr(filename, '>'); ++ if (sp1 == NULL) ++ sp1 = sp2; ++ if (sp2 != NULL && sp2 > sp1) ++ sp1 = sp2; ++ if (sp1 == NULL) ++ sp1 = strrchr(filename, ':'); ++ if (sp1 == NULL) ++ sp1 = filename; ++ else ++ sp1++; /* The byte after the found character */ ++ /* Now, let's see if there's a type, and save the position in sp2 */ ++ sp2 = strchr(sp1, '.'); ++ /* ++ * If we found it, that's where we'll cut. Otherwise, look for a version ++ * number and save the position in sp2 ++ */ ++ if (sp2 == NULL) ++ sp2 = strchr(sp1, ';'); ++ /* ++ * If there was still nothing to find, set sp2 to point at the end of the ++ * string ++ */ ++ if (sp2 == NULL) ++ sp2 = sp1 + strlen(sp1); ++ ++ /* Check that we won't get buffer overflows */ ++ if (sp2 - sp1 > FILENAME_MAX ++ || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) { ++ DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG); ++ goto err; ++ } ++ ++ p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); ++ if (p == NULL) { ++ DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ strncpy(p->filename, sp1, sp2 - sp1); ++ p->filename[sp2 - sp1] = '\0'; ++ ++ strncpy(p->imagename, filename, sp1 - filename); ++ p->imagename[sp1 - filename] = '\0'; ++ strcat(p->imagename, sp2); ++ ++ p->filename_dsc.dsc$w_length = strlen(p->filename); ++ p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; ++ p->filename_dsc.dsc$a_pointer = p->filename; ++ p->imagename_dsc.dsc$w_length = strlen(p->imagename); ++ p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; ++ p->imagename_dsc.dsc$a_pointer = p->imagename; ++ ++ if (!sk_push(dso->meth_data, (char *)p)) { ++ DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR); ++ goto err; ++ } ++ ++ /* Success (for now, we lie. We actually do not know...) */ ++ dso->loaded_filename = filename; ++ return (1); ++ err: ++ /* Cleanup! */ ++ if (p != NULL) ++ OPENSSL_free(p); ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ return (0); ++} ++ ++/* ++ * Note that this doesn't actually unload the shared image, as there is no + * such thing in VMS. Next time it get loaded again, a new copy will + * actually be loaded. + */ + static int vms_unload(DSO *dso) +- { +- DSO_VMS_INTERNAL *p; +- if(dso == NULL) +- { +- DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- if(sk_num(dso->meth_data) < 1) +- return(1); +- p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); +- if(p == NULL) +- { +- DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE); +- return(0); +- } +- /* Cleanup */ +- OPENSSL_free(p); +- return(1); +- } +- +-/* We must do this in a separate function because of the way the exception +- handler works (it makes this function return */ ++{ ++ DSO_VMS_INTERNAL *p; ++ if (dso == NULL) { ++ DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (sk_num(dso->meth_data) < 1) ++ return (1); ++ p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); ++ if (p == NULL) { ++ DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE); ++ return (0); ++ } ++ /* Cleanup */ ++ OPENSSL_free(p); ++ return (1); ++} ++ ++/* ++ * We must do this in a separate function because of the way the exception ++ * handler works (it makes this function return ++ */ + static int do_find_symbol(DSO_VMS_INTERNAL *ptr, +- struct dsc$descriptor_s *symname_dsc, void **sym, +- unsigned long flags) +- { +- /* Make sure that signals are caught and returned instead of +- aborting the program. The exception handler gets unestablished +- automatically on return from this function. */ +- lib$establish(lib$sig_to_ret); +- +- if(ptr->imagename_dsc.dsc$w_length) +- return lib$find_image_symbol(&ptr->filename_dsc, +- symname_dsc, sym, +- &ptr->imagename_dsc, flags); +- else +- return lib$find_image_symbol(&ptr->filename_dsc, +- symname_dsc, sym, +- 0, flags); +- } ++ struct dsc$descriptor_s *symname_dsc, void **sym, ++ unsigned long flags) ++{ ++ /* ++ * Make sure that signals are caught and returned instead of aborting the ++ * program. The exception handler gets unestablished automatically on ++ * return from this function. ++ */ ++ lib$establish(lib$sig_to_ret); ++ ++ if (ptr->imagename_dsc.dsc$w_length) ++ return lib$find_image_symbol(&ptr->filename_dsc, ++ symname_dsc, sym, ++ &ptr->imagename_dsc, flags); ++ else ++ return lib$find_image_symbol(&ptr->filename_dsc, ++ symname_dsc, sym, 0, flags); ++} + + void vms_bind_sym(DSO *dso, const char *symname, void **sym) +- { +- DSO_VMS_INTERNAL *ptr; +- int status; +-#if 0 +- int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't +- defined in VMS older than 7.0 or so */ +-#else +- int flags = 0; +-#endif +- struct dsc$descriptor_s symname_dsc; +- *sym = NULL; +- +- symname_dsc.dsc$w_length = strlen(symname); +- symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- symname_dsc.dsc$b_class = DSC$K_CLASS_S; +- symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ +- +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER); +- return; +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR); +- return; +- } +- ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, +- sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE); +- return; +- } +- +- if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0; +- +- status = do_find_symbol(ptr, &symname_dsc, sym, flags); +- +- if(!$VMS_STATUS_SUCCESS(status)) +- { +- unsigned short length; +- char errstring[257]; +- struct dsc$descriptor_s errstring_dsc; +- +- errstring_dsc.dsc$w_length = sizeof(errstring); +- errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- errstring_dsc.dsc$b_class = DSC$K_CLASS_S; +- errstring_dsc.dsc$a_pointer = errstring; +- +- *sym = NULL; +- +- status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); +- +- if (!$VMS_STATUS_SUCCESS(status)) +- lib$signal(status); /* This is really bad. Abort! */ +- else +- { +- errstring[length] = '\0'; +- +- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE); +- if (ptr->imagename_dsc.dsc$w_length) +- ERR_add_error_data(9, +- "Symbol ", symname, +- " in ", ptr->filename, +- " (", ptr->imagename, ")", +- ": ", errstring); +- else +- ERR_add_error_data(6, +- "Symbol ", symname, +- " in ", ptr->filename, +- ": ", errstring); +- } +- return; +- } +- return; +- } ++{ ++ DSO_VMS_INTERNAL *ptr; ++ int status; ++# if 0 ++ int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't ++ * defined in VMS older than 7.0 or so */ ++# else ++ int flags = 0; ++# endif ++ struct dsc$descriptor_s symname_dsc; ++ *sym = NULL; ++ ++ symname_dsc.dsc$w_length = strlen(symname); ++ symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ symname_dsc.dsc$b_class = DSC$K_CLASS_S; ++ symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER); ++ return; ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR); ++ return; ++ } ++ ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, ++ sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE); ++ return; ++ } ++ ++ if (dso->flags & DSO_FLAG_UPCASE_SYMBOL) ++ flags = 0; ++ ++ status = do_find_symbol(ptr, &symname_dsc, sym, flags); ++ ++ if (!$VMS_STATUS_SUCCESS(status)) { ++ unsigned short length; ++ char errstring[257]; ++ struct dsc$descriptor_s errstring_dsc; ++ ++ errstring_dsc.dsc$w_length = sizeof(errstring); ++ errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ errstring_dsc.dsc$b_class = DSC$K_CLASS_S; ++ errstring_dsc.dsc$a_pointer = errstring; ++ ++ *sym = NULL; ++ ++ status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); ++ ++ if (!$VMS_STATUS_SUCCESS(status)) ++ lib$signal(status); /* This is really bad. Abort! */ ++ else { ++ errstring[length] = '\0'; ++ ++ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE); ++ if (ptr->imagename_dsc.dsc$w_length) ++ ERR_add_error_data(9, ++ "Symbol ", symname, ++ " in ", ptr->filename, ++ " (", ptr->imagename, ")", ++ ": ", errstring); ++ else ++ ERR_add_error_data(6, ++ "Symbol ", symname, ++ " in ", ptr->filename, ": ", errstring); ++ } ++ return; ++ } ++ return; ++} + + static void *vms_bind_var(DSO *dso, const char *symname) +- { +- void *sym = 0; +- vms_bind_sym(dso, symname, &sym); +- return sym; +- } ++{ ++ void *sym = 0; ++ vms_bind_sym(dso, symname, &sym); ++ return sym; ++} + + static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) +- { +- DSO_FUNC_TYPE sym = 0; +- vms_bind_sym(dso, symname, (void **)&sym); +- return sym; +- } +- +-static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2) +- { +- int status; +- int filespec1len, filespec2len; +- struct FAB fab; +-#ifdef NAML$C_MAXRSS +- struct NAML nam; +- char esa[NAML$C_MAXRSS]; +-#else +- struct NAM nam; +- char esa[NAM$C_MAXRSS]; +-#endif +- char *merged; +- +- if (!filespec1) filespec1 = ""; +- if (!filespec2) filespec2 = ""; +- filespec1len = strlen(filespec1); +- filespec2len = strlen(filespec2); ++{ ++ DSO_FUNC_TYPE sym = 0; ++ vms_bind_sym(dso, symname, (void **)&sym); ++ return sym; ++} + +- fab = cc$rms_fab; +-#ifdef NAML$C_MAXRSS +- nam = cc$rms_naml; +-#else +- nam = cc$rms_nam; +-#endif +- +- fab.fab$l_fna = (char *)filespec1; +- fab.fab$b_fns = filespec1len; +- fab.fab$l_dna = (char *)filespec2; +- fab.fab$b_dns = filespec2len; +-#ifdef NAML$C_MAXRSS +- if (filespec1len > NAM$C_MAXRSS) +- { +- fab.fab$l_fna = 0; +- fab.fab$b_fns = 0; +- nam.naml$l_long_filename = (char *)filespec1; +- nam.naml$l_long_filename_size = filespec1len; +- } +- if (filespec2len > NAM$C_MAXRSS) +- { +- fab.fab$l_dna = 0; +- fab.fab$b_dns = 0; +- nam.naml$l_long_defname = (char *)filespec2; +- nam.naml$l_long_defname_size = filespec2len; +- } +- nam.naml$l_esa = esa; +- nam.naml$b_ess = NAM$C_MAXRSS; +- nam.naml$l_long_expand = esa; +- nam.naml$l_long_expand_alloc = sizeof(esa); +- nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; +- nam.naml$v_no_short_upcase = 1; +- fab.fab$l_naml = &nam; +-#else +- nam.nam$l_esa = esa; +- nam.nam$b_ess = NAM$C_MAXRSS; +- nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; +- fab.fab$l_nam = &nam; +-#endif +- +- status = sys$parse(&fab, 0, 0); +- +- if(!$VMS_STATUS_SUCCESS(status)) +- { +- unsigned short length; +- char errstring[257]; +- struct dsc$descriptor_s errstring_dsc; +- +- errstring_dsc.dsc$w_length = sizeof(errstring); +- errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; +- errstring_dsc.dsc$b_class = DSC$K_CLASS_S; +- errstring_dsc.dsc$a_pointer = errstring; +- +- status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); +- +- if (!$VMS_STATUS_SUCCESS(status)) +- lib$signal(status); /* This is really bad. Abort! */ +- else +- { +- errstring[length] = '\0'; +- +- DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE); +- ERR_add_error_data(7, +- "filespec \"", filespec1, "\", ", +- "defaults \"", filespec2, "\": ", +- errstring); +- } +- return(NULL); +- } +-#ifdef NAML$C_MAXRSS +- if (nam.naml$l_long_expand_size) +- { +- merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); +- if(!merged) +- goto malloc_err; +- strncpy(merged, nam.naml$l_long_expand, +- nam.naml$l_long_expand_size); +- merged[nam.naml$l_long_expand_size] = '\0'; +- } +- else +- { +- merged = OPENSSL_malloc(nam.naml$b_esl + 1); +- if(!merged) +- goto malloc_err; +- strncpy(merged, nam.naml$l_esa, +- nam.naml$b_esl); +- merged[nam.naml$b_esl] = '\0'; +- } +-#else +- merged = OPENSSL_malloc(nam.nam$b_esl + 1); +- if(!merged) +- goto malloc_err; +- strncpy(merged, nam.nam$l_esa, +- nam.nam$b_esl); +- merged[nam.nam$b_esl] = '\0'; +-#endif +- return(merged); ++static char *vms_merger(DSO *dso, const char *filespec1, ++ const char *filespec2) ++{ ++ int status; ++ int filespec1len, filespec2len; ++ struct FAB fab; ++# ifdef NAML$C_MAXRSS ++ struct NAML nam; ++ char esa[NAML$C_MAXRSS]; ++# else ++ struct NAM nam; ++ char esa[NAM$C_MAXRSS]; ++# endif ++ char *merged; ++ ++ if (!filespec1) ++ filespec1 = ""; ++ if (!filespec2) ++ filespec2 = ""; ++ filespec1len = strlen(filespec1); ++ filespec2len = strlen(filespec2); ++ ++ fab = cc$rms_fab; ++# ifdef NAML$C_MAXRSS ++ nam = cc$rms_naml; ++# else ++ nam = cc$rms_nam; ++# endif ++ ++ fab.fab$l_fna = (char *)filespec1; ++ fab.fab$b_fns = filespec1len; ++ fab.fab$l_dna = (char *)filespec2; ++ fab.fab$b_dns = filespec2len; ++# ifdef NAML$C_MAXRSS ++ if (filespec1len > NAM$C_MAXRSS) { ++ fab.fab$l_fna = 0; ++ fab.fab$b_fns = 0; ++ nam.naml$l_long_filename = (char *)filespec1; ++ nam.naml$l_long_filename_size = filespec1len; ++ } ++ if (filespec2len > NAM$C_MAXRSS) { ++ fab.fab$l_dna = 0; ++ fab.fab$b_dns = 0; ++ nam.naml$l_long_defname = (char *)filespec2; ++ nam.naml$l_long_defname_size = filespec2len; ++ } ++ nam.naml$l_esa = esa; ++ nam.naml$b_ess = NAM$C_MAXRSS; ++ nam.naml$l_long_expand = esa; ++ nam.naml$l_long_expand_alloc = sizeof(esa); ++ nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD; ++ nam.naml$v_no_short_upcase = 1; ++ fab.fab$l_naml = &nam; ++# else ++ nam.nam$l_esa = esa; ++ nam.nam$b_ess = NAM$C_MAXRSS; ++ nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD; ++ fab.fab$l_nam = &nam; ++# endif ++ ++ status = sys$parse(&fab, 0, 0); ++ ++ if (!$VMS_STATUS_SUCCESS(status)) { ++ unsigned short length; ++ char errstring[257]; ++ struct dsc$descriptor_s errstring_dsc; ++ ++ errstring_dsc.dsc$w_length = sizeof(errstring); ++ errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; ++ errstring_dsc.dsc$b_class = DSC$K_CLASS_S; ++ errstring_dsc.dsc$a_pointer = errstring; ++ ++ status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); ++ ++ if (!$VMS_STATUS_SUCCESS(status)) ++ lib$signal(status); /* This is really bad. Abort! */ ++ else { ++ errstring[length] = '\0'; ++ ++ DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE); ++ ERR_add_error_data(7, ++ "filespec \"", filespec1, "\", ", ++ "defaults \"", filespec2, "\": ", errstring); ++ } ++ return (NULL); ++ } ++# ifdef NAML$C_MAXRSS ++ if (nam.naml$l_long_expand_size) { ++ merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1); ++ if (!merged) ++ goto malloc_err; ++ strncpy(merged, nam.naml$l_long_expand, nam.naml$l_long_expand_size); ++ merged[nam.naml$l_long_expand_size] = '\0'; ++ } else { ++ merged = OPENSSL_malloc(nam.naml$b_esl + 1); ++ if (!merged) ++ goto malloc_err; ++ strncpy(merged, nam.naml$l_esa, nam.naml$b_esl); ++ merged[nam.naml$b_esl] = '\0'; ++ } ++# else ++ merged = OPENSSL_malloc(nam.nam$b_esl + 1); ++ if (!merged) ++ goto malloc_err; ++ strncpy(merged, nam.nam$l_esa, nam.nam$b_esl); ++ merged[nam.nam$b_esl] = '\0'; ++# endif ++ return (merged); + malloc_err: +- DSOerr(DSO_F_VMS_MERGER, +- ERR_R_MALLOC_FAILURE); +- } ++ DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE); ++} + + static char *vms_name_converter(DSO *dso, const char *filename) +- { +- int len = strlen(filename); +- char *not_translated = OPENSSL_malloc(len+1); +- strcpy(not_translated,filename); +- return(not_translated); +- } +- +-#endif /* OPENSSL_SYS_VMS */ ++{ ++ int len = strlen(filename); ++ char *not_translated = OPENSSL_malloc(len + 1); ++ strcpy(not_translated, filename); ++ return (not_translated); ++} ++ ++#endif /* OPENSSL_SYS_VMS */ +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +index f340052..973e7eb 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +@@ -1,6 +1,7 @@ + /* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -63,601 +64,546 @@ + + #if !defined(DSO_WIN32) + DSO_METHOD *DSO_METHOD_win32(void) +- { +- return NULL; +- } ++{ ++ return NULL; ++} + #else + +-#ifdef _WIN32_WCE +-# if _WIN32_WCE < 300 +-static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName) +- { +- WCHAR lpProcNameW[64]; +- int i; +- +- for (i=0;lpProcName[i] && i<64;i++) +- lpProcNameW[i] = (WCHAR)lpProcName[i]; +- if (i==64) return NULL; +- lpProcNameW[i] = 0; +- +- return GetProcAddressW(hModule,lpProcNameW); +- } +-# endif +-# undef GetProcAddress +-# define GetProcAddress GetProcAddressA ++# ifdef _WIN32_WCE ++# if _WIN32_WCE < 300 ++static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName) ++{ ++ WCHAR lpProcNameW[64]; ++ int i; ++ ++ for (i = 0; lpProcName[i] && i < 64; i++) ++ lpProcNameW[i] = (WCHAR)lpProcName[i]; ++ if (i == 64) ++ return NULL; ++ lpProcNameW[i] = 0; ++ ++ return GetProcAddressW(hModule, lpProcNameW); ++} ++# endif ++# undef GetProcAddress ++# define GetProcAddress GetProcAddressA + + static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) +- { +- WCHAR *fnamw; +- size_t len_0=strlen(lpLibFileName)+1,i; +- +-#ifdef _MSC_VER +- fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR)); +-#else +- fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR)); +-#endif +- if (fnamw == NULL) return NULL; +- +-#if defined(_WIN32_WCE) && _WIN32_WCE>=101 +- if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0)) +-#endif +- for (i=0;i=101 ++ if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0)) ++# endif ++ for (i = 0; i < len_0; i++) ++ fnamw[i] = (WCHAR)lpLibFileName[i]; ++ ++ return LoadLibraryW(fnamw); ++} ++# endif + + /* Part of the hack in "win32_load" ... */ +-#define DSO_MAX_TRANSLATED_SIZE 256 ++# define DSO_MAX_TRANSLATED_SIZE 256 + + static int win32_load(DSO *dso); + static int win32_unload(DSO *dso); + static void *win32_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); +-#if 0 ++# if 0 + static int win32_unbind_var(DSO *dso, char *symname, void *symptr); + static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); + static int win32_init(DSO *dso); + static int win32_finish(DSO *dso); + static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); +-#endif ++# endif + static char *win32_name_converter(DSO *dso, const char *filename); + static char *win32_merger(DSO *dso, const char *filespec1, +- const char *filespec2); ++ const char *filespec2); + + static const char *openssl_strnchr(const char *string, int c, size_t len); + + static DSO_METHOD dso_meth_win32 = { +- "OpenSSL 'win32' shared library method", +- win32_load, +- win32_unload, +- win32_bind_var, +- win32_bind_func, ++ "OpenSSL 'win32' shared library method", ++ win32_load, ++ win32_unload, ++ win32_bind_var, ++ win32_bind_func, + /* For now, "unbind" doesn't exist */ +-#if 0 +- NULL, /* unbind_var */ +- NULL, /* unbind_func */ +-#endif +- NULL, /* ctrl */ +- win32_name_converter, +- win32_merger, +- NULL, /* init */ +- NULL /* finish */ +- }; ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif ++ NULL, /* ctrl */ ++ win32_name_converter, ++ win32_merger, ++ NULL, /* init */ ++ NULL /* finish */ ++}; + + DSO_METHOD *DSO_METHOD_win32(void) +- { +- return(&dso_meth_win32); +- } ++{ ++ return (&dso_meth_win32); ++} + +-/* For this DSO_METHOD, our meth_data STACK will contain; +- * (i) a pointer to the handle (HINSTANCE) returned from +- * LoadLibrary(), and copied. ++/* ++ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to ++ * the handle (HINSTANCE) returned from LoadLibrary(), and copied. + */ + + static int win32_load(DSO *dso) +- { +- HINSTANCE h = NULL, *p = NULL; +- /* See applicable comments from dso_dl.c */ +- char *filename = DSO_convert_filename(dso, NULL); +- +- if(filename == NULL) +- { +- DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME); +- goto err; +- } +- h = LoadLibraryA(filename); +- if(h == NULL) +- { +- DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED); +- ERR_add_error_data(3, "filename(", filename, ")"); +- goto err; +- } +- p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE)); +- if(p == NULL) +- { +- DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- *p = h; +- if(!sk_push(dso->meth_data, (char *)p)) +- { +- DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR); +- goto err; +- } +- /* Success */ +- dso->loaded_filename = filename; +- return(1); +-err: +- /* Cleanup !*/ +- if(filename != NULL) +- OPENSSL_free(filename); +- if(p != NULL) +- OPENSSL_free(p); +- if(h != NULL) +- FreeLibrary(h); +- return(0); +- } ++{ ++ HINSTANCE h = NULL, *p = NULL; ++ /* See applicable comments from dso_dl.c */ ++ char *filename = DSO_convert_filename(dso, NULL); ++ ++ if (filename == NULL) { ++ DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++ h = LoadLibraryA(filename); ++ if (h == NULL) { ++ DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED); ++ ERR_add_error_data(3, "filename(", filename, ")"); ++ goto err; ++ } ++ p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE)); ++ if (p == NULL) { ++ DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ *p = h; ++ if (!sk_push(dso->meth_data, (char *)p)) { ++ DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR); ++ goto err; ++ } ++ /* Success */ ++ dso->loaded_filename = filename; ++ return (1); ++ err: ++ /* Cleanup ! */ ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ if (p != NULL) ++ OPENSSL_free(p); ++ if (h != NULL) ++ FreeLibrary(h); ++ return (0); ++} + + static int win32_unload(DSO *dso) +- { +- HINSTANCE *p; +- if(dso == NULL) +- { +- DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- if(sk_num(dso->meth_data) < 1) +- return(1); +- p = (HINSTANCE *)sk_pop(dso->meth_data); +- if(p == NULL) +- { +- DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE); +- return(0); +- } +- if(!FreeLibrary(*p)) +- { +- DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED); +- /* We should push the value back onto the stack in +- * case of a retry. */ +- sk_push(dso->meth_data, (char *)p); +- return(0); +- } +- /* Cleanup */ +- OPENSSL_free(p); +- return(1); +- } +- +-/* Using GetProcAddress for variables? TODO: Check this out in +- * the Win32 API docs, there's probably a variant for variables. */ ++{ ++ HINSTANCE *p; ++ if (dso == NULL) { ++ DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (sk_num(dso->meth_data) < 1) ++ return (1); ++ p = (HINSTANCE *) sk_pop(dso->meth_data); ++ if (p == NULL) { ++ DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE); ++ return (0); ++ } ++ if (!FreeLibrary(*p)) { ++ DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED); ++ /* ++ * We should push the value back onto the stack in case of a retry. ++ */ ++ sk_push(dso->meth_data, (char *)p); ++ return (0); ++ } ++ /* Cleanup */ ++ OPENSSL_free(p); ++ return (1); ++} ++ ++/* ++ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API ++ * docs, there's probably a variant for variables. ++ */ + static void *win32_bind_var(DSO *dso, const char *symname) +- { +- HINSTANCE *ptr; +- void *sym; +- +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR); +- return(NULL); +- } +- ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE); +- return(NULL); +- } +- sym = GetProcAddress(*ptr, symname); +- if(sym == NULL) +- { +- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE); +- ERR_add_error_data(3, "symname(", symname, ")"); +- return(NULL); +- } +- return(sym); +- } ++{ ++ HINSTANCE *ptr; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ sym = GetProcAddress(*ptr, symname); ++ if (sym == NULL) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return (sym); ++} + + static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) +- { +- HINSTANCE *ptr; +- void *sym; +- +- if((dso == NULL) || (symname == NULL)) +- { +- DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(sk_num(dso->meth_data) < 1) +- { +- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR); +- return(NULL); +- } +- ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); +- if(ptr == NULL) +- { +- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE); +- return(NULL); +- } +- sym = GetProcAddress(*ptr, symname); +- if(sym == NULL) +- { +- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE); +- ERR_add_error_data(3, "symname(", symname, ")"); +- return(NULL); +- } +- return((DSO_FUNC_TYPE)sym); +- } +- +-struct file_st +- { +- const char *node; int nodelen; +- const char *device; int devicelen; +- const char *predir; int predirlen; +- const char *dir; int dirlen; +- const char *file; int filelen; +- }; ++{ ++ HINSTANCE *ptr; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ sym = GetProcAddress(*ptr, symname); ++ if (sym == NULL) { ++ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return ((DSO_FUNC_TYPE)sym); ++} ++ ++struct file_st { ++ const char *node; ++ int nodelen; ++ const char *device; ++ int devicelen; ++ const char *predir; ++ int predirlen; ++ const char *dir; ++ int dirlen; ++ const char *file; ++ int filelen; ++}; + + static struct file_st *win32_splitter(DSO *dso, const char *filename, +- int assume_last_is_dir) +- { +- struct file_st *result = NULL; +- enum { IN_NODE, IN_DEVICE, IN_FILE } position; +- const char *start = filename; +- char last; +- +- if (!filename) +- { +- DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME); +- /*goto err;*/ +- return(NULL); +- } +- +- result = OPENSSL_malloc(sizeof(struct file_st)); +- if(result == NULL) +- { +- DSOerr(DSO_F_WIN32_SPLITTER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- +- memset(result, 0, sizeof(struct file_st)); +- position = IN_DEVICE; +- +- if((filename[0] == '\\' && filename[1] == '\\') +- || (filename[0] == '/' && filename[1] == '/')) +- { +- position = IN_NODE; +- filename += 2; +- start = filename; +- result->node = start; +- } +- +- do +- { +- last = filename[0]; +- switch(last) +- { +- case ':': +- if(position != IN_DEVICE) +- { +- DSOerr(DSO_F_WIN32_SPLITTER, +- DSO_R_INCORRECT_FILE_SYNTAX); +- /*goto err;*/ +- OPENSSL_free(result); +- return(NULL); +- } +- result->device = start; +- result->devicelen = filename - start; +- position = IN_FILE; +- start = ++filename; +- result->dir = start; +- break; +- case '\\': +- case '/': +- if(position == IN_NODE) +- { +- result->nodelen = filename - start; +- position = IN_FILE; +- start = ++filename; +- result->dir = start; +- } +- else if(position == IN_DEVICE) +- { +- position = IN_FILE; +- filename++; +- result->dir = start; +- result->dirlen = filename - start; +- start = filename; +- } +- else +- { +- filename++; +- result->dirlen += filename - start; +- start = filename; +- } +- break; +- case '\0': +- if(position == IN_NODE) +- { +- result->nodelen = filename - start; +- } +- else +- { +- if(filename - start > 0) +- { +- if (assume_last_is_dir) +- { +- if (position == IN_DEVICE) +- { +- result->dir = start; +- result->dirlen = 0; +- } +- result->dirlen += +- filename - start; +- } +- else +- { +- result->file = start; +- result->filelen = +- filename - start; +- } +- } +- } +- break; +- default: +- filename++; +- break; +- } +- } +- while(last); +- +- if(!result->nodelen) result->node = NULL; +- if(!result->devicelen) result->device = NULL; +- if(!result->dirlen) result->dir = NULL; +- if(!result->filelen) result->file = NULL; +- +- return(result); +- } ++ int assume_last_is_dir) ++{ ++ struct file_st *result = NULL; ++ enum { IN_NODE, IN_DEVICE, IN_FILE } position; ++ const char *start = filename; ++ char last; ++ ++ if (!filename) { ++ DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME); ++ /* ++ * goto err; ++ */ ++ return (NULL); ++ } ++ ++ result = OPENSSL_malloc(sizeof(struct file_st)); ++ if (result == NULL) { ++ DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ++ memset(result, 0, sizeof(struct file_st)); ++ position = IN_DEVICE; ++ ++ if ((filename[0] == '\\' && filename[1] == '\\') ++ || (filename[0] == '/' && filename[1] == '/')) { ++ position = IN_NODE; ++ filename += 2; ++ start = filename; ++ result->node = start; ++ } ++ ++ do { ++ last = filename[0]; ++ switch (last) { ++ case ':': ++ if (position != IN_DEVICE) { ++ DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX); ++ /* ++ * goto err; ++ */ ++ OPENSSL_free(result); ++ return (NULL); ++ } ++ result->device = start; ++ result->devicelen = filename - start; ++ position = IN_FILE; ++ start = ++filename; ++ result->dir = start; ++ break; ++ case '\\': ++ case '/': ++ if (position == IN_NODE) { ++ result->nodelen = filename - start; ++ position = IN_FILE; ++ start = ++filename; ++ result->dir = start; ++ } else if (position == IN_DEVICE) { ++ position = IN_FILE; ++ filename++; ++ result->dir = start; ++ result->dirlen = filename - start; ++ start = filename; ++ } else { ++ filename++; ++ result->dirlen += filename - start; ++ start = filename; ++ } ++ break; ++ case '\0': ++ if (position == IN_NODE) { ++ result->nodelen = filename - start; ++ } else { ++ if (filename - start > 0) { ++ if (assume_last_is_dir) { ++ if (position == IN_DEVICE) { ++ result->dir = start; ++ result->dirlen = 0; ++ } ++ result->dirlen += filename - start; ++ } else { ++ result->file = start; ++ result->filelen = filename - start; ++ } ++ } ++ } ++ break; ++ default: ++ filename++; ++ break; ++ } ++ } ++ while (last); ++ ++ if (!result->nodelen) ++ result->node = NULL; ++ if (!result->devicelen) ++ result->device = NULL; ++ if (!result->dirlen) ++ result->dir = NULL; ++ if (!result->filelen) ++ result->file = NULL; ++ ++ return (result); ++} + + static char *win32_joiner(DSO *dso, const struct file_st *file_split) +- { +- int len = 0, offset = 0; +- char *result = NULL; +- const char *start; +- +- if(!file_split) +- { +- DSOerr(DSO_F_WIN32_JOINER, +- ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if(file_split->node) +- { +- len += 2 + file_split->nodelen; /* 2 for starting \\ */ +- if(file_split->predir || file_split->dir || file_split->file) +- len++; /* 1 for ending \ */ +- } +- else if(file_split->device) +- { +- len += file_split->devicelen + 1; /* 1 for ending : */ +- } +- len += file_split->predirlen; +- if(file_split->predir && (file_split->dir || file_split->file)) +- { +- len++; /* 1 for ending \ */ +- } +- len += file_split->dirlen; +- if(file_split->dir && file_split->file) +- { +- len++; /* 1 for ending \ */ +- } +- len += file_split->filelen; +- +- if(!len) +- { +- DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE); +- return(NULL); +- } +- +- result = OPENSSL_malloc(len + 1); +- if (!result) +- { +- DSOerr(DSO_F_WIN32_JOINER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- +- if(file_split->node) +- { +- strcpy(&result[offset], "\\\\"); offset += 2; +- strncpy(&result[offset], file_split->node, +- file_split->nodelen); offset += file_split->nodelen; +- if(file_split->predir || file_split->dir || file_split->file) +- { +- result[offset] = '\\'; offset++; +- } +- } +- else if(file_split->device) +- { +- strncpy(&result[offset], file_split->device, +- file_split->devicelen); offset += file_split->devicelen; +- result[offset] = ':'; offset++; +- } +- start = file_split->predir; +- while(file_split->predirlen > (start - file_split->predir)) +- { +- const char *end = openssl_strnchr(start, '/', +- file_split->predirlen - (start - file_split->predir)); +- if(!end) +- end = start +- + file_split->predirlen +- - (start - file_split->predir); +- strncpy(&result[offset], start, +- end - start); offset += end - start; +- result[offset] = '\\'; offset++; +- start = end + 1; +- } +-#if 0 /* Not needed, since the directory converter above already appeneded +- a backslash */ +- if(file_split->predir && (file_split->dir || file_split->file)) +- { +- result[offset] = '\\'; offset++; +- } +-#endif +- start = file_split->dir; +- while(file_split->dirlen > (start - file_split->dir)) +- { +- const char *end = openssl_strnchr(start, '/', +- file_split->dirlen - (start - file_split->dir)); +- if(!end) +- end = start +- + file_split->dirlen +- - (start - file_split->dir); +- strncpy(&result[offset], start, +- end - start); offset += end - start; +- result[offset] = '\\'; offset++; +- start = end + 1; +- } +-#if 0 /* Not needed, since the directory converter above already appeneded +- a backslash */ +- if(file_split->dir && file_split->file) +- { +- result[offset] = '\\'; offset++; +- } +-#endif +- strncpy(&result[offset], file_split->file, +- file_split->filelen); offset += file_split->filelen; +- result[offset] = '\0'; +- return(result); +- } +- +-static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2) +- { +- char *merged = NULL; +- struct file_st *filespec1_split = NULL; +- struct file_st *filespec2_split = NULL; +- +- if(!filespec1 && !filespec2) +- { +- DSOerr(DSO_F_WIN32_MERGER, +- ERR_R_PASSED_NULL_PARAMETER); +- return(NULL); +- } +- if (!filespec2) +- { +- merged = OPENSSL_malloc(strlen(filespec1) + 1); +- if(!merged) +- { +- DSOerr(DSO_F_WIN32_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec1); +- } +- else if (!filespec1) +- { +- merged = OPENSSL_malloc(strlen(filespec2) + 1); +- if(!merged) +- { +- DSOerr(DSO_F_WIN32_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- strcpy(merged, filespec2); +- } +- else +- { +- filespec1_split = win32_splitter(dso, filespec1, 0); +- if (!filespec1_split) +- { +- DSOerr(DSO_F_WIN32_MERGER, +- ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- filespec2_split = win32_splitter(dso, filespec2, 1); +- if (!filespec2_split) +- { +- DSOerr(DSO_F_WIN32_MERGER, +- ERR_R_MALLOC_FAILURE); +- OPENSSL_free(filespec1_split); +- return(NULL); +- } +- +- /* Fill in into filespec1_split */ +- if (!filespec1_split->node && !filespec1_split->device) +- { +- filespec1_split->node = filespec2_split->node; +- filespec1_split->nodelen = filespec2_split->nodelen; +- filespec1_split->device = filespec2_split->device; +- filespec1_split->devicelen = filespec2_split->devicelen; +- } +- if (!filespec1_split->dir) +- { +- filespec1_split->dir = filespec2_split->dir; +- filespec1_split->dirlen = filespec2_split->dirlen; +- } +- else if (filespec1_split->dir[0] != '\\' +- && filespec1_split->dir[0] != '/') +- { +- filespec1_split->predir = filespec2_split->dir; +- filespec1_split->predirlen = filespec2_split->dirlen; +- } +- if (!filespec1_split->file) +- { +- filespec1_split->file = filespec2_split->file; +- filespec1_split->filelen = filespec2_split->filelen; +- } +- +- merged = win32_joiner(dso, filespec1_split); +- } +- OPENSSL_free(filespec1_split); +- OPENSSL_free(filespec2_split); +- return(merged); +- } ++{ ++ int len = 0, offset = 0; ++ char *result = NULL; ++ const char *start; ++ ++ if (!file_split) { ++ DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (file_split->node) { ++ len += 2 + file_split->nodelen; /* 2 for starting \\ */ ++ if (file_split->predir || file_split->dir || file_split->file) ++ len++; /* 1 for ending \ */ ++ } else if (file_split->device) { ++ len += file_split->devicelen + 1; /* 1 for ending : */ ++ } ++ len += file_split->predirlen; ++ if (file_split->predir && (file_split->dir || file_split->file)) { ++ len++; /* 1 for ending \ */ ++ } ++ len += file_split->dirlen; ++ if (file_split->dir && file_split->file) { ++ len++; /* 1 for ending \ */ ++ } ++ len += file_split->filelen; ++ ++ if (!len) { ++ DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE); ++ return (NULL); ++ } ++ ++ result = OPENSSL_malloc(len + 1); ++ if (!result) { ++ DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ++ if (file_split->node) { ++ strcpy(&result[offset], "\\\\"); ++ offset += 2; ++ strncpy(&result[offset], file_split->node, file_split->nodelen); ++ offset += file_split->nodelen; ++ if (file_split->predir || file_split->dir || file_split->file) { ++ result[offset] = '\\'; ++ offset++; ++ } ++ } else if (file_split->device) { ++ strncpy(&result[offset], file_split->device, file_split->devicelen); ++ offset += file_split->devicelen; ++ result[offset] = ':'; ++ offset++; ++ } ++ start = file_split->predir; ++ while (file_split->predirlen > (start - file_split->predir)) { ++ const char *end = openssl_strnchr(start, '/', ++ file_split->predirlen - (start - ++ file_split->predir)); ++ if (!end) ++ end = start ++ + file_split->predirlen - (start - file_split->predir); ++ strncpy(&result[offset], start, end - start); ++ offset += end - start; ++ result[offset] = '\\'; ++ offset++; ++ start = end + 1; ++ } ++# if 0 /* Not needed, since the directory converter ++ * above already appeneded a backslash */ ++ if (file_split->predir && (file_split->dir || file_split->file)) { ++ result[offset] = '\\'; ++ offset++; ++ } ++# endif ++ start = file_split->dir; ++ while (file_split->dirlen > (start - file_split->dir)) { ++ const char *end = openssl_strnchr(start, '/', ++ file_split->dirlen - (start - ++ file_split->dir)); ++ if (!end) ++ end = start + file_split->dirlen - (start - file_split->dir); ++ strncpy(&result[offset], start, end - start); ++ offset += end - start; ++ result[offset] = '\\'; ++ offset++; ++ start = end + 1; ++ } ++# if 0 /* Not needed, since the directory converter ++ * above already appeneded a backslash */ ++ if (file_split->dir && file_split->file) { ++ result[offset] = '\\'; ++ offset++; ++ } ++# endif ++ strncpy(&result[offset], file_split->file, file_split->filelen); ++ offset += file_split->filelen; ++ result[offset] = '\0'; ++ return (result); ++} ++ ++static char *win32_merger(DSO *dso, const char *filespec1, ++ const char *filespec2) ++{ ++ char *merged = NULL; ++ struct file_st *filespec1_split = NULL; ++ struct file_st *filespec2_split = NULL; ++ ++ if (!filespec1 && !filespec2) { ++ DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (!filespec2) { ++ merged = OPENSSL_malloc(strlen(filespec1) + 1); ++ if (!merged) { ++ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec1); ++ } else if (!filespec1) { ++ merged = OPENSSL_malloc(strlen(filespec2) + 1); ++ if (!merged) { ++ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ strcpy(merged, filespec2); ++ } else { ++ filespec1_split = win32_splitter(dso, filespec1, 0); ++ if (!filespec1_split) { ++ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ filespec2_split = win32_splitter(dso, filespec2, 1); ++ if (!filespec2_split) { ++ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(filespec1_split); ++ return (NULL); ++ } ++ ++ /* Fill in into filespec1_split */ ++ if (!filespec1_split->node && !filespec1_split->device) { ++ filespec1_split->node = filespec2_split->node; ++ filespec1_split->nodelen = filespec2_split->nodelen; ++ filespec1_split->device = filespec2_split->device; ++ filespec1_split->devicelen = filespec2_split->devicelen; ++ } ++ if (!filespec1_split->dir) { ++ filespec1_split->dir = filespec2_split->dir; ++ filespec1_split->dirlen = filespec2_split->dirlen; ++ } else if (filespec1_split->dir[0] != '\\' ++ && filespec1_split->dir[0] != '/') { ++ filespec1_split->predir = filespec2_split->dir; ++ filespec1_split->predirlen = filespec2_split->dirlen; ++ } ++ if (!filespec1_split->file) { ++ filespec1_split->file = filespec2_split->file; ++ filespec1_split->filelen = filespec2_split->filelen; ++ } ++ ++ merged = win32_joiner(dso, filespec1_split); ++ } ++ OPENSSL_free(filespec1_split); ++ OPENSSL_free(filespec2_split); ++ return (merged); ++} + + static char *win32_name_converter(DSO *dso, const char *filename) +- { +- char *translated; +- int len, transform; +- +- len = strlen(filename); +- transform = ((strstr(filename, "/") == NULL) && +- (strstr(filename, "\\") == NULL) && +- (strstr(filename, ":") == NULL)); +- if(transform) +- /* We will convert this to "%s.dll" */ +- translated = OPENSSL_malloc(len + 5); +- else +- /* We will simply duplicate filename */ +- translated = OPENSSL_malloc(len + 1); +- if(translated == NULL) +- { +- DSOerr(DSO_F_WIN32_NAME_CONVERTER, +- DSO_R_NAME_TRANSLATION_FAILED); +- return(NULL); +- } +- if(transform) +- sprintf(translated, "%s.dll", filename); +- else +- sprintf(translated, "%s", filename); +- return(translated); +- } ++{ ++ char *translated; ++ int len, transform; ++ ++ len = strlen(filename); ++ transform = ((strstr(filename, "/") == NULL) && ++ (strstr(filename, "\\") == NULL) && ++ (strstr(filename, ":") == NULL)); ++ if (transform) ++ /* We will convert this to "%s.dll" */ ++ translated = OPENSSL_malloc(len + 5); ++ else ++ /* We will simply duplicate filename */ ++ translated = OPENSSL_malloc(len + 1); ++ if (translated == NULL) { ++ DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); ++ return (NULL); ++ } ++ if (transform) ++ sprintf(translated, "%s.dll", filename); ++ else ++ sprintf(translated, "%s", filename); ++ return (translated); ++} + + static const char *openssl_strnchr(const char *string, int c, size_t len) +- { +- size_t i; +- const char *p; +- for (i = 0, p = string; i < len && *p; i++, p++) +- { +- if (*p == c) +- return p; +- } +- return NULL; +- } +- +- +-#endif /* OPENSSL_SYS_WIN32 */ ++{ ++ size_t i; ++ const char *p; ++ for (i = 0, p = string; i < len && *p; i++, p++) { ++ if (*p == c) ++ return p; ++ } ++ return NULL; ++} ++ ++#endif /* OPENSSL_SYS_WIN32 */ +diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c +index 7f82c41..e91b9b7 100644 +--- a/Cryptlib/OpenSSL/crypto/dyn_lck.c ++++ b/Cryptlib/OpenSSL/crypto/dyn_lck.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,21 +58,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -87,10 +87,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -102,7 +102,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -110,7 +110,7 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +@@ -118,311 +118,305 @@ + #include + + #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ ++static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ + #endif + + DECLARE_STACK_OF(CRYPTO_dynlock) + IMPLEMENT_STACK_OF(CRYPTO_dynlock) + + /* real #defines in crypto.h, keep these upto date */ +-static const char* const lock_names[CRYPTO_NUM_LOCKS] = +- { +- "<>", +- "err", +- "ex_data", +- "x509", +- "x509_info", +- "x509_pkey", +- "x509_crl", +- "x509_req", +- "dsa", +- "rsa", +- "evp_pkey", +- "x509_store", +- "ssl_ctx", +- "ssl_cert", +- "ssl_session", +- "ssl_sess_cert", +- "ssl", +- "ssl_method", +- "rand", +- "rand2", +- "debug_malloc", +- "BIO", +- "gethostbyname", +- "getservbyname", +- "readdir", +- "RSA_blinding", +- "dh", +- "debug_malloc2", +- "dso", +- "dynlock", +- "engine", +- "ui", +- "ecdsa", +- "ec", +- "ecdh", +- "bn", +- "ec_pre_comp", +- "store", +- "comp", ++static const char *const lock_names[CRYPTO_NUM_LOCKS] = { ++ "<>", ++ "err", ++ "ex_data", ++ "x509", ++ "x509_info", ++ "x509_pkey", ++ "x509_crl", ++ "x509_req", ++ "dsa", ++ "rsa", ++ "evp_pkey", ++ "x509_store", ++ "ssl_ctx", ++ "ssl_cert", ++ "ssl_session", ++ "ssl_sess_cert", ++ "ssl", ++ "ssl_method", ++ "rand", ++ "rand2", ++ "debug_malloc", ++ "BIO", ++ "gethostbyname", ++ "getservbyname", ++ "readdir", ++ "RSA_blinding", ++ "dh", ++ "debug_malloc2", ++ "dso", ++ "dynlock", ++ "engine", ++ "ui", ++ "ecdsa", ++ "ec", ++ "ecdh", ++ "bn", ++ "ec_pre_comp", ++ "store", ++ "comp", + #ifndef OPENSSL_FIPS + # if CRYPTO_NUM_LOCKS != 39 + # error "Inconsistency between crypto.h and cryptlib.c" + # endif + #else +- "fips", +- "fips2", ++ "fips", ++ "fips2", + # if CRYPTO_NUM_LOCKS != 41 + # error "Inconsistency between crypto.h and cryptlib.c" + # endif + #endif +- }; +- +-/* This is for applications to allocate new type names in the non-dynamic +- array of lock names. These are numbered with positive numbers. */ +-static STACK *app_locks=NULL; ++}; + +-/* For applications that want a more dynamic way of handling threads, the +- following stack is used. These are externally numbered with negative +- numbers. */ +-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; ++/* ++ * This is for applications to allocate new type names in the non-dynamic ++ * array of lock names. These are numbered with positive numbers. ++ */ ++static STACK *app_locks = NULL; + ++/* ++ * For applications that want a more dynamic way of handling threads, the ++ * following stack is used. These are externally numbered with negative ++ * numbers. ++ */ ++static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; + + static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) +- (const char *file,int line)=NULL; +-static void (MS_FAR *dynlock_lock_callback)(int mode, +- struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; +-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, +- const char *file,int line)=NULL; ++ (const char *file, int line) = NULL; ++static void (MS_FAR *dynlock_lock_callback) (int mode, ++ struct CRYPTO_dynlock_value *l, ++ const char *file, int line) = ++ NULL; ++static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line) = NULL; + + int CRYPTO_get_new_lockid(char *name) +- { +- char *str; +- int i; ++{ ++ char *str; ++ int i; + + #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +- /* A hack to make Visual C++ 5.0 work correctly when linking as +- * a DLL using /MT. Without this, the application cannot use +- * and floating point printf's. +- * It also seems to be needed for Visual C 1.5 (win16) */ +- SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; ++ /* ++ * A hack to make Visual C++ 5.0 work correctly when linking as a DLL ++ * using /MT. Without this, the application cannot use and floating point ++ * printf's. It also seems to be needed for Visual C 1.5 (win16) ++ */ ++ SSLeay_MSVC5_hack = (double)name[0] * (double)name[1]; + #endif + +- if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) +- { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- if ((str=BUF_strdup(name)) == NULL) +- { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- i=sk_push(app_locks,str); +- if (!i) +- OPENSSL_free(str); +- else +- i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ +- return(i); +- } ++ if ((app_locks == NULL) && ((app_locks = sk_new_null()) == NULL)) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ if ((str = BUF_strdup(name)) == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ i = sk_push(app_locks, str); ++ if (!i) ++ OPENSSL_free(str); ++ else ++ i += CRYPTO_NUM_LOCKS; /* gap of one :-) */ ++ return (i); ++} + + int CRYPTO_get_new_dynlockid(void) +- { +- int i = 0; +- CRYPTO_dynlock *pointer = NULL; +- +- if (dynlock_create_callback == NULL) +- { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); +- return(0); +- } +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- if ((dyn_locks == NULL) +- && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); +- if (pointer == NULL) +- { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- pointer->references = 1; +- pointer->data = dynlock_create_callback(__FILE__,__LINE__); +- if (pointer->data == NULL) +- { +- OPENSSL_free(pointer); +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- /* First, try to find an existing empty slot */ +- i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); +- /* If there was none, push, thereby creating a new one */ +- if (i == -1) +- /* Since sk_push() returns the number of items on the +- stack, not the location of the pushed item, we need +- to transform the returned number into a position, +- by decreasing it. */ +- i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; +- else +- /* If we found a place with a NULL pointer, put our pointer +- in it. */ +- (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- if (i == -1) +- { +- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); +- OPENSSL_free(pointer); +- } +- else +- i += 1; /* to avoid 0 */ +- return -i; +- } ++{ ++ int i = 0; ++ CRYPTO_dynlock *pointer = NULL; ++ ++ if (dynlock_create_callback == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ++ CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); ++ return (0); ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ if ((dyn_locks == NULL) ++ && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock)); ++ if (pointer == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ pointer->references = 1; ++ pointer->data = dynlock_create_callback(__FILE__, __LINE__); ++ if (pointer->data == NULL) { ++ OPENSSL_free(pointer); ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ /* First, try to find an existing empty slot */ ++ i = sk_CRYPTO_dynlock_find(dyn_locks, NULL); ++ /* If there was none, push, thereby creating a new one */ ++ if (i == -1) ++ /* ++ * Since sk_push() returns the number of items on the stack, not the ++ * location of the pushed item, we need to transform the returned ++ * number into a position, by decreasing it. ++ */ ++ i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1; ++ else ++ /* ++ * If we found a place with a NULL pointer, put our pointer in it. ++ */ ++ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer); ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (i == -1) { ++ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); ++ OPENSSL_free(pointer); ++ } else ++ i += 1; /* to avoid 0 */ ++ return -i; ++} + + void CRYPTO_destroy_dynlockid(int i) +- { +- CRYPTO_dynlock *pointer = NULL; +- if (i) +- i = -i-1; +- if (dynlock_destroy_callback == NULL) +- return; +- +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +- +- if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- return; +- } +- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); +- if (pointer != NULL) +- { +- --pointer->references; ++{ ++ CRYPTO_dynlock *pointer = NULL; ++ if (i) ++ i = -i - 1; ++ if (dynlock_destroy_callback == NULL) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ return; ++ } ++ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); ++ if (pointer != NULL) { ++ --pointer->references; + #ifdef REF_CHECK +- if (pointer->references < 0) +- { +- fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); +- abort(); +- } +- else ++ if (pointer->references < 0) { ++ fprintf(stderr, ++ "CRYPTO_destroy_dynlockid, bad reference count\n"); ++ abort(); ++ } else + #endif +- if (pointer->references <= 0) +- { +- (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); +- } +- else +- pointer = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +- +- if (pointer) +- { +- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); +- OPENSSL_free(pointer); +- } +- } ++ if (pointer->references <= 0) { ++ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); ++ } else ++ pointer = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (pointer) { ++ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__); ++ OPENSSL_free(pointer); ++ } ++} + + struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) +- { +- CRYPTO_dynlock *pointer = NULL; +- if (i) +- i = -i-1; ++{ ++ CRYPTO_dynlock *pointer = NULL; ++ if (i) ++ i = -i - 1; + +- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); + +- if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) +- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); +- if (pointer) +- pointer->references++; ++ if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) ++ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); ++ if (pointer) ++ pointer->references++; + +- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); + +- if (pointer) +- return pointer->data; +- return NULL; +- } ++ if (pointer) ++ return pointer->data; ++ return NULL; ++} + + struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) +- (const char *file,int line) +- { +- return(dynlock_create_callback); +- } ++ (const char *file, int line) { ++ return (dynlock_create_callback); ++} + +-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, +- struct CRYPTO_dynlock_value *l, const char *file,int line) +- { +- return(dynlock_lock_callback); +- } ++void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, ++ struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line) { ++ return (dynlock_lock_callback); ++} + + void (*CRYPTO_get_dynlock_destroy_callback(void)) +- (struct CRYPTO_dynlock_value *l, const char *file,int line) +- { +- return(dynlock_destroy_callback); +- } ++ (struct CRYPTO_dynlock_value *l, const char *file, int line) { ++ return (dynlock_destroy_callback); ++} + + void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) +- (const char *file, int line)) +- { +- dynlock_create_callback=func; +- } ++ (const char *file, int line)) ++{ ++ dynlock_create_callback = func; ++} + + static void do_dynlock(int mode, int type, const char *file, int line) +- { +- if (dynlock_lock_callback != NULL) +- { +- struct CRYPTO_dynlock_value *pointer +- = CRYPTO_get_dynlock_value(type); +- +- OPENSSL_assert(pointer != NULL); +- +- dynlock_lock_callback(mode, pointer, file, line); +- +- CRYPTO_destroy_dynlockid(type); +- } +- } +- +-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, +- struct CRYPTO_dynlock_value *l, const char *file, int line)) +- { +- /* Set callback so CRYPTO_lock() can now handle dynamic locks. +- * This is OK because at this point and application shouldn't be using +- * OpenSSL from multiple threads because it is setting up the locking +- * callbacks. +- */ +- static int done = 0; +- if (!done) +- { +- int_CRYPTO_set_do_dynlock_callback(do_dynlock); +- done = 1; +- } +- +- dynlock_lock_callback=func; +- } ++{ ++ if (dynlock_lock_callback != NULL) { ++ struct CRYPTO_dynlock_value *pointer = CRYPTO_get_dynlock_value(type); ++ ++ OPENSSL_assert(pointer != NULL); ++ ++ dynlock_lock_callback(mode, pointer, file, line); ++ ++ CRYPTO_destroy_dynlockid(type); ++ } ++} ++ ++void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode, ++ struct ++ CRYPTO_dynlock_value *l, ++ const char *file, ++ int line)) ++{ ++ /* ++ * Set callback so CRYPTO_lock() can now handle dynamic locks. This is OK ++ * because at this point and application shouldn't be using OpenSSL from ++ * multiple threads because it is setting up the locking callbacks. ++ */ ++ static int done = 0; ++ if (!done) { ++ int_CRYPTO_set_do_dynlock_callback(do_dynlock); ++ done = 1; ++ } ++ ++ dynlock_lock_callback = func; ++} + + void CRYPTO_set_dynlock_destroy_callback(void (*func) +- (struct CRYPTO_dynlock_value *l, const char *file, int line)) +- { +- dynlock_destroy_callback=func; +- } ++ (struct CRYPTO_dynlock_value *l, ++ const char *file, int line)) ++{ ++ dynlock_destroy_callback = func; ++} + + const char *CRYPTO_get_lock_name(int type) +- { +- if (type < 0) +- return("dynamic"); +- else if (type < CRYPTO_NUM_LOCKS) +- return(lock_names[type]); +- else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks)) +- return("ERROR"); +- else +- return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); +- } +- ++{ ++ if (type < 0) ++ return ("dynamic"); ++ else if (type < CRYPTO_NUM_LOCKS) ++ return (lock_names[type]); ++ else if (type - CRYPTO_NUM_LOCKS > sk_num(app_locks)) ++ return ("ERROR"); ++ else ++ return (sk_value(app_locks, type - CRYPTO_NUM_LOCKS)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c +index 43e53bc..4b7652c 100644 +--- a/Cryptlib/OpenSSL/crypto/ebcdic.c ++++ b/Cryptlib/OpenSSL/crypto/ebcdic.c +@@ -2,198 +2,262 @@ + + #ifndef CHARSET_EBCDIC + +-#include +-#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) +-static void *dummy=&dummy; +-#endif ++# include ++# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) ++static void *dummy = &dummy; ++# endif + +-#else /*CHARSET_EBCDIC*/ ++#else /* CHARSET_EBCDIC */ + +-#include "ebcdic.h" +-/* Initial Port for Apache-1.3 by ++# include "ebcdic.h" ++/*- ++ * Initial Port for Apache-1.3 by + * Adapted for OpenSSL-0.9.4 by + */ + +-#ifdef _OSD_POSIX ++# ifdef _OSD_POSIX + /* +- "BS2000 OSD" is a POSIX subsystem on a main frame. +- It is made by Siemens AG, Germany, for their BS2000 mainframe machines. +- Within the POSIX subsystem, the same character set was chosen as in +- "native BS2000", namely EBCDIC. (EDF04) +- +- The name "ASCII" in these routines is misleading: actually, conversion +- is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; +- that means that (western european) national characters are preserved. +- +- This table is identical to the one used by rsh/rcp/ftp and other POSIX tools. +-*/ ++ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens ++ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX ++ * subsystem, the same character set was chosen as in "native BS2000", namely ++ * EBCDIC. (EDF04) ++ * ++ * The name "ASCII" in these routines is misleading: actually, conversion is ++ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means ++ * that (western european) national characters are preserved. ++ * ++ * This table is identical to the one used by rsh/rcp/ftp and other POSIX ++ * tools. ++ */ + + /* Here's the bijective ebcdic-to-ascii table: */ + const unsigned char os_toascii[256] = { +-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, +- 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ +-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, +- 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ +-/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, +- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/ +-/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, +- 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/ +-/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, +- 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/ +-/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, +- 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/ +-/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, +- 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ +-/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, +- 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/ +-/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, +- 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/ +-/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, +- 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/ +-/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, +- 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/ +-/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, +- 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/ +-/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, +- 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/ +-/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, +- 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/ +-/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, +- 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/ +-/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, +- 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /*0123456789.{.}.~*/ ++ /* ++ * 00 ++ */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, ++ 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ ++ /* ++ * 10 ++ */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, ++ 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ ++ /* ++ * 20 ++ */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, ++ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ ++ /* ++ * 30 ++ */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, ++ 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ ++ /* ++ * 40 ++ */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, ++ 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */ ++ /* ++ * 50 ++ */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, ++ 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */ ++ /* ++ * 60 ++ */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, ++ 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ ++ /* ++ * 70 ++ */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, ++ 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */ ++ /* ++ * 80 ++ */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, ++ 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ ++ /* ++ * 90 ++ */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, ++ 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ ++ /* ++ * a0 ++ */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, ++ 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */ ++ /* ++ * b0 ++ */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, ++ 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */ ++ /* ++ * c0 ++ */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, ++ 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */ ++ /* ++ * d0 ++ */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, ++ 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */ ++ /* ++ * e0 ++ */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, ++ 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */ ++ /* ++ * f0 ++ */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, ++ 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */ + }; + +- + /* The ascii-to-ebcdic table: */ + const unsigned char os_toebcdic[256] = { +-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, +- 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ +-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, +- 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ +-/*20*/ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, +- 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ +-/*30*/ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, +- 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /*0123456789:;<=>?*/ +-/*40*/ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, +- 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /*@ABCDEFGHIJKLMNO*/ +-/*50*/ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, +- 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /*PQRSTUVWXYZ[\]^_*/ +-/*60*/ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, +- 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /*`abcdefghijklmno*/ +-/*70*/ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, +- 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /*pqrstuvwxyz{|}~.*/ +-/*80*/ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, +- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /*................*/ +-/*90*/ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, +- 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /*................*/ +-/*a0*/ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, +- 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /*................*/ +-/*b0*/ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, +- 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /*................*/ +-/*c0*/ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, +- 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /*................*/ +-/*d0*/ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, +- 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /*................*/ +-/*e0*/ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, +- 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /*................*/ +-/*f0*/ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, +- 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /*................*/ ++ /* ++ * 00 ++ */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, ++ 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ ++ /* ++ * 10 ++ */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, ++ 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ ++ /* ++ * 20 ++ */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, ++ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ ++ /* ++ * 30 ++ */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, ++ 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ ++ /* ++ * 40 ++ */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, ++ 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ ++ /* ++ * 50 ++ */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, ++ 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */ ++ /* ++ * 60 ++ */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, ++ 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ ++ /* ++ * 70 ++ */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, ++ 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */ ++ /* ++ * 80 ++ */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, ++ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ ++ /* ++ * 90 ++ */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, ++ 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */ ++ /* ++ * a0 ++ */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, ++ 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */ ++ /* ++ * b0 ++ */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, ++ 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ ++ /* ++ * c0 ++ */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, ++ 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ ++ /* ++ * d0 ++ */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, ++ 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */ ++ /* ++ * e0 ++ */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, ++ 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ ++ /* ++ * f0 ++ */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, ++ 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ + }; + +-#else /*_OSD_POSIX*/ ++# else /*_OSD_POSIX*/ + + /* +-This code does basic character mapping for IBM's TPF and OS/390 operating systems. +-It is a modified version of the BS2000 table. +- +-Bijective EBCDIC (character set IBM-1047) to US-ASCII table: +-This table is bijective - there are no ambigous or duplicate characters. +-*/ ++ * This code does basic character mapping for IBM's TPF and OS/390 operating ++ * systems. It is a modified version of the BS2000 table. ++ * ++ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is ++ * bijective - there are no ambigous or duplicate characters. ++ */ + const unsigned char os_toascii[256] = { +- 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ ++ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ + 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ +- 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ ++ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ + 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ +- 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ ++ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ +- 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ ++ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ + 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ +- 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ +- 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ +- 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ ++ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ ++ 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ ++ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ + 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */ +- 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ ++ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ + 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */ +- 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ ++ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ + 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */ +- 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ ++ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ + 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ +- 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ ++ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ + 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ +- 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ ++ 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ + 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */ +- 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ ++ 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ + 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */ +- 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ ++ 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ + 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */ +- 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ ++ 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ + 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */ +- 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ ++ 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ + 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */ +- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ +- 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ ++ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ ++ 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ + }; + +- + /* +-The US-ASCII to EBCDIC (character set IBM-1047) table: +-This table is bijective (no ambiguous or duplicate characters) +-*/ ++ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is ++ * bijective (no ambiguous or duplicate characters) ++ */ + const unsigned char os_toebcdic[256] = { +- 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ ++ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ + 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ +- 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ ++ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ + 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ +- 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ +- 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ +- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ ++ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ ++ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ ++ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ + 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ +- 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ ++ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ + 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ +- 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ ++ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ + 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */ +- 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ ++ 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ + 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ +- 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ ++ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ + 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */ +- 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ ++ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ +- 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ ++ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ + 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */ +- 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ ++ 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ + 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */ +- 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ ++ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ + 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ +- 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ ++ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ + 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ +- 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ ++ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ + 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */ +- 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ ++ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ + 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ +- 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ +- 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ ++ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ ++ 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ + }; +-#endif /*_OSD_POSIX*/ ++# endif/*_OSD_POSIX*/ + +-/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset) +- * dest and srce may be identical, or separate memory blocks, but +- * should not overlap. These functions intentionally have an interface +- * compatible to memcpy(3). ++/* ++ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset) ++ * dest and srce may be identical, or separate memory blocks, but should not ++ * overlap. These functions intentionally have an interface compatible to ++ * memcpy(3). + */ + +-void * +-ebcdic2ascii(void *dest, const void *srce, size_t count) ++void *ebcdic2ascii(void *dest, const void *srce, size_t count) + { + unsigned char *udest = dest; + const unsigned char *usrce = srce; +@@ -205,8 +269,7 @@ ebcdic2ascii(void *dest, const void *srce, size_t count) + return dest; + } + +-void * +-ascii2ebcdic(void *dest, const void *srce, size_t count) ++void *ascii2ebcdic(void *dest, const void *srce, size_t count) + { + unsigned char *udest = dest; + const unsigned char *usrce = srce; +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +index 6b570a3..d3ba5d7 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -71,319 +71,393 @@ + + #include "ec_lcl.h" + +- +-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective ++/*- ++ * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective + * coordinates. +- * Uses algorithm Mdouble in appendix of +- * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over ++ * Uses algorithm Mdouble in appendix of ++ * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * modified to not require precomputation of c=b^{2^{m-1}}. + */ +-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) +- { +- BIGNUM *t1; +- int ret = 0; +- +- /* Since Mdouble is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- t1 = BN_CTX_get(ctx); +- if (t1 == NULL) goto err; +- +- if (!group->meth->field_sqr(group, x, x, ctx)) goto err; +- if (!group->meth->field_sqr(group, t1, z, ctx)) goto err; +- if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err; +- if (!group->meth->field_sqr(group, x, x, ctx)) goto err; +- if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err; +- if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err; +- if (!BN_GF2m_add(x, x, t1)) goto err; +- +- ret = 1; ++static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, ++ BN_CTX *ctx) ++{ ++ BIGNUM *t1; ++ int ret = 0; ++ ++ /* Since Mdouble is static we can guarantee that ctx != NULL. */ ++ BN_CTX_start(ctx); ++ t1 = BN_CTX_get(ctx); ++ if (t1 == NULL) ++ goto err; ++ ++ if (!group->meth->field_sqr(group, x, x, ctx)) ++ goto err; ++ if (!group->meth->field_sqr(group, t1, z, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, z, x, t1, ctx)) ++ goto err; ++ if (!group->meth->field_sqr(group, x, x, ctx)) ++ goto err; ++ if (!group->meth->field_sqr(group, t1, t1, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) ++ goto err; ++ if (!BN_GF2m_add(x, x, t1)) ++ goto err; ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- return ret; +- } ++ BN_CTX_end(ctx); ++ return ret; ++} + +-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery ++/*- ++ * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery + * projective coordinates. +- * Uses algorithm Madd in appendix of +- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over ++ * Uses algorithm Madd in appendix of ++ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + */ +-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, +- const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) +- { +- BIGNUM *t1, *t2; +- int ret = 0; +- +- /* Since Madd is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- t1 = BN_CTX_get(ctx); +- t2 = BN_CTX_get(ctx); +- if (t2 == NULL) goto err; +- +- if (!BN_copy(t1, x)) goto err; +- if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err; +- if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err; +- if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err; +- if (!BN_GF2m_add(z1, z1, x1)) goto err; +- if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err; +- if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err; +- if (!BN_GF2m_add(x1, x1, t2)) goto err; +- +- ret = 1; ++static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, ++ BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2, ++ BN_CTX *ctx) ++{ ++ BIGNUM *t1, *t2; ++ int ret = 0; ++ ++ /* Since Madd is static we can guarantee that ctx != NULL. */ ++ BN_CTX_start(ctx); ++ t1 = BN_CTX_get(ctx); ++ t2 = BN_CTX_get(ctx); ++ if (t2 == NULL) ++ goto err; ++ ++ if (!BN_copy(t1, x)) ++ goto err; ++ if (!group->meth->field_mul(group, x1, x1, z2, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, z1, z1, x2, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, t2, x1, z1, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z1, z1, x1)) ++ goto err; ++ if (!group->meth->field_sqr(group, z1, z1, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, x1, z1, t1, ctx)) ++ goto err; ++ if (!BN_GF2m_add(x1, x1, t2)) ++ goto err; ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- return ret; +- } +- +-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) +- * using Montgomery point multiplication algorithm Mxy() in appendix of +- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over ++ BN_CTX_end(ctx); ++ return ret; ++} ++ ++/*- ++ * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) ++ * using Montgomery point multiplication algorithm Mxy() in appendix of ++ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * Returns: + * 0 on error + * 1 if return value should be the point at infinity + * 2 otherwise + */ +-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, +- BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx) +- { +- BIGNUM *t3, *t4, *t5; +- int ret = 0; +- +- if (BN_is_zero(z1)) +- { +- BN_zero(x2); +- BN_zero(z2); +- return 1; +- } +- +- if (BN_is_zero(z2)) +- { +- if (!BN_copy(x2, x)) return 0; +- if (!BN_GF2m_add(z2, x, y)) return 0; +- return 2; +- } +- +- /* Since Mxy is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- t3 = BN_CTX_get(ctx); +- t4 = BN_CTX_get(ctx); +- t5 = BN_CTX_get(ctx); +- if (t5 == NULL) goto err; +- +- if (!BN_one(t5)) goto err; +- +- if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err; +- +- if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err; +- if (!BN_GF2m_add(z1, z1, x1)) goto err; +- if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err; +- if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err; +- if (!BN_GF2m_add(z2, z2, x2)) goto err; +- +- if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err; +- if (!group->meth->field_sqr(group, t4, x, ctx)) goto err; +- if (!BN_GF2m_add(t4, t4, y)) goto err; +- if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err; +- if (!BN_GF2m_add(t4, t4, z2)) goto err; +- +- if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err; +- if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err; +- if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err; +- if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err; +- if (!BN_GF2m_add(z2, x2, x)) goto err; +- +- if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err; +- if (!BN_GF2m_add(z2, z2, y)) goto err; +- +- ret = 2; ++static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, ++ BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, ++ BN_CTX *ctx) ++{ ++ BIGNUM *t3, *t4, *t5; ++ int ret = 0; ++ ++ if (BN_is_zero(z1)) { ++ BN_zero(x2); ++ BN_zero(z2); ++ return 1; ++ } ++ ++ if (BN_is_zero(z2)) { ++ if (!BN_copy(x2, x)) ++ return 0; ++ if (!BN_GF2m_add(z2, x, y)) ++ return 0; ++ return 2; ++ } ++ ++ /* Since Mxy is static we can guarantee that ctx != NULL. */ ++ BN_CTX_start(ctx); ++ t3 = BN_CTX_get(ctx); ++ t4 = BN_CTX_get(ctx); ++ t5 = BN_CTX_get(ctx); ++ if (t5 == NULL) ++ goto err; ++ ++ if (!BN_one(t5)) ++ goto err; ++ ++ if (!group->meth->field_mul(group, t3, z1, z2, ctx)) ++ goto err; ++ ++ if (!group->meth->field_mul(group, z1, z1, x, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z1, z1, x1)) ++ goto err; ++ if (!group->meth->field_mul(group, z2, z2, x, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, x1, z2, x1, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z2, z2, x2)) ++ goto err; ++ ++ if (!group->meth->field_mul(group, z2, z2, z1, ctx)) ++ goto err; ++ if (!group->meth->field_sqr(group, t4, x, ctx)) ++ goto err; ++ if (!BN_GF2m_add(t4, t4, y)) ++ goto err; ++ if (!group->meth->field_mul(group, t4, t4, t3, ctx)) ++ goto err; ++ if (!BN_GF2m_add(t4, t4, z2)) ++ goto err; ++ ++ if (!group->meth->field_mul(group, t3, t3, x, ctx)) ++ goto err; ++ if (!group->meth->field_div(group, t3, t5, t3, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, t4, t3, t4, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, x2, x1, t3, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z2, x2, x)) ++ goto err; ++ ++ if (!group->meth->field_mul(group, z2, z2, t4, ctx)) ++ goto err; ++ if (!BN_GF2m_add(z2, z2, y)) ++ goto err; ++ ++ ret = 2; + + err: +- BN_CTX_end(ctx); +- return ret; +- } ++ BN_CTX_end(ctx); ++ return ret; ++} + +-/* Computes scalar*point and stores the result in r. ++/*- ++ * Computes scalar*point and stores the result in r. + * point can not equal r. + * Uses a modified algorithm 2P of +- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over ++ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation". + * + * To protect against side-channel attack the function uses constant time + * swap avoiding conditional branches. + */ +-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- const EC_POINT *point, BN_CTX *ctx) +- { +- BIGNUM *x1, *x2, *z1, *z2; +- int ret = 0, i, j; +- BN_ULONG mask; +- +- if (r == point) +- { +- ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); +- return 0; +- } +- +- /* if result should be point at infinity */ +- if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || +- EC_POINT_is_at_infinity(group, point)) +- { +- return EC_POINT_set_to_infinity(group, r); +- } +- +- /* only support affine coordinates */ +- if (!point->Z_is_one) return 0; +- +- /* Since point_multiply is static we can guarantee that ctx != NULL. */ +- BN_CTX_start(ctx); +- x1 = BN_CTX_get(ctx); +- z1 = BN_CTX_get(ctx); +- if (z1 == NULL) goto err; +- +- x2 = &r->X; +- z2 = &r->Y; +- +- bn_wexpand(x1, group->field.top); +- bn_wexpand(z1, group->field.top); +- bn_wexpand(x2, group->field.top); +- bn_wexpand(z2, group->field.top); +- +- if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ +- if (!BN_one(z1)) goto err; /* z1 = 1 */ +- if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ +- if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err; +- if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */ +- +- /* find top most bit and go one past it */ +- i = scalar->top - 1; j = BN_BITS2 - 1; +- mask = BN_TBIT; +- while (!(scalar->d[i] & mask)) { mask >>= 1; j--; } +- mask >>= 1; j--; +- /* if top most bit was at word break, go to next word */ +- if (!mask) +- { +- i--; j = BN_BITS2 - 1; +- mask = BN_TBIT; +- } +- +- for (; i >= 0; i--) +- { +- for (; j >= 0; j--) +- { +- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); +- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); +- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; +- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; +- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); +- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); +- mask >>= 1; +- } +- j = BN_BITS2 - 1; +- mask = BN_TBIT; +- } +- +- /* convert out of "projective" coordinates */ +- i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); +- if (i == 0) goto err; +- else if (i == 1) +- { +- if (!EC_POINT_set_to_infinity(group, r)) goto err; +- } +- else +- { +- if (!BN_one(&r->Z)) goto err; +- r->Z_is_one = 1; +- } +- +- /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ +- BN_set_negative(&r->X, 0); +- BN_set_negative(&r->Y, 0); +- +- ret = 1; ++static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, ++ EC_POINT *r, ++ const BIGNUM *scalar, ++ const EC_POINT *point, ++ BN_CTX *ctx) ++{ ++ BIGNUM *x1, *x2, *z1, *z2; ++ int ret = 0, i, j; ++ BN_ULONG mask; ++ ++ if (r == point) { ++ ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT); ++ return 0; ++ } ++ ++ /* if result should be point at infinity */ ++ if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || ++ EC_POINT_is_at_infinity(group, point)) { ++ return EC_POINT_set_to_infinity(group, r); ++ } ++ ++ /* only support affine coordinates */ ++ if (!point->Z_is_one) ++ return 0; ++ ++ /* ++ * Since point_multiply is static we can guarantee that ctx != NULL. ++ */ ++ BN_CTX_start(ctx); ++ x1 = BN_CTX_get(ctx); ++ z1 = BN_CTX_get(ctx); ++ if (z1 == NULL) ++ goto err; ++ ++ x2 = &r->X; ++ z2 = &r->Y; ++ ++ bn_wexpand(x1, group->field.top); ++ bn_wexpand(z1, group->field.top); ++ bn_wexpand(x2, group->field.top); ++ bn_wexpand(z2, group->field.top); ++ ++ if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) ++ goto err; /* x1 = x */ ++ if (!BN_one(z1)) ++ goto err; /* z1 = 1 */ ++ if (!group->meth->field_sqr(group, z2, x1, ctx)) ++ goto err; /* z2 = x1^2 = x^2 */ ++ if (!group->meth->field_sqr(group, x2, z2, ctx)) ++ goto err; ++ if (!BN_GF2m_add(x2, x2, &group->b)) ++ goto err; /* x2 = x^4 + b */ ++ ++ /* find top most bit and go one past it */ ++ i = scalar->top - 1; ++ j = BN_BITS2 - 1; ++ mask = BN_TBIT; ++ while (!(scalar->d[i] & mask)) { ++ mask >>= 1; ++ j--; ++ } ++ mask >>= 1; ++ j--; ++ /* if top most bit was at word break, go to next word */ ++ if (!mask) { ++ i--; ++ j = BN_BITS2 - 1; ++ mask = BN_TBIT; ++ } ++ ++ for (; i >= 0; i--) { ++ for (; j >= 0; j--) { ++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); ++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); ++ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) ++ goto err; ++ if (!gf2m_Mdouble(group, x1, z1, ctx)) ++ goto err; ++ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); ++ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); ++ mask >>= 1; ++ } ++ j = BN_BITS2 - 1; ++ mask = BN_TBIT; ++ } ++ ++ /* convert out of "projective" coordinates */ ++ i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); ++ if (i == 0) ++ goto err; ++ else if (i == 1) { ++ if (!EC_POINT_set_to_infinity(group, r)) ++ goto err; ++ } else { ++ if (!BN_one(&r->Z)) ++ goto err; ++ r->Z_is_one = 1; ++ } ++ ++ /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ ++ BN_set_negative(&r->X, 0); ++ BN_set_negative(&r->Y, 0); ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- return ret; +- } +- ++ BN_CTX_end(ctx); ++ return ret; ++} + +-/* Computes the sum ++/*- ++ * Computes the sum + * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] + * gracefully ignoring NULL scalar values. + */ +-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- int ret = 0; +- size_t i; +- EC_POINT *p=NULL; +- EC_POINT *acc = NULL; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- /* This implementation is more efficient than the wNAF implementation for 2 +- * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points, +- * or if we can perform a fast multiplication based on precomputation. +- */ +- if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group))) +- { +- ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); +- goto err; +- } +- +- if ((p = EC_POINT_new(group)) == NULL) goto err; +- if ((acc = EC_POINT_new(group)) == NULL) goto err; +- +- if (!EC_POINT_set_to_infinity(group, acc)) goto err; +- +- if (scalar) +- { +- if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err; +- if (BN_is_negative(scalar)) +- if (!group->meth->invert(group, p, ctx)) goto err; +- if (!group->meth->add(group, acc, acc, p, ctx)) goto err; +- } +- +- for (i = 0; i < num; i++) +- { +- if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err; +- if (BN_is_negative(scalars[i])) +- if (!group->meth->invert(group, p, ctx)) goto err; +- if (!group->meth->add(group, acc, acc, p, ctx)) goto err; +- } +- +- if (!EC_POINT_copy(r, acc)) goto err; +- +- ret = 1; +- +- err: +- if (p) EC_POINT_free(p); +- if (acc) EC_POINT_free(acc); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-/* Precomputation for point multiplication: fall back to wNAF methods +- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ ++int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, ++ const BIGNUM *scalar, size_t num, ++ const EC_POINT *points[], const BIGNUM *scalars[], ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ int ret = 0; ++ size_t i; ++ EC_POINT *p = NULL; ++ EC_POINT *acc = NULL; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ /* ++ * This implementation is more efficient than the wNAF implementation for ++ * 2 or fewer points. Use the ec_wNAF_mul implementation for 3 or more ++ * points, or if we can perform a fast multiplication based on ++ * precomputation. ++ */ ++ if ((scalar && (num > 1)) || (num > 2) ++ || (num == 0 && EC_GROUP_have_precompute_mult(group))) { ++ ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); ++ goto err; ++ } ++ ++ if ((p = EC_POINT_new(group)) == NULL) ++ goto err; ++ if ((acc = EC_POINT_new(group)) == NULL) ++ goto err; ++ ++ if (!EC_POINT_set_to_infinity(group, acc)) ++ goto err; ++ ++ if (scalar) { ++ if (!ec_GF2m_montgomery_point_multiply ++ (group, p, scalar, group->generator, ctx)) ++ goto err; ++ if (BN_is_negative(scalar)) ++ if (!group->meth->invert(group, p, ctx)) ++ goto err; ++ if (!group->meth->add(group, acc, acc, p, ctx)) ++ goto err; ++ } ++ ++ for (i = 0; i < num; i++) { ++ if (!ec_GF2m_montgomery_point_multiply ++ (group, p, scalars[i], points[i], ctx)) ++ goto err; ++ if (BN_is_negative(scalars[i])) ++ if (!group->meth->invert(group, p, ctx)) ++ goto err; ++ if (!group->meth->add(group, acc, acc, p, ctx)) ++ goto err; ++ } ++ ++ if (!EC_POINT_copy(r, acc)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (p) ++ EC_POINT_free(p); ++ if (acc) ++ EC_POINT_free(acc); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++/* ++ * Precomputation for point multiplication: fall back to wNAF methods because ++ * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate ++ */ + + int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +- { +- return ec_wNAF_precompute_mult(group, ctx); +- } ++{ ++ return ec_wNAF_precompute_mult(group, ctx); ++} + + int ec_GF2m_have_precompute_mult(const EC_GROUP *group) +- { +- return ec_wNAF_have_precompute_mult(group); +- } ++{ ++ return ec_wNAF_have_precompute_mult(group); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c +index c06b3b6..5df41e2 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -71,906 +71,965 @@ + + #include "ec_lcl.h" + +- + const EC_METHOD *EC_GF2m_simple_method(void) +- { +- static const EC_METHOD ret = { +- NID_X9_62_characteristic_two_field, +- ec_GF2m_simple_group_init, +- ec_GF2m_simple_group_finish, +- ec_GF2m_simple_group_clear_finish, +- ec_GF2m_simple_group_copy, +- ec_GF2m_simple_group_set_curve, +- ec_GF2m_simple_group_get_curve, +- ec_GF2m_simple_group_get_degree, +- ec_GF2m_simple_group_check_discriminant, +- ec_GF2m_simple_point_init, +- ec_GF2m_simple_point_finish, +- ec_GF2m_simple_point_clear_finish, +- ec_GF2m_simple_point_copy, +- ec_GF2m_simple_point_set_to_infinity, +- 0 /* set_Jprojective_coordinates_GFp */, +- 0 /* get_Jprojective_coordinates_GFp */, +- ec_GF2m_simple_point_set_affine_coordinates, +- ec_GF2m_simple_point_get_affine_coordinates, +- ec_GF2m_simple_set_compressed_coordinates, +- ec_GF2m_simple_point2oct, +- ec_GF2m_simple_oct2point, +- ec_GF2m_simple_add, +- ec_GF2m_simple_dbl, +- ec_GF2m_simple_invert, +- ec_GF2m_simple_is_at_infinity, +- ec_GF2m_simple_is_on_curve, +- ec_GF2m_simple_cmp, +- ec_GF2m_simple_make_affine, +- ec_GF2m_simple_points_make_affine, +- +- /* the following three method functions are defined in ec2_mult.c */ +- ec_GF2m_simple_mul, +- ec_GF2m_precompute_mult, +- ec_GF2m_have_precompute_mult, +- +- ec_GF2m_simple_field_mul, +- ec_GF2m_simple_field_sqr, +- ec_GF2m_simple_field_div, +- 0 /* field_encode */, +- 0 /* field_decode */, +- 0 /* field_set_to_one */ }; +- +- return &ret; +- } +- +- +-/* Initialize a GF(2^m)-based EC_GROUP structure. +- * Note that all other members are handled by EC_GROUP_new. ++{ ++ static const EC_METHOD ret = { ++ NID_X9_62_characteristic_two_field, ++ ec_GF2m_simple_group_init, ++ ec_GF2m_simple_group_finish, ++ ec_GF2m_simple_group_clear_finish, ++ ec_GF2m_simple_group_copy, ++ ec_GF2m_simple_group_set_curve, ++ ec_GF2m_simple_group_get_curve, ++ ec_GF2m_simple_group_get_degree, ++ ec_GF2m_simple_group_check_discriminant, ++ ec_GF2m_simple_point_init, ++ ec_GF2m_simple_point_finish, ++ ec_GF2m_simple_point_clear_finish, ++ ec_GF2m_simple_point_copy, ++ ec_GF2m_simple_point_set_to_infinity, ++ 0 /* set_Jprojective_coordinates_GFp */ , ++ 0 /* get_Jprojective_coordinates_GFp */ , ++ ec_GF2m_simple_point_set_affine_coordinates, ++ ec_GF2m_simple_point_get_affine_coordinates, ++ ec_GF2m_simple_set_compressed_coordinates, ++ ec_GF2m_simple_point2oct, ++ ec_GF2m_simple_oct2point, ++ ec_GF2m_simple_add, ++ ec_GF2m_simple_dbl, ++ ec_GF2m_simple_invert, ++ ec_GF2m_simple_is_at_infinity, ++ ec_GF2m_simple_is_on_curve, ++ ec_GF2m_simple_cmp, ++ ec_GF2m_simple_make_affine, ++ ec_GF2m_simple_points_make_affine, ++ ++ /* ++ * the following three method functions are defined in ec2_mult.c ++ */ ++ ec_GF2m_simple_mul, ++ ec_GF2m_precompute_mult, ++ ec_GF2m_have_precompute_mult, ++ ++ ec_GF2m_simple_field_mul, ++ ec_GF2m_simple_field_sqr, ++ ec_GF2m_simple_field_div, ++ 0 /* field_encode */ , ++ 0 /* field_decode */ , ++ 0 /* field_set_to_one */ ++ }; ++ ++ return &ret; ++} ++ ++/* ++ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members ++ * are handled by EC_GROUP_new. + */ + int ec_GF2m_simple_group_init(EC_GROUP *group) +- { +- BN_init(&group->field); +- BN_init(&group->a); +- BN_init(&group->b); +- return 1; +- } +- +- +-/* Free a GF(2^m)-based EC_GROUP structure. +- * Note that all other members are handled by EC_GROUP_free. ++{ ++ BN_init(&group->field); ++ BN_init(&group->a); ++ BN_init(&group->b); ++ return 1; ++} ++ ++/* ++ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are ++ * handled by EC_GROUP_free. + */ + void ec_GF2m_simple_group_finish(EC_GROUP *group) +- { +- BN_free(&group->field); +- BN_free(&group->a); +- BN_free(&group->b); +- } +- +- +-/* Clear and free a GF(2^m)-based EC_GROUP structure. +- * Note that all other members are handled by EC_GROUP_clear_free. ++{ ++ BN_free(&group->field); ++ BN_free(&group->a); ++ BN_free(&group->b); ++} ++ ++/* ++ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other ++ * members are handled by EC_GROUP_clear_free. + */ + void ec_GF2m_simple_group_clear_finish(EC_GROUP *group) +- { +- BN_clear_free(&group->field); +- BN_clear_free(&group->a); +- BN_clear_free(&group->b); +- group->poly[0] = 0; +- group->poly[1] = 0; +- group->poly[2] = 0; +- group->poly[3] = 0; +- group->poly[4] = 0; +- } +- +- +-/* Copy a GF(2^m)-based EC_GROUP structure. +- * Note that all other members are handled by EC_GROUP_copy. ++{ ++ BN_clear_free(&group->field); ++ BN_clear_free(&group->a); ++ BN_clear_free(&group->b); ++ group->poly[0] = 0; ++ group->poly[1] = 0; ++ group->poly[2] = 0; ++ group->poly[3] = 0; ++ group->poly[4] = 0; ++} ++ ++/* ++ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are ++ * handled by EC_GROUP_copy. + */ + int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) +- { +- int i; +- if (!BN_copy(&dest->field, &src->field)) return 0; +- if (!BN_copy(&dest->a, &src->a)) return 0; +- if (!BN_copy(&dest->b, &src->b)) return 0; +- dest->poly[0] = src->poly[0]; +- dest->poly[1] = src->poly[1]; +- dest->poly[2] = src->poly[2]; +- dest->poly[3] = src->poly[3]; +- dest->poly[4] = src->poly[4]; +- if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) +- return 0; +- if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) +- return 0; +- for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0; +- for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0; +- return 1; +- } +- ++{ ++ int i; ++ if (!BN_copy(&dest->field, &src->field)) ++ return 0; ++ if (!BN_copy(&dest->a, &src->a)) ++ return 0; ++ if (!BN_copy(&dest->b, &src->b)) ++ return 0; ++ dest->poly[0] = src->poly[0]; ++ dest->poly[1] = src->poly[1]; ++ dest->poly[2] = src->poly[2]; ++ dest->poly[3] = src->poly[3]; ++ dest->poly[4] = src->poly[4]; ++ if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ++ == NULL) ++ return 0; ++ if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ++ == NULL) ++ return 0; ++ for (i = dest->a.top; i < dest->a.dmax; i++) ++ dest->a.d[i] = 0; ++ for (i = dest->b.top; i < dest->b.dmax; i++) ++ dest->b.d[i] = 0; ++ return 1; ++} + + /* Set the curve parameters of an EC_GROUP structure. */ + int ec_GF2m_simple_group_set_curve(EC_GROUP *group, +- const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- int ret = 0, i; +- +- /* group->field */ +- if (!BN_copy(&group->field, p)) goto err; +- i = BN_GF2m_poly2arr(&group->field, group->poly, 5); +- if ((i != 5) && (i != 3)) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); +- goto err; +- } +- +- /* group->a */ +- if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err; +- if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; +- for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0; +- +- /* group->b */ +- if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err; +- if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err; +- for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0; +- +- ret = 1; +- err: +- return ret; +- } +- +- +-/* Get the curve parameters of an EC_GROUP structure. +- * If p, a, or b are NULL then there values will not be set but the method will return with success. ++ const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ int ret = 0, i; ++ ++ /* group->field */ ++ if (!BN_copy(&group->field, p)) ++ goto err; ++ i = BN_GF2m_poly2arr(&group->field, group->poly, 5); ++ if ((i != 5) && (i != 3)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD); ++ goto err; ++ } ++ ++ /* group->a */ ++ if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) ++ goto err; ++ if (bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) ++ == NULL) ++ goto err; ++ for (i = group->a.top; i < group->a.dmax; i++) ++ group->a.d[i] = 0; ++ ++ /* group->b */ ++ if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) ++ goto err; ++ if (bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) ++ == NULL) ++ goto err; ++ for (i = group->b.top; i < group->b.dmax; i++) ++ group->b.d[i] = 0; ++ ++ ret = 1; ++ err: ++ return ret; ++} ++ ++/* ++ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL ++ * then there values will not be set but the method will return with success. + */ +-int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +- { +- int ret = 0; +- +- if (p != NULL) +- { +- if (!BN_copy(p, &group->field)) return 0; +- } +- +- if (a != NULL) +- { +- if (!BN_copy(a, &group->a)) goto err; +- } +- +- if (b != NULL) +- { +- if (!BN_copy(b, &group->b)) goto err; +- } +- +- ret = 1; +- +- err: +- return ret; +- } +- +- +-/* Gets the degree of the field. For a curve over GF(2^m) this is the value m. */ +-int ec_GF2m_simple_group_get_degree(const EC_GROUP *group) +- { +- return BN_num_bits(&group->field)-1; +- } ++int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, ++ BIGNUM *a, BIGNUM *b, BN_CTX *ctx) ++{ ++ int ret = 0; ++ ++ if (p != NULL) { ++ if (!BN_copy(p, &group->field)) ++ return 0; ++ } ++ ++ if (a != NULL) { ++ if (!BN_copy(a, &group->a)) ++ goto err; ++ } ++ ++ if (b != NULL) { ++ if (!BN_copy(b, &group->b)) ++ goto err; ++ } ++ ++ ret = 1; + ++ err: ++ return ret; ++} + +-/* Checks the discriminant of the curve. +- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) ++/* ++ * Gets the degree of the field. For a curve over GF(2^m) this is the value ++ * m. + */ +-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) +- { +- int ret = 0; +- BIGNUM *b; +- BN_CTX *new_ctx = NULL; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- BN_CTX_start(ctx); +- b = BN_CTX_get(ctx); +- if (b == NULL) goto err; +- +- if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err; +- +- /* check the discriminant: +- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) +- */ +- if (BN_is_zero(b)) goto err; +- +- ret = 1; +- +-err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } ++int ec_GF2m_simple_group_get_degree(const EC_GROUP *group) ++{ ++ return BN_num_bits(&group->field) - 1; ++} + ++/* ++ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an ++ * elliptic curve <=> b != 0 (mod p) ++ */ ++int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, ++ BN_CTX *ctx) ++{ ++ int ret = 0; ++ BIGNUM *b; ++ BN_CTX *new_ctx = NULL; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ BN_CTX_start(ctx); ++ b = BN_CTX_get(ctx); ++ if (b == NULL) ++ goto err; ++ ++ if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) ++ goto err; ++ ++ /* ++ * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic ++ * curve <=> b != 0 (mod p) ++ */ ++ if (BN_is_zero(b)) ++ goto err; ++ ++ ret = 1; ++ ++ err: ++ if (ctx != NULL) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} + + /* Initializes an EC_POINT. */ + int ec_GF2m_simple_point_init(EC_POINT *point) +- { +- BN_init(&point->X); +- BN_init(&point->Y); +- BN_init(&point->Z); +- return 1; +- } +- ++{ ++ BN_init(&point->X); ++ BN_init(&point->Y); ++ BN_init(&point->Z); ++ return 1; ++} + + /* Frees an EC_POINT. */ + void ec_GF2m_simple_point_finish(EC_POINT *point) +- { +- BN_free(&point->X); +- BN_free(&point->Y); +- BN_free(&point->Z); +- } +- ++{ ++ BN_free(&point->X); ++ BN_free(&point->Y); ++ BN_free(&point->Z); ++} + + /* Clears and frees an EC_POINT. */ + void ec_GF2m_simple_point_clear_finish(EC_POINT *point) +- { +- BN_clear_free(&point->X); +- BN_clear_free(&point->Y); +- BN_clear_free(&point->Z); +- point->Z_is_one = 0; +- } +- +- +-/* Copy the contents of one EC_POINT into another. Assumes dest is initialized. */ ++{ ++ BN_clear_free(&point->X); ++ BN_clear_free(&point->Y); ++ BN_clear_free(&point->Z); ++ point->Z_is_one = 0; ++} ++ ++/* ++ * Copy the contents of one EC_POINT into another. Assumes dest is ++ * initialized. ++ */ + int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) +- { +- if (!BN_copy(&dest->X, &src->X)) return 0; +- if (!BN_copy(&dest->Y, &src->Y)) return 0; +- if (!BN_copy(&dest->Z, &src->Z)) return 0; +- dest->Z_is_one = src->Z_is_one; +- +- return 1; +- } +- +- +-/* Set an EC_POINT to the point at infinity. +- * A point at infinity is represented by having Z=0. ++{ ++ if (!BN_copy(&dest->X, &src->X)) ++ return 0; ++ if (!BN_copy(&dest->Y, &src->Y)) ++ return 0; ++ if (!BN_copy(&dest->Z, &src->Z)) ++ return 0; ++ dest->Z_is_one = src->Z_is_one; ++ ++ return 1; ++} ++ ++/* ++ * Set an EC_POINT to the point at infinity. A point at infinity is ++ * represented by having Z=0. + */ +-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) +- { +- point->Z_is_one = 0; +- BN_zero(&point->Z); +- return 1; +- } ++int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, ++ EC_POINT *point) ++{ ++ point->Z_is_one = 0; ++ BN_zero(&point->Z); ++ return 1; ++} ++ ++/* ++ * Set the coordinates of an EC_POINT using affine coordinates. Note that ++ * the simple implementation only uses affine coordinates. ++ */ ++int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, ++ EC_POINT *point, ++ const BIGNUM *x, ++ const BIGNUM *y, BN_CTX *ctx) ++{ ++ int ret = 0; ++ if (x == NULL || y == NULL) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ if (!BN_copy(&point->X, x)) ++ goto err; ++ BN_set_negative(&point->X, 0); ++ if (!BN_copy(&point->Y, y)) ++ goto err; ++ BN_set_negative(&point->Y, 0); ++ if (!BN_copy(&point->Z, BN_value_one())) ++ goto err; ++ BN_set_negative(&point->Z, 0); ++ point->Z_is_one = 1; ++ ret = 1; + ++ err: ++ return ret; ++} + +-/* Set the coordinates of an EC_POINT using affine coordinates. +- * Note that the simple implementation only uses affine coordinates. ++/* ++ * Gets the affine coordinates of an EC_POINT. Note that the simple ++ * implementation only uses affine coordinates. + */ +-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +- { +- int ret = 0; +- if (x == NULL || y == NULL) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if (!BN_copy(&point->X, x)) goto err; +- BN_set_negative(&point->X, 0); +- if (!BN_copy(&point->Y, y)) goto err; +- BN_set_negative(&point->Y, 0); +- if (!BN_copy(&point->Z, BN_value_one())) goto err; +- BN_set_negative(&point->Z, 0); +- point->Z_is_one = 1; +- ret = 1; +- +- err: +- return ret; +- } +- +- +-/* Gets the affine coordinates of an EC_POINT. +- * Note that the simple implementation only uses affine coordinates. +- */ +-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +- { +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, point)) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); +- return 0; +- } +- +- if (BN_cmp(&point->Z, BN_value_one())) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (x != NULL) +- { +- if (!BN_copy(x, &point->X)) goto err; +- BN_set_negative(x, 0); +- } +- if (y != NULL) +- { +- if (!BN_copy(y, &point->Y)) goto err; +- BN_set_negative(y, 0); +- } +- ret = 1; +- +- err: +- return ret; +- } ++int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, ++ const EC_POINT *point, ++ BIGNUM *x, BIGNUM *y, ++ BN_CTX *ctx) ++{ ++ int ret = 0; ++ ++ if (EC_POINT_is_at_infinity(group, point)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ++ EC_R_POINT_AT_INFINITY); ++ return 0; ++ } ++ ++ if (BN_cmp(&point->Z, BN_value_one())) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (x != NULL) { ++ if (!BN_copy(x, &point->X)) ++ goto err; ++ BN_set_negative(x, 0); ++ } ++ if (y != NULL) { ++ if (!BN_copy(y, &point->Y)) ++ goto err; ++ BN_set_negative(y, 0); ++ } ++ ret = 1; + ++ err: ++ return ret; ++} + + /* Include patented algorithms. */ + #include "ec2_smpt.c" + +- +-/* Converts an EC_POINT to an octet string. +- * If buf is NULL, the encoded length will be returned. +- * If the length len of buf is smaller than required an error will be returned. +- * +- * The point compression section of this function is patented by Certicom Corp. +- * under US Patent 6,141,420. Point compression is disabled by default and can +- * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at +- * Configure-time. ++/* ++ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded ++ * length will be returned. If the length len of buf is smaller than required ++ * an error will be returned. The point compression section of this function ++ * is patented by Certicom Corp. under US Patent 6,141,420. Point ++ * compression is disabled by default and can be enabled by defining the ++ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time. + */ +-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *ctx) +- { +- size_t ret; +- BN_CTX *new_ctx = NULL; +- int used_ctx = 0; +- BIGNUM *x, *y, *yxi; +- size_t field_len, i, skip; ++size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, ++ point_conversion_form_t form, ++ unsigned char *buf, size_t len, BN_CTX *ctx) ++{ ++ size_t ret; ++ BN_CTX *new_ctx = NULL; ++ int used_ctx = 0; ++ BIGNUM *x, *y, *yxi; ++ size_t field_len, i, skip; + + #ifndef OPENSSL_EC_BIN_PT_COMP +- if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID)) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED); +- goto err; +- } ++ if ((form == POINT_CONVERSION_COMPRESSED) ++ || (form == POINT_CONVERSION_HYBRID)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED); ++ goto err; ++ } + #endif + +- if ((form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); +- goto err; +- } +- +- if (EC_POINT_is_at_infinity(group, point)) +- { +- /* encodes to a single 0 octet */ +- if (buf != NULL) +- { +- if (len < 1) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- buf[0] = 0; +- } +- return 1; +- } +- +- +- /* ret := required output buffer length */ +- field_len = (EC_GROUP_get_degree(group) + 7) / 8; +- ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; +- +- /* if 'buf' is NULL, just return required length */ +- if (buf != NULL) +- { +- if (len < ret) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- goto err; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- used_ctx = 1; +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- yxi = BN_CTX_get(ctx); +- if (yxi == NULL) goto err; +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; +- +- buf[0] = form; ++ if ((form != POINT_CONVERSION_COMPRESSED) ++ && (form != POINT_CONVERSION_UNCOMPRESSED) ++ && (form != POINT_CONVERSION_HYBRID)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); ++ goto err; ++ } ++ ++ if (EC_POINT_is_at_infinity(group, point)) { ++ /* encodes to a single 0 octet */ ++ if (buf != NULL) { ++ if (len < 1) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); ++ return 0; ++ } ++ buf[0] = 0; ++ } ++ return 1; ++ } ++ ++ /* ret := required output buffer length */ ++ field_len = (EC_GROUP_get_degree(group) + 7) / 8; ++ ret = ++ (form == ++ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; ++ ++ /* if 'buf' is NULL, just return required length */ ++ if (buf != NULL) { ++ if (len < ret) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); ++ goto err; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ used_ctx = 1; ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ yxi = BN_CTX_get(ctx); ++ if (yxi == NULL) ++ goto err; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) ++ goto err; ++ ++ buf[0] = form; + #ifdef OPENSSL_EC_BIN_PT_COMP +- if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) +- { +- if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; +- if (BN_is_odd(yxi)) buf[0]++; +- } ++ if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) { ++ if (!group->meth->field_div(group, yxi, y, x, ctx)) ++ goto err; ++ if (BN_is_odd(yxi)) ++ buf[0]++; ++ } + #endif + +- i = 1; +- +- skip = field_len - BN_num_bytes(x); +- if (skip > field_len) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) +- { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(x, buf + i); +- i += skip; +- if (i != 1 + field_len) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) +- { +- skip = field_len - BN_num_bytes(y); +- if (skip > field_len) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) +- { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(y, buf + i); +- i += skip; +- } +- +- if (i != ret) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; ++ i = 1; ++ ++ skip = field_len - BN_num_bytes(x); ++ if (skip > field_len) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ while (skip > 0) { ++ buf[i++] = 0; ++ skip--; ++ } ++ skip = BN_bn2bin(x, buf + i); ++ i += skip; ++ if (i != 1 + field_len) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (form == POINT_CONVERSION_UNCOMPRESSED ++ || form == POINT_CONVERSION_HYBRID) { ++ skip = field_len - BN_num_bytes(y); ++ if (skip > field_len) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ while (skip > 0) { ++ buf[i++] = 0; ++ skip--; ++ } ++ skip = BN_bn2bin(y, buf + i); ++ i += skip; ++ } ++ ++ if (i != ret) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (used_ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; + + err: +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return 0; +- } +- +- +-/* Converts an octet string representation to an EC_POINT. +- * Note that the simple implementation only uses affine coordinates. ++ if (used_ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return 0; ++} ++ ++/* ++ * Converts an octet string representation to an EC_POINT. Note that the ++ * simple implementation only uses affine coordinates. + */ + int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, +- const unsigned char *buf, size_t len, BN_CTX *ctx) +- { +- point_conversion_form_t form; +- int y_bit; +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y, *yxi; +- size_t field_len, enc_len; +- int ret = 0; +- +- if (len == 0) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- form = buf[0]; +- y_bit = form & 1; +- form = form & ~1U; +- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (form == 0) +- { +- if (len != 1) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- return EC_POINT_set_to_infinity(group, point); +- } +- +- field_len = (EC_GROUP_get_degree(group) + 7) / 8; +- enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; +- +- if (len != enc_len) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- yxi = BN_CTX_get(ctx); +- if (yxi == NULL) goto err; +- +- if (!BN_bin2bn(buf + 1, field_len, x)) goto err; +- if (BN_ucmp(x, &group->field) >= 0) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- +- if (form == POINT_CONVERSION_COMPRESSED) +- { +- if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err; +- } +- else +- { +- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; +- if (BN_ucmp(y, &group->field) >= 0) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- if (form == POINT_CONVERSION_HYBRID) +- { +- if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err; +- if (y_bit != BN_is_odd(yxi)) +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- } +- +- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; +- } +- +- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ +- { +- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } ++ const unsigned char *buf, size_t len, ++ BN_CTX *ctx) ++{ ++ point_conversion_form_t form; ++ int y_bit; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *x, *y, *yxi; ++ size_t field_len, enc_len; ++ int ret = 0; ++ ++ if (len == 0) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); ++ return 0; ++ } ++ form = buf[0]; ++ y_bit = form & 1; ++ form = form & ~1U; ++ if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) ++ && (form != POINT_CONVERSION_UNCOMPRESSED) ++ && (form != POINT_CONVERSION_HYBRID)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ ++ if (form == 0) { ++ if (len != 1) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ ++ return EC_POINT_set_to_infinity(group, point); ++ } ++ ++ field_len = (EC_GROUP_get_degree(group) + 7) / 8; ++ enc_len = ++ (form == ++ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; ++ ++ if (len != enc_len) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ yxi = BN_CTX_get(ctx); ++ if (yxi == NULL) ++ goto err; ++ ++ if (!BN_bin2bn(buf + 1, field_len, x)) ++ goto err; ++ if (BN_ucmp(x, &group->field) >= 0) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ goto err; ++ } ++ ++ if (form == POINT_CONVERSION_COMPRESSED) { ++ if (!EC_POINT_set_compressed_coordinates_GF2m ++ (group, point, x, y_bit, ctx)) ++ goto err; ++ } else { ++ if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) ++ goto err; ++ if (BN_ucmp(y, &group->field) >= 0) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ goto err; ++ } ++ if (form == POINT_CONVERSION_HYBRID) { ++ if (!group->meth->field_div(group, yxi, y, x, ctx)) ++ goto err; ++ if (y_bit != BN_is_odd(yxi)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ goto err; ++ } ++ } ++ ++ if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) ++ goto err; ++ } ++ ++ /* test required by X9.62 */ ++ if (!EC_POINT_is_on_curve(group, point, ctx)) { ++ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); ++ goto err; ++ } ++ ++ ret = 1; + +- +-/* Computes a + b and stores the result in r. r could be a or b, a could be b. +- * Uses algorithm A.10.2 of IEEE P1363. ++ err: ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++/* ++ * Computes a + b and stores the result in r. r could be a or b, a could be ++ * b. Uses algorithm A.10.2 of IEEE P1363. + */ +-int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, a)) +- { +- if (!EC_POINT_copy(r, b)) return 0; +- return 1; +- } +- +- if (EC_POINT_is_at_infinity(group, b)) +- { +- if (!EC_POINT_copy(r, a)) return 0; +- return 1; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x0 = BN_CTX_get(ctx); +- y0 = BN_CTX_get(ctx); +- x1 = BN_CTX_get(ctx); +- y1 = BN_CTX_get(ctx); +- x2 = BN_CTX_get(ctx); +- y2 = BN_CTX_get(ctx); +- s = BN_CTX_get(ctx); +- t = BN_CTX_get(ctx); +- if (t == NULL) goto err; +- +- if (a->Z_is_one) +- { +- if (!BN_copy(x0, &a->X)) goto err; +- if (!BN_copy(y0, &a->Y)) goto err; +- } +- else +- { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err; +- } +- if (b->Z_is_one) +- { +- if (!BN_copy(x1, &b->X)) goto err; +- if (!BN_copy(y1, &b->Y)) goto err; +- } +- else +- { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err; +- } +- +- +- if (BN_GF2m_cmp(x0, x1)) +- { +- if (!BN_GF2m_add(t, x0, x1)) goto err; +- if (!BN_GF2m_add(s, y0, y1)) goto err; +- if (!group->meth->field_div(group, s, s, t, ctx)) goto err; +- if (!group->meth->field_sqr(group, x2, s, ctx)) goto err; +- if (!BN_GF2m_add(x2, x2, &group->a)) goto err; +- if (!BN_GF2m_add(x2, x2, s)) goto err; +- if (!BN_GF2m_add(x2, x2, t)) goto err; +- } +- else +- { +- if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) +- { +- if (!EC_POINT_set_to_infinity(group, r)) goto err; +- ret = 1; +- goto err; +- } +- if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err; +- if (!BN_GF2m_add(s, s, x1)) goto err; +- +- if (!group->meth->field_sqr(group, x2, s, ctx)) goto err; +- if (!BN_GF2m_add(x2, x2, s)) goto err; +- if (!BN_GF2m_add(x2, x2, &group->a)) goto err; +- } +- +- if (!BN_GF2m_add(y2, x1, x2)) goto err; +- if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err; +- if (!BN_GF2m_add(y2, y2, x2)) goto err; +- if (!BN_GF2m_add(y2, y2, y1)) goto err; +- +- if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err; +- +- ret = 1; ++int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; ++ int ret = 0; ++ ++ if (EC_POINT_is_at_infinity(group, a)) { ++ if (!EC_POINT_copy(r, b)) ++ return 0; ++ return 1; ++ } ++ ++ if (EC_POINT_is_at_infinity(group, b)) { ++ if (!EC_POINT_copy(r, a)) ++ return 0; ++ return 1; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ x0 = BN_CTX_get(ctx); ++ y0 = BN_CTX_get(ctx); ++ x1 = BN_CTX_get(ctx); ++ y1 = BN_CTX_get(ctx); ++ x2 = BN_CTX_get(ctx); ++ y2 = BN_CTX_get(ctx); ++ s = BN_CTX_get(ctx); ++ t = BN_CTX_get(ctx); ++ if (t == NULL) ++ goto err; ++ ++ if (a->Z_is_one) { ++ if (!BN_copy(x0, &a->X)) ++ goto err; ++ if (!BN_copy(y0, &a->Y)) ++ goto err; ++ } else { ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) ++ goto err; ++ } ++ if (b->Z_is_one) { ++ if (!BN_copy(x1, &b->X)) ++ goto err; ++ if (!BN_copy(y1, &b->Y)) ++ goto err; ++ } else { ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) ++ goto err; ++ } ++ ++ if (BN_GF2m_cmp(x0, x1)) { ++ if (!BN_GF2m_add(t, x0, x1)) ++ goto err; ++ if (!BN_GF2m_add(s, y0, y1)) ++ goto err; ++ if (!group->meth->field_div(group, s, s, t, ctx)) ++ goto err; ++ if (!group->meth->field_sqr(group, x2, s, ctx)) ++ goto err; ++ if (!BN_GF2m_add(x2, x2, &group->a)) ++ goto err; ++ if (!BN_GF2m_add(x2, x2, s)) ++ goto err; ++ if (!BN_GF2m_add(x2, x2, t)) ++ goto err; ++ } else { ++ if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) { ++ if (!EC_POINT_set_to_infinity(group, r)) ++ goto err; ++ ret = 1; ++ goto err; ++ } ++ if (!group->meth->field_div(group, s, y1, x1, ctx)) ++ goto err; ++ if (!BN_GF2m_add(s, s, x1)) ++ goto err; ++ ++ if (!group->meth->field_sqr(group, x2, s, ctx)) ++ goto err; ++ if (!BN_GF2m_add(x2, x2, s)) ++ goto err; ++ if (!BN_GF2m_add(x2, x2, &group->a)) ++ goto err; ++ } ++ ++ if (!BN_GF2m_add(y2, x1, x2)) ++ goto err; ++ if (!group->meth->field_mul(group, y2, y2, s, ctx)) ++ goto err; ++ if (!BN_GF2m_add(y2, y2, x2)) ++ goto err; ++ if (!BN_GF2m_add(y2, y2, y1)) ++ goto err; ++ ++ if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) ++ goto err; ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-/* Computes 2 * a and stores the result in r. r could be a. +- * Uses algorithm A.10.2 of IEEE P1363. ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++/* ++ * Computes 2 * a and stores the result in r. r could be a. Uses algorithm ++ * A.10.2 of IEEE P1363. + */ +-int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) +- { +- return ec_GF2m_simple_add(group, r, a, a, ctx); +- } +- ++int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ BN_CTX *ctx) ++{ ++ return ec_GF2m_simple_add(group, r, a, a, ctx); ++} + + int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +- { +- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) +- /* point is its own inverse */ +- return 1; +- +- if (!EC_POINT_make_affine(group, point, ctx)) return 0; +- return BN_GF2m_add(&point->Y, &point->X, &point->Y); +- } ++{ ++ if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) ++ /* point is its own inverse */ ++ return 1; + ++ if (!EC_POINT_make_affine(group, point, ctx)) ++ return 0; ++ return BN_GF2m_add(&point->Y, &point->X, &point->Y); ++} + + /* Indicates whether the given point is the point at infinity. */ +-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +- { +- return BN_is_zero(&point->Z); +- } +- +- +-/* Determines whether the given EC_POINT is an actual point on the curve defined ++int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, ++ const EC_POINT *point) ++{ ++ return BN_is_zero(&point->Z); ++} ++ ++/*- ++ * Determines whether the given EC_POINT is an actual point on the curve defined + * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation: + * y^2 + x*y = x^3 + a*x^2 + b. + */ +-int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) +- { +- int ret = -1; +- BN_CTX *new_ctx = NULL; +- BIGNUM *lh, *y2; +- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); +- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- +- if (EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- +- /* only support affine coordinates */ +- if (!point->Z_is_one) return -1; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- y2 = BN_CTX_get(ctx); +- lh = BN_CTX_get(ctx); +- if (lh == NULL) goto err; +- +- /* We have a curve defined by a Weierstrass equation +- * y^2 + x*y = x^3 + a*x^2 + b. +- * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 +- * <=> ((x + a) * x + y ) * x + b + y^2 = 0 +- */ +- if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err; +- if (!field_mul(group, lh, lh, &point->X, ctx)) goto err; +- if (!BN_GF2m_add(lh, lh, &point->Y)) goto err; +- if (!field_mul(group, lh, lh, &point->X, ctx)) goto err; +- if (!BN_GF2m_add(lh, lh, &group->b)) goto err; +- if (!field_sqr(group, y2, &point->Y, ctx)) goto err; +- if (!BN_GF2m_add(lh, lh, y2)) goto err; +- ret = BN_is_zero(lh); ++int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ++ BN_CTX *ctx) ++{ ++ int ret = -1; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *lh, *y2; ++ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, ++ const BIGNUM *, BN_CTX *); ++ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); ++ ++ if (EC_POINT_is_at_infinity(group, point)) ++ return 1; ++ ++ field_mul = group->meth->field_mul; ++ field_sqr = group->meth->field_sqr; ++ ++ /* only support affine coordinates */ ++ if (!point->Z_is_one) ++ return -1; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return -1; ++ } ++ ++ BN_CTX_start(ctx); ++ y2 = BN_CTX_get(ctx); ++ lh = BN_CTX_get(ctx); ++ if (lh == NULL) ++ goto err; ++ ++ /*- ++ * We have a curve defined by a Weierstrass equation ++ * y^2 + x*y = x^3 + a*x^2 + b. ++ * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 ++ * <=> ((x + a) * x + y ) * x + b + y^2 = 0 ++ */ ++ if (!BN_GF2m_add(lh, &point->X, &group->a)) ++ goto err; ++ if (!field_mul(group, lh, lh, &point->X, ctx)) ++ goto err; ++ if (!BN_GF2m_add(lh, lh, &point->Y)) ++ goto err; ++ if (!field_mul(group, lh, lh, &point->X, ctx)) ++ goto err; ++ if (!BN_GF2m_add(lh, lh, &group->b)) ++ goto err; ++ if (!field_sqr(group, y2, &point->Y, ctx)) ++ goto err; ++ if (!BN_GF2m_add(lh, lh, y2)) ++ goto err; ++ ret = BN_is_zero(lh); + err: +- if (ctx) BN_CTX_end(ctx); +- if (new_ctx) BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-/* Indicates whether two points are equal. ++ if (ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++/*- ++ * Indicates whether two points are equal. + * Return values: + * -1 error + * 0 equal (in affine coordinates) + * 1 not equal + */ +-int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) +- { +- BIGNUM *aX, *aY, *bX, *bY; +- BN_CTX *new_ctx = NULL; +- int ret = -1; +- +- if (EC_POINT_is_at_infinity(group, a)) +- { +- return EC_POINT_is_at_infinity(group, b) ? 0 : 1; +- } +- +- if (EC_POINT_is_at_infinity(group, b)) +- return 1; +- +- if (a->Z_is_one && b->Z_is_one) +- { +- return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- aX = BN_CTX_get(ctx); +- aY = BN_CTX_get(ctx); +- bX = BN_CTX_get(ctx); +- bY = BN_CTX_get(ctx); +- if (bY == NULL) goto err; +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err; +- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err; +- ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; +- +- err: +- if (ctx) BN_CTX_end(ctx); +- if (new_ctx) BN_CTX_free(new_ctx); +- return ret; +- } ++int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *ctx) ++{ ++ BIGNUM *aX, *aY, *bX, *bY; ++ BN_CTX *new_ctx = NULL; ++ int ret = -1; ++ ++ if (EC_POINT_is_at_infinity(group, a)) { ++ return EC_POINT_is_at_infinity(group, b) ? 0 : 1; ++ } ++ ++ if (EC_POINT_is_at_infinity(group, b)) ++ return 1; ++ ++ if (a->Z_is_one && b->Z_is_one) { ++ return ((BN_cmp(&a->X, &b->X) == 0) ++ && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return -1; ++ } ++ ++ BN_CTX_start(ctx); ++ aX = BN_CTX_get(ctx); ++ aY = BN_CTX_get(ctx); ++ bX = BN_CTX_get(ctx); ++ bY = BN_CTX_get(ctx); ++ if (bY == NULL) ++ goto err; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) ++ goto err; ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) ++ goto err; ++ ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; + ++ err: ++ if (ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx) ++ BN_CTX_free(new_ctx); ++ return ret; ++} + + /* Forces the given EC_POINT to internally use affine coordinates. */ +-int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y; +- int ret = 0; +- +- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) goto err; +- +- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err; +- if (!BN_copy(&point->X, x)) goto err; +- if (!BN_copy(&point->Y, y)) goto err; +- if (!BN_one(&point->Z)) goto err; +- +- ret = 1; +- +- err: +- if (ctx) BN_CTX_end(ctx); +- if (new_ctx) BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-/* Forces each of the EC_POINTs in the given array to use affine coordinates. */ +-int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) +- { +- size_t i; +- +- for (i = 0; i < num; i++) +- { +- if (!group->meth->make_affine(group, points[i], ctx)) return 0; +- } +- +- return 1; +- } ++int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *x, *y; ++ int ret = 0; ++ ++ if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) ++ return 1; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (y == NULL) ++ goto err; ++ ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) ++ goto err; ++ if (!BN_copy(&point->X, x)) ++ goto err; ++ if (!BN_copy(&point->Y, y)) ++ goto err; ++ if (!BN_one(&point->Z)) ++ goto err; ++ ++ ret = 1; + ++ err: ++ if (ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++/* ++ * Forces each of the EC_POINTs in the given array to use affine coordinates. ++ */ ++int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, ++ EC_POINT *points[], BN_CTX *ctx) ++{ ++ size_t i; + +-/* Wrapper to simple binary polynomial field multiplication implementation. */ +-int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); +- } ++ for (i = 0; i < num; i++) { ++ if (!group->meth->make_affine(group, points[i], ctx)) ++ return 0; ++ } + ++ return 1; ++} + +-/* Wrapper to simple binary polynomial field squaring implementation. */ +-int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +- { +- return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); +- } ++/* Wrapper to simple binary polynomial field multiplication implementation. */ ++int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, ++ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) ++{ ++ return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); ++} + ++/* Wrapper to simple binary polynomial field squaring implementation. */ ++int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, ++ const BIGNUM *a, BN_CTX *ctx) ++{ ++ return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); ++} + + /* Wrapper to simple binary polynomial field division implementation. */ +-int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- return BN_GF2m_mod_div(r, a, b, &group->field, ctx); +- } ++int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, ++ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) ++{ ++ return BN_GF2m_mod_div(r, a, b, &group->field, ctx); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c +index ae55539..4ca2545 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,144 +62,147 @@ + #include + #include + +- + int EC_GROUP_get_basis_type(const EC_GROUP *group) +- { +- int i=0; +- +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != +- NID_X9_62_characteristic_two_field) +- /* everything else is currently not supported */ +- return 0; +- +- while (group->poly[i] != 0) +- i++; +- +- if (i == 4) +- return NID_X9_62_ppBasis; +- else if (i == 2) +- return NID_X9_62_tpBasis; +- else +- /* everything else is currently not supported */ +- return 0; +- } ++{ ++ int i = 0; ++ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != ++ NID_X9_62_characteristic_two_field) ++ /* everything else is currently not supported */ ++ return 0; ++ ++ while (group->poly[i] != 0) ++ i++; ++ ++ if (i == 4) ++ return NID_X9_62_ppBasis; ++ else if (i == 2) ++ return NID_X9_62_tpBasis; ++ else ++ /* everything else is currently not supported */ ++ return 0; ++} + + int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) +- { +- if (group == NULL) +- return 0; +- +- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve +- || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) +- { +- ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- +- if (k) +- *k = group->poly[1]; +- +- return 1; +- } ++{ ++ if (group == NULL) ++ return 0; ++ ++ if (EC_GROUP_method_of(group)->group_set_curve != ++ ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0) ++ && (group->poly[1] != 0) ++ && (group->poly[2] == 0))) { ++ ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ ++ if (k) ++ *k = group->poly[1]; ++ ++ return 1; ++} + + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, +- unsigned int *k2, unsigned int *k3) +- { +- if (group == NULL) +- return 0; +- +- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve +- || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) +- { +- ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- +- if (k1) +- *k1 = group->poly[3]; +- if (k2) +- *k2 = group->poly[2]; +- if (k3) +- *k3 = group->poly[1]; +- +- return 1; +- } +- +- ++ unsigned int *k2, unsigned int *k3) ++{ ++ if (group == NULL) ++ return 0; ++ ++ if (EC_GROUP_method_of(group)->group_set_curve != ++ ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0) ++ && (group->poly[1] != 0) ++ && (group->poly[2] != 0) ++ && (group->poly[3] != 0) ++ && (group->poly[4] == 0))) { ++ ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ ++ if (k1) ++ *k1 = group->poly[3]; ++ if (k2) ++ *k2 = group->poly[2]; ++ if (k3) ++ *k3 = group->poly[1]; ++ ++ return 1; ++} + + /* some structures needed for the asn1 encoding */ + typedef struct x9_62_pentanomial_st { +- long k1; +- long k2; +- long k3; +- } X9_62_PENTANOMIAL; ++ long k1; ++ long k2; ++ long k3; ++} X9_62_PENTANOMIAL; + + typedef struct x9_62_characteristic_two_st { +- long m; +- ASN1_OBJECT *type; +- union { +- char *ptr; +- /* NID_X9_62_onBasis */ +- ASN1_NULL *onBasis; +- /* NID_X9_62_tpBasis */ +- ASN1_INTEGER *tpBasis; +- /* NID_X9_62_ppBasis */ +- X9_62_PENTANOMIAL *ppBasis; +- /* anything else */ +- ASN1_TYPE *other; +- } p; +- } X9_62_CHARACTERISTIC_TWO; ++ long m; ++ ASN1_OBJECT *type; ++ union { ++ char *ptr; ++ /* NID_X9_62_onBasis */ ++ ASN1_NULL *onBasis; ++ /* NID_X9_62_tpBasis */ ++ ASN1_INTEGER *tpBasis; ++ /* NID_X9_62_ppBasis */ ++ X9_62_PENTANOMIAL *ppBasis; ++ /* anything else */ ++ ASN1_TYPE *other; ++ } p; ++} X9_62_CHARACTERISTIC_TWO; + + typedef struct x9_62_fieldid_st { +- ASN1_OBJECT *fieldType; +- union { +- char *ptr; +- /* NID_X9_62_prime_field */ +- ASN1_INTEGER *prime; +- /* NID_X9_62_characteristic_two_field */ +- X9_62_CHARACTERISTIC_TWO *char_two; +- /* anything else */ +- ASN1_TYPE *other; +- } p; +- } X9_62_FIELDID; ++ ASN1_OBJECT *fieldType; ++ union { ++ char *ptr; ++ /* NID_X9_62_prime_field */ ++ ASN1_INTEGER *prime; ++ /* NID_X9_62_characteristic_two_field */ ++ X9_62_CHARACTERISTIC_TWO *char_two; ++ /* anything else */ ++ ASN1_TYPE *other; ++ } p; ++} X9_62_FIELDID; + + typedef struct x9_62_curve_st { +- ASN1_OCTET_STRING *a; +- ASN1_OCTET_STRING *b; +- ASN1_BIT_STRING *seed; +- } X9_62_CURVE; ++ ASN1_OCTET_STRING *a; ++ ASN1_OCTET_STRING *b; ++ ASN1_BIT_STRING *seed; ++} X9_62_CURVE; + + typedef struct ec_parameters_st { +- long version; +- X9_62_FIELDID *fieldID; +- X9_62_CURVE *curve; +- ASN1_OCTET_STRING *base; +- ASN1_INTEGER *order; +- ASN1_INTEGER *cofactor; +- } ECPARAMETERS; ++ long version; ++ X9_62_FIELDID *fieldID; ++ X9_62_CURVE *curve; ++ ASN1_OCTET_STRING *base; ++ ASN1_INTEGER *order; ++ ASN1_INTEGER *cofactor; ++} ECPARAMETERS; + + struct ecpk_parameters_st { +- int type; +- union { +- ASN1_OBJECT *named_curve; +- ECPARAMETERS *parameters; +- ASN1_NULL *implicitlyCA; +- } value; +- }/* ECPKPARAMETERS */; ++ int type; ++ union { ++ ASN1_OBJECT *named_curve; ++ ECPARAMETERS *parameters; ++ ASN1_NULL *implicitlyCA; ++ } value; ++} /* ECPKPARAMETERS */ ; + + /* SEC1 ECPrivateKey */ + typedef struct ec_privatekey_st { +- long version; +- ASN1_OCTET_STRING *privateKey; +- ECPKPARAMETERS *parameters; +- ASN1_BIT_STRING *publicKey; +- } EC_PRIVATEKEY; ++ long version; ++ ASN1_OCTET_STRING *privateKey; ++ ECPKPARAMETERS *parameters; ++ ASN1_BIT_STRING *publicKey; ++} EC_PRIVATEKEY; + + /* the OpenSSL ASN.1 definitions */ + ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { +- ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), +- ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), +- ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) ++ ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG), ++ ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG), ++ ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG) + } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) + + DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) +@@ -208,15 +211,15 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) + ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); + + ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { +- ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), +- ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), +- ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) ++ ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), ++ ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), ++ ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) + } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); + + ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { +- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), +- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), +- ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) ++ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG), ++ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), ++ ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) + } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) + + DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) +@@ -225,37 +228,37 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) + ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); + + ASN1_ADB(X9_62_FIELDID) = { +- ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), +- ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) ++ ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), ++ ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) + } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); + + ASN1_SEQUENCE(X9_62_FIELDID) = { +- ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), +- ASN1_ADB_OBJECT(X9_62_FIELDID) ++ ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), ++ ASN1_ADB_OBJECT(X9_62_FIELDID) + } ASN1_SEQUENCE_END(X9_62_FIELDID) + + ASN1_SEQUENCE(X9_62_CURVE) = { +- ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), +- ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), +- ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) ++ ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ++ ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END(X9_62_CURVE) + + ASN1_SEQUENCE(ECPARAMETERS) = { +- ASN1_SIMPLE(ECPARAMETERS, version, LONG), +- ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), +- ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), +- ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), +- ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), +- ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) ++ ASN1_SIMPLE(ECPARAMETERS, version, LONG), ++ ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ++ ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ++ ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ++ ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) + } ASN1_SEQUENCE_END(ECPARAMETERS) + + DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) + + ASN1_CHOICE(ECPKPARAMETERS) = { +- ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), +- ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), +- ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) ++ ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), ++ ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), ++ ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) + } ASN1_CHOICE_END(ECPKPARAMETERS) + + DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS) +@@ -263,10 +266,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS) + IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS) + + ASN1_SEQUENCE(EC_PRIVATEKEY) = { +- ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), +- ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), +- ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), +- ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) ++ ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), ++ ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), ++ ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), ++ ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) + } ASN1_SEQUENCE_END(EC_PRIVATEKEY) + + DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) +@@ -275,1155 +278,999 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY) + + /* some declarations of internal function */ + +-/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ ++/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ + static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ ++/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ + static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +-/* ec_asn1_parameters2group() creates a EC_GROUP object from a +- * ECPARAMETERS object */ +-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); +-/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a +- * EC_GROUP object */ +-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *); +-/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a +- * ECPKPARAMETERS object */ +-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); +-/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a +- * EC_GROUP object */ +-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, +- ECPKPARAMETERS *); +- ++/* ++ * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS ++ * object ++ */ ++static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); ++/* ++ * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP ++ * object ++ */ ++static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ++ ECPARAMETERS *); ++/* ++ * ec_asn1_pkparameters2group() creates a EC_GROUP object from a ++ * ECPKPARAMETERS object ++ */ ++static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); ++/* ++ * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a ++ * EC_GROUP object ++ */ ++static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, ++ ECPKPARAMETERS *); + + /* the function definitions */ + + static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) +- { +- int ok=0, nid; +- BIGNUM *tmp = NULL; +- +- if (group == NULL || field == NULL) +- return 0; +- +- /* clear the old values (if necessary) */ +- if (field->fieldType != NULL) +- ASN1_OBJECT_free(field->fieldType); +- if (field->p.other != NULL) +- ASN1_TYPE_free(field->p.other); +- +- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); +- /* set OID for the field */ +- if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); +- goto err; +- } +- +- if (nid == NID_X9_62_prime_field) +- { +- if ((tmp = BN_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- /* the parameters are specified by the prime number p */ +- if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); +- goto err; +- } +- /* set the prime number */ +- field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL); +- if (field->p.prime == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); +- goto err; +- } +- } +- else /* nid == NID_X9_62_characteristic_two_field */ +- { +- int field_type; +- X9_62_CHARACTERISTIC_TWO *char_two; +- +- field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); +- char_two = field->p.char_two; +- +- if (char_two == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- char_two->m = (long)EC_GROUP_get_degree(group); +- +- field_type = EC_GROUP_get_basis_type(group); +- +- if (field_type == 0) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); +- goto err; +- } +- /* set base type OID */ +- if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); +- goto err; +- } +- +- if (field_type == NID_X9_62_tpBasis) +- { +- unsigned int k; +- +- if (!EC_GROUP_get_trinomial_basis(group, &k)) +- goto err; +- +- char_two->p.tpBasis = ASN1_INTEGER_new(); +- if (!char_two->p.tpBasis) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, +- ERR_R_ASN1_LIB); +- goto err; +- } +- } +- else if (field_type == NID_X9_62_ppBasis) +- { +- unsigned int k1, k2, k3; +- +- if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) +- goto err; +- +- char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); +- if (!char_two->p.ppBasis) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* set k? values */ +- char_two->p.ppBasis->k1 = (long)k1; +- char_two->p.ppBasis->k2 = (long)k2; +- char_two->p.ppBasis->k3 = (long)k3; +- } +- else /* field_type == NID_X9_62_onBasis */ +- { +- /* for ONB the parameters are (asn1) NULL */ +- char_two->p.onBasis = ASN1_NULL_new(); +- if (!char_two->p.onBasis) +- { +- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- } +- +- ok = 1; +- +-err : if (tmp) +- BN_free(tmp); +- return(ok); ++{ ++ int ok = 0, nid; ++ BIGNUM *tmp = NULL; ++ ++ if (group == NULL || field == NULL) ++ return 0; ++ ++ /* clear the old values (if necessary) */ ++ if (field->fieldType != NULL) ++ ASN1_OBJECT_free(field->fieldType); ++ if (field->p.other != NULL) ++ ASN1_TYPE_free(field->p.other); ++ ++ nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); ++ /* set OID for the field */ ++ if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); ++ goto err; ++ } ++ ++ if (nid == NID_X9_62_prime_field) { ++ if ((tmp = BN_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ /* the parameters are specified by the prime number p */ ++ if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); ++ goto err; ++ } ++ /* set the prime number */ ++ field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); ++ if (field->p.prime == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } else { /* nid == NID_X9_62_characteristic_two_field */ ++ ++ int field_type; ++ X9_62_CHARACTERISTIC_TWO *char_two; ++ ++ field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); ++ char_two = field->p.char_two; ++ ++ if (char_two == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ char_two->m = (long)EC_GROUP_get_degree(group); ++ ++ field_type = EC_GROUP_get_basis_type(group); ++ ++ if (field_type == 0) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); ++ goto err; ++ } ++ /* set base type OID */ ++ if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB); ++ goto err; ++ } ++ ++ if (field_type == NID_X9_62_tpBasis) { ++ unsigned int k; ++ ++ if (!EC_GROUP_get_trinomial_basis(group, &k)) ++ goto err; ++ ++ char_two->p.tpBasis = ASN1_INTEGER_new(); ++ if (!char_two->p.tpBasis) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } else if (field_type == NID_X9_62_ppBasis) { ++ unsigned int k1, k2, k3; ++ ++ if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) ++ goto err; ++ ++ char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); ++ if (!char_two->p.ppBasis) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* set k? values */ ++ char_two->p.ppBasis->k1 = (long)k1; ++ char_two->p.ppBasis->k2 = (long)k2; ++ char_two->p.ppBasis->k3 = (long)k3; ++ } else { /* field_type == NID_X9_62_onBasis */ ++ ++ /* for ONB the parameters are (asn1) NULL */ ++ char_two->p.onBasis = ASN1_NULL_new(); ++ if (!char_two->p.onBasis) { ++ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ } ++ ++ ok = 1; ++ ++ err:if (tmp) ++ BN_free(tmp); ++ return (ok); + } + + static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) +- { +- int ok=0, nid; +- BIGNUM *tmp_1=NULL, *tmp_2=NULL; +- unsigned char *buffer_1=NULL, *buffer_2=NULL, +- *a_buf=NULL, *b_buf=NULL; +- size_t len_1, len_2; +- unsigned char char_zero = 0; +- +- if (!group || !curve || !curve->a || !curve->b) +- return 0; +- +- if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); +- +- /* get a and b */ +- if (nid == NID_X9_62_prime_field) +- { +- if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); +- goto err; +- } +- } +- else /* nid == NID_X9_62_characteristic_two_field */ +- { +- if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- len_1 = (size_t)BN_num_bytes(tmp_1); +- len_2 = (size_t)BN_num_bytes(tmp_2); +- +- if (len_1 == 0) +- { +- /* len_1 == 0 => a == 0 */ +- a_buf = &char_zero; +- len_1 = 1; +- } +- else +- { +- if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); +- goto err; +- } +- a_buf = buffer_1; +- } +- +- if (len_2 == 0) +- { +- /* len_2 == 0 => b == 0 */ +- b_buf = &char_zero; +- len_2 = 1; +- } +- else +- { +- if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); +- goto err; +- } +- b_buf = buffer_2; +- } +- +- /* set a and b */ +- if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || +- !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); +- goto err; +- } +- +- /* set the seed (optional) */ +- if (group->seed) +- { +- if (!curve->seed) +- if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +- curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (!ASN1_BIT_STRING_set(curve->seed, group->seed, +- (int)group->seed_len)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); +- goto err; +- } +- } +- else +- { +- if (curve->seed) +- { +- ASN1_BIT_STRING_free(curve->seed); +- curve->seed = NULL; +- } +- } +- +- ok = 1; +- +-err: if (buffer_1) +- OPENSSL_free(buffer_1); +- if (buffer_2) +- OPENSSL_free(buffer_2); +- if (tmp_1) +- BN_free(tmp_1); +- if (tmp_2) +- BN_free(tmp_2); +- return(ok); +- } ++{ ++ int ok = 0, nid; ++ BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; ++ unsigned char *buffer_1 = NULL, *buffer_2 = NULL, ++ *a_buf = NULL, *b_buf = NULL; ++ size_t len_1, len_2; ++ unsigned char char_zero = 0; ++ ++ if (!group || !curve || !curve->a || !curve->b) ++ return 0; ++ ++ if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); ++ ++ /* get a and b */ ++ if (nid == NID_X9_62_prime_field) { ++ if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { /* nid == NID_X9_62_characteristic_two_field */ ++ ++ if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ len_1 = (size_t)BN_num_bytes(tmp_1); ++ len_2 = (size_t)BN_num_bytes(tmp_2); ++ ++ if (len_1 == 0) { ++ /* len_1 == 0 => a == 0 */ ++ a_buf = &char_zero; ++ len_1 = 1; ++ } else { ++ if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); ++ goto err; ++ } ++ a_buf = buffer_1; ++ } ++ ++ if (len_2 == 0) { ++ /* len_2 == 0 => b == 0 */ ++ b_buf = &char_zero; ++ len_2 = 1; ++ } else { ++ if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB); ++ goto err; ++ } ++ b_buf = buffer_2; ++ } ++ ++ /* set a and b */ ++ if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) || ++ !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ ++ /* set the seed (optional) */ ++ if (group->seed) { ++ if (!curve->seed) ++ if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ if (!ASN1_BIT_STRING_set(curve->seed, group->seed, ++ (int)group->seed_len)) { ++ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } else { ++ if (curve->seed) { ++ ASN1_BIT_STRING_free(curve->seed); ++ curve->seed = NULL; ++ } ++ } ++ ++ ok = 1; ++ ++ err:if (buffer_1) ++ OPENSSL_free(buffer_1); ++ if (buffer_2) ++ OPENSSL_free(buffer_2); ++ if (tmp_1) ++ BN_free(tmp_1); ++ if (tmp_2) ++ BN_free(tmp_2); ++ return (ok); ++} + + static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, + ECPARAMETERS *param) +- { +- int ok=0; +- size_t len=0; +- ECPARAMETERS *ret=NULL; +- BIGNUM *tmp=NULL; +- unsigned char *buffer=NULL; +- const EC_POINT *point=NULL; +- point_conversion_form_t form; +- +- if ((tmp = BN_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (param == NULL) +- { +- if ((ret = ECPARAMETERS_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- else +- ret = param; +- +- /* set the version (always one) */ +- ret->version = (long)0x1; +- +- /* set the fieldID */ +- if (!ec_asn1_group2fieldid(group, ret->fieldID)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- +- /* set the curve */ +- if (!ec_asn1_group2curve(group, ret->curve)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- +- /* set the base point */ +- if ((point = EC_GROUP_get0_generator(group)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- +- form = EC_GROUP_get_point_conversion_form(group); +- +- len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); +- if (len == 0) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- if ((buffer = OPENSSL_malloc(len)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); +- goto err; +- } +- +- /* set the order */ +- if (!EC_GROUP_get_order(group, tmp, NULL)) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); +- goto err; +- } +- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); +- if (ret->order == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); +- goto err; +- } +- +- /* set the cofactor (optional) */ +- if (EC_GROUP_get_cofactor(group, tmp, NULL)) +- { +- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); +- if (ret->cofactor == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); +- goto err; +- } +- } +- +- ok = 1; +- +-err : if(!ok) +- { +- if (ret && !param) +- ECPARAMETERS_free(ret); +- ret = NULL; +- } +- if (tmp) +- BN_free(tmp); +- if (buffer) +- OPENSSL_free(buffer); +- return(ret); +- } +- +-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, ++{ ++ int ok = 0; ++ size_t len = 0; ++ ECPARAMETERS *ret = NULL; ++ BIGNUM *tmp = NULL; ++ unsigned char *buffer = NULL; ++ const EC_POINT *point = NULL; ++ point_conversion_form_t form; ++ ++ if ((tmp = BN_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (param == NULL) { ++ if ((ret = ECPARAMETERS_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } else ++ ret = param; ++ ++ /* set the version (always one) */ ++ ret->version = (long)0x1; ++ ++ /* set the fieldID */ ++ if (!ec_asn1_group2fieldid(group, ret->fieldID)) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* set the curve */ ++ if (!ec_asn1_group2curve(group, ret->curve)) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* set the base point */ ++ if ((point = EC_GROUP_get0_generator(group)) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR); ++ goto err; ++ } ++ ++ form = EC_GROUP_get_point_conversion_form(group); ++ ++ len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); ++ if (len == 0) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); ++ goto err; ++ } ++ if ((buffer = OPENSSL_malloc(len)) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ ++ /* set the order */ ++ if (!EC_GROUP_get_order(group, tmp, NULL)) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB); ++ goto err; ++ } ++ ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); ++ if (ret->order == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ ++ /* set the cofactor (optional) */ ++ if (EC_GROUP_get_cofactor(group, tmp, NULL)) { ++ ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); ++ if (ret->cofactor == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } ++ ++ ok = 1; ++ ++ err:if (!ok) { ++ if (ret && !param) ++ ECPARAMETERS_free(ret); ++ ret = NULL; ++ } ++ if (tmp) ++ BN_free(tmp); ++ if (buffer) ++ OPENSSL_free(buffer); ++ return (ret); ++} ++ ++ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, + ECPKPARAMETERS *params) +- { +- int ok = 1, tmp; +- ECPKPARAMETERS *ret = params; +- +- if (ret == NULL) +- { +- if ((ret = ECPKPARAMETERS_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, +- ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- } +- else +- { +- if (ret->type == 0 && ret->value.named_curve) +- ASN1_OBJECT_free(ret->value.named_curve); +- else if (ret->type == 1 && ret->value.parameters) +- ECPARAMETERS_free(ret->value.parameters); +- } +- +- if (EC_GROUP_get_asn1_flag(group)) +- { +- /* use the asn1 OID to describe the +- * the elliptic curve parameters +- */ +- tmp = EC_GROUP_get_curve_name(group); +- if (tmp) +- { +- ret->type = 0; +- if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) +- ok = 0; +- } +- else +- /* we don't kmow the nid => ERROR */ +- ok = 0; +- } +- else +- { +- /* use the ECPARAMETERS structure */ +- ret->type = 1; +- if ((ret->value.parameters = ec_asn1_group2parameters( +- group, NULL)) == NULL) +- ok = 0; +- } +- +- if (!ok) +- { +- ECPKPARAMETERS_free(ret); +- return NULL; +- } +- return ret; +- } ++{ ++ int ok = 1, tmp; ++ ECPKPARAMETERS *ret = params; ++ ++ if (ret == NULL) { ++ if ((ret = ECPKPARAMETERS_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ } else { ++ if (ret->type == 0 && ret->value.named_curve) ++ ASN1_OBJECT_free(ret->value.named_curve); ++ else if (ret->type == 1 && ret->value.parameters) ++ ECPARAMETERS_free(ret->value.parameters); ++ } ++ ++ if (EC_GROUP_get_asn1_flag(group)) { ++ /* ++ * use the asn1 OID to describe the the elliptic curve parameters ++ */ ++ tmp = EC_GROUP_get_curve_name(group); ++ if (tmp) { ++ ret->type = 0; ++ if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) ++ ok = 0; ++ } else ++ /* we don't kmow the nid => ERROR */ ++ ok = 0; ++ } else { ++ /* use the ECPARAMETERS structure */ ++ ret->type = 1; ++ if ((ret->value.parameters = ++ ec_asn1_group2parameters(group, NULL)) == NULL) ++ ok = 0; ++ } ++ ++ if (!ok) { ++ ECPKPARAMETERS_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) +- { +- int ok = 0, tmp; +- EC_GROUP *ret = NULL; +- BIGNUM *p = NULL, *a = NULL, *b = NULL; +- EC_POINT *point=NULL; +- long field_bits; +- +- if (!params->fieldID || !params->fieldID->fieldType || +- !params->fieldID->p.ptr) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- /* now extract the curve parameters a and b */ +- if (!params->curve || !params->curve->a || +- !params->curve->a->data || !params->curve->b || +- !params->curve->b->data) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); +- if (a == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); +- goto err; +- } +- b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); +- if (b == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); +- goto err; +- } +- +- /* get the field parameters */ +- tmp = OBJ_obj2nid(params->fieldID->fieldType); +- +- if (tmp == NID_X9_62_characteristic_two_field) +- { +- X9_62_CHARACTERISTIC_TWO *char_two; +- +- char_two = params->fieldID->p.char_two; +- +- field_bits = char_two->m; +- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); +- goto err; +- } +- +- if ((p = BN_new()) == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* get the base type */ +- tmp = OBJ_obj2nid(char_two->type); +- +- if (tmp == NID_X9_62_tpBasis) +- { +- long tmp_long; +- +- if (!char_two->p.tpBasis) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); +- +- if (!(char_two->m > tmp_long && tmp_long > 0)) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS); +- goto err; +- } +- +- /* create the polynomial */ +- if (!BN_set_bit(p, (int)char_two->m)) +- goto err; +- if (!BN_set_bit(p, (int)tmp_long)) +- goto err; +- if (!BN_set_bit(p, 0)) +- goto err; +- } +- else if (tmp == NID_X9_62_ppBasis) +- { +- X9_62_PENTANOMIAL *penta; +- +- penta = char_two->p.ppBasis; +- if (!penta) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS); +- goto err; +- } +- +- /* create the polynomial */ +- if (!BN_set_bit(p, (int)char_two->m)) goto err; +- if (!BN_set_bit(p, (int)penta->k1)) goto err; +- if (!BN_set_bit(p, (int)penta->k2)) goto err; +- if (!BN_set_bit(p, (int)penta->k3)) goto err; +- if (!BN_set_bit(p, 0)) goto err; +- } +- else if (tmp == NID_X9_62_onBasis) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); +- goto err; +- } +- else /* error */ +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- /* create the EC_GROUP structure */ +- ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); +- } +- else if (tmp == NID_X9_62_prime_field) +- { +- /* we have a curve over a prime field */ +- /* extract the prime number */ +- if (!params->fieldID->p.prime) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); +- if (p == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); +- goto err; +- } +- +- if (BN_is_negative(p) || BN_is_zero(p)) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); +- goto err; +- } +- +- field_bits = BN_num_bits(p); +- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); +- goto err; +- } +- +- /* create the EC_GROUP structure */ +- ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); +- } +- else +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); +- goto err; +- } +- +- if (ret == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); +- goto err; +- } +- +- /* extract seed (optional) */ +- if (params->curve->seed != NULL) +- { +- if (ret->seed != NULL) +- OPENSSL_free(ret->seed); +- if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- memcpy(ret->seed, params->curve->seed->data, +- params->curve->seed->length); +- ret->seed_len = params->curve->seed->length; +- } +- +- if (!params->order || !params->base || !params->base->data) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); +- goto err; +- } +- +- if ((point = EC_POINT_new(ret)) == NULL) goto err; +- +- /* set the point conversion form */ +- EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) +- (params->base->data[0] & ~0x01)); +- +- /* extract the ec point */ +- if (!EC_POINT_oct2point(ret, point, params->base->data, +- params->base->length, NULL)) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); +- goto err; +- } +- +- /* extract the order */ +- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); +- goto err; +- } +- if (BN_is_negative(a) || BN_is_zero(a)) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */ +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- +- /* extract the cofactor (optional) */ +- if (params->cofactor == NULL) +- { +- if (b) +- { +- BN_free(b); +- b = NULL; +- } +- } +- else +- if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); +- goto err; +- } +- /* set the generator, order and cofactor (if present) */ +- if (!EC_GROUP_set_generator(ret, point, a, b)) +- { +- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); +- goto err; +- } +- +- ok = 1; +- +-err: if (!ok) +- { +- if (ret) +- EC_GROUP_clear_free(ret); +- ret = NULL; +- } +- +- if (p) +- BN_free(p); +- if (a) +- BN_free(a); +- if (b) +- BN_free(b); +- if (point) +- EC_POINT_free(point); +- return(ret); ++{ ++ int ok = 0, tmp; ++ EC_GROUP *ret = NULL; ++ BIGNUM *p = NULL, *a = NULL, *b = NULL; ++ EC_POINT *point = NULL; ++ long field_bits; ++ ++ if (!params->fieldID || !params->fieldID->fieldType || ++ !params->fieldID->p.ptr) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ ++ /* now extract the curve parameters a and b */ ++ if (!params->curve || !params->curve->a || ++ !params->curve->a->data || !params->curve->b || ++ !params->curve->b->data) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); ++ if (a == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); ++ goto err; ++ } ++ b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); ++ if (b == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ /* get the field parameters */ ++ tmp = OBJ_obj2nid(params->fieldID->fieldType); ++ ++ if (tmp == NID_X9_62_characteristic_two_field) { ++ X9_62_CHARACTERISTIC_TWO *char_two; ++ ++ char_two = params->fieldID->p.char_two; ++ ++ field_bits = char_two->m; ++ if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); ++ goto err; ++ } ++ ++ if ((p = BN_new()) == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* get the base type */ ++ tmp = OBJ_obj2nid(char_two->type); ++ ++ if (tmp == NID_X9_62_tpBasis) { ++ long tmp_long; ++ ++ if (!char_two->p.tpBasis) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ ++ tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); ++ ++ if (!(char_two->m > tmp_long && tmp_long > 0)) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ++ EC_R_INVALID_TRINOMIAL_BASIS); ++ goto err; ++ } ++ ++ /* create the polynomial */ ++ if (!BN_set_bit(p, (int)char_two->m)) ++ goto err; ++ if (!BN_set_bit(p, (int)tmp_long)) ++ goto err; ++ if (!BN_set_bit(p, 0)) ++ goto err; ++ } else if (tmp == NID_X9_62_ppBasis) { ++ X9_62_PENTANOMIAL *penta; ++ ++ penta = char_two->p.ppBasis; ++ if (!penta) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ ++ if (! ++ (char_two->m > penta->k3 && penta->k3 > penta->k2 ++ && penta->k2 > penta->k1 && penta->k1 > 0)) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ++ EC_R_INVALID_PENTANOMIAL_BASIS); ++ goto err; ++ } ++ ++ /* create the polynomial */ ++ if (!BN_set_bit(p, (int)char_two->m)) ++ goto err; ++ if (!BN_set_bit(p, (int)penta->k1)) ++ goto err; ++ if (!BN_set_bit(p, (int)penta->k2)) ++ goto err; ++ if (!BN_set_bit(p, (int)penta->k3)) ++ goto err; ++ if (!BN_set_bit(p, 0)) ++ goto err; ++ } else if (tmp == NID_X9_62_onBasis) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED); ++ goto err; ++ } else { /* error */ ++ ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ ++ /* create the EC_GROUP structure */ ++ ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); ++ } else if (tmp == NID_X9_62_prime_field) { ++ /* we have a curve over a prime field */ ++ /* extract the prime number */ ++ if (!params->fieldID->p.prime) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); ++ if (p == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ ++ if (BN_is_negative(p) || BN_is_zero(p)) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); ++ goto err; ++ } ++ ++ field_bits = BN_num_bits(p); ++ if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE); ++ goto err; ++ } ++ ++ /* create the EC_GROUP structure */ ++ ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); ++ } else { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD); ++ goto err; ++ } ++ ++ if (ret == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* extract seed (optional) */ ++ if (params->curve->seed != NULL) { ++ if (ret->seed != NULL) ++ OPENSSL_free(ret->seed); ++ if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ memcpy(ret->seed, params->curve->seed->data, ++ params->curve->seed->length); ++ ret->seed_len = params->curve->seed->length; ++ } ++ ++ if (!params->order || !params->base || !params->base->data) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ goto err; ++ } ++ ++ if ((point = EC_POINT_new(ret)) == NULL) ++ goto err; ++ ++ /* set the point conversion form */ ++ EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) ++ (params->base->data[0] & ~0x01)); ++ ++ /* extract the ec point */ ++ if (!EC_POINT_oct2point(ret, point, params->base->data, ++ params->base->length, NULL)) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ /* extract the order */ ++ if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ if (BN_is_negative(a) || BN_is_zero(a)) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); ++ goto err; ++ } ++ if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER); ++ goto err; ++ } ++ ++ /* extract the cofactor (optional) */ ++ if (params->cofactor == NULL) { ++ if (b) { ++ BN_free(b); ++ b = NULL; ++ } ++ } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ /* set the generator, order and cofactor (if present) */ ++ if (!EC_GROUP_set_generator(ret, point, a, b)) { ++ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ ok = 1; ++ ++ err:if (!ok) { ++ if (ret) ++ EC_GROUP_clear_free(ret); ++ ret = NULL; ++ } ++ ++ if (p) ++ BN_free(p); ++ if (a) ++ BN_free(a); ++ if (b) ++ BN_free(b); ++ if (point) ++ EC_POINT_free(point); ++ return (ret); + } + + EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params) +- { +- EC_GROUP *ret=NULL; +- int tmp=0; +- +- if (params == NULL) +- { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, +- EC_R_MISSING_PARAMETERS); +- return NULL; +- } +- +- if (params->type == 0) +- { /* the curve is given by an OID */ +- tmp = OBJ_obj2nid(params->value.named_curve); +- if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) +- { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, +- EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); +- return NULL; +- } +- EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); +- } +- else if (params->type == 1) +- { /* the parameters are given by a ECPARAMETERS +- * structure */ +- ret = ec_asn1_parameters2group(params->value.parameters); +- if (!ret) +- { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); +- return NULL; +- } +- EC_GROUP_set_asn1_flag(ret, 0x0); +- } +- else if (params->type == 2) +- { /* implicitlyCA */ +- return NULL; +- } +- else +- { +- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); +- return NULL; +- } +- +- return ret; +- } ++{ ++ EC_GROUP *ret = NULL; ++ int tmp = 0; ++ ++ if (params == NULL) { ++ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS); ++ return NULL; ++ } ++ ++ if (params->type == 0) { /* the curve is given by an OID */ ++ tmp = OBJ_obj2nid(params->value.named_curve); ++ if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { ++ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ++ EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); ++ return NULL; ++ } ++ EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); ++ } else if (params->type == 1) { /* the parameters are given by a ++ * ECPARAMETERS structure */ ++ ret = ec_asn1_parameters2group(params->value.parameters); ++ if (!ret) { ++ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB); ++ return NULL; ++ } ++ EC_GROUP_set_asn1_flag(ret, 0x0); ++ } else if (params->type == 2) { /* implicitlyCA */ ++ return NULL; ++ } else { ++ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR); ++ return NULL; ++ } ++ ++ return ret; ++} + + /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ + + EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) +- { +- EC_GROUP *group = NULL; +- ECPKPARAMETERS *params = NULL; +- +- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) +- { +- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); +- ECPKPARAMETERS_free(params); +- return NULL; +- } +- +- if ((group = ec_asn1_pkparameters2group(params)) == NULL) +- { +- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); +- return NULL; +- } +- +- +- if (a && *a) +- EC_GROUP_clear_free(*a); +- if (a) +- *a = group; +- +- ECPKPARAMETERS_free(params); +- return(group); +- } ++{ ++ EC_GROUP *group = NULL; ++ ECPKPARAMETERS *params = NULL; ++ ++ if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { ++ ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE); ++ ECPKPARAMETERS_free(params); ++ return NULL; ++ } ++ ++ if ((group = ec_asn1_pkparameters2group(params)) == NULL) { ++ ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE); ++ return NULL; ++ } ++ ++ if (a && *a) ++ EC_GROUP_clear_free(*a); ++ if (a) ++ *a = group; ++ ++ ECPKPARAMETERS_free(params); ++ return (group); ++} + + int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) +- { +- int ret=0; +- ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); +- if (tmp == NULL) +- { +- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); +- return 0; +- } +- if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) +- { +- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); +- ECPKPARAMETERS_free(tmp); +- return 0; +- } +- ECPKPARAMETERS_free(tmp); +- return(ret); +- } ++{ ++ int ret = 0; ++ ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); ++ if (tmp == NULL) { ++ ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE); ++ return 0; ++ } ++ if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { ++ ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE); ++ ECPKPARAMETERS_free(tmp); ++ return 0; ++ } ++ ECPKPARAMETERS_free(tmp); ++ return (ret); ++} + + /* some EC_KEY functions */ + + EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) +- { +- int ok=0; +- EC_KEY *ret=NULL; +- EC_PRIVATEKEY *priv_key=NULL; +- +- if ((priv_key = EC_PRIVATEKEY_new()) == NULL) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- EC_PRIVATEKEY_free(priv_key); +- return NULL; +- } +- +- if (a == NULL || *a == NULL) +- { +- if ((ret = EC_KEY_new()) == NULL) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (a) +- *a = ret; +- } +- else +- ret = *a; +- +- if (priv_key->parameters) +- { +- if (ret->group) +- EC_GROUP_clear_free(ret->group); +- ret->group = ec_asn1_pkparameters2group(priv_key->parameters); +- } +- +- if (ret->group == NULL) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- +- ret->version = priv_key->version; +- +- if (priv_key->privateKey) +- { +- ret->priv_key = BN_bin2bn( +- M_ASN1_STRING_data(priv_key->privateKey), +- M_ASN1_STRING_length(priv_key->privateKey), +- ret->priv_key); +- if (ret->priv_key == NULL) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, +- ERR_R_BN_LIB); +- goto err; +- } +- } +- else +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, +- EC_R_MISSING_PRIVATE_KEY); +- goto err; +- } +- +- if (priv_key->publicKey) +- { +- const unsigned char *pub_oct; +- size_t pub_oct_len; +- +- if (ret->pub_key) +- EC_POINT_clear_free(ret->pub_key); +- ret->pub_key = EC_POINT_new(ret->group); +- if (ret->pub_key == NULL) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- pub_oct = M_ASN1_STRING_data(priv_key->publicKey); +- pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); +- /* save the point conversion form */ +- ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); +- if (!EC_POINT_oct2point(ret->group, ret->pub_key, +- pub_oct, pub_oct_len, NULL)) +- { +- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- ok = 1; +-err: +- if (!ok) +- { +- if (ret) +- EC_KEY_free(ret); +- ret = NULL; +- } +- +- if (priv_key) +- EC_PRIVATEKEY_free(priv_key); +- +- return(ret); +- } +- +-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) +- { +- int ret=0, ok=0; +- unsigned char *buffer=NULL; +- size_t buf_len=0, tmp_len; +- EC_PRIVATEKEY *priv_key=NULL; +- +- if (a == NULL || a->group == NULL || a->priv_key == NULL) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, +- ERR_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- +- if ((priv_key = EC_PRIVATEKEY_new()) == NULL) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- priv_key->version = a->version; +- +- buf_len = (size_t)BN_num_bytes(a->priv_key); +- buffer = OPENSSL_malloc(buf_len); +- if (buffer == NULL) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!BN_bn2bin(a->priv_key, buffer)) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); +- goto err; +- } +- +- if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- +- if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) +- { +- if ((priv_key->parameters = ec_asn1_group2pkparameters( +- a->group, priv_key->parameters)) == NULL) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) +- { +- priv_key->publicKey = M_ASN1_BIT_STRING_new(); +- if (priv_key->publicKey == NULL) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- tmp_len = EC_POINT_point2oct(a->group, a->pub_key, +- a->conv_form, NULL, 0, NULL); +- +- if (tmp_len > buf_len) +- { +- unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); +- if (!tmp_buffer) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- buffer = tmp_buffer; +- buf_len = tmp_len; +- } +- +- if (!EC_POINT_point2oct(a->group, a->pub_key, +- a->conv_form, buffer, buf_len, NULL)) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- +- priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); +- priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, +- buf_len)) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); +- goto err; +- } +- } +- +- if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) +- { +- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); +- goto err; +- } +- ok=1; +-err: +- if (buffer) +- OPENSSL_free(buffer); +- if (priv_key) +- EC_PRIVATEKEY_free(priv_key); +- return(ok?ret:0); +- } ++{ ++ int ok = 0; ++ EC_KEY *ret = NULL; ++ EC_PRIVATEKEY *priv_key = NULL; ++ ++ if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); ++ EC_PRIVATEKEY_free(priv_key); ++ return NULL; ++ } ++ ++ if (a == NULL || *a == NULL) { ++ if ((ret = EC_KEY_new()) == NULL) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } else ++ ret = *a; ++ ++ if (priv_key->parameters) { ++ if (ret->group) ++ EC_GROUP_clear_free(ret->group); ++ ret->group = ec_asn1_pkparameters2group(priv_key->parameters); ++ } ++ ++ if (ret->group == NULL) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ ret->version = priv_key->version; ++ ++ if (priv_key->privateKey) { ++ ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey), ++ M_ASN1_STRING_length(priv_key->privateKey), ++ ret->priv_key); ++ if (ret->priv_key == NULL) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB); ++ goto err; ++ } ++ } else { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY); ++ goto err; ++ } ++ ++ if (priv_key->publicKey) { ++ const unsigned char *pub_oct; ++ size_t pub_oct_len; ++ ++ if (ret->pub_key) ++ EC_POINT_clear_free(ret->pub_key); ++ ret->pub_key = EC_POINT_new(ret->group); ++ if (ret->pub_key == NULL) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ pub_oct = M_ASN1_STRING_data(priv_key->publicKey); ++ pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); ++ /* save the point conversion form */ ++ ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); ++ if (!EC_POINT_oct2point(ret->group, ret->pub_key, ++ pub_oct, pub_oct_len, NULL)) { ++ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ if (a) ++ *a = ret; ++ ok = 1; ++ err: ++ if (!ok) { ++ if (ret && (a == NULL || *a != ret)) ++ EC_KEY_free(ret); ++ ret = NULL; ++ } ++ ++ if (priv_key) ++ EC_PRIVATEKEY_free(priv_key); ++ ++ return (ret); ++} ++ ++int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) ++{ ++ int ret = 0, ok = 0; ++ unsigned char *buffer = NULL; ++ size_t buf_len = 0, tmp_len; ++ EC_PRIVATEKEY *priv_key = NULL; ++ ++ if (a == NULL || a->group == NULL || a->priv_key == NULL) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ ++ if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ priv_key->version = a->version; ++ ++ buf_len = (size_t)BN_num_bytes(a->priv_key); ++ buffer = OPENSSL_malloc(buf_len); ++ if (buffer == NULL) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!BN_bn2bin(a->priv_key, buffer)) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ ++ if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { ++ if ((priv_key->parameters = ++ ec_asn1_group2pkparameters(a->group, ++ priv_key->parameters)) == NULL) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) { ++ priv_key->publicKey = M_ASN1_BIT_STRING_new(); ++ if (priv_key->publicKey == NULL) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ tmp_len = EC_POINT_point2oct(a->group, a->pub_key, ++ a->conv_form, NULL, 0, NULL); ++ ++ if (tmp_len > buf_len) { ++ unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len); ++ if (!tmp_buffer) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ buffer = tmp_buffer; ++ buf_len = tmp_len; ++ } ++ ++ if (!EC_POINT_point2oct(a->group, a->pub_key, ++ a->conv_form, buffer, buf_len, NULL)) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } ++ ++ if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { ++ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ ok = 1; ++ err: ++ if (buffer) ++ OPENSSL_free(buffer); ++ if (priv_key) ++ EC_PRIVATEKEY_free(priv_key); ++ return (ok ? ret : 0); ++} + + int i2d_ECParameters(EC_KEY *a, unsigned char **out) +- { +- if (a == NULL) +- { +- ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- return i2d_ECPKParameters(a->group, out); +- } ++{ ++ if (a == NULL) { ++ ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ return i2d_ECPKParameters(a->group, out); ++} + + EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) +- { +- EC_KEY *ret; +- +- if (in == NULL || *in == NULL) +- { +- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- +- if (a == NULL || *a == NULL) +- { +- if ((ret = EC_KEY_new()) == NULL) +- { +- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- if (a) +- *a = ret; +- } +- else +- ret = *a; +- +- if (!d2i_ECPKParameters(&ret->group, in, len)) +- { +- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); +- return NULL; +- } +- +- return ret; +- } ++{ ++ EC_KEY *ret; ++ ++ if (in == NULL || *in == NULL) { ++ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ if (a == NULL || *a == NULL) { ++ if ((ret = EC_KEY_new()) == NULL) { ++ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ } else ++ ret = *a; ++ ++ if (!d2i_ECPKParameters(&ret->group, in, len)) { ++ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); ++ if (a == NULL || *a != ret) ++ EC_KEY_free(ret); ++ return NULL; ++ } ++ ++ if (a) ++ *a = ret; ++ ++ return ret; ++} + + EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) +- { +- EC_KEY *ret=NULL; +- +- if (a == NULL || (*a) == NULL || (*a)->group == NULL) +- { +- /* sorry, but a EC_GROUP-structur is necessary +- * to set the public key */ +- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- ret = *a; +- if (ret->pub_key == NULL && +- (ret->pub_key = EC_POINT_new(ret->group)) == NULL) +- { +- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) +- { +- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); +- return 0; +- } +- /* save the point conversion form */ +- ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01); +- *in += len; +- return ret; +- } ++{ ++ EC_KEY *ret = NULL; ++ ++ if (a == NULL || (*a) == NULL || (*a)->group == NULL) { ++ /* ++ * sorry, but a EC_GROUP-structur is necessary to set the public key ++ */ ++ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ret = *a; ++ if (ret->pub_key == NULL && ++ (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { ++ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { ++ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); ++ return 0; ++ } ++ /* save the point conversion form */ ++ ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); ++ *in += len; ++ return ret; ++} + + int i2o_ECPublicKey(EC_KEY *a, unsigned char **out) +- { +- size_t buf_len=0; +- int new_buffer = 0; +- +- if (a == NULL) +- { +- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- buf_len = EC_POINT_point2oct(a->group, a->pub_key, +- a->conv_form, NULL, 0, NULL); +- +- if (out == NULL || buf_len == 0) +- /* out == NULL => just return the length of the octet string */ +- return buf_len; +- +- if (*out == NULL) +- { +- if ((*out = OPENSSL_malloc(buf_len)) == NULL) +- { +- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- new_buffer = 1; +- } +- if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, +- *out, buf_len, NULL)) +- { +- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); +- OPENSSL_free(*out); +- *out = NULL; +- return 0; +- } +- if (!new_buffer) +- *out += buf_len; +- return buf_len; +- } ++{ ++ size_t buf_len = 0; ++ int new_buffer = 0; ++ ++ if (a == NULL) { ++ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ buf_len = EC_POINT_point2oct(a->group, a->pub_key, ++ a->conv_form, NULL, 0, NULL); ++ ++ if (out == NULL || buf_len == 0) ++ /* out == NULL => just return the length of the octet string */ ++ return buf_len; ++ ++ if (*out == NULL) { ++ if ((*out = OPENSSL_malloc(buf_len)) == NULL) { ++ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ new_buffer = 1; ++ } ++ if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, ++ *out, buf_len, NULL)) { ++ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB); ++ OPENSSL_free(*out); ++ *out = NULL; ++ return 0; ++ } ++ if (!new_buffer) ++ *out += buf_len; ++ return buf_len; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c +index 0e316b4..d3f5349 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_check.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_check.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,67 +57,64 @@ + #include + + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) +- { +- int ret = 0; +- BIGNUM *order; +- BN_CTX *new_ctx = NULL; +- EC_POINT *point = NULL; ++{ ++ int ret = 0; ++ BIGNUM *order; ++ BN_CTX *new_ctx = NULL; ++ EC_POINT *point = NULL; + +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- { +- ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- BN_CTX_start(ctx); +- if ((order = BN_CTX_get(ctx)) == NULL) goto err; ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) { ++ ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ BN_CTX_start(ctx); ++ if ((order = BN_CTX_get(ctx)) == NULL) ++ goto err; + +- /* check the discriminant */ +- if (!EC_GROUP_check_discriminant(group, ctx)) +- { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); +- goto err; +- } ++ /* check the discriminant */ ++ if (!EC_GROUP_check_discriminant(group, ctx)) { ++ ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO); ++ goto err; ++ } + +- /* check the generator */ +- if (group->generator == NULL) +- { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- if (!EC_POINT_is_on_curve(group, group->generator, ctx)) +- { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } ++ /* check the generator */ ++ if (group->generator == NULL) { ++ ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); ++ goto err; ++ } ++ if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { ++ ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); ++ goto err; ++ } + +- /* check the order of the generator */ +- if ((point = EC_POINT_new(group)) == NULL) goto err; +- if (!EC_GROUP_get_order(group, order, ctx)) goto err; +- if (BN_is_zero(order)) +- { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); +- goto err; +- } +- +- if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err; +- if (!EC_POINT_is_at_infinity(group, point)) +- { +- ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } ++ /* check the order of the generator */ ++ if ((point = EC_POINT_new(group)) == NULL) ++ goto err; ++ if (!EC_GROUP_get_order(group, order, ctx)) ++ goto err; ++ if (BN_is_zero(order)) { ++ ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER); ++ goto err; ++ } + +- ret = 1; ++ if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) ++ goto err; ++ if (!EC_POINT_is_at_infinity(group, point)) { ++ ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER); ++ goto err; ++ } + +-err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (point) +- EC_POINT_free(point); +- return ret; +- } ++ ret = 1; ++ ++ err: ++ if (ctx != NULL) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ if (point) ++ EC_POINT_free(point); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c +index beac209..b435620 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,13 +58,13 @@ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +- * Portions of the attached software ("Contribution") are developed by ++ * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * +- * The elliptic curve binary polynomial software is originally written by ++ * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ +@@ -74,1197 +74,1262 @@ + #include + + typedef struct ec_curve_data_st { +- int field_type; /* either NID_X9_62_prime_field or +- * NID_X9_62_characteristic_two_field */ +- const char *p; /* either a prime number or a polynomial */ +- const char *a; +- const char *b; +- const char *x; /* the x coordinate of the generator */ +- const char *y; /* the y coordinate of the generator */ +- const char *order; /* the order of the group generated by the +- * generator */ +- const BN_ULONG cofactor;/* the cofactor */ +- const unsigned char *seed;/* the seed (optional) */ +- size_t seed_len; +- const char *comment; /* a short description of the curve */ ++ int field_type; /* either NID_X9_62_prime_field or ++ * NID_X9_62_characteristic_two_field */ ++ const char *p; /* either a prime number or a polynomial */ ++ const char *a; ++ const char *b; ++ const char *x; /* the x coordinate of the generator */ ++ const char *y; /* the y coordinate of the generator */ ++ const char *order; /* the order of the group generated by the ++ * generator */ ++ const BN_ULONG cofactor; /* the cofactor */ ++ const unsigned char *seed; /* the seed (optional) */ ++ size_t seed_len; ++ const char *comment; /* a short description of the curve */ + } EC_CURVE_DATA; + + /* the nist prime curves */ + static const unsigned char _EC_NIST_PRIME_192_SEED[] = { +- 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57, +- 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5}; ++ 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, ++ 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5 ++}; ++ + static const EC_CURVE_DATA _EC_NIST_PRIME_192 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", +- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", +- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", +- "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", +- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1, +- _EC_NIST_PRIME_192_SEED, 20, +- "NIST/X9.62/SECG curve over a 192 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", ++ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", ++ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", ++ "07192b95ffc8da78631011ed6b24cdd573f977a11e794811", ++ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 1, ++ _EC_NIST_PRIME_192_SEED, 20, ++ "NIST/X9.62/SECG curve over a 192 bit prime field" ++}; + + static const unsigned char _EC_NIST_PRIME_224_SEED[] = { +- 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45, +- 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5}; ++ 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, ++ 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5 ++}; ++ + static const EC_CURVE_DATA _EC_NIST_PRIME_224 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", +- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", +- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", +- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1, +- _EC_NIST_PRIME_224_SEED, 20, +- "NIST/SECG curve over a 224 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", ++ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", ++ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", ++ "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, ++ _EC_NIST_PRIME_224_SEED, 20, ++ "NIST/SECG curve over a 224 bit prime field" ++}; + + static const unsigned char _EC_NIST_PRIME_384_SEED[] = { +- 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00, +- 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73}; ++ 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, ++ 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73 ++}; ++ + static const EC_CURVE_DATA _EC_NIST_PRIME_384 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" +- "FFF0000000000000000FFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" +- "FFF0000000000000000FFFFFFFC", +- "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" +- "98D8A2ED19D2A85C8EDD3EC2AEF", +- "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" +- "25DBF55296C3A545E3872760AB7", +- "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" +- "1ce1d7e819d7a431d7c90ea0e5f", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" +- "DB248B0A77AECEC196ACCC52973",1, +- _EC_NIST_PRIME_384_SEED, 20, +- "NIST/SECG curve over a 384 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" ++ "FFF0000000000000000FFFFFFFF", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF" ++ "FFF0000000000000000FFFFFFFC", ++ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563" ++ "98D8A2ED19D2A85C8EDD3EC2AEF", ++ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F" ++ "25DBF55296C3A545E3872760AB7", ++ "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b" ++ "1ce1d7e819d7a431d7c90ea0e5f", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0" ++ "DB248B0A77AECEC196ACCC52973", 1, ++ _EC_NIST_PRIME_384_SEED, 20, ++ "NIST/SECG curve over a 384 bit prime field" ++}; + + static const unsigned char _EC_NIST_PRIME_521_SEED[] = { +- 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC, +- 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA}; ++ 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, ++ 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA ++}; ++ + static const EC_CURVE_DATA _EC_NIST_PRIME_521 = { +- NID_X9_62_prime_field, +- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", +- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", +- "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" +- "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", +- "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" +- "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", +- "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" +- "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", +- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" +- "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1, +- _EC_NIST_PRIME_521_SEED, 20, +- "NIST/SECG curve over a 521 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", ++ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", ++ "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156" ++ "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", ++ "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14" ++ "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", ++ "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9" ++ "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", ++ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51" ++ "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 1, ++ _EC_NIST_PRIME_521_SEED, 20, ++ "NIST/SECG curve over a 521 bit prime field" ++}; ++ + /* the x9.62 prime curves (minus the nist prime curves) */ + static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = { +- 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B, +- 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6}; ++ 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, ++ 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", +- "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", +- "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", +- "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", +- "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1, +- _EC_X9_62_PRIME_192V2_SEED, 20, +- "X9.62 curve over a 192 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", ++ "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", ++ "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", ++ "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15", ++ "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 1, ++ _EC_X9_62_PRIME_192V2_SEED, 20, ++ "X9.62 curve over a 192 bit prime field" ++}; + + static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = { +- 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6, +- 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E}; ++ 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, ++ 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", +- "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", +- "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", +- "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", +- "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1, +- _EC_X9_62_PRIME_192V3_SEED, 20, +- "X9.62 curve over a 192 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", ++ "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", ++ "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", ++ "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0", ++ "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 1, ++ _EC_X9_62_PRIME_192V3_SEED, 20, ++ "X9.62 curve over a 192 bit prime field" ++}; + + static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = { +- 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0, +- 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D}; ++ 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, ++ 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = { +- NID_X9_62_prime_field, +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", +- "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", +- "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", +- "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1, +- _EC_X9_62_PRIME_239V1_SEED, 20, +- "X9.62 curve over a 239 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", ++ "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", ++ "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", ++ "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae", ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 1, ++ _EC_X9_62_PRIME_239V1_SEED, 20, ++ "X9.62 curve over a 239 bit prime field" ++}; + + static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = { +- 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B, +- 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16}; ++ 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, ++ 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = { +- NID_X9_62_prime_field, +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", +- "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", +- "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", +- "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", +- "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1, +- _EC_X9_62_PRIME_239V2_SEED, 20, +- "X9.62 curve over a 239 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", ++ "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", ++ "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", ++ "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba", ++ "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 1, ++ _EC_X9_62_PRIME_239V2_SEED, 20, ++ "X9.62 curve over a 239 bit prime field" ++}; + + static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = { +- 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A, +- 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF}; ++ 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, ++ 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = { +- NID_X9_62_prime_field, +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", +- "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", +- "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", +- "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", +- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1, +- _EC_X9_62_PRIME_239V3_SEED, 20, +- "X9.62 curve over a 239 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", ++ "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", ++ "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", ++ "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3", ++ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 1, ++ _EC_X9_62_PRIME_239V3_SEED, 20, ++ "X9.62 curve over a 239 bit prime field" ++}; + + static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = { +- 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66, +- 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90}; ++ 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, ++ 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = { +- NID_X9_62_prime_field, +- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", +- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", +- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", +- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", +- "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", +- "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1, +- _EC_X9_62_PRIME_256V1_SEED, 20, +- "X9.62/SECG curve over a 256 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", ++ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", ++ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", ++ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", ++ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", ++ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1, ++ _EC_X9_62_PRIME_256V1_SEED, 20, ++ "X9.62/SECG curve over a 256 bit prime field" ++}; ++ + /* the secg prime curves (minus the nist and x9.62 prime curves) */ + static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = { +- 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68, +- 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1}; ++ 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, ++ 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = { +- NID_X9_62_prime_field, +- "DB7C2ABF62E35E668076BEAD208B", +- "DB7C2ABF62E35E668076BEAD2088", +- "659EF8BA043916EEDE8911702B22", +- "09487239995A5EE76B55F9C2F098", +- "a89ce5af8724c0a23e0e0ff77500", +- "DB7C2ABF62E35E7628DFAC6561C5",1, +- _EC_SECG_PRIME_112R1_SEED, 20, +- "SECG/WTLS curve over a 112 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "DB7C2ABF62E35E668076BEAD208B", ++ "DB7C2ABF62E35E668076BEAD2088", ++ "659EF8BA043916EEDE8911702B22", ++ "09487239995A5EE76B55F9C2F098", ++ "a89ce5af8724c0a23e0e0ff77500", ++ "DB7C2ABF62E35E7628DFAC6561C5", 1, ++ _EC_SECG_PRIME_112R1_SEED, 20, ++ "SECG/WTLS curve over a 112 bit prime field" ++}; + + static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = { +- 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68, +- 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4}; ++ 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, ++ 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = { +- NID_X9_62_prime_field, +- "DB7C2ABF62E35E668076BEAD208B", +- "6127C24C05F38A0AAAF65C0EF02C", +- "51DEF1815DB5ED74FCC34C85D709", +- "4BA30AB5E892B4E1649DD0928643", +- "adcd46f5882e3747def36e956e97", +- "36DF0AAFD8B8D7597CA10520D04B",4, +- _EC_SECG_PRIME_112R2_SEED, 20, +- "SECG curve over a 112 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "DB7C2ABF62E35E668076BEAD208B", ++ "6127C24C05F38A0AAAF65C0EF02C", ++ "51DEF1815DB5ED74FCC34C85D709", ++ "4BA30AB5E892B4E1649DD0928643", ++ "adcd46f5882e3747def36e956e97", ++ "36DF0AAFD8B8D7597CA10520D04B", 4, ++ _EC_SECG_PRIME_112R2_SEED, 20, ++ "SECG curve over a 112 bit prime field" ++}; + + static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = { +- 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, +- 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79}; ++ 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, ++ 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = { +- NID_X9_62_prime_field, +- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", +- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", +- "E87579C11079F43DD824993C2CEE5ED3", +- "161FF7528B899B2D0C28607CA52C5B86", +- "cf5ac8395bafeb13c02da292dded7a83", +- "FFFFFFFE0000000075A30D1B9038A115",1, +- _EC_SECG_PRIME_128R1_SEED, 20, +- "SECG curve over a 128 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", ++ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", ++ "E87579C11079F43DD824993C2CEE5ED3", ++ "161FF7528B899B2D0C28607CA52C5B86", ++ "cf5ac8395bafeb13c02da292dded7a83", ++ "FFFFFFFE0000000075A30D1B9038A115", 1, ++ _EC_SECG_PRIME_128R1_SEED, 20, ++ "SECG curve over a 128 bit prime field" ++}; + + static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = { +- 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75, +- 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4}; ++ 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, ++ 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = { +- NID_X9_62_prime_field, +- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", +- "D6031998D1B3BBFEBF59CC9BBFF9AEE1", +- "5EEEFCA380D02919DC2C6558BB6D8A5D", +- "7B6AA5D85E572983E6FB32A7CDEBC140", +- "27b6916a894d3aee7106fe805fc34b44", +- "3FFFFFFF7FFFFFFFBE0024720613B5A3",4, +- _EC_SECG_PRIME_128R2_SEED, 20, +- "SECG curve over a 128 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", ++ "D6031998D1B3BBFEBF59CC9BBFF9AEE1", ++ "5EEEFCA380D02919DC2C6558BB6D8A5D", ++ "7B6AA5D85E572983E6FB32A7CDEBC140", ++ "27b6916a894d3aee7106fe805fc34b44", ++ "3FFFFFFF7FFFFFFFBE0024720613B5A3", 4, ++ _EC_SECG_PRIME_128R2_SEED, 20, ++ "SECG curve over a 128 bit prime field" ++}; + + static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", +- "0", +- "7", +- "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", +- "938cf935318fdced6bc28286531733c3f03c4fee", +- "0100000000000000000001B8FA16DFAB9ACA16B6B3",1, +- NULL, 0, +- "SECG curve over a 160 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", ++ "0", ++ "7", ++ "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", ++ "938cf935318fdced6bc28286531733c3f03c4fee", ++ "0100000000000000000001B8FA16DFAB9ACA16B6B3", 1, ++ NULL, 0, ++ "SECG curve over a 160 bit prime field" ++}; + + static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = { +- 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45}; ++ 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", +- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", +- "4A96B5688EF573284664698968C38BB913CBFC82", +- "23a628553168947d59dcc912042351377ac5fb32", +- "0100000000000000000001F4C8F927AED3CA752257",1, +- _EC_SECG_PRIME_160R1_SEED, 20, +- "SECG curve over a 160 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", ++ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", ++ "4A96B5688EF573284664698968C38BB913CBFC82", ++ "23a628553168947d59dcc912042351377ac5fb32", ++ "0100000000000000000001F4C8F927AED3CA752257", 1, ++ _EC_SECG_PRIME_160R1_SEED, 20, ++ "SECG curve over a 160 bit prime field" ++}; + + static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = { +- 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09, +- 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51}; ++ 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, ++ 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", +- "B4E134D3FB59EB8BAB57274904664D5AF50388BA", +- "52DCB034293A117E1F4FF11B30F7199D3144CE6D", +- "feaffef2e331f296e071fa0df9982cfea7d43f2e", +- "0100000000000000000000351EE786A818F3A1A16B",1, +- _EC_SECG_PRIME_160R2_SEED, 20, +- "SECG/WTLS curve over a 160 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", ++ "B4E134D3FB59EB8BAB57274904664D5AF50388BA", ++ "52DCB034293A117E1F4FF11B30F7199D3144CE6D", ++ "feaffef2e331f296e071fa0df9982cfea7d43f2e", ++ "0100000000000000000000351EE786A818F3A1A16B", 1, ++ _EC_SECG_PRIME_160R2_SEED, 20, ++ "SECG/WTLS curve over a 160 bit prime field" ++}; + + static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", +- "0", +- "3", +- "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", +- "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", +- "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1, +- NULL, 20, +- "SECG curve over a 192 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", ++ "0", ++ "3", ++ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", ++ "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d", ++ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 1, ++ NULL, 20, ++ "SECG curve over a 192 bit prime field" ++}; + + static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", +- "0", +- "5", +- "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", +- "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", +- "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1, +- NULL, 20, +- "SECG curve over a 224 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", ++ "0", ++ "5", ++ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", ++ "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5", ++ "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 1, ++ NULL, 20, ++ "SECG curve over a 224 bit prime field" ++}; + + static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", +- "0", +- "7", +- "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", +- "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1, +- NULL, 20, +- "SECG curve over a 256 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", ++ "0", ++ "7", ++ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", ++ "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 1, ++ NULL, 20, ++ "SECG curve over a 256 bit prime field" ++}; + + /* some wap/wtls curves */ + static const EC_CURVE_DATA _EC_WTLS_8 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", +- "0", +- "3", +- "1", +- "2", +- "0100000000000001ECEA551AD837E9",1, +- NULL, 20, +- "WTLS curve over a 112 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFDE7", ++ "0", ++ "3", ++ "1", ++ "2", ++ "0100000000000001ECEA551AD837E9", 1, ++ NULL, 20, ++ "WTLS curve over a 112 bit prime field" ++}; + + static const EC_CURVE_DATA _EC_WTLS_9 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", +- "0", +- "3", +- "1", +- "2", +- "0100000000000000000001CDC98AE0E2DE574ABF33",1, +- NULL, 20, +- "WTLS curve over a 160 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F", ++ "0", ++ "3", ++ "1", ++ "2", ++ "0100000000000000000001CDC98AE0E2DE574ABF33", 1, ++ NULL, 20, ++ "WTLS curve over a 160 bit prime field" ++}; + + static const EC_CURVE_DATA _EC_WTLS_12 = { +- NID_X9_62_prime_field, +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", +- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", +- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", +- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", +- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, +- NULL, 0, +- "WTLS curvs over a 224 bit prime field" +- }; ++ NID_X9_62_prime_field, ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", ++ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", ++ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", ++ "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34", ++ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1, ++ NULL, 0, ++ "WTLS curvs over a 224 bit prime field" ++}; + + /* characteristic two curves */ + static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = { +- 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87, +- 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9}; ++ 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, ++ 0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000201", +- "003088250CA6E7C7FE649CE85820F7", +- "00E8BEE4D3E2260744188BE0E9C723", +- "009D73616F35F4AB1407D73562C10F", +- "00A52830277958EE84D1315ED31886", +- "0100000000000000D9CCEC8A39E56F", 2, +- _EC_SECG_CHAR2_113R1_SEED, 20, +- "SECG curve over a 113 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000201", ++ "003088250CA6E7C7FE649CE85820F7", ++ "00E8BEE4D3E2260744188BE0E9C723", ++ "009D73616F35F4AB1407D73562C10F", ++ "00A52830277958EE84D1315ED31886", ++ "0100000000000000D9CCEC8A39E56F", 2, ++ _EC_SECG_CHAR2_113R1_SEED, 20, ++ "SECG curve over a 113 bit binary field" ++}; + + static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = { +- 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, +- 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D}; ++ 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, ++ 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000201", +- "00689918DBEC7E5A0DD6DFC0AA55C7", +- "0095E9A9EC9B297BD4BF36E059184F", +- "01A57A6A7B26CA5EF52FCDB8164797", +- "00B3ADC94ED1FE674C06E695BABA1D", +- "010000000000000108789B2496AF93", 2, +- _EC_SECG_CHAR2_113R2_SEED, 20, +- "SECG curve over a 113 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000201", ++ "00689918DBEC7E5A0DD6DFC0AA55C7", ++ "0095E9A9EC9B297BD4BF36E059184F", ++ "01A57A6A7B26CA5EF52FCDB8164797", ++ "00B3ADC94ED1FE674C06E695BABA1D", ++ "010000000000000108789B2496AF93", 2, ++ _EC_SECG_CHAR2_113R2_SEED, 20, ++ "SECG curve over a 113 bit binary field" ++}; + + static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = { +- 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98, +- 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2}; ++ 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, ++ 0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000010D", +- "07A11B09A76B562144418FF3FF8C2570B8", +- "0217C05610884B63B9C6C7291678F9D341", +- "0081BAF91FDF9833C40F9C181343638399", +- "078C6E7EA38C001F73C8134B1B4EF9E150", +- "0400000000000000023123953A9464B54D", 2, +- _EC_SECG_CHAR2_131R1_SEED, 20, +- "SECG/WTLS curve over a 131 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000010D", ++ "07A11B09A76B562144418FF3FF8C2570B8", ++ "0217C05610884B63B9C6C7291678F9D341", ++ "0081BAF91FDF9833C40F9C181343638399", ++ "078C6E7EA38C001F73C8134B1B4EF9E150", ++ "0400000000000000023123953A9464B54D", 2, ++ _EC_SECG_CHAR2_131R1_SEED, 20, ++ "SECG/WTLS curve over a 131 bit binary field" ++}; + + static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = { +- 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3}; ++ 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000010D", +- "03E5A88919D7CAFCBF415F07C2176573B2", +- "04B8266A46C55657AC734CE38F018F2192", +- "0356DCD8F2F95031AD652D23951BB366A8", +- "0648F06D867940A5366D9E265DE9EB240F", +- "0400000000000000016954A233049BA98F", 2, +- _EC_SECG_CHAR2_131R2_SEED, 20, +- "SECG curve over a 131 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000010D", ++ "03E5A88919D7CAFCBF415F07C2176573B2", ++ "04B8266A46C55657AC734CE38F018F2192", ++ "0356DCD8F2F95031AD652D23951BB366A8", ++ "0648F06D867940A5366D9E265DE9EB240F", ++ "0400000000000000016954A233049BA98F", 2, ++ _EC_SECG_CHAR2_131R2_SEED, 20, ++ "SECG curve over a 131 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000000000000000000000C9", +- "1", +- "1", +- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", +- "0289070FB05D38FF58321F2E800536D538CCDAA3D9", +- "04000000000000000000020108A2E0CC0D99F8A5EF", 2, +- NULL, 0, +- "NIST/SECG/WTLS curve over a 163 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "0800000000000000000000000000000000000000C9", ++ "1", ++ "1", ++ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8", ++ "0289070FB05D38FF58321F2E800536D538CCDAA3D9", ++ "04000000000000000000020108A2E0CC0D99F8A5EF", 2, ++ NULL, 0, ++ "NIST/SECG/WTLS curve over a 163 bit binary field" ++}; + + static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = { +- 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67, +- 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C}; ++ 0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67, ++ 0x68, 0x75, 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000000000000000000000C9", +- "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", +- "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", +- "0369979697AB43897789566789567F787A7876A654", +- "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", +- "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, +-/* The algorithm used to derive the curve parameters from +- * the seed used here is slightly different than the +- * algorithm described in X9.62 . +- */ ++ NID_X9_62_characteristic_two_field, ++ "0800000000000000000000000000000000000000C9", ++ "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2", ++ "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9", ++ "0369979697AB43897789566789567F787A7876A654", ++ "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883", ++ "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2, ++ /* ++ * The algorithm used to derive the curve parameters from the seed used ++ * here is slightly different than the algorithm described in X9.62 . ++ */ + #if 0 +- _EC_SECG_CHAR2_163R1_SEED, 20, ++ _EC_SECG_CHAR2_163R1_SEED, 20, + #else +- NULL, 0, ++ NULL, 0, + #endif +- "SECG curve over a 163 bit binary field" +- }; ++ "SECG curve over a 163 bit binary field" ++}; + + static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = { +- 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12, +- 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68}; +-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={ +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000000000000000000000C9", +- "1", +- "020A601907B8C953CA1481EB10512F78744A3205FD", +- "03F0EBA16286A2D57EA0991168D4994637E8343E36", +- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", +- "040000000000000000000292FE77E70C12A4234C33", 2, +-/* The seed here was used to created the curve parameters in normal +- * basis representation (and not the polynomial representation used here) +- */ ++ 0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12, ++ 0x01, 0x6F, 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68 ++}; ++ ++static const EC_CURVE_DATA _EC_NIST_CHAR2_163B = { ++ NID_X9_62_characteristic_two_field, ++ "0800000000000000000000000000000000000000C9", ++ "1", ++ "020A601907B8C953CA1481EB10512F78744A3205FD", ++ "03F0EBA16286A2D57EA0991168D4994637E8343E36", ++ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", ++ "040000000000000000000292FE77E70C12A4234C33", 2, ++ /* ++ * The seed here was used to created the curve parameters in normal basis ++ * representation (and not the polynomial representation used here) ++ */ + #if 0 +- _EC_NIST_CHAR2_163B_SEED, 20, ++ _EC_NIST_CHAR2_163B_SEED, 20, + #else +- NULL, 0, ++ NULL, 0, + #endif +- "NIST/SECG curve over a 163 bit binary field" +- }; ++ "NIST/SECG curve over a 163 bit binary field" ++}; + + static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = { +- 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75, +- 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30}; ++ 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, ++ 0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = { +- NID_X9_62_characteristic_two_field, +- "02000000000000000000000000000000000000000000008001", +- "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", +- "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", +- "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", +- "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", +- "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, +- _EC_SECG_CHAR2_193R1_SEED, 20, +- "SECG curve over a 193 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "02000000000000000000000000000000000000000000008001", ++ "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01", ++ "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814", ++ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1", ++ "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05", ++ "01000000000000000000000000C7F34A778F443ACC920EBA49", 2, ++ _EC_SECG_CHAR2_193R1_SEED, 20, ++ "SECG curve over a 193 bit binary field" ++}; + + static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = { +- 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15, +- 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11}; ++ 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, ++ 0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11 ++}; ++ + static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = { +- NID_X9_62_characteristic_two_field, +- "02000000000000000000000000000000000000000000008001", +- "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", +- "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", +- "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", +- "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", +- "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, +- _EC_SECG_CHAR2_193R2_SEED, 20, +- "SECG curve over a 193 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "02000000000000000000000000000000000000000000008001", ++ "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B", ++ "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE", ++ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F", ++ "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C", ++ "010000000000000000000000015AAB561B005413CCD4EE99D5", 2, ++ _EC_SECG_CHAR2_193R2_SEED, 20, ++ "SECG curve over a 193 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000004000000000000000001", +- "0", +- "1", +- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", +- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", +- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, +- NULL, 0, +- "NIST/SECG/WTLS curve over a 233 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000000000000000004000000000000000001", ++ "0", ++ "1", ++ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126", ++ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3", ++ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4, ++ NULL, 0, ++ "NIST/SECG/WTLS curve over a 233 bit binary field" ++}; + + static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = { +- 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1, +- 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3}; ++ 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, ++ 0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3 ++}; ++ + static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000004000000000000000001", +- "000000000000000000000000000000000000000000000000000000000001", +- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", +- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", +- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", +- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, +- _EC_NIST_CHAR2_233B_SEED, 20, +- "NIST/SECG/WTLS curve over a 233 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000000000000000004000000000000000001", ++ "000000000000000000000000000000000000000000000000000000000001", ++ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD", ++ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B", ++ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052", ++ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2, ++ _EC_NIST_CHAR2_233B_SEED, 20, ++ "NIST/SECG/WTLS curve over a 233 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000004000000000000000000000000000000000000001", +- "0", +- "1", +- "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", +- "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", +- "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, +- NULL, 0, +- "SECG curve over a 239 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000004000000000000000000000000000000000000001", ++ "0", ++ "1", ++ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC", ++ "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA", ++ "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4, ++ NULL, 0, ++ "SECG curve over a 239 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000000000000000000000000000000001" +- "0A1", +- "0", +- "1", +- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" +- "836", +- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" +- "259", +- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" +- "C61", 4, +- NULL, 20, +- "NIST/SECG curve over a 283 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000000000000000000000000000000000000000001" ++ "0A1", ++ "0", ++ "1", ++ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492" ++ "836", ++ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2" ++ "259", ++ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163" ++ "C61", 4, ++ NULL, 20, ++ "NIST/SECG curve over a 283 bit binary field" ++}; + + static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = { +- 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D, +- 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE}; ++ 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, ++ 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE ++}; ++ + static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000000000000000000000000000000001" +- "0A1", +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "001", +- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" +- "2F5", +- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" +- "053", +- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" +- "2F4", +- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" +- "307", 2, +- _EC_NIST_CHAR2_283B_SEED, 20, +- "NIST/SECG curve over a 283 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000000000000000000000000000000000000000001" ++ "0A1", ++ "000000000000000000000000000000000000000000000000000000000000000000000" ++ "001", ++ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A" ++ "2F5", ++ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12" ++ "053", ++ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811" ++ "2F4", ++ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB" ++ "307", 2, ++ _EC_NIST_CHAR2_283B_SEED, 20, ++ "NIST/SECG curve over a 283 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000000000000000000000000000000000" +- "00000000000008000000000000000000001", +- "0", +- "1", +- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" +- "89EB5AAAA62EE222EB1B35540CFE9023746", +- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" +- "C42E9C55215AA9CA27A5863EC48D8E0286B", +- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" +- "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, +- NULL, 0, +- "NIST/SECG curve over a 409 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000000000000000000000000000000000000000000000" ++ "00000000000008000000000000000000001", ++ "0", ++ "1", ++ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601" ++ "89EB5AAAA62EE222EB1B35540CFE9023746", ++ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6" ++ "C42E9C55215AA9CA27A5863EC48D8E0286B", ++ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400" ++ "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4, ++ NULL, 0, ++ "NIST/SECG curve over a 409 bit binary field" ++}; + + static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = { +- 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21, +- 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B}; ++ 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, ++ 0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B ++}; ++ + static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000000000000000000000000000000000000000000" +- "00000000000008000000000000000000001", +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "00000000000000000000000000000000001", +- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" +- "7B272822F6CD57A55AA4F50AE317B13545F", +- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" +- "A868A1180515603AEAB60794E54BB7996A7", +- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" +- "F1FDF4B4F40D2181B3681C364BA0273C706", +- "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" +- "7BE5FA47C3C9E052F838164CD37D9A21173", 2, +- _EC_NIST_CHAR2_409B_SEED, 20, +- "NIST/SECG curve over a 409 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000000000000000000000000000000000000000000000" ++ "00000000000008000000000000000000001", ++ "000000000000000000000000000000000000000000000000000000000000000000000" ++ "00000000000000000000000000000000001", ++ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19" ++ "7B272822F6CD57A55AA4F50AE317B13545F", ++ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255" ++ "A868A1180515603AEAB60794E54BB7996A7", ++ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514" ++ "F1FDF4B4F40D2181B3681C364BA0273C706", ++ "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330" ++ "7BE5FA47C3C9E052F838164CD37D9A21173", 2, ++ _EC_NIST_CHAR2_409B_SEED, 20, ++ "NIST/SECG curve over a 409 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "00425", +- "0", +- "1", +- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" +- "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" +- "1C8972", +- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" +- "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" +- "F1C7A3", +- "020000000000000000000000000000000000000000000000000000000000000000000" +- "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" +- "7C1001", 4, +- NULL, 0, +- "NIST/SECG curve over a 571 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000000000000000000000000" ++ "000000000000000000000000000000000000000000000000000000000000000000000" ++ "00425", ++ "0", ++ "1", ++ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709" ++ "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0" ++ "1C8972", ++ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497" ++ "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E" ++ "F1C7A3", ++ "020000000000000000000000000000000000000000000000000000000000000000000" ++ "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63" ++ "7C1001", 4, ++ NULL, 0, ++ "NIST/SECG curve over a 571 bit binary field" ++}; + + static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = { +- 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B, +- 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10}; ++ 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, ++ 0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10 ++}; ++ + static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "00425", +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "000000000000000000000000000000000000000000000000000000000000000000000" +- "000001", +- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" +- "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" +- "55727A", +- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" +- "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" +- "EC2D19", +- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" +- "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" +- "8AC15B", +- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" +- "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" +- "E84E47", 2, +- _EC_NIST_CHAR2_571B_SEED, 20, +- "NIST/SECG curve over a 571 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000000000000000000000000" ++ "000000000000000000000000000000000000000000000000000000000000000000000" ++ "00425", ++ "000000000000000000000000000000000000000000000000000000000000000000000" ++ "000000000000000000000000000000000000000000000000000000000000000000000" ++ "000001", ++ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA" ++ "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29" ++ "55727A", ++ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53" ++ "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E" ++ "EC2D19", ++ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423" ++ "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B" ++ "8AC15B", ++ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" ++ "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F" ++ "E84E47", 2, ++ _EC_NIST_CHAR2_571B_SEED, 20, ++ "NIST/SECG curve over a 571 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = { +- 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE, +- 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54}; ++ 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, ++ 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000107", +- "072546B5435234A422E0789675F432C89435DE5242", +- "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", +- "07AF69989546103D79329FCC3D74880F33BBE803CB", +- "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", +- "0400000000000000000001E60FC8821CC74DAEAFC1", 2, +- _EC_X9_62_CHAR2_163V1_SEED, 20, +- "X9.62 curve over a 163 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000000000000107", ++ "072546B5435234A422E0789675F432C89435DE5242", ++ "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9", ++ "07AF69989546103D79329FCC3D74880F33BBE803CB", ++ "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F", ++ "0400000000000000000001E60FC8821CC74DAEAFC1", 2, ++ _EC_X9_62_CHAR2_163V1_SEED, 20, ++ "X9.62 curve over a 163 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = { +- 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD}; ++ 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000107", +- "0108B39E77C4B108BED981ED0E890E117C511CF072", +- "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", +- "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", +- "079F684DDF6684C5CD258B3890021B2386DFD19FC5", +- "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, +- _EC_X9_62_CHAR2_163V2_SEED, 20, +- "X9.62 curve over a 163 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000000000000107", ++ "0108B39E77C4B108BED981ED0E890E117C511CF072", ++ "0667ACEB38AF4E488C407433FFAE4F1C811638DF20", ++ "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5", ++ "079F684DDF6684C5CD258B3890021B2386DFD19FC5", ++ "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2, ++ _EC_X9_62_CHAR2_163V2_SEED, 20, ++ "X9.62 curve over a 163 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = { +- 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67, +- 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8}; ++ 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, ++ 0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = { +- NID_X9_62_characteristic_two_field, +- "080000000000000000000000000000000000000107", +- "07A526C63D3E25A256A007699F5447E32AE456B50E", +- "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", +- "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", +- "05B935590C155E17EA48EB3FF3718B893DF59A05D0", +- "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, +- _EC_X9_62_CHAR2_163V3_SEED, 20, +- "X9.62 curve over a 163 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "080000000000000000000000000000000000000107", ++ "07A526C63D3E25A256A007699F5447E32AE456B50E", ++ "03F7061798EB99E238FD6F1BF95B48FEEB4854252B", ++ "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB", ++ "05B935590C155E17EA48EB3FF3718B893DF59A05D0", ++ "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2, ++ _EC_X9_62_CHAR2_163V3_SEED, 20, ++ "X9.62 curve over a 163 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = { +- NID_X9_62_characteristic_two_field, +- "0100000000000000000000000000000000080000000007", +- "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", +- "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", +- "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", +- "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", +- "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, +- NULL, 0, +- "X9.62 curve over a 176 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "0100000000000000000000000000000000080000000007", ++ "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B", ++ "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2", ++ "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798", ++ "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C", ++ "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E, ++ NULL, 0, ++ "X9.62 curve over a 176 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = { +- 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84}; ++ 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000201", +- "2866537B676752636A68F56554E12640276B649EF7526267", +- "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", +- "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", +- "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", +- "40000000000000000000000004A20E90C39067C893BBB9A5", 2, +- _EC_X9_62_CHAR2_191V1_SEED, 20, +- "X9.62 curve over a 191 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000201", ++ "2866537B676752636A68F56554E12640276B649EF7526267", ++ "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC", ++ "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D", ++ "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB", ++ "40000000000000000000000004A20E90C39067C893BBB9A5", 2, ++ _EC_X9_62_CHAR2_191V1_SEED, 20, ++ "X9.62 curve over a 191 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = { +- 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15}; ++ 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000201", +- "401028774D7777C7B7666D1366EA432071274F89FF01E718", +- "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", +- "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", +- "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", +- "20000000000000000000000050508CB89F652824E06B8173", 4, +- _EC_X9_62_CHAR2_191V2_SEED, 20, +- "X9.62 curve over a 191 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000201", ++ "401028774D7777C7B7666D1366EA432071274F89FF01E718", ++ "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01", ++ "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10", ++ "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A", ++ "20000000000000000000000050508CB89F652824E06B8173", 4, ++ _EC_X9_62_CHAR2_191V2_SEED, 20, ++ "X9.62 curve over a 191 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = { +- 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F}; ++ 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000201", +- "6C01074756099122221056911C77D77E77A777E7E7E77FCB", +- "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", +- "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", +- "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", +- "155555555555555555555555610C0B196812BFB6288A3EA3", 6, +- _EC_X9_62_CHAR2_191V3_SEED, 20, +- "X9.62 curve over a 191 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000201", ++ "6C01074756099122221056911C77D77E77A777E7E7E77FCB", ++ "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8", ++ "375D4CE24FDE434489DE8746E71786015009E66E38A926DD", ++ "545A39176196575D985999366E6AD34CE0A77CD7127B06BE", ++ "155555555555555555555555610C0B196812BFB6288A3EA3", 6, ++ _EC_X9_62_CHAR2_191V3_SEED, 20, ++ "X9.62 curve over a 191 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000800000000000000000007", +- "0000000000000000000000000000000000000000000000000000", +- "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", +- "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", +- "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", +- "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, +- NULL, 0, +- "X9.62 curve over a 208 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "010000000000000000000000000000000800000000000000000007", ++ "0000000000000000000000000000000000000000000000000000", ++ "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E", ++ "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A", ++ "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3", ++ "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48, ++ NULL, 0, ++ "X9.62 curve over a 208 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = { +- 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, +- 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D}; ++ 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, ++ 0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000001000000001", +- "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", +- "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", +- "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", +- "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", +- "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, +- _EC_X9_62_CHAR2_239V1_SEED, 20, +- "X9.62 curve over a 239 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000001000000001", ++ "32010857077C5431123A46B808906756F543423E8D27877578125778AC76", ++ "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16", ++ "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D", ++ "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305", ++ "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4, ++ _EC_X9_62_CHAR2_239V1_SEED, 20, ++ "X9.62 curve over a 239 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = { +- 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D}; ++ 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000001000000001", +- "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", +- "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", +- "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", +- "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", +- "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, +- _EC_X9_62_CHAR2_239V2_SEED, 20, +- "X9.62 curve over a 239 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000001000000001", ++ "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F", ++ "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B", ++ "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205", ++ "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833", ++ "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6, ++ _EC_X9_62_CHAR2_239V2_SEED, 20, ++ "X9.62 curve over a 239 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = { +- 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61, +- 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41}; ++ 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, ++ 0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000001000000001", +- "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", +- "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", +- "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", +- "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", +- "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, +- _EC_X9_62_CHAR2_239V3_SEED, 20, +- "X9.62 curve over a 239 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000001000000001", ++ "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F", ++ "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40", ++ "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92", ++ "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461", ++ "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA, ++ _EC_X9_62_CHAR2_239V3_SEED, 20, ++ "X9.62 curve over a 239 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000000000000000000000000010000000000000" +- "B", +- "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", +- "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", +- "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", +- "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", +- "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", +- 0xFF06, +- NULL, 0, +- "X9.62 curve over a 272 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "010000000000000000000000000000000000000000000000000000010000000000000" ++ "B", ++ "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20", ++ "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7", ++ "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D", ++ "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23", ++ "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521", ++ 0xFF06, ++ NULL, 0, ++ "X9.62 curve over a 272 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000000000000000000000000000000000000000" +- "000000807", +- "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" +- "6C8E681", +- "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" +- "27340BE", +- "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" +- "40A2614", +- "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" +- "B92C03B", +- "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" +- "443051D", 0xFE2E, +- NULL, 0, +- "X9.62 curve over a 304 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "010000000000000000000000000000000000000000000000000000000000000000000" ++ "000000807", ++ "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039" ++ "6C8E681", ++ "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558" ++ "27340BE", ++ "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7" ++ "40A2614", ++ "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1" ++ "B92C03B", ++ "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164" ++ "443051D", 0xFE2E, ++ NULL, 0, ++ "X9.62 curve over a 304 bit binary field" ++}; + + static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = { +- 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76, +- 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6}; ++ 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, ++ 0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6 ++}; ++ + static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000100000000000000001", +- "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" +- "656FB549016A96656A557", +- "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" +- "7742B6329E70680231988", +- "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" +- "8E8E707C07A2239B1B097", +- "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" +- "4AE2DE211305A407104BD", +- "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" +- "64FE7719E74F490758D3B", 0x4C, +- _EC_X9_62_CHAR2_359V1_SEED, 20, +- "X9.62 curve over a 359 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000000000000000000000000" ++ "000100000000000000001", ++ "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05" ++ "656FB549016A96656A557", ++ "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968" ++ "7742B6329E70680231988", ++ "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9" ++ "8E8E707C07A2239B1B097", ++ "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E" ++ "4AE2DE211305A407104BD", ++ "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9" ++ "64FE7719E74F490758D3B", 0x4C, ++ _EC_X9_62_CHAR2_359V1_SEED, 20, ++ "X9.62 curve over a 359 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = { +- NID_X9_62_characteristic_two_field, +- "010000000000000000000000000000000000000000000000000000000000000000000" +- "0002000000000000000000007", +- "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" +- "F0AB7519CCD2A1A906AE30D", +- "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" +- "D84D164F444F8F74786046A", +- "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" +- "9E927BE216F02E1FB136A5F", +- "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" +- "ADAA81E2A0750B80FDA2310", +- "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" +- "9AE40A6F131E9CFCE5BD967", 0xFF70, +- NULL, 0, +- "X9.62 curve over a 368 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "010000000000000000000000000000000000000000000000000000000000000000000" ++ "0002000000000000000000007", ++ "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62" ++ "F0AB7519CCD2A1A906AE30D", ++ "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112" ++ "D84D164F444F8F74786046A", ++ "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78" ++ "9E927BE216F02E1FB136A5F", ++ "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855" ++ "ADAA81E2A0750B80FDA2310", ++ "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90" ++ "9AE40A6F131E9CFCE5BD967", 0xFF70, ++ NULL, 0, ++ "X9.62 curve over a 368 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = { +- NID_X9_62_characteristic_two_field, +- "800000000000000000000000000000000000000000000000000000000000000000000" +- "000000001000000000000000000000000000001", +- "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" +- "B9906D0957F6C6FEACD615468DF104DE296CD8F", +- "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" +- "26D4E50A8DD731B107A9962381FB5D807BF2618", +- "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" +- "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", +- "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" +- "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", +- "0340340340340340340340340340340340340340340340340340340323C313FAB5058" +- "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, +- NULL, 0, +- "X9.62 curve over a 431 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "800000000000000000000000000000000000000000000000000000000000000000000" ++ "000000001000000000000000000000000000001", ++ "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E" ++ "B9906D0957F6C6FEACD615468DF104DE296CD8F", ++ "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6" ++ "26D4E50A8DD731B107A9962381FB5D807BF2618", ++ "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2" ++ "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7", ++ "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6" ++ "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760", ++ "0340340340340340340340340340340340340340340340340340340323C313FAB5058" ++ "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760, ++ NULL, 0, ++ "X9.62 curve over a 431 bit binary field" ++}; + + static const EC_CURVE_DATA _EC_WTLS_1 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000201", +- "1", +- "1", +- "01667979A40BA497E5D5C270780617", +- "00F44B4AF1ECC2630E08785CEBCC15", +- "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, +- NULL, 0, +- "WTLS curve over a 113 bit binary field" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000201", ++ "1", ++ "1", ++ "01667979A40BA497E5D5C270780617", ++ "00F44B4AF1ECC2630E08785CEBCC15", ++ "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2, ++ NULL, 0, ++ "WTLS curve over a 113 bit binary field" ++}; + + /* IPSec curves */ +-/* NOTE: The of curves over a extension field of non prime degree +- * is not recommended (Weil-descent). +- * As the group order is not a prime this curve is not suitable +- * for ECDSA. ++/* ++ * NOTE: The of curves over a extension field of non prime degree is not ++ * recommended (Weil-descent). As the group order is not a prime this curve ++ * is not suitable for ECDSA. + */ + static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = { +- NID_X9_62_characteristic_two_field, +- "0800000000000000000000004000000000000001", +- "0", +- "07338f", +- "7b", +- "1c8", +- "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3, +- NULL, 0, +- "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" +- "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +- }; +- +-/* NOTE: The of curves over a extension field of non prime degree +- * is not recommended (Weil-descent). +- * As the group order is not a prime this curve is not suitable +- * for ECDSA. ++ NID_X9_62_characteristic_two_field, ++ "0800000000000000000000004000000000000001", ++ "0", ++ "07338f", ++ "7b", ++ "1c8", ++ "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C", 3, ++ NULL, 0, ++ "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" ++ "\tNot suitable for ECDSA.\n\tQuestionable extension field!" ++}; ++ ++/* ++ * NOTE: The of curves over a extension field of non prime degree is not ++ * recommended (Weil-descent). As the group order is not a prime this curve ++ * is not suitable for ECDSA. + */ + static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = { +- NID_X9_62_characteristic_two_field, +- "020000000000000000000000000000200000000000000001", +- "0", +- "1ee9", +- "18", +- "0d", +- "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2, +- NULL, 0, +- "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" +- "\tNot suitable for ECDSA.\n\tQuestionable extension field!" +- }; ++ NID_X9_62_characteristic_two_field, ++ "020000000000000000000000000000200000000000000001", ++ "0", ++ "1ee9", ++ "18", ++ "0d", ++ "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E", 2, ++ NULL, 0, ++ "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" ++ "\tNot suitable for ECDSA.\n\tQuestionable extension field!" ++}; + + typedef struct _ec_list_element_st { +- int nid; +- const EC_CURVE_DATA *data; +- } ec_list_element; ++ int nid; ++ const EC_CURVE_DATA *data; ++} ec_list_element; + + static const ec_list_element curve_list[] = { +- /* prime field curves */ +- /* secg curves */ +- { NID_secp112r1, &_EC_SECG_PRIME_112R1}, +- { NID_secp112r2, &_EC_SECG_PRIME_112R2}, +- { NID_secp128r1, &_EC_SECG_PRIME_128R1}, +- { NID_secp128r2, &_EC_SECG_PRIME_128R2}, +- { NID_secp160k1, &_EC_SECG_PRIME_160K1}, +- { NID_secp160r1, &_EC_SECG_PRIME_160R1}, +- { NID_secp160r2, &_EC_SECG_PRIME_160R2}, +- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ +- { NID_secp192k1, &_EC_SECG_PRIME_192K1}, +- { NID_secp224k1, &_EC_SECG_PRIME_224K1}, +- { NID_secp224r1, &_EC_NIST_PRIME_224}, +- { NID_secp256k1, &_EC_SECG_PRIME_256K1}, +- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ +- { NID_secp384r1, &_EC_NIST_PRIME_384}, +- { NID_secp521r1, &_EC_NIST_PRIME_521}, +- /* X9.62 curves */ +- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, +- { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, +- { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, +- { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, +- { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, +- { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, +- { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, +- /* characteristic two field curves */ +- /* NIST/SECG curves */ +- { NID_sect113r1, &_EC_SECG_CHAR2_113R1}, +- { NID_sect113r2, &_EC_SECG_CHAR2_113R2}, +- { NID_sect131r1, &_EC_SECG_CHAR2_131R1}, +- { NID_sect131r2, &_EC_SECG_CHAR2_131R2}, +- { NID_sect163k1, &_EC_NIST_CHAR2_163K }, +- { NID_sect163r1, &_EC_SECG_CHAR2_163R1}, +- { NID_sect163r2, &_EC_NIST_CHAR2_163B }, +- { NID_sect193r1, &_EC_SECG_CHAR2_193R1}, +- { NID_sect193r2, &_EC_SECG_CHAR2_193R2}, +- { NID_sect233k1, &_EC_NIST_CHAR2_233K }, +- { NID_sect233r1, &_EC_NIST_CHAR2_233B }, +- { NID_sect239k1, &_EC_SECG_CHAR2_239K1}, +- { NID_sect283k1, &_EC_NIST_CHAR2_283K }, +- { NID_sect283r1, &_EC_NIST_CHAR2_283B }, +- { NID_sect409k1, &_EC_NIST_CHAR2_409K }, +- { NID_sect409r1, &_EC_NIST_CHAR2_409B }, +- { NID_sect571k1, &_EC_NIST_CHAR2_571K }, +- { NID_sect571r1, &_EC_NIST_CHAR2_571B }, +- /* X9.62 curves */ +- { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, +- { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, +- { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, +- { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, +- { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, +- { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, +- { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, +- { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, +- { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, +- { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, +- { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, +- { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, +- { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, +- { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, +- { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, +- { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, +- /* the WAP/WTLS curves +- * [unlike SECG, spec has its own OIDs for curves from X9.62] */ +- { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, +- { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, +- { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, +- { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, +- { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, +- { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, +- { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, +- { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 }, +- { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, +- { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, +- { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, +- /* IPSec curves */ +- { NID_ipsec3, &_EC_IPSEC_155_ID3}, +- { NID_ipsec4, &_EC_IPSEC_185_ID4}, +-}; +- +-static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element); +- +-static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data) +- { +- EC_GROUP *group=NULL; +- EC_POINT *P=NULL; +- BN_CTX *ctx=NULL; +- BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL; +- int ok=0; +- +- if ((ctx = BN_CTX_new()) == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || +- (b = BN_new()) == NULL || (x = BN_new()) == NULL || +- (y = BN_new()) == NULL || (order = BN_new()) == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) +- || !BN_hex2bn(&b, data->b)) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); +- goto err; +- } +- +- if (data->field_type == NID_X9_62_prime_field) +- { +- if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- } +- else +- { /* field_type == NID_X9_62_characteristic_two_field */ +- if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if ((P = EC_POINT_new(group)) == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- +- if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); +- goto err; +- } +- if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); +- goto err; +- } +- if (!EC_GROUP_set_generator(group, P, order, x)) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- if (data->seed) +- { +- if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) +- { +- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); +- goto err; +- } +- } +- ok=1; +-err: +- if (!ok) +- { +- EC_GROUP_free(group); +- group = NULL; +- } +- if (P) +- EC_POINT_free(P); +- if (ctx) +- BN_CTX_free(ctx); +- if (p) +- BN_free(p); +- if (a) +- BN_free(a); +- if (b) +- BN_free(b); +- if (order) +- BN_free(order); +- if (x) +- BN_free(x); +- if (y) +- BN_free(y); +- return group; +- } ++ /* prime field curves */ ++ /* secg curves */ ++ {NID_secp112r1, &_EC_SECG_PRIME_112R1}, ++ {NID_secp112r2, &_EC_SECG_PRIME_112R2}, ++ {NID_secp128r1, &_EC_SECG_PRIME_128R1}, ++ {NID_secp128r2, &_EC_SECG_PRIME_128R2}, ++ {NID_secp160k1, &_EC_SECG_PRIME_160K1}, ++ {NID_secp160r1, &_EC_SECG_PRIME_160R1}, ++ {NID_secp160r2, &_EC_SECG_PRIME_160R2}, ++ /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ ++ {NID_secp192k1, &_EC_SECG_PRIME_192K1}, ++ {NID_secp224k1, &_EC_SECG_PRIME_224K1}, ++ {NID_secp224r1, &_EC_NIST_PRIME_224}, ++ {NID_secp256k1, &_EC_SECG_PRIME_256K1}, ++ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ ++ {NID_secp384r1, &_EC_NIST_PRIME_384}, ++ {NID_secp521r1, &_EC_NIST_PRIME_521}, ++ /* X9.62 curves */ ++ {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192}, ++ {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2}, ++ {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3}, ++ {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1}, ++ {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2}, ++ {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3}, ++ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1}, ++ /* characteristic two field curves */ ++ /* NIST/SECG curves */ ++ {NID_sect113r1, &_EC_SECG_CHAR2_113R1}, ++ {NID_sect113r2, &_EC_SECG_CHAR2_113R2}, ++ {NID_sect131r1, &_EC_SECG_CHAR2_131R1}, ++ {NID_sect131r2, &_EC_SECG_CHAR2_131R2}, ++ {NID_sect163k1, &_EC_NIST_CHAR2_163K}, ++ {NID_sect163r1, &_EC_SECG_CHAR2_163R1}, ++ {NID_sect163r2, &_EC_NIST_CHAR2_163B}, ++ {NID_sect193r1, &_EC_SECG_CHAR2_193R1}, ++ {NID_sect193r2, &_EC_SECG_CHAR2_193R2}, ++ {NID_sect233k1, &_EC_NIST_CHAR2_233K}, ++ {NID_sect233r1, &_EC_NIST_CHAR2_233B}, ++ {NID_sect239k1, &_EC_SECG_CHAR2_239K1}, ++ {NID_sect283k1, &_EC_NIST_CHAR2_283K}, ++ {NID_sect283r1, &_EC_NIST_CHAR2_283B}, ++ {NID_sect409k1, &_EC_NIST_CHAR2_409K}, ++ {NID_sect409r1, &_EC_NIST_CHAR2_409B}, ++ {NID_sect571k1, &_EC_NIST_CHAR2_571K}, ++ {NID_sect571r1, &_EC_NIST_CHAR2_571B}, ++ /* X9.62 curves */ ++ {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1}, ++ {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2}, ++ {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3}, ++ {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1}, ++ {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1}, ++ {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2}, ++ {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3}, ++ {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1}, ++ {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1}, ++ {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2}, ++ {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3}, ++ {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1}, ++ {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1}, ++ {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1}, ++ {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1}, ++ {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1}, ++ /* ++ * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves ++ * from X9.62] ++ */ ++ {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1}, ++ {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K}, ++ {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1}, ++ {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1}, ++ {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1}, ++ {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2}, ++ {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8}, ++ {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9}, ++ {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K}, ++ {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B}, ++ {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12}, ++ /* IPSec curves */ ++ {NID_ipsec3, &_EC_IPSEC_155_ID3}, ++ {NID_ipsec4, &_EC_IPSEC_185_ID4}, ++}; ++ ++static size_t curve_list_length = ++ sizeof(curve_list) / sizeof(ec_list_element); ++ ++static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA * data) ++{ ++ EC_GROUP *group = NULL; ++ EC_POINT *P = NULL; ++ BN_CTX *ctx = NULL; ++ BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = ++ NULL; ++ int ok = 0; ++ ++ if ((ctx = BN_CTX_new()) == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || ++ (b = BN_new()) == NULL || (x = BN_new()) == NULL || ++ (y = BN_new()) == NULL || (order = BN_new()) == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a) ++ || !BN_hex2bn(&b, data->b)) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (data->field_type == NID_X9_62_prime_field) { ++ if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { /* field_type == ++ * NID_X9_62_characteristic_two_field */ ++ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ++ if ((P = EC_POINT_new(group)) == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); ++ goto err; ++ } ++ ++ if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); ++ goto err; ++ } ++ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); ++ goto err; ++ } ++ if (!EC_GROUP_set_generator(group, P, order, x)) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (data->seed) { ++ if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ ok = 1; ++ err: ++ if (!ok) { ++ EC_GROUP_free(group); ++ group = NULL; ++ } ++ if (P) ++ EC_POINT_free(P); ++ if (ctx) ++ BN_CTX_free(ctx); ++ if (p) ++ BN_free(p); ++ if (a) ++ BN_free(a); ++ if (b) ++ BN_free(b); ++ if (order) ++ BN_free(order); ++ if (x) ++ BN_free(x); ++ if (y) ++ BN_free(y); ++ return group; ++} + + EC_GROUP *EC_GROUP_new_by_curve_name(int nid) +- { +- size_t i; +- EC_GROUP *ret = NULL; ++{ ++ size_t i; ++ EC_GROUP *ret = NULL; + +- if (nid <= 0) +- return NULL; ++ if (nid <= 0) ++ return NULL; + +- for (i=0; icomment; +- } ++ for (i = 0; i < min; i++) { ++ r[i].nid = curve_list[i].nid; ++ r[i].comment = curve_list[i].data->comment; ++ } + +- return curve_list_length; +- } ++ return curve_list_length; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c +index d45640b..29b68f6 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,7 +58,7 @@ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +- * Portions of the attached software ("Contribution") are developed by ++ * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source +@@ -72,73 +72,70 @@ + #include + #include "ec_lcl.h" + ++EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ const EC_METHOD *meth; ++ EC_GROUP *ret; + +-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- const EC_METHOD *meth; +- EC_GROUP *ret; +- +- meth = EC_GFp_nist_method(); +- +- ret = EC_GROUP_new(meth); +- if (ret == NULL) +- return NULL; +- +- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) +- { +- unsigned long err; +- +- err = ERR_peek_last_error(); +- +- if (!(ERR_GET_LIB(err) == ERR_LIB_EC && +- ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || +- (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) +- { +- /* real error */ +- +- EC_GROUP_clear_free(ret); +- return NULL; +- } +- +- +- /* not an actual error, we just cannot use EC_GFp_nist_method */ +- +- ERR_clear_error(); +- +- EC_GROUP_clear_free(ret); +- meth = EC_GFp_mont_method(); +- +- ret = EC_GROUP_new(meth); +- if (ret == NULL) +- return NULL; +- +- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) +- { +- EC_GROUP_clear_free(ret); +- return NULL; +- } +- } +- +- return ret; +- } +- +- +-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- const EC_METHOD *meth; +- EC_GROUP *ret; +- +- meth = EC_GF2m_simple_method(); +- +- ret = EC_GROUP_new(meth); +- if (ret == NULL) +- return NULL; +- +- if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) +- { +- EC_GROUP_clear_free(ret); +- return NULL; +- } +- +- return ret; +- } ++ meth = EC_GFp_nist_method(); ++ ++ ret = EC_GROUP_new(meth); ++ if (ret == NULL) ++ return NULL; ++ ++ if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { ++ unsigned long err; ++ ++ err = ERR_peek_last_error(); ++ ++ if (!(ERR_GET_LIB(err) == ERR_LIB_EC && ++ ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || ++ (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) { ++ /* real error */ ++ ++ EC_GROUP_clear_free(ret); ++ return NULL; ++ } ++ ++ /* ++ * not an actual error, we just cannot use EC_GFp_nist_method ++ */ ++ ++ ERR_clear_error(); ++ ++ EC_GROUP_clear_free(ret); ++ meth = EC_GFp_mont_method(); ++ ++ ret = EC_GROUP_new(meth); ++ if (ret == NULL) ++ return NULL; ++ ++ if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { ++ EC_GROUP_clear_free(ret); ++ return NULL; ++ } ++ } ++ ++ return ret; ++} ++ ++EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ const EC_METHOD *meth; ++ EC_GROUP *ret; ++ ++ meth = EC_GF2m_simple_method(); ++ ++ ret = EC_GROUP_new(meth); ++ if (ret == NULL) ++ return NULL; ++ ++ if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { ++ EC_GROUP_clear_free(ret); ++ return NULL; ++ } ++ ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c +index d04c895..185116a 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_err.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,175 +66,210 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) + +-static ERR_STRING_DATA EC_str_functs[]= +- { +-{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, +-{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, +-{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, +-{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, +-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, +-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, +-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, +-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, +-{ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, +-{ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, +-{ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, +-{ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, +-{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, +-{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, +-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, +-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, +-{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, +-{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, +-{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, +-{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"}, +-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"}, +-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, +-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, +-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, +-{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"}, +-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, +-{ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, +-{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"}, +-{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"}, +-{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"}, +-{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, +-{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, +-{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, +-{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, +-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, +-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, +-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, +-{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, +-{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, +-{ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, +-{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, +-{ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, +-{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, +-{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, +-{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, +-{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, +-{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, +-{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, +-{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, +-{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, +-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"}, +-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"}, +-{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"}, +-{ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, +-{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, +-{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, +-{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, +-{ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, +-{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, +-{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, +-{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, +-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"}, +-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"}, +-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"}, +-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"}, +-{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"}, +-{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, +-{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, +-{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, +-{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, +-{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, +-{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, +-{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, +-{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, +-{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, +-{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA EC_str_functs[] = { ++ {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"}, ++ {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"}, ++ {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"}, ++ {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"}, ++ {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"}, ++ {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"}, ++ {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"}, ++ {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"}, ++ {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"}, ++ {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"}, ++ {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"}, ++ {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"}, ++ {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"}, ++ {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"}, ++ {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"}, ++ {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"}, ++ {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"}, ++ {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"}, ++ {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"}, ++ {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), ++ "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), ++ "ec_GF2m_simple_group_check_discriminant"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), ++ "ec_GF2m_simple_group_set_curve"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), ++ "ec_GF2m_simple_point_get_affine_coordinates"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), ++ "ec_GF2m_simple_point_set_affine_coordinates"}, ++ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), ++ "ec_GF2m_simple_set_compressed_coordinates"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), ++ "ec_GFp_mont_field_set_to_one"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), ++ "ec_GFp_mont_group_set_curve"}, ++ {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), ++ "EC_GFP_MONT_GROUP_SET_CURVE_GFP"}, ++ {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"}, ++ {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"}, ++ {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), ++ "ec_GFp_nist_group_set_curve"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), ++ "ec_GFp_simple_group_check_discriminant"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), ++ "ec_GFp_simple_group_set_curve"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), ++ "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), ++ "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), ++ "ec_GFp_simple_points_make_affine"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), ++ "ec_GFp_simple_point_get_affine_coordinates"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), ++ "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), ++ "ec_GFp_simple_point_set_affine_coordinates"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), ++ "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), ++ "ec_GFp_simple_set_compressed_coordinates"}, ++ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), ++ "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"}, ++ {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"}, ++ {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), ++ "EC_GROUP_check_discriminant"}, ++ {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), ++ "EC_GROUP_get_pentanomial_basis"}, ++ {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), ++ "EC_GROUP_get_trinomial_basis"}, ++ {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"}, ++ {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"}, ++ {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"}, ++ {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"}, ++ {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"}, ++ {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"}, ++ {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"}, ++ {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"}, ++ {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"}, ++ {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"}, ++ {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"}, ++ {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"}, ++ {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"}, ++ {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"}, ++ {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"}, ++ {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"}, ++ {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"}, ++ {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"}, ++ {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"}, ++ {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"}, ++ {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), ++ "EC_POINT_get_affine_coordinates_GF2m"}, ++ {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), ++ "EC_POINT_get_affine_coordinates_GFp"}, ++ {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), ++ "EC_POINT_get_Jprojective_coordinates_GFp"}, ++ {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"}, ++ {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"}, ++ {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"}, ++ {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"}, ++ {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"}, ++ {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"}, ++ {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"}, ++ {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"}, ++ {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), ++ "EC_POINT_set_affine_coordinates_GF2m"}, ++ {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), ++ "EC_POINT_set_affine_coordinates_GFp"}, ++ {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), ++ "EC_POINT_set_compressed_coordinates_GF2m"}, ++ {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), ++ "EC_POINT_set_compressed_coordinates_GFp"}, ++ {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), ++ "EC_POINT_set_Jprojective_coordinates_GFp"}, ++ {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"}, ++ {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"}, ++ {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"}, ++ {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"}, ++ {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"}, ++ {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"}, ++ {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"}, ++ {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"}, ++ {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"}, ++ {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA EC_str_reasons[]= +- { +-{ERR_REASON(EC_R_ASN1_ERROR) ,"asn1 error"}, +-{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"}, +-{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"}, +-{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"}, +-{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"}, +-{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"}, +-{ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"}, +-{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"}, +-{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"}, +-{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"}, +-{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"}, +-{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"}, +-{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"}, +-{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"}, +-{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"}, +-{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"}, +-{ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"}, +-{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"}, +-{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"}, +-{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"}, +-{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"}, +-{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"}, +-{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"}, +-{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"}, +-{ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"}, +-{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"}, +-{ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"}, +-{ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"}, +-{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"}, +-{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"}, +-{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"}, +-{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"}, +-{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"}, +-{ERR_REASON(EC_R_UNDEFINED_ORDER) ,"undefined order"}, +-{ERR_REASON(EC_R_UNKNOWN_GROUP) ,"unknown group"}, +-{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"}, +-{ERR_REASON(EC_R_UNSUPPORTED_FIELD) ,"unsupported field"}, +-{ERR_REASON(EC_R_WRONG_ORDER) ,"wrong order"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA EC_str_reasons[] = { ++ {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"}, ++ {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"}, ++ {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"}, ++ {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE), ++ "d2i ecpkparameters failure"}, ++ {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"}, ++ {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), ++ "ec group new by name failure"}, ++ {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"}, ++ {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE), ++ "group2pkparameters failure"}, ++ {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE), ++ "i2d ecpkparameters failure"}, ++ {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"}, ++ {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"}, ++ {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"}, ++ {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"}, ++ {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"}, ++ {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"}, ++ {ERR_REASON(EC_R_INVALID_FORM), "invalid form"}, ++ {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"}, ++ {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"}, ++ {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, ++ {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"}, ++ {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"}, ++ {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"}, ++ {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, ++ {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), ++ "not a supported NIST prime"}, ++ {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"}, ++ {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"}, ++ {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"}, ++ {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"}, ++ {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), ++ "pkparameters2group failure"}, ++ {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"}, ++ {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, ++ {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, ++ {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, ++ {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, ++ {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, ++ {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, ++ {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, ++ {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_EC_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(EC_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,EC_str_functs); +- ERR_load_strings(0,EC_str_reasons); +- } ++ if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, EC_str_functs); ++ ERR_load_strings(0, EC_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +index 6c933d2..7e48015 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,416 +57,404 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Portions originally developed by SUN MICROSYSTEMS, INC., and ++ * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + + #include + #include "ec_lcl.h" + #include +-#include + + EC_KEY *EC_KEY_new(void) +- { +- EC_KEY *ret; +- +- ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); +- if (ret == NULL) +- { +- ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- +- ret->version = 1; +- ret->group = NULL; +- ret->pub_key = NULL; +- ret->priv_key= NULL; +- ret->enc_flag= 0; +- ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; +- ret->references= 1; +- ret->method_data = NULL; +- return(ret); +- } ++{ ++ EC_KEY *ret; ++ ++ ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY)); ++ if (ret == NULL) { ++ ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ++ ret->version = 1; ++ ret->group = NULL; ++ ret->pub_key = NULL; ++ ret->priv_key = NULL; ++ ret->enc_flag = 0; ++ ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; ++ ret->references = 1; ++ ret->method_data = NULL; ++ return (ret); ++} + + EC_KEY *EC_KEY_new_by_curve_name(int nid) +- { +- EC_KEY *ret = EC_KEY_new(); +- if (ret == NULL) +- return NULL; +- ret->group = EC_GROUP_new_by_curve_name(nid); +- if (ret->group == NULL) +- { +- EC_KEY_free(ret); +- return NULL; +- } +- return ret; +- } ++{ ++ EC_KEY *ret = EC_KEY_new(); ++ if (ret == NULL) ++ return NULL; ++ ret->group = EC_GROUP_new_by_curve_name(nid); ++ if (ret->group == NULL) { ++ EC_KEY_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + void EC_KEY_free(EC_KEY *r) +- { +- int i; ++{ ++ int i; + +- if (r == NULL) return; ++ if (r == NULL) ++ return; + +- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC); ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); + #ifdef REF_PRINT +- REF_PRINT("EC_KEY",r); ++ REF_PRINT("EC_KEY", r); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"EC_KEY_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "EC_KEY_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if (r->group != NULL) +- EC_GROUP_free(r->group); +- if (r->pub_key != NULL) +- EC_POINT_free(r->pub_key); +- if (r->priv_key != NULL) +- BN_clear_free(r->priv_key); ++ if (r->group != NULL) ++ EC_GROUP_free(r->group); ++ if (r->pub_key != NULL) ++ EC_POINT_free(r->pub_key); ++ if (r->priv_key != NULL) ++ BN_clear_free(r->priv_key); + +- EC_EX_DATA_free_all_data(&r->method_data); ++ EC_EX_DATA_free_all_data(&r->method_data); + +- OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); ++ OPENSSL_cleanse((void *)r, sizeof(EC_KEY)); + +- OPENSSL_free(r); +- } ++ OPENSSL_free(r); ++} + + EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) +- { +- EC_EXTRA_DATA *d; +- +- if (dest == NULL || src == NULL) +- { +- ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- /* copy the parameters */ +- if (src->group) +- { +- const EC_METHOD *meth = EC_GROUP_method_of(src->group); +- /* clear the old group */ +- if (dest->group) +- EC_GROUP_free(dest->group); +- dest->group = EC_GROUP_new(meth); +- if (dest->group == NULL) +- return NULL; +- if (!EC_GROUP_copy(dest->group, src->group)) +- return NULL; +- } +- /* copy the public key */ +- if (src->pub_key && src->group) +- { +- if (dest->pub_key) +- EC_POINT_free(dest->pub_key); +- dest->pub_key = EC_POINT_new(src->group); +- if (dest->pub_key == NULL) +- return NULL; +- if (!EC_POINT_copy(dest->pub_key, src->pub_key)) +- return NULL; +- } +- /* copy the private key */ +- if (src->priv_key) +- { +- if (dest->priv_key == NULL) +- { +- dest->priv_key = BN_new(); +- if (dest->priv_key == NULL) +- return NULL; +- } +- if (!BN_copy(dest->priv_key, src->priv_key)) +- return NULL; +- } +- /* copy method/extra data */ +- EC_EX_DATA_free_all_data(&dest->method_data); +- +- for (d = src->method_data; d != NULL; d = d->next) +- { +- void *t = d->dup_func(d->data); +- +- if (t == NULL) +- return 0; +- if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func)) +- return 0; +- } +- +- /* copy the rest */ +- dest->enc_flag = src->enc_flag; +- dest->conv_form = src->conv_form; +- dest->version = src->version; +- +- return dest; +- } ++{ ++ EC_EXTRA_DATA *d; ++ ++ if (dest == NULL || src == NULL) { ++ ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ /* copy the parameters */ ++ if (src->group) { ++ const EC_METHOD *meth = EC_GROUP_method_of(src->group); ++ /* clear the old group */ ++ if (dest->group) ++ EC_GROUP_free(dest->group); ++ dest->group = EC_GROUP_new(meth); ++ if (dest->group == NULL) ++ return NULL; ++ if (!EC_GROUP_copy(dest->group, src->group)) ++ return NULL; ++ } ++ /* copy the public key */ ++ if (src->pub_key && src->group) { ++ if (dest->pub_key) ++ EC_POINT_free(dest->pub_key); ++ dest->pub_key = EC_POINT_new(src->group); ++ if (dest->pub_key == NULL) ++ return NULL; ++ if (!EC_POINT_copy(dest->pub_key, src->pub_key)) ++ return NULL; ++ } ++ /* copy the private key */ ++ if (src->priv_key) { ++ if (dest->priv_key == NULL) { ++ dest->priv_key = BN_new(); ++ if (dest->priv_key == NULL) ++ return NULL; ++ } ++ if (!BN_copy(dest->priv_key, src->priv_key)) ++ return NULL; ++ } ++ /* copy method/extra data */ ++ EC_EX_DATA_free_all_data(&dest->method_data); ++ ++ for (d = src->method_data; d != NULL; d = d->next) { ++ void *t = d->dup_func(d->data); ++ ++ if (t == NULL) ++ return 0; ++ if (!EC_EX_DATA_set_data ++ (&dest->method_data, t, d->dup_func, d->free_func, ++ d->clear_free_func)) ++ return 0; ++ } ++ ++ /* copy the rest */ ++ dest->enc_flag = src->enc_flag; ++ dest->conv_form = src->conv_form; ++ dest->version = src->version; ++ ++ return dest; ++} + + EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) +- { +- EC_KEY *ret = EC_KEY_new(); +- if (ret == NULL) +- return NULL; +- if (EC_KEY_copy(ret, ec_key) == NULL) +- { +- EC_KEY_free(ret); +- return NULL; +- } +- return ret; +- } ++{ ++ EC_KEY *ret = EC_KEY_new(); ++ if (ret == NULL) ++ return NULL; ++ if (EC_KEY_copy(ret, ec_key) == NULL) { ++ EC_KEY_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + int EC_KEY_up_ref(EC_KEY *r) +- { +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); ++{ ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); + #ifdef REF_PRINT +- REF_PRINT("EC_KEY",r); ++ REF_PRINT("EC_KEY", r); + #endif + #ifdef REF_CHECK +- if (i < 2) +- { +- fprintf(stderr, "EC_KEY_up, bad reference count\n"); +- abort(); +- } ++ if (i < 2) { ++ fprintf(stderr, "EC_KEY_up, bad reference count\n"); ++ abort(); ++ } + #endif +- return ((i > 1) ? 1 : 0); +- } ++ return ((i > 1) ? 1 : 0); ++} + + int EC_KEY_generate_key(EC_KEY *eckey) +- { +- int ok = 0; +- BN_CTX *ctx = NULL; +- BIGNUM *priv_key = NULL, *order = NULL; +- EC_POINT *pub_key = NULL; +- +- if (!eckey || !eckey->group) +- { +- ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if ((order = BN_new()) == NULL) goto err; +- if ((ctx = BN_CTX_new()) == NULL) goto err; +- +- if (eckey->priv_key == NULL) +- { +- priv_key = BN_new(); +- if (priv_key == NULL) +- goto err; +- } +- else +- priv_key = eckey->priv_key; +- +- if (!EC_GROUP_get_order(eckey->group, order, ctx)) +- goto err; +- +- do +- if (!BN_rand_range(priv_key, order)) +- goto err; +- while (BN_is_zero(priv_key)); +- +- if (eckey->pub_key == NULL) +- { +- pub_key = EC_POINT_new(eckey->group); +- if (pub_key == NULL) +- goto err; +- } +- else +- pub_key = eckey->pub_key; +- +- if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) +- goto err; +- +- eckey->priv_key = priv_key; +- eckey->pub_key = pub_key; +- +- ok=1; +- +-err: +- if (order) +- BN_free(order); +- if (pub_key != NULL && eckey->pub_key == NULL) +- EC_POINT_free(pub_key); +- if (priv_key != NULL && eckey->priv_key == NULL) +- BN_free(priv_key); +- if (ctx != NULL) +- BN_CTX_free(ctx); +- return(ok); +- } ++{ ++ int ok = 0; ++ BN_CTX *ctx = NULL; ++ BIGNUM *priv_key = NULL, *order = NULL; ++ EC_POINT *pub_key = NULL; ++ ++ if (!eckey || !eckey->group) { ++ ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ if ((order = BN_new()) == NULL) ++ goto err; ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ ++ if (eckey->priv_key == NULL) { ++ priv_key = BN_new(); ++ if (priv_key == NULL) ++ goto err; ++ } else ++ priv_key = eckey->priv_key; ++ ++ if (!EC_GROUP_get_order(eckey->group, order, ctx)) ++ goto err; ++ ++ do ++ if (!BN_rand_range(priv_key, order)) ++ goto err; ++ while (BN_is_zero(priv_key)) ; ++ ++ if (eckey->pub_key == NULL) { ++ pub_key = EC_POINT_new(eckey->group); ++ if (pub_key == NULL) ++ goto err; ++ } else ++ pub_key = eckey->pub_key; ++ ++ if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) ++ goto err; ++ ++ eckey->priv_key = priv_key; ++ eckey->pub_key = pub_key; ++ ++ ok = 1; ++ ++ err: ++ if (order) ++ BN_free(order); ++ if (pub_key != NULL && eckey->pub_key == NULL) ++ EC_POINT_free(pub_key); ++ if (priv_key != NULL && eckey->priv_key == NULL) ++ BN_free(priv_key); ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ return (ok); ++} + + int EC_KEY_check_key(const EC_KEY *eckey) +- { +- int ok = 0; +- BN_CTX *ctx = NULL; +- const BIGNUM *order = NULL; +- EC_POINT *point = NULL; +- +- if (!eckey || !eckey->group || !eckey->pub_key) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); +- goto err; +- } +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- if ((point = EC_POINT_new(eckey->group)) == NULL) +- goto err; +- +- /* testing whether the pub_key is on the elliptic curve */ +- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- /* testing whether pub_key * order is the point at infinity */ +- order = &eckey->group->order; +- if (BN_is_zero(order)) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); +- goto err; +- } +- if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); +- goto err; +- } +- if (!EC_POINT_is_at_infinity(eckey->group, point)) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); +- goto err; +- } +- /* in case the priv_key is present : +- * check if generator * priv_key == pub_key +- */ +- if (eckey->priv_key) +- { +- if (BN_cmp(eckey->priv_key, order) >= 0) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); +- goto err; +- } +- if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, +- NULL, NULL, ctx)) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); +- goto err; +- } +- if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, +- ctx) != 0) +- { +- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); +- goto err; +- } +- } +- ok = 1; +-err: +- if (ctx != NULL) +- BN_CTX_free(ctx); +- if (point != NULL) +- EC_POINT_free(point); +- return(ok); +- } ++{ ++ int ok = 0; ++ BN_CTX *ctx = NULL; ++ const BIGNUM *order = NULL; ++ EC_POINT *point = NULL; ++ ++ if (!eckey || !eckey->group || !eckey->pub_key) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY); ++ goto err; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ if ((point = EC_POINT_new(eckey->group)) == NULL) ++ goto err; ++ ++ /* testing whether the pub_key is on the elliptic curve */ ++ if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); ++ goto err; ++ } ++ /* testing whether pub_key * order is the point at infinity */ ++ order = &eckey->group->order; ++ if (BN_is_zero(order)) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER); ++ goto err; ++ } ++ if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (!EC_POINT_is_at_infinity(eckey->group, point)) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); ++ goto err; ++ } ++ /* ++ * in case the priv_key is present : check if generator * priv_key == ++ * pub_key ++ */ ++ if (eckey->priv_key) { ++ if (BN_cmp(eckey->priv_key, order) >= 0) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER); ++ goto err; ++ } ++ if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, ++ NULL, NULL, ctx)) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { ++ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY); ++ goto err; ++ } ++ } ++ ok = 1; ++ err: ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ if (point != NULL) ++ EC_POINT_free(point); ++ return (ok); ++} + + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) +- { +- return key->group; +- } ++{ ++ return key->group; ++} + + int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) +- { +- if (key->group != NULL) +- EC_GROUP_free(key->group); +- key->group = EC_GROUP_dup(group); +- return (key->group == NULL) ? 0 : 1; +- } ++{ ++ if (key->group != NULL) ++ EC_GROUP_free(key->group); ++ key->group = EC_GROUP_dup(group); ++ return (key->group == NULL) ? 0 : 1; ++} + + const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) +- { +- return key->priv_key; +- } ++{ ++ return key->priv_key; ++} + + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) +- { +- if (key->priv_key) +- BN_clear_free(key->priv_key); +- key->priv_key = BN_dup(priv_key); +- return (key->priv_key == NULL) ? 0 : 1; +- } ++{ ++ if (key->priv_key) ++ BN_clear_free(key->priv_key); ++ key->priv_key = BN_dup(priv_key); ++ return (key->priv_key == NULL) ? 0 : 1; ++} + + const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) +- { +- return key->pub_key; +- } ++{ ++ return key->pub_key; ++} + + int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) +- { +- if (key->pub_key != NULL) +- EC_POINT_free(key->pub_key); +- key->pub_key = EC_POINT_dup(pub_key, key->group); +- return (key->pub_key == NULL) ? 0 : 1; +- } ++{ ++ if (key->pub_key != NULL) ++ EC_POINT_free(key->pub_key); ++ key->pub_key = EC_POINT_dup(pub_key, key->group); ++ return (key->pub_key == NULL) ? 0 : 1; ++} + + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) +- { +- return key->enc_flag; +- } ++{ ++ return key->enc_flag; ++} + + void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) +- { +- key->enc_flag = flags; +- } ++{ ++ key->enc_flag = flags; ++} + + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) +- { +- return key->conv_form; +- } ++{ ++ return key->conv_form; ++} + + void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) +- { +- key->conv_form = cform; +- if (key->group != NULL) +- EC_GROUP_set_point_conversion_form(key->group, cform); +- } ++{ ++ key->conv_form = cform; ++ if (key->group != NULL) ++ EC_GROUP_set_point_conversion_form(key->group, cform); ++} + + void *EC_KEY_get_key_method_data(EC_KEY *key, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) +- { +- void *ret; ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)) ++{ ++ void *ret; + +- CRYPTO_r_lock(CRYPTO_LOCK_EC); +- ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); +- CRYPTO_r_unlock(CRYPTO_LOCK_EC); ++ CRYPTO_r_lock(CRYPTO_LOCK_EC); ++ ret = ++ EC_EX_DATA_get_data(key->method_data, dup_func, free_func, ++ clear_free_func); ++ CRYPTO_r_unlock(CRYPTO_LOCK_EC); + +- return ret; +- } ++ return ret; ++} + + void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) +- { +- EC_EXTRA_DATA *ex_data; +- +- CRYPTO_w_lock(CRYPTO_LOCK_EC); +- ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); +- if (ex_data == NULL) +- EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); +- CRYPTO_w_unlock(CRYPTO_LOCK_EC); +- +- return ex_data; +- } ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)) ++{ ++ EC_EXTRA_DATA *ex_data; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_EC); ++ ex_data = ++ EC_EX_DATA_get_data(key->method_data, dup_func, free_func, ++ clear_free_func); ++ if (ex_data == NULL) ++ EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, ++ clear_free_func); ++ CRYPTO_w_unlock(CRYPTO_LOCK_EC); ++ ++ return ex_data; ++} + + void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) +- { +- if (key->group != NULL) +- EC_GROUP_set_asn1_flag(key->group, flag); +- } ++{ ++ if (key->group != NULL) ++ EC_GROUP_set_asn1_flag(key->group, flag); ++} + + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) +- { +- if (key->group == NULL) +- return 0; +- return EC_GROUP_precompute_mult(key->group, ctx); +- } ++{ ++ if (key->group == NULL) ++ return 0; ++ return EC_GROUP_precompute_mult(key->group, ctx); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +index e7d11ff..8d8b807 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,7 +57,7 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * Binary polynomial ECC support in OpenSSL originally developed by ++ * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +@@ -70,1095 +70,1042 @@ + + static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; + +- + /* functions for EC_GROUP objects */ + + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) +- { +- EC_GROUP *ret; +- +- if (meth == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (meth->group_init == 0) +- { +- ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return NULL; +- } +- +- ret = OPENSSL_malloc(sizeof *ret); +- if (ret == NULL) +- { +- ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth = meth; +- +- ret->extra_data = NULL; +- +- ret->generator = NULL; +- BN_init(&ret->order); +- BN_init(&ret->cofactor); +- +- ret->curve_name = 0; +- ret->asn1_flag = 0; +- ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; +- +- ret->seed = NULL; +- ret->seed_len = 0; +- +- if (!meth->group_init(ret)) +- { +- OPENSSL_free(ret); +- return NULL; +- } +- +- return ret; +- } +- ++{ ++ EC_GROUP *ret; + +-void EC_GROUP_free(EC_GROUP *group) +- { +- if (!group) return; ++ if (meth == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (meth->group_init == 0) { ++ ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return NULL; ++ } + +- if (group->meth->group_finish != 0) +- group->meth->group_finish(group); ++ ret = OPENSSL_malloc(sizeof *ret); ++ if (ret == NULL) { ++ ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } + +- EC_EX_DATA_free_all_data(&group->extra_data); ++ ret->meth = meth; + +- if (group->generator != NULL) +- EC_POINT_free(group->generator); +- BN_free(&group->order); +- BN_free(&group->cofactor); ++ ret->extra_data = NULL; + +- if (group->seed) +- OPENSSL_free(group->seed); ++ ret->generator = NULL; ++ BN_init(&ret->order); ++ BN_init(&ret->cofactor); + +- OPENSSL_free(group); +- } +- +- +-void EC_GROUP_clear_free(EC_GROUP *group) +- { +- if (!group) return; ++ ret->curve_name = 0; ++ ret->asn1_flag = 0; ++ ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; + +- if (group->meth->group_clear_finish != 0) +- group->meth->group_clear_finish(group); +- else if (group->meth->group_finish != 0) +- group->meth->group_finish(group); ++ ret->seed = NULL; ++ ret->seed_len = 0; + +- EC_EX_DATA_clear_free_all_data(&group->extra_data); ++ if (!meth->group_init(ret)) { ++ OPENSSL_free(ret); ++ return NULL; ++ } + +- if (group->generator != NULL) +- EC_POINT_clear_free(group->generator); +- BN_clear_free(&group->order); +- BN_clear_free(&group->cofactor); ++ return ret; ++} + +- if (group->seed) +- { +- OPENSSL_cleanse(group->seed, group->seed_len); +- OPENSSL_free(group->seed); +- } +- +- OPENSSL_cleanse(group, sizeof *group); +- OPENSSL_free(group); +- } ++void EC_GROUP_free(EC_GROUP *group) ++{ ++ if (!group) ++ return; + ++ if (group->meth->group_finish != 0) ++ group->meth->group_finish(group); + +-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) +- { +- EC_EXTRA_DATA *d; +- +- if (dest->meth->group_copy == 0) +- { +- ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (dest->meth != src->meth) +- { +- ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- if (dest == src) +- return 1; +- +- EC_EX_DATA_free_all_data(&dest->extra_data); +- +- for (d = src->extra_data; d != NULL; d = d->next) +- { +- void *t = d->dup_func(d->data); +- +- if (t == NULL) +- return 0; +- if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func)) +- return 0; +- } +- +- if (src->generator != NULL) +- { +- if (dest->generator == NULL) +- { +- dest->generator = EC_POINT_new(dest); +- if (dest->generator == NULL) return 0; +- } +- if (!EC_POINT_copy(dest->generator, src->generator)) return 0; +- } +- else +- { +- /* src->generator == NULL */ +- if (dest->generator != NULL) +- { +- EC_POINT_clear_free(dest->generator); +- dest->generator = NULL; +- } +- } +- +- if (!BN_copy(&dest->order, &src->order)) return 0; +- if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; +- +- dest->curve_name = src->curve_name; +- dest->asn1_flag = src->asn1_flag; +- dest->asn1_form = src->asn1_form; +- +- if (src->seed) +- { +- if (dest->seed) +- OPENSSL_free(dest->seed); +- dest->seed = OPENSSL_malloc(src->seed_len); +- if (dest->seed == NULL) +- return 0; +- if (!memcpy(dest->seed, src->seed, src->seed_len)) +- return 0; +- dest->seed_len = src->seed_len; +- } +- else +- { +- if (dest->seed) +- OPENSSL_free(dest->seed); +- dest->seed = NULL; +- dest->seed_len = 0; +- } +- +- +- return dest->meth->group_copy(dest, src); +- } ++ EC_EX_DATA_free_all_data(&group->extra_data); + ++ if (group->generator != NULL) ++ EC_POINT_free(group->generator); ++ BN_free(&group->order); ++ BN_free(&group->cofactor); + +-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) +- { +- EC_GROUP *t = NULL; +- int ok = 0; ++ if (group->seed) ++ OPENSSL_free(group->seed); + +- if (a == NULL) return NULL; ++ OPENSSL_free(group); ++} + +- if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL); +- if (!EC_GROUP_copy(t, a)) goto err; ++void EC_GROUP_clear_free(EC_GROUP *group) ++{ ++ if (!group) ++ return; + +- ok = 1; ++ if (group->meth->group_clear_finish != 0) ++ group->meth->group_clear_finish(group); ++ else if (group->meth->group_finish != 0) ++ group->meth->group_finish(group); + +- err: +- if (!ok) +- { +- if (t) EC_GROUP_free(t); +- return NULL; +- } +- else return t; +- } ++ EC_EX_DATA_clear_free_all_data(&group->extra_data); + ++ if (group->generator != NULL) ++ EC_POINT_clear_free(group->generator); ++ BN_clear_free(&group->order); ++ BN_clear_free(&group->cofactor); + +-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) +- { +- return group->meth; +- } ++ if (group->seed) { ++ OPENSSL_cleanse(group->seed, group->seed_len); ++ OPENSSL_free(group->seed); ++ } + ++ OPENSSL_cleanse(group, sizeof *group); ++ OPENSSL_free(group); ++} + +-int EC_METHOD_get_field_type(const EC_METHOD *meth) +- { +- return meth->field_type; ++int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) ++{ ++ EC_EXTRA_DATA *d; ++ ++ if (dest->meth->group_copy == 0) { ++ ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (dest->meth != src->meth) { ++ ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ if (dest == src) ++ return 1; ++ ++ EC_EX_DATA_free_all_data(&dest->extra_data); ++ ++ for (d = src->extra_data; d != NULL; d = d->next) { ++ void *t = d->dup_func(d->data); ++ ++ if (t == NULL) ++ return 0; ++ if (!EC_EX_DATA_set_data ++ (&dest->extra_data, t, d->dup_func, d->free_func, ++ d->clear_free_func)) ++ return 0; ++ } ++ ++ if (src->generator != NULL) { ++ if (dest->generator == NULL) { ++ dest->generator = EC_POINT_new(dest); ++ if (dest->generator == NULL) ++ return 0; ++ } ++ if (!EC_POINT_copy(dest->generator, src->generator)) ++ return 0; ++ } else { ++ /* src->generator == NULL */ ++ if (dest->generator != NULL) { ++ EC_POINT_clear_free(dest->generator); ++ dest->generator = NULL; + } ++ } ++ ++ if (!BN_copy(&dest->order, &src->order)) ++ return 0; ++ if (!BN_copy(&dest->cofactor, &src->cofactor)) ++ return 0; ++ ++ dest->curve_name = src->curve_name; ++ dest->asn1_flag = src->asn1_flag; ++ dest->asn1_form = src->asn1_form; ++ ++ if (src->seed) { ++ if (dest->seed) ++ OPENSSL_free(dest->seed); ++ dest->seed = OPENSSL_malloc(src->seed_len); ++ if (dest->seed == NULL) ++ return 0; ++ if (!memcpy(dest->seed, src->seed, src->seed_len)) ++ return 0; ++ dest->seed_len = src->seed_len; ++ } else { ++ if (dest->seed) ++ OPENSSL_free(dest->seed); ++ dest->seed = NULL; ++ dest->seed_len = 0; ++ } ++ ++ return dest->meth->group_copy(dest, src); ++} + ++EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) ++{ ++ EC_GROUP *t = NULL; ++ int ok = 0; + +-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) +- { +- if (generator == NULL) +- { +- ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); +- return 0 ; +- } ++ if (a == NULL) ++ return NULL; + +- if (group->generator == NULL) +- { +- group->generator = EC_POINT_new(group); +- if (group->generator == NULL) return 0; +- } +- if (!EC_POINT_copy(group->generator, generator)) return 0; ++ if ((t = EC_GROUP_new(a->meth)) == NULL) ++ return (NULL); ++ if (!EC_GROUP_copy(t, a)) ++ goto err; + +- if (order != NULL) +- { if (!BN_copy(&group->order, order)) return 0; } +- else +- BN_zero(&group->order); ++ ok = 1; + +- if (cofactor != NULL) +- { if (!BN_copy(&group->cofactor, cofactor)) return 0; } +- else +- BN_zero(&group->cofactor); ++ err: ++ if (!ok) { ++ if (t) ++ EC_GROUP_free(t); ++ return NULL; ++ } else ++ return t; ++} + +- return 1; +- } ++const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) ++{ ++ return group->meth; ++} + ++int EC_METHOD_get_field_type(const EC_METHOD *meth) ++{ ++ return meth->field_type; ++} ++ ++int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, ++ const BIGNUM *order, const BIGNUM *cofactor) ++{ ++ if (generator == NULL) { ++ ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ if (group->generator == NULL) { ++ group->generator = EC_POINT_new(group); ++ if (group->generator == NULL) ++ return 0; ++ } ++ if (!EC_POINT_copy(group->generator, generator)) ++ return 0; ++ ++ if (order != NULL) { ++ if (!BN_copy(&group->order, order)) ++ return 0; ++ } else ++ BN_zero(&group->order); ++ ++ if (cofactor != NULL) { ++ if (!BN_copy(&group->cofactor, cofactor)) ++ return 0; ++ } else ++ BN_zero(&group->cofactor); ++ ++ return 1; ++} + + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) +- { +- return group->generator; +- } +- ++{ ++ return group->generator; ++} + + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) +- { +- if (!BN_copy(order, &group->order)) +- return 0; ++{ ++ if (!BN_copy(order, &group->order)) ++ return 0; + +- return !BN_is_zero(order); +- } ++ return !BN_is_zero(order); ++} + ++int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, ++ BN_CTX *ctx) ++{ ++ if (!BN_copy(cofactor, &group->cofactor)) ++ return 0; + +-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) +- { +- if (!BN_copy(cofactor, &group->cofactor)) +- return 0; +- +- return !BN_is_zero(&group->cofactor); +- } +- ++ return !BN_is_zero(&group->cofactor); ++} + + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) +- { +- group->curve_name = nid; +- } +- ++{ ++ group->curve_name = nid; ++} + + int EC_GROUP_get_curve_name(const EC_GROUP *group) +- { +- return group->curve_name; +- } +- ++{ ++ return group->curve_name; ++} + + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) +- { +- group->asn1_flag = flag; +- } +- ++{ ++ group->asn1_flag = flag; ++} + + int EC_GROUP_get_asn1_flag(const EC_GROUP *group) +- { +- return group->asn1_flag; +- } ++{ ++ return group->asn1_flag; ++} + +- +-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, ++void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form) +- { +- group->asn1_form = form; +- } +- +- +-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group) +- { +- return group->asn1_form; +- } ++{ ++ group->asn1_form = form; ++} + ++point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP ++ *group) ++{ ++ return group->asn1_form; ++} + + size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) +- { +- if (group->seed) +- { +- OPENSSL_free(group->seed); +- group->seed = NULL; +- group->seed_len = 0; +- } +- +- if (!len || !p) +- return 1; ++{ ++ if (group->seed) { ++ OPENSSL_free(group->seed); ++ group->seed = NULL; ++ group->seed_len = 0; ++ } + +- if ((group->seed = OPENSSL_malloc(len)) == NULL) +- return 0; +- memcpy(group->seed, p, len); +- group->seed_len = len; ++ if (!len || !p) ++ return 1; + +- return len; +- } ++ if ((group->seed = OPENSSL_malloc(len)) == NULL) ++ return 0; ++ memcpy(group->seed, p, len); ++ group->seed_len = len; + ++ return len; ++} + + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) +- { +- return group->seed; +- } +- ++{ ++ return group->seed; ++} + + size_t EC_GROUP_get_seed_len(const EC_GROUP *group) +- { +- return group->seed_len; +- } +- +- +-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- if (group->meth->group_set_curve == 0) +- { +- ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_set_curve(group, p, a, b, ctx); +- } +- +- +-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +- { +- if (group->meth->group_get_curve == 0) +- { +- ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_get_curve(group, p, a, b, ctx); +- } +- +- +-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- if (group->meth->group_set_curve == 0) +- { +- ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_set_curve(group, p, a, b, ctx); +- } +- +- +-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +- { +- if (group->meth->group_get_curve == 0) +- { +- ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_get_curve(group, p, a, b, ctx); +- } +- ++{ ++ return group->seed_len; ++} ++ ++int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ if (group->meth->group_set_curve == 0) { ++ ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ return group->meth->group_set_curve(group, p, a, b, ctx); ++} ++ ++int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ++ BIGNUM *b, BN_CTX *ctx) ++{ ++ if (group->meth->group_get_curve == 0) { ++ ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ return group->meth->group_get_curve(group, p, a, b, ctx); ++} ++ ++int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ if (group->meth->group_set_curve == 0) { ++ ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ return group->meth->group_set_curve(group, p, a, b, ctx); ++} ++ ++int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ++ BIGNUM *b, BN_CTX *ctx) ++{ ++ if (group->meth->group_get_curve == 0) { ++ ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ return group->meth->group_get_curve(group, p, a, b, ctx); ++} + + int EC_GROUP_get_degree(const EC_GROUP *group) +- { +- if (group->meth->group_get_degree == 0) +- { +- ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_get_degree(group); +- } +- ++{ ++ if (group->meth->group_get_degree == 0) { ++ ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ return group->meth->group_get_degree(group); ++} + + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) +- { +- if (group->meth->group_check_discriminant == 0) +- { +- ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- return group->meth->group_check_discriminant(group, ctx); +- } +- ++{ ++ if (group->meth->group_check_discriminant == 0) { ++ ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ return group->meth->group_check_discriminant(group, ctx); ++} + + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) +- { +- int r = 0; +- BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; +- BN_CTX *ctx_new = NULL; +- +- /* compare the field types*/ +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != +- EC_METHOD_get_field_type(EC_GROUP_method_of(b))) +- return 1; +- /* compare the curve name (if present in both) */ +- if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && +- EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) +- return 1; +- +- if (!ctx) +- ctx_new = ctx = BN_CTX_new(); +- if (!ctx) +- return -1; +- +- BN_CTX_start(ctx); +- a1 = BN_CTX_get(ctx); +- a2 = BN_CTX_get(ctx); +- a3 = BN_CTX_get(ctx); +- b1 = BN_CTX_get(ctx); +- b2 = BN_CTX_get(ctx); +- b3 = BN_CTX_get(ctx); +- if (!b3) +- { +- BN_CTX_end(ctx); +- if (ctx_new) +- BN_CTX_free(ctx); +- return -1; +- } +- +- /* XXX This approach assumes that the external representation +- * of curves over the same field type is the same. +- */ +- if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || +- !b->meth->group_get_curve(b, b1, b2, b3, ctx)) +- r = 1; +- +- if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) +- r = 1; +- +- /* XXX EC_POINT_cmp() assumes that the methods are equal */ +- if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), +- EC_GROUP_get0_generator(b), ctx)) +- r = 1; +- +- if (!r) +- { +- /* compare the order and cofactor */ +- if (!EC_GROUP_get_order(a, a1, ctx) || +- !EC_GROUP_get_order(b, b1, ctx) || +- !EC_GROUP_get_cofactor(a, a2, ctx) || +- !EC_GROUP_get_cofactor(b, b2, ctx)) +- { +- BN_CTX_end(ctx); +- if (ctx_new) +- BN_CTX_free(ctx); +- return -1; +- } +- if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) +- r = 1; +- } +- +- BN_CTX_end(ctx); +- if (ctx_new) +- BN_CTX_free(ctx); +- +- return r; +- } ++{ ++ int r = 0; ++ BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; ++ BN_CTX *ctx_new = NULL; ++ ++ /* compare the field types */ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != ++ EC_METHOD_get_field_type(EC_GROUP_method_of(b))) ++ return 1; ++ /* compare the curve name (if present in both) */ ++ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && ++ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) ++ return 1; ++ ++ if (!ctx) ++ ctx_new = ctx = BN_CTX_new(); ++ if (!ctx) ++ return -1; ++ ++ BN_CTX_start(ctx); ++ a1 = BN_CTX_get(ctx); ++ a2 = BN_CTX_get(ctx); ++ a3 = BN_CTX_get(ctx); ++ b1 = BN_CTX_get(ctx); ++ b2 = BN_CTX_get(ctx); ++ b3 = BN_CTX_get(ctx); ++ if (!b3) { ++ BN_CTX_end(ctx); ++ if (ctx_new) ++ BN_CTX_free(ctx); ++ return -1; ++ } ++ ++ /* ++ * XXX This approach assumes that the external representation of curves ++ * over the same field type is the same. ++ */ ++ if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || ++ !b->meth->group_get_curve(b, b1, b2, b3, ctx)) ++ r = 1; ++ ++ if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) ++ r = 1; ++ ++ /* XXX EC_POINT_cmp() assumes that the methods are equal */ ++ if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), ++ EC_GROUP_get0_generator(b), ctx)) ++ r = 1; ++ ++ if (!r) { ++ /* compare the order and cofactor */ ++ if (!EC_GROUP_get_order(a, a1, ctx) || ++ !EC_GROUP_get_order(b, b1, ctx) || ++ !EC_GROUP_get_cofactor(a, a2, ctx) || ++ !EC_GROUP_get_cofactor(b, b2, ctx)) { ++ BN_CTX_end(ctx); ++ if (ctx_new) ++ BN_CTX_free(ctx); ++ return -1; ++ } ++ if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) ++ r = 1; ++ } + ++ BN_CTX_end(ctx); ++ if (ctx_new) ++ BN_CTX_free(ctx); ++ ++ return r; ++} + + /* this has 'package' visibility */ + int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) +- { +- EC_EXTRA_DATA *d; +- +- if (ex_data == NULL) +- return 0; +- +- for (d = *ex_data; d != NULL; d = d->next) +- { +- if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) +- { +- ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); +- return 0; +- } +- } ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)) ++{ ++ EC_EXTRA_DATA *d; ++ ++ if (ex_data == NULL) ++ return 0; ++ ++ for (d = *ex_data; d != NULL; d = d->next) { ++ if (d->dup_func == dup_func && d->free_func == free_func ++ && d->clear_free_func == clear_free_func) { ++ ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL); ++ return 0; ++ } ++ } + +- if (data == NULL) +- /* no explicit entry needed */ +- return 1; ++ if (data == NULL) ++ /* no explicit entry needed */ ++ return 1; + +- d = OPENSSL_malloc(sizeof *d); +- if (d == NULL) +- return 0; ++ d = OPENSSL_malloc(sizeof *d); ++ if (d == NULL) ++ return 0; + +- d->data = data; +- d->dup_func = dup_func; +- d->free_func = free_func; +- d->clear_free_func = clear_free_func; ++ d->data = data; ++ d->dup_func = dup_func; ++ d->free_func = free_func; ++ d->clear_free_func = clear_free_func; + +- d->next = *ex_data; +- *ex_data = d; ++ d->next = *ex_data; ++ *ex_data = d; + +- return 1; +- } ++ return 1; ++} + + /* this has 'package' visibility */ + void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) +- { +- const EC_EXTRA_DATA *d; +- +- for (d = ex_data; d != NULL; d = d->next) +- { +- if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) +- return d->data; +- } +- +- return NULL; +- } ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)) ++{ ++ const EC_EXTRA_DATA *d; ++ ++ for (d = ex_data; d != NULL; d = d->next) { ++ if (d->dup_func == dup_func && d->free_func == free_func ++ && d->clear_free_func == clear_free_func) ++ return d->data; ++ } ++ ++ return NULL; ++} + + /* this has 'package' visibility */ + void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) +- { +- EC_EXTRA_DATA **p; +- +- if (ex_data == NULL) +- return; +- +- for (p = ex_data; *p != NULL; p = &((*p)->next)) +- { +- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) +- { +- EC_EXTRA_DATA *next = (*p)->next; +- +- (*p)->free_func((*p)->data); +- OPENSSL_free(*p); +- +- *p = next; +- return; +- } +- } +- } ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)) ++{ ++ EC_EXTRA_DATA **p; ++ ++ if (ex_data == NULL) ++ return; ++ ++ for (p = ex_data; *p != NULL; p = &((*p)->next)) { ++ if ((*p)->dup_func == dup_func && (*p)->free_func == free_func ++ && (*p)->clear_free_func == clear_free_func) { ++ EC_EXTRA_DATA *next = (*p)->next; ++ ++ (*p)->free_func((*p)->data); ++ OPENSSL_free(*p); ++ ++ *p = next; ++ return; ++ } ++ } ++} + + /* this has 'package' visibility */ + void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data, +- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)) +- { +- EC_EXTRA_DATA **p; +- +- if (ex_data == NULL) +- return; +- +- for (p = ex_data; *p != NULL; p = &((*p)->next)) +- { +- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func) +- { +- EC_EXTRA_DATA *next = (*p)->next; +- +- (*p)->clear_free_func((*p)->data); +- OPENSSL_free(*p); +- +- *p = next; +- return; +- } +- } +- } ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)) ++{ ++ EC_EXTRA_DATA **p; ++ ++ if (ex_data == NULL) ++ return; ++ ++ for (p = ex_data; *p != NULL; p = &((*p)->next)) { ++ if ((*p)->dup_func == dup_func && (*p)->free_func == free_func ++ && (*p)->clear_free_func == clear_free_func) { ++ EC_EXTRA_DATA *next = (*p)->next; ++ ++ (*p)->clear_free_func((*p)->data); ++ OPENSSL_free(*p); ++ ++ *p = next; ++ return; ++ } ++ } ++} + + /* this has 'package' visibility */ + void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data) +- { +- EC_EXTRA_DATA *d; +- +- if (ex_data == NULL) +- return; +- +- d = *ex_data; +- while (d) +- { +- EC_EXTRA_DATA *next = d->next; +- +- d->free_func(d->data); +- OPENSSL_free(d); +- +- d = next; +- } +- *ex_data = NULL; +- } ++{ ++ EC_EXTRA_DATA *d; ++ ++ if (ex_data == NULL) ++ return; ++ ++ d = *ex_data; ++ while (d) { ++ EC_EXTRA_DATA *next = d->next; ++ ++ d->free_func(d->data); ++ OPENSSL_free(d); ++ ++ d = next; ++ } ++ *ex_data = NULL; ++} + + /* this has 'package' visibility */ + void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data) +- { +- EC_EXTRA_DATA *d; +- +- if (ex_data == NULL) +- return; +- +- d = *ex_data; +- while (d) +- { +- EC_EXTRA_DATA *next = d->next; +- +- d->clear_free_func(d->data); +- OPENSSL_free(d); +- +- d = next; +- } +- *ex_data = NULL; +- } ++{ ++ EC_EXTRA_DATA *d; ++ ++ if (ex_data == NULL) ++ return; ++ ++ d = *ex_data; ++ while (d) { ++ EC_EXTRA_DATA *next = d->next; + ++ d->clear_free_func(d->data); ++ OPENSSL_free(d); ++ ++ d = next; ++ } ++ *ex_data = NULL; ++} + + /* functions for EC_POINT objects */ + + EC_POINT *EC_POINT_new(const EC_GROUP *group) +- { +- EC_POINT *ret; +- +- if (group == NULL) +- { +- ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (group->meth->point_init == 0) +- { +- ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return NULL; +- } +- +- ret = OPENSSL_malloc(sizeof *ret); +- if (ret == NULL) +- { +- ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth = group->meth; +- +- if (!ret->meth->point_init(ret)) +- { +- OPENSSL_free(ret); +- return NULL; +- } +- +- return ret; +- } +- ++{ ++ EC_POINT *ret; ++ ++ if (group == NULL) { ++ ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (group->meth->point_init == 0) { ++ ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return NULL; ++ } ++ ++ ret = OPENSSL_malloc(sizeof *ret); ++ if (ret == NULL) { ++ ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ ret->meth = group->meth; ++ ++ if (!ret->meth->point_init(ret)) { ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ++ return ret; ++} + + void EC_POINT_free(EC_POINT *point) +- { +- if (!point) return; ++{ ++ if (!point) ++ return; + +- if (point->meth->point_finish != 0) +- point->meth->point_finish(point); +- OPENSSL_free(point); +- } +- ++ if (point->meth->point_finish != 0) ++ point->meth->point_finish(point); ++ OPENSSL_free(point); ++} + + void EC_POINT_clear_free(EC_POINT *point) +- { +- if (!point) return; +- +- if (point->meth->point_clear_finish != 0) +- point->meth->point_clear_finish(point); +- else if (point->meth != NULL && point->meth->point_finish != 0) +- point->meth->point_finish(point); +- OPENSSL_cleanse(point, sizeof *point); +- OPENSSL_free(point); +- } +- ++{ ++ if (!point) ++ return; ++ ++ if (point->meth->point_clear_finish != 0) ++ point->meth->point_clear_finish(point); ++ else if (point->meth != NULL && point->meth->point_finish != 0) ++ point->meth->point_finish(point); ++ OPENSSL_cleanse(point, sizeof *point); ++ OPENSSL_free(point); ++} + + int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) +- { +- if (dest->meth->point_copy == 0) +- { +- ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (dest->meth != src->meth) +- { +- ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- if (dest == src) +- return 1; +- return dest->meth->point_copy(dest, src); +- } +- ++{ ++ if (dest->meth->point_copy == 0) { ++ ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (dest->meth != src->meth) { ++ ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ if (dest == src) ++ return 1; ++ return dest->meth->point_copy(dest, src); ++} + + EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) +- { +- EC_POINT *t; +- int r; +- +- if (a == NULL) return NULL; +- +- t = EC_POINT_new(group); +- if (t == NULL) return(NULL); +- r = EC_POINT_copy(t, a); +- if (!r) +- { +- EC_POINT_free(t); +- return NULL; +- } +- else return t; +- } +- ++{ ++ EC_POINT *t; ++ int r; ++ ++ if (a == NULL) ++ return NULL; ++ ++ t = EC_POINT_new(group); ++ if (t == NULL) ++ return (NULL); ++ r = EC_POINT_copy(t, a); ++ if (!r) { ++ EC_POINT_free(t); ++ return NULL; ++ } else ++ return t; ++} + + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) +- { +- return point->meth; +- } +- ++{ ++ return point->meth; ++} + + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) +- { +- if (group->meth->point_set_to_infinity == 0) +- { +- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_to_infinity(group, point); +- } +- +- +-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) +- { +- if (group->meth->point_set_Jprojective_coordinates_GFp == 0) +- { +- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); +- } +- +- +-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) +- { +- if (group->meth->point_get_Jprojective_coordinates_GFp == 0) +- { +- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); +- } +- +- +-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +- { +- if (group->meth->point_set_affine_coordinates == 0) +- { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); +- } +- +- +-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +- { +- if (group->meth->point_set_affine_coordinates == 0) +- { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); +- } +- +- +-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +- { +- if (group->meth->point_get_affine_coordinates == 0) +- { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); +- } +- +- +-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +- { +- if (group->meth->point_get_affine_coordinates == 0) +- { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); +- } +- +- +-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, int y_bit, BN_CTX *ctx) +- { +- if (group->meth->point_set_compressed_coordinates == 0) +- { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); +- } +- +- +-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, int y_bit, BN_CTX *ctx) +- { +- if (group->meth->point_set_compressed_coordinates == 0) +- { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); +- } +- +- +-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *ctx) +- { +- if (group->meth->point2oct == 0) +- { +- ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->point2oct(group, point, form, buf, len, ctx); +- } +- ++{ ++ if (group->meth->point_set_to_infinity == 0) { ++ ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_set_to_infinity(group, point); ++} ++ ++int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ++ EC_POINT *point, const BIGNUM *x, ++ const BIGNUM *y, const BIGNUM *z, ++ BN_CTX *ctx) ++{ ++ if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { ++ ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, ++ y, z, ctx); ++} ++ ++int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ++ const EC_POINT *point, BIGNUM *x, ++ BIGNUM *y, BIGNUM *z, ++ BN_CTX *ctx) ++{ ++ if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { ++ ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, ++ y, z, ctx); ++} ++ ++int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, ++ EC_POINT *point, const BIGNUM *x, ++ const BIGNUM *y, BN_CTX *ctx) ++{ ++ if (group->meth->point_set_affine_coordinates == 0) { ++ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); ++} ++ ++int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, ++ EC_POINT *point, const BIGNUM *x, ++ const BIGNUM *y, BN_CTX *ctx) ++{ ++ if (group->meth->point_set_affine_coordinates == 0) { ++ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); ++} ++ ++int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, ++ const EC_POINT *point, BIGNUM *x, ++ BIGNUM *y, BN_CTX *ctx) ++{ ++ if (group->meth->point_get_affine_coordinates == 0) { ++ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); ++} ++ ++int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, ++ const EC_POINT *point, BIGNUM *x, ++ BIGNUM *y, BN_CTX *ctx) ++{ ++ if (group->meth->point_get_affine_coordinates == 0) { ++ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); ++} ++ ++int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, ++ EC_POINT *point, const BIGNUM *x, ++ int y_bit, BN_CTX *ctx) ++{ ++ if (group->meth->point_set_compressed_coordinates == 0) { ++ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_set_compressed_coordinates(group, point, x, ++ y_bit, ctx); ++} ++ ++int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, ++ EC_POINT *point, const BIGNUM *x, ++ int y_bit, BN_CTX *ctx) ++{ ++ if (group->meth->point_set_compressed_coordinates == 0) { ++ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ++ EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point_set_compressed_coordinates(group, point, x, ++ y_bit, ctx); ++} ++ ++size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, ++ point_conversion_form_t form, unsigned char *buf, ++ size_t len, BN_CTX *ctx) ++{ ++ if (group->meth->point2oct == 0) { ++ ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->point2oct(group, point, form, buf, len, ctx); ++} + + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, +- const unsigned char *buf, size_t len, BN_CTX *ctx) +- { +- if (group->meth->oct2point == 0) +- { +- ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->oct2point(group, point, buf, len, ctx); +- } +- +- +-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) +- { +- if (group->meth->add == 0) +- { +- ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) +- { +- ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->add(group, r, a, b, ctx); +- } +- +- +-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) +- { +- if (group->meth->dbl == 0) +- { +- ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if ((group->meth != r->meth) || (r->meth != a->meth)) +- { +- ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->dbl(group, r, a, ctx); +- } +- ++ const unsigned char *buf, size_t len, BN_CTX *ctx) ++{ ++ if (group->meth->oct2point == 0) { ++ ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->oct2point(group, point, buf, len, ctx); ++} ++ ++int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *ctx) ++{ ++ if (group->meth->add == 0) { ++ ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if ((group->meth != r->meth) || (r->meth != a->meth) ++ || (a->meth != b->meth)) { ++ ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->add(group, r, a, b, ctx); ++} ++ ++int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ BN_CTX *ctx) ++{ ++ if (group->meth->dbl == 0) { ++ ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if ((group->meth != r->meth) || (r->meth != a->meth)) { ++ ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->dbl(group, r, a, ctx); ++} + + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) +- { +- if (group->meth->invert == 0) +- { +- ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != a->meth) +- { +- ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->invert(group, a, ctx); +- } +- ++{ ++ if (group->meth->invert == 0) { ++ ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != a->meth) { ++ ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->invert(group, a, ctx); ++} + + int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +- { +- if (group->meth->is_at_infinity == 0) +- { +- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->is_at_infinity(group, point); +- } +- +- +-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) +- { +- if (group->meth->is_on_curve == 0) +- { +- ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->is_on_curve(group, point, ctx); +- } +- +- +-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) +- { +- if (group->meth->point_cmp == 0) +- { +- ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +- } +- if ((group->meth != a->meth) || (a->meth != b->meth)) +- { +- ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); +- return -1; +- } +- return group->meth->point_cmp(group, a, b, ctx); +- } +- ++{ ++ if (group->meth->is_at_infinity == 0) { ++ ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ++ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->is_at_infinity(group, point); ++} ++ ++int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ++ BN_CTX *ctx) ++{ ++ if (group->meth->is_on_curve == 0) { ++ ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->is_on_curve(group, point, ctx); ++} ++ ++int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, ++ BN_CTX *ctx) ++{ ++ if (group->meth->point_cmp == 0) { ++ ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++ if ((group->meth != a->meth) || (a->meth != b->meth)) { ++ ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); ++ return -1; ++ } ++ return group->meth->point_cmp(group, a, b, ctx); ++} + + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +- { +- if (group->meth->make_affine == 0) +- { +- ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- if (group->meth != point->meth) +- { +- ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- return group->meth->make_affine(group, point, ctx); +- } +- +- +-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) +- { +- size_t i; +- +- if (group->meth->points_make_affine == 0) +- { +- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; +- } +- for (i = 0; i < num; i++) +- { +- if (group->meth != points[i]->meth) +- { +- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- } +- return group->meth->points_make_affine(group, num, points, ctx); +- } +- +- +-/* Functions for point multiplication. +- * +- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c; +- * otherwise we dispatch through methods. ++{ ++ if (group->meth->make_affine == 0) { ++ ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ if (group->meth != point->meth) { ++ ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ return group->meth->make_affine(group, point, ctx); ++} ++ ++int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, ++ EC_POINT *points[], BN_CTX *ctx) ++{ ++ size_t i; ++ ++ if (group->meth->points_make_affine == 0) { ++ ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ for (i = 0; i < num; i++) { ++ if (group->meth != points[i]->meth) { ++ ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ } ++ return group->meth->points_make_affine(group, num, points, ctx); ++} ++ ++/* ++ * Functions for point multiplication. If group->meth->mul is 0, we use the ++ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through ++ * methods. + */ + + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) +- { +- if (group->meth->mul == 0) +- /* use default */ +- return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); ++ size_t num, const EC_POINT *points[], ++ const BIGNUM *scalars[], BN_CTX *ctx) ++{ ++ if (group->meth->mul == 0) ++ /* use default */ ++ return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + +- return group->meth->mul(group, r, scalar, num, points, scalars, ctx); +- } ++ return group->meth->mul(group, r, scalar, num, points, scalars, ctx); ++} + + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, +- const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) +- { +- /* just a convenient interface to EC_POINTs_mul() */ ++ const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) ++{ ++ /* just a convenient interface to EC_POINTs_mul() */ + +- const EC_POINT *points[1]; +- const BIGNUM *scalars[1]; ++ const EC_POINT *points[1]; ++ const BIGNUM *scalars[1]; + +- points[0] = point; +- scalars[0] = p_scalar; ++ points[0] = point; ++ scalars[0] = p_scalar; + +- return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); +- } ++ return EC_POINTs_mul(group, r, g_scalar, ++ (point != NULL ++ && p_scalar != NULL), points, scalars, ctx); ++} + + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +- { +- if (group->meth->mul == 0) +- /* use default */ +- return ec_wNAF_precompute_mult(group, ctx); ++{ ++ if (group->meth->mul == 0) ++ /* use default */ ++ return ec_wNAF_precompute_mult(group, ctx); + +- if (group->meth->precompute_mult != 0) +- return group->meth->precompute_mult(group, ctx); +- else +- return 1; /* nothing to do, so report success */ +- } ++ if (group->meth->precompute_mult != 0) ++ return group->meth->precompute_mult(group, ctx); ++ else ++ return 1; /* nothing to do, so report success */ ++} + + int EC_GROUP_have_precompute_mult(const EC_GROUP *group) +- { +- if (group->meth->mul == 0) +- /* use default */ +- return ec_wNAF_have_precompute_mult(group); +- +- if (group->meth->have_precompute_mult != 0) +- return group->meth->have_precompute_mult(group); +- else +- return 0; /* cannot tell whether precomputation has been performed */ +- } ++{ ++ if (group->meth->mul == 0) ++ /* use default */ ++ return ec_wNAF_have_precompute_mult(group); ++ ++ if (group->meth->have_precompute_mult != 0) ++ return group->meth->have_precompute_mult(group); ++ else ++ return 0; /* cannot tell whether precomputation has ++ * been performed */ ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c +index ee42269..333cbc9 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,7 +67,6 @@ + + #include "ec_lcl.h" + +- + /* + * This file implements the wNAF-based interleaving multi-exponentation method + * (); +@@ -75,114 +74,107 @@ + * (). + */ + +- +- +- + /* structure for precomputed multiples of the generator */ + typedef struct ec_pre_comp_st { +- const EC_GROUP *group; /* parent EC_GROUP object */ +- size_t blocksize; /* block size for wNAF splitting */ +- size_t numblocks; /* max. number of blocks for which we have precomputation */ +- size_t w; /* window size */ +- EC_POINT **points; /* array with pre-calculated multiples of generator: +- * 'num' pointers to EC_POINT objects followed by a NULL */ +- size_t num; /* numblocks * 2^(w-1) */ +- int references; ++ const EC_GROUP *group; /* parent EC_GROUP object */ ++ size_t blocksize; /* block size for wNAF splitting */ ++ size_t numblocks; /* max. number of blocks for which we have ++ * precomputation */ ++ size_t w; /* window size */ ++ EC_POINT **points; /* array with pre-calculated multiples of ++ * generator: 'num' pointers to EC_POINT ++ * objects followed by a NULL */ ++ size_t num; /* numblocks * 2^(w-1) */ ++ int references; + } EC_PRE_COMP; +- ++ + /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ + static void *ec_pre_comp_dup(void *); + static void ec_pre_comp_free(void *); + static void ec_pre_comp_clear_free(void *); + + static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) +- { +- EC_PRE_COMP *ret = NULL; +- +- if (!group) +- return NULL; +- +- ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); +- if (!ret) +- { +- ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); +- return ret; +- } +- ret->group = group; +- ret->blocksize = 8; /* default */ +- ret->numblocks = 0; +- ret->w = 4; /* default */ +- ret->points = NULL; +- ret->num = 0; +- ret->references = 1; +- return ret; +- } ++{ ++ EC_PRE_COMP *ret = NULL; ++ ++ if (!group) ++ return NULL; ++ ++ ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP)); ++ if (!ret) { ++ ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); ++ return ret; ++ } ++ ret->group = group; ++ ret->blocksize = 8; /* default */ ++ ret->numblocks = 0; ++ ret->w = 4; /* default */ ++ ret->points = NULL; ++ ret->num = 0; ++ ret->references = 1; ++ return ret; ++} + + static void *ec_pre_comp_dup(void *src_) +- { +- EC_PRE_COMP *src = src_; ++{ ++ EC_PRE_COMP *src = src_; + +- /* no need to actually copy, these objects never change! */ ++ /* no need to actually copy, these objects never change! */ + +- CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); ++ CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + +- return src_; +- } ++ return src_; ++} + + static void ec_pre_comp_free(void *pre_) +- { +- int i; +- EC_PRE_COMP *pre = pre_; ++{ ++ int i; ++ EC_PRE_COMP *pre = pre_; + +- if (!pre) +- return; ++ if (!pre) ++ return; + +- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); +- if (i > 0) +- return; ++ i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); ++ if (i > 0) ++ return; + +- if (pre->points) +- { +- EC_POINT **p; ++ if (pre->points) { ++ EC_POINT **p; + +- for (p = pre->points; *p != NULL; p++) +- EC_POINT_free(*p); +- OPENSSL_free(pre->points); +- } +- OPENSSL_free(pre); +- } ++ for (p = pre->points; *p != NULL; p++) ++ EC_POINT_free(*p); ++ OPENSSL_free(pre->points); ++ } ++ OPENSSL_free(pre); ++} + + static void ec_pre_comp_clear_free(void *pre_) +- { +- int i; +- EC_PRE_COMP *pre = pre_; +- +- if (!pre) +- return; +- +- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); +- if (i > 0) +- return; +- +- if (pre->points) +- { +- EC_POINT **p; +- +- for (p = pre->points; *p != NULL; p++) +- { +- EC_POINT_clear_free(*p); +- OPENSSL_cleanse(p, sizeof *p); +- } +- OPENSSL_free(pre->points); +- } +- OPENSSL_cleanse(pre, sizeof *pre); +- OPENSSL_free(pre); +- } +- +- +- +- +-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. ++{ ++ int i; ++ EC_PRE_COMP *pre = pre_; ++ ++ if (!pre) ++ return; ++ ++ i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); ++ if (i > 0) ++ return; ++ ++ if (pre->points) { ++ EC_POINT **p; ++ ++ for (p = pre->points; *p != NULL; p++) { ++ EC_POINT_clear_free(*p); ++ OPENSSL_cleanse(p, sizeof *p); ++ } ++ OPENSSL_free(pre->points); ++ } ++ OPENSSL_cleanse(pre, sizeof *pre); ++ OPENSSL_free(pre); ++} ++ ++/*- ++ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. + * This is an array r[] of values that are either zero or odd with an + * absolute value less than 2^w satisfying + * scalar = \sum_j r[j]*2^j +@@ -191,562 +183,544 @@ static void ec_pre_comp_clear_free(void *pre_) + * w-1 zeros away from that next non-zero digit. + */ + static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) +- { +- int window_val; +- int ok = 0; +- signed char *r = NULL; +- int sign = 1; +- int bit, next_bit, mask; +- size_t len = 0, j; +- +- if (BN_is_zero(scalar)) +- { +- r = OPENSSL_malloc(1); +- if (!r) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- r[0] = 0; +- *ret_len = 1; +- return r; +- } +- +- if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- bit = 1 << w; /* at most 128 */ +- next_bit = bit << 1; /* at most 256 */ +- mask = next_bit - 1; /* at most 255 */ +- +- if (BN_is_negative(scalar)) +- { +- sign = -1; +- } +- +- len = BN_num_bits(scalar); +- r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation +- * (*ret_len will be set to the actual length, i.e. at most +- * BN_num_bits(scalar) + 1) */ +- if (r == NULL) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (scalar->d == NULL || scalar->top == 0) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- window_val = scalar->d[0] & mask; +- j = 0; +- while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */ +- { +- int digit = 0; +- +- /* 0 <= window_val <= 2^(w+1) */ +- +- if (window_val & 1) +- { +- /* 0 < window_val < 2^(w+1) */ +- +- if (window_val & bit) +- { +- digit = window_val - next_bit; /* -2^w < digit < 0 */ +- +-#if 1 /* modified wNAF */ +- if (j + w + 1 >= len) +- { +- /* special case for generating modified wNAFs: +- * no new bits will be added into window_val, +- * so using a positive digit here will decrease +- * the total length of the representation */ +- +- digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ +- } ++{ ++ int window_val; ++ int ok = 0; ++ signed char *r = NULL; ++ int sign = 1; ++ int bit, next_bit, mask; ++ size_t len = 0, j; ++ ++ if (BN_is_zero(scalar)) { ++ r = OPENSSL_malloc(1); ++ if (!r) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ r[0] = 0; ++ *ret_len = 1; ++ return r; ++ } ++ ++ if (w <= 0 || w > 7) { /* 'signed char' can represent integers with ++ * absolute values less than 2^7 */ ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ bit = 1 << w; /* at most 128 */ ++ next_bit = bit << 1; /* at most 256 */ ++ mask = next_bit - 1; /* at most 255 */ ++ ++ if (BN_is_negative(scalar)) { ++ sign = -1; ++ } ++ ++ len = BN_num_bits(scalar); ++ r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer ++ * than binary representation (*ret_len will ++ * be set to the actual length, i.e. at most ++ * BN_num_bits(scalar) + 1) */ ++ if (r == NULL) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (scalar->d == NULL || scalar->top == 0) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ window_val = scalar->d[0] & mask; ++ j = 0; ++ while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, ++ * window_val will not ++ * increase */ ++ int digit = 0; ++ ++ /* 0 <= window_val <= 2^(w+1) */ ++ ++ if (window_val & 1) { ++ /* 0 < window_val < 2^(w+1) */ ++ ++ if (window_val & bit) { ++ digit = window_val - next_bit; /* -2^w < digit < 0 */ ++ ++#if 1 /* modified wNAF */ ++ if (j + w + 1 >= len) { ++ /* ++ * special case for generating modified wNAFs: no new ++ * bits will be added into window_val, so using a ++ * positive digit here will decrease the total length of ++ * the representation ++ */ ++ ++ digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ ++ } + #endif +- } +- else +- { +- digit = window_val; /* 0 < digit < 2^w */ +- } +- +- if (digit <= -bit || digit >= bit || !(digit & 1)) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- window_val -= digit; +- +- /* now window_val is 0 or 2^(w+1) in standard wNAF generation; +- * for modified window NAFs, it may also be 2^w +- */ +- if (window_val != 0 && window_val != next_bit && window_val != bit) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- r[j++] = sign * digit; +- +- window_val >>= 1; +- window_val += bit * BN_is_bit_set(scalar, j + w); +- +- if (window_val > next_bit) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (j > len + 1) +- { +- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- len = j; +- ok = 1; ++ } else { ++ digit = window_val; /* 0 < digit < 2^w */ ++ } ++ ++ if (digit <= -bit || digit >= bit || !(digit & 1)) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ window_val -= digit; ++ ++ /* ++ * now window_val is 0 or 2^(w+1) in standard wNAF generation; ++ * for modified window NAFs, it may also be 2^w ++ */ ++ if (window_val != 0 && window_val != next_bit ++ && window_val != bit) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ r[j++] = sign * digit; ++ ++ window_val >>= 1; ++ window_val += bit * BN_is_bit_set(scalar, j + w); ++ ++ if (window_val > next_bit) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (j > len + 1) { ++ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ len = j; ++ ok = 1; + + err: +- if (!ok) +- { +- OPENSSL_free(r); +- r = NULL; +- } +- if (ok) +- *ret_len = len; +- return r; +- } +- +- +-/* TODO: table should be optimised for the wNAF-based implementation, +- * sometimes smaller windows will give better performance +- * (thus the boundaries should be increased) ++ if (!ok) { ++ OPENSSL_free(r); ++ r = NULL; ++ } ++ if (ok) ++ *ret_len = len; ++ return r; ++} ++ ++/* ++ * TODO: table should be optimised for the wNAF-based implementation, ++ * sometimes smaller windows will give better performance (thus the ++ * boundaries should be increased) + */ + #define EC_window_bits_for_scalar_size(b) \ +- ((size_t) \ +- ((b) >= 2000 ? 6 : \ +- (b) >= 800 ? 5 : \ +- (b) >= 300 ? 4 : \ +- (b) >= 70 ? 3 : \ +- (b) >= 20 ? 2 : \ +- 1)) +- +-/* Compute ++ ((size_t) \ ++ ((b) >= 2000 ? 6 : \ ++ (b) >= 800 ? 5 : \ ++ (b) >= 300 ? 4 : \ ++ (b) >= 70 ? 3 : \ ++ (b) >= 20 ? 2 : \ ++ 1)) ++ ++/*- ++ * Compute + * \sum scalars[i]*points[i], + * also including + * scalar*generator + * in the addition if scalar != NULL + */ + int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, +- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- const EC_POINT *generator = NULL; +- EC_POINT *tmp = NULL; +- size_t totalnum; +- size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ +- size_t pre_points_per_block = 0; +- size_t i, j; +- int k; +- int r_is_inverted = 0; +- int r_is_at_infinity = 1; +- size_t *wsize = NULL; /* individual window sizes */ +- signed char **wNAF = NULL; /* individual wNAFs */ +- size_t *wNAF_len = NULL; +- size_t max_len = 0; +- size_t num_val; +- EC_POINT **val = NULL; /* precomputation */ +- EC_POINT **v; +- EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */ +- const EC_PRE_COMP *pre_comp = NULL; +- int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars, +- * i.e. precomputation is not available */ +- int ret = 0; +- +- if (group->meth != r->meth) +- { +- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- +- if ((scalar == NULL) && (num == 0)) +- { +- return EC_POINT_set_to_infinity(group, r); +- } +- +- for (i = 0; i < num; i++) +- { +- if (group->meth != points[i]->meth) +- { +- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); +- return 0; +- } +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- } +- +- if (scalar != NULL) +- { +- generator = EC_GROUP_get0_generator(group); +- if (generator == NULL) +- { +- ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- +- /* look if we can use precomputed multiples of generator */ +- +- pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); +- +- if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) +- { +- blocksize = pre_comp->blocksize; +- +- /* determine maximum number of blocks that wNAF splitting may yield +- * (NB: maximum wNAF length is bit length plus one) */ +- numblocks = (BN_num_bits(scalar) / blocksize) + 1; +- +- /* we cannot use more blocks than we have precomputation for */ +- if (numblocks > pre_comp->numblocks) +- numblocks = pre_comp->numblocks; +- +- pre_points_per_block = 1u << (pre_comp->w - 1); +- +- /* check that pre_comp looks sane */ +- if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- else +- { +- /* can't use precomputation */ +- pre_comp = NULL; +- numblocks = 1; +- num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */ +- } +- } +- +- totalnum = num + numblocks; +- +- wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); +- wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); +- wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */ +- val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); +- +- if (!wsize || !wNAF_len || !wNAF || !val_sub) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- wNAF[0] = NULL; /* preliminary pivot */ +- +- /* num_val will be the total number of temporarily precomputed points */ +- num_val = 0; +- +- for (i = 0; i < num + num_scalar; i++) +- { +- size_t bits; +- +- bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); +- wsize[i] = EC_window_bits_for_scalar_size(bits); +- num_val += 1u << (wsize[i] - 1); +- wNAF[i + 1] = NULL; /* make sure we always have a pivot */ +- wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); +- if (wNAF[i] == NULL) +- goto err; +- if (wNAF_len[i] > max_len) +- max_len = wNAF_len[i]; +- } +- +- if (numblocks) +- { +- /* we go here iff scalar != NULL */ +- +- if (pre_comp == NULL) +- { +- if (num_scalar != 1) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- /* we have already generated a wNAF for 'scalar' */ +- } +- else +- { +- signed char *tmp_wNAF = NULL; +- size_t tmp_len = 0; +- +- if (num_scalar != 0) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- /* use the window size for which we have precomputation */ +- wsize[num] = pre_comp->w; +- tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); +- if (!tmp_wNAF) +- goto err; +- +- if (tmp_len <= max_len) +- { +- /* One of the other wNAFs is at least as long +- * as the wNAF belonging to the generator, +- * so wNAF splitting will not buy us anything. */ +- +- numblocks = 1; +- totalnum = num + 1; /* don't use wNAF splitting */ +- wNAF[num] = tmp_wNAF; +- wNAF[num + 1] = NULL; +- wNAF_len[num] = tmp_len; +- if (tmp_len > max_len) +- max_len = tmp_len; +- /* pre_comp->points starts with the points that we need here: */ +- val_sub[num] = pre_comp->points; +- } +- else +- { +- /* don't include tmp_wNAF directly into wNAF array +- * - use wNAF splitting and include the blocks */ +- +- signed char *pp; +- EC_POINT **tmp_points; +- +- if (tmp_len < numblocks * blocksize) +- { +- /* possibly we can do with fewer blocks than estimated */ +- numblocks = (tmp_len + blocksize - 1) / blocksize; +- if (numblocks > pre_comp->numblocks) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- totalnum = num + numblocks; +- } +- +- /* split wNAF in 'numblocks' parts */ +- pp = tmp_wNAF; +- tmp_points = pre_comp->points; +- +- for (i = num; i < totalnum; i++) +- { +- if (i < totalnum - 1) +- { +- wNAF_len[i] = blocksize; +- if (tmp_len < blocksize) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- tmp_len -= blocksize; +- } +- else +- /* last block gets whatever is left +- * (this could be more or less than 'blocksize'!) */ +- wNAF_len[i] = tmp_len; +- +- wNAF[i + 1] = NULL; +- wNAF[i] = OPENSSL_malloc(wNAF_len[i]); +- if (wNAF[i] == NULL) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(tmp_wNAF); +- goto err; +- } +- memcpy(wNAF[i], pp, wNAF_len[i]); +- if (wNAF_len[i] > max_len) +- max_len = wNAF_len[i]; +- +- if (*tmp_points == NULL) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- OPENSSL_free(tmp_wNAF); +- goto err; +- } +- val_sub[i] = tmp_points; +- tmp_points += pre_points_per_block; +- pp += blocksize; +- } +- OPENSSL_free(tmp_wNAF); +- } +- } +- } +- +- /* All points we precompute now go into a single array 'val'. +- * 'val_sub[i]' is a pointer to the subarray for the i-th point, +- * or to a subarray of 'pre_comp->points' if we already have precomputation. */ +- val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); +- if (val == NULL) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- val[num_val] = NULL; /* pivot element */ +- +- /* allocate points for precomputation */ +- v = val; +- for (i = 0; i < num + num_scalar; i++) +- { +- val_sub[i] = v; +- for (j = 0; j < (1u << (wsize[i] - 1)); j++) +- { +- *v = EC_POINT_new(group); +- if (*v == NULL) goto err; +- v++; +- } +- } +- if (!(v == val + num_val)) +- { +- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (!(tmp = EC_POINT_new(group))) +- goto err; +- +- /* prepare precomputed values: +- * val_sub[i][0] := points[i] +- * val_sub[i][1] := 3 * points[i] +- * val_sub[i][2] := 5 * points[i] +- * ... +- */ +- for (i = 0; i < num + num_scalar; i++) +- { +- if (i < num) +- { +- if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err; +- } +- else +- { +- if (!EC_POINT_copy(val_sub[i][0], generator)) goto err; +- } +- +- if (wsize[i] > 1) +- { +- if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; +- for (j = 1; j < (1u << (wsize[i] - 1)); j++) +- { +- if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; +- } +- } +- } +- +-#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ +- if (!EC_POINTs_make_affine(group, num_val, val, ctx)) +- goto err; ++ size_t num, const EC_POINT *points[], const BIGNUM *scalars[], ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ const EC_POINT *generator = NULL; ++ EC_POINT *tmp = NULL; ++ size_t totalnum; ++ size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ ++ size_t pre_points_per_block = 0; ++ size_t i, j; ++ int k; ++ int r_is_inverted = 0; ++ int r_is_at_infinity = 1; ++ size_t *wsize = NULL; /* individual window sizes */ ++ signed char **wNAF = NULL; /* individual wNAFs */ ++ size_t *wNAF_len = NULL; ++ size_t max_len = 0; ++ size_t num_val; ++ EC_POINT **val = NULL; /* precomputation */ ++ EC_POINT **v; ++ EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or ++ * 'pre_comp->points' */ ++ const EC_PRE_COMP *pre_comp = NULL; ++ int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be ++ * treated like other scalars, i.e. ++ * precomputation is not available */ ++ int ret = 0; ++ ++ if (group->meth != r->meth) { ++ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ ++ if ((scalar == NULL) && (num == 0)) { ++ return EC_POINT_set_to_infinity(group, r); ++ } ++ ++ for (i = 0; i < num; i++) { ++ if (group->meth != points[i]->meth) { ++ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); ++ return 0; ++ } ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ } ++ ++ if (scalar != NULL) { ++ generator = EC_GROUP_get0_generator(group); ++ if (generator == NULL) { ++ ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR); ++ goto err; ++ } ++ ++ /* look if we can use precomputed multiples of generator */ ++ ++ pre_comp = ++ EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ++ ec_pre_comp_free, ec_pre_comp_clear_free); ++ ++ if (pre_comp && pre_comp->numblocks ++ && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == ++ 0)) { ++ blocksize = pre_comp->blocksize; ++ ++ /* ++ * determine maximum number of blocks that wNAF splitting may ++ * yield (NB: maximum wNAF length is bit length plus one) ++ */ ++ numblocks = (BN_num_bits(scalar) / blocksize) + 1; ++ ++ /* ++ * we cannot use more blocks than we have precomputation for ++ */ ++ if (numblocks > pre_comp->numblocks) ++ numblocks = pre_comp->numblocks; ++ ++ pre_points_per_block = 1u << (pre_comp->w - 1); ++ ++ /* check that pre_comp looks sane */ ++ if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } else { ++ /* can't use precomputation */ ++ pre_comp = NULL; ++ numblocks = 1; ++ num_scalar = 1; /* treat 'scalar' like 'num'-th element of ++ * 'scalars' */ ++ } ++ } ++ ++ totalnum = num + numblocks; ++ ++ wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); ++ wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); ++ wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space ++ * for pivot */ ++ val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); ++ ++ if (!wsize || !wNAF_len || !wNAF || !val_sub) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ wNAF[0] = NULL; /* preliminary pivot */ ++ ++ /* ++ * num_val will be the total number of temporarily precomputed points ++ */ ++ num_val = 0; ++ ++ for (i = 0; i < num + num_scalar; i++) { ++ size_t bits; ++ ++ bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); ++ wsize[i] = EC_window_bits_for_scalar_size(bits); ++ num_val += 1u << (wsize[i] - 1); ++ wNAF[i + 1] = NULL; /* make sure we always have a pivot */ ++ wNAF[i] = ++ compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], ++ &wNAF_len[i]); ++ if (wNAF[i] == NULL) ++ goto err; ++ if (wNAF_len[i] > max_len) ++ max_len = wNAF_len[i]; ++ } ++ ++ if (numblocks) { ++ /* we go here iff scalar != NULL */ ++ ++ if (pre_comp == NULL) { ++ if (num_scalar != 1) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ /* we have already generated a wNAF for 'scalar' */ ++ } else { ++ signed char *tmp_wNAF = NULL; ++ size_t tmp_len = 0; ++ ++ if (num_scalar != 0) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ /* ++ * use the window size for which we have precomputation ++ */ ++ wsize[num] = pre_comp->w; ++ tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); ++ if (!tmp_wNAF) ++ goto err; ++ ++ if (tmp_len <= max_len) { ++ /* ++ * One of the other wNAFs is at least as long as the wNAF ++ * belonging to the generator, so wNAF splitting will not buy ++ * us anything. ++ */ ++ ++ numblocks = 1; ++ totalnum = num + 1; /* don't use wNAF splitting */ ++ wNAF[num] = tmp_wNAF; ++ wNAF[num + 1] = NULL; ++ wNAF_len[num] = tmp_len; ++ if (tmp_len > max_len) ++ max_len = tmp_len; ++ /* ++ * pre_comp->points starts with the points that we need here: ++ */ ++ val_sub[num] = pre_comp->points; ++ } else { ++ /* ++ * don't include tmp_wNAF directly into wNAF array - use wNAF ++ * splitting and include the blocks ++ */ ++ ++ signed char *pp; ++ EC_POINT **tmp_points; ++ ++ if (tmp_len < numblocks * blocksize) { ++ /* ++ * possibly we can do with fewer blocks than estimated ++ */ ++ numblocks = (tmp_len + blocksize - 1) / blocksize; ++ if (numblocks > pre_comp->numblocks) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ totalnum = num + numblocks; ++ } ++ ++ /* split wNAF in 'numblocks' parts */ ++ pp = tmp_wNAF; ++ tmp_points = pre_comp->points; ++ ++ for (i = num; i < totalnum; i++) { ++ if (i < totalnum - 1) { ++ wNAF_len[i] = blocksize; ++ if (tmp_len < blocksize) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ tmp_len -= blocksize; ++ } else ++ /* ++ * last block gets whatever is left (this could be ++ * more or less than 'blocksize'!) ++ */ ++ wNAF_len[i] = tmp_len; ++ ++ wNAF[i + 1] = NULL; ++ wNAF[i] = OPENSSL_malloc(wNAF_len[i]); ++ if (wNAF[i] == NULL) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(tmp_wNAF); ++ goto err; ++ } ++ memcpy(wNAF[i], pp, wNAF_len[i]); ++ if (wNAF_len[i] > max_len) ++ max_len = wNAF_len[i]; ++ ++ if (*tmp_points == NULL) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ OPENSSL_free(tmp_wNAF); ++ goto err; ++ } ++ val_sub[i] = tmp_points; ++ tmp_points += pre_points_per_block; ++ pp += blocksize; ++ } ++ OPENSSL_free(tmp_wNAF); ++ } ++ } ++ } ++ ++ /* ++ * All points we precompute now go into a single array 'val'. ++ * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a ++ * subarray of 'pre_comp->points' if we already have precomputation. ++ */ ++ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); ++ if (val == NULL) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ val[num_val] = NULL; /* pivot element */ ++ ++ /* allocate points for precomputation */ ++ v = val; ++ for (i = 0; i < num + num_scalar; i++) { ++ val_sub[i] = v; ++ for (j = 0; j < (1u << (wsize[i] - 1)); j++) { ++ *v = EC_POINT_new(group); ++ if (*v == NULL) ++ goto err; ++ v++; ++ } ++ } ++ if (!(v == val + num_val)) { ++ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (!(tmp = EC_POINT_new(group))) ++ goto err; ++ ++ /*- ++ * prepare precomputed values: ++ * val_sub[i][0] := points[i] ++ * val_sub[i][1] := 3 * points[i] ++ * val_sub[i][2] := 5 * points[i] ++ * ... ++ */ ++ for (i = 0; i < num + num_scalar; i++) { ++ if (i < num) { ++ if (!EC_POINT_copy(val_sub[i][0], points[i])) ++ goto err; ++ } else { ++ if (!EC_POINT_copy(val_sub[i][0], generator)) ++ goto err; ++ } ++ ++ if (wsize[i] > 1) { ++ if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) ++ goto err; ++ for (j = 1; j < (1u << (wsize[i] - 1)); j++) { ++ if (!EC_POINT_add ++ (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) ++ goto err; ++ } ++ } ++ } ++ ++#if 1 /* optional; EC_window_bits_for_scalar_size ++ * assumes we do this step */ ++ if (!EC_POINTs_make_affine(group, num_val, val, ctx)) ++ goto err; + #endif + +- r_is_at_infinity = 1; +- +- for (k = max_len - 1; k >= 0; k--) +- { +- if (!r_is_at_infinity) +- { +- if (!EC_POINT_dbl(group, r, r, ctx)) goto err; +- } +- +- for (i = 0; i < totalnum; i++) +- { +- if (wNAF_len[i] > (size_t)k) +- { +- int digit = wNAF[i][k]; +- int is_neg; +- +- if (digit) +- { +- is_neg = digit < 0; +- +- if (is_neg) +- digit = -digit; +- +- if (is_neg != r_is_inverted) +- { +- if (!r_is_at_infinity) +- { +- if (!EC_POINT_invert(group, r, ctx)) goto err; +- } +- r_is_inverted = !r_is_inverted; +- } +- +- /* digit > 0 */ +- +- if (r_is_at_infinity) +- { +- if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err; +- r_is_at_infinity = 0; +- } +- else +- { +- if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err; +- } +- } +- } +- } +- } +- +- if (r_is_at_infinity) +- { +- if (!EC_POINT_set_to_infinity(group, r)) goto err; +- } +- else +- { +- if (r_is_inverted) +- if (!EC_POINT_invert(group, r, ctx)) goto err; +- } +- +- ret = 1; ++ r_is_at_infinity = 1; ++ ++ for (k = max_len - 1; k >= 0; k--) { ++ if (!r_is_at_infinity) { ++ if (!EC_POINT_dbl(group, r, r, ctx)) ++ goto err; ++ } ++ ++ for (i = 0; i < totalnum; i++) { ++ if (wNAF_len[i] > (size_t)k) { ++ int digit = wNAF[i][k]; ++ int is_neg; ++ ++ if (digit) { ++ is_neg = digit < 0; ++ ++ if (is_neg) ++ digit = -digit; ++ ++ if (is_neg != r_is_inverted) { ++ if (!r_is_at_infinity) { ++ if (!EC_POINT_invert(group, r, ctx)) ++ goto err; ++ } ++ r_is_inverted = !r_is_inverted; ++ } ++ ++ /* digit > 0 */ ++ ++ if (r_is_at_infinity) { ++ if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) ++ goto err; ++ r_is_at_infinity = 0; ++ } else { ++ if (!EC_POINT_add ++ (group, r, r, val_sub[i][digit >> 1], ctx)) ++ goto err; ++ } ++ } ++ } ++ } ++ } ++ ++ if (r_is_at_infinity) { ++ if (!EC_POINT_set_to_infinity(group, r)) ++ goto err; ++ } else { ++ if (r_is_inverted) ++ if (!EC_POINT_invert(group, r, ctx)) ++ goto err; ++ } ++ ++ ret = 1; + + err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (tmp != NULL) +- EC_POINT_free(tmp); +- if (wsize != NULL) +- OPENSSL_free(wsize); +- if (wNAF_len != NULL) +- OPENSSL_free(wNAF_len); +- if (wNAF != NULL) +- { +- signed char **w; +- +- for (w = wNAF; *w != NULL; w++) +- OPENSSL_free(*w); +- +- OPENSSL_free(wNAF); +- } +- if (val != NULL) +- { +- for (v = val; *v != NULL; v++) +- EC_POINT_clear_free(*v); +- +- OPENSSL_free(val); +- } +- if (val_sub != NULL) +- { +- OPENSSL_free(val_sub); +- } +- return ret; +- } +- +- +-/* ec_wNAF_precompute_mult() ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ if (tmp != NULL) ++ EC_POINT_free(tmp); ++ if (wsize != NULL) ++ OPENSSL_free(wsize); ++ if (wNAF_len != NULL) ++ OPENSSL_free(wNAF_len); ++ if (wNAF != NULL) { ++ signed char **w; ++ ++ for (w = wNAF; *w != NULL; w++) ++ OPENSSL_free(*w); ++ ++ OPENSSL_free(wNAF); ++ } ++ if (val != NULL) { ++ for (v = val; *v != NULL; v++) ++ EC_POINT_clear_free(*v); ++ ++ OPENSSL_free(val); ++ } ++ if (val_sub != NULL) { ++ OPENSSL_free(val_sub); ++ } ++ return ret; ++} ++ ++/*- ++ * ec_wNAF_precompute_mult() + * creates an EC_PRE_COMP object with preprecomputed multiples of the generator + * for use with wNAF splitting as implemented in ec_wNAF_mul(). +- * ++ * + * 'pre_comp->points' is an array of multiples of the generator + * of the following form: + * points[0] = generator; +@@ -763,178 +737,175 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + * points[2^(w-1)*numblocks] = NULL + */ + int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) +- { +- const EC_POINT *generator; +- EC_POINT *tmp_point = NULL, *base = NULL, **var; +- BN_CTX *new_ctx = NULL; +- BIGNUM *order; +- size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; +- EC_POINT **points = NULL; +- EC_PRE_COMP *pre_comp; +- int ret = 0; +- +- /* if there is an old EC_PRE_COMP object, throw it away */ +- EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); +- +- if ((pre_comp = ec_pre_comp_new(group)) == NULL) +- return 0; +- +- generator = EC_GROUP_get0_generator(group); +- if (generator == NULL) +- { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); +- goto err; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- } +- +- BN_CTX_start(ctx); +- order = BN_CTX_get(ctx); +- if (order == NULL) goto err; +- +- if (!EC_GROUP_get_order(group, order, ctx)) goto err; +- if (BN_is_zero(order)) +- { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); +- goto err; +- } +- +- bits = BN_num_bits(order); +- /* The following parameters mean we precompute (approximately) +- * one point per bit. +- * +- * TBD: The combination 8, 4 is perfect for 160 bits; for other +- * bit lengths, other parameter combinations might provide better +- * efficiency. +- */ +- blocksize = 8; +- w = 4; +- if (EC_window_bits_for_scalar_size(bits) > w) +- { +- /* let's not make the window too small ... */ +- w = EC_window_bits_for_scalar_size(bits); +- } +- +- numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */ +- +- pre_points_per_block = 1u << (w - 1); +- num = pre_points_per_block * numblocks; /* number of points to compute and store */ +- +- points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1)); +- if (!points) +- { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- var = points; +- var[num] = NULL; /* pivot */ +- for (i = 0; i < num; i++) +- { +- if ((var[i] = EC_POINT_new(group)) == NULL) +- { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) +- { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!EC_POINT_copy(base, generator)) +- goto err; +- +- /* do the precomputation */ +- for (i = 0; i < numblocks; i++) +- { +- size_t j; +- +- if (!EC_POINT_dbl(group, tmp_point, base, ctx)) +- goto err; +- +- if (!EC_POINT_copy(*var++, base)) +- goto err; +- +- for (j = 1; j < pre_points_per_block; j++, var++) +- { +- /* calculate odd multiples of the current base point */ +- if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) +- goto err; +- } +- +- if (i < numblocks - 1) +- { +- /* get the next base (multiply current one by 2^blocksize) */ +- size_t k; +- +- if (blocksize <= 2) +- { +- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (!EC_POINT_dbl(group, base, tmp_point, ctx)) +- goto err; +- for (k = 2; k < blocksize; k++) +- { +- if (!EC_POINT_dbl(group,base,base,ctx)) +- goto err; +- } +- } +- } +- +- if (!EC_POINTs_make_affine(group, num, points, ctx)) +- goto err; +- +- pre_comp->group = group; +- pre_comp->blocksize = blocksize; +- pre_comp->numblocks = numblocks; +- pre_comp->w = w; +- pre_comp->points = points; +- points = NULL; +- pre_comp->num = num; +- +- if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, +- ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) +- goto err; +- pre_comp = NULL; +- +- ret = 1; ++{ ++ const EC_POINT *generator; ++ EC_POINT *tmp_point = NULL, *base = NULL, **var; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *order; ++ size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; ++ EC_POINT **points = NULL; ++ EC_PRE_COMP *pre_comp; ++ int ret = 0; ++ ++ /* if there is an old EC_PRE_COMP object, throw it away */ ++ EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ++ ec_pre_comp_free, ec_pre_comp_clear_free); ++ ++ if ((pre_comp = ec_pre_comp_new(group)) == NULL) ++ return 0; ++ ++ generator = EC_GROUP_get0_generator(group); ++ if (generator == NULL) { ++ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); ++ goto err; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ } ++ ++ BN_CTX_start(ctx); ++ order = BN_CTX_get(ctx); ++ if (order == NULL) ++ goto err; ++ ++ if (!EC_GROUP_get_order(group, order, ctx)) ++ goto err; ++ if (BN_is_zero(order)) { ++ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); ++ goto err; ++ } ++ ++ bits = BN_num_bits(order); ++ /* ++ * The following parameters mean we precompute (approximately) one point ++ * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other ++ * bit lengths, other parameter combinations might provide better ++ * efficiency. ++ */ ++ blocksize = 8; ++ w = 4; ++ if (EC_window_bits_for_scalar_size(bits) > w) { ++ /* let's not make the window too small ... */ ++ w = EC_window_bits_for_scalar_size(bits); ++ } ++ ++ numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks ++ * to use for wNAF ++ * splitting */ ++ ++ pre_points_per_block = 1u << (w - 1); ++ num = pre_points_per_block * numblocks; /* number of points to compute ++ * and store */ ++ ++ points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1)); ++ if (!points) { ++ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ var = points; ++ var[num] = NULL; /* pivot */ ++ for (i = 0; i < num; i++) { ++ if ((var[i] = EC_POINT_new(group)) == NULL) { ++ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { ++ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!EC_POINT_copy(base, generator)) ++ goto err; ++ ++ /* do the precomputation */ ++ for (i = 0; i < numblocks; i++) { ++ size_t j; ++ ++ if (!EC_POINT_dbl(group, tmp_point, base, ctx)) ++ goto err; ++ ++ if (!EC_POINT_copy(*var++, base)) ++ goto err; ++ ++ for (j = 1; j < pre_points_per_block; j++, var++) { ++ /* ++ * calculate odd multiples of the current base point ++ */ ++ if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) ++ goto err; ++ } ++ ++ if (i < numblocks - 1) { ++ /* ++ * get the next base (multiply current one by 2^blocksize) ++ */ ++ size_t k; ++ ++ if (blocksize <= 2) { ++ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (!EC_POINT_dbl(group, base, tmp_point, ctx)) ++ goto err; ++ for (k = 2; k < blocksize; k++) { ++ if (!EC_POINT_dbl(group, base, base, ctx)) ++ goto err; ++ } ++ } ++ } ++ ++ if (!EC_POINTs_make_affine(group, num, points, ctx)) ++ goto err; ++ ++ pre_comp->group = group; ++ pre_comp->blocksize = blocksize; ++ pre_comp->numblocks = numblocks; ++ pre_comp->w = w; ++ pre_comp->points = points; ++ points = NULL; ++ pre_comp->num = num; ++ ++ if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, ++ ec_pre_comp_dup, ec_pre_comp_free, ++ ec_pre_comp_clear_free)) ++ goto err; ++ pre_comp = NULL; ++ ++ ret = 1; + err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (pre_comp) +- ec_pre_comp_free(pre_comp); +- if (points) +- { +- EC_POINT **p; +- +- for (p = points; *p != NULL; p++) +- EC_POINT_free(*p); +- OPENSSL_free(points); +- } +- if (tmp_point) +- EC_POINT_free(tmp_point); +- if (base) +- EC_POINT_free(base); +- return ret; +- } +- ++ if (ctx != NULL) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ if (pre_comp) ++ ec_pre_comp_free(pre_comp); ++ if (points) { ++ EC_POINT **p; ++ ++ for (p = points; *p != NULL; p++) ++ EC_POINT_free(*p); ++ OPENSSL_free(points); ++ } ++ if (tmp_point) ++ EC_POINT_free(tmp_point); ++ if (base) ++ EC_POINT_free(base); ++ return ret; ++} + + int ec_wNAF_have_precompute_mult(const EC_GROUP *group) +- { +- if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) +- return 1; +- else +- return 0; +- } ++{ ++ if (EC_EX_DATA_get_data ++ (group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ++ ec_pre_comp_clear_free) != NULL) ++ return 1; ++ else ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c +index f7c8a30..96b294d 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ec_print.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ec_print.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,140 +56,124 @@ + #include + #include "ec_lcl.h" + +-BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, +- const EC_POINT *point, ++BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, ++ const EC_POINT *point, + point_conversion_form_t form, +- BIGNUM *ret, +- BN_CTX *ctx) +- { +- size_t buf_len=0; +- unsigned char *buf; ++ BIGNUM *ret, BN_CTX *ctx) ++{ ++ size_t buf_len = 0; ++ unsigned char *buf; + +- buf_len = EC_POINT_point2oct(group, point, form, +- NULL, 0, ctx); +- if (buf_len == 0) +- return NULL; ++ buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); ++ if (buf_len == 0) ++ return NULL; + +- if ((buf = OPENSSL_malloc(buf_len)) == NULL) +- return NULL; ++ if ((buf = OPENSSL_malloc(buf_len)) == NULL) ++ return NULL; + +- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) +- { +- OPENSSL_free(buf); +- return NULL; +- } ++ if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { ++ OPENSSL_free(buf); ++ return NULL; ++ } + +- ret = BN_bin2bn(buf, buf_len, ret); ++ ret = BN_bin2bn(buf, buf_len, ret); + +- OPENSSL_free(buf); ++ OPENSSL_free(buf); + +- return ret; ++ return ret; + } + + EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, +- const BIGNUM *bn, +- EC_POINT *point, +- BN_CTX *ctx) +- { +- size_t buf_len=0; +- unsigned char *buf; +- EC_POINT *ret; +- +- if ((buf_len = BN_num_bytes(bn)) == 0) return NULL; +- buf = OPENSSL_malloc(buf_len); +- if (buf == NULL) +- return NULL; +- +- if (!BN_bn2bin(bn, buf)) +- { +- OPENSSL_free(buf); +- return NULL; +- } +- +- if (point == NULL) +- { +- if ((ret = EC_POINT_new(group)) == NULL) +- { +- OPENSSL_free(buf); +- return NULL; +- } +- } +- else +- ret = point; +- +- if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) +- { +- if (point == NULL) +- EC_POINT_clear_free(ret); +- OPENSSL_free(buf); +- return NULL; +- } +- +- OPENSSL_free(buf); +- return ret; +- } ++ const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) ++{ ++ size_t buf_len = 0; ++ unsigned char *buf; ++ EC_POINT *ret; ++ ++ if ((buf_len = BN_num_bytes(bn)) == 0) ++ return NULL; ++ buf = OPENSSL_malloc(buf_len); ++ if (buf == NULL) ++ return NULL; ++ ++ if (!BN_bn2bin(bn, buf)) { ++ OPENSSL_free(buf); ++ return NULL; ++ } ++ ++ if (point == NULL) { ++ if ((ret = EC_POINT_new(group)) == NULL) { ++ OPENSSL_free(buf); ++ return NULL; ++ } ++ } else ++ ret = point; ++ ++ if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) { ++ if (point == NULL) ++ EC_POINT_clear_free(ret); ++ OPENSSL_free(buf); ++ return NULL; ++ } ++ ++ OPENSSL_free(buf); ++ return ret; ++} + + static const char *HEX_DIGITS = "0123456789ABCDEF"; + + /* the return value must be freed (using OPENSSL_free()) */ + char *EC_POINT_point2hex(const EC_GROUP *group, + const EC_POINT *point, +- point_conversion_form_t form, +- BN_CTX *ctx) +- { +- char *ret, *p; +- size_t buf_len=0,i; +- unsigned char *buf, *pbuf; +- +- buf_len = EC_POINT_point2oct(group, point, form, +- NULL, 0, ctx); +- if (buf_len == 0) +- return NULL; +- +- if ((buf = OPENSSL_malloc(buf_len)) == NULL) +- return NULL; +- +- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) +- { +- OPENSSL_free(buf); +- return NULL; +- } +- +- ret = (char *)OPENSSL_malloc(buf_len*2+2); +- if (ret == NULL) +- { +- OPENSSL_free(buf); +- return NULL; +- } +- p = ret; +- pbuf = buf; +- for (i=buf_len; i > 0; i--) +- { +- int v = (int) *(pbuf++); +- *(p++)=HEX_DIGITS[v>>4]; +- *(p++)=HEX_DIGITS[v&0x0F]; +- } +- *p='\0'; +- +- OPENSSL_free(buf); +- +- return ret; +- } ++ point_conversion_form_t form, BN_CTX *ctx) ++{ ++ char *ret, *p; ++ size_t buf_len = 0, i; ++ unsigned char *buf, *pbuf; ++ ++ buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx); ++ if (buf_len == 0) ++ return NULL; ++ ++ if ((buf = OPENSSL_malloc(buf_len)) == NULL) ++ return NULL; ++ ++ if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { ++ OPENSSL_free(buf); ++ return NULL; ++ } ++ ++ ret = (char *)OPENSSL_malloc(buf_len * 2 + 2); ++ if (ret == NULL) { ++ OPENSSL_free(buf); ++ return NULL; ++ } ++ p = ret; ++ pbuf = buf; ++ for (i = buf_len; i > 0; i--) { ++ int v = (int)*(pbuf++); ++ *(p++) = HEX_DIGITS[v >> 4]; ++ *(p++) = HEX_DIGITS[v & 0x0F]; ++ } ++ *p = '\0'; ++ ++ OPENSSL_free(buf); ++ ++ return ret; ++} + + EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, +- const char *buf, +- EC_POINT *point, +- BN_CTX *ctx) +- { +- EC_POINT *ret=NULL; +- BIGNUM *tmp_bn=NULL; ++ const char *buf, EC_POINT *point, BN_CTX *ctx) ++{ ++ EC_POINT *ret = NULL; ++ BIGNUM *tmp_bn = NULL; + +- if (!BN_hex2bn(&tmp_bn, buf)) +- return NULL; ++ if (!BN_hex2bn(&tmp_bn, buf)) ++ return NULL; + +- ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); ++ ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); + +- BN_clear_free(tmp_bn); ++ BN_clear_free(tmp_bn); + +- return ret; +- } ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c +index 9fc4a46..1bfae5d 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,251 +65,236 @@ + + #include "ec_lcl.h" + +- + const EC_METHOD *EC_GFp_mont_method(void) +- { +- static const EC_METHOD ret = { +- NID_X9_62_prime_field, +- ec_GFp_mont_group_init, +- ec_GFp_mont_group_finish, +- ec_GFp_mont_group_clear_finish, +- ec_GFp_mont_group_copy, +- ec_GFp_mont_group_set_curve, +- ec_GFp_simple_group_get_curve, +- ec_GFp_simple_group_get_degree, +- ec_GFp_simple_group_check_discriminant, +- ec_GFp_simple_point_init, +- ec_GFp_simple_point_finish, +- ec_GFp_simple_point_clear_finish, +- ec_GFp_simple_point_copy, +- ec_GFp_simple_point_set_to_infinity, +- ec_GFp_simple_set_Jprojective_coordinates_GFp, +- ec_GFp_simple_get_Jprojective_coordinates_GFp, +- ec_GFp_simple_point_set_affine_coordinates, +- ec_GFp_simple_point_get_affine_coordinates, +- ec_GFp_simple_set_compressed_coordinates, +- ec_GFp_simple_point2oct, +- ec_GFp_simple_oct2point, +- ec_GFp_simple_add, +- ec_GFp_simple_dbl, +- ec_GFp_simple_invert, +- ec_GFp_simple_is_at_infinity, +- ec_GFp_simple_is_on_curve, +- ec_GFp_simple_cmp, +- ec_GFp_simple_make_affine, +- ec_GFp_simple_points_make_affine, +- 0 /* mul */, +- 0 /* precompute_mult */, +- 0 /* have_precompute_mult */, +- ec_GFp_mont_field_mul, +- ec_GFp_mont_field_sqr, +- 0 /* field_div */, +- ec_GFp_mont_field_encode, +- ec_GFp_mont_field_decode, +- ec_GFp_mont_field_set_to_one }; +- +- return &ret; +- } +- ++{ ++ static const EC_METHOD ret = { ++ NID_X9_62_prime_field, ++ ec_GFp_mont_group_init, ++ ec_GFp_mont_group_finish, ++ ec_GFp_mont_group_clear_finish, ++ ec_GFp_mont_group_copy, ++ ec_GFp_mont_group_set_curve, ++ ec_GFp_simple_group_get_curve, ++ ec_GFp_simple_group_get_degree, ++ ec_GFp_simple_group_check_discriminant, ++ ec_GFp_simple_point_init, ++ ec_GFp_simple_point_finish, ++ ec_GFp_simple_point_clear_finish, ++ ec_GFp_simple_point_copy, ++ ec_GFp_simple_point_set_to_infinity, ++ ec_GFp_simple_set_Jprojective_coordinates_GFp, ++ ec_GFp_simple_get_Jprojective_coordinates_GFp, ++ ec_GFp_simple_point_set_affine_coordinates, ++ ec_GFp_simple_point_get_affine_coordinates, ++ ec_GFp_simple_set_compressed_coordinates, ++ ec_GFp_simple_point2oct, ++ ec_GFp_simple_oct2point, ++ ec_GFp_simple_add, ++ ec_GFp_simple_dbl, ++ ec_GFp_simple_invert, ++ ec_GFp_simple_is_at_infinity, ++ ec_GFp_simple_is_on_curve, ++ ec_GFp_simple_cmp, ++ ec_GFp_simple_make_affine, ++ ec_GFp_simple_points_make_affine, ++ 0 /* mul */ , ++ 0 /* precompute_mult */ , ++ 0 /* have_precompute_mult */ , ++ ec_GFp_mont_field_mul, ++ ec_GFp_mont_field_sqr, ++ 0 /* field_div */ , ++ ec_GFp_mont_field_encode, ++ ec_GFp_mont_field_decode, ++ ec_GFp_mont_field_set_to_one ++ }; ++ ++ return &ret; ++} + + int ec_GFp_mont_group_init(EC_GROUP *group) +- { +- int ok; +- +- ok = ec_GFp_simple_group_init(group); +- group->field_data1 = NULL; +- group->field_data2 = NULL; +- return ok; +- } ++{ ++ int ok; + ++ ok = ec_GFp_simple_group_init(group); ++ group->field_data1 = NULL; ++ group->field_data2 = NULL; ++ return ok; ++} + + void ec_GFp_mont_group_finish(EC_GROUP *group) +- { +- if (group->field_data1 != NULL) +- { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- } +- if (group->field_data2 != NULL) +- { +- BN_free(group->field_data2); +- group->field_data2 = NULL; +- } +- ec_GFp_simple_group_finish(group); +- } +- ++{ ++ if (group->field_data1 != NULL) { ++ BN_MONT_CTX_free(group->field_data1); ++ group->field_data1 = NULL; ++ } ++ if (group->field_data2 != NULL) { ++ BN_free(group->field_data2); ++ group->field_data2 = NULL; ++ } ++ ec_GFp_simple_group_finish(group); ++} + + void ec_GFp_mont_group_clear_finish(EC_GROUP *group) +- { +- if (group->field_data1 != NULL) +- { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- } +- if (group->field_data2 != NULL) +- { +- BN_clear_free(group->field_data2); +- group->field_data2 = NULL; +- } +- ec_GFp_simple_group_clear_finish(group); +- } +- ++{ ++ if (group->field_data1 != NULL) { ++ BN_MONT_CTX_free(group->field_data1); ++ group->field_data1 = NULL; ++ } ++ if (group->field_data2 != NULL) { ++ BN_clear_free(group->field_data2); ++ group->field_data2 = NULL; ++ } ++ ec_GFp_simple_group_clear_finish(group); ++} + + int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) +- { +- if (dest->field_data1 != NULL) +- { +- BN_MONT_CTX_free(dest->field_data1); +- dest->field_data1 = NULL; +- } +- if (dest->field_data2 != NULL) +- { +- BN_clear_free(dest->field_data2); +- dest->field_data2 = NULL; +- } +- +- if (!ec_GFp_simple_group_copy(dest, src)) return 0; +- +- if (src->field_data1 != NULL) +- { +- dest->field_data1 = BN_MONT_CTX_new(); +- if (dest->field_data1 == NULL) return 0; +- if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err; +- } +- if (src->field_data2 != NULL) +- { +- dest->field_data2 = BN_dup(src->field_data2); +- if (dest->field_data2 == NULL) goto err; +- } +- +- return 1; ++{ ++ if (dest->field_data1 != NULL) { ++ BN_MONT_CTX_free(dest->field_data1); ++ dest->field_data1 = NULL; ++ } ++ if (dest->field_data2 != NULL) { ++ BN_clear_free(dest->field_data2); ++ dest->field_data2 = NULL; ++ } ++ ++ if (!ec_GFp_simple_group_copy(dest, src)) ++ return 0; ++ ++ if (src->field_data1 != NULL) { ++ dest->field_data1 = BN_MONT_CTX_new(); ++ if (dest->field_data1 == NULL) ++ return 0; ++ if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) ++ goto err; ++ } ++ if (src->field_data2 != NULL) { ++ dest->field_data2 = BN_dup(src->field_data2); ++ if (dest->field_data2 == NULL) ++ goto err; ++ } ++ ++ return 1; + + err: +- if (dest->field_data1 != NULL) +- { +- BN_MONT_CTX_free(dest->field_data1); +- dest->field_data1 = NULL; +- } +- return 0; +- } +- +- +-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BN_MONT_CTX *mont = NULL; +- BIGNUM *one = NULL; +- int ret = 0; +- +- if (group->field_data1 != NULL) +- { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- } +- if (group->field_data2 != NULL) +- { +- BN_free(group->field_data2); +- group->field_data2 = NULL; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- mont = BN_MONT_CTX_new(); +- if (mont == NULL) goto err; +- if (!BN_MONT_CTX_set(mont, p, ctx)) +- { +- ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); +- goto err; +- } +- one = BN_new(); +- if (one == NULL) goto err; +- if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; +- +- group->field_data1 = mont; +- mont = NULL; +- group->field_data2 = one; +- one = NULL; +- +- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); +- +- if (!ret) +- { +- BN_MONT_CTX_free(group->field_data1); +- group->field_data1 = NULL; +- BN_free(group->field_data2); +- group->field_data2 = NULL; +- } ++ if (dest->field_data1 != NULL) { ++ BN_MONT_CTX_free(dest->field_data1); ++ dest->field_data1 = NULL; ++ } ++ return 0; ++} ++ ++int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, ++ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BN_MONT_CTX *mont = NULL; ++ BIGNUM *one = NULL; ++ int ret = 0; ++ ++ if (group->field_data1 != NULL) { ++ BN_MONT_CTX_free(group->field_data1); ++ group->field_data1 = NULL; ++ } ++ if (group->field_data2 != NULL) { ++ BN_free(group->field_data2); ++ group->field_data2 = NULL; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ mont = BN_MONT_CTX_new(); ++ if (mont == NULL) ++ goto err; ++ if (!BN_MONT_CTX_set(mont, p, ctx)) { ++ ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB); ++ goto err; ++ } ++ one = BN_new(); ++ if (one == NULL) ++ goto err; ++ if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) ++ goto err; ++ ++ group->field_data1 = mont; ++ mont = NULL; ++ group->field_data2 = one; ++ one = NULL; ++ ++ ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); ++ ++ if (!ret) { ++ BN_MONT_CTX_free(group->field_data1); ++ group->field_data1 = NULL; ++ BN_free(group->field_data2); ++ group->field_data2 = NULL; ++ } + + err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (mont != NULL) +- BN_MONT_CTX_free(mont); +- return ret; +- } +- +- +-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- if (group->field_data1 == NULL) +- { +- ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); +- } +- +- +-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +- { +- if (group->field_data1 == NULL) +- { +- ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); +- } +- +- +-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +- { +- if (group->field_data1 == NULL) +- { +- ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); +- } +- +- +-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +- { +- if (group->field_data1 == NULL) +- { +- ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- return BN_from_montgomery(r, a, group->field_data1, ctx); +- } +- +- +-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) +- { +- if (group->field_data2 == NULL) +- { +- ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); +- return 0; +- } +- +- if (!BN_copy(r, group->field_data2)) return 0; +- return 1; +- } ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ if (mont != NULL) ++ BN_MONT_CTX_free(mont); ++ return ret; ++} ++ ++int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ if (group->field_data1 == NULL) { ++ ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); ++ return 0; ++ } ++ ++ return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); ++} ++ ++int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, ++ BN_CTX *ctx) ++{ ++ if (group->field_data1 == NULL) { ++ ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); ++ return 0; ++ } ++ ++ return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); ++} ++ ++int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, ++ const BIGNUM *a, BN_CTX *ctx) ++{ ++ if (group->field_data1 == NULL) { ++ ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); ++ return 0; ++ } ++ ++ return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); ++} ++ ++int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, ++ const BIGNUM *a, BN_CTX *ctx) ++{ ++ if (group->field_data1 == NULL) { ++ ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); ++ return 0; ++ } ++ ++ return BN_from_montgomery(r, a, group->field_data1, ctx); ++} ++ ++int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, ++ BN_CTX *ctx) ++{ ++ if (group->field_data2 == NULL) { ++ ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED); ++ return 0; ++ } ++ ++ if (!BN_copy(r, group->field_data2)) ++ return 0; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c +index 71893d5..dd976d3 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -68,169 +68,168 @@ + #include "ec_lcl.h" + + const EC_METHOD *EC_GFp_nist_method(void) +- { +- static const EC_METHOD ret = { +- NID_X9_62_prime_field, +- ec_GFp_simple_group_init, +- ec_GFp_simple_group_finish, +- ec_GFp_simple_group_clear_finish, +- ec_GFp_nist_group_copy, +- ec_GFp_nist_group_set_curve, +- ec_GFp_simple_group_get_curve, +- ec_GFp_simple_group_get_degree, +- ec_GFp_simple_group_check_discriminant, +- ec_GFp_simple_point_init, +- ec_GFp_simple_point_finish, +- ec_GFp_simple_point_clear_finish, +- ec_GFp_simple_point_copy, +- ec_GFp_simple_point_set_to_infinity, +- ec_GFp_simple_set_Jprojective_coordinates_GFp, +- ec_GFp_simple_get_Jprojective_coordinates_GFp, +- ec_GFp_simple_point_set_affine_coordinates, +- ec_GFp_simple_point_get_affine_coordinates, +- ec_GFp_simple_set_compressed_coordinates, +- ec_GFp_simple_point2oct, +- ec_GFp_simple_oct2point, +- ec_GFp_simple_add, +- ec_GFp_simple_dbl, +- ec_GFp_simple_invert, +- ec_GFp_simple_is_at_infinity, +- ec_GFp_simple_is_on_curve, +- ec_GFp_simple_cmp, +- ec_GFp_simple_make_affine, +- ec_GFp_simple_points_make_affine, +- 0 /* mul */, +- 0 /* precompute_mult */, +- 0 /* have_precompute_mult */, +- ec_GFp_nist_field_mul, +- ec_GFp_nist_field_sqr, +- 0 /* field_div */, +- 0 /* field_encode */, +- 0 /* field_decode */, +- 0 /* field_set_to_one */ }; +- +- return &ret; +- } ++{ ++ static const EC_METHOD ret = { ++ NID_X9_62_prime_field, ++ ec_GFp_simple_group_init, ++ ec_GFp_simple_group_finish, ++ ec_GFp_simple_group_clear_finish, ++ ec_GFp_nist_group_copy, ++ ec_GFp_nist_group_set_curve, ++ ec_GFp_simple_group_get_curve, ++ ec_GFp_simple_group_get_degree, ++ ec_GFp_simple_group_check_discriminant, ++ ec_GFp_simple_point_init, ++ ec_GFp_simple_point_finish, ++ ec_GFp_simple_point_clear_finish, ++ ec_GFp_simple_point_copy, ++ ec_GFp_simple_point_set_to_infinity, ++ ec_GFp_simple_set_Jprojective_coordinates_GFp, ++ ec_GFp_simple_get_Jprojective_coordinates_GFp, ++ ec_GFp_simple_point_set_affine_coordinates, ++ ec_GFp_simple_point_get_affine_coordinates, ++ ec_GFp_simple_set_compressed_coordinates, ++ ec_GFp_simple_point2oct, ++ ec_GFp_simple_oct2point, ++ ec_GFp_simple_add, ++ ec_GFp_simple_dbl, ++ ec_GFp_simple_invert, ++ ec_GFp_simple_is_at_infinity, ++ ec_GFp_simple_is_on_curve, ++ ec_GFp_simple_cmp, ++ ec_GFp_simple_make_affine, ++ ec_GFp_simple_points_make_affine, ++ 0 /* mul */ , ++ 0 /* precompute_mult */ , ++ 0 /* have_precompute_mult */ , ++ ec_GFp_nist_field_mul, ++ ec_GFp_nist_field_sqr, ++ 0 /* field_div */ , ++ 0 /* field_encode */ , ++ 0 /* field_decode */ , ++ 0 /* field_set_to_one */ ++ }; ++ ++ return &ret; ++} + + #if BN_BITS2 == 64 +-#define NO_32_BIT_TYPE ++# define NO_32_BIT_TYPE + #endif + + int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) +- { +- dest->field_mod_func = src->field_mod_func; ++{ ++ dest->field_mod_func = src->field_mod_func; + +- return ec_GFp_simple_group_copy(dest, src); +- } ++ return ec_GFp_simple_group_copy(dest, src); ++} + + int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, +- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- int ret = 0; +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp_bn; +- +- if (ctx == NULL) +- if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0; +- +- BN_CTX_start(ctx); +- if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err; +- +- if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) +- group->field_mod_func = BN_nist_mod_192; +- else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) +- { ++ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) ++{ ++ int ret = 0; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *tmp_bn; ++ ++ if (ctx == NULL) ++ if ((ctx = new_ctx = BN_CTX_new()) == NULL) ++ return 0; ++ ++ BN_CTX_start(ctx); ++ if ((tmp_bn = BN_CTX_get(ctx)) == NULL) ++ goto err; ++ ++ if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) ++ group->field_mod_func = BN_nist_mod_192; ++ else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) { + #ifndef NO_32_BIT_TYPE +- group->field_mod_func = BN_nist_mod_224; ++ group->field_mod_func = BN_nist_mod_224; + #else +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); +- goto err; ++ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, ++ EC_R_NOT_A_SUPPORTED_NIST_PRIME); ++ goto err; + #endif +- } +- else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) +- { ++ } else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) { + #ifndef NO_32_BIT_TYPE +- group->field_mod_func = BN_nist_mod_256; ++ group->field_mod_func = BN_nist_mod_256; + #else +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); +- goto err; ++ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, ++ EC_R_NOT_A_SUPPORTED_NIST_PRIME); ++ goto err; + #endif +- } +- else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) +- { ++ } else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) { + #ifndef NO_32_BIT_TYPE +- group->field_mod_func = BN_nist_mod_384; ++ group->field_mod_func = BN_nist_mod_384; + #else +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME); +- goto err; ++ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, ++ EC_R_NOT_A_SUPPORTED_NIST_PRIME); ++ goto err; + #endif +- } +- else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) +- /* this one works in the NO_32_BIT_TYPE case */ +- group->field_mod_func = BN_nist_mod_521; +- else +- { +- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); +- goto err; +- } +- +- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); ++ } else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) ++ /* this one works in the NO_32_BIT_TYPE case */ ++ group->field_mod_func = BN_nist_mod_521; ++ else { ++ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME); ++ goto err; ++ } + +- err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } ++ ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + ++ err: ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} + + int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *b, BN_CTX *ctx) +- { +- int ret=0; +- BN_CTX *ctx_new=NULL; +- +- if (!group || !r || !a || !b) +- { +- ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- if (!ctx) +- if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; +- +- if (!BN_mul(r, a, b, ctx)) goto err; +- if (!group->field_mod_func(r, r, &group->field, ctx)) +- goto err; +- +- ret=1; +-err: +- if (ctx_new) +- BN_CTX_free(ctx_new); +- return ret; +- } +- ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ int ret = 0; ++ BN_CTX *ctx_new = NULL; ++ ++ if (!group || !r || !a || !b) { ++ ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ if (!ctx) ++ if ((ctx_new = ctx = BN_CTX_new()) == NULL) ++ goto err; ++ ++ if (!BN_mul(r, a, b, ctx)) ++ goto err; ++ if (!group->field_mod_func(r, r, &group->field, ctx)) ++ goto err; ++ ++ ret = 1; ++ err: ++ if (ctx_new) ++ BN_CTX_free(ctx_new); ++ return ret; ++} + + int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, +- BN_CTX *ctx) +- { +- int ret=0; +- BN_CTX *ctx_new=NULL; +- +- if (!group || !r || !a) +- { +- ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- if (!ctx) +- if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err; +- +- if (!BN_sqr(r, a, ctx)) goto err; +- if (!group->field_mod_func(r, r, &group->field, ctx)) +- goto err; +- +- ret=1; +-err: +- if (ctx_new) +- BN_CTX_free(ctx_new); +- return ret; +- } ++ BN_CTX *ctx) ++{ ++ int ret = 0; ++ BN_CTX *ctx_new = NULL; ++ ++ if (!group || !r || !a) { ++ ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER); ++ goto err; ++ } ++ if (!ctx) ++ if ((ctx_new = ctx = BN_CTX_new()) == NULL) ++ goto err; ++ ++ if (!BN_sqr(r, a, ctx)) ++ goto err; ++ if (!group->field_mod_func(r, r, &group->field, ctx)) ++ goto err; ++ ++ ret = 1; ++ err: ++ if (ctx_new) ++ BN_CTX_free(ctx_new); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +index b239088..a0c1540 100644 +--- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c ++++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c +@@ -1,8 +1,9 @@ + /* crypto/ec/ecp_smpl.c */ +-/* Includes code written by Lenka Fibikova +- * for the OpenSSL project. +- * Includes code written by Bodo Moeller for the OpenSSL project. +-*/ ++/* ++ * Includes code written by Lenka Fibikova ++ * for the OpenSSL project. Includes code written by Bodo Moeller for the ++ * OpenSSL project. ++ */ + /* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * +@@ -11,7 +12,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -68,1630 +69,1701 @@ + #include "ec_lcl.h" + + const EC_METHOD *EC_GFp_simple_method(void) +- { +- static const EC_METHOD ret = { +- NID_X9_62_prime_field, +- ec_GFp_simple_group_init, +- ec_GFp_simple_group_finish, +- ec_GFp_simple_group_clear_finish, +- ec_GFp_simple_group_copy, +- ec_GFp_simple_group_set_curve, +- ec_GFp_simple_group_get_curve, +- ec_GFp_simple_group_get_degree, +- ec_GFp_simple_group_check_discriminant, +- ec_GFp_simple_point_init, +- ec_GFp_simple_point_finish, +- ec_GFp_simple_point_clear_finish, +- ec_GFp_simple_point_copy, +- ec_GFp_simple_point_set_to_infinity, +- ec_GFp_simple_set_Jprojective_coordinates_GFp, +- ec_GFp_simple_get_Jprojective_coordinates_GFp, +- ec_GFp_simple_point_set_affine_coordinates, +- ec_GFp_simple_point_get_affine_coordinates, +- ec_GFp_simple_set_compressed_coordinates, +- ec_GFp_simple_point2oct, +- ec_GFp_simple_oct2point, +- ec_GFp_simple_add, +- ec_GFp_simple_dbl, +- ec_GFp_simple_invert, +- ec_GFp_simple_is_at_infinity, +- ec_GFp_simple_is_on_curve, +- ec_GFp_simple_cmp, +- ec_GFp_simple_make_affine, +- ec_GFp_simple_points_make_affine, +- 0 /* mul */, +- 0 /* precompute_mult */, +- 0 /* have_precompute_mult */, +- ec_GFp_simple_field_mul, +- ec_GFp_simple_field_sqr, +- 0 /* field_div */, +- 0 /* field_encode */, +- 0 /* field_decode */, +- 0 /* field_set_to_one */ }; +- +- return &ret; +- } +- +- +-/* Most method functions in this file are designed to work with ++{ ++ static const EC_METHOD ret = { ++ NID_X9_62_prime_field, ++ ec_GFp_simple_group_init, ++ ec_GFp_simple_group_finish, ++ ec_GFp_simple_group_clear_finish, ++ ec_GFp_simple_group_copy, ++ ec_GFp_simple_group_set_curve, ++ ec_GFp_simple_group_get_curve, ++ ec_GFp_simple_group_get_degree, ++ ec_GFp_simple_group_check_discriminant, ++ ec_GFp_simple_point_init, ++ ec_GFp_simple_point_finish, ++ ec_GFp_simple_point_clear_finish, ++ ec_GFp_simple_point_copy, ++ ec_GFp_simple_point_set_to_infinity, ++ ec_GFp_simple_set_Jprojective_coordinates_GFp, ++ ec_GFp_simple_get_Jprojective_coordinates_GFp, ++ ec_GFp_simple_point_set_affine_coordinates, ++ ec_GFp_simple_point_get_affine_coordinates, ++ ec_GFp_simple_set_compressed_coordinates, ++ ec_GFp_simple_point2oct, ++ ec_GFp_simple_oct2point, ++ ec_GFp_simple_add, ++ ec_GFp_simple_dbl, ++ ec_GFp_simple_invert, ++ ec_GFp_simple_is_at_infinity, ++ ec_GFp_simple_is_on_curve, ++ ec_GFp_simple_cmp, ++ ec_GFp_simple_make_affine, ++ ec_GFp_simple_points_make_affine, ++ 0 /* mul */ , ++ 0 /* precompute_mult */ , ++ 0 /* have_precompute_mult */ , ++ ec_GFp_simple_field_mul, ++ ec_GFp_simple_field_sqr, ++ 0 /* field_div */ , ++ 0 /* field_encode */ , ++ 0 /* field_decode */ , ++ 0 /* field_set_to_one */ ++ }; ++ ++ return &ret; ++} ++ ++/* ++ * Most method functions in this file are designed to work with + * non-trivial representations of field elements if necessary + * (see ecp_mont.c): while standard modular addition and subtraction + * are used, the field_mul and field_sqr methods will be used for + * multiplication, and field_encode and field_decode (if defined) + * will be used for converting between representations. +- ++ * + * Functions ec_GFp_simple_points_make_affine() and + * ec_GFp_simple_point_get_affine_coordinates() specifically assume + * that if a non-trivial representation is used, it is a Montgomery + * representation (i.e. 'encoding' means multiplying by some factor R). + */ + +- + int ec_GFp_simple_group_init(EC_GROUP *group) +- { +- BN_init(&group->field); +- BN_init(&group->a); +- BN_init(&group->b); +- group->a_is_minus3 = 0; +- return 1; +- } +- ++{ ++ BN_init(&group->field); ++ BN_init(&group->a); ++ BN_init(&group->b); ++ group->a_is_minus3 = 0; ++ return 1; ++} + + void ec_GFp_simple_group_finish(EC_GROUP *group) +- { +- BN_free(&group->field); +- BN_free(&group->a); +- BN_free(&group->b); +- } +- ++{ ++ BN_free(&group->field); ++ BN_free(&group->a); ++ BN_free(&group->b); ++} + + void ec_GFp_simple_group_clear_finish(EC_GROUP *group) +- { +- BN_clear_free(&group->field); +- BN_clear_free(&group->a); +- BN_clear_free(&group->b); +- } +- ++{ ++ BN_clear_free(&group->field); ++ BN_clear_free(&group->a); ++ BN_clear_free(&group->b); ++} + + int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) +- { +- if (!BN_copy(&dest->field, &src->field)) return 0; +- if (!BN_copy(&dest->a, &src->a)) return 0; +- if (!BN_copy(&dest->b, &src->b)) return 0; +- +- dest->a_is_minus3 = src->a_is_minus3; ++{ ++ if (!BN_copy(&dest->field, &src->field)) ++ return 0; ++ if (!BN_copy(&dest->a, &src->a)) ++ return 0; ++ if (!BN_copy(&dest->b, &src->b)) ++ return 0; + +- return 1; +- } ++ dest->a_is_minus3 = src->a_is_minus3; + ++ return 1; ++} + + int ec_GFp_simple_group_set_curve(EC_GROUP *group, +- const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- int ret = 0; +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp_a; +- +- /* p must be a prime > 3 */ +- if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); +- return 0; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- tmp_a = BN_CTX_get(ctx); +- if (tmp_a == NULL) goto err; +- +- /* group->field */ +- if (!BN_copy(&group->field, p)) goto err; +- BN_set_negative(&group->field, 0); +- +- /* group->a */ +- if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; +- if (group->meth->field_encode) +- { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; } +- else +- if (!BN_copy(&group->a, tmp_a)) goto err; +- +- /* group->b */ +- if (!BN_nnmod(&group->b, b, p, ctx)) goto err; +- if (group->meth->field_encode) +- if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err; +- +- /* group->a_is_minus3 */ +- if (!BN_add_word(tmp_a, 3)) goto err; +- group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); +- +- ret = 1; ++ const BIGNUM *p, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ int ret = 0; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *tmp_a; ++ ++ /* p must be a prime > 3 */ ++ if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD); ++ return 0; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ tmp_a = BN_CTX_get(ctx); ++ if (tmp_a == NULL) ++ goto err; ++ ++ /* group->field */ ++ if (!BN_copy(&group->field, p)) ++ goto err; ++ BN_set_negative(&group->field, 0); ++ ++ /* group->a */ ++ if (!BN_nnmod(tmp_a, a, p, ctx)) ++ goto err; ++ if (group->meth->field_encode) { ++ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) ++ goto err; ++ } else if (!BN_copy(&group->a, tmp_a)) ++ goto err; ++ ++ /* group->b */ ++ if (!BN_nnmod(&group->b, b, p, ctx)) ++ goto err; ++ if (group->meth->field_encode) ++ if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) ++ goto err; ++ ++ /* group->a_is_minus3 */ ++ if (!BN_add_word(tmp_a, 3)) ++ goto err; ++ group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +- { +- int ret = 0; +- BN_CTX *new_ctx = NULL; +- +- if (p != NULL) +- { +- if (!BN_copy(p, &group->field)) return 0; +- } +- +- if (a != NULL || b != NULL) +- { +- if (group->meth->field_decode) +- { +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- if (a != NULL) +- { +- if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; +- } +- if (b != NULL) +- { +- if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; +- } +- } +- else +- { +- if (a != NULL) +- { +- if (!BN_copy(a, &group->a)) goto err; +- } +- if (b != NULL) +- { +- if (!BN_copy(b, &group->b)) goto err; +- } +- } +- } +- +- ret = 1; +- +- err: +- if (new_ctx) +- BN_CTX_free(new_ctx); +- return ret; +- } ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ++ BIGNUM *b, BN_CTX *ctx) ++{ ++ int ret = 0; ++ BN_CTX *new_ctx = NULL; ++ ++ if (p != NULL) { ++ if (!BN_copy(p, &group->field)) ++ return 0; ++ } ++ ++ if (a != NULL || b != NULL) { ++ if (group->meth->field_decode) { ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ if (a != NULL) { ++ if (!group->meth->field_decode(group, a, &group->a, ctx)) ++ goto err; ++ } ++ if (b != NULL) { ++ if (!group->meth->field_decode(group, b, &group->b, ctx)) ++ goto err; ++ } ++ } else { ++ if (a != NULL) { ++ if (!BN_copy(a, &group->a)) ++ goto err; ++ } ++ if (b != NULL) { ++ if (!BN_copy(b, &group->b)) ++ goto err; ++ } ++ } ++ } ++ ++ ret = 1; + ++ err: ++ if (new_ctx) ++ BN_CTX_free(new_ctx); ++ return ret; ++} + + int ec_GFp_simple_group_get_degree(const EC_GROUP *group) +- { +- return BN_num_bits(&group->field); +- } +- ++{ ++ return BN_num_bits(&group->field); ++} + + int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) +- { +- int ret = 0; +- BIGNUM *a,*b,*order,*tmp_1,*tmp_2; +- const BIGNUM *p = &group->field; +- BN_CTX *new_ctx = NULL; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- BN_CTX_start(ctx); +- a = BN_CTX_get(ctx); +- b = BN_CTX_get(ctx); +- tmp_1 = BN_CTX_get(ctx); +- tmp_2 = BN_CTX_get(ctx); +- order = BN_CTX_get(ctx); +- if (order == NULL) goto err; +- +- if (group->meth->field_decode) +- { +- if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; +- if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; +- } +- else +- { +- if (!BN_copy(a, &group->a)) goto err; +- if (!BN_copy(b, &group->b)) goto err; +- } +- +- /* check the discriminant: +- * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) +- * 0 =< a, b < p */ +- if (BN_is_zero(a)) +- { +- if (BN_is_zero(b)) goto err; +- } +- else if (!BN_is_zero(b)) +- { +- if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err; +- if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err; +- if (!BN_lshift(tmp_1, tmp_2, 2)) goto err; +- /* tmp_1 = 4*a^3 */ +- +- if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err; +- if (!BN_mul_word(tmp_2, 27)) goto err; +- /* tmp_2 = 27*b^2 */ +- +- if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err; +- if (BN_is_zero(a)) goto err; +- } +- ret = 1; +- +-err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } ++{ ++ int ret = 0; ++ BIGNUM *a, *b, *order, *tmp_1, *tmp_2; ++ const BIGNUM *p = &group->field; ++ BN_CTX *new_ctx = NULL; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) { ++ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ BN_CTX_start(ctx); ++ a = BN_CTX_get(ctx); ++ b = BN_CTX_get(ctx); ++ tmp_1 = BN_CTX_get(ctx); ++ tmp_2 = BN_CTX_get(ctx); ++ order = BN_CTX_get(ctx); ++ if (order == NULL) ++ goto err; ++ ++ if (group->meth->field_decode) { ++ if (!group->meth->field_decode(group, a, &group->a, ctx)) ++ goto err; ++ if (!group->meth->field_decode(group, b, &group->b, ctx)) ++ goto err; ++ } else { ++ if (!BN_copy(a, &group->a)) ++ goto err; ++ if (!BN_copy(b, &group->b)) ++ goto err; ++ } ++ ++ /*- ++ * check the discriminant: ++ * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) ++ * 0 =< a, b < p ++ */ ++ if (BN_is_zero(a)) { ++ if (BN_is_zero(b)) ++ goto err; ++ } else if (!BN_is_zero(b)) { ++ if (!BN_mod_sqr(tmp_1, a, p, ctx)) ++ goto err; ++ if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) ++ goto err; ++ if (!BN_lshift(tmp_1, tmp_2, 2)) ++ goto err; ++ /* tmp_1 = 4*a^3 */ ++ ++ if (!BN_mod_sqr(tmp_2, b, p, ctx)) ++ goto err; ++ if (!BN_mul_word(tmp_2, 27)) ++ goto err; ++ /* tmp_2 = 27*b^2 */ ++ ++ if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) ++ goto err; ++ if (BN_is_zero(a)) ++ goto err; ++ } ++ ret = 1; + ++ err: ++ if (ctx != NULL) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} + + int ec_GFp_simple_point_init(EC_POINT *point) +- { +- BN_init(&point->X); +- BN_init(&point->Y); +- BN_init(&point->Z); +- point->Z_is_one = 0; +- +- return 1; +- } ++{ ++ BN_init(&point->X); ++ BN_init(&point->Y); ++ BN_init(&point->Z); ++ point->Z_is_one = 0; + ++ return 1; ++} + + void ec_GFp_simple_point_finish(EC_POINT *point) +- { +- BN_free(&point->X); +- BN_free(&point->Y); +- BN_free(&point->Z); +- } +- ++{ ++ BN_free(&point->X); ++ BN_free(&point->Y); ++ BN_free(&point->Z); ++} + + void ec_GFp_simple_point_clear_finish(EC_POINT *point) +- { +- BN_clear_free(&point->X); +- BN_clear_free(&point->Y); +- BN_clear_free(&point->Z); +- point->Z_is_one = 0; +- } +- ++{ ++ BN_clear_free(&point->X); ++ BN_clear_free(&point->Y); ++ BN_clear_free(&point->Z); ++ point->Z_is_one = 0; ++} + + int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) +- { +- if (!BN_copy(&dest->X, &src->X)) return 0; +- if (!BN_copy(&dest->Y, &src->Y)) return 0; +- if (!BN_copy(&dest->Z, &src->Z)) return 0; +- dest->Z_is_one = src->Z_is_one; +- +- return 1; +- } +- +- +-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) +- { +- point->Z_is_one = 0; +- BN_zero(&point->Z); +- return 1; +- } +- +- +-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- int ret = 0; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- if (x != NULL) +- { +- if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err; +- if (group->meth->field_encode) +- { +- if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err; +- } +- } +- +- if (y != NULL) +- { +- if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err; +- if (group->meth->field_encode) +- { +- if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err; +- } +- } +- +- if (z != NULL) +- { +- int Z_is_one; +- +- if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err; +- Z_is_one = BN_is_one(&point->Z); +- if (group->meth->field_encode) +- { +- if (Z_is_one && (group->meth->field_set_to_one != 0)) +- { +- if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err; +- } +- else +- { +- if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err; +- } +- } +- point->Z_is_one = Z_is_one; +- } +- +- ret = 1; +- +- err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- int ret = 0; +- +- if (group->meth->field_decode != 0) +- { +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- if (x != NULL) +- { +- if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; +- } +- if (y != NULL) +- { +- if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; +- } +- if (z != NULL) +- { +- if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err; +- } +- } +- else +- { +- if (x != NULL) +- { +- if (!BN_copy(x, &point->X)) goto err; +- } +- if (y != NULL) +- { +- if (!BN_copy(y, &point->Y)) goto err; +- } +- if (z != NULL) +- { +- if (!BN_copy(z, &point->Z)) goto err; +- } +- } +- +- ret = 1; ++{ ++ if (!BN_copy(&dest->X, &src->X)) ++ return 0; ++ if (!BN_copy(&dest->Y, &src->Y)) ++ return 0; ++ if (!BN_copy(&dest->Z, &src->Z)) ++ return 0; ++ dest->Z_is_one = src->Z_is_one; ++ ++ return 1; ++} ++ ++int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, ++ EC_POINT *point) ++{ ++ point->Z_is_one = 0; ++ BN_zero(&point->Z); ++ return 1; ++} ++ ++int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ++ EC_POINT *point, ++ const BIGNUM *x, ++ const BIGNUM *y, ++ const BIGNUM *z, ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ int ret = 0; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ if (x != NULL) { ++ if (!BN_nnmod(&point->X, x, &group->field, ctx)) ++ goto err; ++ if (group->meth->field_encode) { ++ if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) ++ goto err; ++ } ++ } ++ ++ if (y != NULL) { ++ if (!BN_nnmod(&point->Y, y, &group->field, ctx)) ++ goto err; ++ if (group->meth->field_encode) { ++ if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) ++ goto err; ++ } ++ } ++ ++ if (z != NULL) { ++ int Z_is_one; ++ ++ if (!BN_nnmod(&point->Z, z, &group->field, ctx)) ++ goto err; ++ Z_is_one = BN_is_one(&point->Z); ++ if (group->meth->field_encode) { ++ if (Z_is_one && (group->meth->field_set_to_one != 0)) { ++ if (!group->meth->field_set_to_one(group, &point->Z, ctx)) ++ goto err; ++ } else { ++ if (!group-> ++ meth->field_encode(group, &point->Z, &point->Z, ctx)) ++ goto err; ++ } ++ } ++ point->Z_is_one = Z_is_one; ++ } ++ ++ ret = 1; + + err: +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +- { +- if (x == NULL || y == NULL) +- { +- /* unlike for projective coordinates, we do not tolerate this */ +- ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +- return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx); +- } +- +- +-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, +- BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BIGNUM *Z, *Z_1, *Z_2, *Z_3; +- const BIGNUM *Z_; +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, point)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY); +- return 0; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- Z = BN_CTX_get(ctx); +- Z_1 = BN_CTX_get(ctx); +- Z_2 = BN_CTX_get(ctx); +- Z_3 = BN_CTX_get(ctx); +- if (Z_3 == NULL) goto err; +- +- /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ +- +- if (group->meth->field_decode) +- { +- if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err; +- Z_ = Z; +- } +- else +- { +- Z_ = &point->Z; +- } +- +- if (BN_is_one(Z_)) +- { +- if (group->meth->field_decode) +- { +- if (x != NULL) +- { +- if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; +- } +- if (y != NULL) +- { +- if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; +- } +- } +- else +- { +- if (x != NULL) +- { +- if (!BN_copy(x, &point->X)) goto err; +- } +- if (y != NULL) +- { +- if (!BN_copy(y, &point->Y)) goto err; +- } +- } +- } +- else +- { +- if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB); +- goto err; +- } +- +- if (group->meth->field_encode == 0) +- { +- /* field_sqr works on standard representation */ +- if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err; +- } +- else +- { +- if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err; +- } +- +- if (x != NULL) +- { +- /* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */ +- if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err; +- } +- +- if (y != NULL) +- { +- if (group->meth->field_encode == 0) +- { +- /* field_mul works on standard representation */ +- if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; +- } +- else +- { +- if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err; +- } +- +- /* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */ +- if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err; +- } +- } +- +- ret = 1; ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ++ const EC_POINT *point, ++ BIGNUM *x, BIGNUM *y, ++ BIGNUM *z, BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ int ret = 0; ++ ++ if (group->meth->field_decode != 0) { ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ if (x != NULL) { ++ if (!group->meth->field_decode(group, x, &point->X, ctx)) ++ goto err; ++ } ++ if (y != NULL) { ++ if (!group->meth->field_decode(group, y, &point->Y, ctx)) ++ goto err; ++ } ++ if (z != NULL) { ++ if (!group->meth->field_decode(group, z, &point->Z, ctx)) ++ goto err; ++ } ++ } else { ++ if (x != NULL) { ++ if (!BN_copy(x, &point->X)) ++ goto err; ++ } ++ if (y != NULL) { ++ if (!BN_copy(y, &point->Y)) ++ goto err; ++ } ++ if (z != NULL) { ++ if (!BN_copy(z, &point->Z)) ++ goto err; ++ } ++ } ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, +- const BIGNUM *x_, int y_bit, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp1, *tmp2, *x, *y; +- int ret = 0; +- +- /* clear error queue*/ +- ERR_clear_error(); +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- y_bit = (y_bit != 0); +- +- BN_CTX_start(ctx); +- tmp1 = BN_CTX_get(ctx); +- tmp2 = BN_CTX_get(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) goto err; +- +- /* Recover y. We have a Weierstrass equation +- * y^2 = x^3 + a*x + b, +- * so y is one of the square roots of x^3 + a*x + b. +- */ +- +- /* tmp1 := x^3 */ +- if (!BN_nnmod(x, x_, &group->field,ctx)) goto err; +- if (group->meth->field_decode == 0) +- { +- /* field_{sqr,mul} work on standard representation */ +- if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err; +- if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err; +- } +- else +- { +- if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err; +- if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err; +- } +- +- /* tmp1 := tmp1 + a*x */ +- if (group->a_is_minus3) +- { +- if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err; +- if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err; +- if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err; +- } +- else +- { +- if (group->meth->field_decode) +- { +- if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err; +- if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err; +- } +- else +- { +- /* field_mul works on standard representation */ +- if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err; +- } +- +- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; +- } +- +- /* tmp1 := tmp1 + b */ +- if (group->meth->field_decode) +- { +- if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err; +- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; +- } +- else +- { +- if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err; +- } +- +- if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) +- { +- unsigned long err = ERR_peek_last_error(); +- +- if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) +- { +- ERR_clear_error(); +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); +- } +- else +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB); +- goto err; +- } +- +- if (y_bit != BN_is_odd(y)) +- { +- if (BN_is_zero(y)) +- { +- int kron; +- +- kron = BN_kronecker(x, &group->field, ctx); +- if (kron == -2) goto err; +- +- if (kron == 1) +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT); +- else +- /* BN_mod_sqrt() should have cought this error (not a square) */ +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT); +- goto err; +- } +- if (!BN_usub(y, &group->field, y)) goto err; +- } +- if (y_bit != BN_is_odd(y)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; +- +- ret = 1; ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, ++ EC_POINT *point, ++ const BIGNUM *x, ++ const BIGNUM *y, BN_CTX *ctx) ++{ ++ if (x == NULL || y == NULL) { ++ /* ++ * unlike for projective coordinates, we do not tolerate this ++ */ ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ ++ return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, ++ BN_value_one(), ctx); ++} ++ ++int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, ++ const EC_POINT *point, ++ BIGNUM *x, BIGNUM *y, ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *Z, *Z_1, *Z_2, *Z_3; ++ const BIGNUM *Z_; ++ int ret = 0; ++ ++ if (EC_POINT_is_at_infinity(group, point)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ++ EC_R_POINT_AT_INFINITY); ++ return 0; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ Z = BN_CTX_get(ctx); ++ Z_1 = BN_CTX_get(ctx); ++ Z_2 = BN_CTX_get(ctx); ++ Z_3 = BN_CTX_get(ctx); ++ if (Z_3 == NULL) ++ goto err; ++ ++ /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ ++ ++ if (group->meth->field_decode) { ++ if (!group->meth->field_decode(group, Z, &point->Z, ctx)) ++ goto err; ++ Z_ = Z; ++ } else { ++ Z_ = &point->Z; ++ } ++ ++ if (BN_is_one(Z_)) { ++ if (group->meth->field_decode) { ++ if (x != NULL) { ++ if (!group->meth->field_decode(group, x, &point->X, ctx)) ++ goto err; ++ } ++ if (y != NULL) { ++ if (!group->meth->field_decode(group, y, &point->Y, ctx)) ++ goto err; ++ } ++ } else { ++ if (x != NULL) { ++ if (!BN_copy(x, &point->X)) ++ goto err; ++ } ++ if (y != NULL) { ++ if (!BN_copy(y, &point->Y)) ++ goto err; ++ } ++ } ++ } else { ++ if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ++ ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (group->meth->field_encode == 0) { ++ /* field_sqr works on standard representation */ ++ if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) ++ goto err; ++ } ++ ++ if (x != NULL) { ++ /* ++ * in the Montgomery case, field_mul will cancel out Montgomery ++ * factor in X: ++ */ ++ if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) ++ goto err; ++ } ++ ++ if (y != NULL) { ++ if (group->meth->field_encode == 0) { ++ /* ++ * field_mul works on standard representation ++ */ ++ if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) ++ goto err; ++ } ++ ++ /* ++ * in the Montgomery case, field_mul will cancel out Montgomery ++ * factor in Y: ++ */ ++ if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) ++ goto err; ++ } ++ } ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, +- unsigned char *buf, size_t len, BN_CTX *ctx) +- { +- size_t ret; +- BN_CTX *new_ctx = NULL; +- int used_ctx = 0; +- BIGNUM *x, *y; +- size_t field_len, i, skip; +- +- if ((form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); +- goto err; +- } +- +- if (EC_POINT_is_at_infinity(group, point)) +- { +- /* encodes to a single 0 octet */ +- if (buf != NULL) +- { +- if (len < 1) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- buf[0] = 0; +- } +- return 1; +- } +- +- +- /* ret := required output buffer length */ +- field_len = BN_num_bytes(&group->field); +- ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; +- +- /* if 'buf' is NULL, just return required length */ +- if (buf != NULL) +- { +- if (len < ret) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); +- goto err; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- used_ctx = 1; +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) goto err; +- +- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; +- +- if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) +- buf[0] = form + 1; +- else +- buf[0] = form; +- +- i = 1; +- +- skip = field_len - BN_num_bytes(x); +- if (skip > field_len) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) +- { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(x, buf + i); +- i += skip; +- if (i != 1 + field_len) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) +- { +- skip = field_len - BN_num_bytes(y); +- if (skip > field_len) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- while (skip > 0) +- { +- buf[i++] = 0; +- skip--; +- } +- skip = BN_bn2bin(y, buf + i); +- i += skip; +- } +- +- if (i != ret) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, ++ EC_POINT *point, ++ const BIGNUM *x_, int y_bit, ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *tmp1, *tmp2, *x, *y; ++ int ret = 0; ++ ++ /* clear error queue */ ++ ERR_clear_error(); ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ y_bit = (y_bit != 0); ++ ++ BN_CTX_start(ctx); ++ tmp1 = BN_CTX_get(ctx); ++ tmp2 = BN_CTX_get(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (y == NULL) ++ goto err; ++ ++ /*- ++ * Recover y. We have a Weierstrass equation ++ * y^2 = x^3 + a*x + b, ++ * so y is one of the square roots of x^3 + a*x + b. ++ */ ++ ++ /* tmp1 := x^3 */ ++ if (!BN_nnmod(x, x_, &group->field, ctx)) ++ goto err; ++ if (group->meth->field_decode == 0) { ++ /* field_{sqr,mul} work on standard representation */ ++ if (!group->meth->field_sqr(group, tmp2, x_, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) ++ goto err; ++ if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) ++ goto err; ++ } ++ ++ /* tmp1 := tmp1 + a*x */ ++ if (group->a_is_minus3) { ++ if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) ++ goto err; ++ if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) ++ goto err; ++ if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) ++ goto err; ++ } else { ++ if (group->meth->field_decode) { ++ if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) ++ goto err; ++ if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) ++ goto err; ++ } else { ++ /* field_mul works on standard representation */ ++ if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) ++ goto err; ++ } ++ ++ if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) ++ goto err; ++ } ++ ++ /* tmp1 := tmp1 + b */ ++ if (group->meth->field_decode) { ++ if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) ++ goto err; ++ if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) ++ goto err; ++ } else { ++ if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) ++ goto err; ++ } ++ ++ if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { ++ unsigned long err = ERR_peek_last_error(); ++ ++ if (ERR_GET_LIB(err) == ERR_LIB_BN ++ && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { ++ ERR_clear_error(); ++ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ++ EC_R_INVALID_COMPRESSED_POINT); ++ } else ++ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ++ ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (y_bit != BN_is_odd(y)) { ++ if (BN_is_zero(y)) { ++ int kron; ++ ++ kron = BN_kronecker(x, &group->field, ctx); ++ if (kron == -2) ++ goto err; ++ ++ if (kron == 1) ++ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ++ EC_R_INVALID_COMPRESSION_BIT); ++ else ++ /* ++ * BN_mod_sqrt() should have cought this error (not a square) ++ */ ++ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ++ EC_R_INVALID_COMPRESSED_POINT); ++ goto err; ++ } ++ if (!BN_usub(y, &group->field, y)) ++ goto err; ++ } ++ if (y_bit != BN_is_odd(y)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) ++ goto err; ++ ++ ret = 1; + + err: +- if (used_ctx) +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return 0; +- } ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, ++ point_conversion_form_t form, ++ unsigned char *buf, size_t len, BN_CTX *ctx) ++{ ++ size_t ret; ++ BN_CTX *new_ctx = NULL; ++ int used_ctx = 0; ++ BIGNUM *x, *y; ++ size_t field_len, i, skip; ++ ++ if ((form != POINT_CONVERSION_COMPRESSED) ++ && (form != POINT_CONVERSION_UNCOMPRESSED) ++ && (form != POINT_CONVERSION_HYBRID)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); ++ goto err; ++ } ++ ++ if (EC_POINT_is_at_infinity(group, point)) { ++ /* encodes to a single 0 octet */ ++ if (buf != NULL) { ++ if (len < 1) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); ++ return 0; ++ } ++ buf[0] = 0; ++ } ++ return 1; ++ } ++ ++ /* ret := required output buffer length */ ++ field_len = BN_num_bytes(&group->field); ++ ret = ++ (form == ++ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; ++ ++ /* if 'buf' is NULL, just return required length */ ++ if (buf != NULL) { ++ if (len < ret) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); ++ goto err; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ used_ctx = 1; ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (y == NULL) ++ goto err; ++ ++ if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) ++ goto err; ++ ++ if ((form == POINT_CONVERSION_COMPRESSED ++ || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) ++ buf[0] = form + 1; ++ else ++ buf[0] = form; ++ ++ i = 1; ++ ++ skip = field_len - BN_num_bytes(x); ++ if (skip > field_len) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ while (skip > 0) { ++ buf[i++] = 0; ++ skip--; ++ } ++ skip = BN_bn2bin(x, buf + i); ++ i += skip; ++ if (i != 1 + field_len) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ if (form == POINT_CONVERSION_UNCOMPRESSED ++ || form == POINT_CONVERSION_HYBRID) { ++ skip = field_len - BN_num_bytes(y); ++ if (skip > field_len) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ while (skip > 0) { ++ buf[i++] = 0; ++ skip--; ++ } ++ skip = BN_bn2bin(y, buf + i); ++ i += skip; ++ } ++ ++ if (i != ret) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (used_ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; + ++ err: ++ if (used_ctx) ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return 0; ++} + + int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, +- const unsigned char *buf, size_t len, BN_CTX *ctx) +- { +- point_conversion_form_t form; +- int y_bit; +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y; +- size_t field_len, enc_len; +- int ret = 0; +- +- if (len == 0) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); +- return 0; +- } +- form = buf[0]; +- y_bit = form & 1; +- form = form & ~1U; +- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) +- && (form != POINT_CONVERSION_UNCOMPRESSED) +- && (form != POINT_CONVERSION_HYBRID)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (form == 0) +- { +- if (len != 1) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- return EC_POINT_set_to_infinity(group, point); +- } +- +- field_len = BN_num_bytes(&group->field); +- enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; +- +- if (len != enc_len) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- return 0; +- } +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) goto err; +- +- if (!BN_bin2bn(buf + 1, field_len, x)) goto err; +- if (BN_ucmp(x, &group->field) >= 0) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- +- if (form == POINT_CONVERSION_COMPRESSED) +- { +- if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err; +- } +- else +- { +- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; +- if (BN_ucmp(y, &group->field) >= 0) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- if (form == POINT_CONVERSION_HYBRID) +- { +- if (y_bit != BN_is_odd(y)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); +- goto err; +- } +- } +- +- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; +- } +- +- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ +- { +- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); +- goto err; +- } +- +- ret = 1; +- ++ const unsigned char *buf, size_t len, BN_CTX *ctx) ++{ ++ point_conversion_form_t form; ++ int y_bit; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *x, *y; ++ size_t field_len, enc_len; ++ int ret = 0; ++ ++ if (len == 0) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); ++ return 0; ++ } ++ form = buf[0]; ++ y_bit = form & 1; ++ form = form & ~1U; ++ if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) ++ && (form != POINT_CONVERSION_UNCOMPRESSED) ++ && (form != POINT_CONVERSION_HYBRID)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ ++ if (form == 0) { ++ if (len != 1) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ ++ return EC_POINT_set_to_infinity(group, point); ++ } ++ ++ field_len = BN_num_bytes(&group->field); ++ enc_len = ++ (form == ++ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; ++ ++ if (len != enc_len) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ return 0; ++ } ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (y == NULL) ++ goto err; ++ ++ if (!BN_bin2bn(buf + 1, field_len, x)) ++ goto err; ++ if (BN_ucmp(x, &group->field) >= 0) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ goto err; ++ } ++ ++ if (form == POINT_CONVERSION_COMPRESSED) { ++ if (!EC_POINT_set_compressed_coordinates_GFp ++ (group, point, x, y_bit, ctx)) ++ goto err; ++ } else { ++ if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) ++ goto err; ++ if (BN_ucmp(y, &group->field) >= 0) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ goto err; ++ } ++ if (form == POINT_CONVERSION_HYBRID) { ++ if (y_bit != BN_is_odd(y)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); ++ goto err; ++ } ++ } ++ ++ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) ++ goto err; ++ } ++ ++ /* test required by X9.62 */ ++ if (!EC_POINT_is_on_curve(group, point, ctx)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); ++ goto err; ++ } ++ ++ ret = 1; ++ + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) +- { +- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); +- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- const BIGNUM *p; +- BN_CTX *new_ctx = NULL; +- BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; +- int ret = 0; +- +- if (a == b) +- return EC_POINT_dbl(group, r, a, ctx); +- if (EC_POINT_is_at_infinity(group, a)) +- return EC_POINT_copy(r, b); +- if (EC_POINT_is_at_infinity(group, b)) +- return EC_POINT_copy(r, a); +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- p = &group->field; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- n0 = BN_CTX_get(ctx); +- n1 = BN_CTX_get(ctx); +- n2 = BN_CTX_get(ctx); +- n3 = BN_CTX_get(ctx); +- n4 = BN_CTX_get(ctx); +- n5 = BN_CTX_get(ctx); +- n6 = BN_CTX_get(ctx); +- if (n6 == NULL) goto end; +- +- /* Note that in this function we must not read components of 'a' or 'b' +- * once we have written the corresponding components of 'r'. +- * ('r' might be one of 'a' or 'b'.) +- */ +- +- /* n1, n2 */ +- if (b->Z_is_one) +- { +- if (!BN_copy(n1, &a->X)) goto end; +- if (!BN_copy(n2, &a->Y)) goto end; +- /* n1 = X_a */ +- /* n2 = Y_a */ +- } +- else +- { +- if (!field_sqr(group, n0, &b->Z, ctx)) goto end; +- if (!field_mul(group, n1, &a->X, n0, ctx)) goto end; +- /* n1 = X_a * Z_b^2 */ +- +- if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end; +- if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end; +- /* n2 = Y_a * Z_b^3 */ +- } +- +- /* n3, n4 */ +- if (a->Z_is_one) +- { +- if (!BN_copy(n3, &b->X)) goto end; +- if (!BN_copy(n4, &b->Y)) goto end; +- /* n3 = X_b */ +- /* n4 = Y_b */ +- } +- else +- { +- if (!field_sqr(group, n0, &a->Z, ctx)) goto end; +- if (!field_mul(group, n3, &b->X, n0, ctx)) goto end; +- /* n3 = X_b * Z_a^2 */ +- +- if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end; +- if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end; +- /* n4 = Y_b * Z_a^3 */ +- } +- +- /* n5, n6 */ +- if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end; +- if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end; +- /* n5 = n1 - n3 */ +- /* n6 = n2 - n4 */ +- +- if (BN_is_zero(n5)) +- { +- if (BN_is_zero(n6)) +- { +- /* a is the same point as b */ +- BN_CTX_end(ctx); +- ret = EC_POINT_dbl(group, r, a, ctx); +- ctx = NULL; +- goto end; +- } +- else +- { +- /* a is the inverse of b */ +- BN_zero(&r->Z); +- r->Z_is_one = 0; +- ret = 1; +- goto end; +- } +- } +- +- /* 'n7', 'n8' */ +- if (!BN_mod_add_quick(n1, n1, n3, p)) goto end; +- if (!BN_mod_add_quick(n2, n2, n4, p)) goto end; +- /* 'n7' = n1 + n3 */ +- /* 'n8' = n2 + n4 */ +- +- /* Z_r */ +- if (a->Z_is_one && b->Z_is_one) +- { +- if (!BN_copy(&r->Z, n5)) goto end; +- } +- else +- { +- if (a->Z_is_one) +- { if (!BN_copy(n0, &b->Z)) goto end; } +- else if (b->Z_is_one) +- { if (!BN_copy(n0, &a->Z)) goto end; } +- else +- { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; } +- if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end; +- } +- r->Z_is_one = 0; +- /* Z_r = Z_a * Z_b * n5 */ +- +- /* X_r */ +- if (!field_sqr(group, n0, n6, ctx)) goto end; +- if (!field_sqr(group, n4, n5, ctx)) goto end; +- if (!field_mul(group, n3, n1, n4, ctx)) goto end; +- if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end; +- /* X_r = n6^2 - n5^2 * 'n7' */ +- +- /* 'n9' */ +- if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end; +- if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end; +- /* n9 = n5^2 * 'n7' - 2 * X_r */ +- +- /* Y_r */ +- if (!field_mul(group, n0, n0, n6, ctx)) goto end; +- if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */ +- if (!field_mul(group, n1, n2, n5, ctx)) goto end; +- if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end; +- if (BN_is_odd(n0)) +- if (!BN_add(n0, n0, p)) goto end; +- /* now 0 <= n0 < 2*p, and n0 is even */ +- if (!BN_rshift1(&r->Y, n0)) goto end; +- /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ +- +- ret = 1; ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *ctx) ++{ ++ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, ++ const BIGNUM *, BN_CTX *); ++ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); ++ const BIGNUM *p; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; ++ int ret = 0; ++ ++ if (a == b) ++ return EC_POINT_dbl(group, r, a, ctx); ++ if (EC_POINT_is_at_infinity(group, a)) ++ return EC_POINT_copy(r, b); ++ if (EC_POINT_is_at_infinity(group, b)) ++ return EC_POINT_copy(r, a); ++ ++ field_mul = group->meth->field_mul; ++ field_sqr = group->meth->field_sqr; ++ p = &group->field; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ n0 = BN_CTX_get(ctx); ++ n1 = BN_CTX_get(ctx); ++ n2 = BN_CTX_get(ctx); ++ n3 = BN_CTX_get(ctx); ++ n4 = BN_CTX_get(ctx); ++ n5 = BN_CTX_get(ctx); ++ n6 = BN_CTX_get(ctx); ++ if (n6 == NULL) ++ goto end; ++ ++ /* ++ * Note that in this function we must not read components of 'a' or 'b' ++ * once we have written the corresponding components of 'r'. ('r' might ++ * be one of 'a' or 'b'.) ++ */ ++ ++ /* n1, n2 */ ++ if (b->Z_is_one) { ++ if (!BN_copy(n1, &a->X)) ++ goto end; ++ if (!BN_copy(n2, &a->Y)) ++ goto end; ++ /* n1 = X_a */ ++ /* n2 = Y_a */ ++ } else { ++ if (!field_sqr(group, n0, &b->Z, ctx)) ++ goto end; ++ if (!field_mul(group, n1, &a->X, n0, ctx)) ++ goto end; ++ /* n1 = X_a * Z_b^2 */ ++ ++ if (!field_mul(group, n0, n0, &b->Z, ctx)) ++ goto end; ++ if (!field_mul(group, n2, &a->Y, n0, ctx)) ++ goto end; ++ /* n2 = Y_a * Z_b^3 */ ++ } ++ ++ /* n3, n4 */ ++ if (a->Z_is_one) { ++ if (!BN_copy(n3, &b->X)) ++ goto end; ++ if (!BN_copy(n4, &b->Y)) ++ goto end; ++ /* n3 = X_b */ ++ /* n4 = Y_b */ ++ } else { ++ if (!field_sqr(group, n0, &a->Z, ctx)) ++ goto end; ++ if (!field_mul(group, n3, &b->X, n0, ctx)) ++ goto end; ++ /* n3 = X_b * Z_a^2 */ ++ ++ if (!field_mul(group, n0, n0, &a->Z, ctx)) ++ goto end; ++ if (!field_mul(group, n4, &b->Y, n0, ctx)) ++ goto end; ++ /* n4 = Y_b * Z_a^3 */ ++ } ++ ++ /* n5, n6 */ ++ if (!BN_mod_sub_quick(n5, n1, n3, p)) ++ goto end; ++ if (!BN_mod_sub_quick(n6, n2, n4, p)) ++ goto end; ++ /* n5 = n1 - n3 */ ++ /* n6 = n2 - n4 */ ++ ++ if (BN_is_zero(n5)) { ++ if (BN_is_zero(n6)) { ++ /* a is the same point as b */ ++ BN_CTX_end(ctx); ++ ret = EC_POINT_dbl(group, r, a, ctx); ++ ctx = NULL; ++ goto end; ++ } else { ++ /* a is the inverse of b */ ++ BN_zero(&r->Z); ++ r->Z_is_one = 0; ++ ret = 1; ++ goto end; ++ } ++ } ++ ++ /* 'n7', 'n8' */ ++ if (!BN_mod_add_quick(n1, n1, n3, p)) ++ goto end; ++ if (!BN_mod_add_quick(n2, n2, n4, p)) ++ goto end; ++ /* 'n7' = n1 + n3 */ ++ /* 'n8' = n2 + n4 */ ++ ++ /* Z_r */ ++ if (a->Z_is_one && b->Z_is_one) { ++ if (!BN_copy(&r->Z, n5)) ++ goto end; ++ } else { ++ if (a->Z_is_one) { ++ if (!BN_copy(n0, &b->Z)) ++ goto end; ++ } else if (b->Z_is_one) { ++ if (!BN_copy(n0, &a->Z)) ++ goto end; ++ } else { ++ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) ++ goto end; ++ } ++ if (!field_mul(group, &r->Z, n0, n5, ctx)) ++ goto end; ++ } ++ r->Z_is_one = 0; ++ /* Z_r = Z_a * Z_b * n5 */ ++ ++ /* X_r */ ++ if (!field_sqr(group, n0, n6, ctx)) ++ goto end; ++ if (!field_sqr(group, n4, n5, ctx)) ++ goto end; ++ if (!field_mul(group, n3, n1, n4, ctx)) ++ goto end; ++ if (!BN_mod_sub_quick(&r->X, n0, n3, p)) ++ goto end; ++ /* X_r = n6^2 - n5^2 * 'n7' */ ++ ++ /* 'n9' */ ++ if (!BN_mod_lshift1_quick(n0, &r->X, p)) ++ goto end; ++ if (!BN_mod_sub_quick(n0, n3, n0, p)) ++ goto end; ++ /* n9 = n5^2 * 'n7' - 2 * X_r */ ++ ++ /* Y_r */ ++ if (!field_mul(group, n0, n0, n6, ctx)) ++ goto end; ++ if (!field_mul(group, n5, n4, n5, ctx)) ++ goto end; /* now n5 is n5^3 */ ++ if (!field_mul(group, n1, n2, n5, ctx)) ++ goto end; ++ if (!BN_mod_sub_quick(n0, n0, n1, p)) ++ goto end; ++ if (BN_is_odd(n0)) ++ if (!BN_add(n0, n0, p)) ++ goto end; ++ /* now 0 <= n0 < 2*p, and n0 is even */ ++ if (!BN_rshift1(&r->Y, n0)) ++ goto end; ++ /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ ++ ++ ret = 1; + + end: +- if (ctx) /* otherwise we already called BN_CTX_end */ +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) +- { +- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); +- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- const BIGNUM *p; +- BN_CTX *new_ctx = NULL; +- BIGNUM *n0, *n1, *n2, *n3; +- int ret = 0; +- +- if (EC_POINT_is_at_infinity(group, a)) +- { +- BN_zero(&r->Z); +- r->Z_is_one = 0; +- return 1; +- } +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- p = &group->field; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- n0 = BN_CTX_get(ctx); +- n1 = BN_CTX_get(ctx); +- n2 = BN_CTX_get(ctx); +- n3 = BN_CTX_get(ctx); +- if (n3 == NULL) goto err; +- +- /* Note that in this function we must not read components of 'a' +- * once we have written the corresponding components of 'r'. +- * ('r' might the same as 'a'.) +- */ +- +- /* n1 */ +- if (a->Z_is_one) +- { +- if (!field_sqr(group, n0, &a->X, ctx)) goto err; +- if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; +- if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; +- if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err; +- /* n1 = 3 * X_a^2 + a_curve */ +- } +- else if (group->a_is_minus3) +- { +- if (!field_sqr(group, n1, &a->Z, ctx)) goto err; +- if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err; +- if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err; +- if (!field_mul(group, n1, n0, n2, ctx)) goto err; +- if (!BN_mod_lshift1_quick(n0, n1, p)) goto err; +- if (!BN_mod_add_quick(n1, n0, n1, p)) goto err; +- /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) +- * = 3 * X_a^2 - 3 * Z_a^4 */ +- } +- else +- { +- if (!field_sqr(group, n0, &a->X, ctx)) goto err; +- if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; +- if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; +- if (!field_sqr(group, n1, &a->Z, ctx)) goto err; +- if (!field_sqr(group, n1, n1, ctx)) goto err; +- if (!field_mul(group, n1, n1, &group->a, ctx)) goto err; +- if (!BN_mod_add_quick(n1, n1, n0, p)) goto err; +- /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ +- } +- +- /* Z_r */ +- if (a->Z_is_one) +- { +- if (!BN_copy(n0, &a->Y)) goto err; +- } +- else +- { +- if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err; +- } +- if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err; +- r->Z_is_one = 0; +- /* Z_r = 2 * Y_a * Z_a */ +- +- /* n2 */ +- if (!field_sqr(group, n3, &a->Y, ctx)) goto err; +- if (!field_mul(group, n2, &a->X, n3, ctx)) goto err; +- if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err; +- /* n2 = 4 * X_a * Y_a^2 */ +- +- /* X_r */ +- if (!BN_mod_lshift1_quick(n0, n2, p)) goto err; +- if (!field_sqr(group, &r->X, n1, ctx)) goto err; +- if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err; +- /* X_r = n1^2 - 2 * n2 */ +- +- /* n3 */ +- if (!field_sqr(group, n0, n3, ctx)) goto err; +- if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err; +- /* n3 = 8 * Y_a^4 */ +- +- /* Y_r */ +- if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err; +- if (!field_mul(group, n0, n1, n0, ctx)) goto err; +- if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err; +- /* Y_r = n1 * (n2 - X_r) - n3 */ +- +- ret = 1; ++ if (ctx) /* otherwise we already called BN_CTX_end */ ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, ++ BN_CTX *ctx) ++{ ++ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, ++ const BIGNUM *, BN_CTX *); ++ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); ++ const BIGNUM *p; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *n0, *n1, *n2, *n3; ++ int ret = 0; ++ ++ if (EC_POINT_is_at_infinity(group, a)) { ++ BN_zero(&r->Z); ++ r->Z_is_one = 0; ++ return 1; ++ } ++ ++ field_mul = group->meth->field_mul; ++ field_sqr = group->meth->field_sqr; ++ p = &group->field; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ n0 = BN_CTX_get(ctx); ++ n1 = BN_CTX_get(ctx); ++ n2 = BN_CTX_get(ctx); ++ n3 = BN_CTX_get(ctx); ++ if (n3 == NULL) ++ goto err; ++ ++ /* ++ * Note that in this function we must not read components of 'a' once we ++ * have written the corresponding components of 'r'. ('r' might the same ++ * as 'a'.) ++ */ ++ ++ /* n1 */ ++ if (a->Z_is_one) { ++ if (!field_sqr(group, n0, &a->X, ctx)) ++ goto err; ++ if (!BN_mod_lshift1_quick(n1, n0, p)) ++ goto err; ++ if (!BN_mod_add_quick(n0, n0, n1, p)) ++ goto err; ++ if (!BN_mod_add_quick(n1, n0, &group->a, p)) ++ goto err; ++ /* n1 = 3 * X_a^2 + a_curve */ ++ } else if (group->a_is_minus3) { ++ if (!field_sqr(group, n1, &a->Z, ctx)) ++ goto err; ++ if (!BN_mod_add_quick(n0, &a->X, n1, p)) ++ goto err; ++ if (!BN_mod_sub_quick(n2, &a->X, n1, p)) ++ goto err; ++ if (!field_mul(group, n1, n0, n2, ctx)) ++ goto err; ++ if (!BN_mod_lshift1_quick(n0, n1, p)) ++ goto err; ++ if (!BN_mod_add_quick(n1, n0, n1, p)) ++ goto err; ++ /*- ++ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) ++ * = 3 * X_a^2 - 3 * Z_a^4 ++ */ ++ } else { ++ if (!field_sqr(group, n0, &a->X, ctx)) ++ goto err; ++ if (!BN_mod_lshift1_quick(n1, n0, p)) ++ goto err; ++ if (!BN_mod_add_quick(n0, n0, n1, p)) ++ goto err; ++ if (!field_sqr(group, n1, &a->Z, ctx)) ++ goto err; ++ if (!field_sqr(group, n1, n1, ctx)) ++ goto err; ++ if (!field_mul(group, n1, n1, &group->a, ctx)) ++ goto err; ++ if (!BN_mod_add_quick(n1, n1, n0, p)) ++ goto err; ++ /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ ++ } ++ ++ /* Z_r */ ++ if (a->Z_is_one) { ++ if (!BN_copy(n0, &a->Y)) ++ goto err; ++ } else { ++ if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) ++ goto err; ++ } ++ if (!BN_mod_lshift1_quick(&r->Z, n0, p)) ++ goto err; ++ r->Z_is_one = 0; ++ /* Z_r = 2 * Y_a * Z_a */ ++ ++ /* n2 */ ++ if (!field_sqr(group, n3, &a->Y, ctx)) ++ goto err; ++ if (!field_mul(group, n2, &a->X, n3, ctx)) ++ goto err; ++ if (!BN_mod_lshift_quick(n2, n2, 2, p)) ++ goto err; ++ /* n2 = 4 * X_a * Y_a^2 */ ++ ++ /* X_r */ ++ if (!BN_mod_lshift1_quick(n0, n2, p)) ++ goto err; ++ if (!field_sqr(group, &r->X, n1, ctx)) ++ goto err; ++ if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) ++ goto err; ++ /* X_r = n1^2 - 2 * n2 */ ++ ++ /* n3 */ ++ if (!field_sqr(group, n0, n3, ctx)) ++ goto err; ++ if (!BN_mod_lshift_quick(n3, n0, 3, p)) ++ goto err; ++ /* n3 = 8 * Y_a^4 */ ++ ++ /* Y_r */ ++ if (!BN_mod_sub_quick(n0, n2, &r->X, p)) ++ goto err; ++ if (!field_mul(group, n0, n1, n0, ctx)) ++ goto err; ++ if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) ++ goto err; ++ /* Y_r = n1 * (n2 - X_r) - n3 */ ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} + + int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +- { +- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) +- /* point is its own inverse */ +- return 1; +- +- return BN_usub(&point->Y, &group->field, &point->Y); +- } ++{ ++ if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) ++ /* point is its own inverse */ ++ return 1; + ++ return BN_usub(&point->Y, &group->field, &point->Y); ++} + + int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +- { +- return BN_is_zero(&point->Z); +- } +- +- +-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) +- { +- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); +- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- const BIGNUM *p; +- BN_CTX *new_ctx = NULL; +- BIGNUM *rh, *tmp, *Z4, *Z6; +- int ret = -1; +- +- if (EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- p = &group->field; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- rh = BN_CTX_get(ctx); +- tmp = BN_CTX_get(ctx); +- Z4 = BN_CTX_get(ctx); +- Z6 = BN_CTX_get(ctx); +- if (Z6 == NULL) goto err; +- +- /* We have a curve defined by a Weierstrass equation +- * y^2 = x^3 + a*x + b. +- * The point to consider is given in Jacobian projective coordinates +- * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). +- * Substituting this and multiplying by Z^6 transforms the above equation into +- * Y^2 = X^3 + a*X*Z^4 + b*Z^6. +- * To test this, we add up the right-hand side in 'rh'. +- */ +- +- /* rh := X^2 */ +- if (!field_sqr(group, rh, &point->X, ctx)) goto err; +- +- if (!point->Z_is_one) +- { +- if (!field_sqr(group, tmp, &point->Z, ctx)) goto err; +- if (!field_sqr(group, Z4, tmp, ctx)) goto err; +- if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err; +- +- /* rh := (rh + a*Z^4)*X */ +- if (group->a_is_minus3) +- { +- if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err; +- if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err; +- if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err; +- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; +- } +- else +- { +- if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err; +- if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; +- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; +- } +- +- /* rh := rh + b*Z^6 */ +- if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err; +- if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; +- } +- else +- { +- /* point->Z_is_one */ +- +- /* rh := (rh + a)*X */ +- if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err; +- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; +- /* rh := rh + b */ +- if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err; +- } +- +- /* 'lh' := Y^2 */ +- if (!field_sqr(group, tmp, &point->Y, ctx)) goto err; +- +- ret = (0 == BN_ucmp(tmp, rh)); ++{ ++ return BN_is_zero(&point->Z); ++} ++ ++int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, ++ BN_CTX *ctx) ++{ ++ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, ++ const BIGNUM *, BN_CTX *); ++ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); ++ const BIGNUM *p; ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *rh, *tmp, *Z4, *Z6; ++ int ret = -1; ++ ++ if (EC_POINT_is_at_infinity(group, point)) ++ return 1; ++ ++ field_mul = group->meth->field_mul; ++ field_sqr = group->meth->field_sqr; ++ p = &group->field; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return -1; ++ } ++ ++ BN_CTX_start(ctx); ++ rh = BN_CTX_get(ctx); ++ tmp = BN_CTX_get(ctx); ++ Z4 = BN_CTX_get(ctx); ++ Z6 = BN_CTX_get(ctx); ++ if (Z6 == NULL) ++ goto err; ++ ++ /*- ++ * We have a curve defined by a Weierstrass equation ++ * y^2 = x^3 + a*x + b. ++ * The point to consider is given in Jacobian projective coordinates ++ * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). ++ * Substituting this and multiplying by Z^6 transforms the above equation into ++ * Y^2 = X^3 + a*X*Z^4 + b*Z^6. ++ * To test this, we add up the right-hand side in 'rh'. ++ */ ++ ++ /* rh := X^2 */ ++ if (!field_sqr(group, rh, &point->X, ctx)) ++ goto err; ++ ++ if (!point->Z_is_one) { ++ if (!field_sqr(group, tmp, &point->Z, ctx)) ++ goto err; ++ if (!field_sqr(group, Z4, tmp, ctx)) ++ goto err; ++ if (!field_mul(group, Z6, Z4, tmp, ctx)) ++ goto err; ++ ++ /* rh := (rh + a*Z^4)*X */ ++ if (group->a_is_minus3) { ++ if (!BN_mod_lshift1_quick(tmp, Z4, p)) ++ goto err; ++ if (!BN_mod_add_quick(tmp, tmp, Z4, p)) ++ goto err; ++ if (!BN_mod_sub_quick(rh, rh, tmp, p)) ++ goto err; ++ if (!field_mul(group, rh, rh, &point->X, ctx)) ++ goto err; ++ } else { ++ if (!field_mul(group, tmp, Z4, &group->a, ctx)) ++ goto err; ++ if (!BN_mod_add_quick(rh, rh, tmp, p)) ++ goto err; ++ if (!field_mul(group, rh, rh, &point->X, ctx)) ++ goto err; ++ } ++ ++ /* rh := rh + b*Z^6 */ ++ if (!field_mul(group, tmp, &group->b, Z6, ctx)) ++ goto err; ++ if (!BN_mod_add_quick(rh, rh, tmp, p)) ++ goto err; ++ } else { ++ /* point->Z_is_one */ ++ ++ /* rh := (rh + a)*X */ ++ if (!BN_mod_add_quick(rh, rh, &group->a, p)) ++ goto err; ++ if (!field_mul(group, rh, rh, &point->X, ctx)) ++ goto err; ++ /* rh := rh + b */ ++ if (!BN_mod_add_quick(rh, rh, &group->b, p)) ++ goto err; ++ } ++ ++ /* 'lh' := Y^2 */ ++ if (!field_sqr(group, tmp, &point->Y, ctx)) ++ goto err; ++ ++ ret = (0 == BN_ucmp(tmp, rh)); + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) +- { +- /* return values: +- * -1 error +- * 0 equal (in affine coordinates) +- * 1 not equal +- */ +- +- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); +- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp1, *tmp2, *Za23, *Zb23; +- const BIGNUM *tmp1_, *tmp2_; +- int ret = -1; +- +- if (EC_POINT_is_at_infinity(group, a)) +- { +- return EC_POINT_is_at_infinity(group, b) ? 0 : 1; +- } +- +- if (EC_POINT_is_at_infinity(group, b)) +- return 1; +- +- if (a->Z_is_one && b->Z_is_one) +- { +- return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; +- } +- +- field_mul = group->meth->field_mul; +- field_sqr = group->meth->field_sqr; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return -1; +- } +- +- BN_CTX_start(ctx); +- tmp1 = BN_CTX_get(ctx); +- tmp2 = BN_CTX_get(ctx); +- Za23 = BN_CTX_get(ctx); +- Zb23 = BN_CTX_get(ctx); +- if (Zb23 == NULL) goto end; +- +- /* We have to decide whether +- * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), +- * or equivalently, whether +- * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). +- */ +- +- if (!b->Z_is_one) +- { +- if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end; +- if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end; +- tmp1_ = tmp1; +- } +- else +- tmp1_ = &a->X; +- if (!a->Z_is_one) +- { +- if (!field_sqr(group, Za23, &a->Z, ctx)) goto end; +- if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end; +- tmp2_ = tmp2; +- } +- else +- tmp2_ = &b->X; +- +- /* compare X_a*Z_b^2 with X_b*Z_a^2 */ +- if (BN_cmp(tmp1_, tmp2_) != 0) +- { +- ret = 1; /* points differ */ +- goto end; +- } +- +- +- if (!b->Z_is_one) +- { +- if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end; +- if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end; +- /* tmp1_ = tmp1 */ +- } +- else +- tmp1_ = &a->Y; +- if (!a->Z_is_one) +- { +- if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end; +- if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end; +- /* tmp2_ = tmp2 */ +- } +- else +- tmp2_ = &b->Y; +- +- /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ +- if (BN_cmp(tmp1_, tmp2_) != 0) +- { +- ret = 1; /* points differ */ +- goto end; +- } +- +- /* points are equal */ +- ret = 0; ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, ++ const EC_POINT *b, BN_CTX *ctx) ++{ ++ /*- ++ * return values: ++ * -1 error ++ * 0 equal (in affine coordinates) ++ * 1 not equal ++ */ ++ ++ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, ++ const BIGNUM *, BN_CTX *); ++ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *tmp1, *tmp2, *Za23, *Zb23; ++ const BIGNUM *tmp1_, *tmp2_; ++ int ret = -1; ++ ++ if (EC_POINT_is_at_infinity(group, a)) { ++ return EC_POINT_is_at_infinity(group, b) ? 0 : 1; ++ } ++ ++ if (EC_POINT_is_at_infinity(group, b)) ++ return 1; ++ ++ if (a->Z_is_one && b->Z_is_one) { ++ return ((BN_cmp(&a->X, &b->X) == 0) ++ && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; ++ } ++ ++ field_mul = group->meth->field_mul; ++ field_sqr = group->meth->field_sqr; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return -1; ++ } ++ ++ BN_CTX_start(ctx); ++ tmp1 = BN_CTX_get(ctx); ++ tmp2 = BN_CTX_get(ctx); ++ Za23 = BN_CTX_get(ctx); ++ Zb23 = BN_CTX_get(ctx); ++ if (Zb23 == NULL) ++ goto end; ++ ++ /*- ++ * We have to decide whether ++ * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), ++ * or equivalently, whether ++ * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). ++ */ ++ ++ if (!b->Z_is_one) { ++ if (!field_sqr(group, Zb23, &b->Z, ctx)) ++ goto end; ++ if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) ++ goto end; ++ tmp1_ = tmp1; ++ } else ++ tmp1_ = &a->X; ++ if (!a->Z_is_one) { ++ if (!field_sqr(group, Za23, &a->Z, ctx)) ++ goto end; ++ if (!field_mul(group, tmp2, &b->X, Za23, ctx)) ++ goto end; ++ tmp2_ = tmp2; ++ } else ++ tmp2_ = &b->X; ++ ++ /* compare X_a*Z_b^2 with X_b*Z_a^2 */ ++ if (BN_cmp(tmp1_, tmp2_) != 0) { ++ ret = 1; /* points differ */ ++ goto end; ++ } ++ ++ if (!b->Z_is_one) { ++ if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) ++ goto end; ++ if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) ++ goto end; ++ /* tmp1_ = tmp1 */ ++ } else ++ tmp1_ = &a->Y; ++ if (!a->Z_is_one) { ++ if (!field_mul(group, Za23, Za23, &a->Z, ctx)) ++ goto end; ++ if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) ++ goto end; ++ /* tmp2_ = tmp2 */ ++ } else ++ tmp2_ = &b->Y; ++ ++ /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ ++ if (BN_cmp(tmp1_, tmp2_) != 0) { ++ ret = 1; /* points differ */ ++ goto end; ++ } ++ ++ /* points are equal */ ++ ret = 0; + + end: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BIGNUM *x, *y; +- int ret = 0; +- +- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) +- return 1; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- if (y == NULL) goto err; +- +- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; +- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; +- if (!point->Z_is_one) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- ret = 1; ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, ++ BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *x, *y; ++ int ret = 0; ++ ++ if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) ++ return 1; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ if (y == NULL) ++ goto err; ++ ++ if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) ++ goto err; ++ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) ++ goto err; ++ if (!point->Z_is_one) { ++ ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- return ret; +- } +- +- +-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) +- { +- BN_CTX *new_ctx = NULL; +- BIGNUM *tmp, *tmp_Z; +- BIGNUM **prod_Z = NULL; +- size_t i; +- int ret = 0; +- +- if (num == 0) +- return 1; +- +- if (ctx == NULL) +- { +- ctx = new_ctx = BN_CTX_new(); +- if (ctx == NULL) +- return 0; +- } +- +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- tmp_Z = BN_CTX_get(ctx); +- if (tmp == NULL || tmp_Z == NULL) goto err; +- +- prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); +- if (prod_Z == NULL) goto err; +- for (i = 0; i < num; i++) +- { +- prod_Z[i] = BN_new(); +- if (prod_Z[i] == NULL) goto err; +- } +- +- /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, +- * skipping any zero-valued inputs (pretend that they're 1). */ +- +- if (!BN_is_zero(&points[0]->Z)) +- { +- if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; +- } +- else +- { +- if (group->meth->field_set_to_one != 0) +- { +- if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; +- } +- else +- { +- if (!BN_one(prod_Z[0])) goto err; +- } +- } +- +- for (i = 1; i < num; i++) +- { +- if (!BN_is_zero(&points[i]->Z)) +- { +- if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; +- } +- else +- { +- if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; +- } +- } +- +- /* Now use a single explicit inversion to replace every +- * non-zero points[i]->Z by its inverse. */ +- +- if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) +- { +- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); +- goto err; +- } +- if (group->meth->field_encode != 0) +- { +- /* In the Montgomery case, we just turned R*H (representing H) +- * into 1/(R*H), but we need R*(1/H) (representing 1/H); +- * i.e. we need to multiply by the Montgomery factor twice. */ +- if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; +- if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; +- } +- +- for (i = num - 1; i > 0; --i) +- { +- /* Loop invariant: tmp is the product of the inverses of +- * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ +- if (!BN_is_zero(&points[i]->Z)) +- { +- /* Set tmp_Z to the inverse of points[i]->Z (as product +- * of Z inverses 0 .. i, Z values 0 .. i - 1). */ +- if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; +- /* Update tmp to satisfy the loop invariant for i - 1. */ +- if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; +- /* Replace points[i]->Z by its inverse. */ +- if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; +- } +- } +- +- if (!BN_is_zero(&points[0]->Z)) +- { +- /* Replace points[0]->Z by its inverse. */ +- if (!BN_copy(&points[0]->Z, tmp)) goto err; +- } +- +- /* Finally, fix up the X and Y coordinates for all points. */ +- +- for (i = 0; i < num; i++) +- { +- EC_POINT *p = points[i]; +- +- if (!BN_is_zero(&p->Z)) +- { +- /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ +- +- if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; +- if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; +- +- if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; +- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; +- +- if (group->meth->field_set_to_one != 0) +- { +- if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; +- } +- else +- { +- if (!BN_one(&p->Z)) goto err; +- } +- p->Z_is_one = 1; +- } +- } +- +- ret = 1; ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ return ret; ++} ++ ++int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, ++ EC_POINT *points[], BN_CTX *ctx) ++{ ++ BN_CTX *new_ctx = NULL; ++ BIGNUM *tmp, *tmp_Z; ++ BIGNUM **prod_Z = NULL; ++ size_t i; ++ int ret = 0; ++ ++ if (num == 0) ++ return 1; ++ ++ if (ctx == NULL) { ++ ctx = new_ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ return 0; ++ } ++ ++ BN_CTX_start(ctx); ++ tmp = BN_CTX_get(ctx); ++ tmp_Z = BN_CTX_get(ctx); ++ if (tmp == NULL || tmp_Z == NULL) ++ goto err; ++ ++ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); ++ if (prod_Z == NULL) ++ goto err; ++ for (i = 0; i < num; i++) { ++ prod_Z[i] = BN_new(); ++ if (prod_Z[i] == NULL) ++ goto err; ++ } ++ ++ /* ++ * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, ++ * skipping any zero-valued inputs (pretend that they're 1). ++ */ ++ ++ if (!BN_is_zero(&points[0]->Z)) { ++ if (!BN_copy(prod_Z[0], &points[0]->Z)) ++ goto err; ++ } else { ++ if (group->meth->field_set_to_one != 0) { ++ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) ++ goto err; ++ } else { ++ if (!BN_one(prod_Z[0])) ++ goto err; ++ } ++ } ++ ++ for (i = 1; i < num; i++) { ++ if (!BN_is_zero(&points[i]->Z)) { ++ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], ++ &points[i]->Z, ctx)) ++ goto err; ++ } else { ++ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) ++ goto err; ++ } ++ } ++ ++ /* ++ * Now use a single explicit inversion to replace every non-zero ++ * points[i]->Z by its inverse. ++ */ ++ ++ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) { ++ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); ++ goto err; ++ } ++ if (group->meth->field_encode != 0) { ++ /* ++ * In the Montgomery case, we just turned R*H (representing H) into ++ * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to ++ * multiply by the Montgomery factor twice. ++ */ ++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) ++ goto err; ++ if (!group->meth->field_encode(group, tmp, tmp, ctx)) ++ goto err; ++ } ++ ++ for (i = num - 1; i > 0; --i) { ++ /* ++ * Loop invariant: tmp is the product of the inverses of points[0]->Z ++ * .. points[i]->Z (zero-valued inputs skipped). ++ */ ++ if (!BN_is_zero(&points[i]->Z)) { ++ /* ++ * Set tmp_Z to the inverse of points[i]->Z (as product of Z ++ * inverses 0 .. i, Z values 0 .. i - 1). ++ */ ++ if (!group-> ++ meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) ++ goto err; ++ /* ++ * Update tmp to satisfy the loop invariant for i - 1. ++ */ ++ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) ++ goto err; ++ /* Replace points[i]->Z by its inverse. */ ++ if (!BN_copy(&points[i]->Z, tmp_Z)) ++ goto err; ++ } ++ } ++ ++ if (!BN_is_zero(&points[0]->Z)) { ++ /* Replace points[0]->Z by its inverse. */ ++ if (!BN_copy(&points[0]->Z, tmp)) ++ goto err; ++ } ++ ++ /* Finally, fix up the X and Y coordinates for all points. */ ++ ++ for (i = 0; i < num; i++) { ++ EC_POINT *p = points[i]; ++ ++ if (!BN_is_zero(&p->Z)) { ++ /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ ++ ++ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) ++ goto err; ++ ++ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) ++ goto err; ++ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) ++ goto err; ++ ++ if (group->meth->field_set_to_one != 0) { ++ if (!group->meth->field_set_to_one(group, &p->Z, ctx)) ++ goto err; ++ } else { ++ if (!BN_one(&p->Z)) ++ goto err; ++ } ++ p->Z_is_one = 1; ++ } ++ } ++ ++ ret = 1; + + err: +- BN_CTX_end(ctx); +- if (new_ctx != NULL) +- BN_CTX_free(new_ctx); +- if (prod_Z != NULL) +- { +- for (i = 0; i < num; i++) +- { +- if (prod_Z[i] != NULL) +- BN_clear_free(prod_Z[i]); +- } +- OPENSSL_free(prod_Z); +- } +- return ret; +- } +- +- +-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +- { +- return BN_mod_mul(r, a, b, &group->field, ctx); +- } +- +- +-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +- { +- return BN_mod_sqr(r, a, &group->field, ctx); +- } ++ BN_CTX_end(ctx); ++ if (new_ctx != NULL) ++ BN_CTX_free(new_ctx); ++ if (prod_Z != NULL) { ++ for (i = 0; i < num; i++) { ++ if (prod_Z[i] == NULL) ++ break; ++ BN_clear_free(prod_Z[i]); ++ } ++ OPENSSL_free(prod_Z); ++ } ++ return ret; ++} ++ ++int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, ++ const BIGNUM *b, BN_CTX *ctx) ++{ ++ return BN_mod_mul(r, a, b, &group->field, ctx); ++} ++ ++int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, ++ BN_CTX *ctx) ++{ ++ return BN_mod_sqr(r, a, &group->field, ctx); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c +index 4d2ede7..f1ec12d 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c ++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,34 +66,31 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) + +-static ERR_STRING_DATA ECDH_str_functs[]= +- { +-{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, +-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ECDH_str_functs[] = { ++ {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, ++ {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA ECDH_str_reasons[]= +- { +-{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"}, +-{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"}, +-{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ECDH_str_reasons[] = { ++ {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"}, ++ {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"}, ++ {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_ECDH_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,ECDH_str_functs); +- ERR_load_strings(0,ECDH_str_reasons); +- } ++ if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, ECDH_str_functs); ++ ERR_load_strings(0, ECDH_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c +index f44da92..4045fb2 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c ++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -69,15 +69,16 @@ + + #include "ech_locl.h" + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + + int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +- EC_KEY *eckey, +- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) ++ EC_KEY *eckey, ++ void *(*KDF) (const void *in, size_t inlen, void *out, ++ size_t *outlen)) + { +- ECDH_DATA *ecdh = ecdh_check(eckey); +- if (ecdh == NULL) +- return 0; +- return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); ++ ECDH_DATA *ecdh = ecdh_check(eckey); ++ if (ecdh == NULL) ++ return 0; ++ return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +index f9ba5fb..4bba074 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -70,179 +70,173 @@ + #include "ech_locl.h" + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include + +-const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; ++const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT; + + static const ECDH_METHOD *default_ECDH_method = NULL; + + static void *ecdh_data_new(void); + static void *ecdh_data_dup(void *); +-static void ecdh_data_free(void *); ++static void ecdh_data_free(void *); + + void ECDH_set_default_method(const ECDH_METHOD *meth) +- { +- default_ECDH_method = meth; +- } ++{ ++ default_ECDH_method = meth; ++} + + const ECDH_METHOD *ECDH_get_default_method(void) +- { +- if(!default_ECDH_method) +- default_ECDH_method = ECDH_OpenSSL(); +- return default_ECDH_method; +- } ++{ ++ if (!default_ECDH_method) ++ default_ECDH_method = ECDH_OpenSSL(); ++ return default_ECDH_method; ++} + + int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) +- { +- ECDH_DATA *ecdh; ++{ ++ ECDH_DATA *ecdh; + +- ecdh = ecdh_check(eckey); ++ ecdh = ecdh_check(eckey); + +- if (ecdh == NULL) +- return 0; ++ if (ecdh == NULL) ++ return 0; + + #ifndef OPENSSL_NO_ENGINE +- if (ecdh->engine) +- { +- ENGINE_finish(ecdh->engine); +- ecdh->engine = NULL; +- } ++ if (ecdh->engine) { ++ ENGINE_finish(ecdh->engine); ++ ecdh->engine = NULL; ++ } + #endif +- ecdh->meth = meth; ++ ecdh->meth = meth; + #if 0 +- if (meth->init) +- meth->init(eckey); ++ if (meth->init) ++ meth->init(eckey); + #endif +- return 1; +- } ++ return 1; ++} + + static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) +- { +- ECDH_DATA *ret; ++{ ++ ECDH_DATA *ret; + +- ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); +- if (ret == NULL) +- { +- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return(NULL); +- } ++ ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); ++ if (ret == NULL) { ++ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } + +- ret->init = NULL; ++ ret->init = NULL; + +- ret->meth = ECDH_get_default_method(); +- ret->engine = engine; ++ ret->meth = ECDH_get_default_method(); ++ ret->engine = engine; + #ifndef OPENSSL_NO_ENGINE +- if (!ret->engine) +- ret->engine = ENGINE_get_default_ECDH(); +- if (ret->engine) +- { +- ret->meth = ENGINE_get_ECDH(ret->engine); +- if (!ret->meth) +- { +- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } ++ if (!ret->engine) ++ ret->engine = ENGINE_get_default_ECDH(); ++ if (ret->engine) { ++ ret->meth = ENGINE_get_ECDH(ret->engine); ++ if (!ret->meth) { ++ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } + #endif + +- ret->flags = ret->meth->flags; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); ++ ret->flags = ret->meth->flags; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + #if 0 +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret=NULL; +- } +-#endif +- return(ret); +- } ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++#endif ++ return (ret); ++} + + static void *ecdh_data_new(void) +- { +- return (void *)ECDH_DATA_new_method(NULL); +- } ++{ ++ return (void *)ECDH_DATA_new_method(NULL); ++} + + static void *ecdh_data_dup(void *data) + { +- ECDH_DATA *r = (ECDH_DATA *)data; ++ ECDH_DATA *r = (ECDH_DATA *)data; + +- /* XXX: dummy operation */ +- if (r == NULL) +- return NULL; ++ /* XXX: dummy operation */ ++ if (r == NULL) ++ return NULL; + +- return (void *)ecdh_data_new(); ++ return (void *)ecdh_data_new(); + } + + void ecdh_data_free(void *data) +- { +- ECDH_DATA *r = (ECDH_DATA *)data; ++{ ++ ECDH_DATA *r = (ECDH_DATA *)data; + + #ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif + +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); + +- OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); ++ OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); + +- OPENSSL_free(r); +- } ++ OPENSSL_free(r); ++} + + ECDH_DATA *ecdh_check(EC_KEY *key) +- { +- ECDH_DATA *ecdh_data; +- +- void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, +- ecdh_data_free, ecdh_data_free); +- if (data == NULL) +- { +- ecdh_data = (ECDH_DATA *)ecdh_data_new(); +- if (ecdh_data == NULL) +- return NULL; +- data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, +- ecdh_data_dup, ecdh_data_free, ecdh_data_free); +- if (data != NULL) +- { +- /* Another thread raced us to install the key_method +- * data and won. */ +- ecdh_data_free(ecdh_data); +- ecdh_data = (ECDH_DATA *)data; +- } +- } +- else +- ecdh_data = (ECDH_DATA *)data; +- +- +- return ecdh_data; +- } ++{ ++ ECDH_DATA *ecdh_data; ++ ++ void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, ++ ecdh_data_free, ecdh_data_free); ++ if (data == NULL) { ++ ecdh_data = (ECDH_DATA *)ecdh_data_new(); ++ if (ecdh_data == NULL) ++ return NULL; ++ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, ++ ecdh_data_dup, ecdh_data_free, ++ ecdh_data_free); ++ if (data != NULL) { ++ /* ++ * Another thread raced us to install the key_method data and ++ * won. ++ */ ++ ecdh_data_free(ecdh_data); ++ ecdh_data = (ECDH_DATA *)data; ++ } ++ } else ++ ecdh_data = (ECDH_DATA *)data; ++ ++ return ecdh_data; ++} + + int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, ++ new_func, dup_func, free_func); ++} + + int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) +- { +- ECDH_DATA *ecdh; +- ecdh = ecdh_check(d); +- if (ecdh == NULL) +- return 0; +- return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); +- } ++{ ++ ECDH_DATA *ecdh; ++ ecdh = ecdh_check(d); ++ if (ecdh == NULL) ++ return 0; ++ return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg)); ++} + + void *ECDH_get_ex_data(EC_KEY *d, int idx) +- { +- ECDH_DATA *ecdh; +- ecdh = ecdh_check(d); +- if (ecdh == NULL) +- return NULL; +- return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); +- } ++{ ++ ECDH_DATA *ecdh; ++ ecdh = ecdh_check(d); ++ if (ecdh == NULL) ++ return NULL; ++ return (CRYPTO_get_ex_data(&ecdh->ex_data, idx)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c +index 2a40ff1..6a8243d 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c ++++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,7 +67,6 @@ + * + */ + +- + #include + #include + +@@ -80,134 +79,127 @@ + #include + + static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, +- EC_KEY *ecdh, +- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); ++ EC_KEY *ecdh, ++ void *(*KDF) (const void *in, size_t inlen, ++ void *out, size_t *outlen)); + + static ECDH_METHOD openssl_ecdh_meth = { +- "OpenSSL ECDH method", +- ecdh_compute_key, ++ "OpenSSL ECDH method", ++ ecdh_compute_key, + #if 0 +- NULL, /* init */ +- NULL, /* finish */ ++ NULL, /* init */ ++ NULL, /* finish */ + #endif +- 0, /* flags */ +- NULL /* app_data */ ++ 0, /* flags */ ++ NULL /* app_data */ + }; + + const ECDH_METHOD *ECDH_OpenSSL(void) +- { +- return &openssl_ecdh_meth; +- } +- ++{ ++ return &openssl_ecdh_meth; ++} + +-/* This implementation is based on the following primitives in the IEEE 1363 standard: ++/*- ++ * This implementation is based on the following primitives in the IEEE 1363 standard: + * - ECKAS-DH1 + * - ECSVDP-DH + * Finally an optional KDF is applied. + */ + static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +- EC_KEY *ecdh, +- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) +- { +- BN_CTX *ctx; +- EC_POINT *tmp=NULL; +- BIGNUM *x=NULL, *y=NULL; +- const BIGNUM *priv_key; +- const EC_GROUP* group; +- int ret= -1; +- size_t buflen, len; +- unsigned char *buf=NULL; +- +- if (outlen > INT_MAX) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ +- return -1; +- } +- +- if ((ctx = BN_CTX_new()) == NULL) goto err; +- BN_CTX_start(ctx); +- x = BN_CTX_get(ctx); +- y = BN_CTX_get(ctx); +- +- priv_key = EC_KEY_get0_private_key(ecdh); +- if (priv_key == NULL) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); +- goto err; +- } +- +- group = EC_KEY_get0_group(ecdh); +- if ((tmp=EC_POINT_new(group)) == NULL) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); +- goto err; +- } +- +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) +- { +- if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); +- goto err; +- } +- } +- else +- { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); +- goto err; +- } +- } +- +- buflen = (EC_GROUP_get_degree(group) + 7)/8; +- len = BN_num_bytes(x); +- if (len > buflen) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); +- goto err; +- } +- if ((buf = OPENSSL_malloc(buflen)) == NULL) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- memset(buf, 0, buflen - len); +- if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); +- goto err; +- } +- +- if (KDF != 0) +- { +- if (KDF(buf, buflen, out, &outlen) == NULL) +- { +- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); +- goto err; +- } +- ret = outlen; +- } +- else +- { +- /* no KDF, just copy as much as we can */ +- if (outlen > buflen) +- outlen = buflen; +- memcpy(out, buf, outlen); +- ret = outlen; +- } +- +-err: +- if (tmp) EC_POINT_free(tmp); +- if (ctx) BN_CTX_end(ctx); +- if (ctx) BN_CTX_free(ctx); +- if (buf) OPENSSL_free(buf); +- return(ret); +- } ++ EC_KEY *ecdh, ++ void *(*KDF) (const void *in, size_t inlen, ++ void *out, size_t *outlen)) ++{ ++ BN_CTX *ctx; ++ EC_POINT *tmp = NULL; ++ BIGNUM *x = NULL, *y = NULL; ++ const BIGNUM *priv_key; ++ const EC_GROUP *group; ++ int ret = -1; ++ size_t buflen, len; ++ unsigned char *buf = NULL; ++ ++ if (outlen > INT_MAX) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of, ++ * anyway */ ++ return -1; ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ x = BN_CTX_get(ctx); ++ y = BN_CTX_get(ctx); ++ ++ priv_key = EC_KEY_get0_private_key(ecdh); ++ if (priv_key == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); ++ goto err; ++ } ++ ++ group = EC_KEY_get0_group(ecdh); ++ if ((tmp = EC_POINT_new(group)) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ } else { ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); ++ goto err; ++ } ++ } ++ ++ buflen = (EC_GROUP_get_degree(group) + 7) / 8; ++ len = BN_num_bytes(x); ++ if (len > buflen) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if ((buf = OPENSSL_malloc(buflen)) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ memset(buf, 0, buflen - len); ++ if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (KDF != 0) { ++ if (KDF(buf, buflen, out, &outlen) == NULL) { ++ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED); ++ goto err; ++ } ++ ret = outlen; ++ } else { ++ /* no KDF, just copy as much as we can */ ++ if (outlen > buflen) ++ outlen = buflen; ++ memcpy(out, buf, outlen); ++ ret = outlen; ++ } ++ ++ err: ++ if (tmp) ++ EC_POINT_free(tmp); ++ if (ctx) ++ BN_CTX_end(ctx); ++ if (ctx) ++ BN_CTX_free(ctx); ++ if (buf) ++ OPENSSL_free(buf); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c +index b295489..508b079 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,8 +58,8 @@ + #include + + ASN1_SEQUENCE(ECDSA_SIG) = { +- ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), +- ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) ++ ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM), ++ ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM) + } ASN1_SEQUENCE_END(ECDSA_SIG) + + DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG) +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c +index d2a5373..80d91af 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,40 +66,39 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) + +-static ERR_STRING_DATA ECDSA_str_functs[]= +- { +-{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, +-{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, +-{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, +-{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ECDSA_str_functs[] = { ++ {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"}, ++ {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"}, ++ {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"}, ++ {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA ECDSA_str_reasons[]= +- { +-{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"}, +-{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +-{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"}, +-{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"}, +-{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"}, +-{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"}, +-{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ECDSA_str_reasons[] = { ++ {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"}, ++ {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), ++ "data too large for key size"}, ++ {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"}, ++ {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"}, ++ {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, ++ {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), ++ "random number generation failed"}, ++ {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_ECDSA_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,ECDSA_str_functs); +- ERR_load_strings(0,ECDSA_str_reasons); +- } ++ if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, ECDSA_str_functs); ++ ERR_load_strings(0, ECDSA_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +index 81082c9..dfcb6db 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,211 +56,204 @@ + #include + #include "ecs_locl.h" + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include + #include + +-const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT; ++const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT; + + static const ECDSA_METHOD *default_ECDSA_method = NULL; + + static void *ecdsa_data_new(void); + static void *ecdsa_data_dup(void *); +-static void ecdsa_data_free(void *); ++static void ecdsa_data_free(void *); + + void ECDSA_set_default_method(const ECDSA_METHOD *meth) + { +- default_ECDSA_method = meth; ++ default_ECDSA_method = meth; + } + + const ECDSA_METHOD *ECDSA_get_default_method(void) + { +- if(!default_ECDSA_method) +- default_ECDSA_method = ECDSA_OpenSSL(); +- return default_ECDSA_method; ++ if (!default_ECDSA_method) ++ default_ECDSA_method = ECDSA_OpenSSL(); ++ return default_ECDSA_method; + } + + int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) + { +- ECDSA_DATA *ecdsa; ++ ECDSA_DATA *ecdsa; + +- ecdsa = ecdsa_check(eckey); ++ ecdsa = ecdsa_check(eckey); + +- if (ecdsa == NULL) +- return 0; ++ if (ecdsa == NULL) ++ return 0; + + #ifndef OPENSSL_NO_ENGINE +- if (ecdsa->engine) +- { +- ENGINE_finish(ecdsa->engine); +- ecdsa->engine = NULL; +- } ++ if (ecdsa->engine) { ++ ENGINE_finish(ecdsa->engine); ++ ecdsa->engine = NULL; ++ } + #endif +- ecdsa->meth = meth; ++ ecdsa->meth = meth; + +- return 1; ++ return 1; + } + + static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) + { +- ECDSA_DATA *ret; ++ ECDSA_DATA *ret; + +- ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); +- if (ret == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return(NULL); +- } ++ ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA)); ++ if (ret == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } + +- ret->init = NULL; ++ ret->init = NULL; + +- ret->meth = ECDSA_get_default_method(); +- ret->engine = engine; ++ ret->meth = ECDSA_get_default_method(); ++ ret->engine = engine; + #ifndef OPENSSL_NO_ENGINE +- if (!ret->engine) +- ret->engine = ENGINE_get_default_ECDSA(); +- if (ret->engine) +- { +- ret->meth = ENGINE_get_ECDSA(ret->engine); +- if (!ret->meth) +- { +- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } ++ if (!ret->engine) ++ ret->engine = ENGINE_get_default_ECDSA(); ++ if (ret->engine) { ++ ret->meth = ENGINE_get_ECDSA(ret->engine); ++ if (!ret->meth) { ++ ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } + #endif + +- ret->flags = ret->meth->flags; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); ++ ret->flags = ret->meth->flags; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); + #if 0 +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret=NULL; +- } +-#endif +- return(ret); ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++#endif ++ return (ret); + } + + static void *ecdsa_data_new(void) + { +- return (void *)ECDSA_DATA_new_method(NULL); ++ return (void *)ECDSA_DATA_new_method(NULL); + } + + static void *ecdsa_data_dup(void *data) + { +- ECDSA_DATA *r = (ECDSA_DATA *)data; ++ ECDSA_DATA *r = (ECDSA_DATA *)data; + +- /* XXX: dummy operation */ +- if (r == NULL) +- return NULL; ++ /* XXX: dummy operation */ ++ if (r == NULL) ++ return NULL; + +- return ecdsa_data_new(); ++ return ecdsa_data_new(); + } + + static void ecdsa_data_free(void *data) + { +- ECDSA_DATA *r = (ECDSA_DATA *)data; ++ ECDSA_DATA *r = (ECDSA_DATA *)data; + + #ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); + +- OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); ++ OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA)); + +- OPENSSL_free(r); ++ OPENSSL_free(r); + } + + ECDSA_DATA *ecdsa_check(EC_KEY *key) + { +- ECDSA_DATA *ecdsa_data; +- +- void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, +- ecdsa_data_free, ecdsa_data_free); +- if (data == NULL) +- { +- ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); +- if (ecdsa_data == NULL) +- return NULL; +- data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, +- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); +- if (data != NULL) +- { +- /* Another thread raced us to install the key_method +- * data and won. */ +- ecdsa_data_free(ecdsa_data); +- ecdsa_data = (ECDSA_DATA *)data; +- } +- } +- else +- ecdsa_data = (ECDSA_DATA *)data; +- +- +- return ecdsa_data; ++ ECDSA_DATA *ecdsa_data; ++ ++ void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, ++ ecdsa_data_free, ecdsa_data_free); ++ if (data == NULL) { ++ ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); ++ if (ecdsa_data == NULL) ++ return NULL; ++ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, ++ ecdsa_data_dup, ecdsa_data_free, ++ ecdsa_data_free); ++ if (data != NULL) { ++ /* ++ * Another thread raced us to install the key_method data and ++ * won. ++ */ ++ ecdsa_data_free(ecdsa_data); ++ ecdsa_data = (ECDSA_DATA *)data; ++ } ++ } else ++ ecdsa_data = (ECDSA_DATA *)data; ++ ++ return ecdsa_data; + } + + int ECDSA_size(const EC_KEY *r) + { +- int ret,i; +- ASN1_INTEGER bs; +- BIGNUM *order=NULL; +- unsigned char buf[4]; +- const EC_GROUP *group; +- +- if (r == NULL) +- return 0; +- group = EC_KEY_get0_group(r); +- if (group == NULL) +- return 0; +- +- if ((order = BN_new()) == NULL) return 0; +- if (!EC_GROUP_get_order(group,order,NULL)) +- { +- BN_clear_free(order); +- return 0; +- } +- i=BN_num_bits(order); +- bs.length=(i+7)/8; +- bs.data=buf; +- bs.type=V_ASN1_INTEGER; +- /* If the top bit is set the asn1 encoding is 1 larger. */ +- buf[0]=0xff; +- +- i=i2d_ASN1_INTEGER(&bs,NULL); +- i+=i; /* r and s */ +- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); +- BN_clear_free(order); +- return(ret); ++ int ret, i; ++ ASN1_INTEGER bs; ++ BIGNUM *order = NULL; ++ unsigned char buf[4]; ++ const EC_GROUP *group; ++ ++ if (r == NULL) ++ return 0; ++ group = EC_KEY_get0_group(r); ++ if (group == NULL) ++ return 0; ++ ++ if ((order = BN_new()) == NULL) ++ return 0; ++ if (!EC_GROUP_get_order(group, order, NULL)) { ++ BN_clear_free(order); ++ return 0; ++ } ++ i = BN_num_bits(order); ++ bs.length = (i + 7) / 8; ++ bs.data = buf; ++ bs.type = V_ASN1_INTEGER; ++ /* If the top bit is set the asn1 encoding is 1 larger. */ ++ buf[0] = 0xff; ++ ++ i = i2d_ASN1_INTEGER(&bs, NULL); ++ i += i; /* r and s */ ++ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); ++ BN_clear_free(order); ++ return (ret); + } + +- + int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, +- new_func, dup_func, free_func); ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, ++ new_func, dup_func, free_func); + } + + int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) + { +- ECDSA_DATA *ecdsa; +- ecdsa = ecdsa_check(d); +- if (ecdsa == NULL) +- return 0; +- return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg)); ++ ECDSA_DATA *ecdsa; ++ ecdsa = ecdsa_check(d); ++ if (ecdsa == NULL) ++ return 0; ++ return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg)); + } + + void *ECDSA_get_ex_data(EC_KEY *d, int idx) + { +- ECDSA_DATA *ecdsa; +- ecdsa = ecdsa_check(d); +- if (ecdsa == NULL) +- return NULL; +- return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx)); ++ ECDSA_DATA *ecdsa; ++ ecdsa = ecdsa_check(d); ++ if (ecdsa == NULL) ++ return NULL; ++ return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c +index 1bbf328..8b29b24 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,420 +61,377 @@ + #include + #include + +-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, +- const BIGNUM *, const BIGNUM *, EC_KEY *eckey); +-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp); +-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey); ++static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, ++ const BIGNUM *, const BIGNUM *, ++ EC_KEY *eckey); ++static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp); ++static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey); + + static ECDSA_METHOD openssl_ecdsa_meth = { +- "OpenSSL ECDSA method", +- ecdsa_do_sign, +- ecdsa_sign_setup, +- ecdsa_do_verify, ++ "OpenSSL ECDSA method", ++ ecdsa_do_sign, ++ ecdsa_sign_setup, ++ ecdsa_do_verify, + #if 0 +- NULL, /* init */ +- NULL, /* finish */ ++ NULL, /* init */ ++ NULL, /* finish */ + #endif +- 0, /* flags */ +- NULL /* app_data */ ++ 0, /* flags */ ++ NULL /* app_data */ + }; + + const ECDSA_METHOD *ECDSA_OpenSSL(void) + { +- return &openssl_ecdsa_meth; ++ return &openssl_ecdsa_meth; + } + + static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp) ++ BIGNUM **rp) + { +- BN_CTX *ctx = NULL; +- BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; +- EC_POINT *tmp_point=NULL; +- const EC_GROUP *group; +- int ret = 0; ++ BN_CTX *ctx = NULL; ++ BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; ++ EC_POINT *tmp_point = NULL; ++ const EC_GROUP *group; ++ int ret = 0; + +- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } ++ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } + +- if (ctx_in == NULL) +- { +- if ((ctx = BN_CTX_new()) == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- else +- ctx = ctx_in; ++ if (ctx_in == NULL) { ++ if ((ctx = BN_CTX_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } else ++ ctx = ctx_in; + +- k = BN_new(); /* this value is later returned in *kinvp */ +- r = BN_new(); /* this value is later returned in *rp */ +- order = BN_new(); +- X = BN_new(); +- if (!k || !r || !order || !X) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if ((tmp_point = EC_POINT_new(group)) == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- if (!EC_GROUP_get_order(group, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- +- do +- { +- /* get random k */ +- do +- if (!BN_rand_range(k, order)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, +- ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); +- goto err; +- } +- while (BN_is_zero(k)); ++ k = BN_new(); /* this value is later returned in *kinvp */ ++ r = BN_new(); /* this value is later returned in *rp */ ++ order = BN_new(); ++ X = BN_new(); ++ if (!k || !r || !order || !X) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if ((tmp_point = EC_POINT_new(group)) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (!EC_GROUP_get_order(group, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); ++ goto err; ++ } + +- /* We do not want timing information to leak the length of k, +- * so we compute G*k using an equivalent scalar of fixed +- * bit-length. */ ++ do { ++ /* get random k */ ++ do ++ if (!BN_rand_range(k, order)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ++ ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); ++ goto err; ++ } ++ while (BN_is_zero(k)) ; + +- if (!BN_add(k, k, order)) goto err; +- if (BN_num_bits(k) <= BN_num_bits(order)) +- if (!BN_add(k, k, order)) goto err; ++ /* ++ * We do not want timing information to leak the length of k, so we ++ * compute G*k using an equivalent scalar of fixed bit-length. ++ */ + +- /* compute r the x-coordinate of generator * k */ +- if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); +- goto err; +- } +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) +- { +- if (!EC_POINT_get_affine_coordinates_GFp(group, +- tmp_point, X, NULL, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); +- goto err; +- } +- } +- else /* NID_X9_62_characteristic_two_field */ +- { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, +- tmp_point, X, NULL, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB); +- goto err; +- } +- } +- if (!BN_nnmod(r, X, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); +- goto err; +- } +- } +- while (BN_is_zero(r)); ++ if (!BN_add(k, k, order)) ++ goto err; ++ if (BN_num_bits(k) <= BN_num_bits(order)) ++ if (!BN_add(k, k, order)) ++ goto err; + +- /* compute the inverse of k */ +- if (!BN_mod_inverse(k, k, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); +- goto err; +- } +- /* clear old values if necessary */ +- if (*rp != NULL) +- BN_clear_free(*rp); +- if (*kinvp != NULL) +- BN_clear_free(*kinvp); +- /* save the pre-computed values */ +- *rp = r; +- *kinvp = k; +- ret = 1; +-err: +- if (!ret) +- { +- if (k != NULL) BN_clear_free(k); +- if (r != NULL) BN_clear_free(r); +- } +- if (ctx_in == NULL) +- BN_CTX_free(ctx); +- if (order != NULL) +- BN_free(order); +- if (tmp_point != NULL) +- EC_POINT_free(tmp_point); +- if (X) +- BN_clear_free(X); +- return(ret); +-} ++ /* compute r the x-coordinate of generator * k */ ++ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ if (!EC_POINT_get_affine_coordinates_GFp ++ (group, tmp_point, X, NULL, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { /* NID_X9_62_characteristic_two_field */ + ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, ++ tmp_point, X, NULL, ++ ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); ++ goto err; ++ } ++ } ++ if (!BN_nnmod(r, X, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); ++ goto err; ++ } ++ } ++ while (BN_is_zero(r)); ++ ++ /* compute the inverse of k */ ++ if (!BN_mod_inverse(k, k, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* clear old values if necessary */ ++ if (*rp != NULL) ++ BN_clear_free(*rp); ++ if (*kinvp != NULL) ++ BN_clear_free(*kinvp); ++ /* save the pre-computed values */ ++ *rp = r; ++ *kinvp = k; ++ ret = 1; ++ err: ++ if (!ret) { ++ if (k != NULL) ++ BN_clear_free(k); ++ if (r != NULL) ++ BN_clear_free(r); ++ } ++ if (ctx_in == NULL) ++ BN_CTX_free(ctx); ++ if (order != NULL) ++ BN_free(order); ++ if (tmp_point != NULL) ++ EC_POINT_free(tmp_point); ++ if (X) ++ BN_clear_free(X); ++ return (ret); ++} + +-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, +- const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) ++static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ++ const BIGNUM *in_kinv, const BIGNUM *in_r, ++ EC_KEY *eckey) + { +- int ok = 0, i; +- BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL; +- const BIGNUM *ckinv; +- BN_CTX *ctx = NULL; +- const EC_GROUP *group; +- ECDSA_SIG *ret; +- ECDSA_DATA *ecdsa; +- const BIGNUM *priv_key; ++ int ok = 0, i; ++ BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL; ++ const BIGNUM *ckinv; ++ BN_CTX *ctx = NULL; ++ const EC_GROUP *group; ++ ECDSA_SIG *ret; ++ ECDSA_DATA *ecdsa; ++ const BIGNUM *priv_key; + +- ecdsa = ecdsa_check(eckey); +- group = EC_KEY_get0_group(eckey); +- priv_key = EC_KEY_get0_private_key(eckey); +- +- if (group == NULL || priv_key == NULL || ecdsa == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } ++ ecdsa = ecdsa_check(eckey); ++ group = EC_KEY_get0_group(eckey); ++ priv_key = EC_KEY_get0_private_key(eckey); + +- ret = ECDSA_SIG_new(); +- if (!ret) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- s = ret->s; ++ if (group == NULL || priv_key == NULL || ecdsa == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } + +- if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || +- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ ret = ECDSA_SIG_new(); ++ if (!ret) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ s = ret->s; + +- if (!EC_GROUP_get_order(group, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); +- goto err; +- } +- i = BN_num_bits(order); +- /* Need to truncate digest if it is too long: first truncate whole +- * bytes. +- */ +- if (8 * dgst_len > i) +- dgst_len = (i + 7)/8; +- if (!BN_bin2bn(dgst, dgst_len, m)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- /* If still too long truncate remaining bits with a shift */ +- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- do +- { +- if (in_kinv == NULL || in_r == NULL) +- { +- if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB); +- goto err; +- } +- ckinv = kinv; +- } +- else +- { +- ckinv = in_kinv; +- if (BN_copy(ret->r, in_r) == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } ++ if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || ++ (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- if (!BN_mod_add_quick(s, tmp, m, order)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- if (!BN_mod_mul(s, s, ckinv, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); +- goto err; +- } +- if (BN_is_zero(s)) +- { +- /* if kinv and r have been supplied by the caller +- * don't to generate new kinv and r values */ +- if (in_kinv != NULL && in_r != NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES); +- goto err; +- } +- } +- else +- /* s != 0 => we have a valid signature */ +- break; +- } +- while (1); ++ if (!EC_GROUP_get_order(group, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB); ++ goto err; ++ } ++ i = BN_num_bits(order); ++ /* ++ * Need to truncate digest if it is too long: first truncate whole bytes. ++ */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7) / 8; ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ do { ++ if (in_kinv == NULL || in_r == NULL) { ++ if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB); ++ goto err; ++ } ++ ckinv = kinv; ++ } else { ++ ckinv = in_kinv; ++ if (BN_copy(ret->r, in_r) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } + +- ok = 1; +-err: +- if (!ok) +- { +- ECDSA_SIG_free(ret); +- ret = NULL; +- } +- if (ctx) +- BN_CTX_free(ctx); +- if (m) +- BN_clear_free(m); +- if (tmp) +- BN_clear_free(tmp); +- if (order) +- BN_free(order); +- if (kinv) +- BN_clear_free(kinv); +- return ret; ++ if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ if (!BN_mod_add_quick(s, tmp, m, order)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ if (!BN_mod_mul(s, s, ckinv, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB); ++ goto err; ++ } ++ if (BN_is_zero(s)) { ++ /* ++ * if kinv and r have been supplied by the caller don't to ++ * generate new kinv and r values ++ */ ++ if (in_kinv != NULL && in_r != NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ++ ECDSA_R_NEED_NEW_SETUP_VALUES); ++ goto err; ++ } ++ } else ++ /* s != 0 => we have a valid signature */ ++ break; ++ } ++ while (1); ++ ++ ok = 1; ++ err: ++ if (!ok) { ++ ECDSA_SIG_free(ret); ++ ret = NULL; ++ } ++ if (ctx) ++ BN_CTX_free(ctx); ++ if (m) ++ BN_clear_free(m); ++ if (tmp) ++ BN_clear_free(tmp); ++ if (order) ++ BN_free(order); ++ if (kinv) ++ BN_clear_free(kinv); ++ return ret; + } + + static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey) ++ const ECDSA_SIG *sig, EC_KEY *eckey) + { +- int ret = -1, i; +- BN_CTX *ctx; +- BIGNUM *order, *u1, *u2, *m, *X; +- EC_POINT *point = NULL; +- const EC_GROUP *group; +- const EC_POINT *pub_key; ++ int ret = -1, i; ++ BN_CTX *ctx; ++ BIGNUM *order, *u1, *u2, *m, *X; ++ EC_POINT *point = NULL; ++ const EC_GROUP *group; ++ const EC_POINT *pub_key; ++ ++ /* check input values */ ++ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || ++ (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); ++ return -1; ++ } ++ ++ ctx = BN_CTX_new(); ++ if (!ctx) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ BN_CTX_start(ctx); ++ order = BN_CTX_get(ctx); ++ u1 = BN_CTX_get(ctx); ++ u2 = BN_CTX_get(ctx); ++ m = BN_CTX_get(ctx); ++ X = BN_CTX_get(ctx); ++ if (!X) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ ++ if (!EC_GROUP_get_order(group, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } + +- /* check input values */ +- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || +- (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS); +- return -1; +- } ++ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || ++ BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || ++ BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); ++ ret = 0; /* signature is invalid */ ++ goto err; ++ } ++ /* calculate tmp1 = inv(S) mod order */ ++ if (!BN_mod_inverse(u2, sig->s, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* digest -> m */ ++ i = BN_num_bits(order); ++ /* ++ * Need to truncate digest if it is too long: first truncate whole bytes. ++ */ ++ if (8 * dgst_len > i) ++ dgst_len = (i + 7) / 8; ++ if (!BN_bin2bn(dgst, dgst_len, m)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* If still too long truncate remaining bits with a shift */ ++ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* u1 = m * tmp mod order */ ++ if (!BN_mod_mul(u1, m, u2, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* u2 = r * w mod q */ ++ if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } + +- ctx = BN_CTX_new(); +- if (!ctx) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- return -1; +- } +- BN_CTX_start(ctx); +- order = BN_CTX_get(ctx); +- u1 = BN_CTX_get(ctx); +- u2 = BN_CTX_get(ctx); +- m = BN_CTX_get(ctx); +- X = BN_CTX_get(ctx); +- if (!X) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- +- if (!EC_GROUP_get_order(group, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } ++ if ((point = EC_POINT_new(group)) == NULL) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == ++ NID_X9_62_prime_field) { ++ if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } else { /* NID_X9_62_characteristic_two_field */ + +- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || +- BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || +- BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE); +- ret = 0; /* signature is invalid */ +- goto err; +- } +- /* calculate tmp1 = inv(S) mod order */ +- if (!BN_mod_inverse(u2, sig->s, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* digest -> m */ +- i = BN_num_bits(order); +- /* Need to truncate digest if it is too long: first truncate whole +- * bytes. +- */ +- if (8 * dgst_len > i) +- dgst_len = (i + 7)/8; +- if (!BN_bin2bn(dgst, dgst_len, m)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* If still too long truncate remaining bits with a shift */ +- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* u1 = m * tmp mod order */ +- if (!BN_mod_mul(u1, m, u2, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* u2 = r * w mod q */ +- if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } ++ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); ++ goto err; ++ } ++ } + +- if ((point = EC_POINT_new(group)) == NULL) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) +- { +- if (!EC_POINT_get_affine_coordinates_GFp(group, +- point, X, NULL, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- } +- else /* NID_X9_62_characteristic_two_field */ +- { +- if (!EC_POINT_get_affine_coordinates_GF2m(group, +- point, X, NULL, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB); +- goto err; +- } +- } +- +- if (!BN_nnmod(u1, X, order, ctx)) +- { +- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); +- goto err; +- } +- /* if the signature is correct u1 is equal to sig->r */ +- ret = (BN_ucmp(u1, sig->r) == 0); +-err: +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- if (point) +- EC_POINT_free(point); +- return ret; ++ if (!BN_nnmod(u1, X, order, ctx)) { ++ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB); ++ goto err; ++ } ++ /* if the signature is correct u1 is equal to sig->r */ ++ ret = (BN_ucmp(u1, sig->r) == 0); ++ err: ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ if (point) ++ EC_POINT_free(point); ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c +index 353d5af..28652d4 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -55,52 +55,52 @@ + + #include "ecs_locl.h" + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include + + ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) + { +- return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); ++ return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); + } + + ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, +- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey) ++ const BIGNUM *kinv, const BIGNUM *rp, ++ EC_KEY *eckey) + { +- ECDSA_DATA *ecdsa = ecdsa_check(eckey); +- if (ecdsa == NULL) +- return NULL; +- return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); ++ ECDSA_DATA *ecdsa = ecdsa_check(eckey); ++ if (ecdsa == NULL) ++ return NULL; ++ return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey); + } + +-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char +- *sig, unsigned int *siglen, EC_KEY *eckey) ++int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char ++ *sig, unsigned int *siglen, EC_KEY *eckey) + { +- return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); ++ return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); + } + +-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char +- *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, +- EC_KEY *eckey) ++int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char ++ *sig, unsigned int *siglen, const BIGNUM *kinv, ++ const BIGNUM *r, EC_KEY *eckey) + { +- ECDSA_SIG *s; +- RAND_seed(dgst, dlen); +- s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); +- if (s == NULL) +- { +- *siglen=0; +- return 0; +- } +- *siglen = i2d_ECDSA_SIG(s, &sig); +- ECDSA_SIG_free(s); +- return 1; ++ ECDSA_SIG *s; ++ RAND_seed(dgst, dlen); ++ s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); ++ if (s == NULL) { ++ *siglen = 0; ++ return 0; ++ } ++ *siglen = i2d_ECDSA_SIG(s, &sig); ++ ECDSA_SIG_free(s); ++ return 1; + } + +-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, +- BIGNUM **rp) ++int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp) + { +- ECDSA_DATA *ecdsa = ecdsa_check(eckey); +- if (ecdsa == NULL) +- return 0; +- return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); ++ ECDSA_DATA *ecdsa = ecdsa_check(eckey); ++ if (ecdsa == NULL) ++ return 0; ++ return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); + } +diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c +index ef9acf7..e909aeb 100644 +--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c ++++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,40 +57,56 @@ + */ + + #include "ecs_locl.h" ++#include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + +-/* returns ++/*- ++ * returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey) +- { +- ECDSA_DATA *ecdsa = ecdsa_check(eckey); +- if (ecdsa == NULL) +- return 0; +- return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); +- } ++int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey) ++{ ++ ECDSA_DATA *ecdsa = ecdsa_check(eckey); ++ if (ecdsa == NULL) ++ return 0; ++ return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); ++} + +-/* returns ++/*- ++ * returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ + int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, +- const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +- { +- ECDSA_SIG *s; +- int ret=-1; ++ const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) ++{ ++ ECDSA_SIG *s; ++ const unsigned char *p = sigbuf; ++ unsigned char *der = NULL; ++ int derlen = -1; ++ int ret = -1; + +- s = ECDSA_SIG_new(); +- if (s == NULL) return(ret); +- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; +- ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); +-err: +- ECDSA_SIG_free(s); +- return(ret); +- } ++ s = ECDSA_SIG_new(); ++ if (s == NULL) ++ return (ret); ++ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) ++ goto err; ++ /* Ensure signature uses DER and doesn't have trailing garbage */ ++ derlen = i2d_ECDSA_SIG(s, &der); ++ if (derlen != sig_len || memcmp(sigbuf, der, derlen)) ++ goto err; ++ ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); ++ err: ++ if (derlen > 0) { ++ OPENSSL_cleanse(der, derlen); ++ OPENSSL_free(der); ++ } ++ ECDSA_SIG_free(s); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +index 8a1b9c7..0683df8 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c +@@ -1,6 +1,7 @@ + /* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte for the OpenSSL +- * project 2000. ++/* ++ * Written by Richard Levitte for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,66 +61,69 @@ + #include "eng_int.h" + + void ENGINE_load_builtin_engines(void) +- { +- /* There's no longer any need for an "openssl" ENGINE unless, one day, +- * it is the *only* way for standard builtin implementations to be be +- * accessed (ie. it would be possible to statically link binaries with +- * *no* builtin implementations). */ ++{ ++ /* ++ * There's no longer any need for an "openssl" ENGINE unless, one day, it ++ * is the *only* way for standard builtin implementations to be be ++ * accessed (ie. it would be possible to statically link binaries with ++ * *no* builtin implementations). ++ */ + #if 0 +- ENGINE_load_openssl(); ++ ENGINE_load_openssl(); + #endif + #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) +- ENGINE_load_padlock(); ++ ENGINE_load_padlock(); + #endif +- ENGINE_load_dynamic(); ++ ENGINE_load_dynamic(); + #ifndef OPENSSL_NO_STATIC_ENGINE +-#ifndef OPENSSL_NO_HW +-#ifndef OPENSSL_NO_HW_4758_CCA +- ENGINE_load_4758cca(); +-#endif +-#ifndef OPENSSL_NO_HW_AEP +- ENGINE_load_aep(); +-#endif +-#ifndef OPENSSL_NO_HW_ATALLA +- ENGINE_load_atalla(); +-#endif +-#ifndef OPENSSL_NO_HW_CSWIFT +- ENGINE_load_cswift(); +-#endif +-#ifndef OPENSSL_NO_HW_NCIPHER +- ENGINE_load_chil(); +-#endif +-#ifndef OPENSSL_NO_HW_NURON +- ENGINE_load_nuron(); +-#endif +-#ifndef OPENSSL_NO_HW_SUREWARE +- ENGINE_load_sureware(); +-#endif +-#ifndef OPENSSL_NO_HW_UBSEC +- ENGINE_load_ubsec(); +-#endif +-#endif +-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) +- ENGINE_load_gmp(); +-#endif +-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +- ENGINE_load_capi(); +-#endif ++# ifndef OPENSSL_NO_HW ++# ifndef OPENSSL_NO_HW_4758_CCA ++ ENGINE_load_4758cca(); ++# endif ++# ifndef OPENSSL_NO_HW_AEP ++ ENGINE_load_aep(); ++# endif ++# ifndef OPENSSL_NO_HW_ATALLA ++ ENGINE_load_atalla(); ++# endif ++# ifndef OPENSSL_NO_HW_CSWIFT ++ ENGINE_load_cswift(); ++# endif ++# ifndef OPENSSL_NO_HW_NCIPHER ++ ENGINE_load_chil(); ++# endif ++# ifndef OPENSSL_NO_HW_NURON ++ ENGINE_load_nuron(); ++# endif ++# ifndef OPENSSL_NO_HW_SUREWARE ++ ENGINE_load_sureware(); ++# endif ++# ifndef OPENSSL_NO_HW_UBSEC ++ ENGINE_load_ubsec(); ++# endif ++# endif ++# if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP) ++ ENGINE_load_gmp(); ++# endif ++# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) ++ ENGINE_load_capi(); ++# endif + #endif + #ifndef OPENSSL_NO_HW +-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +- ENGINE_load_cryptodev(); +-#endif ++# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) ++ ENGINE_load_cryptodev(); ++# endif + #endif +- } ++} + + #if defined(__OpenBSD__) || defined(__FreeBSD__) +-void ENGINE_setup_bsd_cryptodev(void) { +- static int bsd_cryptodev_default_loaded = 0; +- if (!bsd_cryptodev_default_loaded) { +- ENGINE_load_cryptodev(); +- ENGINE_register_all_complete(); +- } +- bsd_cryptodev_default_loaded=1; ++void ENGINE_setup_bsd_cryptodev(void) ++{ ++ static int bsd_cryptodev_default_loaded = 0; ++ if (!bsd_cryptodev_default_loaded) { ++ ENGINE_load_cryptodev(); ++ ENGINE_register_all_complete(); ++ } ++ bsd_cryptodev_default_loaded = 1; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c +index 95c4070..f09bec4 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c +@@ -1,6 +1,7 @@ + /* eng_cnf.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,196 +65,178 @@ + /* ENGINE config module */ + + static char *skip_dot(char *name) +- { +- char *p; +- p = strchr(name, '.'); +- if (p) +- return p + 1; +- return name; +- } ++{ ++ char *p; ++ p = strchr(name, '.'); ++ if (p) ++ return p + 1; ++ return name; ++} + + static STACK_OF(ENGINE) *initialized_engines = NULL; + + static int int_engine_init(ENGINE *e) +- { +- if (!ENGINE_init(e)) +- return 0; +- if (!initialized_engines) +- initialized_engines = sk_ENGINE_new_null(); +- if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) +- { +- ENGINE_finish(e); +- return 0; +- } +- return 1; +- } +- ++{ ++ if (!ENGINE_init(e)) ++ return 0; ++ if (!initialized_engines) ++ initialized_engines = sk_ENGINE_new_null(); ++ if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) { ++ ENGINE_finish(e); ++ return 0; ++ } ++ return 1; ++} + + static int int_engine_configure(char *name, char *value, const CONF *cnf) +- { +- int i; +- int ret = 0; +- long do_init = -1; +- STACK_OF(CONF_VALUE) *ecmds; +- CONF_VALUE *ecmd = NULL; +- char *ctrlname, *ctrlvalue; +- ENGINE *e = NULL; +- int soft = 0; +- +- name = skip_dot(name); ++{ ++ int i; ++ int ret = 0; ++ long do_init = -1; ++ STACK_OF(CONF_VALUE) *ecmds; ++ CONF_VALUE *ecmd = NULL; ++ char *ctrlname, *ctrlvalue; ++ ENGINE *e = NULL; ++ int soft = 0; ++ ++ name = skip_dot(name); + #ifdef ENGINE_CONF_DEBUG +- fprintf(stderr, "Configuring engine %s\n", name); ++ fprintf(stderr, "Configuring engine %s\n", name); + #endif +- /* Value is a section containing ENGINE commands */ +- ecmds = NCONF_get_section(cnf, value); +- +- if (!ecmds) +- { +- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR); +- return 0; +- } +- +- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) +- { +- ecmd = sk_CONF_VALUE_value(ecmds, i); +- ctrlname = skip_dot(ecmd->name); +- ctrlvalue = ecmd->value; ++ /* Value is a section containing ENGINE commands */ ++ ecmds = NCONF_get_section(cnf, value); ++ ++ if (!ecmds) { ++ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ++ ENGINE_R_ENGINE_SECTION_ERROR); ++ return 0; ++ } ++ ++ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { ++ ecmd = sk_CONF_VALUE_value(ecmds, i); ++ ctrlname = skip_dot(ecmd->name); ++ ctrlvalue = ecmd->value; + #ifdef ENGINE_CONF_DEBUG +- fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue); ++ fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ++ ctrlvalue); + #endif + +- /* First handle some special pseudo ctrls */ +- +- /* Override engine name to use */ +- if (!strcmp(ctrlname, "engine_id")) +- name = ctrlvalue; +- else if (!strcmp(ctrlname, "soft_load")) +- soft = 1; +- /* Load a dynamic ENGINE */ +- else if (!strcmp(ctrlname, "dynamic_path")) +- { +- e = ENGINE_by_id("dynamic"); +- if (!e) +- goto err; +- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) +- goto err; +- if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) +- goto err; +- if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) +- goto err; +- } +- /* ... add other pseudos here ... */ +- else +- { +- /* At this point we need an ENGINE structural reference +- * if we don't already have one. +- */ +- if (!e) +- { +- e = ENGINE_by_id(name); +- if (!e && soft) +- { +- ERR_clear_error(); +- return 1; +- } +- if (!e) +- goto err; +- } +- /* Allow "EMPTY" to mean no value: this allows a valid +- * "value" to be passed to ctrls of type NO_INPUT +- */ +- if (!strcmp(ctrlvalue, "EMPTY")) +- ctrlvalue = NULL; +- if (!strcmp(ctrlname, "init")) +- { +- if (!NCONF_get_number_e(cnf, value, "init", &do_init)) +- goto err; +- if (do_init == 1) +- { +- if (!int_engine_init(e)) +- goto err; +- } +- else if (do_init != 0) +- { +- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE); +- goto err; +- } +- } +- else if (!strcmp(ctrlname, "default_algorithms")) +- { +- if (!ENGINE_set_default_string(e, ctrlvalue)) +- goto err; +- } +- else if (!ENGINE_ctrl_cmd_string(e, +- ctrlname, ctrlvalue, 0)) +- goto err; +- } +- +- +- +- } +- if (e && (do_init == -1) && !int_engine_init(e)) +- { +- ecmd = NULL; +- goto err; +- } +- ret = 1; +- err: +- if (ret != 1) +- { +- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); +- if (ecmd) +- ERR_add_error_data(6, "section=", ecmd->section, +- ", name=", ecmd->name, +- ", value=", ecmd->value); +- } +- if (e) +- ENGINE_free(e); +- return ret; +- } +- ++ /* First handle some special pseudo ctrls */ ++ ++ /* Override engine name to use */ ++ if (!strcmp(ctrlname, "engine_id")) ++ name = ctrlvalue; ++ else if (!strcmp(ctrlname, "soft_load")) ++ soft = 1; ++ /* Load a dynamic ENGINE */ ++ else if (!strcmp(ctrlname, "dynamic_path")) { ++ e = ENGINE_by_id("dynamic"); ++ if (!e) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) ++ goto err; ++ if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) ++ goto err; ++ } ++ /* ... add other pseudos here ... */ ++ else { ++ /* ++ * At this point we need an ENGINE structural reference if we ++ * don't already have one. ++ */ ++ if (!e) { ++ e = ENGINE_by_id(name); ++ if (!e && soft) { ++ ERR_clear_error(); ++ return 1; ++ } ++ if (!e) ++ goto err; ++ } ++ /* ++ * Allow "EMPTY" to mean no value: this allows a valid "value" to ++ * be passed to ctrls of type NO_INPUT ++ */ ++ if (!strcmp(ctrlvalue, "EMPTY")) ++ ctrlvalue = NULL; ++ if (!strcmp(ctrlname, "init")) { ++ if (!NCONF_get_number_e(cnf, value, "init", &do_init)) ++ goto err; ++ if (do_init == 1) { ++ if (!int_engine_init(e)) ++ goto err; ++ } else if (do_init != 0) { ++ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ++ ENGINE_R_INVALID_INIT_VALUE); ++ goto err; ++ } ++ } else if (!strcmp(ctrlname, "default_algorithms")) { ++ if (!ENGINE_set_default_string(e, ctrlvalue)) ++ goto err; ++ } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) ++ goto err; ++ } ++ ++ } ++ if (e && (do_init == -1) && !int_engine_init(e)) { ++ ecmd = NULL; ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (ret != 1) { ++ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ++ ENGINE_R_ENGINE_CONFIGURATION_ERROR); ++ if (ecmd) ++ ERR_add_error_data(6, "section=", ecmd->section, ++ ", name=", ecmd->name, ++ ", value=", ecmd->value); ++ } ++ if (e) ++ ENGINE_free(e); ++ return ret; ++} + + static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) +- { +- STACK_OF(CONF_VALUE) *elist; +- CONF_VALUE *cval; +- int i; ++{ ++ STACK_OF(CONF_VALUE) *elist; ++ CONF_VALUE *cval; ++ int i; + #ifdef ENGINE_CONF_DEBUG +- fprintf(stderr, "Called engine module: name %s, value %s\n", +- CONF_imodule_get_name(md), CONF_imodule_get_value(md)); ++ fprintf(stderr, "Called engine module: name %s, value %s\n", ++ CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + #endif +- /* Value is a section containing ENGINEs to configure */ +- elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); ++ /* Value is a section containing ENGINEs to configure */ ++ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); + +- if (!elist) +- { +- ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); +- return 0; +- } ++ if (!elist) { ++ ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ++ ENGINE_R_ENGINES_SECTION_ERROR); ++ return 0; ++ } + +- for (i = 0; i < sk_CONF_VALUE_num(elist); i++) +- { +- cval = sk_CONF_VALUE_value(elist, i); +- if (!int_engine_configure(cval->name, cval->value, cnf)) +- return 0; +- } ++ for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { ++ cval = sk_CONF_VALUE_value(elist, i); ++ if (!int_engine_configure(cval->name, cval->value, cnf)) ++ return 0; ++ } + +- return 1; +- } ++ return 1; ++} + + static void int_engine_module_finish(CONF_IMODULE *md) +- { +- ENGINE *e; +- while ((e = sk_ENGINE_pop(initialized_engines))) +- ENGINE_finish(e); +- sk_ENGINE_free(initialized_engines); +- initialized_engines = NULL; +- } +- ++{ ++ ENGINE *e; ++ while ((e = sk_ENGINE_pop(initialized_engines))) ++ ENGINE_finish(e); ++ sk_ENGINE_free(initialized_engines); ++ initialized_engines = NULL; ++} + + void ENGINE_add_conf_module(void) +- { +- CONF_module_add("engines", +- int_engine_module_init, +- int_engine_module_finish); +- } ++{ ++ CONF_module_add("engines", ++ int_engine_module_init, int_engine_module_finish); ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c +index eef1e2d..c94674e 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c +@@ -36,8 +36,8 @@ + #include + + #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ +- (defined(OpenBSD) || defined(__FreeBSD__)) +-#include ++ (defined(OpenBSD) || defined(__FreeBSD__)) ++# include + # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) + # define HAVE_CRYPTODEV + # endif +@@ -48,30 +48,29 @@ + + #ifndef HAVE_CRYPTODEV + +-void +-ENGINE_load_cryptodev(void) ++void ENGINE_load_cryptodev(void) + { +- /* This is a NOP on platforms without /dev/crypto */ +- return; ++ /* This is a NOP on platforms without /dev/crypto */ ++ return; + } + +-#else +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include ++#else ++ ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# include + + struct dev_crypto_state { +- struct session_op d_sess; +- int d_fd; ++ struct session_op d_sess; ++ int d_fd; + }; + + static u_int32_t cryptodev_asymfeat = 0; +@@ -83,144 +82,173 @@ static int cryptodev_max_iv(int cipher); + static int cryptodev_key_length_valid(int cipher, int len); + static int cipher_nid_to_cryptodev(int nid); + static int get_cryptodev_ciphers(const int **cnids); +-/*static int get_cryptodev_digests(const int **cnids);*/ ++/* ++ * static int get_cryptodev_digests(const int **cnids); ++ */ + static int cryptodev_usable_ciphers(const int **nids); + static int cryptodev_usable_digests(const int **nids); + static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); ++ const unsigned char *in, unsigned int inl); + static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); + static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); ++ const int **nids, int nid); + static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid); ++ const int **nids, int nid); + static int bn2crparam(const BIGNUM *a, struct crparam *crp); + static int crparam2bn(struct crparam *crp, BIGNUM *a); + static void zapparams(struct crypt_kop *kop); + static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, +- int slen, BIGNUM *s); ++ int slen, BIGNUM *s); + + static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, +- RSA *rsa, BN_CTX *ctx); +-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx); ++static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, ++ BN_CTX *ctx); ++static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, ++ BN_CTX *ctx); + static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ const BIGNUM *p, const BIGNUM *m, ++ BN_CTX *ctx, BN_MONT_CTX *m_ctx); + static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont); +-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, +- int dlen, DSA *dsa); ++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, ++ BIGNUM *p, BN_CTX *ctx, ++ BN_MONT_CTX *mont); ++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, ++ DSA *dsa); + static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, +- DSA_SIG *sig, DSA *dsa); ++ DSA_SIG *sig, DSA *dsa); + static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +-static int cryptodev_dh_compute_key(unsigned char *key, +- const BIGNUM *pub_key, DH *dh); +-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, +- void (*f)()); ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx); ++static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, ++ DH *dh); ++static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()); + void ENGINE_load_cryptodev(void); + + static const ENGINE_CMD_DEFN cryptodev_defns[] = { +- { 0, NULL, NULL, 0 } ++ {0, NULL, NULL, 0} + }; + + static struct { +- int id; +- int nid; +- int ivmax; +- int keylen; ++ int id; ++ int nid; ++ int ivmax; ++ int keylen; + } ciphers[] = { +- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, +- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, +- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, +- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, +- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, +- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, +- { 0, NID_undef, 0, 0, }, ++ { ++ CRYPTO_DES_CBC, NID_des_cbc, 8, 8, ++ }, ++ { ++ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, ++ }, ++ { ++ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, ++ }, ++ { ++ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, ++ }, ++ { ++ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, ++ }, ++ { ++ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, ++ }, ++ { ++ 0, NID_undef, 0, 0, ++ }, + }; + +-#if 0 ++# if 0 + static struct { +- int id; +- int nid; ++ int id; ++ int nid; + } digests[] = { +- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, +- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, +- { CRYPTO_MD5_KPDK, NID_undef, }, +- { CRYPTO_SHA1_KPDK, NID_undef, }, +- { CRYPTO_MD5, NID_md5, }, +- { CRYPTO_SHA1, NID_undef, }, +- { 0, NID_undef, }, ++ { ++ CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, ++ }, ++ { ++ CRYPTO_RIPEMD160_HMAC, NID_ripemd160, ++ }, ++ { ++ CRYPTO_MD5_KPDK, NID_undef, ++ }, ++ { ++ CRYPTO_SHA1_KPDK, NID_undef, ++ }, ++ { ++ CRYPTO_MD5, NID_md5, ++ }, ++ { ++ CRYPTO_SHA1, NID_undef, ++ }, ++ { ++ 0, NID_undef, ++ }, + }; +-#endif ++# endif + + /* + * Return a fd if /dev/crypto seems usable, 0 otherwise. + */ +-static int +-open_dev_crypto(void) ++static int open_dev_crypto(void) + { +- static int fd = -1; +- +- if (fd == -1) { +- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) +- return (-1); +- /* close on exec */ +- if (fcntl(fd, F_SETFD, 1) == -1) { +- close(fd); +- fd = -1; +- return (-1); +- } +- } +- return (fd); ++ static int fd = -1; ++ ++ if (fd == -1) { ++ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) ++ return (-1); ++ /* close on exec */ ++ if (fcntl(fd, F_SETFD, 1) == -1) { ++ close(fd); ++ fd = -1; ++ return (-1); ++ } ++ } ++ return (fd); + } + +-static int +-get_dev_crypto(void) ++static int get_dev_crypto(void) + { +- int fd, retfd; +- +- if ((fd = open_dev_crypto()) == -1) +- return (-1); +- if (ioctl(fd, CRIOGET, &retfd) == -1) +- return (-1); +- +- /* close on exec */ +- if (fcntl(retfd, F_SETFD, 1) == -1) { +- close(retfd); +- return (-1); +- } +- return (retfd); ++ int fd, retfd; ++ ++ if ((fd = open_dev_crypto()) == -1) ++ return (-1); ++ if (ioctl(fd, CRIOGET, &retfd) == -1) ++ return (-1); ++ ++ /* close on exec */ ++ if (fcntl(retfd, F_SETFD, 1) == -1) { ++ close(retfd); ++ return (-1); ++ } ++ return (retfd); + } + + /* Caching version for asym operations */ +-static int +-get_asym_dev_crypto(void) ++static int get_asym_dev_crypto(void) + { +- static int fd = -1; ++ static int fd = -1; + +- if (fd == -1) +- fd = get_dev_crypto(); +- return fd; ++ if (fd == -1) ++ fd = get_dev_crypto(); ++ return fd; + } + + /* + * XXXX this needs to be set for each alg - and determined from + * a running card. + */ +-static int +-cryptodev_max_iv(int cipher) ++static int cryptodev_max_iv(int cipher) + { +- int i; ++ int i; + +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].ivmax); +- return (0); ++ for (i = 0; ciphers[i].id; i++) ++ if (ciphers[i].id == cipher) ++ return (ciphers[i].ivmax); ++ return (0); + } + + /* +@@ -229,27 +257,25 @@ cryptodev_max_iv(int cipher) + * for real devices should return 1 for the supported key + * sizes the device can handle. + */ +-static int +-cryptodev_key_length_valid(int cipher, int len) ++static int cryptodev_key_length_valid(int cipher, int len) + { +- int i; ++ int i; + +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].id == cipher) +- return (ciphers[i].keylen == len); +- return (0); ++ for (i = 0; ciphers[i].id; i++) ++ if (ciphers[i].id == cipher) ++ return (ciphers[i].keylen == len); ++ return (0); + } + + /* convert libcrypto nids to cryptodev */ +-static int +-cipher_nid_to_cryptodev(int nid) ++static int cipher_nid_to_cryptodev(int nid) + { +- int i; ++ int i; + +- for (i = 0; ciphers[i].id; i++) +- if (ciphers[i].nid == nid) +- return (ciphers[i].id); +- return (0); ++ for (i = 0; ciphers[i].id; i++) ++ if (ciphers[i].nid == nid) ++ return (ciphers[i].id); ++ return (0); + } + + /* +@@ -258,77 +284,75 @@ cipher_nid_to_cryptodev(int nid) + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_ciphers routine + */ +-static int +-get_cryptodev_ciphers(const int **cnids) ++static int get_cryptodev_ciphers(const int **cnids) + { +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; +- +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- sess.key = (caddr_t)"123456781234567812345678"; +- +- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (ciphers[i].nid == NID_undef) +- continue; +- sess.cipher = ciphers[i].id; +- sess.keylen = ciphers[i].keylen; +- sess.mac = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = ciphers[i].nid; +- } +- close(fd); +- +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); ++ static int nids[CRYPTO_ALGORITHM_MAX]; ++ struct session_op sess; ++ int fd, i, count = 0; ++ ++ if ((fd = get_dev_crypto()) < 0) { ++ *cnids = NULL; ++ return (0); ++ } ++ memset(&sess, 0, sizeof(sess)); ++ sess.key = (caddr_t) "123456781234567812345678"; ++ ++ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (ciphers[i].nid == NID_undef) ++ continue; ++ sess.cipher = ciphers[i].id; ++ sess.keylen = ciphers[i].keylen; ++ sess.mac = 0; ++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ++ nids[count++] = ciphers[i].nid; ++ } ++ close(fd); ++ ++ if (count > 0) ++ *cnids = nids; ++ else ++ *cnids = NULL; ++ return (count); + } + +-#if 0 /* unused */ ++# if 0 /* unused */ + /* + * Find out what digests /dev/crypto will let us have a session for. + * XXX note, that some of these openssl doesn't deal with yet! + * returning them here is harmless, as long as we return NULL + * when asked for a handler in the cryptodev_engine_digests routine + */ +-static int +-get_cryptodev_digests(const int **cnids) ++static int get_cryptodev_digests(const int **cnids) + { +- static int nids[CRYPTO_ALGORITHM_MAX]; +- struct session_op sess; +- int fd, i, count = 0; +- +- if ((fd = get_dev_crypto()) < 0) { +- *cnids = NULL; +- return (0); +- } +- memset(&sess, 0, sizeof(sess)); +- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { +- if (digests[i].nid == NID_undef) +- continue; +- sess.mac = digests[i].id; +- sess.cipher = 0; +- if (ioctl(fd, CIOCGSESSION, &sess) != -1 && +- ioctl(fd, CIOCFSESSION, &sess.ses) != -1) +- nids[count++] = digests[i].nid; +- } +- close(fd); +- +- if (count > 0) +- *cnids = nids; +- else +- *cnids = NULL; +- return (count); ++ static int nids[CRYPTO_ALGORITHM_MAX]; ++ struct session_op sess; ++ int fd, i, count = 0; ++ ++ if ((fd = get_dev_crypto()) < 0) { ++ *cnids = NULL; ++ return (0); ++ } ++ memset(&sess, 0, sizeof(sess)); ++ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { ++ if (digests[i].nid == NID_undef) ++ continue; ++ sess.mac = digests[i].id; ++ sess.cipher = 0; ++ if (ioctl(fd, CIOCGSESSION, &sess) != -1 && ++ ioctl(fd, CIOCFSESSION, &sess.ses) != -1) ++ nids[count++] = digests[i].nid; ++ } ++ close(fd); ++ ++ if (count > 0) ++ *cnids = nids; ++ else ++ *cnids = NULL; ++ return (count); + } + +-#endif ++# endif + + /* + * Find the useable ciphers|digests from dev/crypto - this is the first +@@ -351,153 +375,150 @@ get_cryptodev_digests(const int **cnids) + * want most of the decisions made about what we actually want + * to use from /dev/crypto. + */ +-static int +-cryptodev_usable_ciphers(const int **nids) ++static int cryptodev_usable_ciphers(const int **nids) + { +- return (get_cryptodev_ciphers(nids)); ++ return (get_cryptodev_ciphers(nids)); + } + +-static int +-cryptodev_usable_digests(const int **nids) ++static int cryptodev_usable_digests(const int **nids) + { +- /* +- * XXXX just disable all digests for now, because it sucks. +- * we need a better way to decide this - i.e. I may not +- * want digests on slow cards like hifn on fast machines, +- * but might want them on slow or loaded machines, etc. +- * will also want them when using crypto cards that don't +- * suck moose gonads - would be nice to be able to decide something +- * as reasonable default without having hackery that's card dependent. +- * of course, the default should probably be just do everything, +- * with perhaps a sysctl to turn algoritms off (or have them off +- * by default) on cards that generally suck like the hifn. +- */ +- *nids = NULL; +- return (0); ++ /* ++ * XXXX just disable all digests for now, because it sucks. ++ * we need a better way to decide this - i.e. I may not ++ * want digests on slow cards like hifn on fast machines, ++ * but might want them on slow or loaded machines, etc. ++ * will also want them when using crypto cards that don't ++ * suck moose gonads - would be nice to be able to decide something ++ * as reasonable default without having hackery that's card dependent. ++ * of course, the default should probably be just do everything, ++ * with perhaps a sysctl to turn algoritms off (or have them off ++ * by default) on cards that generally suck like the hifn. ++ */ ++ *nids = NULL; ++ return (0); + } + + static int + cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- struct crypt_op cryp; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- const void *iiv; +- unsigned char save_iv[EVP_MAX_IV_LENGTH]; +- +- if (state->d_fd < 0) +- return (0); +- if (!inl) +- return (1); +- if ((inl % ctx->cipher->block_size) != 0) +- return (0); +- +- memset(&cryp, 0, sizeof(cryp)); +- +- cryp.ses = sess->ses; +- cryp.flags = 0; +- cryp.len = inl; +- cryp.src = (caddr_t) in; +- cryp.dst = (caddr_t) out; +- cryp.mac = 0; +- +- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; +- +- if (ctx->cipher->iv_len) { +- cryp.iv = (caddr_t) ctx->iv; +- if (!ctx->encrypt) { +- iiv = in + inl - ctx->cipher->iv_len; +- memcpy(save_iv, iiv, ctx->cipher->iv_len); +- } +- } else +- cryp.iv = NULL; +- +- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { +- /* XXX need better errror handling +- * this can fail for a number of different reasons. +- */ +- return (0); +- } +- +- if (ctx->cipher->iv_len) { +- if (ctx->encrypt) +- iiv = out + inl - ctx->cipher->iv_len; +- else +- iiv = save_iv; +- memcpy(ctx->iv, iiv, ctx->cipher->iv_len); +- } +- return (1); ++ struct crypt_op cryp; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ const void *iiv; ++ unsigned char save_iv[EVP_MAX_IV_LENGTH]; ++ ++ if (state->d_fd < 0) ++ return (0); ++ if (!inl) ++ return (1); ++ if ((inl % ctx->cipher->block_size) != 0) ++ return (0); ++ ++ memset(&cryp, 0, sizeof(cryp)); ++ ++ cryp.ses = sess->ses; ++ cryp.flags = 0; ++ cryp.len = inl; ++ cryp.src = (caddr_t) in; ++ cryp.dst = (caddr_t) out; ++ cryp.mac = 0; ++ ++ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; ++ ++ if (ctx->cipher->iv_len) { ++ cryp.iv = (caddr_t) ctx->iv; ++ if (!ctx->encrypt) { ++ iiv = in + inl - ctx->cipher->iv_len; ++ memcpy(save_iv, iiv, ctx->cipher->iv_len); ++ } ++ } else ++ cryp.iv = NULL; ++ ++ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { ++ /* ++ * XXX need better errror handling this can fail for a number of ++ * different reasons. ++ */ ++ return (0); ++ } ++ ++ if (ctx->cipher->iv_len) { ++ if (ctx->encrypt) ++ iiv = out + inl - ctx->cipher->iv_len; ++ else ++ iiv = save_iv; ++ memcpy(ctx->iv, iiv, ctx->cipher->iv_len); ++ } ++ return (1); + } + + static int + cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) ++ const unsigned char *iv, int enc) + { +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- int cipher; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ int cipher; + +- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) +- return (0); ++ if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) ++ return (0); + +- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) +- return (0); ++ if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) ++ return (0); + +- if (!cryptodev_key_length_valid(cipher, ctx->key_len)) +- return (0); ++ if (!cryptodev_key_length_valid(cipher, ctx->key_len)) ++ return (0); + +- memset(sess, 0, sizeof(struct session_op)); ++ memset(sess, 0, sizeof(struct session_op)); + +- if ((state->d_fd = get_dev_crypto()) < 0) +- return (0); ++ if ((state->d_fd = get_dev_crypto()) < 0) ++ return (0); + +- sess->key = (char *)key; +- sess->keylen = ctx->key_len; +- sess->cipher = cipher; ++ sess->key = (char *)key; ++ sess->keylen = ctx->key_len; ++ sess->cipher = cipher; + +- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { +- close(state->d_fd); +- state->d_fd = -1; +- return (0); +- } +- return (1); ++ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { ++ close(state->d_fd); ++ state->d_fd = -1; ++ return (0); ++ } ++ return (1); + } + + /* + * free anything we allocated earlier when initting a + * session, and close the session. + */ +-static int +-cryptodev_cleanup(EVP_CIPHER_CTX *ctx) ++static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx) + { +- int ret = 0; +- struct dev_crypto_state *state = ctx->cipher_data; +- struct session_op *sess = &state->d_sess; +- +- if (state->d_fd < 0) +- return (0); +- +- /* XXX if this ioctl fails, someting's wrong. the invoker +- * may have called us with a bogus ctx, or we could +- * have a device that for whatever reason just doesn't +- * want to play ball - it's not clear what's right +- * here - should this be an error? should it just +- * increase a counter, hmm. For right now, we return +- * 0 - I don't believe that to be "right". we could +- * call the gorpy openssl lib error handlers that +- * print messages to users of the library. hmm.. +- */ +- +- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { +- ret = 0; +- } else { +- ret = 1; +- } +- close(state->d_fd); +- state->d_fd = -1; +- +- return (ret); ++ int ret = 0; ++ struct dev_crypto_state *state = ctx->cipher_data; ++ struct session_op *sess = &state->d_sess; ++ ++ if (state->d_fd < 0) ++ return (0); ++ ++ /* ++ * XXX if this ioctl fails, someting's wrong. the invoker may have called ++ * us with a bogus ctx, or we could have a device that for whatever ++ * reason just doesn't want to play ball - it's not clear what's right ++ * here - should this be an error? should it just increase a counter, ++ * hmm. For right now, we return 0 - I don't believe that to be "right". ++ * we could call the gorpy openssl lib error handlers that print messages ++ * to users of the library. hmm.. ++ */ ++ ++ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { ++ ret = 0; ++ } else { ++ ret = 1; ++ } ++ close(state->d_fd); ++ state->d_fd = -1; ++ ++ return (ret); + } + + /* +@@ -507,69 +528,69 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx) + + /* DES CBC EVP */ + const EVP_CIPHER cryptodev_des_cbc = { +- NID_des_cbc, +- 8, 8, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_des_cbc, ++ 8, 8, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + /* 3DES CBC EVP */ + const EVP_CIPHER cryptodev_3des_cbc = { +- NID_des_ede3_cbc, +- 8, 24, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_des_ede3_cbc, ++ 8, 24, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_bf_cbc = { +- NID_bf_cbc, +- 8, 16, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_bf_cbc, ++ 8, 16, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_cast_cbc = { +- NID_cast5_cbc, +- 8, 16, 8, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_cast5_cbc, ++ 8, 16, 8, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + const EVP_CIPHER cryptodev_aes_cbc = { +- NID_aes_128_cbc, +- 16, 16, 16, +- EVP_CIPH_CBC_MODE, +- cryptodev_init_key, +- cryptodev_cipher, +- cryptodev_cleanup, +- sizeof(struct dev_crypto_state), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL ++ NID_aes_128_cbc, ++ 16, 16, 16, ++ EVP_CIPH_CBC_MODE, ++ cryptodev_init_key, ++ cryptodev_cipher, ++ cryptodev_cleanup, ++ sizeof(struct dev_crypto_state), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL + }; + + /* +@@ -579,50 +600,50 @@ const EVP_CIPHER cryptodev_aes_cbc = { + */ + static int + cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid) ++ const int **nids, int nid) + { +- if (!cipher) +- return (cryptodev_usable_ciphers(nids)); +- +- switch (nid) { +- case NID_des_ede3_cbc: +- *cipher = &cryptodev_3des_cbc; +- break; +- case NID_des_cbc: +- *cipher = &cryptodev_des_cbc; +- break; +- case NID_bf_cbc: +- *cipher = &cryptodev_bf_cbc; +- break; +- case NID_cast5_cbc: +- *cipher = &cryptodev_cast_cbc; +- break; +- case NID_aes_128_cbc: +- *cipher = &cryptodev_aes_cbc; +- break; +- default: +- *cipher = NULL; +- break; +- } +- return (*cipher != NULL); ++ if (!cipher) ++ return (cryptodev_usable_ciphers(nids)); ++ ++ switch (nid) { ++ case NID_des_ede3_cbc: ++ *cipher = &cryptodev_3des_cbc; ++ break; ++ case NID_des_cbc: ++ *cipher = &cryptodev_des_cbc; ++ break; ++ case NID_bf_cbc: ++ *cipher = &cryptodev_bf_cbc; ++ break; ++ case NID_cast5_cbc: ++ *cipher = &cryptodev_cast_cbc; ++ break; ++ case NID_aes_128_cbc: ++ *cipher = &cryptodev_aes_cbc; ++ break; ++ default: ++ *cipher = NULL; ++ break; ++ } ++ return (*cipher != NULL); + } + + static int + cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid) ++ const int **nids, int nid) + { +- if (!digest) +- return (cryptodev_usable_digests(nids)); +- +- switch (nid) { +- case NID_md5: +- *digest = NULL; /* need to make a clean md5 critter */ +- break; +- default: +- *digest = NULL; +- break; +- } +- return (*digest != NULL); ++ if (!digest) ++ return (cryptodev_usable_digests(nids)); ++ ++ switch (nid) { ++ case NID_md5: ++ *digest = NULL; /* need to make a clean md5 critter */ ++ break; ++ default: ++ *digest = NULL; ++ break; ++ } ++ return (*digest != NULL); + } + + /* +@@ -630,527 +651,525 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, + * Upon completion of use, the caller is responsible for freeing + * crp->crp_p. + */ +-static int +-bn2crparam(const BIGNUM *a, struct crparam *crp) ++static int bn2crparam(const BIGNUM *a, struct crparam *crp) + { +- int i, j, k; +- ssize_t bytes, bits; +- u_char *b; +- +- crp->crp_p = NULL; +- crp->crp_nbits = 0; +- +- bits = BN_num_bits(a); +- bytes = (bits + 7) / 8; +- +- b = malloc(bytes); +- if (b == NULL) +- return (1); +- +- crp->crp_p = (char *)b; +- crp->crp_nbits = bits; +- +- for (i = 0, j = 0; i < a->top; i++) { +- for (k = 0; k < BN_BITS2 / 8; k++) { +- if ((j + k) >= bytes) +- return (0); +- b[j + k] = a->d[i] >> (k * 8); +- } +- j += BN_BITS2 / 8; +- } +- return (0); ++ int i, j, k; ++ ssize_t bytes, bits; ++ u_char *b; ++ ++ crp->crp_p = NULL; ++ crp->crp_nbits = 0; ++ ++ bits = BN_num_bits(a); ++ bytes = (bits + 7) / 8; ++ ++ b = malloc(bytes); ++ if (b == NULL) ++ return (1); ++ ++ crp->crp_p = (char *)b; ++ crp->crp_nbits = bits; ++ ++ for (i = 0, j = 0; i < a->top; i++) { ++ for (k = 0; k < BN_BITS2 / 8; k++) { ++ if ((j + k) >= bytes) ++ return (0); ++ b[j + k] = a->d[i] >> (k * 8); ++ } ++ j += BN_BITS2 / 8; ++ } ++ return (0); + } + + /* Convert a /dev/crypto parameter to a BIGNUM */ +-static int +-crparam2bn(struct crparam *crp, BIGNUM *a) ++static int crparam2bn(struct crparam *crp, BIGNUM *a) + { +- u_int8_t *pd; +- int i, bytes; ++ u_int8_t *pd; ++ int i, bytes; + +- bytes = (crp->crp_nbits + 7) / 8; ++ bytes = (crp->crp_nbits + 7) / 8; + +- if (bytes == 0) +- return (-1); ++ if (bytes == 0) ++ return (-1); + +- if ((pd = (u_int8_t *) malloc(bytes)) == NULL) +- return (-1); ++ if ((pd = (u_int8_t *) malloc(bytes)) == NULL) ++ return (-1); + +- for (i = 0; i < bytes; i++) +- pd[i] = crp->crp_p[bytes - i - 1]; ++ for (i = 0; i < bytes; i++) ++ pd[i] = crp->crp_p[bytes - i - 1]; + +- BN_bin2bn(pd, bytes, a); +- free(pd); ++ BN_bin2bn(pd, bytes, a); ++ free(pd); + +- return (0); ++ return (0); + } + +-static void +-zapparams(struct crypt_kop *kop) ++static void zapparams(struct crypt_kop *kop) + { +- int i; +- +- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { +- if (kop->crk_param[i].crp_p) +- free(kop->crk_param[i].crp_p); +- kop->crk_param[i].crp_p = NULL; +- kop->crk_param[i].crp_nbits = 0; +- } ++ int i; ++ ++ for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { ++ if (kop->crk_param[i].crp_p) ++ free(kop->crk_param[i].crp_p); ++ kop->crk_param[i].crp_p = NULL; ++ kop->crk_param[i].crp_nbits = 0; ++ } + } + + static int +-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) ++cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, ++ BIGNUM *s) + { +- int fd, ret = -1; +- +- if ((fd = get_asym_dev_crypto()) < 0) +- return (ret); +- +- if (r) { +- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); +- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; +- kop->crk_oparams++; +- } +- if (s) { +- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); +- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; +- kop->crk_oparams++; +- } +- +- if (ioctl(fd, CIOCKEY, kop) == 0) { +- if (r) +- crparam2bn(&kop->crk_param[kop->crk_iparams], r); +- if (s) +- crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); +- ret = 0; +- } +- +- return (ret); ++ int fd, ret = -1; ++ ++ if ((fd = get_asym_dev_crypto()) < 0) ++ return (ret); ++ ++ if (r) { ++ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); ++ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; ++ kop->crk_oparams++; ++ } ++ if (s) { ++ kop->crk_param[kop->crk_iparams + 1].crp_p = ++ calloc(slen, sizeof(char)); ++ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8; ++ kop->crk_oparams++; ++ } ++ ++ if (ioctl(fd, CIOCKEY, kop) == 0) { ++ if (r) ++ crparam2bn(&kop->crk_param[kop->crk_iparams], r); ++ if (s) ++ crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s); ++ ret = 0; ++ } ++ ++ return (ret); + } + + static int + cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + { +- struct crypt_kop kop; +- int ret = 1; +- +- /* Currently, we know we can do mod exp iff we can do any +- * asymmetric operations at all. +- */ +- if (cryptodev_asymfeat == 0) { +- ret = BN_mod_exp(r, a, p, m, ctx); +- return (ret); +- } +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_MOD_EXP; +- +- /* inputs: a^p % m */ +- if (bn2crparam(a, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(m, &kop.crk_param[2])) +- goto err; +- kop.crk_iparams = 3; +- +- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF asym process failed, Running in software\n"); +- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); +- +- } else if (ECANCELED == kop.crk_status) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF hardware operation cancelled. Running in Software\n"); +- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); +- } +- /* else cryptodev operation worked ok ==> ret = 1*/ +- +-err: +- zapparams(&kop); +- return (ret); ++ struct crypt_kop kop; ++ int ret = 1; ++ ++ /* ++ * Currently, we know we can do mod exp iff we can do any asymmetric ++ * operations at all. ++ */ ++ if (cryptodev_asymfeat == 0) { ++ ret = BN_mod_exp(r, a, p, m, ctx); ++ return (ret); ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_MOD_EXP; ++ ++ /* inputs: a^p % m */ ++ if (bn2crparam(a, &kop.crk_param[0])) ++ goto err; ++ if (bn2crparam(p, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(m, &kop.crk_param[2])) ++ goto err; ++ kop.crk_iparams = 3; ++ ++ if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF asym process failed, Running in software\n"); ++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ++ ++ } else if (ECANCELED == kop.crk_status) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF hardware operation cancelled. Running in Software\n"); ++ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); ++ } ++ /* else cryptodev operation worked ok ==> ret = 1 */ ++ ++ err: ++ zapparams(&kop); ++ return (ret); + } + + static int +-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) ++cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, ++ BN_CTX *ctx) + { +- int r; ++ int r; + +- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); +- return (r); ++ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); ++ return (r); + } + + static int + cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) + { +- struct crypt_kop kop; +- int ret = 1; +- +- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { +- /* XXX 0 means failure?? */ +- return (0); +- } +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_MOD_EXP_CRT; +- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ +- if (bn2crparam(rsa->p, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(rsa->q, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(I, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) +- goto err; +- kop.crk_iparams = 6; +- +- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF asym process failed, running in Software\n"); +- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); +- +- } else if (ECANCELED == kop.crk_status) { +- const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); +- printf("OCF hardware operation cancelled. Running in Software\n"); +- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); +- } +- /* else cryptodev operation worked ok ==> ret = 1*/ +- +-err: +- zapparams(&kop); +- return (ret); ++ struct crypt_kop kop; ++ int ret = 1; ++ ++ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { ++ /* XXX 0 means failure?? */ ++ return (0); ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_MOD_EXP_CRT; ++ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ ++ if (bn2crparam(rsa->p, &kop.crk_param[0])) ++ goto err; ++ if (bn2crparam(rsa->q, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(I, &kop.crk_param[2])) ++ goto err; ++ if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) ++ goto err; ++ if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) ++ goto err; ++ if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) ++ goto err; ++ kop.crk_iparams = 6; ++ ++ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF asym process failed, running in Software\n"); ++ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ++ ++ } else if (ECANCELED == kop.crk_status) { ++ const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); ++ printf("OCF hardware operation cancelled. Running in Software\n"); ++ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx); ++ } ++ /* else cryptodev operation worked ok ==> ret = 1 */ ++ ++ err: ++ zapparams(&kop); ++ return (ret); + } + + static RSA_METHOD cryptodev_rsa = { +- "cryptodev RSA method", +- NULL, /* rsa_pub_enc */ +- NULL, /* rsa_pub_dec */ +- NULL, /* rsa_priv_enc */ +- NULL, /* rsa_priv_dec */ +- NULL, +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL, /* app_data */ +- NULL, /* rsa_sign */ +- NULL /* rsa_verify */ ++ "cryptodev RSA method", ++ NULL, /* rsa_pub_enc */ ++ NULL, /* rsa_pub_dec */ ++ NULL, /* rsa_priv_enc */ ++ NULL, /* rsa_priv_dec */ ++ NULL, ++ NULL, ++ NULL, /* init */ ++ NULL, /* finish */ ++ 0, /* flags */ ++ NULL, /* app_data */ ++ NULL, /* rsa_sign */ ++ NULL /* rsa_verify */ + }; + + static int + cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) + { +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); ++ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); + } + + static int + cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, +- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, +- BN_CTX *ctx, BN_MONT_CTX *mont) ++ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, ++ BN_CTX *ctx, BN_MONT_CTX *mont) + { +- BIGNUM t2; +- int ret = 0; ++ BIGNUM t2; ++ int ret = 0; + +- BN_init(&t2); ++ BN_init(&t2); + +- /* v = ( g^u1 * y^u2 mod p ) mod q */ +- /* let t1 = g ^ u1 mod p */ +- ret = 0; ++ /* v = ( g^u1 * y^u2 mod p ) mod q */ ++ /* let t1 = g ^ u1 mod p */ ++ ret = 0; + +- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) +- goto err; ++ if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont)) ++ goto err; + +- /* let t2 = y ^ u2 mod p */ +- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) +- goto err; +- /* let u1 = t1 * t2 mod p */ +- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) +- goto err; ++ /* let t2 = y ^ u2 mod p */ ++ if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont)) ++ goto err; ++ /* let u1 = t1 * t2 mod p */ ++ if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx)) ++ goto err; + +- BN_copy(t1,u1); ++ BN_copy(t1, u1); + +- ret = 1; +-err: +- BN_free(&t2); +- return(ret); ++ ret = 1; ++ err: ++ BN_free(&t2); ++ return (ret); + } + +-static DSA_SIG * +-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ++static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, ++ DSA *dsa) + { +- struct crypt_kop kop; +- BIGNUM *r = NULL, *s = NULL; +- DSA_SIG *dsaret = NULL; +- +- if ((r = BN_new()) == NULL) +- goto err; +- if ((s = BN_new()) == NULL) { +- BN_free(r); +- goto err; +- } +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DSA_SIGN; +- +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) +- goto err; +- kop.crk_iparams = 5; +- +- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, +- BN_num_bytes(dsa->q), s) == 0) { +- dsaret = DSA_SIG_new(); +- dsaret->r = r; +- dsaret->s = s; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- BN_free(r); +- BN_free(s); +- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); +- } +-err: +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- return (dsaret); ++ struct crypt_kop kop; ++ BIGNUM *r = NULL, *s = NULL; ++ DSA_SIG *dsaret = NULL; ++ ++ if ((r = BN_new()) == NULL) ++ goto err; ++ if ((s = BN_new()) == NULL) { ++ BN_free(r); ++ goto err; ++ } ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DSA_SIGN; ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ ++ kop.crk_param[0].crp_p = (caddr_t) dgst; ++ kop.crk_param[0].crp_nbits = dlen * 8; ++ if (bn2crparam(dsa->p, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(dsa->q, &kop.crk_param[2])) ++ goto err; ++ if (bn2crparam(dsa->g, &kop.crk_param[3])) ++ goto err; ++ if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) ++ goto err; ++ kop.crk_iparams = 5; ++ ++ if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, ++ BN_num_bytes(dsa->q), s) == 0) { ++ dsaret = DSA_SIG_new(); ++ dsaret->r = r; ++ dsaret->s = s; ++ } else { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ BN_free(r); ++ BN_free(s); ++ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa); ++ } ++ err: ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ return (dsaret); + } + + static int + cryptodev_dsa_verify(const unsigned char *dgst, int dlen, +- DSA_SIG *sig, DSA *dsa) ++ DSA_SIG *sig, DSA *dsa) + { +- struct crypt_kop kop; +- int dsaret = 1; +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DSA_VERIFY; +- +- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ +- kop.crk_param[0].crp_p = (caddr_t)dgst; +- kop.crk_param[0].crp_nbits = dlen * 8; +- if (bn2crparam(dsa->p, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dsa->q, &kop.crk_param[2])) +- goto err; +- if (bn2crparam(dsa->g, &kop.crk_param[3])) +- goto err; +- if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) +- goto err; +- if (bn2crparam(sig->r, &kop.crk_param[5])) +- goto err; +- if (bn2crparam(sig->s, &kop.crk_param[6])) +- goto err; +- kop.crk_iparams = 7; +- +- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { +-/*OCF success value is 0, if not zero, change dsaret to fail*/ +- if(0 != kop.crk_status) dsaret = 0; +- } else { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- +- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); +- } +-err: +- kop.crk_param[0].crp_p = NULL; +- zapparams(&kop); +- return (dsaret); ++ struct crypt_kop kop; ++ int dsaret = 1; ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DSA_VERIFY; ++ ++ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ ++ kop.crk_param[0].crp_p = (caddr_t) dgst; ++ kop.crk_param[0].crp_nbits = dlen * 8; ++ if (bn2crparam(dsa->p, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(dsa->q, &kop.crk_param[2])) ++ goto err; ++ if (bn2crparam(dsa->g, &kop.crk_param[3])) ++ goto err; ++ if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) ++ goto err; ++ if (bn2crparam(sig->r, &kop.crk_param[5])) ++ goto err; ++ if (bn2crparam(sig->s, &kop.crk_param[6])) ++ goto err; ++ kop.crk_iparams = 7; ++ ++ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { ++ /* ++ * OCF success value is 0, if not zero, change dsaret to fail ++ */ ++ if (0 != kop.crk_status) ++ dsaret = 0; ++ } else { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa); ++ } ++ err: ++ kop.crk_param[0].crp_p = NULL; ++ zapparams(&kop); ++ return (dsaret); + } + + static DSA_METHOD cryptodev_dsa = { +- "cryptodev DSA method", +- NULL, +- NULL, /* dsa_sign_setup */ +- NULL, +- NULL, /* dsa_mod_exp */ +- NULL, +- NULL, /* init */ +- NULL, /* finish */ +- 0, /* flags */ +- NULL /* app_data */ ++ "cryptodev DSA method", ++ NULL, ++ NULL, /* dsa_sign_setup */ ++ NULL, ++ NULL, /* dsa_mod_exp */ ++ NULL, ++ NULL, /* init */ ++ NULL, /* finish */ ++ 0, /* flags */ ++ NULL /* app_data */ + }; + + static int + cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx) ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx) + { +- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); ++ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); + } + + static int + cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { +- struct crypt_kop kop; +- int dhret = 1; +- int fd, keylen; +- +- if ((fd = get_asym_dev_crypto()) < 0) { +- const DH_METHOD *meth = DH_OpenSSL(); +- +- return ((meth->compute_key)(key, pub_key, dh)); +- } +- +- keylen = BN_num_bits(dh->p); +- +- memset(&kop, 0, sizeof kop); +- kop.crk_op = CRK_DH_COMPUTE_KEY; +- +- /* inputs: dh->priv_key pub_key dh->p key */ +- if (bn2crparam(dh->priv_key, &kop.crk_param[0])) +- goto err; +- if (bn2crparam(pub_key, &kop.crk_param[1])) +- goto err; +- if (bn2crparam(dh->p, &kop.crk_param[2])) +- goto err; +- kop.crk_iparams = 3; +- +- kop.crk_param[3].crp_p = (char *)key; +- kop.crk_param[3].crp_nbits = keylen * 8; +- kop.crk_oparams = 1; +- +- if (ioctl(fd, CIOCKEY, &kop) == -1) { +- const DH_METHOD *meth = DH_OpenSSL(); +- +- dhret = (meth->compute_key)(key, pub_key, dh); +- } +-err: +- kop.crk_param[3].crp_p = NULL; +- zapparams(&kop); +- return (dhret); ++ struct crypt_kop kop; ++ int dhret = 1; ++ int fd, keylen; ++ ++ if ((fd = get_asym_dev_crypto()) < 0) { ++ const DH_METHOD *meth = DH_OpenSSL(); ++ ++ return ((meth->compute_key) (key, pub_key, dh)); ++ } ++ ++ keylen = BN_num_bits(dh->p); ++ ++ memset(&kop, 0, sizeof kop); ++ kop.crk_op = CRK_DH_COMPUTE_KEY; ++ ++ /* inputs: dh->priv_key pub_key dh->p key */ ++ if (bn2crparam(dh->priv_key, &kop.crk_param[0])) ++ goto err; ++ if (bn2crparam(pub_key, &kop.crk_param[1])) ++ goto err; ++ if (bn2crparam(dh->p, &kop.crk_param[2])) ++ goto err; ++ kop.crk_iparams = 3; ++ ++ kop.crk_param[3].crp_p = (char *)key; ++ kop.crk_param[3].crp_nbits = keylen * 8; ++ kop.crk_oparams = 1; ++ ++ if (ioctl(fd, CIOCKEY, &kop) == -1) { ++ const DH_METHOD *meth = DH_OpenSSL(); ++ ++ dhret = (meth->compute_key) (key, pub_key, dh); ++ } ++ err: ++ kop.crk_param[3].crp_p = NULL; ++ zapparams(&kop); ++ return (dhret); + } + + static DH_METHOD cryptodev_dh = { +- "cryptodev DH method", +- NULL, /* cryptodev_dh_generate_key */ +- NULL, +- NULL, +- NULL, +- NULL, +- 0, /* flags */ +- NULL /* app_data */ ++ "cryptodev DH method", ++ NULL, /* cryptodev_dh_generate_key */ ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ 0, /* flags */ ++ NULL /* app_data */ + }; + + /* + * ctrl right now is just a wrapper that doesn't do much + * but I expect we'll want some options soon. + */ +-static int +-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) ++static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ()) + { +-#ifdef HAVE_SYSLOG_R +- struct syslog_data sd = SYSLOG_DATA_INIT; +-#endif ++# ifdef HAVE_SYSLOG_R ++ struct syslog_data sd = SYSLOG_DATA_INIT; ++# endif + +- switch (cmd) { +- default: +-#ifdef HAVE_SYSLOG_R +- syslog_r(LOG_ERR, &sd, +- "cryptodev_ctrl: unknown command %d", cmd); +-#else +- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); +-#endif +- break; +- } +- return (1); ++ switch (cmd) { ++ default: ++# ifdef HAVE_SYSLOG_R ++ syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd); ++# else ++ syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd); ++# endif ++ break; ++ } ++ return (1); + } + +-void +-ENGINE_load_cryptodev(void) ++void ENGINE_load_cryptodev(void) + { +- ENGINE *engine = ENGINE_new(); +- int fd; +- +- if (engine == NULL) +- return; +- if ((fd = get_dev_crypto()) < 0) { +- ENGINE_free(engine); +- return; +- } +- +- /* +- * find out what asymmetric crypto algorithms we support +- */ +- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { +- close(fd); +- ENGINE_free(engine); +- return; +- } +- close(fd); +- +- if (!ENGINE_set_id(engine, "cryptodev") || +- !ENGINE_set_name(engine, "BSD cryptodev engine") || +- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || +- !ENGINE_set_digests(engine, cryptodev_engine_digests) || +- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || +- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { +- ENGINE_free(engine); +- return; +- } +- +- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { +- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); +- +- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; +- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; +- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; +- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; +- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; +- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) +- cryptodev_rsa.rsa_mod_exp = +- cryptodev_rsa_mod_exp; +- else +- cryptodev_rsa.rsa_mod_exp = +- cryptodev_rsa_nocrt_mod_exp; +- } +- } +- +- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { +- const DSA_METHOD *meth = DSA_OpenSSL(); +- +- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); +- if (cryptodev_asymfeat & CRF_DSA_SIGN) +- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; +- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; +- } +- if (cryptodev_asymfeat & CRF_DSA_VERIFY) +- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; +- } +- +- if (ENGINE_set_DH(engine, &cryptodev_dh)){ +- const DH_METHOD *dh_meth = DH_OpenSSL(); +- +- cryptodev_dh.generate_key = dh_meth->generate_key; +- cryptodev_dh.compute_key = dh_meth->compute_key; +- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; +- if (cryptodev_asymfeat & CRF_MOD_EXP) { +- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; +- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) +- cryptodev_dh.compute_key = +- cryptodev_dh_compute_key; +- } +- } +- +- ENGINE_add(engine); +- ENGINE_free(engine); +- ERR_clear_error(); ++ ENGINE *engine = ENGINE_new(); ++ int fd; ++ ++ if (engine == NULL) ++ return; ++ if ((fd = get_dev_crypto()) < 0) { ++ ENGINE_free(engine); ++ return; ++ } ++ ++ /* ++ * find out what asymmetric crypto algorithms we support ++ */ ++ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { ++ close(fd); ++ ENGINE_free(engine); ++ return; ++ } ++ close(fd); ++ ++ if (!ENGINE_set_id(engine, "cryptodev") || ++ !ENGINE_set_name(engine, "BSD cryptodev engine") || ++ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || ++ !ENGINE_set_digests(engine, cryptodev_engine_digests) || ++ !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || ++ !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { ++ ENGINE_free(engine); ++ return; ++ } ++ ++ if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { ++ const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); ++ ++ cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; ++ cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; ++ cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; ++ cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; ++ cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; ++ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; ++ if (cryptodev_asymfeat & CRF_MOD_EXP) { ++ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; ++ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) ++ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp; ++ else ++ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp; ++ } ++ } ++ ++ if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { ++ const DSA_METHOD *meth = DSA_OpenSSL(); ++ ++ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); ++ if (cryptodev_asymfeat & CRF_DSA_SIGN) ++ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; ++ if (cryptodev_asymfeat & CRF_MOD_EXP) { ++ cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; ++ cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; ++ } ++ if (cryptodev_asymfeat & CRF_DSA_VERIFY) ++ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; ++ } ++ ++ if (ENGINE_set_DH(engine, &cryptodev_dh)) { ++ const DH_METHOD *dh_meth = DH_OpenSSL(); ++ ++ cryptodev_dh.generate_key = dh_meth->generate_key; ++ cryptodev_dh.compute_key = dh_meth->compute_key; ++ cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; ++ if (cryptodev_asymfeat & CRF_MOD_EXP) { ++ cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; ++ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) ++ cryptodev_dh.compute_key = cryptodev_dh_compute_key; ++ } ++ } ++ ++ ENGINE_add(engine); ++ ENGINE_free(engine); ++ ERR_clear_error(); + } + +-#endif /* HAVE_CRYPTODEV */ ++#endif /* HAVE_CRYPTODEV */ +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c +index 5ce25d9..e6c0dfb 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -55,335 +55,331 @@ + + #include "eng_int.h" + +-/* When querying a ENGINE-specific control command's 'description', this string +- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ ++/* ++ * When querying a ENGINE-specific control command's 'description', this ++ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. ++ */ + static const char *int_no_description = ""; + +-/* These internal functions handle 'CMD'-related control commands when the ++/* ++ * These internal functions handle 'CMD'-related control commands when the + * ENGINE in question has asked us to take care of it (ie. the ENGINE did not +- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */ ++ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. ++ */ + + static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) +- { +- if((defn->cmd_num == 0) || (defn->cmd_name == NULL)) +- return 1; +- return 0; +- } ++{ ++ if ((defn->cmd_num == 0) || (defn->cmd_name == NULL)) ++ return 1; ++ return 0; ++} + + static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) +- { +- int idx = 0; +- while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) +- { +- idx++; +- defn++; +- } +- if(int_ctrl_cmd_is_null(defn)) +- /* The given name wasn't found */ +- return -1; +- return idx; +- } ++{ ++ int idx = 0; ++ while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) { ++ idx++; ++ defn++; ++ } ++ if (int_ctrl_cmd_is_null(defn)) ++ /* The given name wasn't found */ ++ return -1; ++ return idx; ++} + + static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) +- { +- int idx = 0; +- /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So +- * our searches don't need to take any longer than necessary. */ +- while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) +- { +- idx++; +- defn++; +- } +- if(defn->cmd_num == num) +- return idx; +- /* The given cmd_num wasn't found */ +- return -1; +- } ++{ ++ int idx = 0; ++ /* ++ * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So ++ * our searches don't need to take any longer than necessary. ++ */ ++ while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) { ++ idx++; ++ defn++; ++ } ++ if (defn->cmd_num == num) ++ return idx; ++ /* The given cmd_num wasn't found */ ++ return -1; ++} + + static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, +- void (*f)(void)) +- { +- int idx; +- char *s = (char *)p; +- /* Take care of the easy one first (eg. it requires no searches) */ +- if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) +- { +- if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) +- return 0; +- return e->cmd_defns->cmd_num; +- } +- /* One or two commands require that "p" be a valid string buffer */ +- if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || +- (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || +- (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) +- { +- if(s == NULL) +- { +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, +- ERR_R_PASSED_NULL_PARAMETER); +- return -1; +- } +- } +- /* Now handle cmd_name -> cmd_num conversion */ +- if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) +- { +- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name( +- e->cmd_defns, s)) < 0)) +- { +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, +- ENGINE_R_INVALID_CMD_NAME); +- return -1; +- } +- return e->cmd_defns[idx].cmd_num; +- } +- /* For the rest of the commands, the 'long' argument must specify a +- * valie command number - so we need to conduct a search. */ +- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, +- (unsigned int)i)) < 0)) +- { +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER, +- ENGINE_R_INVALID_CMD_NUMBER); +- return -1; +- } +- /* Now the logic splits depending on command type */ +- switch(cmd) +- { +- case ENGINE_CTRL_GET_NEXT_CMD_TYPE: +- idx++; +- if(int_ctrl_cmd_is_null(e->cmd_defns + idx)) +- /* end-of-list */ +- return 0; +- else +- return e->cmd_defns[idx].cmd_num; +- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: +- return strlen(e->cmd_defns[idx].cmd_name); +- case ENGINE_CTRL_GET_NAME_FROM_CMD: +- return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1, +- "%s", e->cmd_defns[idx].cmd_name); +- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: +- if(e->cmd_defns[idx].cmd_desc) +- return strlen(e->cmd_defns[idx].cmd_desc); +- return strlen(int_no_description); +- case ENGINE_CTRL_GET_DESC_FROM_CMD: +- if(e->cmd_defns[idx].cmd_desc) +- return BIO_snprintf(s, +- strlen(e->cmd_defns[idx].cmd_desc) + 1, +- "%s", e->cmd_defns[idx].cmd_desc); +- return BIO_snprintf(s, strlen(int_no_description) + 1,"%s", +- int_no_description); +- case ENGINE_CTRL_GET_CMD_FLAGS: +- return e->cmd_defns[idx].cmd_flags; +- } +- /* Shouldn't really be here ... */ +- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR); +- return -1; +- } ++ void (*f) (void)) ++{ ++ int idx; ++ char *s = (char *)p; ++ /* Take care of the easy one first (eg. it requires no searches) */ ++ if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { ++ if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) ++ return 0; ++ return e->cmd_defns->cmd_num; ++ } ++ /* One or two commands require that "p" be a valid string buffer */ ++ if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || ++ (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || ++ (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { ++ if (s == NULL) { ++ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ } ++ /* Now handle cmd_name -> cmd_num conversion */ ++ if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) { ++ if ((e->cmd_defns == NULL) ++ || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) { ++ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME); ++ return -1; ++ } ++ return e->cmd_defns[idx].cmd_num; ++ } ++ /* ++ * For the rest of the commands, the 'long' argument must specify a valie ++ * command number - so we need to conduct a search. ++ */ ++ if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, ++ (unsigned int) ++ i)) < 0)) { ++ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER); ++ return -1; ++ } ++ /* Now the logic splits depending on command type */ ++ switch (cmd) { ++ case ENGINE_CTRL_GET_NEXT_CMD_TYPE: ++ idx++; ++ if (int_ctrl_cmd_is_null(e->cmd_defns + idx)) ++ /* end-of-list */ ++ return 0; ++ else ++ return e->cmd_defns[idx].cmd_num; ++ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: ++ return strlen(e->cmd_defns[idx].cmd_name); ++ case ENGINE_CTRL_GET_NAME_FROM_CMD: ++ return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1, ++ "%s", e->cmd_defns[idx].cmd_name); ++ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: ++ if (e->cmd_defns[idx].cmd_desc) ++ return strlen(e->cmd_defns[idx].cmd_desc); ++ return strlen(int_no_description); ++ case ENGINE_CTRL_GET_DESC_FROM_CMD: ++ if (e->cmd_defns[idx].cmd_desc) ++ return BIO_snprintf(s, ++ strlen(e->cmd_defns[idx].cmd_desc) + 1, ++ "%s", e->cmd_defns[idx].cmd_desc); ++ return BIO_snprintf(s, strlen(int_no_description) + 1, "%s", ++ int_no_description); ++ case ENGINE_CTRL_GET_CMD_FLAGS: ++ return e->cmd_defns[idx].cmd_flags; ++ } ++ /* Shouldn't really be here ... */ ++ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR); ++ return -1; ++} + +-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) +- { +- int ctrl_exists, ref_exists; +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ref_exists = ((e->struct_ref > 0) ? 1 : 0); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); +- if(!ref_exists) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); +- return 0; +- } +- /* Intercept any "root-level" commands before trying to hand them on to +- * ctrl() handlers. */ +- switch(cmd) +- { +- case ENGINE_CTRL_HAS_CTRL_FUNCTION: +- return ctrl_exists; +- case ENGINE_CTRL_GET_FIRST_CMD_TYPE: +- case ENGINE_CTRL_GET_NEXT_CMD_TYPE: +- case ENGINE_CTRL_GET_CMD_FROM_NAME: +- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: +- case ENGINE_CTRL_GET_NAME_FROM_CMD: +- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: +- case ENGINE_CTRL_GET_DESC_FROM_CMD: +- case ENGINE_CTRL_GET_CMD_FLAGS: +- if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) +- return int_ctrl_helper(e,cmd,i,p,f); +- if(!ctrl_exists) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); +- /* For these cmd-related functions, failure is indicated +- * by a -1 return value (because 0 is used as a valid +- * return in some places). */ +- return -1; +- } +- default: +- break; +- } +- /* Anything else requires a ctrl() handler to exist. */ +- if(!ctrl_exists) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); +- return 0; +- } +- return e->ctrl(e, cmd, i, p, f); +- } ++int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) ++{ ++ int ctrl_exists, ref_exists; ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ ref_exists = ((e->struct_ref > 0) ? 1 : 0); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); ++ if (!ref_exists) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE); ++ return 0; ++ } ++ /* ++ * Intercept any "root-level" commands before trying to hand them on to ++ * ctrl() handlers. ++ */ ++ switch (cmd) { ++ case ENGINE_CTRL_HAS_CTRL_FUNCTION: ++ return ctrl_exists; ++ case ENGINE_CTRL_GET_FIRST_CMD_TYPE: ++ case ENGINE_CTRL_GET_NEXT_CMD_TYPE: ++ case ENGINE_CTRL_GET_CMD_FROM_NAME: ++ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: ++ case ENGINE_CTRL_GET_NAME_FROM_CMD: ++ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: ++ case ENGINE_CTRL_GET_DESC_FROM_CMD: ++ case ENGINE_CTRL_GET_CMD_FLAGS: ++ if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) ++ return int_ctrl_helper(e, cmd, i, p, f); ++ if (!ctrl_exists) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); ++ /* ++ * For these cmd-related functions, failure is indicated by a -1 ++ * return value (because 0 is used as a valid return in some ++ * places). ++ */ ++ return -1; ++ } ++ default: ++ break; ++ } ++ /* Anything else requires a ctrl() handler to exist. */ ++ if (!ctrl_exists) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION); ++ return 0; ++ } ++ return e->ctrl(e, cmd, i, p, f); ++} + + int ENGINE_cmd_is_executable(ENGINE *e, int cmd) +- { +- int flags; +- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) +- { +- ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, +- ENGINE_R_INVALID_CMD_NUMBER); +- return 0; +- } +- if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) && +- !(flags & ENGINE_CMD_FLAG_NUMERIC) && +- !(flags & ENGINE_CMD_FLAG_STRING)) +- return 0; +- return 1; +- } ++{ ++ int flags; ++ if ((flags = ++ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { ++ ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, ++ ENGINE_R_INVALID_CMD_NUMBER); ++ return 0; ++ } ++ if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && ++ !(flags & ENGINE_CMD_FLAG_NUMERIC) && ++ !(flags & ENGINE_CMD_FLAG_STRING)) ++ return 0; ++ return 1; ++} + + int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +- long i, void *p, void (*f)(void), int cmd_optional) +- { +- int num; ++ long i, void *p, void (*f) (void), int cmd_optional) ++{ ++ int num; + +- if((e == NULL) || (cmd_name == NULL)) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, +- ENGINE_CTRL_GET_CMD_FROM_NAME, +- 0, (void *)cmd_name, NULL)) <= 0)) +- { +- /* If the command didn't *have* to be supported, we fake +- * success. This allows certain settings to be specified for +- * multiple ENGINEs and only require a change of ENGINE id +- * (without having to selectively apply settings). Eg. changing +- * from a hardware device back to the regular software ENGINE +- * without editing the config file, etc. */ +- if(cmd_optional) +- { +- ERR_clear_error(); +- return 1; +- } +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, +- ENGINE_R_INVALID_CMD_NAME); +- return 0; +- } +- /* Force the result of the control command to 0 or 1, for the reasons +- * mentioned before. */ +- if (ENGINE_ctrl(e, num, i, p, f) > 0) +- return 1; ++ if ((e == NULL) || (cmd_name == NULL)) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER); + return 0; ++ } ++ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, ++ ENGINE_CTRL_GET_CMD_FROM_NAME, ++ 0, (void *)cmd_name, ++ NULL)) <= 0)) { ++ /* ++ * If the command didn't *have* to be supported, we fake success. ++ * This allows certain settings to be specified for multiple ENGINEs ++ * and only require a change of ENGINE id (without having to ++ * selectively apply settings). Eg. changing from a hardware device ++ * back to the regular software ENGINE without editing the config ++ * file, etc. ++ */ ++ if (cmd_optional) { ++ ERR_clear_error(); ++ return 1; + } ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME); ++ return 0; ++ } ++ /* ++ * Force the result of the control command to 0 or 1, for the reasons ++ * mentioned before. ++ */ ++ if (ENGINE_ctrl(e, num, i, p, f) > 0) ++ return 1; ++ return 0; ++} + + int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +- int cmd_optional) +- { +- int num, flags; +- long l; +- char *ptr; +- if((e == NULL) || (cmd_name == NULL)) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, +- ENGINE_CTRL_GET_CMD_FROM_NAME, +- 0, (void *)cmd_name, NULL)) <= 0)) +- { +- /* If the command didn't *have* to be supported, we fake +- * success. This allows certain settings to be specified for +- * multiple ENGINEs and only require a change of ENGINE id +- * (without having to selectively apply settings). Eg. changing +- * from a hardware device back to the regular software ENGINE +- * without editing the config file, etc. */ +- if(cmd_optional) +- { +- ERR_clear_error(); +- return 1; +- } +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_INVALID_CMD_NAME); +- return 0; +- } +- if(!ENGINE_cmd_is_executable(e, num)) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_CMD_NOT_EXECUTABLE); +- return 0; +- } +- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) +- { +- /* Shouldn't happen, given that ENGINE_cmd_is_executable() +- * returned success. */ +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- /* If the command takes no input, there must be no input. And vice +- * versa. */ +- if(flags & ENGINE_CMD_FLAG_NO_INPUT) +- { +- if(arg != NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_COMMAND_TAKES_NO_INPUT); +- return 0; +- } +- /* We deliberately force the result of ENGINE_ctrl() to 0 or 1 +- * rather than returning it as "return data". This is to ensure +- * usage of these commands is consistent across applications and +- * that certain applications don't understand it one way, and +- * others another. */ +- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) +- return 1; +- return 0; +- } +- /* So, we require input */ +- if(arg == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_COMMAND_TAKES_INPUT); +- return 0; +- } +- /* If it takes string input, that's easy */ +- if(flags & ENGINE_CMD_FLAG_STRING) +- { +- /* Same explanation as above */ +- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) +- return 1; +- return 0; +- } +- /* If it doesn't take numeric either, then it is unsupported for use in +- * a config-setting situation, which is what this function is for. This +- * should never happen though, because ENGINE_cmd_is_executable() was +- * used. */ +- if(!(flags & ENGINE_CMD_FLAG_NUMERIC)) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- l = strtol(arg, &ptr, 10); +- if((arg == ptr) || (*ptr != '\0')) +- { +- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, +- ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); +- return 0; +- } +- /* Force the result of the control command to 0 or 1, for the reasons +- * mentioned before. */ +- if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0) +- return 1; +- return 0; +- } ++ int cmd_optional) ++{ ++ int num, flags; ++ long l; ++ char *ptr; ++ if ((e == NULL) || (cmd_name == NULL)) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, ++ ENGINE_CTRL_GET_CMD_FROM_NAME, ++ 0, (void *)cmd_name, ++ NULL)) <= 0)) { ++ /* ++ * If the command didn't *have* to be supported, we fake success. ++ * This allows certain settings to be specified for multiple ENGINEs ++ * and only require a change of ENGINE id (without having to ++ * selectively apply settings). Eg. changing from a hardware device ++ * back to the regular software ENGINE without editing the config ++ * file, etc. ++ */ ++ if (cmd_optional) { ++ ERR_clear_error(); ++ return 1; ++ } ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME); ++ return 0; ++ } ++ if (!ENGINE_cmd_is_executable(e, num)) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ENGINE_R_CMD_NOT_EXECUTABLE); ++ return 0; ++ } ++ if ((flags = ++ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) { ++ /* ++ * Shouldn't happen, given that ENGINE_cmd_is_executable() returned ++ * success. ++ */ ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ENGINE_R_INTERNAL_LIST_ERROR); ++ return 0; ++ } ++ /* ++ * If the command takes no input, there must be no input. And vice versa. ++ */ ++ if (flags & ENGINE_CMD_FLAG_NO_INPUT) { ++ if (arg != NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ENGINE_R_COMMAND_TAKES_NO_INPUT); ++ return 0; ++ } ++ /* ++ * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather ++ * than returning it as "return data". This is to ensure usage of ++ * these commands is consistent across applications and that certain ++ * applications don't understand it one way, and others another. ++ */ ++ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) ++ return 1; ++ return 0; ++ } ++ /* So, we require input */ ++ if (arg == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ENGINE_R_COMMAND_TAKES_INPUT); ++ return 0; ++ } ++ /* If it takes string input, that's easy */ ++ if (flags & ENGINE_CMD_FLAG_STRING) { ++ /* Same explanation as above */ ++ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) ++ return 1; ++ return 0; ++ } ++ /* ++ * If it doesn't take numeric either, then it is unsupported for use in a ++ * config-setting situation, which is what this function is for. This ++ * should never happen though, because ENGINE_cmd_is_executable() was ++ * used. ++ */ ++ if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ENGINE_R_INTERNAL_LIST_ERROR); ++ return 0; ++ } ++ l = strtol(arg, &ptr, 10); ++ if ((arg == ptr) || (*ptr != '\0')) { ++ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ++ ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); ++ return 0; ++ } ++ /* ++ * Force the result of the control command to 0 or 1, for the reasons ++ * mentioned before. ++ */ ++ if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0) ++ return 1; ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c +index acb30c3..ac9d7eb 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c +@@ -1,6 +1,7 @@ + /* crypto/engine/eng_dyn.c */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2001. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,493 +57,516 @@ + * + */ + +- + #include "eng_int.h" + #include + +-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader +- * should implement the hook-up functions with the following prototypes. */ ++/* ++ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE ++ * loader should implement the hook-up functions with the following ++ * prototypes. ++ */ + + /* Our ENGINE handlers */ + static int dynamic_init(ENGINE *e); + static int dynamic_finish(ENGINE *e); +-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); ++static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, ++ void (*f) (void)); + /* Predeclare our context type */ + typedef struct st_dynamic_data_ctx dynamic_data_ctx; + /* The implementation for the important control command */ + static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); + +-#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE +-#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) +-#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) +-#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) +-#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) +-#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) +-#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) ++#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE ++#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) ++#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) ++#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) ++#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) ++#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) ++#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) + + /* The constants used when creating the ENGINE */ + static const char *engine_dynamic_id = "dynamic"; + static const char *engine_dynamic_name = "Dynamic engine loading support"; + static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { +- {DYNAMIC_CMD_SO_PATH, +- "SO_PATH", +- "Specifies the path to the new ENGINE shared library", +- ENGINE_CMD_FLAG_STRING}, +- {DYNAMIC_CMD_NO_VCHECK, +- "NO_VCHECK", +- "Specifies to continue even if version checking fails (boolean)", +- ENGINE_CMD_FLAG_NUMERIC}, +- {DYNAMIC_CMD_ID, +- "ID", +- "Specifies an ENGINE id name for loading", +- ENGINE_CMD_FLAG_STRING}, +- {DYNAMIC_CMD_LIST_ADD, +- "LIST_ADD", +- "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", +- ENGINE_CMD_FLAG_NUMERIC}, +- {DYNAMIC_CMD_DIR_LOAD, +- "DIR_LOAD", +- "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", +- ENGINE_CMD_FLAG_NUMERIC}, +- {DYNAMIC_CMD_DIR_ADD, +- "DIR_ADD", +- "Adds a directory from which ENGINEs can be loaded", +- ENGINE_CMD_FLAG_STRING}, +- {DYNAMIC_CMD_LOAD, +- "LOAD", +- "Load up the ENGINE specified by other settings", +- ENGINE_CMD_FLAG_NO_INPUT}, +- {0, NULL, NULL, 0} +- }; ++ {DYNAMIC_CMD_SO_PATH, ++ "SO_PATH", ++ "Specifies the path to the new ENGINE shared library", ++ ENGINE_CMD_FLAG_STRING}, ++ {DYNAMIC_CMD_NO_VCHECK, ++ "NO_VCHECK", ++ "Specifies to continue even if version checking fails (boolean)", ++ ENGINE_CMD_FLAG_NUMERIC}, ++ {DYNAMIC_CMD_ID, ++ "ID", ++ "Specifies an ENGINE id name for loading", ++ ENGINE_CMD_FLAG_STRING}, ++ {DYNAMIC_CMD_LIST_ADD, ++ "LIST_ADD", ++ "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", ++ ENGINE_CMD_FLAG_NUMERIC}, ++ {DYNAMIC_CMD_DIR_LOAD, ++ "DIR_LOAD", ++ "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", ++ ENGINE_CMD_FLAG_NUMERIC}, ++ {DYNAMIC_CMD_DIR_ADD, ++ "DIR_ADD", ++ "Adds a directory from which ENGINEs can be loaded", ++ ENGINE_CMD_FLAG_STRING}, ++ {DYNAMIC_CMD_LOAD, ++ "LOAD", ++ "Load up the ENGINE specified by other settings", ++ ENGINE_CMD_FLAG_NO_INPUT}, ++ {0, NULL, NULL, 0} ++}; ++ + static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = { +- {0, NULL, NULL, 0} +- }; ++ {0, NULL, NULL, 0} ++}; + +-/* Loading code stores state inside the ENGINE structure via the "ex_data" ++/* ++ * Loading code stores state inside the ENGINE structure via the "ex_data" + * element. We load all our state into a single structure and use that as a +- * single context in the "ex_data" stack. */ +-struct st_dynamic_data_ctx +- { +- /* The DSO object we load that supplies the ENGINE code */ +- DSO *dynamic_dso; +- /* The function pointer to the version checking shared library function */ +- dynamic_v_check_fn v_check; +- /* The function pointer to the engine-binding shared library function */ +- dynamic_bind_engine bind_engine; +- /* The default name/path for loading the shared library */ +- const char *DYNAMIC_LIBNAME; +- /* Whether to continue loading on a version check failure */ +- int no_vcheck; +- /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ +- const char *engine_id; +- /* If non-zero, a successfully loaded ENGINE should be added to the internal +- * ENGINE list. If 2, the add must succeed or the entire load should fail. */ +- int list_add_value; +- /* The symbol name for the version checking function */ +- const char *DYNAMIC_F1; +- /* The symbol name for the "initialise ENGINE structure" function */ +- const char *DYNAMIC_F2; +- /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use +- * 'dirs' for loading. Default is to use 'dirs' as a fallback. */ +- int dir_load; +- /* A stack of directories from which ENGINEs could be loaded */ +- STACK *dirs; +- }; ++ * single context in the "ex_data" stack. ++ */ ++struct st_dynamic_data_ctx { ++ /* The DSO object we load that supplies the ENGINE code */ ++ DSO *dynamic_dso; ++ /* ++ * The function pointer to the version checking shared library function ++ */ ++ dynamic_v_check_fn v_check; ++ /* ++ * The function pointer to the engine-binding shared library function ++ */ ++ dynamic_bind_engine bind_engine; ++ /* The default name/path for loading the shared library */ ++ const char *DYNAMIC_LIBNAME; ++ /* Whether to continue loading on a version check failure */ ++ int no_vcheck; ++ /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ ++ const char *engine_id; ++ /* ++ * If non-zero, a successfully loaded ENGINE should be added to the ++ * internal ENGINE list. If 2, the add must succeed or the entire load ++ * should fail. ++ */ ++ int list_add_value; ++ /* The symbol name for the version checking function */ ++ const char *DYNAMIC_F1; ++ /* The symbol name for the "initialise ENGINE structure" function */ ++ const char *DYNAMIC_F2; ++ /* ++ * Whether to never use 'dirs', use 'dirs' as a fallback, or only use ++ * 'dirs' for loading. Default is to use 'dirs' as a fallback. ++ */ ++ int dir_load; ++ /* A stack of directories from which ENGINEs could be loaded */ ++ STACK *dirs; ++}; + +-/* This is the "ex_data" index we obtain and reserve for use with our context +- * structure. */ ++/* ++ * This is the "ex_data" index we obtain and reserve for use with our context ++ * structure. ++ */ + static int dynamic_ex_data_idx = -1; + +-static void int_free_str(void *s) { OPENSSL_free(s); } +-/* Because our ex_data element may or may not get allocated depending on whether +- * a "first-use" occurs before the ENGINE is freed, we have a memory leak +- * problem to solve. We can't declare a "new" handler for the ex_data as we +- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this +- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free" +- * handler and that will get called if an ENGINE is being destroyed and there +- * was an ex_data element corresponding to our context type. */ ++static void int_free_str(void *s) ++{ ++ OPENSSL_free(s); ++} ++ ++/* ++ * Because our ex_data element may or may not get allocated depending on ++ * whether a "first-use" occurs before the ENGINE is freed, we have a memory ++ * leak problem to solve. We can't declare a "new" handler for the ex_data as ++ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types ++ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare ++ * a "free" handler and that will get called if an ENGINE is being destroyed ++ * and there was an ex_data element corresponding to our context type. ++ */ + static void dynamic_data_ctx_free_func(void *parent, void *ptr, +- CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) +- { +- if(ptr) +- { +- dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; +- if(ctx->dynamic_dso) +- DSO_free(ctx->dynamic_dso); +- if(ctx->DYNAMIC_LIBNAME) +- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); +- if(ctx->engine_id) +- OPENSSL_free((void*)ctx->engine_id); +- if(ctx->dirs) +- sk_pop_free(ctx->dirs, int_free_str); +- OPENSSL_free(ctx); +- } +- } ++ CRYPTO_EX_DATA *ad, int idx, long argl, ++ void *argp) ++{ ++ if (ptr) { ++ dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; ++ if (ctx->dynamic_dso) ++ DSO_free(ctx->dynamic_dso); ++ if (ctx->DYNAMIC_LIBNAME) ++ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); ++ if (ctx->engine_id) ++ OPENSSL_free((void *)ctx->engine_id); ++ if (ctx->dirs) ++ sk_pop_free(ctx->dirs, int_free_str); ++ OPENSSL_free(ctx); ++ } ++} + +-/* Construct the per-ENGINE context. We create it blindly and then use a lock to +- * check for a race - if so, all but one of the threads "racing" will have ++/* ++ * Construct the per-ENGINE context. We create it blindly and then use a lock ++ * to check for a race - if so, all but one of the threads "racing" will have + * wasted their time. The alternative involves creating everything inside the +- * lock which is far worse. */ ++ * lock which is far worse. ++ */ + static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) +- { +- dynamic_data_ctx *c; +- c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); +- if(!c) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- memset(c, 0, sizeof(dynamic_data_ctx)); +- c->dynamic_dso = NULL; +- c->v_check = NULL; +- c->bind_engine = NULL; +- c->DYNAMIC_LIBNAME = NULL; +- c->no_vcheck = 0; +- c->engine_id = NULL; +- c->list_add_value = 0; +- c->DYNAMIC_F1 = "v_check"; +- c->DYNAMIC_F2 = "bind_engine"; +- c->dir_load = 1; +- c->dirs = sk_new_null(); +- if(!c->dirs) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); +- OPENSSL_free(c); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, +- dynamic_ex_data_idx)) == NULL) +- { +- /* Good, we're the first */ +- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); +- *ctx = c; +- c = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* If we lost the race to set the context, c is non-NULL and *ctx is the +- * context of the thread that won. */ +- if(c) +- OPENSSL_free(c); +- return 1; +- } ++{ ++ dynamic_data_ctx *c; ++ c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); ++ if (!c) { ++ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ memset(c, 0, sizeof(dynamic_data_ctx)); ++ c->dynamic_dso = NULL; ++ c->v_check = NULL; ++ c->bind_engine = NULL; ++ c->DYNAMIC_LIBNAME = NULL; ++ c->no_vcheck = 0; ++ c->engine_id = NULL; ++ c->list_add_value = 0; ++ c->DYNAMIC_F1 = "v_check"; ++ c->DYNAMIC_F2 = "bind_engine"; ++ c->dir_load = 1; ++ c->dirs = sk_new_null(); ++ if (!c->dirs) { ++ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(c); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, ++ dynamic_ex_data_idx)) ++ == NULL) { ++ /* Good, we're the first */ ++ ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); ++ *ctx = c; ++ c = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ /* ++ * If we lost the race to set the context, c is non-NULL and *ctx is the ++ * context of the thread that won. ++ */ ++ if (c) ++ OPENSSL_free(c); ++ return 1; ++} + +-/* This function retrieves the context structure from an ENGINE's "ex_data", or +- * if it doesn't exist yet, sets it up. */ ++/* ++ * This function retrieves the context structure from an ENGINE's "ex_data", ++ * or if it doesn't exist yet, sets it up. ++ */ + static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) +- { +- dynamic_data_ctx *ctx; +- if(dynamic_ex_data_idx < 0) +- { +- /* Create and register the ENGINE ex_data, and associate our +- * "free" function with it to ensure any allocated contexts get +- * freed when an ENGINE goes underground. */ +- int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, +- dynamic_data_ctx_free_func); +- if(new_idx == -1) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX); +- return NULL; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- /* Avoid a race by checking again inside this lock */ +- if(dynamic_ex_data_idx < 0) +- { +- /* Good, someone didn't beat us to it */ +- dynamic_ex_data_idx = new_idx; +- new_idx = -1; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* In theory we could "give back" the index here if +- * (new_idx>-1), but it's not possible and wouldn't gain us much +- * if it were. */ +- } +- ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); +- /* Check if the context needs to be created */ +- if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) +- /* "set_data" will set errors if necessary */ +- return NULL; +- return ctx; +- } ++{ ++ dynamic_data_ctx *ctx; ++ if (dynamic_ex_data_idx < 0) { ++ /* ++ * Create and register the ENGINE ex_data, and associate our "free" ++ * function with it to ensure any allocated contexts get freed when ++ * an ENGINE goes underground. ++ */ ++ int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, ++ dynamic_data_ctx_free_func); ++ if (new_idx == -1) { ++ ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX); ++ return NULL; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ /* Avoid a race by checking again inside this lock */ ++ if (dynamic_ex_data_idx < 0) { ++ /* Good, someone didn't beat us to it */ ++ dynamic_ex_data_idx = new_idx; ++ new_idx = -1; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ /* ++ * In theory we could "give back" the index here if (new_idx>-1), but ++ * it's not possible and wouldn't gain us much if it were. ++ */ ++ } ++ ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); ++ /* Check if the context needs to be created */ ++ if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) ++ /* "set_data" will set errors if necessary */ ++ return NULL; ++ return ctx; ++} + + static ENGINE *engine_dynamic(void) +- { +- ENGINE *ret = ENGINE_new(); +- if(!ret) +- return NULL; +- if(!ENGINE_set_id(ret, engine_dynamic_id) || +- !ENGINE_set_name(ret, engine_dynamic_name) || +- !ENGINE_set_init_function(ret, dynamic_init) || +- !ENGINE_set_finish_function(ret, dynamic_finish) || +- !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || +- !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || +- !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) +- { +- ENGINE_free(ret); +- return NULL; +- } +- return ret; +- } ++{ ++ ENGINE *ret = ENGINE_new(); ++ if (!ret) ++ return NULL; ++ if (!ENGINE_set_id(ret, engine_dynamic_id) || ++ !ENGINE_set_name(ret, engine_dynamic_name) || ++ !ENGINE_set_init_function(ret, dynamic_init) || ++ !ENGINE_set_finish_function(ret, dynamic_finish) || ++ !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || ++ !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || ++ !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { ++ ENGINE_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + void ENGINE_load_dynamic(void) +- { +- ENGINE *toadd = engine_dynamic(); +- if(!toadd) return; +- ENGINE_add(toadd); +- /* If the "add" worked, it gets a structural reference. So either way, +- * we release our just-created reference. */ +- ENGINE_free(toadd); +- /* If the "add" didn't work, it was probably a conflict because it was +- * already added (eg. someone calling ENGINE_load_blah then calling +- * ENGINE_load_builtin_engines() perhaps). */ +- ERR_clear_error(); +- } ++{ ++ ENGINE *toadd = engine_dynamic(); ++ if (!toadd) ++ return; ++ ENGINE_add(toadd); ++ /* ++ * If the "add" worked, it gets a structural reference. So either way, we ++ * release our just-created reference. ++ */ ++ ENGINE_free(toadd); ++ /* ++ * If the "add" didn't work, it was probably a conflict because it was ++ * already added (eg. someone calling ENGINE_load_blah then calling ++ * ENGINE_load_builtin_engines() perhaps). ++ */ ++ ERR_clear_error(); ++} + + static int dynamic_init(ENGINE *e) +- { +- /* We always return failure - the "dyanamic" engine itself can't be used +- * for anything. */ +- return 0; +- } ++{ ++ /* ++ * We always return failure - the "dyanamic" engine itself can't be used ++ * for anything. ++ */ ++ return 0; ++} + + static int dynamic_finish(ENGINE *e) +- { +- /* This should never be called on account of "dynamic_init" always +- * failing. */ +- return 0; +- } ++{ ++ /* ++ * This should never be called on account of "dynamic_init" always ++ * failing. ++ */ ++ return 0; ++} ++ ++static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) ++{ ++ dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); ++ int initialised; + +-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) +- { +- dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); +- int initialised; +- +- if(!ctx) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED); +- return 0; +- } +- initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); +- /* All our control commands require the ENGINE to be uninitialised */ +- if(initialised) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, +- ENGINE_R_ALREADY_LOADED); +- return 0; +- } +- switch(cmd) +- { +- case DYNAMIC_CMD_SO_PATH: +- /* a NULL 'p' or a string of zero-length is the same thing */ +- if(p && (strlen((const char *)p) < 1)) +- p = NULL; +- if(ctx->DYNAMIC_LIBNAME) +- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME); +- if(p) +- ctx->DYNAMIC_LIBNAME = BUF_strdup(p); +- else +- ctx->DYNAMIC_LIBNAME = NULL; +- return (ctx->DYNAMIC_LIBNAME ? 1 : 0); +- case DYNAMIC_CMD_NO_VCHECK: +- ctx->no_vcheck = ((i == 0) ? 0 : 1); +- return 1; +- case DYNAMIC_CMD_ID: +- /* a NULL 'p' or a string of zero-length is the same thing */ +- if(p && (strlen((const char *)p) < 1)) +- p = NULL; +- if(ctx->engine_id) +- OPENSSL_free((void*)ctx->engine_id); +- if(p) +- ctx->engine_id = BUF_strdup(p); +- else +- ctx->engine_id = NULL; +- return (ctx->engine_id ? 1 : 0); +- case DYNAMIC_CMD_LIST_ADD: +- if((i < 0) || (i > 2)) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, +- ENGINE_R_INVALID_ARGUMENT); +- return 0; +- } +- ctx->list_add_value = (int)i; +- return 1; +- case DYNAMIC_CMD_LOAD: +- return dynamic_load(e, ctx); +- case DYNAMIC_CMD_DIR_LOAD: +- if((i < 0) || (i > 2)) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, +- ENGINE_R_INVALID_ARGUMENT); +- return 0; +- } +- ctx->dir_load = (int)i; +- return 1; +- case DYNAMIC_CMD_DIR_ADD: +- /* a NULL 'p' or a string of zero-length is the same thing */ +- if(!p || (strlen((const char *)p) < 1)) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, +- ENGINE_R_INVALID_ARGUMENT); +- return 0; +- } +- { +- char *tmp_str = BUF_strdup(p); +- if(!tmp_str) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- sk_insert(ctx->dirs, tmp_str, -1); +- } +- return 1; +- default: +- break; +- } +- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); +- return 0; +- } ++ if (!ctx) { ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED); ++ return 0; ++ } ++ initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); ++ /* All our control commands require the ENGINE to be uninitialised */ ++ if (initialised) { ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED); ++ return 0; ++ } ++ switch (cmd) { ++ case DYNAMIC_CMD_SO_PATH: ++ /* a NULL 'p' or a string of zero-length is the same thing */ ++ if (p && (strlen((const char *)p) < 1)) ++ p = NULL; ++ if (ctx->DYNAMIC_LIBNAME) ++ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); ++ if (p) ++ ctx->DYNAMIC_LIBNAME = BUF_strdup(p); ++ else ++ ctx->DYNAMIC_LIBNAME = NULL; ++ return (ctx->DYNAMIC_LIBNAME ? 1 : 0); ++ case DYNAMIC_CMD_NO_VCHECK: ++ ctx->no_vcheck = ((i == 0) ? 0 : 1); ++ return 1; ++ case DYNAMIC_CMD_ID: ++ /* a NULL 'p' or a string of zero-length is the same thing */ ++ if (p && (strlen((const char *)p) < 1)) ++ p = NULL; ++ if (ctx->engine_id) ++ OPENSSL_free((void *)ctx->engine_id); ++ if (p) ++ ctx->engine_id = BUF_strdup(p); ++ else ++ ctx->engine_id = NULL; ++ return (ctx->engine_id ? 1 : 0); ++ case DYNAMIC_CMD_LIST_ADD: ++ if ((i < 0) || (i > 2)) { ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); ++ return 0; ++ } ++ ctx->list_add_value = (int)i; ++ return 1; ++ case DYNAMIC_CMD_LOAD: ++ return dynamic_load(e, ctx); ++ case DYNAMIC_CMD_DIR_LOAD: ++ if ((i < 0) || (i > 2)) { ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); ++ return 0; ++ } ++ ctx->dir_load = (int)i; ++ return 1; ++ case DYNAMIC_CMD_DIR_ADD: ++ /* a NULL 'p' or a string of zero-length is the same thing */ ++ if (!p || (strlen((const char *)p) < 1)) { ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT); ++ return 0; ++ } ++ { ++ char *tmp_str = BUF_strdup(p); ++ if (!tmp_str) { ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ sk_insert(ctx->dirs, tmp_str, -1); ++ } ++ return 1; ++ default: ++ break; ++ } ++ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); ++ return 0; ++} + + static int int_load(dynamic_data_ctx *ctx) +- { +- int num, loop; +- /* Unless told not to, try a direct load */ +- if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, +- ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL) +- return 1; +- /* If we're not allowed to use 'dirs' or we have none, fail */ +- if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) +- return 0; +- for(loop = 0; loop < num; loop++) +- { +- const char *s = sk_value(ctx->dirs, loop); +- char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); +- if(!merge) +- return 0; +- if(DSO_load(ctx->dynamic_dso, merge, NULL, 0)) +- { +- /* Found what we're looking for */ +- OPENSSL_free(merge); +- return 1; +- } +- OPENSSL_free(merge); +- } +- return 0; +- } ++{ ++ int num, loop; ++ /* Unless told not to, try a direct load */ ++ if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, ++ ctx->DYNAMIC_LIBNAME, NULL, ++ 0)) != NULL) ++ return 1; ++ /* If we're not allowed to use 'dirs' or we have none, fail */ ++ if (!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1)) ++ return 0; ++ for (loop = 0; loop < num; loop++) { ++ const char *s = sk_value(ctx->dirs, loop); ++ char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); ++ if (!merge) ++ return 0; ++ if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) { ++ /* Found what we're looking for */ ++ OPENSSL_free(merge); ++ return 1; ++ } ++ OPENSSL_free(merge); ++ } ++ return 0; ++} + + static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) +- { +- ENGINE cpy; +- dynamic_fns fns; ++{ ++ ENGINE cpy; ++ dynamic_fns fns; + +- if(!ctx->dynamic_dso) +- ctx->dynamic_dso = DSO_new(); +- if(!ctx->DYNAMIC_LIBNAME) +- { +- if(!ctx->engine_id) +- return 0; +- ctx->DYNAMIC_LIBNAME = +- DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); +- } +- if(!int_load(ctx)) +- { +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, +- ENGINE_R_DSO_NOT_FOUND); +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- return 0; +- } +- /* We have to find a bind function otherwise it'll always end badly */ +- if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func( +- ctx->dynamic_dso, ctx->DYNAMIC_F2))) +- { +- ctx->bind_engine = NULL; +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, +- ENGINE_R_DSO_FAILURE); +- return 0; +- } +- /* Do we perform version checking? */ +- if(!ctx->no_vcheck) +- { +- unsigned long vcheck_res = 0; +- /* Now we try to find a version checking function and decide how +- * to cope with failure if/when it fails. */ +- ctx->v_check = (dynamic_v_check_fn)DSO_bind_func( +- ctx->dynamic_dso, ctx->DYNAMIC_F1); +- if(ctx->v_check) +- vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); +- /* We fail if the version checker veto'd the load *or* if it is +- * deferring to us (by returning its version) and we think it is +- * too old. */ +- if(vcheck_res < OSSL_DYNAMIC_OLDEST) +- { +- /* Fail */ +- ctx->bind_engine = NULL; +- ctx->v_check = NULL; +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, +- ENGINE_R_VERSION_INCOMPATIBILITY); +- return 0; +- } +- } +- /* First binary copy the ENGINE structure so that we can roll back if +- * the hand-over fails */ +- memcpy(&cpy, e, sizeof(ENGINE)); +- /* Provide the ERR, "ex_data", memory, and locking callbacks so the +- * loaded library uses our state rather than its own. FIXME: As noted in +- * engine.h, much of this would be simplified if each area of code +- * provided its own "summary" structure of all related callbacks. It +- * would also increase opaqueness. */ +- fns.static_state = ENGINE_get_static_state(); +- fns.err_fns = ERR_get_implementation(); +- fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); +- CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, +- &fns.mem_fns.realloc_cb, +- &fns.mem_fns.free_cb); +- fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); +- fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); +- fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); +- fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); +- fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); +- /* Now that we've loaded the dynamic engine, make sure no "dynamic" +- * ENGINE elements will show through. */ +- engine_set_all_null(e); ++ if (!ctx->dynamic_dso) ++ ctx->dynamic_dso = DSO_new(); ++ if (!ctx->DYNAMIC_LIBNAME) { ++ if (!ctx->engine_id) ++ return 0; ++ ctx->DYNAMIC_LIBNAME = ++ DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); ++ } ++ if (!int_load(ctx)) { ++ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND); ++ DSO_free(ctx->dynamic_dso); ++ ctx->dynamic_dso = NULL; ++ return 0; ++ } ++ /* We have to find a bind function otherwise it'll always end badly */ ++ if (! ++ (ctx->bind_engine = ++ (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, ++ ctx->DYNAMIC_F2))) { ++ ctx->bind_engine = NULL; ++ DSO_free(ctx->dynamic_dso); ++ ctx->dynamic_dso = NULL; ++ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE); ++ return 0; ++ } ++ /* Do we perform version checking? */ ++ if (!ctx->no_vcheck) { ++ unsigned long vcheck_res = 0; ++ /* ++ * Now we try to find a version checking function and decide how to ++ * cope with failure if/when it fails. ++ */ ++ ctx->v_check = ++ (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, ++ ctx->DYNAMIC_F1); ++ if (ctx->v_check) ++ vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); ++ /* ++ * We fail if the version checker veto'd the load *or* if it is ++ * deferring to us (by returning its version) and we think it is too ++ * old. ++ */ ++ if (vcheck_res < OSSL_DYNAMIC_OLDEST) { ++ /* Fail */ ++ ctx->bind_engine = NULL; ++ ctx->v_check = NULL; ++ DSO_free(ctx->dynamic_dso); ++ ctx->dynamic_dso = NULL; ++ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ++ ENGINE_R_VERSION_INCOMPATIBILITY); ++ return 0; ++ } ++ } ++ /* ++ * First binary copy the ENGINE structure so that we can roll back if the ++ * hand-over fails ++ */ ++ memcpy(&cpy, e, sizeof(ENGINE)); ++ /* ++ * Provide the ERR, "ex_data", memory, and locking callbacks so the ++ * loaded library uses our state rather than its own. FIXME: As noted in ++ * engine.h, much of this would be simplified if each area of code ++ * provided its own "summary" structure of all related callbacks. It ++ * would also increase opaqueness. ++ */ ++ fns.static_state = ENGINE_get_static_state(); ++ fns.err_fns = ERR_get_implementation(); ++ fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); ++ CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, ++ &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb); ++ fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); ++ fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); ++ fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); ++ fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); ++ fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); ++ /* ++ * Now that we've loaded the dynamic engine, make sure no "dynamic" ++ * ENGINE elements will show through. ++ */ ++ engine_set_all_null(e); + +- /* Try to bind the ENGINE onto our own ENGINE structure */ +- if(!ctx->bind_engine(e, ctx->engine_id, &fns)) +- { +- ctx->bind_engine = NULL; +- ctx->v_check = NULL; +- DSO_free(ctx->dynamic_dso); +- ctx->dynamic_dso = NULL; +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED); +- /* Copy the original ENGINE structure back */ +- memcpy(e, &cpy, sizeof(ENGINE)); +- return 0; +- } +- /* Do we try to add this ENGINE to the internal list too? */ +- if(ctx->list_add_value > 0) +- { +- if(!ENGINE_add(e)) +- { +- /* Do we tolerate this or fail? */ +- if(ctx->list_add_value > 1) +- { +- /* Fail - NB: By this time, it's too late to +- * rollback, and trying to do so allows the +- * bind_engine() code to have created leaks. We +- * just have to fail where we are, after the +- * ENGINE has changed. */ +- ENGINEerr(ENGINE_F_DYNAMIC_LOAD, +- ENGINE_R_CONFLICTING_ENGINE_ID); +- return 0; +- } +- /* Tolerate */ +- ERR_clear_error(); +- } +- } +- return 1; +- } ++ /* Try to bind the ENGINE onto our own ENGINE structure */ ++ if (!ctx->bind_engine(e, ctx->engine_id, &fns)) { ++ ctx->bind_engine = NULL; ++ ctx->v_check = NULL; ++ DSO_free(ctx->dynamic_dso); ++ ctx->dynamic_dso = NULL; ++ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED); ++ /* Copy the original ENGINE structure back */ ++ memcpy(e, &cpy, sizeof(ENGINE)); ++ return 0; ++ } ++ /* Do we try to add this ENGINE to the internal list too? */ ++ if (ctx->list_add_value > 0) { ++ if (!ENGINE_add(e)) { ++ /* Do we tolerate this or fail? */ ++ if (ctx->list_add_value > 1) { ++ /* ++ * Fail - NB: By this time, it's too late to rollback, and ++ * trying to do so allows the bind_engine() code to have ++ * created leaks. We just have to fail where we are, after ++ * the ENGINE has changed. ++ */ ++ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ++ ENGINE_R_CONFLICTING_ENGINE_ID); ++ return 0; ++ } ++ /* Tolerate */ ++ ERR_clear_error(); ++ } ++ } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c +index ac74dd1..20f1ad2 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_err.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,106 +66,111 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) + +-static ERR_STRING_DATA ENGINE_str_functs[]= +- { +-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, +-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, +-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, +-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, +-{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, +-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, +-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, +-{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, +-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, +-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, +-{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, +-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, +-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, +-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, +-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, +-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, +-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, +-{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, +-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, +-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, +-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, +-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, +-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"}, +-{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, +-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, +-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, +-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, +-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, +-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, +-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, +-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, +-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, +-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, +-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, +-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, +-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, +-{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ENGINE_str_functs[] = { ++ {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"}, ++ {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"}, ++ {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"}, ++ {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), ++ "ENGINE_load_ssl_client_cert"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), ++ "ENGINE_set_default_string"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"}, ++ {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"}, ++ {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"}, ++ {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"}, ++ {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"}, ++ {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA ENGINE_str_reasons[]= +- { +-{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"}, +-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"}, +-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"}, +-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"}, +-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"}, +-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"}, +-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"}, +-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"}, +-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"}, +-{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"}, +-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"}, +-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"}, +-{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"}, +-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"}, +-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"}, +-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"}, +-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"}, +-{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"}, +-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"}, +-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"}, +-{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"}, +-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"}, +-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"}, +-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"}, +-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"}, +-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"}, +-{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"}, +-{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"}, +-{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"}, +-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"}, +-{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"}, +-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"}, +-{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"}, +-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"}, +-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"}, +-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"}, +-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"}, +-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"}, +-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"}, +-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA ENGINE_str_reasons[] = { ++ {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"}, ++ {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), ++ "argument is not a number"}, ++ {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"}, ++ {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"}, ++ {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"}, ++ {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"}, ++ {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), ++ "ctrl command not implemented"}, ++ {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"}, ++ {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"}, ++ {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"}, ++ {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"}, ++ {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"}, ++ {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), ++ "engine configuration error"}, ++ {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"}, ++ {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"}, ++ {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), ++ "failed loading private key"}, ++ {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), ++ "failed loading public key"}, ++ {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"}, ++ {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED), ++ "could not obtain hardware handle"}, ++ {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"}, ++ {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"}, ++ {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"}, ++ {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"}, ++ {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"}, ++ {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"}, ++ {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"}, ++ {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"}, ++ {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"}, ++ {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"}, ++ {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"}, ++ {ERR_REASON(ENGINE_R_NO_INDEX), "no index"}, ++ {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"}, ++ {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"}, ++ {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, ++ {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"}, ++ {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"}, ++ {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"}, ++ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"}, ++ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"}, ++ {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_ENGINE_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,ENGINE_str_functs); +- ERR_load_strings(0,ENGINE_str_reasons); +- } ++ if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, ENGINE_str_functs); ++ ERR_load_strings(0, ENGINE_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c +index 27c1662..7fa0754 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,7 +54,7 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +@@ -62,106 +62,104 @@ + #include + + int ENGINE_set_default(ENGINE *e, unsigned int flags) +- { +- if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) +- return 0; +- if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) +- return 0; ++{ ++ if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) ++ return 0; ++ if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) ++ return 0; + #ifndef OPENSSL_NO_RSA +- if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) +- return 0; ++ if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) ++ return 0; + #endif + #ifndef OPENSSL_NO_DSA +- if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) +- return 0; ++ if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) ++ return 0; + #endif + #ifndef OPENSSL_NO_DH +- if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) +- return 0; ++ if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) ++ return 0; + #endif + #ifndef OPENSSL_NO_ECDH +- if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) +- return 0; ++ if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) ++ return 0; + #endif + #ifndef OPENSSL_NO_ECDSA +- if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) +- return 0; ++ if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) ++ return 0; + #endif +- if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) +- return 0; +- return 1; +- } ++ if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) ++ return 0; ++ return 1; ++} + + /* Set default algorithms using a string */ + + static int int_def_cb(const char *alg, int len, void *arg) +- { +- unsigned int *pflags = arg; +- if (!strncmp(alg, "ALL", len)) +- *pflags |= ENGINE_METHOD_ALL; +- else if (!strncmp(alg, "RSA", len)) +- *pflags |= ENGINE_METHOD_RSA; +- else if (!strncmp(alg, "DSA", len)) +- *pflags |= ENGINE_METHOD_DSA; +- else if (!strncmp(alg, "ECDH", len)) +- *pflags |= ENGINE_METHOD_ECDH; +- else if (!strncmp(alg, "ECDSA", len)) +- *pflags |= ENGINE_METHOD_ECDSA; +- else if (!strncmp(alg, "DH", len)) +- *pflags |= ENGINE_METHOD_DH; +- else if (!strncmp(alg, "RAND", len)) +- *pflags |= ENGINE_METHOD_RAND; +- else if (!strncmp(alg, "CIPHERS", len)) +- *pflags |= ENGINE_METHOD_CIPHERS; +- else if (!strncmp(alg, "DIGESTS", len)) +- *pflags |= ENGINE_METHOD_DIGESTS; +- else +- return 0; +- return 1; +- } +- ++{ ++ unsigned int *pflags = arg; ++ if (!strncmp(alg, "ALL", len)) ++ *pflags |= ENGINE_METHOD_ALL; ++ else if (!strncmp(alg, "RSA", len)) ++ *pflags |= ENGINE_METHOD_RSA; ++ else if (!strncmp(alg, "DSA", len)) ++ *pflags |= ENGINE_METHOD_DSA; ++ else if (!strncmp(alg, "ECDH", len)) ++ *pflags |= ENGINE_METHOD_ECDH; ++ else if (!strncmp(alg, "ECDSA", len)) ++ *pflags |= ENGINE_METHOD_ECDSA; ++ else if (!strncmp(alg, "DH", len)) ++ *pflags |= ENGINE_METHOD_DH; ++ else if (!strncmp(alg, "RAND", len)) ++ *pflags |= ENGINE_METHOD_RAND; ++ else if (!strncmp(alg, "CIPHERS", len)) ++ *pflags |= ENGINE_METHOD_CIPHERS; ++ else if (!strncmp(alg, "DIGESTS", len)) ++ *pflags |= ENGINE_METHOD_DIGESTS; ++ else ++ return 0; ++ return 1; ++} + + int ENGINE_set_default_string(ENGINE *e, const char *def_list) +- { +- unsigned int flags = 0; +- if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) +- { +- ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, +- ENGINE_R_INVALID_STRING); +- ERR_add_error_data(2, "str=",def_list); +- return 0; +- } +- return ENGINE_set_default(e, flags); +- } ++{ ++ unsigned int flags = 0; ++ if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { ++ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, ++ ENGINE_R_INVALID_STRING); ++ ERR_add_error_data(2, "str=", def_list); ++ return 0; ++ } ++ return ENGINE_set_default(e, flags); ++} + + int ENGINE_register_complete(ENGINE *e) +- { +- ENGINE_register_ciphers(e); +- ENGINE_register_digests(e); ++{ ++ ENGINE_register_ciphers(e); ++ ENGINE_register_digests(e); + #ifndef OPENSSL_NO_RSA +- ENGINE_register_RSA(e); ++ ENGINE_register_RSA(e); + #endif + #ifndef OPENSSL_NO_DSA +- ENGINE_register_DSA(e); ++ ENGINE_register_DSA(e); + #endif + #ifndef OPENSSL_NO_DH +- ENGINE_register_DH(e); ++ ENGINE_register_DH(e); + #endif + #ifndef OPENSSL_NO_ECDH +- ENGINE_register_ECDH(e); ++ ENGINE_register_ECDH(e); + #endif + #ifndef OPENSSL_NO_ECDSA +- ENGINE_register_ECDSA(e); ++ ENGINE_register_ECDSA(e); + #endif +- ENGINE_register_RAND(e); +- return 1; +- } ++ ENGINE_register_RAND(e); ++ return 1; ++} + + int ENGINE_register_all_complete(void) +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_complete(e); +- return 1; +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_complete(e); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c +index 7633cf5..4ea7fe6 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_init.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_init.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -55,100 +55,103 @@ + + #include "eng_int.h" + +-/* Initialise a engine type for use (or up its functional reference count +- * if it's already in use). This version is only used internally. */ ++/* ++ * Initialise a engine type for use (or up its functional reference count if ++ * it's already in use). This version is only used internally. ++ */ + int engine_unlocked_init(ENGINE *e) +- { +- int to_return = 1; ++{ ++ int to_return = 1; + +- if((e->funct_ref == 0) && e->init) +- /* This is the first functional reference and the engine +- * requires initialisation so we do it now. */ +- to_return = e->init(e); +- if(to_return) +- { +- /* OK, we return a functional reference which is also a +- * structural reference. */ +- e->struct_ref++; +- e->funct_ref++; +- engine_ref_debug(e, 0, 1) +- engine_ref_debug(e, 1, 1) +- } +- return to_return; +- } ++ if ((e->funct_ref == 0) && e->init) ++ /* ++ * This is the first functional reference and the engine requires ++ * initialisation so we do it now. ++ */ ++ to_return = e->init(e); ++ if (to_return) { ++ /* ++ * OK, we return a functional reference which is also a structural ++ * reference. ++ */ ++ e->struct_ref++; ++ e->funct_ref++; ++ engine_ref_debug(e, 0, 1) ++ engine_ref_debug(e, 1, 1) ++ } ++ return to_return; ++} + +-/* Free a functional reference to a engine type. This version is only used +- * internally. */ ++/* ++ * Free a functional reference to a engine type. This version is only used ++ * internally. ++ */ + int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) +- { +- int to_return = 1; ++{ ++ int to_return = 1; + +- /* Reduce the functional reference count here so if it's the terminating +- * case, we can release the lock safely and call the finish() handler +- * without risk of a race. We get a race if we leave the count until +- * after and something else is calling "finish" at the same time - +- * there's a chance that both threads will together take the count from +- * 2 to 0 without either calling finish(). */ +- e->funct_ref--; +- engine_ref_debug(e, 1, -1); +- if((e->funct_ref == 0) && e->finish) +- { +- if(unlock_for_handlers) +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- to_return = e->finish(e); +- if(unlock_for_handlers) +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(!to_return) +- return 0; +- } ++ /* ++ * Reduce the functional reference count here so if it's the terminating ++ * case, we can release the lock safely and call the finish() handler ++ * without risk of a race. We get a race if we leave the count until ++ * after and something else is calling "finish" at the same time - ++ * there's a chance that both threads will together take the count from 2 ++ * to 0 without either calling finish(). ++ */ ++ e->funct_ref--; ++ engine_ref_debug(e, 1, -1); ++ if ((e->funct_ref == 0) && e->finish) { ++ if (unlock_for_handlers) ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ to_return = e->finish(e); ++ if (unlock_for_handlers) ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (!to_return) ++ return 0; ++ } + #ifdef REF_CHECK +- if(e->funct_ref < 0) +- { +- fprintf(stderr,"ENGINE_finish, bad functional reference count\n"); +- abort(); +- } ++ if (e->funct_ref < 0) { ++ fprintf(stderr, "ENGINE_finish, bad functional reference count\n"); ++ abort(); ++ } + #endif +- /* Release the structural reference too */ +- if(!engine_free_util(e, 0)) +- { +- ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED); +- return 0; +- } +- return to_return; +- } ++ /* Release the structural reference too */ ++ if (!engine_free_util(e, 0)) { ++ ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED); ++ return 0; ++ } ++ return to_return; ++} + + /* The API (locked) version of "init" */ + int ENGINE_init(ENGINE *e) +- { +- int ret; +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = engine_unlocked_init(e); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +- } ++{ ++ int ret; ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ ret = engine_unlocked_init(e); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ return ret; ++} + + /* The API (locked) version of "finish" */ + int ENGINE_finish(ENGINE *e) +- { +- int to_return = 1; ++{ ++ int to_return = 1; + +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- to_return = engine_unlocked_finish(e, 1); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if(!to_return) +- { +- ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); +- return 0; +- } +- return to_return; +- } ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ to_return = engine_unlocked_finish(e, 1); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ if (!to_return) { ++ ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED); ++ return 0; ++ } ++ return to_return; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c +index 5815b86..6238f9d 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c +@@ -1,6 +1,7 @@ + /* crypto/engine/eng_lib.c */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,268 +63,282 @@ + /* The "new"/"free" stuff first */ + + ENGINE *ENGINE_new(void) +- { +- ENGINE *ret; +- +- ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); +- if(ret == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- memset(ret, 0, sizeof(ENGINE)); +- ret->struct_ref = 1; +- engine_ref_debug(ret, 0, 1) +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); +- return ret; +- } +- +-/* Placed here (close proximity to ENGINE_new) so that modifications to the ++{ ++ ENGINE *ret; ++ ++ ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); ++ if (ret == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ memset(ret, 0, sizeof(ENGINE)); ++ ret->struct_ref = 1; ++ engine_ref_debug(ret, 0, 1) ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); ++ return ret; ++} ++ ++/* ++ * Placed here (close proximity to ENGINE_new) so that modifications to the + * elements of the ENGINE structure are more likely to be caught and changed +- * here. */ ++ * here. ++ */ + void engine_set_all_null(ENGINE *e) +- { +- e->id = NULL; +- e->name = NULL; +- e->rsa_meth = NULL; +- e->dsa_meth = NULL; +- e->dh_meth = NULL; +- e->rand_meth = NULL; +- e->store_meth = NULL; +- e->ciphers = NULL; +- e->digests = NULL; +- e->destroy = NULL; +- e->init = NULL; +- e->finish = NULL; +- e->ctrl = NULL; +- e->load_privkey = NULL; +- e->load_pubkey = NULL; +- e->cmd_defns = NULL; +- e->flags = 0; +- } ++{ ++ e->id = NULL; ++ e->name = NULL; ++ e->rsa_meth = NULL; ++ e->dsa_meth = NULL; ++ e->dh_meth = NULL; ++ e->rand_meth = NULL; ++ e->store_meth = NULL; ++ e->ciphers = NULL; ++ e->digests = NULL; ++ e->destroy = NULL; ++ e->init = NULL; ++ e->finish = NULL; ++ e->ctrl = NULL; ++ e->load_privkey = NULL; ++ e->load_pubkey = NULL; ++ e->cmd_defns = NULL; ++ e->flags = 0; ++} + + int engine_free_util(ENGINE *e, int locked) +- { +- int i; +- +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if(locked) +- i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); +- else +- i = --e->struct_ref; +- engine_ref_debug(e, 0, -1) +- if (i > 0) return 1; ++{ ++ int i; ++ ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (locked) ++ i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE); ++ else ++ i = --e->struct_ref; ++ engine_ref_debug(e, 0, -1) ++ if (i > 0) ++ return 1; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"ENGINE_free, bad structural reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "ENGINE_free, bad structural reference count\n"); ++ abort(); ++ } + #endif +- /* Give the ENGINE a chance to do any structural cleanup corresponding +- * to allocation it did in its constructor (eg. unload error strings) */ +- if(e->destroy) +- e->destroy(e); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); +- OPENSSL_free(e); +- return 1; +- } ++ /* ++ * Give the ENGINE a chance to do any structural cleanup corresponding to ++ * allocation it did in its constructor (eg. unload error strings) ++ */ ++ if (e->destroy) ++ e->destroy(e); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); ++ OPENSSL_free(e); ++ return 1; ++} + + int ENGINE_free(ENGINE *e) +- { +- return engine_free_util(e, 1); +- } ++{ ++ return engine_free_util(e, 1); ++} + + /* Cleanup stuff */ + +-/* ENGINE_cleanup() is coded such that anything that does work that will need +- * cleanup can register a "cleanup" callback here. That way we don't get linker +- * bloat by referring to all *possible* cleanups, but any linker bloat into code +- * "X" will cause X's cleanup function to end up here. */ ++/* ++ * ENGINE_cleanup() is coded such that anything that does work that will need ++ * cleanup can register a "cleanup" callback here. That way we don't get ++ * linker bloat by referring to all *possible* cleanups, but any linker bloat ++ * into code "X" will cause X's cleanup function to end up here. ++ */ + static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL; + static int int_cleanup_check(int create) +- { +- if(cleanup_stack) return 1; +- if(!create) return 0; +- cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); +- return (cleanup_stack ? 1 : 0); +- } ++{ ++ if (cleanup_stack) ++ return 1; ++ if (!create) ++ return 0; ++ cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); ++ return (cleanup_stack ? 1 : 0); ++} ++ + static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) +- { +- ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof( +- ENGINE_CLEANUP_ITEM)); +- if(!item) return NULL; +- item->cb = cb; +- return item; +- } ++{ ++ ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM)); ++ if (!item) ++ return NULL; ++ item->cb = cb; ++ return item; ++} ++ + void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) +- { +- ENGINE_CLEANUP_ITEM *item; +- if(!int_cleanup_check(1)) return; +- item = int_cleanup_item(cb); +- if(item) +- sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); +- } ++{ ++ ENGINE_CLEANUP_ITEM *item; ++ if (!int_cleanup_check(1)) ++ return; ++ item = int_cleanup_item(cb); ++ if (item) ++ sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); ++} ++ + void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) +- { +- ENGINE_CLEANUP_ITEM *item; +- if(!int_cleanup_check(1)) return; +- item = int_cleanup_item(cb); +- if(item) +- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); +- } ++{ ++ ENGINE_CLEANUP_ITEM *item; ++ if (!int_cleanup_check(1)) ++ return; ++ item = int_cleanup_item(cb); ++ if (item) ++ sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); ++} ++ + /* The API function that performs all cleanup */ + static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) +- { +- (*(item->cb))(); +- OPENSSL_free(item); +- } ++{ ++ (*(item->cb)) (); ++ OPENSSL_free(item); ++} ++ + void ENGINE_cleanup(void) +- { +- if(int_cleanup_check(0)) +- { +- sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, +- engine_cleanup_cb_free); +- cleanup_stack = NULL; +- } +- /* FIXME: This should be handled (somehow) through RAND, eg. by it +- * registering a cleanup callback. */ +- RAND_set_rand_method(NULL); +- } ++{ ++ if (int_cleanup_check(0)) { ++ sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, ++ engine_cleanup_cb_free); ++ cleanup_stack = NULL; ++ } ++ /* ++ * FIXME: This should be handled (somehow) through RAND, eg. by it ++ * registering a cleanup callback. ++ */ ++ RAND_set_rand_method(NULL); ++} + + /* Now the "ex_data" support */ + + int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, ++ new_func, dup_func, free_func); ++} + + int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&e->ex_data, idx, arg)); ++} + + void *ENGINE_get_ex_data(const ENGINE *e, int idx) +- { +- return(CRYPTO_get_ex_data(&e->ex_data, idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&e->ex_data, idx)); ++} + +-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the +- * ENGINE structure itself. */ ++/* ++ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the ++ * ENGINE structure itself. ++ */ + + int ENGINE_set_id(ENGINE *e, const char *id) +- { +- if(id == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_SET_ID, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- e->id = id; +- return 1; +- } ++{ ++ if (id == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ e->id = id; ++ return 1; ++} + + int ENGINE_set_name(ENGINE *e, const char *name) +- { +- if(name == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_SET_NAME, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- e->name = name; +- return 1; +- } ++{ ++ if (name == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ e->name = name; ++ return 1; ++} + + int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) +- { +- e->destroy = destroy_f; +- return 1; +- } ++{ ++ e->destroy = destroy_f; ++ return 1; ++} + + int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) +- { +- e->init = init_f; +- return 1; +- } ++{ ++ e->init = init_f; ++ return 1; ++} + + int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) +- { +- e->finish = finish_f; +- return 1; +- } ++{ ++ e->finish = finish_f; ++ return 1; ++} + + int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) +- { +- e->ctrl = ctrl_f; +- return 1; +- } ++{ ++ e->ctrl = ctrl_f; ++ return 1; ++} + + int ENGINE_set_flags(ENGINE *e, int flags) +- { +- e->flags = flags; +- return 1; +- } ++{ ++ e->flags = flags; ++ return 1; ++} + + int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) +- { +- e->cmd_defns = defns; +- return 1; +- } ++{ ++ e->cmd_defns = defns; ++ return 1; ++} + + const char *ENGINE_get_id(const ENGINE *e) +- { +- return e->id; +- } ++{ ++ return e->id; ++} + + const char *ENGINE_get_name(const ENGINE *e) +- { +- return e->name; +- } ++{ ++ return e->name; ++} + + ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) +- { +- return e->destroy; +- } ++{ ++ return e->destroy; ++} + + ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) +- { +- return e->init; +- } ++{ ++ return e->init; ++} + + ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) +- { +- return e->finish; +- } ++{ ++ return e->finish; ++} + + ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) +- { +- return e->ctrl; +- } ++{ ++ return e->ctrl; ++} + + int ENGINE_get_flags(const ENGINE *e) +- { +- return e->flags; +- } ++{ ++ return e->flags; ++} + + const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) +- { +- return e->cmd_defns; +- } ++{ ++ return e->cmd_defns; ++} + +-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so +- * put the "static_state" hack here. */ ++/* ++ * eng_lib.o is pretty much linked into anything that touches ENGINE already, ++ * so put the "static_state" hack here. ++ */ + + static int internal_static_hack = 0; + + void *ENGINE_get_static_state(void) +- { +- return &internal_static_hack; +- } ++{ ++ return &internal_static_hack; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c +index fa2ab97..45029c4 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_list.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_list.c +@@ -1,6 +1,7 @@ + /* crypto/engine/eng_list.c */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,376 +58,345 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + + #include "eng_int.h" + +-/* The linked-list of pointers to engine types. engine_list_head +- * incorporates an implicit structural reference but engine_list_tail +- * does not - the latter is a computational niceity and only points +- * to something that is already pointed to by its predecessor in the +- * list (or engine_list_head itself). In the same way, the use of the +- * "prev" pointer in each ENGINE is to save excessive list iteration, +- * it doesn't correspond to an extra structural reference. Hence, +- * engine_list_head, and each non-null "next" pointer account for +- * the list itself assuming exactly 1 structural reference on each +- * list member. */ ++/* ++ * The linked-list of pointers to engine types. engine_list_head incorporates ++ * an implicit structural reference but engine_list_tail does not - the ++ * latter is a computational niceity and only points to something that is ++ * already pointed to by its predecessor in the list (or engine_list_head ++ * itself). In the same way, the use of the "prev" pointer in each ENGINE is ++ * to save excessive list iteration, it doesn't correspond to an extra ++ * structural reference. Hence, engine_list_head, and each non-null "next" ++ * pointer account for the list itself assuming exactly 1 structural ++ * reference on each list member. ++ */ + static ENGINE *engine_list_head = NULL; + static ENGINE *engine_list_tail = NULL; + +-/* This cleanup function is only needed internally. If it should be called, we +- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */ ++/* ++ * This cleanup function is only needed internally. If it should be called, ++ * we register it with the "ENGINE_cleanup()" stack to be called during ++ * cleanup. ++ */ + + static void engine_list_cleanup(void) +- { +- ENGINE *iterator = engine_list_head; ++{ ++ ENGINE *iterator = engine_list_head; + +- while(iterator != NULL) +- { +- ENGINE_remove(iterator); +- iterator = engine_list_head; +- } +- return; +- } ++ while (iterator != NULL) { ++ ENGINE_remove(iterator); ++ iterator = engine_list_head; ++ } ++ return; ++} + +-/* These static functions starting with a lower case "engine_" always +- * take place when CRYPTO_LOCK_ENGINE has been locked up. */ ++/* ++ * These static functions starting with a lower case "engine_" always take ++ * place when CRYPTO_LOCK_ENGINE has been locked up. ++ */ + static int engine_list_add(ENGINE *e) +- { +- int conflict = 0; +- ENGINE *iterator = NULL; ++{ ++ int conflict = 0; ++ ENGINE *iterator = NULL; + +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- iterator = engine_list_head; +- while(iterator && !conflict) +- { +- conflict = (strcmp(iterator->id, e->id) == 0); +- iterator = iterator->next; +- } +- if(conflict) +- { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, +- ENGINE_R_CONFLICTING_ENGINE_ID); +- return 0; +- } +- if(engine_list_head == NULL) +- { +- /* We are adding to an empty list. */ +- if(engine_list_tail) +- { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, +- ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- engine_list_head = e; +- e->prev = NULL; +- /* The first time the list allocates, we should register the +- * cleanup. */ +- engine_cleanup_add_last(engine_list_cleanup); +- } +- else +- { +- /* We are adding to the tail of an existing list. */ +- if((engine_list_tail == NULL) || +- (engine_list_tail->next != NULL)) +- { +- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, +- ENGINE_R_INTERNAL_LIST_ERROR); +- return 0; +- } +- engine_list_tail->next = e; +- e->prev = engine_list_tail; +- } +- /* Having the engine in the list assumes a structural +- * reference. */ +- e->struct_ref++; +- engine_ref_debug(e, 0, 1) +- /* However it came to be, e is the last item in the list. */ +- engine_list_tail = e; +- e->next = NULL; +- return 1; +- } ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ iterator = engine_list_head; ++ while (iterator && !conflict) { ++ conflict = (strcmp(iterator->id, e->id) == 0); ++ iterator = iterator->next; ++ } ++ if (conflict) { ++ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID); ++ return 0; ++ } ++ if (engine_list_head == NULL) { ++ /* We are adding to an empty list. */ ++ if (engine_list_tail) { ++ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR); ++ return 0; ++ } ++ engine_list_head = e; ++ e->prev = NULL; ++ /* ++ * The first time the list allocates, we should register the cleanup. ++ */ ++ engine_cleanup_add_last(engine_list_cleanup); ++ } else { ++ /* We are adding to the tail of an existing list. */ ++ if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) { ++ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR); ++ return 0; ++ } ++ engine_list_tail->next = e; ++ e->prev = engine_list_tail; ++ } ++ /* ++ * Having the engine in the list assumes a structural reference. ++ */ ++ e->struct_ref++; ++ engine_ref_debug(e, 0, 1) ++ /* However it came to be, e is the last item in the list. */ ++ engine_list_tail = e; ++ e->next = NULL; ++ return 1; ++} + + static int engine_list_remove(ENGINE *e) +- { +- ENGINE *iterator; ++{ ++ ENGINE *iterator; + +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- /* We need to check that e is in our linked list! */ +- iterator = engine_list_head; +- while(iterator && (iterator != e)) +- iterator = iterator->next; +- if(iterator == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, +- ENGINE_R_ENGINE_IS_NOT_IN_LIST); +- return 0; +- } +- /* un-link e from the chain. */ +- if(e->next) +- e->next->prev = e->prev; +- if(e->prev) +- e->prev->next = e->next; +- /* Correct our head/tail if necessary. */ +- if(engine_list_head == e) +- engine_list_head = e->next; +- if(engine_list_tail == e) +- engine_list_tail = e->prev; +- engine_free_util(e, 0); +- return 1; +- } ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ /* We need to check that e is in our linked list! */ ++ iterator = engine_list_head; ++ while (iterator && (iterator != e)) ++ iterator = iterator->next; ++ if (iterator == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ++ ENGINE_R_ENGINE_IS_NOT_IN_LIST); ++ return 0; ++ } ++ /* un-link e from the chain. */ ++ if (e->next) ++ e->next->prev = e->prev; ++ if (e->prev) ++ e->prev->next = e->next; ++ /* Correct our head/tail if necessary. */ ++ if (engine_list_head == e) ++ engine_list_head = e->next; ++ if (engine_list_tail == e) ++ engine_list_tail = e->prev; ++ engine_free_util(e, 0); ++ return 1; ++} + + /* Get the first/last "ENGINE" type available. */ + ENGINE *ENGINE_get_first(void) +- { +- ENGINE *ret; ++{ ++ ENGINE *ret; + +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = engine_list_head; +- if(ret) +- { +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +- } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ ret = engine_list_head; ++ if (ret) { ++ ret->struct_ref++; ++ engine_ref_debug(ret, 0, 1) ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ return ret; ++} + + ENGINE *ENGINE_get_last(void) +- { +- ENGINE *ret; ++{ ++ ENGINE *ret; + +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = engine_list_tail; +- if(ret) +- { +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +- } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ ret = engine_list_tail; ++ if (ret) { ++ ret->struct_ref++; ++ engine_ref_debug(ret, 0, 1) ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ return ret; ++} + + /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ + ENGINE *ENGINE_get_next(ENGINE *e) +- { +- ENGINE *ret = NULL; +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = e->next; +- if(ret) +- { +- /* Return a valid structural refernce to the next ENGINE */ +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* Release the structural reference to the previous ENGINE */ +- ENGINE_free(e); +- return ret; +- } ++{ ++ ENGINE *ret = NULL; ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ ret = e->next; ++ if (ret) { ++ /* Return a valid structural refernce to the next ENGINE */ ++ ret->struct_ref++; ++ engine_ref_debug(ret, 0, 1) ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ /* Release the structural reference to the previous ENGINE */ ++ ENGINE_free(e); ++ return ret; ++} + + ENGINE *ENGINE_get_prev(ENGINE *e) +- { +- ENGINE *ret = NULL; +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_GET_PREV, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- ret = e->prev; +- if(ret) +- { +- /* Return a valid structural reference to the next ENGINE */ +- ret->struct_ref++; +- engine_ref_debug(ret, 0, 1) +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* Release the structural reference to the previous ENGINE */ +- ENGINE_free(e); +- return ret; +- } ++{ ++ ENGINE *ret = NULL; ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ ret = e->prev; ++ if (ret) { ++ /* Return a valid structural reference to the next ENGINE */ ++ ret->struct_ref++; ++ engine_ref_debug(ret, 0, 1) ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ /* Release the structural reference to the previous ENGINE */ ++ ENGINE_free(e); ++ return ret; ++} + + /* Add another "ENGINE" type into the list. */ + int ENGINE_add(ENGINE *e) +- { +- int to_return = 1; +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_ADD, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if((e->id == NULL) || (e->name == NULL)) +- { +- ENGINEerr(ENGINE_F_ENGINE_ADD, +- ENGINE_R_ID_OR_NAME_MISSING); +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(!engine_list_add(e)) +- { +- ENGINEerr(ENGINE_F_ENGINE_ADD, +- ENGINE_R_INTERNAL_LIST_ERROR); +- to_return = 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return to_return; +- } ++{ ++ int to_return = 1; ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if ((e->id == NULL) || (e->name == NULL)) { ++ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING); ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (!engine_list_add(e)) { ++ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR); ++ to_return = 0; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ return to_return; ++} + + /* Remove an existing "ENGINE" type from the array. */ + int ENGINE_remove(ENGINE *e) +- { +- int to_return = 1; +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_REMOVE, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(!engine_list_remove(e)) +- { +- ENGINEerr(ENGINE_F_ENGINE_REMOVE, +- ENGINE_R_INTERNAL_LIST_ERROR); +- to_return = 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return to_return; +- } ++{ ++ int to_return = 1; ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (!engine_list_remove(e)) { ++ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR); ++ to_return = 0; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ return to_return; ++} + + static void engine_cpy(ENGINE *dest, const ENGINE *src) +- { +- dest->id = src->id; +- dest->name = src->name; ++{ ++ dest->id = src->id; ++ dest->name = src->name; + #ifndef OPENSSL_NO_RSA +- dest->rsa_meth = src->rsa_meth; ++ dest->rsa_meth = src->rsa_meth; + #endif + #ifndef OPENSSL_NO_DSA +- dest->dsa_meth = src->dsa_meth; ++ dest->dsa_meth = src->dsa_meth; + #endif + #ifndef OPENSSL_NO_DH +- dest->dh_meth = src->dh_meth; ++ dest->dh_meth = src->dh_meth; + #endif + #ifndef OPENSSL_NO_ECDH +- dest->ecdh_meth = src->ecdh_meth; ++ dest->ecdh_meth = src->ecdh_meth; + #endif + #ifndef OPENSSL_NO_ECDSA +- dest->ecdsa_meth = src->ecdsa_meth; ++ dest->ecdsa_meth = src->ecdsa_meth; + #endif +- dest->rand_meth = src->rand_meth; +- dest->store_meth = src->store_meth; +- dest->ciphers = src->ciphers; +- dest->digests = src->digests; +- dest->destroy = src->destroy; +- dest->init = src->init; +- dest->finish = src->finish; +- dest->ctrl = src->ctrl; +- dest->load_privkey = src->load_privkey; +- dest->load_pubkey = src->load_pubkey; +- dest->cmd_defns = src->cmd_defns; +- dest->flags = src->flags; +- } ++ dest->rand_meth = src->rand_meth; ++ dest->store_meth = src->store_meth; ++ dest->ciphers = src->ciphers; ++ dest->digests = src->digests; ++ dest->destroy = src->destroy; ++ dest->init = src->init; ++ dest->finish = src->finish; ++ dest->ctrl = src->ctrl; ++ dest->load_privkey = src->load_privkey; ++ dest->load_pubkey = src->load_pubkey; ++ dest->cmd_defns = src->cmd_defns; ++ dest->flags = src->flags; ++} + + ENGINE *ENGINE_by_id(const char *id) +- { +- ENGINE *iterator; +- char *load_dir = NULL; +- if(id == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_BY_ID, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- iterator = engine_list_head; +- while(iterator && (strcmp(id, iterator->id) != 0)) +- iterator = iterator->next; +- if(iterator) +- { +- /* We need to return a structural reference. If this is an +- * ENGINE type that returns copies, make a duplicate - otherwise +- * increment the existing ENGINE's reference count. */ +- if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) +- { +- ENGINE *cp = ENGINE_new(); +- if(!cp) +- iterator = NULL; +- else +- { +- engine_cpy(cp, iterator); +- iterator = cp; +- } +- } +- else +- { +- iterator->struct_ref++; +- engine_ref_debug(iterator, 0, 1) +- } +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++{ ++ ENGINE *iterator; ++ char *load_dir = NULL; ++ if (id == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ iterator = engine_list_head; ++ while (iterator && (strcmp(id, iterator->id) != 0)) ++ iterator = iterator->next; ++ if (iterator) { ++ /* ++ * We need to return a structural reference. If this is an ENGINE ++ * type that returns copies, make a duplicate - otherwise increment ++ * the existing ENGINE's reference count. ++ */ ++ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { ++ ENGINE *cp = ENGINE_new(); ++ if (!cp) ++ iterator = NULL; ++ else { ++ engine_cpy(cp, iterator); ++ iterator = cp; ++ } ++ } else { ++ iterator->struct_ref++; ++ engine_ref_debug(iterator, 0, 1) ++ } ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + #if 0 +- if(iterator == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_BY_ID, +- ENGINE_R_NO_SUCH_ENGINE); +- ERR_add_error_data(2, "id=", id); +- } +- return iterator; ++ if (iterator == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); ++ ERR_add_error_data(2, "id=", id); ++ } ++ return iterator; + #else +- /* EEK! Experimental code starts */ +- if(iterator) return iterator; +- /* Prevent infinite recusrion if we're looking for the dynamic engine. */ +- if (strcmp(id, "dynamic")) +- { +-#ifdef OPENSSL_SYS_VMS +- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]"; +-#else +- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR; +-#endif +- iterator = ENGINE_by_id("dynamic"); +- if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || +- !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || +- !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", +- load_dir, 0) || +- !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) +- goto notfound; +- return iterator; +- } +-notfound: +- ENGINE_free(iterator); +- ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE); +- ERR_add_error_data(2, "id=", id); +- return NULL; +- /* EEK! Experimental code ends */ ++ /* EEK! Experimental code starts */ ++ if (iterator) ++ return iterator; ++ /* ++ * Prevent infinite recusrion if we're looking for the dynamic engine. ++ */ ++ if (strcmp(id, "dynamic")) { ++# ifdef OPENSSL_SYS_VMS ++ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) ++ load_dir = "SSLROOT:[ENGINES]"; ++# else ++ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0) ++ load_dir = ENGINESDIR; ++# endif ++ iterator = ENGINE_by_id("dynamic"); ++ if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || ++ !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || ++ !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", ++ load_dir, 0) || ++ !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) ++ goto notfound; ++ return iterator; ++ } ++ notfound: ++ ENGINE_free(iterator); ++ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE); ++ ERR_add_error_data(2, "id=", id); ++ return NULL; ++ /* EEK! Experimental code ends */ + #endif +- } ++} + + int ENGINE_up_ref(ENGINE *e) +- { +- if (e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE); +- return 1; +- } ++{ ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c +index 7c139ae..c3aca14 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c +@@ -1,6 +1,7 @@ + /* crypto/engine/eng_openssl.c */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2000. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,11 +58,10 @@ + */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. +- * ECDH support in OpenSSL originally developed by ++ * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +- + #include + #include + #include "cryptlib.h" +@@ -71,18 +71,20 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + +-/* This testing gunk is implemented (and explained) lower down. It also assumes +- * the application explicitly calls "ENGINE_load_openssl()" because this is no +- * longer automatic in ENGINE_load_builtin_engines(). */ ++/* ++ * This testing gunk is implemented (and explained) lower down. It also ++ * assumes the application explicitly calls "ENGINE_load_openssl()" because ++ * this is no longer automatic in ENGINE_load_builtin_engines(). ++ */ + #define TEST_ENG_OPENSSL_RC4 + #define TEST_ENG_OPENSSL_PKEY + /* #define TEST_ENG_OPENSSL_RC4_OTHERS */ +@@ -96,118 +98,129 @@ + + /* Now check what of those algorithms are actually enabled */ + #ifdef OPENSSL_NO_RC4 +-#undef TEST_ENG_OPENSSL_RC4 +-#undef TEST_ENG_OPENSSL_RC4_OTHERS +-#undef TEST_ENG_OPENSSL_RC4_P_INIT +-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER ++# undef TEST_ENG_OPENSSL_RC4 ++# undef TEST_ENG_OPENSSL_RC4_OTHERS ++# undef TEST_ENG_OPENSSL_RC4_P_INIT ++# undef TEST_ENG_OPENSSL_RC4_P_CIPHER + #endif + #if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) +-#undef TEST_ENG_OPENSSL_SHA +-#undef TEST_ENG_OPENSSL_SHA_OTHERS +-#undef TEST_ENG_OPENSSL_SHA_P_INIT +-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE +-#undef TEST_ENG_OPENSSL_SHA_P_FINAL ++# undef TEST_ENG_OPENSSL_SHA ++# undef TEST_ENG_OPENSSL_SHA_OTHERS ++# undef TEST_ENG_OPENSSL_SHA_P_INIT ++# undef TEST_ENG_OPENSSL_SHA_P_UPDATE ++# undef TEST_ENG_OPENSSL_SHA_P_FINAL + #endif + + #ifdef TEST_ENG_OPENSSL_RC4 + static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid); ++ const int **nids, int nid); + #endif + #ifdef TEST_ENG_OPENSSL_SHA + static int openssl_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid); ++ const int **nids, int nid); + #endif + + #ifdef TEST_ENG_OPENSSL_PKEY + static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, +- UI_METHOD *ui_method, void *callback_data); ++ UI_METHOD *ui_method, ++ void *callback_data); + #endif + + /* The constants used when creating the ENGINE */ + static const char *engine_openssl_id = "openssl"; + static const char *engine_openssl_name = "Software engine support"; + +-/* This internal function is used by ENGINE_openssl() and possibly by the +- * "dynamic" ENGINE support too */ ++/* ++ * This internal function is used by ENGINE_openssl() and possibly by the ++ * "dynamic" ENGINE support too ++ */ + static int bind_helper(ENGINE *e) +- { +- if(!ENGINE_set_id(e, engine_openssl_id) +- || !ENGINE_set_name(e, engine_openssl_name) ++{ ++ if (!ENGINE_set_id(e, engine_openssl_id) ++ || !ENGINE_set_name(e, engine_openssl_name) + #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS +-#ifndef OPENSSL_NO_RSA +- || !ENGINE_set_RSA(e, RSA_get_default_method()) +-#endif +-#ifndef OPENSSL_NO_DSA +- || !ENGINE_set_DSA(e, DSA_get_default_method()) +-#endif +-#ifndef OPENSSL_NO_ECDH +- || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) +-#endif +-#ifndef OPENSSL_NO_ECDSA +- || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) +-#endif +-#ifndef OPENSSL_NO_DH +- || !ENGINE_set_DH(e, DH_get_default_method()) +-#endif +- || !ENGINE_set_RAND(e, RAND_SSLeay()) +-#ifdef TEST_ENG_OPENSSL_RC4 +- || !ENGINE_set_ciphers(e, openssl_ciphers) +-#endif +-#ifdef TEST_ENG_OPENSSL_SHA +- || !ENGINE_set_digests(e, openssl_digests) +-#endif ++# ifndef OPENSSL_NO_RSA ++ || !ENGINE_set_RSA(e, RSA_get_default_method()) ++# endif ++# ifndef OPENSSL_NO_DSA ++ || !ENGINE_set_DSA(e, DSA_get_default_method()) ++# endif ++# ifndef OPENSSL_NO_ECDH ++ || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) ++# endif ++# ifndef OPENSSL_NO_ECDSA ++ || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) ++# endif ++# ifndef OPENSSL_NO_DH ++ || !ENGINE_set_DH(e, DH_get_default_method()) ++# endif ++ || !ENGINE_set_RAND(e, RAND_SSLeay()) ++# ifdef TEST_ENG_OPENSSL_RC4 ++ || !ENGINE_set_ciphers(e, openssl_ciphers) ++# endif ++# ifdef TEST_ENG_OPENSSL_SHA ++ || !ENGINE_set_digests(e, openssl_digests) ++# endif + #endif + #ifdef TEST_ENG_OPENSSL_PKEY +- || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) ++ || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) + #endif +- ) +- return 0; +- /* If we add errors to this ENGINE, ensure the error handling is setup here */ +- /* openssl_load_error_strings(); */ +- return 1; +- } ++ ) ++ return 0; ++ /* ++ * If we add errors to this ENGINE, ensure the error handling is setup ++ * here ++ */ ++ /* openssl_load_error_strings(); */ ++ return 1; ++} + + static ENGINE *engine_openssl(void) +- { +- ENGINE *ret = ENGINE_new(); +- if(!ret) +- return NULL; +- if(!bind_helper(ret)) +- { +- ENGINE_free(ret); +- return NULL; +- } +- return ret; +- } ++{ ++ ENGINE *ret = ENGINE_new(); ++ if (!ret) ++ return NULL; ++ if (!bind_helper(ret)) { ++ ENGINE_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + void ENGINE_load_openssl(void) +- { +- ENGINE *toadd = engine_openssl(); +- if(!toadd) return; +- ENGINE_add(toadd); +- /* If the "add" worked, it gets a structural reference. So either way, +- * we release our just-created reference. */ +- ENGINE_free(toadd); +- ERR_clear_error(); +- } ++{ ++ ENGINE *toadd = engine_openssl(); ++ if (!toadd) ++ return; ++ ENGINE_add(toadd); ++ /* ++ * If the "add" worked, it gets a structural reference. So either way, we ++ * release our just-created reference. ++ */ ++ ENGINE_free(toadd); ++ ERR_clear_error(); ++} + +-/* This stuff is needed if this ENGINE is being compiled into a self-contained +- * shared-library. */ ++/* ++ * This stuff is needed if this ENGINE is being compiled into a ++ * self-contained shared-library. ++ */ + #ifdef ENGINE_DYNAMIC_SUPPORT + static int bind_fn(ENGINE *e, const char *id) +- { +- if(id && (strcmp(id, engine_openssl_id) != 0)) +- return 0; +- if(!bind_helper(e)) +- return 0; +- return 1; +- } +-IMPLEMENT_DYNAMIC_CHECK_FN() +-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) +-#endif /* ENGINE_DYNAMIC_SUPPORT */ ++{ ++ if (id && (strcmp(id, engine_openssl_id) != 0)) ++ return 0; ++ if (!bind_helper(e)) ++ return 0; ++ return 1; ++} + ++IMPLEMENT_DYNAMIC_CHECK_FN() ++ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) ++#endif /* ENGINE_DYNAMIC_SUPPORT */ + #ifdef TEST_ENG_OPENSSL_RC4 +-/* This section of code compiles an "alternative implementation" of two modes of ++/*- ++ * This section of code compiles an "alternative implementation" of two modes of + * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" + * should under normal circumstances go via this support rather than the default + * EVP support. There are other symbols to tweak the testing; +@@ -217,168 +230,173 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) + * the "init_key" handler is called. + * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. + */ +-#include +-#define TEST_RC4_KEY_SIZE 16 +-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; ++# include ++# define TEST_RC4_KEY_SIZE 16 ++static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 }; ++ + static int test_cipher_nids_number = 2; + typedef struct { +- unsigned char key[TEST_RC4_KEY_SIZE]; +- RC4_KEY ks; +- } TEST_RC4_KEY; +-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) ++ unsigned char key[TEST_RC4_KEY_SIZE]; ++ RC4_KEY ks; ++} TEST_RC4_KEY; ++# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) + static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT +- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); +-#endif +- memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); +- RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), +- test(ctx)->key); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++# ifdef TEST_ENG_OPENSSL_RC4_P_INIT ++ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); ++# endif ++ memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx)); ++ RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), ++ test(ctx)->key); ++ return 1; ++} ++ + static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { +-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER +- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); +-#endif +- RC4(&test(ctx)->ks,inl,in,out); +- return 1; +- } +-static const EVP_CIPHER test_r4_cipher= +- { +- NID_rc4, +- 1,TEST_RC4_KEY_SIZE,0, +- EVP_CIPH_VARIABLE_LENGTH, +- test_rc4_init_key, +- test_rc4_cipher, +- NULL, +- sizeof(TEST_RC4_KEY), +- NULL, +- NULL, +- NULL, +- NULL +- }; +-static const EVP_CIPHER test_r4_40_cipher= +- { +- NID_rc4_40, +- 1,5 /* 40 bit */,0, +- EVP_CIPH_VARIABLE_LENGTH, +- test_rc4_init_key, +- test_rc4_cipher, +- NULL, +- sizeof(TEST_RC4_KEY), +- NULL, +- NULL, +- NULL, +- NULL +- }; ++ const unsigned char *in, unsigned int inl) ++{ ++# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER ++ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); ++# endif ++ RC4(&test(ctx)->ks, inl, in, out); ++ return 1; ++} ++ ++static const EVP_CIPHER test_r4_cipher = { ++ NID_rc4, ++ 1, TEST_RC4_KEY_SIZE, 0, ++ EVP_CIPH_VARIABLE_LENGTH, ++ test_rc4_init_key, ++ test_rc4_cipher, ++ NULL, ++ sizeof(TEST_RC4_KEY), ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; ++ ++static const EVP_CIPHER test_r4_40_cipher = { ++ NID_rc4_40, ++ 1, 5 /* 40 bit */ , 0, ++ EVP_CIPH_VARIABLE_LENGTH, ++ test_rc4_init_key, ++ test_rc4_cipher, ++ NULL, ++ sizeof(TEST_RC4_KEY), ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; ++ + static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, +- const int **nids, int nid) +- { +- if(!cipher) +- { +- /* We are returning a list of supported nids */ +- *nids = test_cipher_nids; +- return test_cipher_nids_number; +- } +- /* We are being asked for a specific cipher */ +- if(nid == NID_rc4) +- *cipher = &test_r4_cipher; +- else if(nid == NID_rc4_40) +- *cipher = &test_r4_40_cipher; +- else +- { +-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS +- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " +- "nid %d\n", nid); +-#endif +- *cipher = NULL; +- return 0; +- } +- return 1; +- } ++ const int **nids, int nid) ++{ ++ if (!cipher) { ++ /* We are returning a list of supported nids */ ++ *nids = test_cipher_nids; ++ return test_cipher_nids_number; ++ } ++ /* We are being asked for a specific cipher */ ++ if (nid == NID_rc4) ++ *cipher = &test_r4_cipher; ++ else if (nid == NID_rc4_40) ++ *cipher = &test_r4_40_cipher; ++ else { ++# ifdef TEST_ENG_OPENSSL_RC4_OTHERS ++ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " ++ "nid %d\n", nid); ++# endif ++ *cipher = NULL; ++ return 0; ++ } ++ return 1; ++} + #endif + + #ifdef TEST_ENG_OPENSSL_SHA + /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ +-#include +-static int test_digest_nids[] = {NID_sha1}; ++# include ++static int test_digest_nids[] = { NID_sha1 }; ++ + static int test_digest_nids_number = 1; + static int test_sha1_init(EVP_MD_CTX *ctx) +- { +-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); +-#endif +- return SHA1_Init(ctx->md_data); +- } +-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { +-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); +-#endif +- return SHA1_Update(ctx->md_data,data,count); +- } +-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md) +- { +-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); +-#endif +- return SHA1_Final(md,ctx->md_data); +- } +-static const EVP_MD test_sha_md= +- { +- NID_sha1, +- NID_sha1WithRSAEncryption, +- SHA_DIGEST_LENGTH, +- 0, +- test_sha1_init, +- test_sha1_update, +- test_sha1_final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA_CTX), +- }; ++{ ++# ifdef TEST_ENG_OPENSSL_SHA_P_INIT ++ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); ++# endif ++ return SHA1_Init(ctx->md_data); ++} ++ ++static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE ++ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); ++# endif ++ return SHA1_Update(ctx->md_data, data, count); ++} ++ ++static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL ++ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); ++# endif ++ return SHA1_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD test_sha_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ test_sha1_init, ++ test_sha1_update, ++ test_sha1_final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; ++ + static int openssl_digests(ENGINE *e, const EVP_MD **digest, +- const int **nids, int nid) +- { +- if(!digest) +- { +- /* We are returning a list of supported nids */ +- *nids = test_digest_nids; +- return test_digest_nids_number; +- } +- /* We are being asked for a specific digest */ +- if(nid == NID_sha1) +- *digest = &test_sha_md; +- else +- { +-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS +- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " +- "nid %d\n", nid); +-#endif +- *digest = NULL; +- return 0; +- } +- return 1; +- } ++ const int **nids, int nid) ++{ ++ if (!digest) { ++ /* We are returning a list of supported nids */ ++ *nids = test_digest_nids; ++ return test_digest_nids_number; ++ } ++ /* We are being asked for a specific digest */ ++ if (nid == NID_sha1) ++ *digest = &test_sha_md; ++ else { ++# ifdef TEST_ENG_OPENSSL_SHA_OTHERS ++ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " ++ "nid %d\n", nid); ++# endif ++ *digest = NULL; ++ return 0; ++ } ++ return 1; ++} + #endif + + #ifdef TEST_ENG_OPENSSL_PKEY + static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, +- UI_METHOD *ui_method, void *callback_data) +- { +- BIO *in; +- EVP_PKEY *key; +- fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); +- in = BIO_new_file(key_id, "r"); +- if (!in) +- return NULL; +- key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); +- BIO_free(in); +- return key; +- } ++ UI_METHOD *ui_method, ++ void *callback_data) ++{ ++ BIO *in; ++ EVP_PKEY *key; ++ fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", ++ key_id); ++ in = BIO_new_file(key_id, "r"); ++ if (!in) ++ return NULL; ++ key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); ++ BIO_free(in); ++ return key; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c +index 743558a..f233b16 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c +@@ -1,10 +1,10 @@ +-/* ++/*- + * Support for VIA PadLock Advanced Cryptography Engine (ACE) + * Written by Michal Ludvig + * http://www.logix.cz/michal + * +- * Big thanks to Andy Polyakov for a help with optimization, +- * assembler fixes, port to MS Windows and a lot of other ++ * Big thanks to Andy Polyakov for a help with optimization, ++ * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! + */ + +@@ -62,7 +62,6 @@ + * + */ + +- + #include + #include + +@@ -72,66 +71,70 @@ + #include + #include + #ifndef OPENSSL_NO_AES +-#include ++# include + #endif + #include + #include + + #ifndef OPENSSL_NO_HW +-#ifndef OPENSSL_NO_HW_PADLOCK ++# ifndef OPENSSL_NO_HW_PADLOCK + + /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ +-#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) +-# ifndef OPENSSL_NO_DYNAMIC_ENGINE ++# if (OPENSSL_VERSION_NUMBER >= 0x00908000L) ++# ifndef OPENSSL_NO_DYNAMIC_ENGINE + # define DYNAMIC_ENGINE +-# endif +-#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) +-# ifdef ENGINE_DYNAMIC_SUPPORT ++# endif ++# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) ++# ifdef ENGINE_DYNAMIC_SUPPORT + # define DYNAMIC_ENGINE ++# endif ++# else ++# error "Only OpenSSL >= 0.9.7 is supported" + # endif +-#else +-# error "Only OpenSSL >= 0.9.7 is supported" +-#endif + +-/* VIA PadLock AES is available *ONLY* on some x86 CPUs. +- Not only that it doesn't exist elsewhere, but it +- even can't be compiled on other platforms! +- +- In addition, because of the heavy use of inline assembler, +- compiler choice is limited to GCC and Microsoft C. */ +-#undef COMPILE_HW_PADLOCK +-#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) +-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ ++/* ++ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it ++ * doesn't exist elsewhere, but it even can't be compiled on other platforms! ++ * ++ * In addition, because of the heavy use of inline assembler, compiler choice ++ * is limited to GCC and Microsoft C. ++ */ ++# undef COMPILE_HW_PADLOCK ++# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) ++# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ + (defined(_MSC_VER) && defined(_M_IX86)) +-# define COMPILE_HW_PADLOCK +-static ENGINE *ENGINE_padlock (void); +-# endif +-#endif ++# define COMPILE_HW_PADLOCK ++static ENGINE *ENGINE_padlock(void); ++# endif ++# endif + +-void ENGINE_load_padlock (void) ++void ENGINE_load_padlock(void) + { + /* On non-x86 CPUs it just returns. */ +-#ifdef COMPILE_HW_PADLOCK +- ENGINE *toadd = ENGINE_padlock (); +- if (!toadd) return; +- ENGINE_add (toadd); +- ENGINE_free (toadd); +- ERR_clear_error (); +-#endif ++# ifdef COMPILE_HW_PADLOCK ++ ENGINE *toadd = ENGINE_padlock(); ++ if (!toadd) ++ return; ++ ENGINE_add(toadd); ++ ENGINE_free(toadd); ++ ERR_clear_error(); ++# endif + } + +-#ifdef COMPILE_HW_PADLOCK +-/* We do these includes here to avoid header problems on platforms that +- do not have the VIA padlock anyway... */ +-#ifdef _MSC_VER +-# include +-# define alloca _alloca +-#elif defined(NETWARE_CLIB) && defined(__GNUC__) +- void *alloca(size_t); +-# define alloca(s) __builtin_alloca(s) +-#else +-# include +-#endif ++# ifdef COMPILE_HW_PADLOCK ++/* ++ * We do these includes here to avoid header problems on platforms that do ++ * not have the VIA padlock anyway... ++ */ ++# ifdef _MSC_VER ++# include ++# define alloca _alloca ++# elif defined(NETWARE_CLIB) && defined(__GNUC__) ++void *alloca(size_t); ++# define alloca(s) __builtin_alloca(s) ++# else ++# include ++# endif + + /* Function for ENGINE detection and control */ + static int padlock_available(void); +@@ -141,135 +144,131 @@ static int padlock_init(ENGINE *e); + static RAND_METHOD padlock_rand; + + /* Cipher Stuff */ +-#ifndef OPENSSL_NO_AES +-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); +-#endif ++# ifndef OPENSSL_NO_AES ++static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, ++ const int **nids, int nid); ++# endif + + /* Engine names */ + static const char *padlock_id = "padlock"; + static char padlock_name[100]; + + /* Available features */ +-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +-static int padlock_use_rng = 0; /* Random Number Generator */ +-#ifndef OPENSSL_NO_AES ++static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ ++static int padlock_use_rng = 0; /* Random Number Generator */ ++# ifndef OPENSSL_NO_AES + static int padlock_aes_align_required = 1; +-#endif ++# endif + + /* ===== Engine "management" functions ===== */ + + /* Prepare the ENGINE structure for registration */ +-static int +-padlock_bind_helper(ENGINE *e) ++static int padlock_bind_helper(ENGINE *e) + { +- /* Check available features */ +- padlock_available(); +- +-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */ +- padlock_use_rng=0; +-#endif +- +- /* Generate a nice engine name with available features */ +- BIO_snprintf(padlock_name, sizeof(padlock_name), +- "VIA PadLock (%s, %s)", +- padlock_use_rng ? "RNG" : "no-RNG", +- padlock_use_ace ? "ACE" : "no-ACE"); +- +- /* Register everything or return with an error */ +- if (!ENGINE_set_id(e, padlock_id) || +- !ENGINE_set_name(e, padlock_name) || +- +- !ENGINE_set_init_function(e, padlock_init) || +-#ifndef OPENSSL_NO_AES +- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || +-#endif +- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { +- return 0; +- } +- +- /* Everything looks good */ +- return 1; ++ /* Check available features */ ++ padlock_available(); ++ ++# if 1 /* disable RNG for now, see commentary in ++ * vicinity of RNG code */ ++ padlock_use_rng = 0; ++# endif ++ ++ /* Generate a nice engine name with available features */ ++ BIO_snprintf(padlock_name, sizeof(padlock_name), ++ "VIA PadLock (%s, %s)", ++ padlock_use_rng ? "RNG" : "no-RNG", ++ padlock_use_ace ? "ACE" : "no-ACE"); ++ ++ /* Register everything or return with an error */ ++ if (!ENGINE_set_id(e, padlock_id) || ++ !ENGINE_set_name(e, padlock_name) || ++ !ENGINE_set_init_function(e, padlock_init) || ++# ifndef OPENSSL_NO_AES ++ (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) || ++# endif ++ (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) { ++ return 0; ++ } ++ ++ /* Everything looks good */ ++ return 1; + } + + /* Constructor */ +-static ENGINE * +-ENGINE_padlock(void) ++static ENGINE *ENGINE_padlock(void) + { +- ENGINE *eng = ENGINE_new(); ++ ENGINE *eng = ENGINE_new(); + +- if (!eng) { +- return NULL; +- } ++ if (!eng) { ++ return NULL; ++ } + +- if (!padlock_bind_helper(eng)) { +- ENGINE_free(eng); +- return NULL; +- } ++ if (!padlock_bind_helper(eng)) { ++ ENGINE_free(eng); ++ return NULL; ++ } + +- return eng; ++ return eng; + } + + /* Check availability of the engine */ +-static int +-padlock_init(ENGINE *e) ++static int padlock_init(ENGINE *e) + { +- return (padlock_use_rng || padlock_use_ace); ++ return (padlock_use_rng || padlock_use_ace); + } + +-/* This stuff is needed if this ENGINE is being compiled into a self-contained +- * shared-library. ++/* ++ * This stuff is needed if this ENGINE is being compiled into a ++ * self-contained shared-library. + */ +-#ifdef DYNAMIC_ENGINE +-static int +-padlock_bind_fn(ENGINE *e, const char *id) ++# ifdef DYNAMIC_ENGINE ++static int padlock_bind_fn(ENGINE *e, const char *id) + { +- if (id && (strcmp(id, padlock_id) != 0)) { +- return 0; +- } ++ if (id && (strcmp(id, padlock_id) != 0)) { ++ return 0; ++ } + +- if (!padlock_bind_helper(e)) { +- return 0; +- } ++ if (!padlock_bind_helper(e)) { ++ return 0; ++ } + +- return 1; ++ return 1; + } + +-IMPLEMENT_DYNAMIC_CHECK_FN () +-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn) +-#endif /* DYNAMIC_ENGINE */ +- ++IMPLEMENT_DYNAMIC_CHECK_FN() ++ IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn) ++# endif /* DYNAMIC_ENGINE */ + /* ===== Here comes the "real" engine ===== */ +- +-#ifndef OPENSSL_NO_AES ++# ifndef OPENSSL_NO_AES + /* Some AES-related constants */ +-#define AES_BLOCK_SIZE 16 +-#define AES_KEY_SIZE_128 16 +-#define AES_KEY_SIZE_192 24 +-#define AES_KEY_SIZE_256 32 +- +-/* Here we store the status information relevant to the +- current context. */ +-/* BIG FAT WARNING: +- * Inline assembler in PADLOCK_XCRYPT_ASM() +- * depends on the order of items in this structure. +- * Don't blindly modify, reorder, etc! +- */ +-struct padlock_cipher_data +-{ +- unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ +- union { unsigned int pad[4]; +- struct { +- int rounds:4; +- int dgst:1; /* n/a in C3 */ +- int align:1; /* n/a in C3 */ +- int ciphr:1; /* n/a in C3 */ +- unsigned int keygen:1; +- int interm:1; +- unsigned int encdec:1; +- int ksize:2; +- } b; +- } cword; /* Control word */ +- AES_KEY ks; /* Encryption key */ ++# define AES_BLOCK_SIZE 16 ++# define AES_KEY_SIZE_128 16 ++# define AES_KEY_SIZE_192 24 ++# define AES_KEY_SIZE_256 32 ++ /* ++ * Here we store the status information relevant to the current context. ++ */ ++ /* ++ * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on ++ * the order of items in this structure. Don't blindly modify, reorder, ++ * etc! ++ */ ++struct padlock_cipher_data { ++ unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ ++ union { ++ unsigned int pad[4]; ++ struct { ++ int rounds:4; ++ int dgst:1; /* n/a in C3 */ ++ int align:1; /* n/a in C3 */ ++ int ciphr:1; /* n/a in C3 */ ++ unsigned int keygen:1; ++ int interm:1; ++ unsigned int encdec:1; ++ int ksize:2; ++ } b; ++ } cword; /* Control word */ ++ AES_KEY ks; /* Encryption key */ + }; + + /* +@@ -279,9 +278,9 @@ struct padlock_cipher_data + * so we accept the penatly... + */ + static volatile struct padlock_cipher_data *padlock_saved_context; +-#endif ++# endif + +-/* ++/*- + * ======================================================= + * Inline assembler section(s). + * ======================================================= +@@ -291,7 +290,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context; + * argument is passed in %ecx and second - in %edx. + * ======================================================= + */ +-#if defined(__GNUC__) && __GNUC__>=2 ++# if defined(__GNUC__) && __GNUC__>=2 + /* + * As for excessive "push %ebx"/"pop %ebx" found all over. + * When generating position-independent code GCC won't let +@@ -299,103 +298,99 @@ static volatile struct padlock_cipher_data *padlock_saved_context; + * in "clobber description." Therefore the trouble... + */ + +-/* Helper function - check if a CPUID instruction +- is available on this CPU */ +-static int +-padlock_insn_cpuid_available(void) ++/* ++ * Helper function - check if a CPUID instruction is available on this CPU ++ */ ++static int padlock_insn_cpuid_available(void) + { +- int result = -1; +- +- /* We're checking if the bit #21 of EFLAGS +- can be toggled. If yes = CPUID is available. */ +- asm volatile ( +- "pushf\n" +- "popl %%eax\n" +- "xorl $0x200000, %%eax\n" +- "movl %%eax, %%ecx\n" +- "andl $0x200000, %%ecx\n" +- "pushl %%eax\n" +- "popf\n" +- "pushf\n" +- "popl %%eax\n" +- "andl $0x200000, %%eax\n" +- "xorl %%eax, %%ecx\n" +- "movl %%ecx, %0\n" +- : "=r" (result) : : "eax", "ecx"); +- +- return (result == 0); ++ int result = -1; ++ ++ /* ++ * We're checking if the bit #21 of EFLAGS can be toggled. If yes = ++ * CPUID is available. ++ */ ++ asm volatile ("pushf\n" ++ "popl %%eax\n" ++ "xorl $0x200000, %%eax\n" ++ "movl %%eax, %%ecx\n" ++ "andl $0x200000, %%ecx\n" ++ "pushl %%eax\n" ++ "popf\n" ++ "pushf\n" ++ "popl %%eax\n" ++ "andl $0x200000, %%eax\n" ++ "xorl %%eax, %%ecx\n" ++ "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx"); ++ ++ return (result == 0); + } + +-/* Load supported features of the CPU to see if +- the PadLock is available. */ +-static int +-padlock_available(void) ++/* ++ * Load supported features of the CPU to see if the PadLock is available. ++ */ ++static int padlock_available(void) + { +- char vendor_string[16]; +- unsigned int eax, edx; +- +- /* First check if the CPUID instruction is available at all... */ +- if (! padlock_insn_cpuid_available()) +- return 0; +- +- /* Are we running on the Centaur (VIA) CPU? */ +- eax = 0x00000000; +- vendor_string[12] = 0; +- asm volatile ( +- "pushl %%ebx\n" +- "cpuid\n" +- "movl %%ebx,(%%edi)\n" +- "movl %%edx,4(%%edi)\n" +- "movl %%ecx,8(%%edi)\n" +- "popl %%ebx" +- : "+a"(eax) : "D"(vendor_string) : "ecx", "edx"); +- if (strcmp(vendor_string, "CentaurHauls") != 0) +- return 0; +- +- /* Check for Centaur Extended Feature Flags presence */ +- eax = 0xC0000000; +- asm volatile ("pushl %%ebx; cpuid; popl %%ebx" +- : "+a"(eax) : : "ecx", "edx"); +- if (eax < 0xC0000001) +- return 0; +- +- /* Read the Centaur Extended Feature Flags */ +- eax = 0xC0000001; +- asm volatile ("pushl %%ebx; cpuid; popl %%ebx" +- : "+a"(eax), "=d"(edx) : : "ecx"); +- +- /* Fill up some flags */ +- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); +- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); +- +- return padlock_use_ace + padlock_use_rng; ++ char vendor_string[16]; ++ unsigned int eax, edx; ++ ++ /* First check if the CPUID instruction is available at all... */ ++ if (!padlock_insn_cpuid_available()) ++ return 0; ++ ++ /* Are we running on the Centaur (VIA) CPU? */ ++ eax = 0x00000000; ++ vendor_string[12] = 0; ++ asm volatile ("pushl %%ebx\n" ++ "cpuid\n" ++ "movl %%ebx,(%%edi)\n" ++ "movl %%edx,4(%%edi)\n" ++ "movl %%ecx,8(%%edi)\n" ++ "popl %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx"); ++ if (strcmp(vendor_string, "CentaurHauls") != 0) ++ return 0; ++ ++ /* Check for Centaur Extended Feature Flags presence */ ++ eax = 0xC0000000; ++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx"); ++ if (eax < 0xC0000001) ++ return 0; ++ ++ /* Read the Centaur Extended Feature Flags */ ++ eax = 0xC0000001; ++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax), ++ "=d"(edx)::"ecx"); ++ ++ /* Fill up some flags */ ++ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); ++ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); ++ ++ return padlock_use_ace + padlock_use_rng; + } + +-#ifndef OPENSSL_NO_AES ++# ifndef OPENSSL_NO_AES + /* Our own htonl()/ntohl() */ +-static inline void +-padlock_bswapl(AES_KEY *ks) ++static inline void padlock_bswapl(AES_KEY *ks) + { +- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); +- unsigned int *key = ks->rd_key; ++ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]); ++ unsigned int *key = ks->rd_key; + +- while (i--) { +- asm volatile ("bswapl %0" : "+r"(*key)); +- key++; +- } ++ while (i--) { ++ asm volatile ("bswapl %0":"+r" (*key)); ++ key++; ++ } + } +-#endif ++# endif + +-/* Force key reload from memory to the CPU microcode. +- Loading EFLAGS from the stack clears EFLAGS[30] +- which does the trick. */ +-static inline void +-padlock_reload_key(void) ++/* ++ * Force key reload from memory to the CPU microcode. Loading EFLAGS from the ++ * stack clears EFLAGS[30] which does the trick. ++ */ ++static inline void padlock_reload_key(void) + { +- asm volatile ("pushfl; popfl"); ++ asm volatile ("pushfl; popfl"); + } + +-#ifndef OPENSSL_NO_AES ++# ifndef OPENSSL_NO_AES + /* + * This is heuristic key context tracing. At first one + * believes that one should use atomic swap instructions, +@@ -405,90 +400,89 @@ padlock_reload_key(void) + * our key *shall* be reloaded upon thread context switch + * and we are therefore set in either case... + */ +-static inline void +-padlock_verify_context(struct padlock_cipher_data *cdata) ++static inline void padlock_verify_context(struct padlock_cipher_data *cdata) + { +- asm volatile ( +- "pushfl\n" +-" btl $30,(%%esp)\n" +-" jnc 1f\n" +-" cmpl %2,%1\n" +-" je 1f\n" +-" popfl\n" +-" subl $4,%%esp\n" +-"1: addl $4,%%esp\n" +-" movl %2,%0" +- :"+m"(padlock_saved_context) +- : "r"(padlock_saved_context), "r"(cdata) : "cc"); ++ asm volatile ("pushfl\n" ++ " btl $30,(%%esp)\n" ++ " jnc 1f\n" ++ " cmpl %2,%1\n" ++ " je 1f\n" ++ " popfl\n" ++ " subl $4,%%esp\n" ++ "1: addl $4,%%esp\n" ++ " movl %2,%0":"+m" (padlock_saved_context) ++ :"r"(padlock_saved_context), "r"(cdata):"cc"); + } + + /* Template for padlock_xcrypt_* modes */ +-/* BIG FAT WARNING: +- * The offsets used with 'leal' instructions +- * describe items of the 'padlock_cipher_data' +- * structure. ++/* ++ * BIG FAT WARNING: The offsets used with 'leal' instructions describe items ++ * of the 'padlock_cipher_data' structure. + */ +-#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ +-static inline void *name(size_t cnt, \ +- struct padlock_cipher_data *cdata, \ +- void *out, const void *inp) \ +-{ void *iv; \ +- asm volatile ( "pushl %%ebx\n" \ +- " leal 16(%0),%%edx\n" \ +- " leal 32(%0),%%ebx\n" \ +- rep_xcrypt "\n" \ +- " popl %%ebx" \ +- : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ +- : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ +- : "edx", "cc", "memory"); \ +- return iv; \ ++# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ ++static inline void *name(size_t cnt, \ ++ struct padlock_cipher_data *cdata, \ ++ void *out, const void *inp) \ ++{ void *iv; \ ++ asm volatile ( "pushl %%ebx\n" \ ++ " leal 16(%0),%%edx\n" \ ++ " leal 32(%0),%%ebx\n" \ ++ rep_xcrypt "\n" \ ++ " popl %%ebx" \ ++ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ ++ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ ++ : "edx", "cc", "memory"); \ ++ return iv; \ + } + + /* Generate all functions with appropriate opcodes */ +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ +-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ +-#endif +- ++/* rep xcryptecb */ ++PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") ++/* rep xcryptcbc */ ++ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") ++/* rep xcryptcfb */ ++ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") ++/* rep xcryptofb */ ++ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") ++# endif + /* The RNG call itself */ +-static inline unsigned int +-padlock_xstore(void *addr, unsigned int edx_in) ++static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in) + { +- unsigned int eax_out; ++ unsigned int eax_out; + +- asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ +- : "=a"(eax_out),"=m"(*(unsigned *)addr) +- : "D"(addr), "d" (edx_in) +- ); ++ asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ ++ :"=a" (eax_out), "=m"(*(unsigned *)addr) ++ :"D"(addr), "d"(edx_in) ++ ); + +- return eax_out; ++ return eax_out; + } + +-/* Why not inline 'rep movsd'? I failed to find information on what +- * value in Direction Flag one can expect and consequently have to +- * apply "better-safe-than-sorry" approach and assume "undefined." +- * I could explicitly clear it and restore the original value upon +- * return from padlock_aes_cipher, but it's presumably too much +- * trouble for too little gain... +- * +- * In case you wonder 'rep xcrypt*' instructions above are *not* +- * affected by the Direction Flag and pointers advance toward +- * larger addresses unconditionally. +- */ +-static inline unsigned char * +-padlock_memcpy(void *dst,const void *src,size_t n) ++/* ++ * Why not inline 'rep movsd'? I failed to find information on what value in ++ * Direction Flag one can expect and consequently have to apply ++ * "better-safe-than-sorry" approach and assume "undefined." I could ++ * explicitly clear it and restore the original value upon return from ++ * padlock_aes_cipher, but it's presumably too much trouble for too little ++ * gain... In case you wonder 'rep xcrypt*' instructions above are *not* ++ * affected by the Direction Flag and pointers advance toward larger ++ * addresses unconditionally. ++ */ ++static inline unsigned char *padlock_memcpy(void *dst, const void *src, ++ size_t n) + { +- long *d=dst; +- const long *s=src; ++ long *d = dst; ++ const long *s = src; + +- n /= sizeof(*d); +- do { *d++ = *s++; } while (--n); ++ n /= sizeof(*d); ++ do { ++ *d++ = *s++; ++ } while (--n); + +- return dst; ++ return dst; + } + +-#elif defined(_MSC_VER) ++# elif defined(_MSC_VER) + /* + * Unlike GCC these are real functions. In order to minimize impact + * on performance we adhere to __fastcall calling convention in +@@ -496,26 +490,25 @@ padlock_memcpy(void *dst,const void *src,size_t n) + * Which kind of suits very well, as instructions in question use + * both %ecx and %edx as input:-) + */ +-#define REP_XCRYPT(code) \ +- _asm _emit 0xf3 \ +- _asm _emit 0x0f _asm _emit 0xa7 \ +- _asm _emit code +- +-/* BIG FAT WARNING: +- * The offsets used with 'lea' instructions +- * describe items of the 'padlock_cipher_data' +- * structure. ++# define REP_XCRYPT(code) \ ++ _asm _emit 0xf3 \ ++ _asm _emit 0x0f _asm _emit 0xa7 \ ++ _asm _emit code ++ ++/* ++ * BIG FAT WARNING: The offsets used with 'lea' instructions describe items ++ * of the 'padlock_cipher_data' structure. + */ +-#define PADLOCK_XCRYPT_ASM(name,code) \ +-static void * __fastcall \ +- name (size_t cnt, void *cdata, \ +- void *outp, const void *inp) \ +-{ _asm mov eax,edx \ +- _asm lea edx,[eax+16] \ +- _asm lea ebx,[eax+32] \ +- _asm mov edi,outp \ +- _asm mov esi,inp \ +- REP_XCRYPT(code) \ ++# define PADLOCK_XCRYPT_ASM(name,code) \ ++static void * __fastcall \ ++ name (size_t cnt, void *cdata, \ ++ void *outp, const void *inp) \ ++{ _asm mov eax,edx \ ++ _asm lea edx,[eax+16] \ ++ _asm lea ebx,[eax+32] \ ++ _asm mov edi,outp \ ++ _asm mov esi,inp \ ++ REP_XCRYPT(code) \ + } + + PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +@@ -523,324 +516,330 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) + PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) + PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) + +-static int __fastcall +-padlock_xstore(void *outp,unsigned int code) +-{ _asm mov edi,ecx +- _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 ++static int __fastcall padlock_xstore(void *outp, unsigned int code) ++{ ++ _asm mov edi,ecx ++ _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 ++} ++ ++static void __fastcall padlock_reload_key(void) ++{ ++ _asm pushfd ++ _asm popfd + } + +-static void __fastcall +-padlock_reload_key(void) +-{ _asm pushfd _asm popfd } +- +-static void __fastcall +-padlock_verify_context(void *cdata) +-{ _asm { +- pushfd +- bt DWORD PTR[esp],30 +- jnc skip +- cmp ecx,padlock_saved_context +- je skip +- popfd +- sub esp,4 +- skip: add esp,4 +- mov padlock_saved_context,ecx +- } ++static void __fastcall padlock_verify_context(void *cdata) ++{ ++ _asm { ++ pushfd ++ bt DWORD PTR[esp],30 ++ jnc skip ++ cmp ecx,padlock_saved_context ++ je skip ++ popfd ++ sub esp,4 ++ skip: add esp,4 ++ mov padlock_saved_context,ecx ++ } + } + + static int + padlock_available(void) +-{ _asm { +- pushfd +- pop eax +- mov ecx,eax +- xor eax,1<<21 +- push eax +- popfd +- pushfd +- pop eax +- xor eax,ecx +- bt eax,21 +- jnc noluck +- mov eax,0 +- cpuid +- xor eax,eax +- cmp ebx,'tneC' +- jne noluck +- cmp edx,'Hrua' +- jne noluck +- cmp ecx,'slua' +- jne noluck +- mov eax,0xC0000000 +- cpuid +- mov edx,eax +- xor eax,eax +- cmp edx,0xC0000001 +- jb noluck +- mov eax,0xC0000001 +- cpuid +- xor eax,eax +- bt edx,6 +- jnc skip_a +- bt edx,7 +- jnc skip_a +- mov padlock_use_ace,1 +- inc eax +- skip_a: bt edx,2 +- jnc skip_r +- bt edx,3 +- jnc skip_r +- mov padlock_use_rng,1 +- inc eax +- skip_r: +- noluck: +- } ++{ ++ _asm { ++ pushfd ++ pop eax ++ mov ecx,eax ++ xor eax,1<<21 ++ push eax ++ popfd ++ pushfd ++ pop eax ++ xor eax,ecx ++ bt eax,21 ++ jnc noluck ++ mov eax,0 ++ cpuid ++ xor eax,eax ++ cmp ebx,'tneC' ++ jne noluck ++ cmp edx,'Hrua' ++ jne noluck ++ cmp ecx,'slua' ++ jne noluck ++ mov eax,0xC0000000 ++ cpuid ++ mov edx,eax ++ xor eax,eax ++ cmp edx,0xC0000001 ++ jb noluck ++ mov eax,0xC0000001 ++ cpuid ++ xor eax,eax ++ bt edx,6 ++ jnc skip_a ++ bt edx,7 ++ jnc skip_a ++ mov padlock_use_ace,1 ++ inc eax ++ skip_a: bt edx,2 ++ jnc skip_r ++ bt edx,3 ++ jnc skip_r ++ mov padlock_use_rng,1 ++ inc eax ++ skip_r: ++ noluck: ++ } + } + +-static void __fastcall +-padlock_bswapl(void *key) +-{ _asm { +- pushfd +- cld +- mov esi,ecx +- mov edi,ecx +- mov ecx,60 +- up: lodsd +- bswap eax +- stosd +- loop up +- popfd +- } ++static void __fastcall padlock_bswapl(void *key) ++{ ++ _asm { ++ pushfd ++ cld ++ mov esi,ecx ++ mov edi,ecx ++ mov ecx,60 ++ up: lodsd ++ bswap eax ++ stosd ++ loop up ++ popfd ++ } + } + +-/* MS actually specifies status of Direction Flag and compiler even +- * manages to compile following as 'rep movsd' all by itself... ++/* ++ * MS actually specifies status of Direction Flag and compiler even manages ++ * to compile following as 'rep movsd' all by itself... + */ +-#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) +-#endif +- ++# define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U)) ++# endif + /* ===== AES encryption/decryption ===== */ +-#ifndef OPENSSL_NO_AES +- +-#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) +-#define NID_aes_128_cfb NID_aes_128_cfb128 +-#endif +- +-#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) +-#define NID_aes_128_ofb NID_aes_128_ofb128 +-#endif +- +-#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) +-#define NID_aes_192_cfb NID_aes_192_cfb128 +-#endif +- +-#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) +-#define NID_aes_192_ofb NID_aes_192_ofb128 +-#endif +- +-#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) +-#define NID_aes_256_cfb NID_aes_256_cfb128 +-#endif +- +-#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) +-#define NID_aes_256_ofb NID_aes_256_ofb128 +-#endif +- +-/* List of supported ciphers. */ +-static int padlock_cipher_nids[] = { +- NID_aes_128_ecb, +- NID_aes_128_cbc, +- NID_aes_128_cfb, +- NID_aes_128_ofb, +- +- NID_aes_192_ecb, +- NID_aes_192_cbc, +- NID_aes_192_cfb, +- NID_aes_192_ofb, +- +- NID_aes_256_ecb, +- NID_aes_256_cbc, +- NID_aes_256_cfb, +- NID_aes_256_ofb, ++# ifndef OPENSSL_NO_AES ++# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) ++# define NID_aes_128_cfb NID_aes_128_cfb128 ++# endif ++# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) ++# define NID_aes_128_ofb NID_aes_128_ofb128 ++# endif ++# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) ++# define NID_aes_192_cfb NID_aes_192_cfb128 ++# endif ++# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) ++# define NID_aes_192_ofb NID_aes_192_ofb128 ++# endif ++# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) ++# define NID_aes_256_cfb NID_aes_256_cfb128 ++# endif ++# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) ++# define NID_aes_256_ofb NID_aes_256_ofb128 ++# endif ++/* ++ * List of supported ciphers. ++ */ static int padlock_cipher_nids[] = { ++ NID_aes_128_ecb, ++ NID_aes_128_cbc, ++ NID_aes_128_cfb, ++ NID_aes_128_ofb, ++ ++ NID_aes_192_ecb, ++ NID_aes_192_cbc, ++ NID_aes_192_cfb, ++ NID_aes_192_ofb, ++ ++ NID_aes_256_ecb, ++ NID_aes_256_cbc, ++ NID_aes_256_cfb, ++ NID_aes_256_ofb, + }; +-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ +- sizeof(padlock_cipher_nids[0])); ++ ++static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) / ++ sizeof(padlock_cipher_nids[0])); + + /* Function prototypes ... */ + static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t nbytes); +- +-#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ +- ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) +-#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ +- NEAREST_ALIGNED(ctx->cipher_data)) +- +-#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +-#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +-#define EVP_CIPHER_block_size_OFB 1 +-#define EVP_CIPHER_block_size_CFB 1 +- +-/* Declaring so many ciphers by hand would be a pain. +- Instead introduce a bit of preprocessor magic :-) */ +-#define DECLARE_AES_EVP(ksize,lmode,umode) \ +-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ +- NID_aes_##ksize##_##lmode, \ +- EVP_CIPHER_block_size_##umode, \ +- AES_KEY_SIZE_##ksize, \ +- AES_BLOCK_SIZE, \ +- 0 | EVP_CIPH_##umode##_MODE, \ +- padlock_aes_init_key, \ +- padlock_aes_cipher, \ +- NULL, \ +- sizeof(struct padlock_cipher_data) + 16, \ +- EVP_CIPHER_set_asn1_iv, \ +- EVP_CIPHER_get_asn1_iv, \ +- NULL, \ +- NULL \ ++ const unsigned char *in, size_t nbytes); ++ ++# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ ++ ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) ++# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ ++ NEAREST_ALIGNED(ctx->cipher_data)) ++ ++# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE ++# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE ++# define EVP_CIPHER_block_size_OFB 1 ++# define EVP_CIPHER_block_size_CFB 1 ++ ++/* ++ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit ++ * of preprocessor magic :-) ++ */ ++# define DECLARE_AES_EVP(ksize,lmode,umode) \ ++static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ ++ NID_aes_##ksize##_##lmode, \ ++ EVP_CIPHER_block_size_##umode, \ ++ AES_KEY_SIZE_##ksize, \ ++ AES_BLOCK_SIZE, \ ++ 0 | EVP_CIPH_##umode##_MODE, \ ++ padlock_aes_init_key, \ ++ padlock_aes_cipher, \ ++ NULL, \ ++ sizeof(struct padlock_cipher_data) + 16, \ ++ EVP_CIPHER_set_asn1_iv, \ ++ EVP_CIPHER_get_asn1_iv, \ ++ NULL, \ ++ NULL \ + } + +-DECLARE_AES_EVP(128,ecb,ECB); +-DECLARE_AES_EVP(128,cbc,CBC); +-DECLARE_AES_EVP(128,cfb,CFB); +-DECLARE_AES_EVP(128,ofb,OFB); ++DECLARE_AES_EVP(128, ecb, ECB); ++DECLARE_AES_EVP(128, cbc, CBC); ++DECLARE_AES_EVP(128, cfb, CFB); ++DECLARE_AES_EVP(128, ofb, OFB); + +-DECLARE_AES_EVP(192,ecb,ECB); +-DECLARE_AES_EVP(192,cbc,CBC); +-DECLARE_AES_EVP(192,cfb,CFB); +-DECLARE_AES_EVP(192,ofb,OFB); ++DECLARE_AES_EVP(192, ecb, ECB); ++DECLARE_AES_EVP(192, cbc, CBC); ++DECLARE_AES_EVP(192, cfb, CFB); ++DECLARE_AES_EVP(192, ofb, OFB); + +-DECLARE_AES_EVP(256,ecb,ECB); +-DECLARE_AES_EVP(256,cbc,CBC); +-DECLARE_AES_EVP(256,cfb,CFB); +-DECLARE_AES_EVP(256,ofb,OFB); ++DECLARE_AES_EVP(256, ecb, ECB); ++DECLARE_AES_EVP(256, cbc, CBC); ++DECLARE_AES_EVP(256, cfb, CFB); ++DECLARE_AES_EVP(256, ofb, OFB); + + static int +-padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) ++padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, ++ int nid) + { +- /* No specific cipher => return a list of supported nids ... */ +- if (!cipher) { +- *nids = padlock_cipher_nids; +- return padlock_cipher_nids_num; +- } +- +- /* ... or the requested "cipher" otherwise */ +- switch (nid) { +- case NID_aes_128_ecb: +- *cipher = &padlock_aes_128_ecb; +- break; +- case NID_aes_128_cbc: +- *cipher = &padlock_aes_128_cbc; +- break; +- case NID_aes_128_cfb: +- *cipher = &padlock_aes_128_cfb; +- break; +- case NID_aes_128_ofb: +- *cipher = &padlock_aes_128_ofb; +- break; +- +- case NID_aes_192_ecb: +- *cipher = &padlock_aes_192_ecb; +- break; +- case NID_aes_192_cbc: +- *cipher = &padlock_aes_192_cbc; +- break; +- case NID_aes_192_cfb: +- *cipher = &padlock_aes_192_cfb; +- break; +- case NID_aes_192_ofb: +- *cipher = &padlock_aes_192_ofb; +- break; +- +- case NID_aes_256_ecb: +- *cipher = &padlock_aes_256_ecb; +- break; +- case NID_aes_256_cbc: +- *cipher = &padlock_aes_256_cbc; +- break; +- case NID_aes_256_cfb: +- *cipher = &padlock_aes_256_cfb; +- break; +- case NID_aes_256_ofb: +- *cipher = &padlock_aes_256_ofb; +- break; +- +- default: +- /* Sorry, we don't support this NID */ +- *cipher = NULL; +- return 0; +- } +- +- return 1; ++ /* No specific cipher => return a list of supported nids ... */ ++ if (!cipher) { ++ *nids = padlock_cipher_nids; ++ return padlock_cipher_nids_num; ++ } ++ ++ /* ... or the requested "cipher" otherwise */ ++ switch (nid) { ++ case NID_aes_128_ecb: ++ *cipher = &padlock_aes_128_ecb; ++ break; ++ case NID_aes_128_cbc: ++ *cipher = &padlock_aes_128_cbc; ++ break; ++ case NID_aes_128_cfb: ++ *cipher = &padlock_aes_128_cfb; ++ break; ++ case NID_aes_128_ofb: ++ *cipher = &padlock_aes_128_ofb; ++ break; ++ ++ case NID_aes_192_ecb: ++ *cipher = &padlock_aes_192_ecb; ++ break; ++ case NID_aes_192_cbc: ++ *cipher = &padlock_aes_192_cbc; ++ break; ++ case NID_aes_192_cfb: ++ *cipher = &padlock_aes_192_cfb; ++ break; ++ case NID_aes_192_ofb: ++ *cipher = &padlock_aes_192_ofb; ++ break; ++ ++ case NID_aes_256_ecb: ++ *cipher = &padlock_aes_256_ecb; ++ break; ++ case NID_aes_256_cbc: ++ *cipher = &padlock_aes_256_cbc; ++ break; ++ case NID_aes_256_cfb: ++ *cipher = &padlock_aes_256_cfb; ++ break; ++ case NID_aes_256_ofb: ++ *cipher = &padlock_aes_256_ofb; ++ break; ++ ++ default: ++ /* Sorry, we don't support this NID */ ++ *cipher = NULL; ++ return 0; ++ } ++ ++ return 1; + } + + /* Prepare the encryption key for PadLock usage */ + static int +-padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) ++padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc) + { +- struct padlock_cipher_data *cdata; +- int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; +- +- if (key==NULL) return 0; /* ERROR */ +- +- cdata = ALIGNED_CIPHER_DATA(ctx); +- memset(cdata, 0, sizeof(struct padlock_cipher_data)); +- +- /* Prepare Control word. */ +- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) +- cdata->cword.b.encdec = 0; +- else +- cdata->cword.b.encdec = (ctx->encrypt == 0); +- cdata->cword.b.rounds = 10 + (key_len - 128) / 32; +- cdata->cword.b.ksize = (key_len - 128) / 64; +- +- switch(key_len) { +- case 128: +- /* PadLock can generate an extended key for +- AES128 in hardware */ +- memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); +- cdata->cword.b.keygen = 0; +- break; +- +- case 192: +- case 256: +- /* Generate an extended AES key in software. +- Needed for AES192/AES256 */ +- /* Well, the above applies to Stepping 8 CPUs +- and is listed as hardware errata. They most +- likely will fix it at some point and then +- a check for stepping would be due here. */ +- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || +- EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || +- enc) +- AES_set_encrypt_key(key, key_len, &cdata->ks); +- else +- AES_set_decrypt_key(key, key_len, &cdata->ks); +-#ifndef AES_ASM +- /* OpenSSL C functions use byte-swapped extended key. */ +- padlock_bswapl(&cdata->ks); +-#endif +- cdata->cword.b.keygen = 1; +- break; +- +- default: +- /* ERROR */ +- return 0; +- } +- +- /* +- * This is done to cover for cases when user reuses the +- * context for new key. The catch is that if we don't do +- * this, padlock_eas_cipher might proceed with old key... +- */ +- padlock_reload_key (); +- +- return 1; ++ struct padlock_cipher_data *cdata; ++ int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; ++ ++ if (key == NULL) ++ return 0; /* ERROR */ ++ ++ cdata = ALIGNED_CIPHER_DATA(ctx); ++ memset(cdata, 0, sizeof(struct padlock_cipher_data)); ++ ++ /* Prepare Control word. */ ++ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) ++ cdata->cword.b.encdec = 0; ++ else ++ cdata->cword.b.encdec = (ctx->encrypt == 0); ++ cdata->cword.b.rounds = 10 + (key_len - 128) / 32; ++ cdata->cword.b.ksize = (key_len - 128) / 64; ++ ++ switch (key_len) { ++ case 128: ++ /* ++ * PadLock can generate an extended key for AES128 in hardware ++ */ ++ memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); ++ cdata->cword.b.keygen = 0; ++ break; ++ ++ case 192: ++ case 256: ++ /* ++ * Generate an extended AES key in software. Needed for AES192/AES256 ++ */ ++ /* ++ * Well, the above applies to Stepping 8 CPUs and is listed as ++ * hardware errata. They most likely will fix it at some point and ++ * then a check for stepping would be due here. ++ */ ++ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || ++ EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc) ++ AES_set_encrypt_key(key, key_len, &cdata->ks); ++ else ++ AES_set_decrypt_key(key, key_len, &cdata->ks); ++# ifndef AES_ASM ++ /* ++ * OpenSSL C functions use byte-swapped extended key. ++ */ ++ padlock_bswapl(&cdata->ks); ++# endif ++ cdata->cword.b.keygen = 1; ++ break; ++ ++ default: ++ /* ERROR */ ++ return 0; ++ } ++ ++ /* ++ * This is done to cover for cases when user reuses the ++ * context for new key. The catch is that if we don't do ++ * this, padlock_eas_cipher might proceed with old key... ++ */ ++ padlock_reload_key(); ++ ++ return 1; + } + +-/* ++/*- + * Simplified version of padlock_aes_cipher() used when + * 1) both input and output buffers are at aligned addresses. + * or when +@@ -848,314 +847,329 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, + */ + static int + padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +- const unsigned char *in_arg, size_t nbytes) ++ const unsigned char *in_arg, size_t nbytes) + { +- struct padlock_cipher_data *cdata; +- void *iv; +- +- cdata = ALIGNED_CIPHER_DATA(ctx); +- padlock_verify_context(cdata); +- +- switch (EVP_CIPHER_CTX_mode(ctx)) { +- case EVP_CIPH_ECB_MODE: +- padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); +- break; +- +- case EVP_CIPH_CBC_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_CFB_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_OFB_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg); +- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); +- break; +- +- default: +- return 0; +- } +- +- memset(cdata->iv, 0, AES_BLOCK_SIZE); +- +- return 1; ++ struct padlock_cipher_data *cdata; ++ void *iv; ++ ++ cdata = ALIGNED_CIPHER_DATA(ctx); ++ padlock_verify_context(cdata); ++ ++ switch (EVP_CIPHER_CTX_mode(ctx)) { ++ case EVP_CIPH_ECB_MODE: ++ padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg); ++ break; ++ ++ case EVP_CIPH_CBC_MODE: ++ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); ++ iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg, ++ in_arg); ++ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); ++ break; ++ ++ case EVP_CIPH_CFB_MODE: ++ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); ++ iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, ++ in_arg); ++ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); ++ break; ++ ++ case EVP_CIPH_OFB_MODE: ++ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); ++ padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg); ++ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); ++ break; ++ ++ default: ++ return 0; ++ } ++ ++ memset(cdata->iv, 0, AES_BLOCK_SIZE); ++ ++ return 1; + } + +-#ifndef PADLOCK_CHUNK +-# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ +-#endif +-#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) +-# error "insane PADLOCK_CHUNK..." +-#endif ++# ifndef PADLOCK_CHUNK ++# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ ++# endif ++# if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) ++# error "insane PADLOCK_CHUNK..." ++# endif + +-/* Re-align the arguments to 16-Bytes boundaries and run the +- encryption function itself. This function is not AES-specific. */ ++/* ++ * Re-align the arguments to 16-Bytes boundaries and run the encryption ++ * function itself. This function is not AES-specific. ++ */ + static int + padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, +- const unsigned char *in_arg, size_t nbytes) ++ const unsigned char *in_arg, size_t nbytes) + { +- struct padlock_cipher_data *cdata; +- const void *inp; +- unsigned char *out; +- void *iv; +- int inp_misaligned, out_misaligned, realign_in_loop; +- size_t chunk, allocated=0; +- +- /* ctx->num is maintained in byte-oriented modes, +- such as CFB and OFB... */ +- if ((chunk = ctx->num)) { /* borrow chunk variable */ +- unsigned char *ivp=ctx->iv; +- +- switch (EVP_CIPHER_CTX_mode(ctx)) { +- case EVP_CIPH_CFB_MODE: +- if (chunk >= AES_BLOCK_SIZE) +- return 0; /* bogus value */ +- +- if (ctx->encrypt) +- while (chunknum = chunk%AES_BLOCK_SIZE; +- break; +- case EVP_CIPH_OFB_MODE: +- if (chunk >= AES_BLOCK_SIZE) +- return 0; /* bogus value */ +- +- while (chunknum = chunk%AES_BLOCK_SIZE; +- break; +- } +- } +- +- if (nbytes == 0) +- return 1; +-#if 0 +- if (nbytes % AES_BLOCK_SIZE) +- return 0; /* are we expected to do tail processing? */ +-#else +- /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC +- modes and arbitrary value in byte-oriented modes, such as +- CFB and OFB... */ +-#endif +- +- /* VIA promises CPUs that won't require alignment in the future. +- For now padlock_aes_align_required is initialized to 1 and +- the condition is never met... */ +- /* C7 core is capable to manage unaligned input in non-ECB[!] +- mode, but performance penalties appear to be approximately +- same as for software alignment below or ~3x. They promise to +- improve it in the future, but for now we can just as well +- pretend that it can only handle aligned input... */ +- if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0) +- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); +- +- inp_misaligned = (((size_t)in_arg) & 0x0F); +- out_misaligned = (((size_t)out_arg) & 0x0F); +- +- /* Note that even if output is aligned and input not, +- * I still prefer to loop instead of copy the whole +- * input and then encrypt in one stroke. This is done +- * in order to improve L1 cache utilization... */ +- realign_in_loop = out_misaligned|inp_misaligned; +- +- if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0) +- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); +- +- /* this takes one "if" out of the loops */ +- chunk = nbytes; +- chunk %= PADLOCK_CHUNK; +- if (chunk==0) chunk = PADLOCK_CHUNK; +- +- if (out_misaligned) { +- /* optmize for small input */ +- allocated = (chunkiv, ctx->iv, AES_BLOCK_SIZE); +- goto cbc_shortcut; +- do { +- if (iv != cdata->iv) +- memcpy(cdata->iv, iv, AES_BLOCK_SIZE); +- chunk = PADLOCK_CHUNK; +- cbc_shortcut: /* optimize for small input */ +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg+=chunk; +- +- } while (nbytes -= chunk); +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_CFB_MODE: +- memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- chunk &= ~(AES_BLOCK_SIZE-1); +- if (chunk) goto cfb_shortcut; +- else goto cfb_skiploop; +- do { +- if (iv != cdata->iv) +- memcpy(cdata->iv, iv, AES_BLOCK_SIZE); +- chunk = PADLOCK_CHUNK; +- cfb_shortcut: /* optimize for small input */ +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg+=chunk; +- +- nbytes -= chunk; +- } while (nbytes >= AES_BLOCK_SIZE); +- +- cfb_skiploop: +- if (nbytes) { +- unsigned char *ivp = cdata->iv; +- +- if (iv != ivp) { +- memcpy(ivp, iv, AES_BLOCK_SIZE); +- iv = ivp; +- } +- ctx->num = nbytes; +- if (cdata->cword.b.encdec) { +- cdata->cword.b.encdec=0; +- padlock_reload_key(); +- padlock_xcrypt_ecb(1,cdata,ivp,ivp); +- cdata->cword.b.encdec=1; +- padlock_reload_key(); +- while(nbytes) { +- unsigned char c = *(in_arg++); +- *(out_arg++) = c ^ *ivp; +- *(ivp++) = c, nbytes--; +- } +- } +- else { padlock_reload_key(); +- padlock_xcrypt_ecb(1,cdata,ivp,ivp); +- padlock_reload_key(); +- while (nbytes) { +- *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; +- ivp++, nbytes--; +- } +- } +- } +- +- memcpy(ctx->iv, iv, AES_BLOCK_SIZE); +- break; +- +- case EVP_CIPH_OFB_MODE: +- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); +- chunk &= ~(AES_BLOCK_SIZE-1); +- if (chunk) do { +- if (inp_misaligned) +- inp = padlock_memcpy(out, in_arg, chunk); +- else +- inp = in_arg; +- in_arg += chunk; +- +- padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp); +- +- if (out_misaligned) +- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; +- else +- out = out_arg+=chunk; +- +- nbytes -= chunk; +- chunk = PADLOCK_CHUNK; +- } while (nbytes >= AES_BLOCK_SIZE); +- +- if (nbytes) { +- unsigned char *ivp = cdata->iv; +- +- ctx->num = nbytes; +- padlock_reload_key(); /* empirically found */ +- padlock_xcrypt_ecb(1,cdata,ivp,ivp); +- padlock_reload_key(); /* empirically found */ +- while (nbytes) { +- *(out_arg++) = *(in_arg++) ^ *ivp; +- ivp++, nbytes--; +- } +- } +- +- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); +- break; +- +- default: +- return 0; +- } +- +- /* Clean the realign buffer if it was used */ +- if (out_misaligned) { +- volatile unsigned long *p=(void *)out; +- size_t n = allocated/sizeof(*p); +- while (n--) *p++=0; +- } +- +- memset(cdata->iv, 0, AES_BLOCK_SIZE); +- +- return 1; ++ struct padlock_cipher_data *cdata; ++ const void *inp; ++ unsigned char *out; ++ void *iv; ++ int inp_misaligned, out_misaligned, realign_in_loop; ++ size_t chunk, allocated = 0; ++ ++ /* ++ * ctx->num is maintained in byte-oriented modes, such as CFB and OFB... ++ */ ++ if ((chunk = ctx->num)) { /* borrow chunk variable */ ++ unsigned char *ivp = ctx->iv; ++ ++ switch (EVP_CIPHER_CTX_mode(ctx)) { ++ case EVP_CIPH_CFB_MODE: ++ if (chunk >= AES_BLOCK_SIZE) ++ return 0; /* bogus value */ ++ ++ if (ctx->encrypt) ++ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { ++ ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; ++ chunk++, nbytes--; ++ } else ++ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { ++ unsigned char c = *(in_arg++); ++ *(out_arg++) = c ^ ivp[chunk]; ++ ivp[chunk++] = c, nbytes--; ++ } ++ ++ ctx->num = chunk % AES_BLOCK_SIZE; ++ break; ++ case EVP_CIPH_OFB_MODE: ++ if (chunk >= AES_BLOCK_SIZE) ++ return 0; /* bogus value */ ++ ++ while (chunk < AES_BLOCK_SIZE && nbytes != 0) { ++ *(out_arg++) = *(in_arg++) ^ ivp[chunk]; ++ chunk++, nbytes--; ++ } ++ ++ ctx->num = chunk % AES_BLOCK_SIZE; ++ break; ++ } ++ } ++ ++ if (nbytes == 0) ++ return 1; ++# if 0 ++ if (nbytes % AES_BLOCK_SIZE) ++ return 0; /* are we expected to do tail processing? */ ++# else ++ /* ++ * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and ++ * arbitrary value in byte-oriented modes, such as CFB and OFB... ++ */ ++# endif ++ ++ /* ++ * VIA promises CPUs that won't require alignment in the future. For now ++ * padlock_aes_align_required is initialized to 1 and the condition is ++ * never met... ++ */ ++ /* ++ * C7 core is capable to manage unaligned input in non-ECB[!] mode, but ++ * performance penalties appear to be approximately same as for software ++ * alignment below or ~3x. They promise to improve it in the future, but ++ * for now we can just as well pretend that it can only handle aligned ++ * input... ++ */ ++ if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0) ++ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); ++ ++ inp_misaligned = (((size_t)in_arg) & 0x0F); ++ out_misaligned = (((size_t)out_arg) & 0x0F); ++ ++ /* ++ * Note that even if output is aligned and input not, I still prefer to ++ * loop instead of copy the whole input and then encrypt in one stroke. ++ * This is done in order to improve L1 cache utilization... ++ */ ++ realign_in_loop = out_misaligned | inp_misaligned; ++ ++ if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0) ++ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes); ++ ++ /* this takes one "if" out of the loops */ ++ chunk = nbytes; ++ chunk %= PADLOCK_CHUNK; ++ if (chunk == 0) ++ chunk = PADLOCK_CHUNK; ++ ++ if (out_misaligned) { ++ /* optmize for small input */ ++ allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes); ++ out = alloca(0x10 + allocated); ++ out = NEAREST_ALIGNED(out); ++ } else ++ out = out_arg; ++ ++ cdata = ALIGNED_CIPHER_DATA(ctx); ++ padlock_verify_context(cdata); ++ ++ switch (EVP_CIPHER_CTX_mode(ctx)) { ++ case EVP_CIPH_ECB_MODE: ++ do { ++ if (inp_misaligned) ++ inp = padlock_memcpy(out, in_arg, chunk); ++ else ++ inp = in_arg; ++ in_arg += chunk; ++ ++ padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp); ++ ++ if (out_misaligned) ++ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; ++ else ++ out = out_arg += chunk; ++ ++ nbytes -= chunk; ++ chunk = PADLOCK_CHUNK; ++ } while (nbytes); ++ break; ++ ++ case EVP_CIPH_CBC_MODE: ++ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); ++ goto cbc_shortcut; ++ do { ++ if (iv != cdata->iv) ++ memcpy(cdata->iv, iv, AES_BLOCK_SIZE); ++ chunk = PADLOCK_CHUNK; ++ cbc_shortcut: /* optimize for small input */ ++ if (inp_misaligned) ++ inp = padlock_memcpy(out, in_arg, chunk); ++ else ++ inp = in_arg; ++ in_arg += chunk; ++ ++ iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp); ++ ++ if (out_misaligned) ++ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; ++ else ++ out = out_arg += chunk; ++ ++ } while (nbytes -= chunk); ++ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); ++ break; ++ ++ case EVP_CIPH_CFB_MODE: ++ memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); ++ chunk &= ~(AES_BLOCK_SIZE - 1); ++ if (chunk) ++ goto cfb_shortcut; ++ else ++ goto cfb_skiploop; ++ do { ++ if (iv != cdata->iv) ++ memcpy(cdata->iv, iv, AES_BLOCK_SIZE); ++ chunk = PADLOCK_CHUNK; ++ cfb_shortcut: /* optimize for small input */ ++ if (inp_misaligned) ++ inp = padlock_memcpy(out, in_arg, chunk); ++ else ++ inp = in_arg; ++ in_arg += chunk; ++ ++ iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp); ++ ++ if (out_misaligned) ++ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; ++ else ++ out = out_arg += chunk; ++ ++ nbytes -= chunk; ++ } while (nbytes >= AES_BLOCK_SIZE); ++ ++ cfb_skiploop: ++ if (nbytes) { ++ unsigned char *ivp = cdata->iv; ++ ++ if (iv != ivp) { ++ memcpy(ivp, iv, AES_BLOCK_SIZE); ++ iv = ivp; ++ } ++ ctx->num = nbytes; ++ if (cdata->cword.b.encdec) { ++ cdata->cword.b.encdec = 0; ++ padlock_reload_key(); ++ padlock_xcrypt_ecb(1, cdata, ivp, ivp); ++ cdata->cword.b.encdec = 1; ++ padlock_reload_key(); ++ while (nbytes) { ++ unsigned char c = *(in_arg++); ++ *(out_arg++) = c ^ *ivp; ++ *(ivp++) = c, nbytes--; ++ } ++ } else { ++ padlock_reload_key(); ++ padlock_xcrypt_ecb(1, cdata, ivp, ivp); ++ padlock_reload_key(); ++ while (nbytes) { ++ *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; ++ ivp++, nbytes--; ++ } ++ } ++ } ++ ++ memcpy(ctx->iv, iv, AES_BLOCK_SIZE); ++ break; ++ ++ case EVP_CIPH_OFB_MODE: ++ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); ++ chunk &= ~(AES_BLOCK_SIZE - 1); ++ if (chunk) ++ do { ++ if (inp_misaligned) ++ inp = padlock_memcpy(out, in_arg, chunk); ++ else ++ inp = in_arg; ++ in_arg += chunk; ++ ++ padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp); ++ ++ if (out_misaligned) ++ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk; ++ else ++ out = out_arg += chunk; ++ ++ nbytes -= chunk; ++ chunk = PADLOCK_CHUNK; ++ } while (nbytes >= AES_BLOCK_SIZE); ++ ++ if (nbytes) { ++ unsigned char *ivp = cdata->iv; ++ ++ ctx->num = nbytes; ++ padlock_reload_key(); /* empirically found */ ++ padlock_xcrypt_ecb(1, cdata, ivp, ivp); ++ padlock_reload_key(); /* empirically found */ ++ while (nbytes) { ++ *(out_arg++) = *(in_arg++) ^ *ivp; ++ ivp++, nbytes--; ++ } ++ } ++ ++ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); ++ break; ++ ++ default: ++ return 0; ++ } ++ ++ /* Clean the realign buffer if it was used */ ++ if (out_misaligned) { ++ volatile unsigned long *p = (void *)out; ++ size_t n = allocated / sizeof(*p); ++ while (n--) ++ *p++ = 0; ++ } ++ ++ memset(cdata->iv, 0, AES_BLOCK_SIZE); ++ ++ return 1; + } + +-#endif /* OPENSSL_NO_AES */ ++# endif /* OPENSSL_NO_AES */ + + /* ===== Random Number Generator ===== */ + /* +@@ -1164,56 +1178,64 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it + * provide meaningful error control... + */ +-/* Wrapper that provides an interface between the API and +- the raw PadLock RNG */ +-static int +-padlock_rand_bytes(unsigned char *output, int count) ++/* ++ * Wrapper that provides an interface between the API and the raw PadLock ++ * RNG ++ */ ++static int padlock_rand_bytes(unsigned char *output, int count) + { +- unsigned int eax, buf; +- +- while (count >= 8) { +- eax = padlock_xstore(output, 0); +- if (!(eax&(1<<6))) return 0; /* RNG disabled */ +- /* this ---vv--- covers DC bias, Raw Bits and String Filter */ +- if (eax&(0x1F<<10)) return 0; +- if ((eax&0x1F)==0) continue; /* no data, retry... */ +- if ((eax&0x1F)!=8) return 0; /* fatal failure... */ +- output += 8; +- count -= 8; +- } +- while (count > 0) { +- eax = padlock_xstore(&buf, 3); +- if (!(eax&(1<<6))) return 0; /* RNG disabled */ +- /* this ---vv--- covers DC bias, Raw Bits and String Filter */ +- if (eax&(0x1F<<10)) return 0; +- if ((eax&0x1F)==0) continue; /* no data, retry... */ +- if ((eax&0x1F)!=1) return 0; /* fatal failure... */ +- *output++ = (unsigned char)buf; +- count--; +- } +- *(volatile unsigned int *)&buf=0; +- +- return 1; ++ unsigned int eax, buf; ++ ++ while (count >= 8) { ++ eax = padlock_xstore(output, 0); ++ if (!(eax & (1 << 6))) ++ return 0; /* RNG disabled */ ++ /* this ---vv--- covers DC bias, Raw Bits and String Filter */ ++ if (eax & (0x1F << 10)) ++ return 0; ++ if ((eax & 0x1F) == 0) ++ continue; /* no data, retry... */ ++ if ((eax & 0x1F) != 8) ++ return 0; /* fatal failure... */ ++ output += 8; ++ count -= 8; ++ } ++ while (count > 0) { ++ eax = padlock_xstore(&buf, 3); ++ if (!(eax & (1 << 6))) ++ return 0; /* RNG disabled */ ++ /* this ---vv--- covers DC bias, Raw Bits and String Filter */ ++ if (eax & (0x1F << 10)) ++ return 0; ++ if ((eax & 0x1F) == 0) ++ continue; /* no data, retry... */ ++ if ((eax & 0x1F) != 1) ++ return 0; /* fatal failure... */ ++ *output++ = (unsigned char)buf; ++ count--; ++ } ++ *(volatile unsigned int *)&buf = 0; ++ ++ return 1; + } + + /* Dummy but necessary function */ +-static int +-padlock_rand_status(void) ++static int padlock_rand_status(void) + { +- return 1; ++ return 1; + } + + /* Prepare structure for registration */ + static RAND_METHOD padlock_rand = { +- NULL, /* seed */ +- padlock_rand_bytes, /* bytes */ +- NULL, /* cleanup */ +- NULL, /* add */ +- padlock_rand_bytes, /* pseudorand */ +- padlock_rand_status, /* rand status */ ++ NULL, /* seed */ ++ padlock_rand_bytes, /* bytes */ ++ NULL, /* cleanup */ ++ NULL, /* add */ ++ padlock_rand_bytes, /* pseudorand */ ++ padlock_rand_status, /* rand status */ + }; + +-#endif /* COMPILE_HW_PADLOCK */ ++# endif /* COMPILE_HW_PADLOCK */ + +-#endif /* !OPENSSL_NO_HW_PADLOCK */ +-#endif /* !OPENSSL_NO_HW */ ++# endif /* !OPENSSL_NO_HW_PADLOCK */ ++#endif /* !OPENSSL_NO_HW */ +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c +index 1dfa2e3..23580d9 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,140 +57,130 @@ + + /* Basic get/set stuff */ + +-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) +- { +- e->load_privkey = loadpriv_f; +- return 1; +- } ++int ENGINE_set_load_privkey_function(ENGINE *e, ++ ENGINE_LOAD_KEY_PTR loadpriv_f) ++{ ++ e->load_privkey = loadpriv_f; ++ return 1; ++} + + int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) +- { +- e->load_pubkey = loadpub_f; +- return 1; +- } ++{ ++ e->load_pubkey = loadpub_f; ++ return 1; ++} + + int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, +- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f) +- { +- e->load_ssl_client_cert = loadssl_f; +- return 1; +- } ++ ENGINE_SSL_CLIENT_CERT_PTR ++ loadssl_f) ++{ ++ e->load_ssl_client_cert = loadssl_f; ++ return 1; ++} + + ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) +- { +- return e->load_privkey; +- } ++{ ++ return e->load_privkey; ++} + + ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) +- { +- return e->load_pubkey; +- } ++{ ++ return e->load_pubkey; ++} + +-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e) +- { +- return e->load_ssl_client_cert; +- } ++ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE ++ *e) ++{ ++ return e->load_ssl_client_cert; ++} + + /* API functions to load public/private keys */ + + EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +- UI_METHOD *ui_method, void *callback_data) +- { +- EVP_PKEY *pkey; ++ UI_METHOD *ui_method, void *callback_data) ++{ ++ EVP_PKEY *pkey; + +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(e->funct_ref == 0) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ENGINE_R_NOT_INITIALISED); +- return 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!e->load_privkey) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ENGINE_R_NO_LOAD_FUNCTION); +- return 0; +- } +- pkey = e->load_privkey(e, key_id, ui_method, callback_data); +- if (!pkey) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, +- ENGINE_R_FAILED_LOADING_PRIVATE_KEY); +- return 0; +- } +- return pkey; +- } ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (e->funct_ref == 0) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED); ++ return 0; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ if (!e->load_privkey) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ++ ENGINE_R_NO_LOAD_FUNCTION); ++ return 0; ++ } ++ pkey = e->load_privkey(e, key_id, ui_method, callback_data); ++ if (!pkey) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ++ ENGINE_R_FAILED_LOADING_PRIVATE_KEY); ++ return 0; ++ } ++ return pkey; ++} + + EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +- UI_METHOD *ui_method, void *callback_data) +- { +- EVP_PKEY *pkey; ++ UI_METHOD *ui_method, void *callback_data) ++{ ++ EVP_PKEY *pkey; + +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(e->funct_ref == 0) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, +- ENGINE_R_NOT_INITIALISED); +- return 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!e->load_pubkey) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, +- ENGINE_R_NO_LOAD_FUNCTION); +- return 0; +- } +- pkey = e->load_pubkey(e, key_id, ui_method, callback_data); +- if (!pkey) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, +- ENGINE_R_FAILED_LOADING_PUBLIC_KEY); +- return 0; +- } +- return pkey; +- } ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (e->funct_ref == 0) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED); ++ return 0; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ if (!e->load_pubkey) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION); ++ return 0; ++ } ++ pkey = e->load_pubkey(e, key_id, ui_method, callback_data); ++ if (!pkey) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ++ ENGINE_R_FAILED_LOADING_PUBLIC_KEY); ++ return 0; ++ } ++ return pkey; ++} + + int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, +- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, +- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data) +- { ++ STACK_OF(X509_NAME) *ca_dn, X509 **pcert, ++ EVP_PKEY **ppkey, STACK_OF(X509) **pother, ++ UI_METHOD *ui_method, void *callback_data) ++{ + +- if(e == NULL) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(e->funct_ref == 0) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, +- ENGINE_R_NOT_INITIALISED); +- return 0; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- if (!e->load_ssl_client_cert) +- { +- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, +- ENGINE_R_NO_LOAD_FUNCTION); +- return 0; +- } +- return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, +- ui_method, callback_data); +- } ++ if (e == NULL) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (e->funct_ref == 0) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, ++ ENGINE_R_NOT_INITIALISED); ++ return 0; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ if (!e->load_ssl_client_cert) { ++ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, ++ ENGINE_R_NO_LOAD_FUNCTION); ++ return 0; ++ } ++ return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, ++ ui_method, callback_data); ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c +index 8fc47b3..7dd8b1b 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/eng_table.c ++++ b/Cryptlib/OpenSSL/crypto/engine/eng_table.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,259 +58,269 @@ + #include "eng_int.h" + + /* The type of the items in the table */ +-typedef struct st_engine_pile +- { +- /* The 'nid' of this algorithm/mode */ +- int nid; +- /* ENGINEs that implement this algorithm/mode. */ +- STACK_OF(ENGINE) *sk; +- /* The default ENGINE to perform this algorithm/mode. */ +- ENGINE *funct; +- /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */ +- int uptodate; +- } ENGINE_PILE; ++typedef struct st_engine_pile { ++ /* The 'nid' of this algorithm/mode */ ++ int nid; ++ /* ENGINEs that implement this algorithm/mode. */ ++ STACK_OF(ENGINE) *sk; ++ /* The default ENGINE to perform this algorithm/mode. */ ++ ENGINE *funct; ++ /* ++ * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise ++ */ ++ int uptodate; ++} ENGINE_PILE; + + /* The type exposed in eng_int.h */ +-struct st_engine_table +- { +- LHASH piles; +- }; /* ENGINE_TABLE */ ++struct st_engine_table { ++ LHASH piles; ++}; /* ENGINE_TABLE */ + + /* Global flags (ENGINE_TABLE_FLAG_***). */ + static unsigned int table_flags = 0; + + /* API function manipulating 'table_flags' */ + unsigned int ENGINE_get_table_flags(void) +- { +- return table_flags; +- } ++{ ++ return table_flags; ++} ++ + void ENGINE_set_table_flags(unsigned int flags) +- { +- table_flags = flags; +- } ++{ ++ table_flags = flags; ++} + + /* Internal functions for the "piles" hash table */ + static unsigned long engine_pile_hash(const ENGINE_PILE *c) +- { +- return c->nid; +- } ++{ ++ return c->nid; ++} ++ + static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) +- { +- return a->nid - b->nid; +- } ++{ ++ return a->nid - b->nid; ++} ++ + static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) + static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) + static int int_table_check(ENGINE_TABLE **t, int create) +- { +- LHASH *lh; +- if(*t) return 1; +- if(!create) return 0; +- if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), +- LHASH_COMP_FN(engine_pile_cmp))) == NULL) +- return 0; +- *t = (ENGINE_TABLE *)lh; +- return 1; +- } ++{ ++ LHASH *lh; ++ if (*t) ++ return 1; ++ if (!create) ++ return 0; ++ if ((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), ++ LHASH_COMP_FN(engine_pile_cmp))) == NULL) ++ return 0; ++ *t = (ENGINE_TABLE *)lh; ++ return 1; ++} + +-/* Privately exposed (via eng_int.h) functions for adding and/or removing +- * ENGINEs from the implementation table */ ++/* ++ * Privately exposed (via eng_int.h) functions for adding and/or removing ++ * ENGINEs from the implementation table ++ */ + int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, +- ENGINE *e, const int *nids, int num_nids, int setdefault) +- { +- int ret = 0, added = 0; +- ENGINE_PILE tmplate, *fnd; +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(!(*table)) +- added = 1; +- if(!int_table_check(table, 1)) +- goto end; +- if(added) +- /* The cleanup callback needs to be added */ +- engine_cleanup_add_first(cleanup); +- while(num_nids--) +- { +- tmplate.nid = *nids; +- fnd = lh_retrieve(&(*table)->piles, &tmplate); +- if(!fnd) +- { +- fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); +- if(!fnd) goto end; +- fnd->uptodate = 1; +- fnd->nid = *nids; +- fnd->sk = sk_ENGINE_new_null(); +- if(!fnd->sk) +- { +- OPENSSL_free(fnd); +- goto end; +- } +- fnd->funct = NULL; +- lh_insert(&(*table)->piles, fnd); +- } +- /* A registration shouldn't add duplciate entries */ +- (void)sk_ENGINE_delete_ptr(fnd->sk, e); +- /* if 'setdefault', this ENGINE goes to the head of the list */ +- if(!sk_ENGINE_push(fnd->sk, e)) +- goto end; +- /* "touch" this ENGINE_PILE */ +- fnd->uptodate = 0; +- if(setdefault) +- { +- if(!engine_unlocked_init(e)) +- { +- ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, +- ENGINE_R_INIT_FAILED); +- goto end; +- } +- if(fnd->funct) +- engine_unlocked_finish(fnd->funct, 0); +- fnd->funct = e; +- fnd->uptodate = 1; +- } +- nids++; +- } +- ret = 1; +-end: +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- return ret; +- } ++ ENGINE *e, const int *nids, int num_nids, ++ int setdefault) ++{ ++ int ret = 0, added = 0; ++ ENGINE_PILE tmplate, *fnd; ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (!(*table)) ++ added = 1; ++ if (!int_table_check(table, 1)) ++ goto end; ++ if (added) ++ /* The cleanup callback needs to be added */ ++ engine_cleanup_add_first(cleanup); ++ while (num_nids--) { ++ tmplate.nid = *nids; ++ fnd = lh_retrieve(&(*table)->piles, &tmplate); ++ if (!fnd) { ++ fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); ++ if (!fnd) ++ goto end; ++ fnd->uptodate = 1; ++ fnd->nid = *nids; ++ fnd->sk = sk_ENGINE_new_null(); ++ if (!fnd->sk) { ++ OPENSSL_free(fnd); ++ goto end; ++ } ++ fnd->funct = NULL; ++ lh_insert(&(*table)->piles, fnd); ++ } ++ /* A registration shouldn't add duplciate entries */ ++ (void)sk_ENGINE_delete_ptr(fnd->sk, e); ++ /* ++ * if 'setdefault', this ENGINE goes to the head of the list ++ */ ++ if (!sk_ENGINE_push(fnd->sk, e)) ++ goto end; ++ /* "touch" this ENGINE_PILE */ ++ fnd->uptodate = 0; ++ if (setdefault) { ++ if (!engine_unlocked_init(e)) { ++ ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, ++ ENGINE_R_INIT_FAILED); ++ goto end; ++ } ++ if (fnd->funct) ++ engine_unlocked_finish(fnd->funct, 0); ++ fnd->funct = e; ++ fnd->uptodate = 1; ++ } ++ nids++; ++ } ++ ret = 1; ++ end: ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ return ret; ++} ++ + static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) +- { +- int n; +- /* Iterate the 'c->sk' stack removing any occurance of 'e' */ +- while((n = sk_ENGINE_find(pile->sk, e)) >= 0) +- { +- (void)sk_ENGINE_delete(pile->sk, n); +- pile->uptodate = 0; +- } +- if(pile->funct == e) +- { +- engine_unlocked_finish(e, 0); +- pile->funct = NULL; +- } +- } +-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *) ++{ ++ int n; ++ /* Iterate the 'c->sk' stack removing any occurance of 'e' */ ++ while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) { ++ (void)sk_ENGINE_delete(pile->sk, n); ++ pile->uptodate = 0; ++ } ++ if (pile->funct == e) { ++ engine_unlocked_finish(e, 0); ++ pile->funct = NULL; ++ } ++} ++ ++static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE *, ++ ENGINE *) + void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(int_table_check(table, 0)) +- lh_doall_arg(&(*table)->piles, +- LHASH_DOALL_ARG_FN(int_unregister_cb), e); +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- } ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (int_table_check(table, 0)) ++ lh_doall_arg(&(*table)->piles, ++ LHASH_DOALL_ARG_FN(int_unregister_cb), e); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++} + + static void int_cleanup_cb(ENGINE_PILE *p) +- { +- sk_ENGINE_free(p->sk); +- if(p->funct) +- engine_unlocked_finish(p->funct, 0); +- OPENSSL_free(p); +- } +-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *) ++{ ++ sk_ENGINE_free(p->sk); ++ if (p->funct) ++ engine_unlocked_finish(p->funct, 0); ++ OPENSSL_free(p); ++} ++ ++static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE *) + void engine_table_cleanup(ENGINE_TABLE **table) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- if(*table) +- { +- lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); +- lh_free(&(*table)->piles); +- *table = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- } ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ if (*table) { ++ lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); ++ lh_free(&(*table)->piles); ++ *table = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++} + + /* return a functional reference for a given 'nid' */ + #ifndef ENGINE_TABLE_DEBUG + ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) + #else +-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l) ++ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, ++ int l) + #endif +- { +- ENGINE *ret = NULL; +- ENGINE_PILE tmplate, *fnd=NULL; +- int initres, loop = 0; ++{ ++ ENGINE *ret = NULL; ++ ENGINE_PILE tmplate, *fnd = NULL; ++ int initres, loop = 0; + +- if(!(*table)) +- { ++ if (!(*table)) { + #ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " +- "registered!\n", f, l, nid); ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " ++ "registered!\n", f, l, nid); + #endif +- return NULL; +- } +- ERR_set_mark(); +- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); +- /* Check again inside the lock otherwise we could race against cleanup +- * operations. But don't worry about a fprintf(stderr). */ +- if(!int_table_check(table, 0)) goto end; +- tmplate.nid = nid; +- fnd = lh_retrieve(&(*table)->piles, &tmplate); +- if(!fnd) goto end; +- if(fnd->funct && engine_unlocked_init(fnd->funct)) +- { ++ return NULL; ++ } ++ ERR_set_mark(); ++ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ++ /* ++ * Check again inside the lock otherwise we could race against cleanup ++ * operations. But don't worry about a fprintf(stderr). ++ */ ++ if (!int_table_check(table, 0)) ++ goto end; ++ tmplate.nid = nid; ++ fnd = lh_retrieve(&(*table)->piles, &tmplate); ++ if (!fnd) ++ goto end; ++ if (fnd->funct && engine_unlocked_init(fnd->funct)) { + #ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " +- "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " ++ "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); + #endif +- ret = fnd->funct; +- goto end; +- } +- if(fnd->uptodate) +- { +- ret = fnd->funct; +- goto end; +- } +-trynext: +- ret = sk_ENGINE_value(fnd->sk, loop++); +- if(!ret) +- { ++ ret = fnd->funct; ++ goto end; ++ } ++ if (fnd->uptodate) { ++ ret = fnd->funct; ++ goto end; ++ } ++ trynext: ++ ret = sk_ENGINE_value(fnd->sk, loop++); ++ if (!ret) { + #ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " +- "registered implementations would initialise\n", +- f, l, nid); ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " ++ "registered implementations would initialise\n", f, l, nid); + #endif +- goto end; +- } +- /* Try to initialise the ENGINE? */ +- if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) +- initres = engine_unlocked_init(ret); +- else +- initres = 0; +- if(initres) +- { +- /* Update 'funct' */ +- if((fnd->funct != ret) && engine_unlocked_init(ret)) +- { +- /* If there was a previous default we release it. */ +- if(fnd->funct) +- engine_unlocked_finish(fnd->funct, 0); +- fnd->funct = ret; ++ goto end; ++ } ++ /* Try to initialise the ENGINE? */ ++ if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) ++ initres = engine_unlocked_init(ret); ++ else ++ initres = 0; ++ if (initres) { ++ /* Update 'funct' */ ++ if ((fnd->funct != ret) && engine_unlocked_init(ret)) { ++ /* If there was a previous default we release it. */ ++ if (fnd->funct) ++ engine_unlocked_finish(fnd->funct, 0); ++ fnd->funct = ret; + #ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " +- "setting default to '%s'\n", f, l, nid, ret->id); ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " ++ "setting default to '%s'\n", f, l, nid, ret->id); + #endif +- } ++ } + #ifdef ENGINE_TABLE_DEBUG +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " +- "newly initialised '%s'\n", f, l, nid, ret->id); ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " ++ "newly initialised '%s'\n", f, l, nid, ret->id); + #endif +- goto end; +- } +- goto trynext; +-end: +- /* If it failed, it is unlikely to succeed again until some future +- * registrations have taken place. In all cases, we cache. */ +- if(fnd) fnd->uptodate = 1; ++ goto end; ++ } ++ goto trynext; ++ end: ++ /* ++ * If it failed, it is unlikely to succeed again until some future ++ * registrations have taken place. In all cases, we cache. ++ */ ++ if (fnd) ++ fnd->uptodate = 1; + #ifdef ENGINE_TABLE_DEBUG +- if(ret) +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " +- "ENGINE '%s'\n", f, l, nid, ret->id); +- else +- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " +- "'no matching ENGINE'\n", f, l, nid); ++ if (ret) ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " ++ "ENGINE '%s'\n", f, l, nid, ret->id); ++ else ++ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " ++ "'no matching ENGINE'\n", f, l, nid); + #endif +- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +- /* Whatever happened, any failed init()s are not failures in this +- * context, so clear our error state. */ +- ERR_pop_to_mark(); +- return ret; +- } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ++ /* ++ * Whatever happened, any failed init()s are not failures in this ++ * context, so clear our error state. ++ */ ++ ERR_pop_to_mark(); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c +index 177fc1f..fcfb2ef 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,90 +54,90 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that +- * is used by EVP to hook in cipher code and cache defaults (etc), will display +- * brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_cipher_engine(), the function ++ * that is used by EVP to hook in cipher code and cache defaults (etc), will ++ * display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_CIPHER_DEBUG */ + + static ENGINE_TABLE *cipher_table = NULL; + + void ENGINE_unregister_ciphers(ENGINE *e) +- { +- engine_table_unregister(&cipher_table, e); +- } ++{ ++ engine_table_unregister(&cipher_table, e); ++} + + static void engine_unregister_all_ciphers(void) +- { +- engine_table_cleanup(&cipher_table); +- } ++{ ++ engine_table_cleanup(&cipher_table); ++} + + int ENGINE_register_ciphers(ENGINE *e) +- { +- if(e->ciphers) +- { +- const int *nids; +- int num_nids = e->ciphers(e, NULL, &nids, 0); +- if(num_nids > 0) +- return engine_table_register(&cipher_table, +- engine_unregister_all_ciphers, e, nids, +- num_nids, 0); +- } +- return 1; +- } ++{ ++ if (e->ciphers) { ++ const int *nids; ++ int num_nids = e->ciphers(e, NULL, &nids, 0); ++ if (num_nids > 0) ++ return engine_table_register(&cipher_table, ++ engine_unregister_all_ciphers, e, ++ nids, num_nids, 0); ++ } ++ return 1; ++} + + void ENGINE_register_all_ciphers() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_ciphers(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_ciphers(e); ++} + + int ENGINE_set_default_ciphers(ENGINE *e) +- { +- if(e->ciphers) +- { +- const int *nids; +- int num_nids = e->ciphers(e, NULL, &nids, 0); +- if(num_nids > 0) +- return engine_table_register(&cipher_table, +- engine_unregister_all_ciphers, e, nids, +- num_nids, 1); +- } +- return 1; +- } ++{ ++ if (e->ciphers) { ++ const int *nids; ++ int num_nids = e->ciphers(e, NULL, &nids, 0); ++ if (num_nids > 0) ++ return engine_table_register(&cipher_table, ++ engine_unregister_all_ciphers, e, ++ nids, num_nids, 1); ++ } ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references) for a given cipher 'nid' */ ++ * references) for a given cipher 'nid' ++ */ + ENGINE *ENGINE_get_cipher_engine(int nid) +- { +- return engine_table_select(&cipher_table, nid); +- } ++{ ++ return engine_table_select(&cipher_table, nid); ++} + + /* Obtains a cipher implementation from an ENGINE functional reference */ + const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid) +- { +- const EVP_CIPHER *ret; +- ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); +- if(!fn || !fn(e, &ret, NULL, nid)) +- { +- ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, +- ENGINE_R_UNIMPLEMENTED_CIPHER); +- return NULL; +- } +- return ret; +- } ++{ ++ const EVP_CIPHER *ret; ++ ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); ++ if (!fn || !fn(e, &ret, NULL, nid)) { ++ ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER); ++ return NULL; ++ } ++ return ret; ++} + + /* Gets the cipher callback from an ENGINE structure */ + ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e) +- { +- return e->ciphers; +- } ++{ ++ return e->ciphers; ++} + + /* Sets the cipher callback in an ENGINE structure */ + int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) +- { +- e->ciphers = f; +- return 1; +- } ++{ ++ e->ciphers = f; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c +index 6e9d428..8114afa 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,65 +54,71 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is +- * used by DH to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_DH(), the function that ++ * is used by DH to hook in implementation code and cache defaults (etc), ++ * will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_DH_DEBUG */ + + static ENGINE_TABLE *dh_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_DH(ENGINE *e) +- { +- engine_table_unregister(&dh_table, e); +- } ++{ ++ engine_table_unregister(&dh_table, e); ++} + + static void engine_unregister_all_DH(void) +- { +- engine_table_cleanup(&dh_table); +- } ++{ ++ engine_table_cleanup(&dh_table); ++} + + int ENGINE_register_DH(ENGINE *e) +- { +- if(e->dh_meth) +- return engine_table_register(&dh_table, +- engine_unregister_all_DH, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->dh_meth) ++ return engine_table_register(&dh_table, ++ engine_unregister_all_DH, e, &dummy_nid, ++ 1, 0); ++ return 1; ++} + + void ENGINE_register_all_DH() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_DH(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_DH(e); ++} + + int ENGINE_set_default_DH(ENGINE *e) +- { +- if(e->dh_meth) +- return engine_table_register(&dh_table, +- engine_unregister_all_DH, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->dh_meth) ++ return engine_table_register(&dh_table, ++ engine_unregister_all_DH, e, &dummy_nid, ++ 1, 1); ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_DH(void) +- { +- return engine_table_select(&dh_table, dummy_nid); +- } ++{ ++ return engine_table_select(&dh_table, dummy_nid); ++} + + /* Obtains an DH implementation from an ENGINE functional reference */ + const DH_METHOD *ENGINE_get_DH(const ENGINE *e) +- { +- return e->dh_meth; +- } ++{ ++ return e->dh_meth; ++} + + /* Sets an DH implementation in an ENGINE structure */ + int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) +- { +- e->dh_meth = dh_meth; +- return 1; +- } ++{ ++ e->dh_meth = dh_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c +index d3f4bb2..de1ad9c 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,90 +54,90 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that +- * is used by EVP to hook in digest code and cache defaults (etc), will display +- * brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_digest_engine(), the function ++ * that is used by EVP to hook in digest code and cache defaults (etc), will ++ * display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_DIGEST_DEBUG */ + + static ENGINE_TABLE *digest_table = NULL; + + void ENGINE_unregister_digests(ENGINE *e) +- { +- engine_table_unregister(&digest_table, e); +- } ++{ ++ engine_table_unregister(&digest_table, e); ++} + + static void engine_unregister_all_digests(void) +- { +- engine_table_cleanup(&digest_table); +- } ++{ ++ engine_table_cleanup(&digest_table); ++} + + int ENGINE_register_digests(ENGINE *e) +- { +- if(e->digests) +- { +- const int *nids; +- int num_nids = e->digests(e, NULL, &nids, 0); +- if(num_nids > 0) +- return engine_table_register(&digest_table, +- engine_unregister_all_digests, e, nids, +- num_nids, 0); +- } +- return 1; +- } ++{ ++ if (e->digests) { ++ const int *nids; ++ int num_nids = e->digests(e, NULL, &nids, 0); ++ if (num_nids > 0) ++ return engine_table_register(&digest_table, ++ engine_unregister_all_digests, e, ++ nids, num_nids, 0); ++ } ++ return 1; ++} + + void ENGINE_register_all_digests() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_digests(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_digests(e); ++} + + int ENGINE_set_default_digests(ENGINE *e) +- { +- if(e->digests) +- { +- const int *nids; +- int num_nids = e->digests(e, NULL, &nids, 0); +- if(num_nids > 0) +- return engine_table_register(&digest_table, +- engine_unregister_all_digests, e, nids, +- num_nids, 1); +- } +- return 1; +- } ++{ ++ if (e->digests) { ++ const int *nids; ++ int num_nids = e->digests(e, NULL, &nids, 0); ++ if (num_nids > 0) ++ return engine_table_register(&digest_table, ++ engine_unregister_all_digests, e, ++ nids, num_nids, 1); ++ } ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references) for a given digest 'nid' */ ++ * references) for a given digest 'nid' ++ */ + ENGINE *ENGINE_get_digest_engine(int nid) +- { +- return engine_table_select(&digest_table, nid); +- } ++{ ++ return engine_table_select(&digest_table, nid); ++} + + /* Obtains a digest implementation from an ENGINE functional reference */ + const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid) +- { +- const EVP_MD *ret; +- ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); +- if(!fn || !fn(e, &ret, NULL, nid)) +- { +- ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, +- ENGINE_R_UNIMPLEMENTED_DIGEST); +- return NULL; +- } +- return ret; +- } ++{ ++ const EVP_MD *ret; ++ ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); ++ if (!fn || !fn(e, &ret, NULL, nid)) { ++ ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST); ++ return NULL; ++ } ++ return ret; ++} + + /* Gets the digest callback from an ENGINE structure */ + ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e) +- { +- return e->digests; +- } ++{ ++ return e->digests; ++} + + /* Sets the digest callback in an ENGINE structure */ + int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) +- { +- e->digests = f; +- return 1; +- } ++{ ++ e->digests = f; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c +index e4674f5..c1f57f1 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,65 +54,71 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is +- * used by DSA to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_DSA(), the function that ++ * is used by DSA to hook in implementation code and cache defaults (etc), ++ * will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_DSA_DEBUG */ + + static ENGINE_TABLE *dsa_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_DSA(ENGINE *e) +- { +- engine_table_unregister(&dsa_table, e); +- } ++{ ++ engine_table_unregister(&dsa_table, e); ++} + + static void engine_unregister_all_DSA(void) +- { +- engine_table_cleanup(&dsa_table); +- } ++{ ++ engine_table_cleanup(&dsa_table); ++} + + int ENGINE_register_DSA(ENGINE *e) +- { +- if(e->dsa_meth) +- return engine_table_register(&dsa_table, +- engine_unregister_all_DSA, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->dsa_meth) ++ return engine_table_register(&dsa_table, ++ engine_unregister_all_DSA, e, &dummy_nid, ++ 1, 0); ++ return 1; ++} + + void ENGINE_register_all_DSA() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_DSA(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_DSA(e); ++} + + int ENGINE_set_default_DSA(ENGINE *e) +- { +- if(e->dsa_meth) +- return engine_table_register(&dsa_table, +- engine_unregister_all_DSA, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->dsa_meth) ++ return engine_table_register(&dsa_table, ++ engine_unregister_all_DSA, e, &dummy_nid, ++ 1, 1); ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_DSA(void) +- { +- return engine_table_select(&dsa_table, dummy_nid); +- } ++{ ++ return engine_table_select(&dsa_table, dummy_nid); ++} + + /* Obtains an DSA implementation from an ENGINE functional reference */ + const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) +- { +- return e->dsa_meth; +- } ++{ ++ return e->dsa_meth; ++} + + /* Sets an DSA implementation in an ENGINE structure */ + int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) +- { +- e->dsa_meth = dsa_meth; +- return 1; +- } ++{ ++ e->dsa_meth = dsa_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c +index c8ec781..c51441b 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c +@@ -21,7 +21,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -69,65 +69,71 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is +- * used by ECDH to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_ECDH(), the function ++ * that is used by ECDH to hook in implementation code and cache defaults ++ * (etc), will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_ECDH_DEBUG */ + + static ENGINE_TABLE *ecdh_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_ECDH(ENGINE *e) +- { +- engine_table_unregister(&ecdh_table, e); +- } ++{ ++ engine_table_unregister(&ecdh_table, e); ++} + + static void engine_unregister_all_ECDH(void) +- { +- engine_table_cleanup(&ecdh_table); +- } ++{ ++ engine_table_cleanup(&ecdh_table); ++} + + int ENGINE_register_ECDH(ENGINE *e) +- { +- if(e->ecdh_meth) +- return engine_table_register(&ecdh_table, +- engine_unregister_all_ECDH, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->ecdh_meth) ++ return engine_table_register(&ecdh_table, ++ engine_unregister_all_ECDH, e, ++ &dummy_nid, 1, 0); ++ return 1; ++} + + void ENGINE_register_all_ECDH() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_ECDH(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_ECDH(e); ++} + + int ENGINE_set_default_ECDH(ENGINE *e) +- { +- if(e->ecdh_meth) +- return engine_table_register(&ecdh_table, +- engine_unregister_all_ECDH, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->ecdh_meth) ++ return engine_table_register(&ecdh_table, ++ engine_unregister_all_ECDH, e, ++ &dummy_nid, 1, 1); ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_ECDH(void) +- { +- return engine_table_select(&ecdh_table, dummy_nid); +- } ++{ ++ return engine_table_select(&ecdh_table, dummy_nid); ++} + + /* Obtains an ECDH implementation from an ENGINE functional reference */ + const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e) +- { +- return e->ecdh_meth; +- } ++{ ++ return e->ecdh_meth; ++} + + /* Sets an ECDH implementation in an ENGINE structure */ + int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth) +- { +- e->ecdh_meth = ecdh_meth; +- return 1; +- } ++{ ++ e->ecdh_meth = ecdh_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c +index 005ecb6..a8b9be6 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,65 +54,71 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is +- * used by ECDSA to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_ECDSA(), the function ++ * that is used by ECDSA to hook in implementation code and cache defaults ++ * (etc), will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_ECDSA_DEBUG */ + + static ENGINE_TABLE *ecdsa_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_ECDSA(ENGINE *e) +- { +- engine_table_unregister(&ecdsa_table, e); +- } ++{ ++ engine_table_unregister(&ecdsa_table, e); ++} + + static void engine_unregister_all_ECDSA(void) +- { +- engine_table_cleanup(&ecdsa_table); +- } ++{ ++ engine_table_cleanup(&ecdsa_table); ++} + + int ENGINE_register_ECDSA(ENGINE *e) +- { +- if(e->ecdsa_meth) +- return engine_table_register(&ecdsa_table, +- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->ecdsa_meth) ++ return engine_table_register(&ecdsa_table, ++ engine_unregister_all_ECDSA, e, ++ &dummy_nid, 1, 0); ++ return 1; ++} + + void ENGINE_register_all_ECDSA() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_ECDSA(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_ECDSA(e); ++} + + int ENGINE_set_default_ECDSA(ENGINE *e) +- { +- if(e->ecdsa_meth) +- return engine_table_register(&ecdsa_table, +- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->ecdsa_meth) ++ return engine_table_register(&ecdsa_table, ++ engine_unregister_all_ECDSA, e, ++ &dummy_nid, 1, 1); ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_ECDSA(void) +- { +- return engine_table_select(&ecdsa_table, dummy_nid); +- } ++{ ++ return engine_table_select(&ecdsa_table, dummy_nid); ++} + + /* Obtains an ECDSA implementation from an ENGINE functional reference */ + const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e) +- { +- return e->ecdsa_meth; +- } ++{ ++ return e->ecdsa_meth; ++} + + /* Sets an ECDSA implementation in an ENGINE structure */ + int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth) +- { +- e->ecdsa_meth = ecdsa_meth; +- return 1; +- } ++{ ++ e->ecdsa_meth = ecdsa_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c +index f36f67c..a522264 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,65 +54,71 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is +- * used by RAND to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_RAND(), the function ++ * that is used by RAND to hook in implementation code and cache defaults ++ * (etc), will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_RAND_DEBUG */ + + static ENGINE_TABLE *rand_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_RAND(ENGINE *e) +- { +- engine_table_unregister(&rand_table, e); +- } ++{ ++ engine_table_unregister(&rand_table, e); ++} + + static void engine_unregister_all_RAND(void) +- { +- engine_table_cleanup(&rand_table); +- } ++{ ++ engine_table_cleanup(&rand_table); ++} + + int ENGINE_register_RAND(ENGINE *e) +- { +- if(e->rand_meth) +- return engine_table_register(&rand_table, +- engine_unregister_all_RAND, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->rand_meth) ++ return engine_table_register(&rand_table, ++ engine_unregister_all_RAND, e, ++ &dummy_nid, 1, 0); ++ return 1; ++} + + void ENGINE_register_all_RAND() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_RAND(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_RAND(e); ++} + + int ENGINE_set_default_RAND(ENGINE *e) +- { +- if(e->rand_meth) +- return engine_table_register(&rand_table, +- engine_unregister_all_RAND, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->rand_meth) ++ return engine_table_register(&rand_table, ++ engine_unregister_all_RAND, e, ++ &dummy_nid, 1, 1); ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_RAND(void) +- { +- return engine_table_select(&rand_table, dummy_nid); +- } ++{ ++ return engine_table_select(&rand_table, dummy_nid); ++} + + /* Obtains an RAND implementation from an ENGINE functional reference */ + const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) +- { +- return e->rand_meth; +- } ++{ ++ return e->rand_meth; ++} + + /* Sets an RAND implementation in an ENGINE structure */ + int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) +- { +- e->rand_meth = rand_meth; +- return 1; +- } ++{ ++ e->rand_meth = rand_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c +index fbc707f..2790a82 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,65 +54,71 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is +- * used by RSA to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_RSA(), the function that ++ * is used by RSA to hook in implementation code and cache defaults (etc), ++ * will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_RSA_DEBUG */ + + static ENGINE_TABLE *rsa_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_RSA(ENGINE *e) +- { +- engine_table_unregister(&rsa_table, e); +- } ++{ ++ engine_table_unregister(&rsa_table, e); ++} + + static void engine_unregister_all_RSA(void) +- { +- engine_table_cleanup(&rsa_table); +- } ++{ ++ engine_table_cleanup(&rsa_table); ++} + + int ENGINE_register_RSA(ENGINE *e) +- { +- if(e->rsa_meth) +- return engine_table_register(&rsa_table, +- engine_unregister_all_RSA, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->rsa_meth) ++ return engine_table_register(&rsa_table, ++ engine_unregister_all_RSA, e, &dummy_nid, ++ 1, 0); ++ return 1; ++} + + void ENGINE_register_all_RSA() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_RSA(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_RSA(e); ++} + + int ENGINE_set_default_RSA(ENGINE *e) +- { +- if(e->rsa_meth) +- return engine_table_register(&rsa_table, +- engine_unregister_all_RSA, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->rsa_meth) ++ return engine_table_register(&rsa_table, ++ engine_unregister_all_RSA, e, &dummy_nid, ++ 1, 1); ++ return 1; ++} + +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_RSA(void) +- { +- return engine_table_select(&rsa_table, dummy_nid); +- } ++{ ++ return engine_table_select(&rsa_table, dummy_nid); ++} + + /* Obtains an RSA implementation from an ENGINE functional reference */ + const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) +- { +- return e->rsa_meth; +- } ++{ ++ return e->rsa_meth; ++} + + /* Sets an RSA implementation in an ENGINE structure */ + int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) +- { +- e->rsa_meth = rsa_meth; +- return 1; +- } ++{ ++ e->rsa_meth = rsa_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c +index 8cc435c..1eab49d 100644 +--- a/Cryptlib/OpenSSL/crypto/engine/tb_store.c ++++ b/Cryptlib/OpenSSL/crypto/engine/tb_store.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -54,70 +54,76 @@ + + #include "eng_int.h" + +-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is +- * used by STORE to hook in implementation code and cache defaults (etc), will +- * display brief debugging summaries to stderr with the 'nid'. */ ++/* ++ * If this symbol is defined then ENGINE_get_default_STORE(), the function ++ * that is used by STORE to hook in implementation code and cache defaults ++ * (etc), will display brief debugging summaries to stderr with the 'nid'. ++ */ + /* #define ENGINE_STORE_DEBUG */ + + static ENGINE_TABLE *store_table = NULL; + static const int dummy_nid = 1; + + void ENGINE_unregister_STORE(ENGINE *e) +- { +- engine_table_unregister(&store_table, e); +- } ++{ ++ engine_table_unregister(&store_table, e); ++} + + static void engine_unregister_all_STORE(void) +- { +- engine_table_cleanup(&store_table); +- } ++{ ++ engine_table_cleanup(&store_table); ++} + + int ENGINE_register_STORE(ENGINE *e) +- { +- if(e->store_meth) +- return engine_table_register(&store_table, +- engine_unregister_all_STORE, e, &dummy_nid, 1, 0); +- return 1; +- } ++{ ++ if (e->store_meth) ++ return engine_table_register(&store_table, ++ engine_unregister_all_STORE, e, ++ &dummy_nid, 1, 0); ++ return 1; ++} + + void ENGINE_register_all_STORE() +- { +- ENGINE *e; ++{ ++ ENGINE *e; + +- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) +- ENGINE_register_STORE(e); +- } ++ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ++ ENGINE_register_STORE(e); ++} + + /* The following two functions are removed because they're useless. */ + #if 0 + int ENGINE_set_default_STORE(ENGINE *e) +- { +- if(e->store_meth) +- return engine_table_register(&store_table, +- engine_unregister_all_STORE, e, &dummy_nid, 1, 1); +- return 1; +- } ++{ ++ if (e->store_meth) ++ return engine_table_register(&store_table, ++ engine_unregister_all_STORE, e, ++ &dummy_nid, 1, 1); ++ return 1; ++} + #endif + + #if 0 +-/* Exposed API function to get a functional reference from the implementation ++/* ++ * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural +- * references). */ ++ * references). ++ */ + ENGINE *ENGINE_get_default_STORE(void) +- { +- return engine_table_select(&store_table, dummy_nid); +- } ++{ ++ return engine_table_select(&store_table, dummy_nid); ++} + #endif + + /* Obtains an STORE implementation from an ENGINE functional reference */ + const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e) +- { +- return e->store_meth; +- } ++{ ++ return e->store_meth; ++} + + /* Sets an STORE implementation in an ENGINE structure */ + int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) +- { +- e->store_meth = store_meth; +- return 1; +- } ++{ ++ e->store_meth = store_meth; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c +index a25e5b3..424eed9 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err.c ++++ b/Cryptlib/OpenSSL/crypto/err/err.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -119,199 +119,207 @@ + #include + #include + +-static unsigned long get_error_values(int inc,int top, +- const char **file,int *line, +- const char **data,int *flags); ++static unsigned long get_error_values(int inc, int top, ++ const char **file, int *line, ++ const char **data, int *flags); + + #define err_clear_data(p,i) \ +- do { \ +- if (((p)->err_data[i] != NULL) && \ +- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ +- { \ +- OPENSSL_free((p)->err_data[i]); \ +- (p)->err_data[i]=NULL; \ +- } \ +- (p)->err_data_flags[i]=0; \ +- } while(0) ++ do { \ ++ if (((p)->err_data[i] != NULL) && \ ++ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ ++ { \ ++ OPENSSL_free((p)->err_data[i]); \ ++ (p)->err_data[i]=NULL; \ ++ } \ ++ (p)->err_data_flags[i]=0; \ ++ } while(0) + + #define err_clear(p,i) \ +- do { \ +- (p)->err_flags[i]=0; \ +- (p)->err_buffer[i]=0; \ +- err_clear_data(p,i); \ +- (p)->err_file[i]=NULL; \ +- (p)->err_line[i]= -1; \ +- } while(0) +- +-void ERR_put_error(int lib, int func, int reason, const char *file, +- int line) +- { +- ERR_STATE *es; ++ do { \ ++ (p)->err_flags[i]=0; \ ++ (p)->err_buffer[i]=0; \ ++ err_clear_data(p,i); \ ++ (p)->err_file[i]=NULL; \ ++ (p)->err_line[i]= -1; \ ++ } while(0) ++ ++void ERR_put_error(int lib, int func, int reason, const char *file, int line) ++{ ++ ERR_STATE *es; + + #ifdef _OSD_POSIX +- /* In the BS2000-OSD POSIX subsystem, the compiler generates +- * path names in the form "*POSIX(/etc/passwd)". +- * This dirty hack strips them to something sensible. +- * @@@ We shouldn't modify a const string, though. +- */ +- if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) { +- char *end; +- +- /* Skip the "*POSIX(" prefix */ +- file += sizeof("*POSIX(")-1; +- end = &file[strlen(file)-1]; +- if (*end == ')') +- *end = '\0'; +- /* Optional: use the basename of the path only. */ +- if ((end = strrchr(file, '/')) != NULL) +- file = &end[1]; +- } ++ /* ++ * In the BS2000-OSD POSIX subsystem, the compiler generates path names ++ * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to ++ * something sensible. @@@ We shouldn't modify a const string, though. ++ */ ++ if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) { ++ char *end; ++ ++ /* Skip the "*POSIX(" prefix */ ++ file += sizeof("*POSIX(") - 1; ++ end = &file[strlen(file) - 1]; ++ if (*end == ')') ++ *end = '\0'; ++ /* Optional: use the basename of the path only. */ ++ if ((end = strrchr(file, '/')) != NULL) ++ file = &end[1]; ++ } + #endif +- es=ERR_get_state(); +- +- es->top=(es->top+1)%ERR_NUM_ERRORS; +- if (es->top == es->bottom) +- es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; +- es->err_flags[es->top]=0; +- es->err_buffer[es->top]=ERR_PACK(lib,func,reason); +- es->err_file[es->top]=file; +- es->err_line[es->top]=line; +- err_clear_data(es,es->top); +- } ++ es = ERR_get_state(); ++ ++ es->top = (es->top + 1) % ERR_NUM_ERRORS; ++ if (es->top == es->bottom) ++ es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS; ++ es->err_flags[es->top] = 0; ++ es->err_buffer[es->top] = ERR_PACK(lib, func, reason); ++ es->err_file[es->top] = file; ++ es->err_line[es->top] = line; ++ err_clear_data(es, es->top); ++} + + void ERR_clear_error(void) +- { +- int i; +- ERR_STATE *es; ++{ ++ int i; ++ ERR_STATE *es; + +- es=ERR_get_state(); +- +- for (i=0; itop=es->bottom=0; +- } ++ es = ERR_get_state(); + ++ for (i = 0; i < ERR_NUM_ERRORS; i++) { ++ err_clear(es, i); ++ } ++ es->top = es->bottom = 0; ++} + + unsigned long ERR_get_error(void) +- { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); } ++{ ++ return (get_error_values(1, 0, NULL, NULL, NULL, NULL)); ++} + +-unsigned long ERR_get_error_line(const char **file, +- int *line) +- { return(get_error_values(1,0,file,line,NULL,NULL)); } ++unsigned long ERR_get_error_line(const char **file, int *line) ++{ ++ return (get_error_values(1, 0, file, line, NULL, NULL)); ++} + + unsigned long ERR_get_error_line_data(const char **file, int *line, +- const char **data, int *flags) +- { return(get_error_values(1,0,file,line,data,flags)); } +- ++ const char **data, int *flags) ++{ ++ return (get_error_values(1, 0, file, line, data, flags)); ++} + + unsigned long ERR_peek_error(void) +- { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); } ++{ ++ return (get_error_values(0, 0, NULL, NULL, NULL, NULL)); ++} + + unsigned long ERR_peek_error_line(const char **file, int *line) +- { return(get_error_values(0,0,file,line,NULL,NULL)); } ++{ ++ return (get_error_values(0, 0, file, line, NULL, NULL)); ++} + + unsigned long ERR_peek_error_line_data(const char **file, int *line, +- const char **data, int *flags) +- { return(get_error_values(0,0,file,line,data,flags)); } +- ++ const char **data, int *flags) ++{ ++ return (get_error_values(0, 0, file, line, data, flags)); ++} + + unsigned long ERR_peek_last_error(void) +- { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); } ++{ ++ return (get_error_values(0, 1, NULL, NULL, NULL, NULL)); ++} + + unsigned long ERR_peek_last_error_line(const char **file, int *line) +- { return(get_error_values(0,1,file,line,NULL,NULL)); } ++{ ++ return (get_error_values(0, 1, file, line, NULL, NULL)); ++} + + unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +- const char **data, int *flags) +- { return(get_error_values(0,1,file,line,data,flags)); } +- +- +-static unsigned long get_error_values(int inc, int top, const char **file, int *line, +- const char **data, int *flags) +- { +- int i=0; +- ERR_STATE *es; +- unsigned long ret; +- +- es=ERR_get_state(); +- +- if (inc && top) +- { +- if (file) *file = ""; +- if (line) *line = 0; +- if (data) *data = ""; +- if (flags) *flags = 0; +- +- return ERR_R_INTERNAL_ERROR; +- } +- +- if (es->bottom == es->top) return 0; +- if (top) +- i=es->top; /* last error */ +- else +- i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */ +- +- ret=es->err_buffer[i]; +- if (inc) +- { +- es->bottom=i; +- es->err_buffer[i]=0; +- } +- +- if ((file != NULL) && (line != NULL)) +- { +- if (es->err_file[i] == NULL) +- { +- *file="NA"; +- if (line != NULL) *line=0; +- } +- else +- { +- *file=es->err_file[i]; +- if (line != NULL) *line=es->err_line[i]; +- } +- } +- +- if (data == NULL) +- { +- if (inc) +- { +- err_clear_data(es, i); +- } +- } +- else +- { +- if (es->err_data[i] == NULL) +- { +- *data=""; +- if (flags != NULL) *flags=0; +- } +- else +- { +- *data=es->err_data[i]; +- if (flags != NULL) *flags=es->err_data_flags[i]; +- } +- } +- return ret; +- } ++ const char **data, int *flags) ++{ ++ return (get_error_values(0, 1, file, line, data, flags)); ++} ++ ++static unsigned long get_error_values(int inc, int top, const char **file, ++ int *line, const char **data, ++ int *flags) ++{ ++ int i = 0; ++ ERR_STATE *es; ++ unsigned long ret; ++ ++ es = ERR_get_state(); ++ ++ if (inc && top) { ++ if (file) ++ *file = ""; ++ if (line) ++ *line = 0; ++ if (data) ++ *data = ""; ++ if (flags) ++ *flags = 0; ++ ++ return ERR_R_INTERNAL_ERROR; ++ } ++ ++ if (es->bottom == es->top) ++ return 0; ++ if (top) ++ i = es->top; /* last error */ ++ else ++ i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */ ++ ++ ret = es->err_buffer[i]; ++ if (inc) { ++ es->bottom = i; ++ es->err_buffer[i] = 0; ++ } ++ ++ if ((file != NULL) && (line != NULL)) { ++ if (es->err_file[i] == NULL) { ++ *file = "NA"; ++ if (line != NULL) ++ *line = 0; ++ } else { ++ *file = es->err_file[i]; ++ if (line != NULL) ++ *line = es->err_line[i]; ++ } ++ } ++ ++ if (data == NULL) { ++ if (inc) { ++ err_clear_data(es, i); ++ } ++ } else { ++ if (es->err_data[i] == NULL) { ++ *data = ""; ++ if (flags != NULL) ++ *flags = 0; ++ } else { ++ *data = es->err_data[i]; ++ if (flags != NULL) ++ *flags = es->err_data_flags[i]; ++ } ++ } ++ return ret; ++} + + void ERR_set_error_data(char *data, int flags) +- { +- ERR_STATE *es; +- int i; ++{ ++ ERR_STATE *es; ++ int i; + +- es=ERR_get_state(); ++ es = ERR_get_state(); + +- i=es->top; +- if (i == 0) +- i=ERR_NUM_ERRORS-1; ++ i = es->top; ++ if (i == 0) ++ i = ERR_NUM_ERRORS - 1; + +- err_clear_data(es,i); +- es->err_data[i]=data; +- es->err_data_flags[i]=flags; +- } ++ err_clear_data(es, i); ++ es->err_data[i] = data; ++ es->err_data_flags[i] = flags; ++} + + /* Add EFIAPI for UEFI version. */ + #if defined(OPENSSL_SYS_UEFI) +@@ -319,103 +327,101 @@ void EFIAPI ERR_add_error_data(int num, ...) + #else + void ERR_add_error_data(int num, ...) + #endif +- { +- va_list args; +- int i,n,s; +- char *str,*p,*a; +- +- s=80; +- str=OPENSSL_malloc(s+1); +- if (str == NULL) return; +- str[0]='\0'; +- +- va_start(args, num); +- n=0; +- for (i=0; i */ +- if (a != NULL) +- { +- n+=strlen(a); +- if (n > s) +- { +- s=n+20; +- p=OPENSSL_realloc(str,s+1); +- if (p == NULL) +- { +- OPENSSL_free(str); +- goto err; +- } +- else +- str=p; +- } +- BUF_strlcat(str,a,(size_t)s+1); +- } +- } +- ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); +- +-err: +- va_end(args); +- } ++{ ++ va_list args; ++ int i, n, s; ++ char *str, *p, *a; ++ ++ s = 80; ++ str = OPENSSL_malloc(s + 1); ++ if (str == NULL) ++ return; ++ str[0] = '\0'; ++ ++ va_start(args, num); ++ n = 0; ++ for (i = 0; i < num; i++) { ++ a = va_arg(args, char *); ++ /* ignore NULLs, thanks to Bob Beck */ ++ if (a != NULL) { ++ n += strlen(a); ++ if (n > s) { ++ s = n + 20; ++ p = OPENSSL_realloc(str, s + 1); ++ if (p == NULL) { ++ OPENSSL_free(str); ++ goto err; ++ } else ++ str = p; ++ } ++ BUF_strlcat(str, a, (size_t)s + 1); ++ } ++ } ++ ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); ++ ++ err: ++ va_end(args); ++} + + int ERR_set_mark(void) +- { +- ERR_STATE *es; ++{ ++ ERR_STATE *es; + +- es=ERR_get_state(); ++ es = ERR_get_state(); + +- if (es->bottom == es->top) return 0; +- es->err_flags[es->top]|=ERR_FLAG_MARK; +- return 1; +- } ++ if (es->bottom == es->top) ++ return 0; ++ es->err_flags[es->top] |= ERR_FLAG_MARK; ++ return 1; ++} + + int ERR_pop_to_mark(void) +- { +- ERR_STATE *es; +- +- es=ERR_get_state(); +- +- while(es->bottom != es->top +- && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) +- { +- err_clear(es,es->top); +- es->top-=1; +- if (es->top == -1) es->top=ERR_NUM_ERRORS-1; +- } +- +- if (es->bottom == es->top) return 0; +- es->err_flags[es->top]&=~ERR_FLAG_MARK; +- return 1; +- } ++{ ++ ERR_STATE *es; ++ ++ es = ERR_get_state(); ++ ++ while (es->bottom != es->top ++ && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { ++ err_clear(es, es->top); ++ es->top -= 1; ++ if (es->top == -1) ++ es->top = ERR_NUM_ERRORS - 1; ++ } ++ ++ if (es->bottom == es->top) ++ return 0; ++ es->err_flags[es->top] &= ~ERR_FLAG_MARK; ++ return 1; ++} + + #ifdef OPENSSL_FIPS + + static ERR_STATE *fget_state(void) +- { +- static ERR_STATE fstate; +- return &fstate; +- } ++{ ++ static ERR_STATE fstate; ++ return &fstate; ++} + +-ERR_STATE *(*get_state_func)(void) = fget_state; +-void (*remove_state_func)(unsigned long pid); ++ERR_STATE *(*get_state_func) (void) = fget_state; ++void (*remove_state_func) (unsigned long pid); + + ERR_STATE *ERR_get_state(void) +- { +- return get_state_func(); +- } ++{ ++ return get_state_func(); ++} + +-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), +- void (*remove_func)(unsigned long pid)) +- { +- get_state_func = get_func; +- remove_state_func = remove_func; +- } ++void int_ERR_set_state_func(ERR_STATE *(*get_func) (void), ++ void (*remove_func) (unsigned long pid)) ++{ ++ get_state_func = get_func; ++ remove_state_func = remove_func; ++} + + void ERR_remove_state(unsigned long pid) +- { +- if (remove_state_func) +- remove_state_func(pid); +- } ++{ ++ if (remove_state_func) ++ remove_state_func(pid); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +index 0429389..6e12a7e 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_all.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_all.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,24 +60,24 @@ + #include + #include + #ifndef OPENSSL_NO_EC +-#include ++# include + #endif + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_ECDSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_ECDH +-#include ++# include + #endif + #include + #include +@@ -89,77 +89,77 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #ifndef OPENSSL_NO_CMS +-#include ++# include + #endif + #ifndef OPENSSL_NO_JPAKE +-#include ++# include + #endif + #ifndef OPENSSL_NO_COMP +-#include ++# include + #endif + + void ERR_load_crypto_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR +- ERR_load_ERR_strings(); /* include error strings for SYSerr */ +- ERR_load_BN_strings(); +-#ifndef OPENSSL_NO_RSA +- ERR_load_RSA_strings(); +-#endif +-#ifndef OPENSSL_NO_DH +- ERR_load_DH_strings(); +-#endif +- ERR_load_EVP_strings(); +- ERR_load_BUF_strings(); +- ERR_load_OBJ_strings(); +- ERR_load_PEM_strings(); +-#ifndef OPENSSL_NO_DSA +- ERR_load_DSA_strings(); +-#endif +- ERR_load_X509_strings(); +- ERR_load_ASN1_strings(); +- ERR_load_CONF_strings(); +- ERR_load_CRYPTO_strings(); +-#ifndef OPENSSL_NO_EC +- ERR_load_EC_strings(); +-#endif +-#ifndef OPENSSL_NO_ECDSA +- ERR_load_ECDSA_strings(); +-#endif +-#ifndef OPENSSL_NO_ECDH +- ERR_load_ECDH_strings(); +-#endif +- /* skip ERR_load_SSL_strings() because it is not in this library */ +- ERR_load_BIO_strings(); +- ERR_load_PKCS7_strings(); +- ERR_load_X509V3_strings(); +- ERR_load_PKCS12_strings(); +- ERR_load_RAND_strings(); +- ERR_load_DSO_strings(); +-#ifndef OPENSSL_NO_ENGINE +- ERR_load_ENGINE_strings(); +-#endif +- ERR_load_OCSP_strings(); +- ERR_load_UI_strings(); +-#ifdef OPENSSL_FIPS +- ERR_load_FIPS_strings(); +-#endif +-#ifndef OPENSSL_NO_CMS +- ERR_load_CMS_strings(); +-#endif +-#ifndef OPENSSL_NO_JPAKE +- ERR_load_JPAKE_strings(); +-#endif +- ERR_load_COMP_strings(); +-#endif +- } ++ ERR_load_ERR_strings(); /* include error strings for SYSerr */ ++ ERR_load_BN_strings(); ++# ifndef OPENSSL_NO_RSA ++ ERR_load_RSA_strings(); ++# endif ++# ifndef OPENSSL_NO_DH ++ ERR_load_DH_strings(); ++# endif ++ ERR_load_EVP_strings(); ++ ERR_load_BUF_strings(); ++ ERR_load_OBJ_strings(); ++ ERR_load_PEM_strings(); ++# ifndef OPENSSL_NO_DSA ++ ERR_load_DSA_strings(); ++# endif ++ ERR_load_X509_strings(); ++ ERR_load_ASN1_strings(); ++ ERR_load_CONF_strings(); ++ ERR_load_CRYPTO_strings(); ++# ifndef OPENSSL_NO_EC ++ ERR_load_EC_strings(); ++# endif ++# ifndef OPENSSL_NO_ECDSA ++ ERR_load_ECDSA_strings(); ++# endif ++# ifndef OPENSSL_NO_ECDH ++ ERR_load_ECDH_strings(); ++# endif ++ /* skip ERR_load_SSL_strings() because it is not in this library */ ++ ERR_load_BIO_strings(); ++ ERR_load_PKCS7_strings(); ++ ERR_load_X509V3_strings(); ++ ERR_load_PKCS12_strings(); ++ ERR_load_RAND_strings(); ++ ERR_load_DSO_strings(); ++# ifndef OPENSSL_NO_ENGINE ++ ERR_load_ENGINE_strings(); ++# endif ++ ERR_load_OCSP_strings(); ++ ERR_load_UI_strings(); ++# ifdef OPENSSL_FIPS ++ ERR_load_FIPS_strings(); ++# endif ++# ifndef OPENSSL_NO_CMS ++ ERR_load_CMS_strings(); ++# endif ++# ifndef OPENSSL_NO_JPAKE ++ ERR_load_JPAKE_strings(); ++# endif ++ ERR_load_COMP_strings(); ++#endif ++} +diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c +index a42f804..b8b22fa 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_bio.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_bio.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,12 +64,11 @@ + #include + + static int print_bio(const char *str, size_t len, void *bp) +- { +- return BIO_write((BIO *)bp, str, len); +- } +-void ERR_print_errors(BIO *bp) +- { +- ERR_print_errors_cb(print_bio, bp); +- } ++{ ++ return BIO_write((BIO *)bp, str, len); ++} + +- ++void ERR_print_errors(BIO *bp) ++{ ++ ERR_print_errors_cb(print_bio, bp); ++} +diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c +index 7ed3d84..8144652 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_def.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_def.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -120,47 +120,46 @@ + #include + + #define err_clear_data(p,i) \ +- do { \ +- if (((p)->err_data[i] != NULL) && \ +- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ +- { \ +- OPENSSL_free((p)->err_data[i]); \ +- (p)->err_data[i]=NULL; \ +- } \ +- (p)->err_data_flags[i]=0; \ +- } while(0) ++ do { \ ++ if (((p)->err_data[i] != NULL) && \ ++ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ ++ { \ ++ OPENSSL_free((p)->err_data[i]); \ ++ (p)->err_data[i]=NULL; \ ++ } \ ++ (p)->err_data_flags[i]=0; \ ++ } while(0) + + #define err_clear(p,i) \ +- do { \ +- (p)->err_flags[i]=0; \ +- (p)->err_buffer[i]=0; \ +- err_clear_data(p,i); \ +- (p)->err_file[i]=NULL; \ +- (p)->err_line[i]= -1; \ +- } while(0) ++ do { \ ++ (p)->err_flags[i]=0; \ ++ (p)->err_buffer[i]=0; \ ++ err_clear_data(p,i); \ ++ (p)->err_file[i]=NULL; \ ++ (p)->err_line[i]= -1; \ ++ } while(0) + + static void err_load_strings(int lib, ERR_STRING_DATA *str); + + static void ERR_STATE_free(ERR_STATE *s); + + /* Define the predeclared (but externally opaque) "ERR_FNS" type */ +-struct st_ERR_FNS +- { +- /* Works on the "error_hash" string table */ +- LHASH *(*cb_err_get)(int create); +- void (*cb_err_del)(void); +- ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); +- ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); +- ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); +- /* Works on the "thread_hash" error-state table */ +- LHASH *(*cb_thread_get)(int create); +- void (*cb_thread_release)(LHASH **hash); +- ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); +- ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); +- void (*cb_thread_del_item)(const ERR_STATE *); +- /* Returns the next available error "library" numbers */ +- int (*cb_get_next_lib)(void); +- }; ++struct st_ERR_FNS { ++ /* Works on the "error_hash" string table */ ++ LHASH *(*cb_err_get) (int create); ++ void (*cb_err_del) (void); ++ ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *); ++ ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *); ++ ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *); ++ /* Works on the "thread_hash" error-state table */ ++ LHASH *(*cb_thread_get) (int create); ++ void (*cb_thread_release) (LHASH **hash); ++ ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *); ++ ERR_STATE *(*cb_thread_set_item) (ERR_STATE *); ++ void (*cb_thread_del_item) (const ERR_STATE *); ++ /* Returns the next available error "library" numbers */ ++ int (*cb_get_next_lib) (void); ++}; + + /* Predeclarations of the "err_defaults" functions */ + static LHASH *int_err_get(int create); +@@ -175,20 +174,19 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *); + static void int_thread_del_item(const ERR_STATE *); + static int int_err_get_next_lib(void); + /* The static ERR_FNS table using these defaults functions */ +-static const ERR_FNS err_defaults = +- { +- int_err_get, +- int_err_del, +- int_err_get_item, +- int_err_set_item, +- int_err_del_item, +- int_thread_get, +- int_thread_release, +- int_thread_get_item, +- int_thread_set_item, +- int_thread_del_item, +- int_err_get_next_lib +- }; ++static const ERR_FNS err_defaults = { ++ int_err_get, ++ int_err_del, ++ int_err_get_item, ++ int_err_set_item, ++ int_err_del_item, ++ int_thread_get, ++ int_thread_release, ++ int_thread_get_item, ++ int_thread_set_item, ++ int_thread_del_item, ++ int_err_get_next_lib ++}; + + /* The replacable table of ERR_FNS functions we use at run-time */ + static const ERR_FNS *err_fns = NULL; +@@ -196,54 +194,62 @@ static const ERR_FNS *err_fns = NULL; + /* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ + #define ERRFN(a) err_fns->cb_##a + +-/* The internal state used by "err_defaults" - as such, the setting, reading, ++/* ++ * The internal state used by "err_defaults" - as such, the setting, reading, + * creating, and deleting of this data should only be permitted via the +- * "err_defaults" functions. This way, a linked module can completely defer all +- * ERR state operation (together with requisite locking) to the implementations +- * and state in the loading application. */ ++ * "err_defaults" functions. This way, a linked module can completely defer ++ * all ERR state operation (together with requisite locking) to the ++ * implementations and state in the loading application. ++ */ + static LHASH *int_error_hash = NULL; + static LHASH *int_thread_hash = NULL; + static int int_thread_hash_references = 0; +-static int int_err_library_number= ERR_LIB_USER; ++static int int_err_library_number = ERR_LIB_USER; + +-/* Internal function that checks whether "err_fns" is set and if not, sets it to +- * the defaults. */ ++/* ++ * Internal function that checks whether "err_fns" is set and if not, sets it ++ * to the defaults. ++ */ + static void err_fns_check(void) +- { +- if (err_fns) return; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!err_fns) +- err_fns = &err_defaults; +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- } ++{ ++ if (err_fns) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!err_fns) ++ err_fns = &err_defaults; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} + + /* API functions to get or set the underlying ERR functions. */ + + const ERR_FNS *ERR_get_implementation(void) +- { +- err_fns_check(); +- return err_fns; +- } ++{ ++ err_fns_check(); ++ return err_fns; ++} + + int ERR_set_implementation(const ERR_FNS *fns) +- { +- int ret = 0; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting +- * an error is there?! */ +- if (!err_fns) +- { +- err_fns = fns; +- ret = 1; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- return ret; +- } +- +-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables +- * internal to the "err_defaults" implementation. */ ++{ ++ int ret = 0; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ /* ++ * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an ++ * error is there?! ++ */ ++ if (!err_fns) { ++ err_fns = fns; ++ ret = 1; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return ret; ++} ++ ++/* ++ * These are the callbacks provided to "lh_new()" when creating the LHASH ++ * tables internal to the "err_defaults" implementation. ++ */ + + /* static unsigned long err_hash(ERR_STRING_DATA *a); */ + static unsigned long err_hash(const void *a_void); +@@ -252,414 +258,408 @@ static int err_cmp(const void *a_void, const void *b_void); + /* static unsigned long pid_hash(ERR_STATE *pid); */ + static unsigned long pid_hash(const void *pid_void); + /* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ +-static int pid_cmp(const void *a_void,const void *pid_void); ++static int pid_cmp(const void *a_void, const void *pid_void); + + /* The internal functions used in the "err_defaults" implementation */ + + static LHASH *int_err_get(int create) +- { +- LHASH *ret = NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!int_error_hash && create) +- { +- CRYPTO_push_info("int_err_get (err.c)"); +- int_error_hash = lh_new(err_hash, err_cmp); +- CRYPTO_pop_info(); +- } +- if (int_error_hash) +- ret = int_error_hash; +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- return ret; +- } ++{ ++ LHASH *ret = NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!int_error_hash && create) { ++ CRYPTO_push_info("int_err_get (err.c)"); ++ int_error_hash = lh_new(err_hash, err_cmp); ++ CRYPTO_pop_info(); ++ } ++ if (int_error_hash) ++ ret = int_error_hash; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return ret; ++} + + static void int_err_del(void) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (int_error_hash) +- { +- lh_free(int_error_hash); +- int_error_hash = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- } ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (int_error_hash) { ++ lh_free(int_error_hash); ++ int_error_hash = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} + + static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) +- { +- ERR_STRING_DATA *p; +- LHASH *hash; ++{ ++ ERR_STRING_DATA *p; ++ LHASH *hash; + +- err_fns_check(); +- hash = ERRFN(err_get)(0); +- if (!hash) +- return NULL; ++ err_fns_check(); ++ hash = ERRFN(err_get) (0); ++ if (!hash) ++ return NULL; + +- CRYPTO_r_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STRING_DATA *)lh_retrieve(hash, d); +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ p = (ERR_STRING_DATA *)lh_retrieve(hash, d); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + +- return p; +- } ++ return p; ++} + + static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) +- { +- ERR_STRING_DATA *p; +- LHASH *hash; ++{ ++ ERR_STRING_DATA *p; ++ LHASH *hash; + +- err_fns_check(); +- hash = ERRFN(err_get)(1); +- if (!hash) +- return NULL; ++ err_fns_check(); ++ hash = ERRFN(err_get) (1); ++ if (!hash) ++ return NULL; + +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STRING_DATA *)lh_insert(hash, d); +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = (ERR_STRING_DATA *)lh_insert(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + +- return p; +- } ++ return p; ++} + + static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) +- { +- ERR_STRING_DATA *p; +- LHASH *hash; ++{ ++ ERR_STRING_DATA *p; ++ LHASH *hash; + +- err_fns_check(); +- hash = ERRFN(err_get)(0); +- if (!hash) +- return NULL; ++ err_fns_check(); ++ hash = ERRFN(err_get) (0); ++ if (!hash) ++ return NULL; + +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STRING_DATA *)lh_delete(hash, d); +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = (ERR_STRING_DATA *)lh_delete(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + +- return p; +- } ++ return p; ++} + + static LHASH *int_thread_get(int create) +- { +- LHASH *ret = NULL; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!int_thread_hash && create) +- { +- CRYPTO_push_info("int_thread_get (err.c)"); +- int_thread_hash = lh_new(pid_hash, pid_cmp); +- CRYPTO_pop_info(); +- } +- if (int_thread_hash) +- { +- int_thread_hash_references++; +- ret = int_thread_hash; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- return ret; +- } ++{ ++ LHASH *ret = NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!int_thread_hash && create) { ++ CRYPTO_push_info("int_thread_get (err.c)"); ++ int_thread_hash = lh_new(pid_hash, pid_cmp); ++ CRYPTO_pop_info(); ++ } ++ if (int_thread_hash) { ++ int_thread_hash_references++; ++ ret = int_thread_hash; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return ret; ++} + + static void int_thread_release(LHASH **hash) +- { +- int i; ++{ ++ int i; + +- if (hash == NULL || *hash == NULL) +- return; ++ if (hash == NULL || *hash == NULL) ++ return; + +- i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); ++ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + + #ifdef REF_PRINT +- fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); ++ fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR"); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"int_thread_release, bad reference count\n"); +- abort(); /* ok */ +- } ++ if (i < 0) { ++ fprintf(stderr, "int_thread_release, bad reference count\n"); ++ abort(); /* ok */ ++ } + #endif +- *hash = NULL; +- } ++ *hash = NULL; ++} + + static ERR_STATE *int_thread_get_item(const ERR_STATE *d) +- { +- ERR_STATE *p; +- LHASH *hash; ++{ ++ ERR_STATE *p; ++ LHASH *hash; + +- err_fns_check(); +- hash = ERRFN(thread_get)(0); +- if (!hash) +- return NULL; ++ err_fns_check(); ++ hash = ERRFN(thread_get) (0); ++ if (!hash) ++ return NULL; + +- CRYPTO_r_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STATE *)lh_retrieve(hash, d); +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ p = (ERR_STATE *)lh_retrieve(hash, d); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + +- ERRFN(thread_release)(&hash); +- return p; +- } ++ ERRFN(thread_release) (&hash); ++ return p; ++} + + static ERR_STATE *int_thread_set_item(ERR_STATE *d) +- { +- ERR_STATE *p; +- LHASH *hash; ++{ ++ ERR_STATE *p; ++ LHASH *hash; + +- err_fns_check(); +- hash = ERRFN(thread_get)(1); +- if (!hash) +- return NULL; ++ err_fns_check(); ++ hash = ERRFN(thread_get) (1); ++ if (!hash) ++ return NULL; + +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STATE *)lh_insert(hash, d); +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = (ERR_STATE *)lh_insert(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + +- ERRFN(thread_release)(&hash); +- return p; +- } ++ ERRFN(thread_release) (&hash); ++ return p; ++} + + static void int_thread_del_item(const ERR_STATE *d) +- { +- ERR_STATE *p; +- LHASH *hash; +- +- err_fns_check(); +- hash = ERRFN(thread_get)(0); +- if (!hash) +- return; +- +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- p = (ERR_STATE *)lh_delete(hash, d); +- /* make sure we don't leak memory */ +- if (int_thread_hash_references == 1 +- && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) +- { +- lh_free(int_thread_hash); +- int_thread_hash = NULL; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- +- ERRFN(thread_release)(&hash); +- if (p) +- ERR_STATE_free(p); +- } ++{ ++ ERR_STATE *p; ++ LHASH *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (0); ++ if (!hash) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = (ERR_STATE *)lh_delete(hash, d); ++ /* make sure we don't leak memory */ ++ if (int_thread_hash_references == 1 ++ && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) { ++ lh_free(int_thread_hash); ++ int_thread_hash = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ ERRFN(thread_release) (&hash); ++ if (p) ++ ERR_STATE_free(p); ++} + + static int int_err_get_next_lib(void) +- { +- int ret; ++{ ++ int ret; + +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- ret = int_err_library_number++; +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ ret = int_err_library_number++; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + +- return ret; +- } ++ return ret; ++} + + static void ERR_STATE_free(ERR_STATE *s) +- { +- int i; ++{ ++ int i; + +- if (s == NULL) +- return; ++ if (s == NULL) ++ return; + +- for (i=0; ierror) +- { +- if (lib) +- str->error|=ERR_PACK(lib,0,0); +- ERRFN(err_set_item)(str); +- str++; +- } +- } ++{ ++ while (str->error) { ++ if (lib) ++ str->error |= ERR_PACK(lib, 0, 0); ++ ERRFN(err_set_item) (str); ++ str++; ++ } ++} + + void ERR_load_strings(int lib, ERR_STRING_DATA *str) +- { +- err_fns_check(); +- err_load_strings(lib, str); +- } ++{ ++ err_fns_check(); ++ err_load_strings(lib, str); ++} + + void ERR_unload_strings(int lib, ERR_STRING_DATA *str) +- { +- while (str->error) +- { +- if (lib) +- str->error|=ERR_PACK(lib,0,0); +- ERRFN(err_del_item)(str); +- str++; +- } +- } ++{ ++ while (str->error) { ++ if (lib) ++ str->error |= ERR_PACK(lib, 0, 0); ++ ERRFN(err_del_item) (str); ++ str++; ++ } ++} + + void ERR_free_strings(void) +- { +- err_fns_check(); +- ERRFN(err_del)(); +- } ++{ ++ err_fns_check(); ++ ERRFN(err_del) (); ++} + + LHASH *ERR_get_string_table(void) +- { +- err_fns_check(); +- return ERRFN(err_get)(0); +- } ++{ ++ err_fns_check(); ++ return ERRFN(err_get) (0); ++} + + LHASH *ERR_get_err_state_table(void) +- { +- err_fns_check(); +- return ERRFN(thread_get)(0); +- } ++{ ++ err_fns_check(); ++ return ERRFN(thread_get) (0); ++} + + void ERR_release_err_state_table(LHASH **hash) +- { +- err_fns_check(); +- ERRFN(thread_release)(hash); +- } ++{ ++ err_fns_check(); ++ ERRFN(thread_release) (hash); ++} + + const char *ERR_lib_error_string(unsigned long e) +- { +- ERR_STRING_DATA d,*p; +- unsigned long l; ++{ ++ ERR_STRING_DATA d, *p; ++ unsigned long l; + +- err_fns_check(); +- l=ERR_GET_LIB(e); +- d.error=ERR_PACK(l,0,0); +- p=ERRFN(err_get_item)(&d); +- return((p == NULL)?NULL:p->string); +- } ++ err_fns_check(); ++ l = ERR_GET_LIB(e); ++ d.error = ERR_PACK(l, 0, 0); ++ p = ERRFN(err_get_item) (&d); ++ return ((p == NULL) ? NULL : p->string); ++} + + const char *ERR_func_error_string(unsigned long e) +- { +- ERR_STRING_DATA d,*p; +- unsigned long l,f; +- +- err_fns_check(); +- l=ERR_GET_LIB(e); +- f=ERR_GET_FUNC(e); +- d.error=ERR_PACK(l,f,0); +- p=ERRFN(err_get_item)(&d); +- return((p == NULL)?NULL:p->string); +- } ++{ ++ ERR_STRING_DATA d, *p; ++ unsigned long l, f; ++ ++ err_fns_check(); ++ l = ERR_GET_LIB(e); ++ f = ERR_GET_FUNC(e); ++ d.error = ERR_PACK(l, f, 0); ++ p = ERRFN(err_get_item) (&d); ++ return ((p == NULL) ? NULL : p->string); ++} + + const char *ERR_reason_error_string(unsigned long e) +- { +- ERR_STRING_DATA d,*p=NULL; +- unsigned long l,r; +- +- err_fns_check(); +- l=ERR_GET_LIB(e); +- r=ERR_GET_REASON(e); +- d.error=ERR_PACK(l,0,r); +- p=ERRFN(err_get_item)(&d); +- if (!p) +- { +- d.error=ERR_PACK(0,0,r); +- p=ERRFN(err_get_item)(&d); +- } +- return((p == NULL)?NULL:p->string); +- } ++{ ++ ERR_STRING_DATA d, *p = NULL; ++ unsigned long l, r; ++ ++ err_fns_check(); ++ l = ERR_GET_LIB(e); ++ r = ERR_GET_REASON(e); ++ d.error = ERR_PACK(l, 0, r); ++ p = ERRFN(err_get_item) (&d); ++ if (!p) { ++ d.error = ERR_PACK(0, 0, r); ++ p = ERRFN(err_get_item) (&d); ++ } ++ return ((p == NULL) ? NULL : p->string); ++} + + /* static unsigned long err_hash(ERR_STRING_DATA *a) */ + static unsigned long err_hash(const void *a_void) +- { +- unsigned long ret,l; ++{ ++ unsigned long ret, l; + +- l=((const ERR_STRING_DATA *)a_void)->error; +- ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); +- return(ret^ret%19*13); +- } ++ l = ((const ERR_STRING_DATA *)a_void)->error; ++ ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l); ++ return (ret ^ ret % 19 * 13); ++} + + /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ + static int err_cmp(const void *a_void, const void *b_void) +- { +- return((int)(((const ERR_STRING_DATA *)a_void)->error - +- ((const ERR_STRING_DATA *)b_void)->error)); +- } ++{ ++ return ((int)(((const ERR_STRING_DATA *)a_void)->error - ++ ((const ERR_STRING_DATA *)b_void)->error)); ++} + + /* static unsigned long pid_hash(ERR_STATE *a) */ + static unsigned long pid_hash(const void *a_void) +- { +- return(((const ERR_STATE *)a_void)->pid*13); +- } ++{ ++ return (((const ERR_STATE *)a_void)->pid * 13); ++} + + /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ + static int pid_cmp(const void *a_void, const void *b_void) +- { +- return((int)((long)((const ERR_STATE *)a_void)->pid - +- (long)((const ERR_STATE *)b_void)->pid)); +- } ++{ ++ return ((int)((long)((const ERR_STATE *)a_void)->pid - ++ (long)((const ERR_STATE *)b_void)->pid)); ++} ++ + #ifdef OPENSSL_FIPS + static void int_err_remove_state(unsigned long pid) + #else + void ERR_remove_state(unsigned long pid) + #endif +- { +- ERR_STATE tmp; +- +- err_fns_check(); +- if (pid == 0) +- pid=(unsigned long)CRYPTO_thread_id(); +- tmp.pid=pid; +- /* thread_del_item automatically destroys the LHASH if the number of +- * items reaches zero. */ +- ERRFN(thread_del_item)(&tmp); +- } ++{ ++ ERR_STATE tmp; ++ ++ err_fns_check(); ++ if (pid == 0) ++ pid = (unsigned long)CRYPTO_thread_id(); ++ tmp.pid = pid; ++ /* ++ * thread_del_item automatically destroys the LHASH if the number of ++ * items reaches zero. ++ */ ++ ERRFN(thread_del_item) (&tmp); ++} + + #ifdef OPENSSL_FIPS +- static ERR_STATE *int_err_get_state(void) ++static ERR_STATE *int_err_get_state(void) + #else + ERR_STATE *ERR_get_state(void) + #endif +- { +- static ERR_STATE fallback; +- ERR_STATE *ret,tmp,*tmpp=NULL; +- int i; +- unsigned long pid; +- +- err_fns_check(); +- pid=(unsigned long)CRYPTO_thread_id(); +- tmp.pid=pid; +- ret=ERRFN(thread_get_item)(&tmp); +- +- /* ret == the error state, if NULL, make a new one */ +- if (ret == NULL) +- { +- ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); +- if (ret == NULL) return(&fallback); +- ret->pid=pid; +- ret->top=0; +- ret->bottom=0; +- for (i=0; ierr_data[i]=NULL; +- ret->err_data_flags[i]=0; +- } +- tmpp = ERRFN(thread_set_item)(ret); +- /* To check if insertion failed, do a get. */ +- if (ERRFN(thread_get_item)(ret) != ret) +- { +- ERR_STATE_free(ret); /* could not insert it */ +- return(&fallback); +- } +- /* If a race occured in this function and we came second, tmpp +- * is the first one that we just replaced. */ +- if (tmpp) +- ERR_STATE_free(tmpp); +- } +- return ret; +- } ++{ ++ static ERR_STATE fallback; ++ ERR_STATE *ret, tmp, *tmpp = NULL; ++ int i; ++ unsigned long pid; ++ ++ err_fns_check(); ++ pid = (unsigned long)CRYPTO_thread_id(); ++ tmp.pid = pid; ++ ret = ERRFN(thread_get_item) (&tmp); ++ ++ /* ret == the error state, if NULL, make a new one */ ++ if (ret == NULL) { ++ ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); ++ if (ret == NULL) ++ return (&fallback); ++ ret->pid = pid; ++ ret->top = 0; ++ ret->bottom = 0; ++ for (i = 0; i < ERR_NUM_ERRORS; i++) { ++ ret->err_data[i] = NULL; ++ ret->err_data_flags[i] = 0; ++ } ++ tmpp = ERRFN(thread_set_item) (ret); ++ /* To check if insertion failed, do a get. */ ++ if (ERRFN(thread_get_item) (ret) != ret) { ++ ERR_STATE_free(ret); /* could not insert it */ ++ return (&fallback); ++ } ++ /* ++ * If a race occured in this function and we came second, tmpp is the ++ * first one that we just replaced. ++ */ ++ if (tmpp) ++ ERR_STATE_free(tmpp); ++ } ++ return ret; ++} + + #ifdef OPENSSL_FIPS + void int_ERR_lib_init(void) +- { +- int_ERR_set_state_func(int_err_get_state, int_err_remove_state); +- } ++{ ++ int_ERR_set_state_func(int_err_get_state, int_err_remove_state); ++} + #endif + + int ERR_get_next_error_library(void) +- { +- err_fns_check(); +- return ERRFN(get_next_lib)(); +- } ++{ ++ err_fns_check(); ++ return ERRFN(get_next_lib) (); ++} +diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c +index 1e46f93..060853a 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_prn.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_prn.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,101 +63,104 @@ + #include + #include + +-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), +- void *u) +- { +- unsigned long l; +- char buf[256]; +- char buf2[4096]; +- const char *file,*data; +- int line,flags; +- unsigned long es; +- +- es=CRYPTO_thread_id(); +- while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) +- { +- ERR_error_string_n(l, buf, sizeof buf); +- BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, +- file, line, (flags & ERR_TXT_STRING) ? data : ""); +- if (cb(buf2, strlen(buf2), u) <= 0) +- break; /* abort outputting the error report */ +- } +- } ++void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), ++ void *u) ++{ ++ unsigned long l; ++ char buf[256]; ++ char buf2[4096]; ++ const char *file, *data; ++ int line, flags; ++ unsigned long es; ++ ++ es = CRYPTO_thread_id(); ++ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { ++ ERR_error_string_n(l, buf, sizeof buf); ++ BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, ++ file, line, (flags & ERR_TXT_STRING) ? data : ""); ++ if (cb(buf2, strlen(buf2), u) <= 0) ++ break; /* abort outputting the error report */ ++ } ++} + + #ifndef OPENSSL_NO_FP_API + static int print_fp(const char *str, size_t len, void *fp) +- { +- BIO bio; ++{ ++ BIO bio; ++ ++ BIO_set(&bio, BIO_s_file()); ++ BIO_set_fp(&bio, fp, BIO_NOCLOSE); + +- BIO_set(&bio,BIO_s_file()); +- BIO_set_fp(&bio,fp,BIO_NOCLOSE); ++ return BIO_printf(&bio, "%s", str); ++} + +- return BIO_printf(&bio, "%s", str); +- } + void ERR_print_errors_fp(FILE *fp) +- { +- ERR_print_errors_cb(print_fp, fp); +- } ++{ ++ ERR_print_errors_cb(print_fp, fp); ++} + #endif + + void ERR_error_string_n(unsigned long e, char *buf, size_t len) +- { +- char lsbuf[64], fsbuf[64], rsbuf[64]; +- const char *ls,*fs,*rs; +- unsigned long l,f,r; +- +- l=ERR_GET_LIB(e); +- f=ERR_GET_FUNC(e); +- r=ERR_GET_REASON(e); +- +- ls=ERR_lib_error_string(e); +- fs=ERR_func_error_string(e); +- rs=ERR_reason_error_string(e); +- +- if (ls == NULL) +- BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); +- if (fs == NULL) +- BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); +- if (rs == NULL) +- BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); +- +- BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, +- fs?fs:fsbuf, rs?rs:rsbuf); +- if (strlen(buf) == len-1) +- { +- /* output may be truncated; make sure we always have 5 +- * colon-separated fields, i.e. 4 colons ... */ ++{ ++ char lsbuf[64], fsbuf[64], rsbuf[64]; ++ const char *ls, *fs, *rs; ++ unsigned long l, f, r; ++ ++ l = ERR_GET_LIB(e); ++ f = ERR_GET_FUNC(e); ++ r = ERR_GET_REASON(e); ++ ++ ls = ERR_lib_error_string(e); ++ fs = ERR_func_error_string(e); ++ rs = ERR_reason_error_string(e); ++ ++ if (ls == NULL) ++ BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); ++ if (fs == NULL) ++ BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); ++ if (rs == NULL) ++ BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); ++ ++ BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf, ++ fs ? fs : fsbuf, rs ? rs : rsbuf); ++ if (strlen(buf) == len - 1) { ++ /* ++ * output may be truncated; make sure we always have 5 ++ * colon-separated fields, i.e. 4 colons ... ++ */ + #define NUM_COLONS 4 +- if (len > NUM_COLONS) /* ... if possible */ +- { +- int i; +- char *s = buf; +- +- for (i = 0; i < NUM_COLONS; i++) +- { +- char *colon = strchr(s, ':'); +- if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) +- { +- /* set colon no. i at last possible position +- * (buf[len-1] is the terminating 0)*/ +- colon = &buf[len-1] - NUM_COLONS + i; +- *colon = ':'; +- } +- s = colon + 1; +- } +- } +- } +- } ++ if (len > NUM_COLONS) { /* ... if possible */ ++ int i; ++ char *s = buf; ++ ++ for (i = 0; i < NUM_COLONS; i++) { ++ char *colon = strchr(s, ':'); ++ if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) { ++ /* ++ * set colon no. i at last possible position (buf[len-1] ++ * is the terminating 0) ++ */ ++ colon = &buf[len - 1] - NUM_COLONS + i; ++ *colon = ':'; ++ } ++ s = colon + 1; ++ } ++ } ++ } ++} + + /* BAD for multi-threading: uses a local buffer if ret == NULL */ +-/* ERR_error_string_n should be used instead for ret != NULL +- * as ERR_error_string cannot know how large the buffer is */ ++/* ++ * ERR_error_string_n should be used instead for ret != NULL as ++ * ERR_error_string cannot know how large the buffer is ++ */ + char *ERR_error_string(unsigned long e, char *ret) +- { +- static char buf[256]; ++{ ++ static char buf[256]; + +- if (ret == NULL) ret=buf; +- ERR_error_string_n(e, ret, 256); ++ if (ret == NULL) ++ ret = buf; ++ ERR_error_string_n(e, ret, 256); + +- return ret; +- } ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c +index d390408..5a642fb 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_str.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_str.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -120,176 +120,170 @@ + #include + + #ifndef OPENSSL_NO_ERR +-static ERR_STRING_DATA ERR_str_libraries[]= +- { +-{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, +-{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, +-{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, +-{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, +-{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, +-{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, +-{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, +-{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, +-{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, +-{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, +-{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, +-{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, +-{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, +-{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, +-{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, +-{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, +-{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, +-{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, +-{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, +-{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, +-{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, +-{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, +-{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, +-{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, +-{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, +-{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, +-{ERR_PACK(ERR_LIB_JPAKE,0,0) ,"JPAKE routines"}, +-{0,NULL}, +- }; ++static ERR_STRING_DATA ERR_str_libraries[] = { ++ {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"}, ++ {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"}, ++ {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"}, ++ {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"}, ++ {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"}, ++ {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"}, ++ {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"}, ++ {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"}, ++ {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"}, ++ {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"}, ++ {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"}, ++ {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"}, ++ {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, ++ {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, ++ {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, ++ {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, ++ {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, ++ {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, ++ {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"}, ++ {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"}, ++ {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"}, ++ {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"}, ++ {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, ++ {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, ++ {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, ++ {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, ++ {ERR_PACK(ERR_LIB_JPAKE, 0, 0), "JPAKE routines"}, ++ {0, NULL}, ++}; + +-static ERR_STRING_DATA ERR_str_functs[]= +- { +- {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, +- {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, +- {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, +- {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, +- {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, +- {ERR_PACK(0,SYS_F_BIND,0), "bind"}, +- {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, +- {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, +-#ifdef OPENSSL_SYS_WINDOWS +- {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, +-#endif +- {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, +- {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, +- {0,NULL}, +- }; ++static ERR_STRING_DATA ERR_str_functs[] = { ++ {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"}, ++ {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"}, ++ {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"}, ++ {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"}, ++ {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"}, ++ {ERR_PACK(0, SYS_F_BIND, 0), "bind"}, ++ {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"}, ++ {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"}, ++# ifdef OPENSSL_SYS_WINDOWS ++ {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"}, ++# endif ++ {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, ++ {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, ++ {0, NULL}, ++}; + +-static ERR_STRING_DATA ERR_str_reasons[]= +- { +-{ERR_R_SYS_LIB ,"system lib"}, +-{ERR_R_BN_LIB ,"BN lib"}, +-{ERR_R_RSA_LIB ,"RSA lib"}, +-{ERR_R_DH_LIB ,"DH lib"}, +-{ERR_R_EVP_LIB ,"EVP lib"}, +-{ERR_R_BUF_LIB ,"BUF lib"}, +-{ERR_R_OBJ_LIB ,"OBJ lib"}, +-{ERR_R_PEM_LIB ,"PEM lib"}, +-{ERR_R_DSA_LIB ,"DSA lib"}, +-{ERR_R_X509_LIB ,"X509 lib"}, +-{ERR_R_ASN1_LIB ,"ASN1 lib"}, +-{ERR_R_CONF_LIB ,"CONF lib"}, +-{ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, +-{ERR_R_EC_LIB ,"EC lib"}, +-{ERR_R_SSL_LIB ,"SSL lib"}, +-{ERR_R_BIO_LIB ,"BIO lib"}, +-{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, +-{ERR_R_X509V3_LIB ,"X509V3 lib"}, +-{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, +-{ERR_R_RAND_LIB ,"RAND lib"}, +-{ERR_R_DSO_LIB ,"DSO lib"}, +-{ERR_R_ENGINE_LIB ,"ENGINE lib"}, +-{ERR_R_OCSP_LIB ,"OCSP lib"}, ++static ERR_STRING_DATA ERR_str_reasons[] = { ++ {ERR_R_SYS_LIB, "system lib"}, ++ {ERR_R_BN_LIB, "BN lib"}, ++ {ERR_R_RSA_LIB, "RSA lib"}, ++ {ERR_R_DH_LIB, "DH lib"}, ++ {ERR_R_EVP_LIB, "EVP lib"}, ++ {ERR_R_BUF_LIB, "BUF lib"}, ++ {ERR_R_OBJ_LIB, "OBJ lib"}, ++ {ERR_R_PEM_LIB, "PEM lib"}, ++ {ERR_R_DSA_LIB, "DSA lib"}, ++ {ERR_R_X509_LIB, "X509 lib"}, ++ {ERR_R_ASN1_LIB, "ASN1 lib"}, ++ {ERR_R_CONF_LIB, "CONF lib"}, ++ {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, ++ {ERR_R_EC_LIB, "EC lib"}, ++ {ERR_R_SSL_LIB, "SSL lib"}, ++ {ERR_R_BIO_LIB, "BIO lib"}, ++ {ERR_R_PKCS7_LIB, "PKCS7 lib"}, ++ {ERR_R_X509V3_LIB, "X509V3 lib"}, ++ {ERR_R_PKCS12_LIB, "PKCS12 lib"}, ++ {ERR_R_RAND_LIB, "RAND lib"}, ++ {ERR_R_DSO_LIB, "DSO lib"}, ++ {ERR_R_ENGINE_LIB, "ENGINE lib"}, ++ {ERR_R_OCSP_LIB, "OCSP lib"}, + +-{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, +-{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, +-{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, +-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, +-{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, +-{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, ++ {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, ++ {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, ++ {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, ++ {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, ++ {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, ++ {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, + +-{ERR_R_FATAL ,"fatal"}, +-{ERR_R_MALLOC_FAILURE ,"malloc failure"}, +-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, +-{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, +-{ERR_R_INTERNAL_ERROR ,"internal error"}, +-{ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, ++ {ERR_R_FATAL, "fatal"}, ++ {ERR_R_MALLOC_FAILURE, "malloc failure"}, ++ {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, ++ "called a function you should not call"}, ++ {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, ++ {ERR_R_INTERNAL_ERROR, "internal error"}, ++ {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, + +-{0,NULL}, +- }; ++ {0, NULL}, ++}; + #endif + + #ifndef OPENSSL_NO_ERR +-#define NUM_SYS_STR_REASONS 127 +-#define LEN_SYS_STR_REASON 32 ++# define NUM_SYS_STR_REASONS 127 ++# define LEN_SYS_STR_REASON 32 + + static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; +-/* SYS_str_reasons is filled with copies of strerror() results at +- * initialization. +- * 'errno' values up to 127 should cover all usual errors, +- * others will be displayed numerically by ERR_error_string. +- * It is crucial that we have something for each reason code +- * that occurs in ERR_str_reasons, or bogus reason strings +- * will be returned for SYSerr, which always gets an errno +- * value and never one of those 'standard' reason codes. */ ++/* ++ * SYS_str_reasons is filled with copies of strerror() results at ++ * initialization. 'errno' values up to 127 should cover all usual errors, ++ * others will be displayed numerically by ERR_error_string. It is crucial ++ * that we have something for each reason code that occurs in ++ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr, ++ * which always gets an errno value and never one of those 'standard' reason ++ * codes. ++ */ + + static void build_SYS_str_reasons(void) +- { +- /* OPENSSL_malloc cannot be used here, use static storage instead */ +- static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; +- int i; +- static int init = 1; ++{ ++ /* OPENSSL_malloc cannot be used here, use static storage instead */ ++ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; ++ int i; ++ static int init = 1; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ if (!init) { ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } + +- CRYPTO_r_lock(CRYPTO_LOCK_ERR); +- if (!init) +- { +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); +- return; +- } +- +- CRYPTO_r_unlock(CRYPTO_LOCK_ERR); +- CRYPTO_w_lock(CRYPTO_LOCK_ERR); +- if (!init) +- { +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- return; +- } ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!init) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } + +- for (i = 1; i <= NUM_SYS_STR_REASONS; i++) +- { +- ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; ++ for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { ++ ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; + +- str->error = (unsigned long)i; +- if (str->string == NULL) +- { +- char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); +- char *src = strerror(i); +- if (src != NULL) +- { +- strncpy(*dest, src, sizeof *dest); +- (*dest)[sizeof *dest - 1] = '\0'; +- str->string = *dest; +- } +- } +- if (str->string == NULL) +- str->string = "unknown"; +- } ++ str->error = (unsigned long)i; ++ if (str->string == NULL) { ++ char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); ++ char *src = strerror(i); ++ if (src != NULL) { ++ strncpy(*dest, src, sizeof *dest); ++ (*dest)[sizeof *dest - 1] = '\0'; ++ str->string = *dest; ++ } ++ } ++ if (str->string == NULL) ++ str->string = "unknown"; ++ } + +- /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, +- * as required by ERR_load_strings. */ ++ /* ++ * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as ++ * required by ERR_load_strings. ++ */ + +- init = 0; +- +- CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +- } ++ init = 0; ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} + #endif + + void ERR_load_ERR_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR +- if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,ERR_str_libraries); +- ERR_load_strings(0,ERR_str_reasons); +- ERR_load_strings(ERR_LIB_SYS,ERR_str_functs); +- build_SYS_str_reasons(); +- ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons); +- } ++ if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, ERR_str_libraries); ++ ERR_load_strings(0, ERR_str_reasons); ++ ERR_load_strings(ERR_LIB_SYS, ERR_str_functs); ++ build_SYS_str_reasons(); ++ ERR_load_strings(ERR_LIB_SYS, SYS_str_reasons); ++ } + #endif +- } +- ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +index 16863fe..538b520 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,535 +65,509 @@ + static int b64_write(BIO *h, const char *buf, int num); + static int b64_read(BIO *h, char *buf, int size); + static int b64_puts(BIO *h, const char *str); +-/*static int b64_gets(BIO *h, char *str, int size); */ ++/* ++ * static int b64_gets(BIO *h, char *str, int size); ++ */ + static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int b64_new(BIO *h); + static int b64_free(BIO *data); +-static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); +-#define B64_BLOCK_SIZE 1024 +-#define B64_BLOCK_SIZE2 768 +-#define B64_NONE 0 +-#define B64_ENCODE 1 +-#define B64_DECODE 2 +- +-typedef struct b64_struct +- { +- /*BIO *bio; moved to the BIO structure */ +- int buf_len; +- int buf_off; +- int tmp_len; /* used to find the start when decoding */ +- int tmp_nl; /* If true, scan until '\n' */ +- int encode; +- int start; /* have we started decoding yet? */ +- int cont; /* <= 0 when finished */ +- EVP_ENCODE_CTX base64; +- char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10]; +- char tmp[B64_BLOCK_SIZE]; +- } BIO_B64_CTX; +- +-static BIO_METHOD methods_b64= +- { +- BIO_TYPE_BASE64,"base64 encoding", +- b64_write, +- b64_read, +- b64_puts, +- NULL, /* b64_gets, */ +- b64_ctrl, +- b64_new, +- b64_free, +- b64_callback_ctrl, +- }; ++static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); ++#define B64_BLOCK_SIZE 1024 ++#define B64_BLOCK_SIZE2 768 ++#define B64_NONE 0 ++#define B64_ENCODE 1 ++#define B64_DECODE 2 ++ ++typedef struct b64_struct { ++ /* ++ * BIO *bio; moved to the BIO structure ++ */ ++ int buf_len; ++ int buf_off; ++ int tmp_len; /* used to find the start when decoding */ ++ int tmp_nl; /* If true, scan until '\n' */ ++ int encode; ++ int start; /* have we started decoding yet? */ ++ int cont; /* <= 0 when finished */ ++ EVP_ENCODE_CTX base64; ++ char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; ++ char tmp[B64_BLOCK_SIZE]; ++} BIO_B64_CTX; ++ ++static BIO_METHOD methods_b64 = { ++ BIO_TYPE_BASE64, "base64 encoding", ++ b64_write, ++ b64_read, ++ b64_puts, ++ NULL, /* b64_gets, */ ++ b64_ctrl, ++ b64_new, ++ b64_free, ++ b64_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_base64(void) +- { +- return(&methods_b64); +- } ++{ ++ return (&methods_b64); ++} + + static int b64_new(BIO *bi) +- { +- BIO_B64_CTX *ctx; +- +- ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); +- if (ctx == NULL) return(0); +- +- ctx->buf_len=0; +- ctx->tmp_len=0; +- ctx->tmp_nl=0; +- ctx->buf_off=0; +- ctx->cont=1; +- ctx->start=1; +- ctx->encode=0; +- +- bi->init=1; +- bi->ptr=(char *)ctx; +- bi->flags=0; +- bi->num = 0; +- return(1); +- } ++{ ++ BIO_B64_CTX *ctx; ++ ++ ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); ++ if (ctx == NULL) ++ return (0); ++ ++ ctx->buf_len = 0; ++ ctx->tmp_len = 0; ++ ctx->tmp_nl = 0; ++ ctx->buf_off = 0; ++ ctx->cont = 1; ++ ctx->start = 1; ++ ctx->encode = 0; ++ ++ bi->init = 1; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ bi->num = 0; ++ return (1); ++} + + static int b64_free(BIO *a) +- { +- if (a == NULL) return(0); +- OPENSSL_free(a->ptr); +- a->ptr=NULL; +- a->init=0; +- a->flags=0; +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); ++} ++ + static int b64_read(BIO *b, char *out, int outl) +- { +- int ret=0,i,ii,j,k,x,n,num,ret_code=0; +- BIO_B64_CTX *ctx; +- unsigned char *p,*q; +- +- if (out == NULL) return(0); +- ctx=(BIO_B64_CTX *)b->ptr; +- +- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); +- +- BIO_clear_retry_flags(b); +- +- if (ctx->encode != B64_DECODE) +- { +- ctx->encode=B64_DECODE; +- ctx->buf_len=0; +- ctx->buf_off=0; +- ctx->tmp_len=0; +- EVP_DecodeInit(&(ctx->base64)); +- } +- +- /* First check if there are bytes decoded/encoded */ +- if (ctx->buf_len > 0) +- { +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- i=ctx->buf_len-ctx->buf_off; +- if (i > outl) i=outl; +- OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf)); +- memcpy(out,&(ctx->buf[ctx->buf_off]),i); +- ret=i; +- out+=i; +- outl-=i; +- ctx->buf_off+=i; +- if (ctx->buf_len == ctx->buf_off) +- { +- ctx->buf_len=0; +- ctx->buf_off=0; +- } +- } +- +- /* At this point, we have room of outl bytes and an empty +- * buffer, so we should read in some more. */ +- +- ret_code=0; +- while (outl > 0) +- { +- if (ctx->cont <= 0) +- break; +- +- i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), +- B64_BLOCK_SIZE-ctx->tmp_len); +- +- if (i <= 0) +- { +- ret_code=i; +- +- /* Should we continue next time we are called? */ +- if (!BIO_should_retry(b->next_bio)) +- { +- ctx->cont=i; +- /* If buffer empty break */ +- if(ctx->tmp_len == 0) +- break; +- /* Fall through and process what we have */ +- else +- i = 0; +- } +- /* else we retry and add more data to buffer */ +- else +- break; +- } +- i+=ctx->tmp_len; +- ctx->tmp_len = i; +- +- /* We need to scan, a line at a time until we +- * have a valid line if we are starting. */ +- if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) +- { +- /* ctx->start=1; */ +- ctx->tmp_len=0; +- } +- else if (ctx->start) +- { +- q=p=(unsigned char *)ctx->tmp; +- num = 0; +- for (j=0; jtmp_nl) +- { +- p=q; +- ctx->tmp_nl=0; +- continue; +- } +- +- k=EVP_DecodeUpdate(&(ctx->base64), +- (unsigned char *)ctx->buf, +- &num,p,q-p); +- if ((k <= 0) && (num == 0) && (ctx->start)) +- EVP_DecodeInit(&ctx->base64); +- else +- { +- if (p != (unsigned char *) +- &(ctx->tmp[0])) +- { +- i-=(p- (unsigned char *) +- &(ctx->tmp[0])); +- for (x=0; x < i; x++) +- ctx->tmp[x]=p[x]; +- } +- EVP_DecodeInit(&ctx->base64); +- ctx->start=0; +- break; +- } +- p=q; +- } +- +- /* we fell off the end without starting */ +- if ((j == i) && (num == 0)) +- { +- /* Is this is one long chunk?, if so, keep on +- * reading until a new line. */ +- if (p == (unsigned char *)&(ctx->tmp[0])) +- { +- /* Check buffer full */ +- if (i == B64_BLOCK_SIZE) +- { +- ctx->tmp_nl=1; +- ctx->tmp_len=0; +- } +- } +- else if (p != q) /* finished on a '\n' */ +- { +- n=q-p; +- for (ii=0; iitmp[ii]=p[ii]; +- ctx->tmp_len=n; +- } +- /* else finished on a '\n' */ +- continue; +- } +- else +- { +- ctx->tmp_len=0; +- } +- } +- else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) +- { +- /* If buffer isn't full and we can retry then +- * restart to read in more data. +- */ +- continue; +- } +- +- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) +- { +- int z,jj; ++{ ++ int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; ++ BIO_B64_CTX *ctx; ++ unsigned char *p, *q; ++ ++ if (out == NULL) ++ return (0); ++ ctx = (BIO_B64_CTX *)b->ptr; ++ ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); ++ ++ BIO_clear_retry_flags(b); ++ ++ if (ctx->encode != B64_DECODE) { ++ ctx->encode = B64_DECODE; ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ ctx->tmp_len = 0; ++ EVP_DecodeInit(&(ctx->base64)); ++ } ++ ++ /* First check if there are bytes decoded/encoded */ ++ if (ctx->buf_len > 0) { ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ i = ctx->buf_len - ctx->buf_off; ++ if (i > outl) ++ i = outl; ++ OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf)); ++ memcpy(out, &(ctx->buf[ctx->buf_off]), i); ++ ret = i; ++ out += i; ++ outl -= i; ++ ctx->buf_off += i; ++ if (ctx->buf_len == ctx->buf_off) { ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ } ++ } ++ ++ /* ++ * At this point, we have room of outl bytes and an empty buffer, so we ++ * should read in some more. ++ */ ++ ++ ret_code = 0; ++ while (outl > 0) { ++ if (ctx->cont <= 0) ++ break; ++ ++ i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), ++ B64_BLOCK_SIZE - ctx->tmp_len); ++ ++ if (i <= 0) { ++ ret_code = i; ++ ++ /* Should we continue next time we are called? */ ++ if (!BIO_should_retry(b->next_bio)) { ++ ctx->cont = i; ++ /* If buffer empty break */ ++ if (ctx->tmp_len == 0) ++ break; ++ /* Fall through and process what we have */ ++ else ++ i = 0; ++ } ++ /* else we retry and add more data to buffer */ ++ else ++ break; ++ } ++ i += ctx->tmp_len; ++ ctx->tmp_len = i; ++ ++ /* ++ * We need to scan, a line at a time until we have a valid line if we ++ * are starting. ++ */ ++ if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) { ++ /* ctx->start=1; */ ++ ctx->tmp_len = 0; ++ } else if (ctx->start) { ++ q = p = (unsigned char *)ctx->tmp; ++ num = 0; ++ for (j = 0; j < i; j++) { ++ if (*(q++) != '\n') ++ continue; ++ ++ /* ++ * due to a previous very long line, we need to keep on ++ * scanning for a '\n' before we even start looking for ++ * base64 encoded stuff. ++ */ ++ if (ctx->tmp_nl) { ++ p = q; ++ ctx->tmp_nl = 0; ++ continue; ++ } ++ ++ k = EVP_DecodeUpdate(&(ctx->base64), ++ (unsigned char *)ctx->buf, ++ &num, p, q - p); ++ if ((k <= 0) && (num == 0) && (ctx->start)) ++ EVP_DecodeInit(&ctx->base64); ++ else { ++ if (p != (unsigned char *) ++ &(ctx->tmp[0])) { ++ i -= (p - (unsigned char *) ++ &(ctx->tmp[0])); ++ for (x = 0; x < i; x++) ++ ctx->tmp[x] = p[x]; ++ } ++ EVP_DecodeInit(&ctx->base64); ++ ctx->start = 0; ++ break; ++ } ++ p = q; ++ } ++ ++ /* we fell off the end without starting */ ++ if ((j == i) && (num == 0)) { ++ /* ++ * Is this is one long chunk?, if so, keep on reading until a ++ * new line. ++ */ ++ if (p == (unsigned char *)&(ctx->tmp[0])) { ++ /* Check buffer full */ ++ if (i == B64_BLOCK_SIZE) { ++ ctx->tmp_nl = 1; ++ ctx->tmp_len = 0; ++ } ++ } else if (p != q) { /* finished on a '\n' */ ++ n = q - p; ++ for (ii = 0; ii < n; ii++) ++ ctx->tmp[ii] = p[ii]; ++ ctx->tmp_len = n; ++ } ++ /* else finished on a '\n' */ ++ continue; ++ } else { ++ ctx->tmp_len = 0; ++ } ++ } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) { ++ /* ++ * If buffer isn't full and we can retry then restart to read in ++ * more data. ++ */ ++ continue; ++ } ++ ++ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { ++ int z, jj; + + #if 0 +- jj=(i>>2)<<2; ++ jj = (i >> 2) << 2; + #else +- jj = i & ~3; /* process per 4 */ ++ jj = i & ~3; /* process per 4 */ + #endif +- z=EVP_DecodeBlock((unsigned char *)ctx->buf, +- (unsigned char *)ctx->tmp,jj); +- if (jj > 2) +- { +- if (ctx->tmp[jj-1] == '=') +- { +- z--; +- if (ctx->tmp[jj-2] == '=') +- z--; +- } +- } +- /* z is now number of output bytes and jj is the +- * number consumed */ +- if (jj != i) +- { +- memmove(ctx->tmp, &ctx->tmp[jj], i-jj); +- ctx->tmp_len=i-jj; +- } +- ctx->buf_len=0; +- if (z > 0) +- { +- ctx->buf_len=z; +- } +- i=z; +- } +- else +- { +- i=EVP_DecodeUpdate(&(ctx->base64), +- (unsigned char *)ctx->buf,&ctx->buf_len, +- (unsigned char *)ctx->tmp,i); +- ctx->tmp_len = 0; +- } +- ctx->buf_off=0; +- if (i < 0) +- { +- ret_code=0; +- ctx->buf_len=0; +- break; +- } +- +- if (ctx->buf_len <= outl) +- i=ctx->buf_len; +- else +- i=outl; +- +- memcpy(out,ctx->buf,i); +- ret+=i; +- ctx->buf_off=i; +- if (ctx->buf_off == ctx->buf_len) +- { +- ctx->buf_len=0; +- ctx->buf_off=0; +- } +- outl-=i; +- out+=i; +- } +- /* BIO_clear_retry_flags(b); */ +- BIO_copy_next_retry(b); +- return((ret == 0)?ret_code:ret); +- } ++ z = EVP_DecodeBlock((unsigned char *)ctx->buf, ++ (unsigned char *)ctx->tmp, jj); ++ if (jj > 2) { ++ if (ctx->tmp[jj - 1] == '=') { ++ z--; ++ if (ctx->tmp[jj - 2] == '=') ++ z--; ++ } ++ } ++ /* ++ * z is now number of output bytes and jj is the number consumed ++ */ ++ if (jj != i) { ++ memmove(ctx->tmp, &ctx->tmp[jj], i - jj); ++ ctx->tmp_len = i - jj; ++ } ++ ctx->buf_len = 0; ++ if (z > 0) { ++ ctx->buf_len = z; ++ } ++ i = z; ++ } else { ++ i = EVP_DecodeUpdate(&(ctx->base64), ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)ctx->tmp, i); ++ ctx->tmp_len = 0; ++ } ++ ctx->buf_off = 0; ++ if (i < 0) { ++ ret_code = 0; ++ ctx->buf_len = 0; ++ break; ++ } ++ ++ if (ctx->buf_len <= outl) ++ i = ctx->buf_len; ++ else ++ i = outl; ++ ++ memcpy(out, ctx->buf, i); ++ ret += i; ++ ctx->buf_off = i; ++ if (ctx->buf_off == ctx->buf_len) { ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ } ++ outl -= i; ++ out += i; ++ } ++ /* BIO_clear_retry_flags(b); */ ++ BIO_copy_next_retry(b); ++ return ((ret == 0) ? ret_code : ret); ++} + + static int b64_write(BIO *b, const char *in, int inl) +- { +- int ret=0; +- int n; +- int i; +- BIO_B64_CTX *ctx; +- +- ctx=(BIO_B64_CTX *)b->ptr; +- BIO_clear_retry_flags(b); +- +- if (ctx->encode != B64_ENCODE) +- { +- ctx->encode=B64_ENCODE; +- ctx->buf_len=0; +- ctx->buf_off=0; +- ctx->tmp_len=0; +- EVP_EncodeInit(&(ctx->base64)); +- } +- +- OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- n=ctx->buf_len-ctx->buf_off; +- while (n > 0) +- { +- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- return(i); +- } +- OPENSSL_assert(i <= n); +- ctx->buf_off+=i; +- OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- n-=i; +- } +- /* at this point all pending data has been written */ +- ctx->buf_off=0; +- ctx->buf_len=0; +- +- if ((in == NULL) || (inl <= 0)) return(0); +- +- while (inl > 0) +- { +- n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; +- +- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) +- { +- if (ctx->tmp_len > 0) +- { +- OPENSSL_assert(ctx->tmp_len <= 3); +- n=3-ctx->tmp_len; +- /* There's a theoretical possibility for this */ +- if (n > inl) +- n=inl; +- memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); +- ctx->tmp_len+=n; +- ret += n; +- if (ctx->tmp_len < 3) +- break; +- ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len); +- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- /* Since we're now done using the temporary +- buffer, the length should be 0'd */ +- ctx->tmp_len=0; +- } +- else +- { +- if (n < 3) +- { +- memcpy(ctx->tmp,in,n); +- ctx->tmp_len=n; +- ret += n; +- break; +- } +- n-=n%3; +- ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n); +- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- ret += n; +- } +- } +- else +- { +- EVP_EncodeUpdate(&(ctx->base64), +- (unsigned char *)ctx->buf,&ctx->buf_len, +- (unsigned char *)in,n); +- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- ret += n; +- } +- inl-=n; +- in+=n; +- +- ctx->buf_off=0; +- n=ctx->buf_len; +- while (n > 0) +- { +- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- return((ret == 0)?i:ret); +- } +- OPENSSL_assert(i <= n); +- n-=i; +- ctx->buf_off+=i; +- OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- } +- ctx->buf_len=0; +- ctx->buf_off=0; +- } +- return(ret); +- } ++{ ++ int ret = 0; ++ int n; ++ int i; ++ BIO_B64_CTX *ctx; ++ ++ ctx = (BIO_B64_CTX *)b->ptr; ++ BIO_clear_retry_flags(b); ++ ++ if (ctx->encode != B64_ENCODE) { ++ ctx->encode = B64_ENCODE; ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ ctx->tmp_len = 0; ++ EVP_EncodeInit(&(ctx->base64)); ++ } ++ ++ OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ n = ctx->buf_len - ctx->buf_off; ++ while (n > 0) { ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ return (i); ++ } ++ OPENSSL_assert(i <= n); ++ ctx->buf_off += i; ++ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ n -= i; ++ } ++ /* at this point all pending data has been written */ ++ ctx->buf_off = 0; ++ ctx->buf_len = 0; ++ ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ ++ while (inl > 0) { ++ n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl; ++ ++ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { ++ if (ctx->tmp_len > 0) { ++ OPENSSL_assert(ctx->tmp_len <= 3); ++ n = 3 - ctx->tmp_len; ++ /* ++ * There's a theoretical possibility for this ++ */ ++ if (n > inl) ++ n = inl; ++ memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); ++ ctx->tmp_len += n; ++ ret += n; ++ if (ctx->tmp_len < 3) ++ break; ++ ctx->buf_len = ++ EVP_EncodeBlock((unsigned char *)ctx->buf, ++ (unsigned char *)ctx->tmp, ctx->tmp_len); ++ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ /* ++ * Since we're now done using the temporary buffer, the ++ * length should be 0'd ++ */ ++ ctx->tmp_len = 0; ++ } else { ++ if (n < 3) { ++ memcpy(ctx->tmp, in, n); ++ ctx->tmp_len = n; ++ ret += n; ++ break; ++ } ++ n -= n % 3; ++ ctx->buf_len = ++ EVP_EncodeBlock((unsigned char *)ctx->buf, ++ (const unsigned char *)in, n); ++ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ ret += n; ++ } ++ } else { ++ EVP_EncodeUpdate(&(ctx->base64), ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)in, n); ++ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ ret += n; ++ } ++ inl -= n; ++ in += n; ++ ++ ctx->buf_off = 0; ++ n = ctx->buf_len; ++ while (n > 0) { ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ return ((ret == 0) ? i : ret); ++ } ++ OPENSSL_assert(i <= n); ++ n -= i; ++ ctx->buf_off += i; ++ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ } ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ } ++ return (ret); ++} + + static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- BIO_B64_CTX *ctx; +- long ret=1; +- int i; +- +- ctx=(BIO_B64_CTX *)b->ptr; +- +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- ctx->cont=1; +- ctx->start=1; +- ctx->encode=B64_NONE; +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_EOF: /* More to read */ +- if (ctx->cont <= 0) +- ret=1; +- else +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_WPENDING: /* More to write in buffer */ +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- ret=ctx->buf_len-ctx->buf_off; +- if ((ret == 0) && (ctx->encode != B64_NONE) +- && (ctx->base64.num != 0)) +- ret=1; +- else if (ret <= 0) +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_PENDING: /* More to read in buffer */ +- OPENSSL_assert(ctx->buf_len >= ctx->buf_off); +- ret=ctx->buf_len-ctx->buf_off; +- if (ret <= 0) +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_FLUSH: +- /* do a final write */ +-again: +- while (ctx->buf_len != ctx->buf_off) +- { +- i=b64_write(b,NULL,0); +- if (i < 0) +- return i; +- } +- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) +- { +- if (ctx->tmp_len != 0) +- { +- ctx->buf_len=EVP_EncodeBlock( +- (unsigned char *)ctx->buf, +- (unsigned char *)ctx->tmp, +- ctx->tmp_len); +- ctx->buf_off=0; +- ctx->tmp_len=0; +- goto again; +- } +- } +- else if (ctx->encode != B64_NONE && ctx->base64.num != 0) +- { +- ctx->buf_off=0; +- EVP_EncodeFinal(&(ctx->base64), +- (unsigned char *)ctx->buf, +- &(ctx->buf_len)); +- /* push out the bytes */ +- goto again; +- } +- /* Finally flush the underlying BIO */ +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; +- +- case BIO_CTRL_DUP: +- break; +- case BIO_CTRL_INFO: +- case BIO_CTRL_GET: +- case BIO_CTRL_SET: +- default: +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- return(ret); +- } ++{ ++ BIO_B64_CTX *ctx; ++ long ret = 1; ++ int i; ++ ++ ctx = (BIO_B64_CTX *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ ctx->cont = 1; ++ ctx->start = 1; ++ ctx->encode = B64_NONE; ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_EOF: /* More to read */ ++ if (ctx->cont <= 0) ++ ret = 1; ++ else ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_WPENDING: /* More to write in buffer */ ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ ret = ctx->buf_len - ctx->buf_off; ++ if ((ret == 0) && (ctx->encode != B64_NONE) ++ && (ctx->base64.num != 0)) ++ ret = 1; ++ else if (ret <= 0) ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_PENDING: /* More to read in buffer */ ++ OPENSSL_assert(ctx->buf_len >= ctx->buf_off); ++ ret = ctx->buf_len - ctx->buf_off; ++ if (ret <= 0) ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_FLUSH: ++ /* do a final write */ ++ again: ++ while (ctx->buf_len != ctx->buf_off) { ++ i = b64_write(b, NULL, 0); ++ if (i < 0) ++ return i; ++ } ++ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { ++ if (ctx->tmp_len != 0) { ++ ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, ++ (unsigned char *)ctx->tmp, ++ ctx->tmp_len); ++ ctx->buf_off = 0; ++ ctx->tmp_len = 0; ++ goto again; ++ } ++ } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { ++ ctx->buf_off = 0; ++ EVP_EncodeFinal(&(ctx->base64), ++ (unsigned char *)ctx->buf, &(ctx->buf_len)); ++ /* push out the bytes */ ++ goto again; ++ } ++ /* Finally flush the underlying BIO */ ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ ++ case BIO_CTRL_DUP: ++ break; ++ case BIO_CTRL_INFO: ++ case BIO_CTRL_GET: ++ case BIO_CTRL_SET: ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++} + + static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } ++{ ++ long ret = 1; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} + + static int b64_puts(BIO *b, const char *str) +- { +- return b64_write(b,str,strlen(str)); +- } ++{ ++ return b64_write(b, str, strlen(str)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +index f6ac94c..4397fb1 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,363 +64,363 @@ + + static int enc_write(BIO *h, const char *buf, int num); + static int enc_read(BIO *h, char *buf, int size); +-/*static int enc_puts(BIO *h, const char *str); */ +-/*static int enc_gets(BIO *h, char *str, int size); */ ++/* ++ * static int enc_puts(BIO *h, const char *str); ++ */ ++/* ++ * static int enc_gets(BIO *h, char *str, int size); ++ */ + static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int enc_new(BIO *h); + static int enc_free(BIO *data); + static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); +-#define ENC_BLOCK_SIZE (1024*4) +-#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) +- +-typedef struct enc_struct +- { +- int buf_len; +- int buf_off; +- int cont; /* <= 0 when finished */ +- int finished; +- int ok; /* bad decrypt */ +- EVP_CIPHER_CTX cipher; +- /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate +- * can return up to a block more data than is presented to it +- */ +- char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2]; +- } BIO_ENC_CTX; +- +-static BIO_METHOD methods_enc= +- { +- BIO_TYPE_CIPHER,"cipher", +- enc_write, +- enc_read, +- NULL, /* enc_puts, */ +- NULL, /* enc_gets, */ +- enc_ctrl, +- enc_new, +- enc_free, +- enc_callback_ctrl, +- }; ++#define ENC_BLOCK_SIZE (1024*4) ++#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) ++ ++typedef struct enc_struct { ++ int buf_len; ++ int buf_off; ++ int cont; /* <= 0 when finished */ ++ int finished; ++ int ok; /* bad decrypt */ ++ EVP_CIPHER_CTX cipher; ++ /* ++ * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return ++ * up to a block more data than is presented to it ++ */ ++ char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; ++} BIO_ENC_CTX; ++ ++static BIO_METHOD methods_enc = { ++ BIO_TYPE_CIPHER, "cipher", ++ enc_write, ++ enc_read, ++ NULL, /* enc_puts, */ ++ NULL, /* enc_gets, */ ++ enc_ctrl, ++ enc_new, ++ enc_free, ++ enc_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_cipher(void) +- { +- return(&methods_enc); +- } ++{ ++ return (&methods_enc); ++} + + static int enc_new(BIO *bi) +- { +- BIO_ENC_CTX *ctx; +- +- ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); +- if (ctx == NULL) return(0); +- EVP_CIPHER_CTX_init(&ctx->cipher); +- +- ctx->buf_len=0; +- ctx->buf_off=0; +- ctx->cont=1; +- ctx->finished=0; +- ctx->ok=1; +- +- bi->init=0; +- bi->ptr=(char *)ctx; +- bi->flags=0; +- return(1); +- } ++{ ++ BIO_ENC_CTX *ctx; ++ ++ ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); ++ if (ctx == NULL) ++ return (0); ++ EVP_CIPHER_CTX_init(&ctx->cipher); ++ ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ ctx->cont = 1; ++ ctx->finished = 0; ++ ctx->ok = 1; ++ ++ bi->init = 0; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); ++} + + static int enc_free(BIO *a) +- { +- BIO_ENC_CTX *b; +- +- if (a == NULL) return(0); +- b=(BIO_ENC_CTX *)a->ptr; +- EVP_CIPHER_CTX_cleanup(&(b->cipher)); +- OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX)); +- OPENSSL_free(a->ptr); +- a->ptr=NULL; +- a->init=0; +- a->flags=0; +- return(1); +- } +- ++{ ++ BIO_ENC_CTX *b; ++ ++ if (a == NULL) ++ return (0); ++ b = (BIO_ENC_CTX *)a->ptr; ++ EVP_CIPHER_CTX_cleanup(&(b->cipher)); ++ OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); ++} ++ + static int enc_read(BIO *b, char *out, int outl) +- { +- int ret=0,i; +- BIO_ENC_CTX *ctx; +- +- if (out == NULL) return(0); +- ctx=(BIO_ENC_CTX *)b->ptr; +- +- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); +- +- /* First check if there are bytes decoded/encoded */ +- if (ctx->buf_len > 0) +- { +- i=ctx->buf_len-ctx->buf_off; +- if (i > outl) i=outl; +- memcpy(out,&(ctx->buf[ctx->buf_off]),i); +- ret=i; +- out+=i; +- outl-=i; +- ctx->buf_off+=i; +- if (ctx->buf_len == ctx->buf_off) +- { +- ctx->buf_len=0; +- ctx->buf_off=0; +- } +- } +- +- /* At this point, we have room of outl bytes and an empty +- * buffer, so we should read in some more. */ +- +- while (outl > 0) +- { +- if (ctx->cont <= 0) break; +- +- /* read in at IV offset, read the EVP_Cipher +- * documentation about why */ +- i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); +- +- if (i <= 0) +- { +- /* Should be continue next time we are called? */ +- if (!BIO_should_retry(b->next_bio)) +- { +- ctx->cont=i; +- i=EVP_CipherFinal_ex(&(ctx->cipher), +- (unsigned char *)ctx->buf, +- &(ctx->buf_len)); +- ctx->ok=i; +- ctx->buf_off=0; +- } +- else +- { +- ret=(ret == 0)?i:ret; +- break; +- } +- } +- else +- { +- EVP_CipherUpdate(&(ctx->cipher), +- (unsigned char *)ctx->buf,&ctx->buf_len, +- (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); +- ctx->cont=1; +- /* Note: it is possible for EVP_CipherUpdate to +- * decrypt zero bytes because this is or looks like +- * the final block: if this happens we should retry +- * and either read more data or decrypt the final +- * block +- */ +- if(ctx->buf_len == 0) continue; +- } +- +- if (ctx->buf_len <= outl) +- i=ctx->buf_len; +- else +- i=outl; +- if (i <= 0) break; +- memcpy(out,ctx->buf,i); +- ret+=i; +- ctx->buf_off=i; +- outl-=i; +- out+=i; +- } +- +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return((ret == 0)?ctx->cont:ret); +- } ++{ ++ int ret = 0, i; ++ BIO_ENC_CTX *ctx; ++ ++ if (out == NULL) ++ return (0); ++ ctx = (BIO_ENC_CTX *)b->ptr; ++ ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); ++ ++ /* First check if there are bytes decoded/encoded */ ++ if (ctx->buf_len > 0) { ++ i = ctx->buf_len - ctx->buf_off; ++ if (i > outl) ++ i = outl; ++ memcpy(out, &(ctx->buf[ctx->buf_off]), i); ++ ret = i; ++ out += i; ++ outl -= i; ++ ctx->buf_off += i; ++ if (ctx->buf_len == ctx->buf_off) { ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ } ++ } ++ ++ /* ++ * At this point, we have room of outl bytes and an empty buffer, so we ++ * should read in some more. ++ */ ++ ++ while (outl > 0) { ++ if (ctx->cont <= 0) ++ break; ++ ++ /* ++ * read in at IV offset, read the EVP_Cipher documentation about why ++ */ ++ i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); ++ ++ if (i <= 0) { ++ /* Should be continue next time we are called? */ ++ if (!BIO_should_retry(b->next_bio)) { ++ ctx->cont = i; ++ i = EVP_CipherFinal_ex(&(ctx->cipher), ++ (unsigned char *)ctx->buf, ++ &(ctx->buf_len)); ++ ctx->ok = i; ++ ctx->buf_off = 0; ++ } else { ++ ret = (ret == 0) ? i : ret; ++ break; ++ } ++ } else { ++ EVP_CipherUpdate(&(ctx->cipher), ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); ++ ctx->cont = 1; ++ /* ++ * Note: it is possible for EVP_CipherUpdate to decrypt zero ++ * bytes because this is or looks like the final block: if this ++ * happens we should retry and either read more data or decrypt ++ * the final block ++ */ ++ if (ctx->buf_len == 0) ++ continue; ++ } ++ ++ if (ctx->buf_len <= outl) ++ i = ctx->buf_len; ++ else ++ i = outl; ++ if (i <= 0) ++ break; ++ memcpy(out, ctx->buf, i); ++ ret += i; ++ ctx->buf_off = i; ++ outl -= i; ++ out += i; ++ } ++ ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return ((ret == 0) ? ctx->cont : ret); ++} + + static int enc_write(BIO *b, const char *in, int inl) +- { +- int ret=0,n,i; +- BIO_ENC_CTX *ctx; +- +- ctx=(BIO_ENC_CTX *)b->ptr; +- ret=inl; +- +- BIO_clear_retry_flags(b); +- n=ctx->buf_len-ctx->buf_off; +- while (n > 0) +- { +- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- return(i); +- } +- ctx->buf_off+=i; +- n-=i; +- } +- /* at this point all pending data has been written */ +- +- if ((in == NULL) || (inl <= 0)) return(0); +- +- ctx->buf_off=0; +- while (inl > 0) +- { +- n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; +- EVP_CipherUpdate(&(ctx->cipher), +- (unsigned char *)ctx->buf,&ctx->buf_len, +- (unsigned char *)in,n); +- inl-=n; +- in+=n; +- +- ctx->buf_off=0; +- n=ctx->buf_len; +- while (n > 0) +- { +- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- return (ret == inl) ? i : ret - inl; +- } +- n-=i; +- ctx->buf_off+=i; +- } +- ctx->buf_len=0; +- ctx->buf_off=0; +- } +- BIO_copy_next_retry(b); +- return(ret); +- } ++{ ++ int ret = 0, n, i; ++ BIO_ENC_CTX *ctx; ++ ++ ctx = (BIO_ENC_CTX *)b->ptr; ++ ret = inl; ++ ++ BIO_clear_retry_flags(b); ++ n = ctx->buf_len - ctx->buf_off; ++ while (n > 0) { ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ return (i); ++ } ++ ctx->buf_off += i; ++ n -= i; ++ } ++ /* at this point all pending data has been written */ ++ ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ ++ ctx->buf_off = 0; ++ while (inl > 0) { ++ n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; ++ EVP_CipherUpdate(&(ctx->cipher), ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)in, n); ++ inl -= n; ++ in += n; ++ ++ ctx->buf_off = 0; ++ n = ctx->buf_len; ++ while (n > 0) { ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ return (ret == inl) ? i : ret - inl; ++ } ++ n -= i; ++ ctx->buf_off += i; ++ } ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ } ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- BIO *dbio; +- BIO_ENC_CTX *ctx,*dctx; +- long ret=1; +- int i; +- EVP_CIPHER_CTX **c_ctx; +- +- ctx=(BIO_ENC_CTX *)b->ptr; +- +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- ctx->ok=1; +- ctx->finished=0; +- EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, +- ctx->cipher.encrypt); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_EOF: /* More to read */ +- if (ctx->cont <= 0) +- ret=1; +- else +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_WPENDING: +- ret=ctx->buf_len-ctx->buf_off; +- if (ret <= 0) +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_PENDING: /* More to read in buffer */ +- ret=ctx->buf_len-ctx->buf_off; +- if (ret <= 0) +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_FLUSH: +- /* do a final write */ +-again: +- while (ctx->buf_len != ctx->buf_off) +- { +- i=enc_write(b,NULL,0); +- if (i < 0) +- return i; +- } +- +- if (!ctx->finished) +- { +- ctx->finished=1; +- ctx->buf_off=0; +- ret=EVP_CipherFinal_ex(&(ctx->cipher), +- (unsigned char *)ctx->buf, +- &(ctx->buf_len)); +- ctx->ok=(int)ret; +- if (ret <= 0) break; +- +- /* push out the bytes */ +- goto again; +- } +- +- /* Finally flush the underlying BIO */ +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_C_GET_CIPHER_STATUS: +- ret=(long)ctx->ok; +- break; +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; +- case BIO_C_GET_CIPHER_CTX: +- c_ctx=(EVP_CIPHER_CTX **)ptr; +- (*c_ctx)= &(ctx->cipher); +- b->init=1; +- break; +- case BIO_CTRL_DUP: +- dbio=(BIO *)ptr; +- dctx=(BIO_ENC_CTX *)dbio->ptr; +- memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); +- dbio->init=1; +- break; +- default: +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- return(ret); +- } ++{ ++ BIO *dbio; ++ BIO_ENC_CTX *ctx, *dctx; ++ long ret = 1; ++ int i; ++ EVP_CIPHER_CTX **c_ctx; ++ ++ ctx = (BIO_ENC_CTX *)b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ ctx->ok = 1; ++ ctx->finished = 0; ++ EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, ++ ctx->cipher.encrypt); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_EOF: /* More to read */ ++ if (ctx->cont <= 0) ++ ret = 1; ++ else ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_WPENDING: ++ ret = ctx->buf_len - ctx->buf_off; ++ if (ret <= 0) ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_PENDING: /* More to read in buffer */ ++ ret = ctx->buf_len - ctx->buf_off; ++ if (ret <= 0) ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_FLUSH: ++ /* do a final write */ ++ again: ++ while (ctx->buf_len != ctx->buf_off) { ++ i = enc_write(b, NULL, 0); ++ if (i < 0) ++ return i; ++ } ++ ++ if (!ctx->finished) { ++ ctx->finished = 1; ++ ctx->buf_off = 0; ++ ret = EVP_CipherFinal_ex(&(ctx->cipher), ++ (unsigned char *)ctx->buf, ++ &(ctx->buf_len)); ++ ctx->ok = (int)ret; ++ if (ret <= 0) ++ break; ++ ++ /* push out the bytes */ ++ goto again; ++ } ++ ++ /* Finally flush the underlying BIO */ ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_C_GET_CIPHER_STATUS: ++ ret = (long)ctx->ok; ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ case BIO_C_GET_CIPHER_CTX: ++ c_ctx = (EVP_CIPHER_CTX **)ptr; ++ (*c_ctx) = &(ctx->cipher); ++ b->init = 1; ++ break; ++ case BIO_CTRL_DUP: ++ dbio = (BIO *)ptr; ++ dctx = (BIO_ENC_CTX *)dbio->ptr; ++ memcpy(&(dctx->cipher), &(ctx->cipher), sizeof(ctx->cipher)); ++ dbio->init = 1; ++ break; ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++} + + static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } +- +-/* ++{ ++ long ret = 1; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} ++ ++/*- + void BIO_set_cipher_ctx(b,c) + BIO *b; + EVP_CIPHER_ctx *c; +- { +- if (b == NULL) return; +- +- if ((b->callback != NULL) && +- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) +- return; +- +- b->init=1; +- ctx=(BIO_ENC_CTX *)b->ptr; +- memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); +- +- if (b->callback != NULL) +- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); +- } ++ { ++ if (b == NULL) return; ++ ++ if ((b->callback != NULL) && ++ (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) ++ return; ++ ++ b->init=1; ++ ctx=(BIO_ENC_CTX *)b->ptr; ++ memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); ++ ++ if (b->callback != NULL) ++ b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); ++ } + */ + + void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, +- const unsigned char *i, int e) +- { +- BIO_ENC_CTX *ctx; ++ const unsigned char *i, int e) ++{ ++ BIO_ENC_CTX *ctx; + +- if (b == NULL) return; ++ if (b == NULL) ++ return; + +- if ((b->callback != NULL) && +- (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0)) +- return; ++ if ((b->callback != NULL) && ++ (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= ++ 0)) ++ return; + +- b->init=1; +- ctx=(BIO_ENC_CTX *)b->ptr; +- EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); +- +- if (b->callback != NULL) +- b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L); +- } ++ b->init = 1; ++ ctx = (BIO_ENC_CTX *)b->ptr; ++ EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); + ++ if (b->callback != NULL) ++ b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +index ed5c113..9f0024b 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,203 +62,200 @@ + #include + #include + +-/* BIO_put and BIO_get both add to the digest, +- * BIO_gets returns the digest */ ++/* ++ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest ++ */ + + static int md_write(BIO *h, char const *buf, int num); + static int md_read(BIO *h, char *buf, int size); +-/*static int md_puts(BIO *h, const char *str); */ ++/* ++ * static int md_puts(BIO *h, const char *str); ++ */ + static int md_gets(BIO *h, char *str, int size); + static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int md_new(BIO *h); + static int md_free(BIO *data); +-static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); ++static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +-static BIO_METHOD methods_md= +- { +- BIO_TYPE_MD,"message digest", +- md_write, +- md_read, +- NULL, /* md_puts, */ +- md_gets, +- md_ctrl, +- md_new, +- md_free, +- md_callback_ctrl, +- }; ++static BIO_METHOD methods_md = { ++ BIO_TYPE_MD, "message digest", ++ md_write, ++ md_read, ++ NULL, /* md_puts, */ ++ md_gets, ++ md_ctrl, ++ md_new, ++ md_free, ++ md_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_md(void) +- { +- return(&methods_md); +- } ++{ ++ return (&methods_md); ++} + + static int md_new(BIO *bi) +- { +- EVP_MD_CTX *ctx; ++{ ++ EVP_MD_CTX *ctx; + +- ctx=EVP_MD_CTX_create(); +- if (ctx == NULL) return(0); ++ ctx = EVP_MD_CTX_create(); ++ if (ctx == NULL) ++ return (0); + +- bi->init=0; +- bi->ptr=(char *)ctx; +- bi->flags=0; +- return(1); +- } ++ bi->init = 0; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); ++} + + static int md_free(BIO *a) +- { +- if (a == NULL) return(0); +- EVP_MD_CTX_destroy(a->ptr); +- a->ptr=NULL; +- a->init=0; +- a->flags=0; +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ EVP_MD_CTX_destroy(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); ++} ++ + static int md_read(BIO *b, char *out, int outl) +- { +- int ret=0; +- EVP_MD_CTX *ctx; ++{ ++ int ret = 0; ++ EVP_MD_CTX *ctx; + +- if (out == NULL) return(0); +- ctx=b->ptr; ++ if (out == NULL) ++ return (0); ++ ctx = b->ptr; + +- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); + +- ret=BIO_read(b->next_bio,out,outl); +- if (b->init) +- { +- if (ret > 0) +- { +- EVP_DigestUpdate(ctx,(unsigned char *)out, +- (unsigned int)ret); +- } +- } +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return(ret); +- } ++ ret = BIO_read(b->next_bio, out, outl); ++ if (b->init) { ++ if (ret > 0) { ++ EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret); ++ } ++ } ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static int md_write(BIO *b, const char *in, int inl) +- { +- int ret=0; +- EVP_MD_CTX *ctx; ++{ ++ int ret = 0; ++ EVP_MD_CTX *ctx; + +- if ((in == NULL) || (inl <= 0)) return(0); +- ctx=b->ptr; ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ ctx = b->ptr; + +- if ((ctx != NULL) && (b->next_bio != NULL)) +- ret=BIO_write(b->next_bio,in,inl); +- if (b->init) +- { +- if (ret > 0) +- { +- EVP_DigestUpdate(ctx,(const unsigned char *)in, +- (unsigned int)ret); +- } +- } +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return(ret); +- } ++ if ((ctx != NULL) && (b->next_bio != NULL)) ++ ret = BIO_write(b->next_bio, in, inl); ++ if (b->init) { ++ if (ret > 0) { ++ EVP_DigestUpdate(ctx, (const unsigned char *)in, ++ (unsigned int)ret); ++ } ++ } ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static long md_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- EVP_MD_CTX *ctx,*dctx,**pctx; +- const EVP_MD **ppmd; +- EVP_MD *md; +- long ret=1; +- BIO *dbio; ++{ ++ EVP_MD_CTX *ctx, *dctx, **pctx; ++ const EVP_MD **ppmd; ++ EVP_MD *md; ++ long ret = 1; ++ BIO *dbio; + +- ctx=b->ptr; ++ ctx = b->ptr; + +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- if (b->init) +- ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL); +- else +- ret=0; +- if (ret > 0) +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_C_GET_MD: +- if (b->init) +- { +- ppmd=ptr; +- *ppmd=ctx->digest; +- } +- else +- ret=0; +- break; +- case BIO_C_GET_MD_CTX: +- pctx=ptr; +- *pctx=ctx; +- break; +- case BIO_C_SET_MD_CTX: +- if (b->init) +- b->ptr=ptr; +- else +- ret=0; +- break; +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ if (b->init) ++ ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); ++ else ++ ret = 0; ++ if (ret > 0) ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_C_GET_MD: ++ if (b->init) { ++ ppmd = ptr; ++ *ppmd = ctx->digest; ++ } else ++ ret = 0; ++ break; ++ case BIO_C_GET_MD_CTX: ++ pctx = ptr; ++ *pctx = ctx; ++ break; ++ case BIO_C_SET_MD_CTX: ++ if (b->init) ++ b->ptr = ptr; ++ else ++ ret = 0; ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; + +- case BIO_C_SET_MD: +- md=ptr; +- ret = EVP_DigestInit_ex(ctx,md, NULL); +- if (ret > 0) +- b->init=1; +- break; +- case BIO_CTRL_DUP: +- dbio=ptr; +- dctx=dbio->ptr; +- EVP_MD_CTX_copy_ex(dctx,ctx); +- b->init=1; +- break; +- default: +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- return(ret); +- } ++ case BIO_C_SET_MD: ++ md = ptr; ++ ret = EVP_DigestInit_ex(ctx, md, NULL); ++ if (ret > 0) ++ b->init = 1; ++ break; ++ case BIO_CTRL_DUP: ++ dbio = ptr; ++ dctx = dbio->ptr; ++ EVP_MD_CTX_copy_ex(dctx, ctx); ++ b->init = 1; ++ break; ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++} + + static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; ++{ ++ long ret = 1; + +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} + + static int md_gets(BIO *bp, char *buf, int size) +- { +- EVP_MD_CTX *ctx; +- unsigned int ret; ++{ ++ EVP_MD_CTX *ctx; ++ unsigned int ret; + ++ ctx = bp->ptr; ++ if (size < ctx->digest->md_size) ++ return (0); ++ EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret); ++ return ((int)ret); ++} + +- ctx=bp->ptr; +- if (size < ctx->digest->md_size) +- return(0); +- EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); +- return((int)ret); +- } +- +-/* ++/*- + static int md_puts(bp,str) + BIO *bp; + char *str; +- { +- return(-1); +- } ++ { ++ return(-1); ++ } + */ +- +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +index 98bc1ab..e66854c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,71 +49,71 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* +- From: Arne Ansper +- +- Why BIO_f_reliable? +- +- I wrote function which took BIO* as argument, read data from it +- and processed it. Then I wanted to store the input file in +- encrypted form. OK I pushed BIO_f_cipher to the BIO stack +- and everything was OK. BUT if user types wrong password +- BIO_f_cipher outputs only garbage and my function crashes. Yes +- I can and I should fix my function, but BIO_f_cipher is +- easy way to add encryption support to many existing applications +- and it's hard to debug and fix them all. +- +- So I wanted another BIO which would catch the incorrect passwords and +- file damages which cause garbage on BIO_f_cipher's output. +- +- The easy way is to push the BIO_f_md and save the checksum at +- the end of the file. However there are several problems with this +- approach: +- +- 1) you must somehow separate checksum from actual data. +- 2) you need lot's of memory when reading the file, because you +- must read to the end of the file and verify the checksum before +- letting the application to read the data. +- +- BIO_f_reliable tries to solve both problems, so that you can +- read and write arbitrary long streams using only fixed amount +- of memory. +- +- BIO_f_reliable splits data stream into blocks. Each block is prefixed +- with it's length and suffixed with it's digest. So you need only +- several Kbytes of memory to buffer single block before verifying +- it's digest. +- +- BIO_f_reliable goes further and adds several important capabilities: +- +- 1) the digest of the block is computed over the whole stream +- -- so nobody can rearrange the blocks or remove or replace them. +- +- 2) to detect invalid passwords right at the start BIO_f_reliable +- adds special prefix to the stream. In order to avoid known plain-text +- attacks this prefix is generated as follows: +- +- *) digest is initialized with random seed instead of +- standardized one. +- *) same seed is written to output +- *) well-known text is then hashed and the output +- of the digest is also written to output. +- +- reader can now read the seed from stream, hash the same string +- and then compare the digest output. +- +- Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I +- initially wrote and tested this code on x86 machine and wrote the +- digests out in machine-dependent order :( There are people using +- this code and I cannot change this easily without making existing +- data files unreadable. ++/*- ++ From: Arne Ansper ++ ++ Why BIO_f_reliable? ++ ++ I wrote function which took BIO* as argument, read data from it ++ and processed it. Then I wanted to store the input file in ++ encrypted form. OK I pushed BIO_f_cipher to the BIO stack ++ and everything was OK. BUT if user types wrong password ++ BIO_f_cipher outputs only garbage and my function crashes. Yes ++ I can and I should fix my function, but BIO_f_cipher is ++ easy way to add encryption support to many existing applications ++ and it's hard to debug and fix them all. ++ ++ So I wanted another BIO which would catch the incorrect passwords and ++ file damages which cause garbage on BIO_f_cipher's output. ++ ++ The easy way is to push the BIO_f_md and save the checksum at ++ the end of the file. However there are several problems with this ++ approach: ++ ++ 1) you must somehow separate checksum from actual data. ++ 2) you need lot's of memory when reading the file, because you ++ must read to the end of the file and verify the checksum before ++ letting the application to read the data. ++ ++ BIO_f_reliable tries to solve both problems, so that you can ++ read and write arbitrary long streams using only fixed amount ++ of memory. ++ ++ BIO_f_reliable splits data stream into blocks. Each block is prefixed ++ with it's length and suffixed with it's digest. So you need only ++ several Kbytes of memory to buffer single block before verifying ++ it's digest. ++ ++ BIO_f_reliable goes further and adds several important capabilities: ++ ++ 1) the digest of the block is computed over the whole stream ++ -- so nobody can rearrange the blocks or remove or replace them. ++ ++ 2) to detect invalid passwords right at the start BIO_f_reliable ++ adds special prefix to the stream. In order to avoid known plain-text ++ attacks this prefix is generated as follows: ++ ++ *) digest is initialized with random seed instead of ++ standardized one. ++ *) same seed is written to output ++ *) well-known text is then hashed and the output ++ of the digest is also written to output. ++ ++ reader can now read the seed from stream, hash the same string ++ and then compare the digest output. ++ ++ Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I ++ initially wrote and tested this code on x86 machine and wrote the ++ digests out in machine-dependent order :( There are people using ++ this code and I cannot change this easily without making existing ++ data files unreadable. + + */ + +@@ -133,443 +133,450 @@ static int ok_new(BIO *h); + static int ok_free(BIO *data); + static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +-static void sig_out(BIO* b); +-static void sig_in(BIO* b); +-static void block_out(BIO* b); +-static void block_in(BIO* b); +-#define OK_BLOCK_SIZE (1024*4) +-#define OK_BLOCK_BLOCK 4 +-#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) ++static void sig_out(BIO *b); ++static void sig_in(BIO *b); ++static void block_out(BIO *b); ++static void block_in(BIO *b); ++#define OK_BLOCK_SIZE (1024*4) ++#define OK_BLOCK_BLOCK 4 ++#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) + #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." + +-typedef struct ok_struct +- { +- size_t buf_len; +- size_t buf_off; +- size_t buf_len_save; +- size_t buf_off_save; +- int cont; /* <= 0 when finished */ +- int finished; +- EVP_MD_CTX md; +- int blockout; /* output block is ready */ +- int sigio; /* must process signature */ +- unsigned char buf[IOBS]; +- } BIO_OK_CTX; +- +-static BIO_METHOD methods_ok= +- { +- BIO_TYPE_CIPHER,"reliable", +- ok_write, +- ok_read, +- NULL, /* ok_puts, */ +- NULL, /* ok_gets, */ +- ok_ctrl, +- ok_new, +- ok_free, +- ok_callback_ctrl, +- }; ++typedef struct ok_struct { ++ size_t buf_len; ++ size_t buf_off; ++ size_t buf_len_save; ++ size_t buf_off_save; ++ int cont; /* <= 0 when finished */ ++ int finished; ++ EVP_MD_CTX md; ++ int blockout; /* output block is ready */ ++ int sigio; /* must process signature */ ++ unsigned char buf[IOBS]; ++} BIO_OK_CTX; ++ ++static BIO_METHOD methods_ok = { ++ BIO_TYPE_CIPHER, "reliable", ++ ok_write, ++ ok_read, ++ NULL, /* ok_puts, */ ++ NULL, /* ok_gets, */ ++ ok_ctrl, ++ ok_new, ++ ok_free, ++ ok_callback_ctrl, ++}; + + BIO_METHOD *BIO_f_reliable(void) +- { +- return(&methods_ok); +- } ++{ ++ return (&methods_ok); ++} + + static int ok_new(BIO *bi) +- { +- BIO_OK_CTX *ctx; +- +- ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); +- if (ctx == NULL) return(0); +- +- ctx->buf_len=0; +- ctx->buf_off=0; +- ctx->buf_len_save=0; +- ctx->buf_off_save=0; +- ctx->cont=1; +- ctx->finished=0; +- ctx->blockout= 0; +- ctx->sigio=1; +- +- EVP_MD_CTX_init(&ctx->md); +- +- bi->init=0; +- bi->ptr=(char *)ctx; +- bi->flags=0; +- return(1); +- } ++{ ++ BIO_OK_CTX *ctx; ++ ++ ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); ++ if (ctx == NULL) ++ return (0); ++ ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ ctx->buf_len_save = 0; ++ ctx->buf_off_save = 0; ++ ctx->cont = 1; ++ ctx->finished = 0; ++ ctx->blockout = 0; ++ ctx->sigio = 1; ++ ++ EVP_MD_CTX_init(&ctx->md); ++ ++ bi->init = 0; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); ++} + + static int ok_free(BIO *a) +- { +- if (a == NULL) return(0); +- EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); +- OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX)); +- OPENSSL_free(a->ptr); +- a->ptr=NULL; +- a->init=0; +- a->flags=0; +- return(1); +- } +- ++{ ++ if (a == NULL) ++ return (0); ++ EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); ++ OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX)); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); ++} ++ + static int ok_read(BIO *b, char *out, int outl) +- { +- int ret=0,i,n; +- BIO_OK_CTX *ctx; +- +- if (out == NULL) return(0); +- ctx=(BIO_OK_CTX *)b->ptr; +- +- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); +- +- while(outl > 0) +- { +- +- /* copy clean bytes to output buffer */ +- if (ctx->blockout) +- { +- i=ctx->buf_len-ctx->buf_off; +- if (i > outl) i=outl; +- memcpy(out,&(ctx->buf[ctx->buf_off]),i); +- ret+=i; +- out+=i; +- outl-=i; +- ctx->buf_off+=i; +- +- /* all clean bytes are out */ +- if (ctx->buf_len == ctx->buf_off) +- { +- ctx->buf_off=0; +- +- /* copy start of the next block into proper place */ +- if(ctx->buf_len_save- ctx->buf_off_save > 0) +- { +- ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save; +- memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), +- ctx->buf_len); +- } +- else +- { +- ctx->buf_len=0; +- } +- ctx->blockout= 0; +- } +- } +- +- /* output buffer full -- cancel */ +- if (outl == 0) break; +- +- /* no clean bytes in buffer -- fill it */ +- n=IOBS- ctx->buf_len; +- i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n); +- +- if (i <= 0) break; /* nothing new */ +- +- ctx->buf_len+= i; +- +- /* no signature yet -- check if we got one */ +- if (ctx->sigio == 1) sig_in(b); +- +- /* signature ok -- check if we got block */ +- if (ctx->sigio == 0) block_in(b); +- +- /* invalid block -- cancel */ +- if (ctx->cont <= 0) break; +- +- } +- +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return(ret); +- } ++{ ++ int ret = 0, i, n; ++ BIO_OK_CTX *ctx; ++ ++ if (out == NULL) ++ return (0); ++ ctx = (BIO_OK_CTX *)b->ptr; ++ ++ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) ++ return (0); ++ ++ while (outl > 0) { ++ ++ /* copy clean bytes to output buffer */ ++ if (ctx->blockout) { ++ i = ctx->buf_len - ctx->buf_off; ++ if (i > outl) ++ i = outl; ++ memcpy(out, &(ctx->buf[ctx->buf_off]), i); ++ ret += i; ++ out += i; ++ outl -= i; ++ ctx->buf_off += i; ++ ++ /* all clean bytes are out */ ++ if (ctx->buf_len == ctx->buf_off) { ++ ctx->buf_off = 0; ++ ++ /* ++ * copy start of the next block into proper place ++ */ ++ if (ctx->buf_len_save - ctx->buf_off_save > 0) { ++ ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; ++ memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), ++ ctx->buf_len); ++ } else { ++ ctx->buf_len = 0; ++ } ++ ctx->blockout = 0; ++ } ++ } ++ ++ /* output buffer full -- cancel */ ++ if (outl == 0) ++ break; ++ ++ /* no clean bytes in buffer -- fill it */ ++ n = IOBS - ctx->buf_len; ++ i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n); ++ ++ if (i <= 0) ++ break; /* nothing new */ ++ ++ ctx->buf_len += i; ++ ++ /* no signature yet -- check if we got one */ ++ if (ctx->sigio == 1) ++ sig_in(b); ++ ++ /* signature ok -- check if we got block */ ++ if (ctx->sigio == 0) ++ block_in(b); ++ ++ /* invalid block -- cancel */ ++ if (ctx->cont <= 0) ++ break; ++ ++ } ++ ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static int ok_write(BIO *b, const char *in, int inl) +- { +- int ret=0,n,i; +- BIO_OK_CTX *ctx; +- +- if (inl <= 0) return inl; +- +- ctx=(BIO_OK_CTX *)b->ptr; +- ret=inl; +- +- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); +- +- if(ctx->sigio) sig_out(b); +- +- do{ +- BIO_clear_retry_flags(b); +- n=ctx->buf_len-ctx->buf_off; +- while (ctx->blockout && n > 0) +- { +- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); +- if (i <= 0) +- { +- BIO_copy_next_retry(b); +- if(!BIO_should_retry(b)) +- ctx->cont= 0; +- return(i); +- } +- ctx->buf_off+=i; +- n-=i; +- } +- +- /* at this point all pending data has been written */ +- ctx->blockout= 0; +- if (ctx->buf_len == ctx->buf_off) +- { +- ctx->buf_len=OK_BLOCK_BLOCK; +- ctx->buf_off=0; +- } +- +- if ((in == NULL) || (inl <= 0)) return(0); +- +- n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? +- (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl; +- +- memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); +- ctx->buf_len+= n; +- inl-=n; +- in+=n; +- +- if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) +- { +- block_out(b); +- } +- }while(inl > 0); +- +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return(ret); +- } ++{ ++ int ret = 0, n, i; ++ BIO_OK_CTX *ctx; ++ ++ if (inl <= 0) ++ return inl; ++ ++ ctx = (BIO_OK_CTX *)b->ptr; ++ ret = inl; ++ ++ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) ++ return (0); ++ ++ if (ctx->sigio) ++ sig_out(b); ++ ++ do { ++ BIO_clear_retry_flags(b); ++ n = ctx->buf_len - ctx->buf_off; ++ while (ctx->blockout && n > 0) { ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ if (!BIO_should_retry(b)) ++ ctx->cont = 0; ++ return (i); ++ } ++ ctx->buf_off += i; ++ n -= i; ++ } ++ ++ /* at this point all pending data has been written */ ++ ctx->blockout = 0; ++ if (ctx->buf_len == ctx->buf_off) { ++ ctx->buf_len = OK_BLOCK_BLOCK; ++ ctx->buf_off = 0; ++ } ++ ++ if ((in == NULL) || (inl <= 0)) ++ return (0); ++ ++ n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? ++ (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; ++ ++ memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])), ++ (unsigned char *)in, n); ++ ctx->buf_len += n; ++ inl -= n; ++ in += n; ++ ++ if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) { ++ block_out(b); ++ } ++ } while (inl > 0); ++ ++ BIO_clear_retry_flags(b); ++ BIO_copy_next_retry(b); ++ return (ret); ++} + + static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) +- { +- BIO_OK_CTX *ctx; +- EVP_MD *md; +- const EVP_MD **ppmd; +- long ret=1; +- int i; +- +- ctx=b->ptr; +- +- switch (cmd) +- { +- case BIO_CTRL_RESET: +- ctx->buf_len=0; +- ctx->buf_off=0; +- ctx->buf_len_save=0; +- ctx->buf_off_save=0; +- ctx->cont=1; +- ctx->finished=0; +- ctx->blockout= 0; +- ctx->sigio=1; +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_EOF: /* More to read */ +- if (ctx->cont <= 0) +- ret=1; +- else +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_PENDING: /* More to read in buffer */ +- case BIO_CTRL_WPENDING: /* More to read in buffer */ +- ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0; +- if (ret <= 0) +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_CTRL_FLUSH: +- /* do a final write */ +- if(ctx->blockout == 0) +- block_out(b); +- +- while (ctx->blockout) +- { +- i=ok_write(b,NULL,0); +- if (i < 0) +- { +- ret=i; +- break; +- } +- } +- +- ctx->finished=1; +- ctx->buf_off=ctx->buf_len=0; +- ctx->cont=(int)ret; +- +- /* Finally flush the underlying BIO */ +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- case BIO_C_DO_STATE_MACHINE: +- BIO_clear_retry_flags(b); +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- BIO_copy_next_retry(b); +- break; +- case BIO_CTRL_INFO: +- ret=(long)ctx->cont; +- break; +- case BIO_C_SET_MD: +- md=ptr; +- EVP_DigestInit_ex(&ctx->md, md, NULL); +- b->init=1; +- break; +- case BIO_C_GET_MD: +- if (b->init) +- { +- ppmd=ptr; +- *ppmd=ctx->md.digest; +- } +- else +- ret=0; +- break; +- default: +- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); +- break; +- } +- return(ret); +- } ++{ ++ BIO_OK_CTX *ctx; ++ EVP_MD *md; ++ const EVP_MD **ppmd; ++ long ret = 1; ++ int i; ++ ++ ctx = b->ptr; ++ ++ switch (cmd) { ++ case BIO_CTRL_RESET: ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ ctx->buf_len_save = 0; ++ ctx->buf_off_save = 0; ++ ctx->cont = 1; ++ ctx->finished = 0; ++ ctx->blockout = 0; ++ ctx->sigio = 1; ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_EOF: /* More to read */ ++ if (ctx->cont <= 0) ++ ret = 1; ++ else ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_PENDING: /* More to read in buffer */ ++ case BIO_CTRL_WPENDING: /* More to read in buffer */ ++ ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; ++ if (ret <= 0) ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_CTRL_FLUSH: ++ /* do a final write */ ++ if (ctx->blockout == 0) ++ block_out(b); ++ ++ while (ctx->blockout) { ++ i = ok_write(b, NULL, 0); ++ if (i < 0) { ++ ret = i; ++ break; ++ } ++ } ++ ++ ctx->finished = 1; ++ ctx->buf_off = ctx->buf_len = 0; ++ ctx->cont = (int)ret; ++ ++ /* Finally flush the underlying BIO */ ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ case BIO_C_DO_STATE_MACHINE: ++ BIO_clear_retry_flags(b); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ BIO_copy_next_retry(b); ++ break; ++ case BIO_CTRL_INFO: ++ ret = (long)ctx->cont; ++ break; ++ case BIO_C_SET_MD: ++ md = ptr; ++ EVP_DigestInit_ex(&ctx->md, md, NULL); ++ b->init = 1; ++ break; ++ case BIO_C_GET_MD: ++ if (b->init) { ++ ppmd = ptr; ++ *ppmd = ctx->md.digest; ++ } else ++ ret = 0; ++ break; ++ default: ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); ++ break; ++ } ++ return (ret); ++} + + static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +- { +- long ret=1; +- +- if (b->next_bio == NULL) return(0); +- switch (cmd) +- { +- default: +- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); +- break; +- } +- return(ret); +- } ++{ ++ long ret = 1; ++ ++ if (b->next_bio == NULL) ++ return (0); ++ switch (cmd) { ++ default: ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); ++ break; ++ } ++ return (ret); ++} + + static void longswap(void *_ptr, size_t len) +-{ const union { long one; char little; } is_endian = {1}; ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ if (is_endian.little) { ++ size_t i; ++ unsigned char *p = _ptr, c; ++ ++ for (i = 0; i < len; i += 4) { ++ c = p[0], p[0] = p[3], p[3] = c; ++ c = p[1], p[1] = p[2], p[2] = c; ++ } ++ } ++} + +- if (is_endian.little) { +- size_t i; +- unsigned char *p=_ptr,c; ++static void sig_out(BIO *b) ++{ ++ BIO_OK_CTX *ctx; ++ EVP_MD_CTX *md; ++ ++ ctx = b->ptr; ++ md = &ctx->md; ++ ++ if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) ++ return; ++ ++ EVP_DigestInit_ex(md, md->digest, NULL); ++ /* ++ * FIXME: there's absolutely no guarantee this makes any sense at all, ++ * particularly now EVP_MD_CTX has been restructured. ++ */ ++ RAND_pseudo_bytes(md->md_data, md->digest->md_size); ++ memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); ++ longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ++ ctx->buf_len += md->digest->md_size; ++ ++ EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); ++ EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ++ ctx->buf_len += md->digest->md_size; ++ ctx->blockout = 1; ++ ctx->sigio = 0; ++} + +- for(i= 0;i < len;i+= 4) { +- c=p[0],p[0]=p[3],p[3]=c; +- c=p[1],p[1]=p[2],p[2]=c; +- } +- } ++static void sig_in(BIO *b) ++{ ++ BIO_OK_CTX *ctx; ++ EVP_MD_CTX *md; ++ unsigned char tmp[EVP_MAX_MD_SIZE]; ++ int ret = 0; ++ ++ ctx = b->ptr; ++ md = &ctx->md; ++ ++ if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) ++ return; ++ ++ EVP_DigestInit_ex(md, md->digest, NULL); ++ memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); ++ longswap(md->md_data, md->digest->md_size); ++ ctx->buf_off += md->digest->md_size; ++ ++ EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); ++ EVP_DigestFinal_ex(md, tmp, NULL); ++ ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; ++ ctx->buf_off += md->digest->md_size; ++ if (ret == 1) { ++ ctx->sigio = 0; ++ if (ctx->buf_len != ctx->buf_off) { ++ memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ++ ctx->buf_len - ctx->buf_off); ++ } ++ ctx->buf_len -= ctx->buf_off; ++ ctx->buf_off = 0; ++ } else { ++ ctx->cont = 0; ++ } + } + +-static void sig_out(BIO* b) +- { +- BIO_OK_CTX *ctx; +- EVP_MD_CTX *md; +- +- ctx=b->ptr; +- md=&ctx->md; +- +- if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return; +- +- EVP_DigestInit_ex(md, md->digest, NULL); +- /* FIXME: there's absolutely no guarantee this makes any sense at all, +- * particularly now EVP_MD_CTX has been restructured. +- */ +- RAND_pseudo_bytes(md->md_data, md->digest->md_size); +- memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); +- longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); +- ctx->buf_len+= md->digest->md_size; +- +- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); +- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); +- ctx->buf_len+= md->digest->md_size; +- ctx->blockout= 1; +- ctx->sigio= 0; +- } +- +-static void sig_in(BIO* b) +- { +- BIO_OK_CTX *ctx; +- EVP_MD_CTX *md; +- unsigned char tmp[EVP_MAX_MD_SIZE]; +- int ret= 0; +- +- ctx=b->ptr; +- md=&ctx->md; +- +- if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return; +- +- EVP_DigestInit_ex(md, md->digest, NULL); +- memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); +- longswap(md->md_data, md->digest->md_size); +- ctx->buf_off+= md->digest->md_size; +- +- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); +- EVP_DigestFinal_ex(md, tmp, NULL); +- ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; +- ctx->buf_off+= md->digest->md_size; +- if(ret == 1) +- { +- ctx->sigio= 0; +- if(ctx->buf_len != ctx->buf_off) +- { +- memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off); +- } +- ctx->buf_len-= ctx->buf_off; +- ctx->buf_off= 0; +- } +- else +- { +- ctx->cont= 0; +- } +- } +- +-static void block_out(BIO* b) +- { +- BIO_OK_CTX *ctx; +- EVP_MD_CTX *md; +- unsigned long tl; +- +- ctx=b->ptr; +- md=&ctx->md; +- +- tl= ctx->buf_len- OK_BLOCK_BLOCK; +- ctx->buf[0]=(unsigned char)(tl>>24); +- ctx->buf[1]=(unsigned char)(tl>>16); +- ctx->buf[2]=(unsigned char)(tl>>8); +- ctx->buf[3]=(unsigned char)(tl); +- EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); +- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); +- ctx->buf_len+= md->digest->md_size; +- ctx->blockout= 1; +- } +- +-static void block_in(BIO* b) +- { +- BIO_OK_CTX *ctx; +- EVP_MD_CTX *md; +- unsigned long tl= 0; +- unsigned char tmp[EVP_MAX_MD_SIZE]; +- +- ctx=b->ptr; +- md=&ctx->md; +- +- assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */ +- tl =ctx->buf[0]; tl<<=8; +- tl|=ctx->buf[1]; tl<<=8; +- tl|=ctx->buf[2]; tl<<=8; +- tl|=ctx->buf[3]; +- +- if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; +- +- EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); +- EVP_DigestFinal_ex(md, tmp, NULL); +- if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) +- { +- /* there might be parts from next block lurking around ! */ +- ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size; +- ctx->buf_len_save= ctx->buf_len; +- ctx->buf_off= OK_BLOCK_BLOCK; +- ctx->buf_len= tl+ OK_BLOCK_BLOCK; +- ctx->blockout= 1; +- } +- else +- { +- ctx->cont= 0; +- } +- } ++static void block_out(BIO *b) ++{ ++ BIO_OK_CTX *ctx; ++ EVP_MD_CTX *md; ++ unsigned long tl; ++ ++ ctx = b->ptr; ++ md = &ctx->md; ++ ++ tl = ctx->buf_len - OK_BLOCK_BLOCK; ++ ctx->buf[0] = (unsigned char)(tl >> 24); ++ ctx->buf[1] = (unsigned char)(tl >> 16); ++ ctx->buf[2] = (unsigned char)(tl >> 8); ++ ctx->buf[3] = (unsigned char)(tl); ++ EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl); ++ EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); ++ ctx->buf_len += md->digest->md_size; ++ ctx->blockout = 1; ++} + ++static void block_in(BIO *b) ++{ ++ BIO_OK_CTX *ctx; ++ EVP_MD_CTX *md; ++ unsigned long tl = 0; ++ unsigned char tmp[EVP_MAX_MD_SIZE]; ++ ++ ctx = b->ptr; ++ md = &ctx->md; ++ ++ assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ ++ tl = ctx->buf[0]; ++ tl <<= 8; ++ tl |= ctx->buf[1]; ++ tl <<= 8; ++ tl |= ctx->buf[2]; ++ tl <<= 8; ++ tl |= ctx->buf[3]; ++ ++ if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) ++ return; ++ ++ EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl); ++ EVP_DigestFinal_ex(md, tmp, NULL); ++ if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == ++ 0) { ++ /* there might be parts from next block lurking around ! */ ++ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; ++ ctx->buf_len_save = ctx->buf_len; ++ ctx->buf_off = OK_BLOCK_BLOCK; ++ ctx->buf_len = tl + OK_BLOCK_BLOCK; ++ ctx->blockout = 1; ++ } else { ++ ctx->cont = 0; ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c +index a5da52e..83f5003 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_all.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_all.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,31 +60,31 @@ + #include "cryptlib.h" + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + + #if 0 +-#undef OpenSSL_add_all_algorithms ++# undef OpenSSL_add_all_algorithms + + void OpenSSL_add_all_algorithms(void) +- { +- OPENSSL_add_all_algorithms_noconf(); +- } ++{ ++ OPENSSL_add_all_algorithms_noconf(); ++} + #endif + + void OPENSSL_add_all_algorithms_noconf(void) +- { +- /* +- * For the moment OPENSSL_cpuid_setup does something +- * only on IA-32, but we reserve the option for all +- * platforms... +- */ +- OPENSSL_cpuid_setup(); +- OpenSSL_add_all_ciphers(); +- OpenSSL_add_all_digests(); ++{ ++ /* ++ * For the moment OPENSSL_cpuid_setup does something ++ * only on IA-32, but we reserve the option for all ++ * platforms... ++ */ ++ OPENSSL_cpuid_setup(); ++ OpenSSL_add_all_ciphers(); ++ OpenSSL_add_all_digests(); + #ifndef OPENSSL_NO_ENGINE + # if defined(__OpenBSD__) || defined(__FreeBSD__) +- ENGINE_setup_bsd_cryptodev(); ++ ENGINE_setup_bsd_cryptodev(); + # endif + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +index e45cee8..7a2b524 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,165 +63,165 @@ + #include + + void OpenSSL_add_all_ciphers(void) +- { ++{ + + #ifndef OPENSSL_NO_DES +- EVP_add_cipher(EVP_des_cfb()); +- EVP_add_cipher(EVP_des_cfb1()); +- EVP_add_cipher(EVP_des_cfb8()); +- EVP_add_cipher(EVP_des_ede_cfb()); +- EVP_add_cipher(EVP_des_ede3_cfb()); +- EVP_add_cipher(EVP_des_ede3_cfb1()); +- EVP_add_cipher(EVP_des_ede3_cfb8()); +- +- EVP_add_cipher(EVP_des_ofb()); +- EVP_add_cipher(EVP_des_ede_ofb()); +- EVP_add_cipher(EVP_des_ede3_ofb()); +- +- EVP_add_cipher(EVP_desx_cbc()); +- EVP_add_cipher_alias(SN_desx_cbc,"DESX"); +- EVP_add_cipher_alias(SN_desx_cbc,"desx"); +- +- EVP_add_cipher(EVP_des_cbc()); +- EVP_add_cipher_alias(SN_des_cbc,"DES"); +- EVP_add_cipher_alias(SN_des_cbc,"des"); +- EVP_add_cipher(EVP_des_ede_cbc()); +- EVP_add_cipher(EVP_des_ede3_cbc()); +- EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); +- EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); +- +- EVP_add_cipher(EVP_des_ecb()); +- EVP_add_cipher(EVP_des_ede()); +- EVP_add_cipher(EVP_des_ede3()); ++ EVP_add_cipher(EVP_des_cfb()); ++ EVP_add_cipher(EVP_des_cfb1()); ++ EVP_add_cipher(EVP_des_cfb8()); ++ EVP_add_cipher(EVP_des_ede_cfb()); ++ EVP_add_cipher(EVP_des_ede3_cfb()); ++ EVP_add_cipher(EVP_des_ede3_cfb1()); ++ EVP_add_cipher(EVP_des_ede3_cfb8()); ++ ++ EVP_add_cipher(EVP_des_ofb()); ++ EVP_add_cipher(EVP_des_ede_ofb()); ++ EVP_add_cipher(EVP_des_ede3_ofb()); ++ ++ EVP_add_cipher(EVP_desx_cbc()); ++ EVP_add_cipher_alias(SN_desx_cbc, "DESX"); ++ EVP_add_cipher_alias(SN_desx_cbc, "desx"); ++ ++ EVP_add_cipher(EVP_des_cbc()); ++ EVP_add_cipher_alias(SN_des_cbc, "DES"); ++ EVP_add_cipher_alias(SN_des_cbc, "des"); ++ EVP_add_cipher(EVP_des_ede_cbc()); ++ EVP_add_cipher(EVP_des_ede3_cbc()); ++ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); ++ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); ++ ++ EVP_add_cipher(EVP_des_ecb()); ++ EVP_add_cipher(EVP_des_ede()); ++ EVP_add_cipher(EVP_des_ede3()); + #endif + + #ifndef OPENSSL_NO_RC4 +- EVP_add_cipher(EVP_rc4()); +- EVP_add_cipher(EVP_rc4_40()); ++ EVP_add_cipher(EVP_rc4()); ++ EVP_add_cipher(EVP_rc4_40()); + #endif + + #ifndef OPENSSL_NO_IDEA +- EVP_add_cipher(EVP_idea_ecb()); +- EVP_add_cipher(EVP_idea_cfb()); +- EVP_add_cipher(EVP_idea_ofb()); +- EVP_add_cipher(EVP_idea_cbc()); +- EVP_add_cipher_alias(SN_idea_cbc,"IDEA"); +- EVP_add_cipher_alias(SN_idea_cbc,"idea"); ++ EVP_add_cipher(EVP_idea_ecb()); ++ EVP_add_cipher(EVP_idea_cfb()); ++ EVP_add_cipher(EVP_idea_ofb()); ++ EVP_add_cipher(EVP_idea_cbc()); ++ EVP_add_cipher_alias(SN_idea_cbc, "IDEA"); ++ EVP_add_cipher_alias(SN_idea_cbc, "idea"); + #endif + + #ifndef OPENSSL_NO_SEED +- EVP_add_cipher(EVP_seed_ecb()); +- EVP_add_cipher(EVP_seed_cfb()); +- EVP_add_cipher(EVP_seed_ofb()); +- EVP_add_cipher(EVP_seed_cbc()); +- EVP_add_cipher_alias(SN_seed_cbc,"SEED"); +- EVP_add_cipher_alias(SN_seed_cbc,"seed"); ++ EVP_add_cipher(EVP_seed_ecb()); ++ EVP_add_cipher(EVP_seed_cfb()); ++ EVP_add_cipher(EVP_seed_ofb()); ++ EVP_add_cipher(EVP_seed_cbc()); ++ EVP_add_cipher_alias(SN_seed_cbc, "SEED"); ++ EVP_add_cipher_alias(SN_seed_cbc, "seed"); + #endif + + #ifndef OPENSSL_NO_RC2 +- EVP_add_cipher(EVP_rc2_ecb()); +- EVP_add_cipher(EVP_rc2_cfb()); +- EVP_add_cipher(EVP_rc2_ofb()); +- EVP_add_cipher(EVP_rc2_cbc()); +- EVP_add_cipher(EVP_rc2_40_cbc()); +- EVP_add_cipher(EVP_rc2_64_cbc()); +- EVP_add_cipher_alias(SN_rc2_cbc,"RC2"); +- EVP_add_cipher_alias(SN_rc2_cbc,"rc2"); ++ EVP_add_cipher(EVP_rc2_ecb()); ++ EVP_add_cipher(EVP_rc2_cfb()); ++ EVP_add_cipher(EVP_rc2_ofb()); ++ EVP_add_cipher(EVP_rc2_cbc()); ++ EVP_add_cipher(EVP_rc2_40_cbc()); ++ EVP_add_cipher(EVP_rc2_64_cbc()); ++ EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); ++ EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); + #endif + + #ifndef OPENSSL_NO_BF +- EVP_add_cipher(EVP_bf_ecb()); +- EVP_add_cipher(EVP_bf_cfb()); +- EVP_add_cipher(EVP_bf_ofb()); +- EVP_add_cipher(EVP_bf_cbc()); +- EVP_add_cipher_alias(SN_bf_cbc,"BF"); +- EVP_add_cipher_alias(SN_bf_cbc,"bf"); +- EVP_add_cipher_alias(SN_bf_cbc,"blowfish"); ++ EVP_add_cipher(EVP_bf_ecb()); ++ EVP_add_cipher(EVP_bf_cfb()); ++ EVP_add_cipher(EVP_bf_ofb()); ++ EVP_add_cipher(EVP_bf_cbc()); ++ EVP_add_cipher_alias(SN_bf_cbc, "BF"); ++ EVP_add_cipher_alias(SN_bf_cbc, "bf"); ++ EVP_add_cipher_alias(SN_bf_cbc, "blowfish"); + #endif + + #ifndef OPENSSL_NO_CAST +- EVP_add_cipher(EVP_cast5_ecb()); +- EVP_add_cipher(EVP_cast5_cfb()); +- EVP_add_cipher(EVP_cast5_ofb()); +- EVP_add_cipher(EVP_cast5_cbc()); +- EVP_add_cipher_alias(SN_cast5_cbc,"CAST"); +- EVP_add_cipher_alias(SN_cast5_cbc,"cast"); +- EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc"); +- EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc"); ++ EVP_add_cipher(EVP_cast5_ecb()); ++ EVP_add_cipher(EVP_cast5_cfb()); ++ EVP_add_cipher(EVP_cast5_ofb()); ++ EVP_add_cipher(EVP_cast5_cbc()); ++ EVP_add_cipher_alias(SN_cast5_cbc, "CAST"); ++ EVP_add_cipher_alias(SN_cast5_cbc, "cast"); ++ EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc"); ++ EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc"); + #endif + + #ifndef OPENSSL_NO_RC5 +- EVP_add_cipher(EVP_rc5_32_12_16_ecb()); +- EVP_add_cipher(EVP_rc5_32_12_16_cfb()); +- EVP_add_cipher(EVP_rc5_32_12_16_ofb()); +- EVP_add_cipher(EVP_rc5_32_12_16_cbc()); +- EVP_add_cipher_alias(SN_rc5_cbc,"rc5"); +- EVP_add_cipher_alias(SN_rc5_cbc,"RC5"); ++ EVP_add_cipher(EVP_rc5_32_12_16_ecb()); ++ EVP_add_cipher(EVP_rc5_32_12_16_cfb()); ++ EVP_add_cipher(EVP_rc5_32_12_16_ofb()); ++ EVP_add_cipher(EVP_rc5_32_12_16_cbc()); ++ EVP_add_cipher_alias(SN_rc5_cbc, "rc5"); ++ EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); + #endif + + #ifndef OPENSSL_NO_AES +- EVP_add_cipher(EVP_aes_128_ecb()); +- EVP_add_cipher(EVP_aes_128_cbc()); +- EVP_add_cipher(EVP_aes_128_cfb()); +- EVP_add_cipher(EVP_aes_128_cfb1()); +- EVP_add_cipher(EVP_aes_128_cfb8()); +- EVP_add_cipher(EVP_aes_128_ofb()); +-#if 0 +- EVP_add_cipher(EVP_aes_128_ctr()); +-#endif +- EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); +- EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); +- EVP_add_cipher(EVP_aes_192_ecb()); +- EVP_add_cipher(EVP_aes_192_cbc()); +- EVP_add_cipher(EVP_aes_192_cfb()); +- EVP_add_cipher(EVP_aes_192_cfb1()); +- EVP_add_cipher(EVP_aes_192_cfb8()); +- EVP_add_cipher(EVP_aes_192_ofb()); +-#if 0 +- EVP_add_cipher(EVP_aes_192_ctr()); +-#endif +- EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); +- EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); +- EVP_add_cipher(EVP_aes_256_ecb()); +- EVP_add_cipher(EVP_aes_256_cbc()); +- EVP_add_cipher(EVP_aes_256_cfb()); +- EVP_add_cipher(EVP_aes_256_cfb1()); +- EVP_add_cipher(EVP_aes_256_cfb8()); +- EVP_add_cipher(EVP_aes_256_ofb()); +-#if 0 +- EVP_add_cipher(EVP_aes_256_ctr()); +-#endif +- EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); +- EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); ++ EVP_add_cipher(EVP_aes_128_ecb()); ++ EVP_add_cipher(EVP_aes_128_cbc()); ++ EVP_add_cipher(EVP_aes_128_cfb()); ++ EVP_add_cipher(EVP_aes_128_cfb1()); ++ EVP_add_cipher(EVP_aes_128_cfb8()); ++ EVP_add_cipher(EVP_aes_128_ofb()); ++# if 0 ++ EVP_add_cipher(EVP_aes_128_ctr()); ++# endif ++ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); ++ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); ++ EVP_add_cipher(EVP_aes_192_ecb()); ++ EVP_add_cipher(EVP_aes_192_cbc()); ++ EVP_add_cipher(EVP_aes_192_cfb()); ++ EVP_add_cipher(EVP_aes_192_cfb1()); ++ EVP_add_cipher(EVP_aes_192_cfb8()); ++ EVP_add_cipher(EVP_aes_192_ofb()); ++# if 0 ++ EVP_add_cipher(EVP_aes_192_ctr()); ++# endif ++ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); ++ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); ++ EVP_add_cipher(EVP_aes_256_ecb()); ++ EVP_add_cipher(EVP_aes_256_cbc()); ++ EVP_add_cipher(EVP_aes_256_cfb()); ++ EVP_add_cipher(EVP_aes_256_cfb1()); ++ EVP_add_cipher(EVP_aes_256_cfb8()); ++ EVP_add_cipher(EVP_aes_256_ofb()); ++# if 0 ++ EVP_add_cipher(EVP_aes_256_ctr()); ++# endif ++ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); ++ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); + #endif + + #ifndef OPENSSL_NO_CAMELLIA +- EVP_add_cipher(EVP_camellia_128_ecb()); +- EVP_add_cipher(EVP_camellia_128_cbc()); +- EVP_add_cipher(EVP_camellia_128_cfb()); +- EVP_add_cipher(EVP_camellia_128_cfb1()); +- EVP_add_cipher(EVP_camellia_128_cfb8()); +- EVP_add_cipher(EVP_camellia_128_ofb()); +- EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128"); +- EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128"); +- EVP_add_cipher(EVP_camellia_192_ecb()); +- EVP_add_cipher(EVP_camellia_192_cbc()); +- EVP_add_cipher(EVP_camellia_192_cfb()); +- EVP_add_cipher(EVP_camellia_192_cfb1()); +- EVP_add_cipher(EVP_camellia_192_cfb8()); +- EVP_add_cipher(EVP_camellia_192_ofb()); +- EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192"); +- EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192"); +- EVP_add_cipher(EVP_camellia_256_ecb()); +- EVP_add_cipher(EVP_camellia_256_cbc()); +- EVP_add_cipher(EVP_camellia_256_cfb()); +- EVP_add_cipher(EVP_camellia_256_cfb1()); +- EVP_add_cipher(EVP_camellia_256_cfb8()); +- EVP_add_cipher(EVP_camellia_256_ofb()); +- EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256"); +- EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256"); ++ EVP_add_cipher(EVP_camellia_128_ecb()); ++ EVP_add_cipher(EVP_camellia_128_cbc()); ++ EVP_add_cipher(EVP_camellia_128_cfb()); ++ EVP_add_cipher(EVP_camellia_128_cfb1()); ++ EVP_add_cipher(EVP_camellia_128_cfb8()); ++ EVP_add_cipher(EVP_camellia_128_ofb()); ++ EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128"); ++ EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128"); ++ EVP_add_cipher(EVP_camellia_192_ecb()); ++ EVP_add_cipher(EVP_camellia_192_cbc()); ++ EVP_add_cipher(EVP_camellia_192_cfb()); ++ EVP_add_cipher(EVP_camellia_192_cfb1()); ++ EVP_add_cipher(EVP_camellia_192_cfb8()); ++ EVP_add_cipher(EVP_camellia_192_ofb()); ++ EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192"); ++ EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192"); ++ EVP_add_cipher(EVP_camellia_256_ecb()); ++ EVP_add_cipher(EVP_camellia_256_cbc()); ++ EVP_add_cipher(EVP_camellia_256_cfb()); ++ EVP_add_cipher(EVP_camellia_256_cfb1()); ++ EVP_add_cipher(EVP_camellia_256_cfb8()); ++ EVP_add_cipher(EVP_camellia_256_ofb()); ++ EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); ++ EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); + #endif + +- PKCS12_PBE_add(); +- PKCS5_PBE_add(); +- } ++ PKCS12_PBE_add(); ++ PKCS5_PBE_add(); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +index e0841d1..ab17f7c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,49 +63,49 @@ + #include + + void OpenSSL_add_all_digests(void) +- { ++{ + #ifndef OPENSSL_NO_MD4 +- EVP_add_digest(EVP_md4()); ++ EVP_add_digest(EVP_md4()); + #endif + #ifndef OPENSSL_NO_MD5 +- EVP_add_digest(EVP_md5()); +- EVP_add_digest_alias(SN_md5,"ssl2-md5"); +- EVP_add_digest_alias(SN_md5,"ssl3-md5"); ++ EVP_add_digest(EVP_md5()); ++ EVP_add_digest_alias(SN_md5, "ssl2-md5"); ++ EVP_add_digest_alias(SN_md5, "ssl3-md5"); + #endif + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) +- EVP_add_digest(EVP_sha()); +-#ifndef OPENSSL_NO_DSA +- EVP_add_digest(EVP_dss()); +-#endif ++ EVP_add_digest(EVP_sha()); ++# ifndef OPENSSL_NO_DSA ++ EVP_add_digest(EVP_dss()); ++# endif + #endif + #ifndef OPENSSL_NO_SHA +- EVP_add_digest(EVP_sha1()); +- EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); +- EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); +-#ifndef OPENSSL_NO_DSA +- EVP_add_digest(EVP_dss1()); +- EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); +- EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); +- EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); +-#endif +-#ifndef OPENSSL_NO_ECDSA +- EVP_add_digest(EVP_ecdsa()); +-#endif ++ EVP_add_digest(EVP_sha1()); ++ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); ++ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); ++# ifndef OPENSSL_NO_DSA ++ EVP_add_digest(EVP_dss1()); ++ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); ++ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); ++ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); ++# endif ++# ifndef OPENSSL_NO_ECDSA ++ EVP_add_digest(EVP_ecdsa()); ++# endif + #endif + #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) +- EVP_add_digest(EVP_mdc2()); ++ EVP_add_digest(EVP_mdc2()); + #endif + #ifndef OPENSSL_NO_RIPEMD +- EVP_add_digest(EVP_ripemd160()); +- EVP_add_digest_alias(SN_ripemd160,"ripemd"); +- EVP_add_digest_alias(SN_ripemd160,"rmd160"); ++ EVP_add_digest(EVP_ripemd160()); ++ EVP_add_digest_alias(SN_ripemd160, "ripemd"); ++ EVP_add_digest_alias(SN_ripemd160, "rmd160"); + #endif + #ifndef OPENSSL_NO_SHA256 +- EVP_add_digest(EVP_sha224()); +- EVP_add_digest(EVP_sha256()); ++ EVP_add_digest(EVP_sha224()); ++ EVP_add_digest(EVP_sha256()); + #endif + #ifndef OPENSSL_NO_SHA512 +- EVP_add_digest(EVP_sha384()); +- EVP_add_digest(EVP_sha512()); ++ EVP_add_digest(EVP_sha384()); ++ EVP_add_digest(EVP_sha512()); + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c +index 64cdf93..a0a6bc0 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c ++++ b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -114,67 +114,63 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include "evp_locl.h" + + #ifndef OPENSSL_NO_ENGINE + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + +-static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) +- { +- if (*ptype) +- { +- /* Ensure an ENGINE left lying around from last time is cleared +- * (the previous check attempted to avoid this if the same +- * ENGINE and EVP_MD could be used). */ +- if(ctx->engine) +- ENGINE_finish(ctx->engine); +- if(impl) +- { +- if (!ENGINE_init(impl)) +- { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } +- else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_digest_engine((*ptype)->type); +- if(impl) +- { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); +- if(!d) +- { +- /* Same comment from evp_enc.c */ +- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- /* We'll use the ENGINE's private digest definition */ +- *ptype = d; +- /* Store the ENGINE functional reference so we know +- * 'type' came from an ENGINE and we need to release +- * it when done. */ +- ctx->engine = impl; +- } +- else +- ctx->engine = NULL; +- } +- else +- if(!ctx->digest) +- { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET); +- return 0; +- } +- return 1; +- } ++static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ++ ENGINE *impl) ++{ ++ if (*ptype) { ++ /* ++ * Ensure an ENGINE left lying around from last time is cleared (the ++ * previous check attempted to avoid this if the same ENGINE and ++ * EVP_MD could be used). ++ */ ++ if (ctx->engine) ++ ENGINE_finish(ctx->engine); ++ if (impl) { ++ if (!ENGINE_init(impl)) { ++ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, ++ EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } else ++ /* Ask if an ENGINE is reserved for this job */ ++ impl = ENGINE_get_digest_engine((*ptype)->type); ++ if (impl) { ++ /* There's an ENGINE for this job ... (apparently) */ ++ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); ++ if (!d) { ++ /* Same comment from evp_enc.c */ ++ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, ++ EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ /* We'll use the ENGINE's private digest definition */ ++ *ptype = d; ++ /* ++ * Store the ENGINE functional reference so we know 'type' came ++ * from an ENGINE and we need to release it when done. ++ */ ++ ctx->engine = impl; ++ } else ++ ctx->engine = NULL; ++ } else if (!ctx->digest) { ++ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, EVP_R_NO_DIGEST_SET); ++ return 0; ++ } ++ return 1; ++} + + void int_EVP_MD_init_engine_callbacks(void) +- { +- int_EVP_MD_set_engine_callbacks( +- ENGINE_init, ENGINE_finish, do_evp_md_engine_full); +- } +-#endif ++{ ++ int_EVP_MD_set_engine_callbacks(ENGINE_init, ENGINE_finish, ++ do_evp_md_engine_full); ++} ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c +index 10a3607..9f5ee7b 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/digest.c ++++ b/Cryptlib/OpenSSL/crypto/evp/digest.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -114,345 +114,347 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include "evp_locl.h" + + void EVP_MD_CTX_init(EVP_MD_CTX *ctx) +- { +- memset(ctx,'\0',sizeof *ctx); +- } ++{ ++ memset(ctx, '\0', sizeof *ctx); ++} + + EVP_MD_CTX *EVP_MD_CTX_create(void) +- { +- EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); ++{ ++ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + +- if (ctx) +- EVP_MD_CTX_init(ctx); ++ if (ctx) ++ EVP_MD_CTX_init(ctx); + +- return ctx; +- } ++ return ctx; ++} + + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) +- { +- EVP_MD_CTX_init(ctx); +- return EVP_DigestInit_ex(ctx, type, NULL); +- } ++{ ++ EVP_MD_CTX_init(ctx); ++ return EVP_DigestInit_ex(ctx, type, NULL); ++} + + #ifdef OPENSSL_FIPS + +-/* The purpose of these is to trap programs that attempt to use non FIPS ++/* ++ * The purpose of these is to trap programs that attempt to use non FIPS + * algorithms in FIPS mode and ignore the errors. + */ + + static int bad_init(EVP_MD_CTX *ctx) +- { FIPS_ERROR_IGNORED("Digest init"); return 0;} +- +-static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { FIPS_ERROR_IGNORED("Digest update"); return 0;} +- +-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) +- { FIPS_ERROR_IGNORED("Digest Final"); return 0;} +- +-static const EVP_MD bad_md = +- { +- 0, +- 0, +- 0, +- 0, +- bad_init, +- bad_update, +- bad_final, +- NULL, +- NULL, +- NULL, +- 0, +- {0,0,0,0}, +- }; ++{ ++ FIPS_ERROR_IGNORED("Digest init"); ++ return 0; ++} ++ ++static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ FIPS_ERROR_IGNORED("Digest update"); ++ return 0; ++} ++ ++static int bad_final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ FIPS_ERROR_IGNORED("Digest Final"); ++ return 0; ++} ++ ++static const EVP_MD bad_md = { ++ 0, ++ 0, ++ 0, ++ 0, ++ bad_init, ++ bad_update, ++ bad_final, ++ NULL, ++ NULL, ++ NULL, ++ 0, ++ {0, 0, 0, 0}, ++}; + + #endif + + #ifndef OPENSSL_NO_ENGINE + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS ++ ++static int do_engine_null(ENGINE *impl) ++{ ++ return 0; ++} + +-static int do_engine_null(ENGINE *impl) { return 0;} + static int do_evp_md_engine_null(EVP_MD_CTX *ctx, +- const EVP_MD **ptype, ENGINE *impl) +- { return 1; } ++ const EVP_MD **ptype, ENGINE *impl) ++{ ++ return 1; ++} + +-static int (*do_engine_init)(ENGINE *impl) +- = do_engine_null; ++static int (*do_engine_init) (ENGINE *impl) ++ = do_engine_null; + +-static int (*do_engine_finish)(ENGINE *impl) +- = do_engine_null; ++static int (*do_engine_finish) (ENGINE *impl) ++ = do_engine_null; + + static int (*do_evp_md_engine) +- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) +- = do_evp_md_engine_null; +- +-void int_EVP_MD_set_engine_callbacks( +- int (*eng_md_init)(ENGINE *impl), +- int (*eng_md_fin)(ENGINE *impl), +- int (*eng_md_evp) +- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) +- { +- do_engine_init = eng_md_init; +- do_engine_finish = eng_md_fin; +- do_evp_md_engine = eng_md_evp; +- } +- +-#else +- +-#define do_engine_init ENGINE_init +-#define do_engine_finish ENGINE_finish +- +-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) +- { +- if (*ptype) +- { +- /* Ensure an ENGINE left lying around from last time is cleared +- * (the previous check attempted to avoid this if the same +- * ENGINE and EVP_MD could be used). */ +- if(ctx->engine) +- ENGINE_finish(ctx->engine); +- if(impl) +- { +- if (!ENGINE_init(impl)) +- { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } +- else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_digest_engine((*ptype)->type); +- if(impl) +- { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); +- if(!d) +- { +- /* Same comment from evp_enc.c */ +- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); +- ENGINE_finish(impl); +- return 0; +- } +- /* We'll use the ENGINE's private digest definition */ +- *ptype = d; +- /* Store the ENGINE functional reference so we know +- * 'type' came from an ENGINE and we need to release +- * it when done. */ +- ctx->engine = impl; +- } +- else +- ctx->engine = NULL; +- } +- else +- if(!ctx->digest) +- { +- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); +- return 0; +- } +- return 1; +- } +- +-#endif ++ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) ++ = do_evp_md_engine_null; ++ ++void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl), ++ int (*eng_md_fin) (ENGINE *impl), ++ int (*eng_md_evp) ++ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ++ ENGINE *impl)) ++{ ++ do_engine_init = eng_md_init; ++ do_engine_finish = eng_md_fin; ++ do_evp_md_engine = eng_md_evp; ++} ++ ++# else ++ ++# define do_engine_init ENGINE_init ++# define do_engine_finish ENGINE_finish ++ ++static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ++ ENGINE *impl) ++{ ++ if (*ptype) { ++ /* ++ * Ensure an ENGINE left lying around from last time is cleared (the ++ * previous check attempted to avoid this if the same ENGINE and ++ * EVP_MD could be used). ++ */ ++ if (ctx->engine) ++ ENGINE_finish(ctx->engine); ++ if (impl) { ++ if (!ENGINE_init(impl)) { ++ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } else ++ /* Ask if an ENGINE is reserved for this job */ ++ impl = ENGINE_get_digest_engine((*ptype)->type); ++ if (impl) { ++ /* There's an ENGINE for this job ... (apparently) */ ++ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); ++ if (!d) { ++ /* Same comment from evp_enc.c */ ++ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR); ++ ENGINE_finish(impl); ++ return 0; ++ } ++ /* We'll use the ENGINE's private digest definition */ ++ *ptype = d; ++ /* ++ * Store the ENGINE functional reference so we know 'type' came ++ * from an ENGINE and we need to release it when done. ++ */ ++ ctx->engine = impl; ++ } else ++ ctx->engine = NULL; ++ } else if (!ctx->digest) { ++ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_NO_DIGEST_SET); ++ return 0; ++ } ++ return 1; ++} ++ ++# endif + + #endif + + int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +- { +- M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); ++{ ++ M_EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + #ifdef OPENSSL_FIPS +- if(FIPS_selftest_failed()) +- { +- FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); +- ctx->digest = &bad_md; +- return 0; +- } ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); ++ ctx->digest = &bad_md; ++ return 0; ++ } + #endif + #ifndef OPENSSL_NO_ENGINE +- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts +- * so this context may already have an ENGINE! Try to avoid releasing +- * the previous handle, re-querying for an ENGINE, and having a +- * reinitialisation, when it may all be unecessary. */ +- if (ctx->engine && ctx->digest && (!type || +- (type && (type->type == ctx->digest->type)))) +- goto skip_to_init; +- if (!do_evp_md_engine(ctx, &type, impl)) +- return 0; ++ /* ++ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so ++ * this context may already have an ENGINE! Try to avoid releasing the ++ * previous handle, re-querying for an ENGINE, and having a ++ * reinitialisation, when it may all be unecessary. ++ */ ++ if (ctx->engine && ctx->digest && (!type || ++ (type ++ && (type->type == ++ ctx->digest->type)))) ++ goto skip_to_init; ++ if (!do_evp_md_engine(ctx, &type, impl)) ++ return 0; + #endif +- if (ctx->digest != type) +- { ++ if (ctx->digest != type) { + #ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- { +- if (!(type->flags & EVP_MD_FLAG_FIPS) +- && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) +- { +- EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); +- ctx->digest = &bad_md; +- return 0; +- } +- } ++ if (FIPS_mode()) { ++ if (!(type->flags & EVP_MD_FLAG_FIPS) ++ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); ++ ctx->digest = &bad_md; ++ return 0; ++ } ++ } + #endif +- if (ctx->digest && ctx->digest->ctx_size) +- OPENSSL_free(ctx->md_data); +- ctx->digest=type; +- if (type->ctx_size) +- { +- ctx->md_data=OPENSSL_malloc(type->ctx_size); +- if (!ctx->md_data) +- { +- EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- } ++ if (ctx->digest && ctx->digest->ctx_size) ++ OPENSSL_free(ctx->md_data); ++ ctx->digest = type; ++ if (type->ctx_size) { ++ ctx->md_data = OPENSSL_malloc(type->ctx_size); ++ if (!ctx->md_data) { ++ EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ } + #ifndef OPENSSL_NO_ENGINE +- skip_to_init: ++ skip_to_init: + #endif +- return ctx->digest->init(ctx); +- } ++ return ctx->digest->init(ctx); ++} + +-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, +- size_t count) +- { ++int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ FIPS_selftest_check(); + #endif +- return ctx->digest->update(ctx,data,count); +- } ++ return ctx->digest->update(ctx, data, count); ++} + + /* The caller can assume that this removes any secret data from the context */ + int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) +- { +- int ret; +- ret = EVP_DigestFinal_ex(ctx, md, size); +- EVP_MD_CTX_cleanup(ctx); +- return ret; +- } ++{ ++ int ret; ++ ret = EVP_DigestFinal_ex(ctx, md, size); ++ EVP_MD_CTX_cleanup(ctx); ++ return ret; ++} + + /* The caller can assume that this removes any secret data from the context */ + int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) +- { +- int ret; ++{ ++ int ret; + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ FIPS_selftest_check(); + #endif + +- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); +- ret=ctx->digest->final(ctx,md); +- if (size != NULL) +- *size=ctx->digest->md_size; +- if (ctx->digest->cleanup) +- { +- ctx->digest->cleanup(ctx); +- M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +- } +- memset(ctx->md_data,0,ctx->digest->ctx_size); +- return ret; +- } ++ OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ++ ret = ctx->digest->final(ctx, md); ++ if (size != NULL) ++ *size = ctx->digest->md_size; ++ if (ctx->digest->cleanup) { ++ ctx->digest->cleanup(ctx); ++ M_EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); ++ } ++ memset(ctx->md_data, 0, ctx->digest->ctx_size); ++ return ret; ++} + + int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) +- { +- EVP_MD_CTX_init(out); +- return EVP_MD_CTX_copy_ex(out, in); +- } ++{ ++ EVP_MD_CTX_init(out); ++ return EVP_MD_CTX_copy_ex(out, in); ++} + + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) +- { +- unsigned char *tmp_buf; +- if ((in == NULL) || (in->digest == NULL)) +- { +- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED); +- return 0; +- } ++{ ++ unsigned char *tmp_buf; ++ if ((in == NULL) || (in->digest == NULL)) { ++ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED); ++ return 0; ++ } + #ifndef OPENSSL_NO_ENGINE +- /* Make sure it's safe to copy a digest context using an ENGINE */ +- if (in->engine && !do_engine_init(in->engine)) +- { +- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); +- return 0; +- } ++ /* Make sure it's safe to copy a digest context using an ENGINE */ ++ if (in->engine && !do_engine_init(in->engine)) { ++ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB); ++ return 0; ++ } + #endif + +- if (out->digest == in->digest) +- { +- tmp_buf = out->md_data; +- M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); +- } +- else tmp_buf = NULL; +- EVP_MD_CTX_cleanup(out); +- memcpy(out,in,sizeof *out); +- +- if (out->digest->ctx_size) +- { +- if (tmp_buf) +- out->md_data = tmp_buf; +- else +- { +- out->md_data=OPENSSL_malloc(out->digest->ctx_size); +- if (!out->md_data) +- { +- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- memcpy(out->md_data,in->md_data,out->digest->ctx_size); +- } +- +- if (out->digest->copy) +- return out->digest->copy(out,in); +- +- return 1; +- } ++ if (out->digest == in->digest) { ++ tmp_buf = out->md_data; ++ M_EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); ++ } else ++ tmp_buf = NULL; ++ EVP_MD_CTX_cleanup(out); ++ memcpy(out, in, sizeof *out); ++ ++ if (out->digest->ctx_size) { ++ if (tmp_buf) ++ out->md_data = tmp_buf; ++ else { ++ out->md_data = OPENSSL_malloc(out->digest->ctx_size); ++ if (!out->md_data) { ++ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ memcpy(out->md_data, in->md_data, out->digest->ctx_size); ++ } ++ ++ if (out->digest->copy) ++ return out->digest->copy(out, in); ++ ++ return 1; ++} + + int EVP_Digest(const void *data, size_t count, +- unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) +- { +- EVP_MD_CTX ctx; +- int ret; +- +- EVP_MD_CTX_init(&ctx); +- M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); +- ret=EVP_DigestInit_ex(&ctx, type, impl) +- && EVP_DigestUpdate(&ctx, data, count) +- && EVP_DigestFinal_ex(&ctx, md, size); +- EVP_MD_CTX_cleanup(&ctx); +- +- return ret; +- } ++ unsigned char *md, unsigned int *size, const EVP_MD *type, ++ ENGINE *impl) ++{ ++ EVP_MD_CTX ctx; ++ int ret; ++ ++ EVP_MD_CTX_init(&ctx); ++ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); ++ ret = EVP_DigestInit_ex(&ctx, type, impl) ++ && EVP_DigestUpdate(&ctx, data, count) ++ && EVP_DigestFinal_ex(&ctx, md, size); ++ EVP_MD_CTX_cleanup(&ctx); ++ ++ return ret; ++} + + void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +- { +- EVP_MD_CTX_cleanup(ctx); +- OPENSSL_free(ctx); +- } ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} + + /* This call frees resources associated with the context */ + int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +- { +- /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, +- * because sometimes only copies of the context are ever finalised. +- */ +- if (ctx->digest && ctx->digest->cleanup +- && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) +- ctx->digest->cleanup(ctx); +- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data +- && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) +- { +- OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); +- OPENSSL_free(ctx->md_data); +- } ++{ ++ /* ++ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because ++ * sometimes only copies of the context are ever finalised. ++ */ ++ if (ctx->digest && ctx->digest->cleanup ++ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ++ ctx->digest->cleanup(ctx); ++ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data ++ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { ++ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); ++ OPENSSL_free(ctx->md_data); ++ } + #ifndef OPENSSL_NO_ENGINE +- if(ctx->engine) +- /* The EVP_MD we used belongs to an ENGINE, release the +- * functional reference we held for this reason. */ +- do_engine_finish(ctx->engine); ++ if (ctx->engine) ++ /* ++ * The EVP_MD we used belongs to an ENGINE, release the functional ++ * reference we held for this reason. ++ */ ++ do_engine_finish(ctx->engine); + #endif +- memset(ctx,'\0',sizeof *ctx); ++ memset(ctx, '\0', sizeof *ctx); + +- return 1; +- } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +index c9a5ee8..5d08405 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +@@ -6,7 +6,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -50,68 +50,60 @@ + + #include + #ifndef OPENSSL_NO_AES +-#include +-#include +-#include +-#include +-#include +-#include "evp_locl.h" ++# include ++# include ++# include ++# include ++# include ++# include "evp_locl.h" + + static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + +-typedef struct +- { +- AES_KEY ks; +- } EVP_AES_KEY; ++typedef struct { ++ AES_KEY ks; ++} EVP_AES_KEY; + +-#define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) ++# define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) + + IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, +- NID_aes_128, 16, 16, 16, 128, +- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- aes_init_key, +- NULL, NULL, NULL, NULL) +-IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, +- NID_aes_192, 16, 24, 16, 128, +- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- aes_init_key, +- NULL, NULL, NULL, NULL) +-IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, +- NID_aes_256, 16, 32, 16, 128, +- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- aes_init_key, +- NULL, NULL, NULL, NULL) ++ NID_aes_128, 16, 16, 16, 128, ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, ++ aes_init_key, NULL, NULL, NULL, NULL) ++ IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, ++ NID_aes_192, 16, 24, 16, 128, ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, ++ aes_init_key, NULL, NULL, NULL, NULL) ++ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, ++ NID_aes_256, 16, 32, 16, 128, ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1, ++ aes_init_key, NULL, NULL, NULL, NULL) ++# define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) ++ IMPLEMENT_AES_CFBR(128, 1, EVP_CIPH_FLAG_FIPS) ++ IMPLEMENT_AES_CFBR(192, 1, EVP_CIPH_FLAG_FIPS) ++ IMPLEMENT_AES_CFBR(256, 1, EVP_CIPH_FLAG_FIPS) + +-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) +- +-IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) +-IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) +-IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) +- +-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) +-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) +-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) ++ IMPLEMENT_AES_CFBR(128, 8, EVP_CIPH_FLAG_FIPS) ++ IMPLEMENT_AES_CFBR(192, 8, EVP_CIPH_FLAG_FIPS) ++ IMPLEMENT_AES_CFBR(256, 8, EVP_CIPH_FLAG_FIPS) + + static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- int ret; ++ const unsigned char *iv, int enc) ++{ ++ int ret; + +- if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE +- || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE +- || enc) +- ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); +- else +- ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); ++ if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE ++ || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc) ++ ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); ++ else ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + +- if(ret < 0) +- { +- EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); +- return 0; +- } ++ if (ret < 0) { ++ EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); ++ return 0; ++ } + +- return 1; +- } ++ return 1; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c +index cc224e5..d6a0178 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_bf.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_bf.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,30 +59,29 @@ + #include + #include "cryptlib.h" + #ifndef OPENSSL_NO_BF +-#include +-#include "evp_locl.h" +-#include +-#include ++# include ++# include "evp_locl.h" ++# include ++# include + + static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + +-typedef struct +- { +- BF_KEY ks; +- } EVP_BF_KEY; ++typedef struct { ++ BF_KEY ks; ++} EVP_BF_KEY; + +-#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) ++# define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) + + IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, +- EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) +- ++ EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) ++ + static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); ++ return 1; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c +index d77bcd9..3f74548 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_cast.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_cast.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,31 +60,30 @@ + #include "cryptlib.h" + + #ifndef OPENSSL_NO_CAST +-#include +-#include +-#include "evp_locl.h" +-#include ++# include ++# include ++# include "evp_locl.h" ++# include + + static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); ++ ++typedef struct { ++ CAST_KEY ks; ++} EVP_CAST_KEY; + +-typedef struct +- { +- CAST_KEY ks; +- } EVP_CAST_KEY; ++# define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) + +-#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) ++IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, ++ NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, ++ EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + +-IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, +- NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, +- EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) +- + static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); ++ return 1; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c +index 04376df..e5b99ec 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_des.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,121 +59,124 @@ + #include + #include "cryptlib.h" + #ifndef OPENSSL_NO_DES +-#include +-#include +-#include "evp_locl.h" +-#include +-#include ++# include ++# include ++# include "evp_locl.h" ++# include ++# include + + static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); ++ const unsigned char *iv, int enc); + static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +-/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ ++/* ++ * Because of various casts and different names can't use ++ * IMPLEMENT_BLOCK_CIPHER ++ */ + + static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- BLOCK_CIPHER_ecb_loop() +- DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); +- return 1; ++ BLOCK_CIPHER_ecb_loop() ++ DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ++ ctx->cipher_data, ctx->encrypt); ++ return 1; + } + + static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); +- return 1; ++ DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num); ++ return 1; + } + + static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, +- (DES_cblock *)ctx->iv, ctx->encrypt); +- return 1; ++ DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); ++ return 1; + } + + static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, +- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); +- return 1; ++ DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); ++ return 1; + } + +-/* Although we have a CFB-r implementation for DES, it doesn't pack the right +- way, so wrap it here */ ++/* ++ * Although we have a CFB-r implementation for DES, it doesn't pack the right ++ * way, so wrap it here ++ */ + static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { ++ const unsigned char *in, unsigned int inl) ++{ + unsigned int n; +- unsigned char c[1],d[1]; +- +- for(n=0 ; n < inl ; ++n) +- { +- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; +- DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv, +- ctx->encrypt); +- out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); +- } +- return 1; ++ unsigned char c[1], d[1]; ++ ++ for (n = 0; n < inl; ++n) { ++ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; ++ DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, (DES_cblock *)ctx->iv, ++ ctx->encrypt); ++ out[n / 8] = ++ (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8)); + } ++ return 1; ++} + + static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { +- DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv, +- ctx->encrypt); ++ const unsigned char *in, unsigned int inl) ++{ ++ DES_cfb_encrypt(in, out, 8, inl, ctx->cipher_data, (DES_cblock *)ctx->iv, ++ ctx->encrypt); + return 1; +- } ++} + + BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, +- EVP_CIPH_RAND_KEY, +- des_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- des_ctrl) +- +-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, +- EVP_CIPH_RAND_KEY, +- des_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv,des_ctrl) +- +-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, +- EVP_CIPH_RAND_KEY, +- des_init_key,NULL, +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv,des_ctrl) ++ EVP_CIPH_RAND_KEY, ++ des_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) ++ ++ ++BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, ++ EVP_CIPH_RAND_KEY, ++ des_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) ++ ++BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, ++ EVP_CIPH_RAND_KEY, ++ des_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) + + static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- DES_cblock *deskey = (DES_cblock *)key; +-#ifdef EVP_CHECK_DES_KEY +- if(DES_set_key_checked(deskey,ctx->cipher_data) != 0) +- return 0; +-#else +- DES_set_key_unchecked(deskey,ctx->cipher_data); +-#endif +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ DES_cblock *deskey = (DES_cblock *)key; ++# ifdef EVP_CHECK_DES_KEY ++ if (DES_set_key_checked(deskey, ctx->cipher_data) != 0) ++ return 0; ++# else ++ DES_set_key_unchecked(deskey, ctx->cipher_data); ++# endif ++ return 1; ++} + + static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +- { +- +- switch(type) +- { +- case EVP_CTRL_RAND_KEY: +- if (RAND_bytes(ptr, 8) <= 0) +- return 0; +- DES_set_odd_parity((DES_cblock *)ptr); +- return 1; +- +- default: +- return -1; +- } +- } ++{ ++ ++ switch (type) { ++ case EVP_CTRL_RAND_KEY: ++ if (RAND_bytes(ptr, 8) <= 0) ++ return 0; ++ DES_set_odd_parity((DES_cblock *)ptr); ++ return 1; ++ ++ default: ++ return -1; ++ } ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +index f910af1..b80348b 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,212 +59,213 @@ + #include + #include "cryptlib.h" + #ifndef OPENSSL_NO_DES +-#include +-#include +-#include "evp_locl.h" +-#include +-#include ++# include ++# include ++# include "evp_locl.h" ++# include ++# include + + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + + static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + + static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +-typedef struct +- { +- DES_key_schedule ks1;/* key schedule */ +- DES_key_schedule ks2;/* key schedule (for ede) */ +- DES_key_schedule ks3;/* key schedule (for ede3) */ +- } DES_EDE_KEY; ++typedef struct { ++ DES_key_schedule ks1; /* key schedule */ ++ DES_key_schedule ks2; /* key schedule (for ede) */ ++ DES_key_schedule ks3; /* key schedule (for ede3) */ ++} DES_EDE_KEY; + +-#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) ++# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) + +-/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ ++/* ++ * Because of various casts and different args can't use ++ * IMPLEMENT_BLOCK_CIPHER ++ */ + + static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- BLOCK_CIPHER_ecb_loop() +- DES_ecb3_encrypt((const_DES_cblock *)(in + i), +- (DES_cblock *)(out + i), +- &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- ctx->encrypt); +- return 1; ++ BLOCK_CIPHER_ecb_loop() ++ DES_ecb3_encrypt((const_DES_cblock *)(in + i), ++ (DES_cblock *)(out + i), ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, ctx->encrypt); ++ return 1; + } + + static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- DES_ede3_ofb64_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, &ctx->num); +- return 1; ++ DES_ede3_ofb64_encrypt(in, out, (long)inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ++ (DES_cblock *)ctx->iv, &ctx->num); ++ return 1; + } + + static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +-#ifdef KSSL_DEBUG +- { ++# ifdef KSSL_DEBUG ++ { + int i; +- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len); +- printf("\t iv= "); +- for(i=0;i<8;i++) +- printf("%02X",ctx->iv[i]); +- printf("\n"); +- } +-#endif /* KSSL_DEBUG */ +- DES_ede3_cbc_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, ctx->encrypt); +- return 1; ++ printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ++ ctx->buf_len); ++ printf("\t iv= "); ++ for (i = 0; i < 8; i++) ++ printf("%02X", ctx->iv[i]); ++ printf("\n"); ++ } ++# endif /* KSSL_DEBUG */ ++ DES_ede3_cbc_encrypt(in, out, (long)inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ++ (DES_cblock *)ctx->iv, ctx->encrypt); ++ return 1; + } + + static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- DES_ede3_cfb64_encrypt(in, out, (long)inl, +- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, +- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); +- return 1; ++ DES_ede3_cfb64_encrypt(in, out, (long)inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ++ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); ++ return 1; + } + +-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right +- way, so wrap it here */ ++/* ++ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the ++ * right way, so wrap it here ++ */ + static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { ++ const unsigned char *in, unsigned int inl) ++{ + unsigned int n; +- unsigned char c[1],d[1]; ++ unsigned char c[1], d[1]; + +- for(n=0 ; n < inl ; ++n) +- { +- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0; +- DES_ede3_cfb_encrypt(c,d,1,1, +- &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, +- (DES_cblock *)ctx->iv,ctx->encrypt); +- out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8)); +- } ++ for (n = 0; n < inl; ++n) { ++ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; ++ DES_ede3_cfb_encrypt(c, d, 1, 1, ++ &data(ctx)->ks1, &data(ctx)->ks2, ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ ctx->encrypt); ++ out[n / 8] = ++ (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8)); ++ } + + return 1; +- } ++} + + static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { +- DES_ede3_cfb_encrypt(in,out,8,inl, +- &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3, +- (DES_cblock *)ctx->iv,ctx->encrypt); ++ const unsigned char *in, unsigned int inl) ++{ ++ DES_ede3_cfb_encrypt(in, out, 8, inl, ++ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; +- } ++} + + BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, +- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede_init_key, +- NULL, NULL, NULL, +- des3_ctrl) +- +-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher +-#define des_ede3_ofb_cipher des_ede_ofb_cipher +-#define des_ede3_cbc_cipher des_ede_cbc_cipher +-#define des_ede3_ecb_cipher des_ede_ecb_cipher ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL, ++ NULL, des3_ctrl) ++# define des_ede3_cfb64_cipher des_ede_cfb64_cipher ++# define des_ede3_ofb_cipher des_ede_ofb_cipher ++# define des_ede3_cbc_cipher des_ede_cbc_cipher ++# define des_ede3_ecb_cipher des_ede_ecb_cipher ++ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + +-BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, +- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, +- NULL, NULL, NULL, +- des3_ctrl) ++ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + +-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, +- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, +- NULL, NULL, NULL, +- des3_ctrl) +- +-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, +- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, +- NULL, NULL, NULL, +- des3_ctrl) ++ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- DES_cblock *deskey = (DES_cblock *)key; +-#ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) +- !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2)) +- return 0; +-#else +- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); +- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); +-#endif +- memcpy(&data(ctx)->ks3,&data(ctx)->ks1, +- sizeof(data(ctx)->ks1)); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ DES_cblock *deskey = (DES_cblock *)key; ++# ifdef EVP_CHECK_DES_KEY ++ if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) ++ ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2)) ++ return 0; ++# else ++ DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); ++ DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); ++# endif ++ memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1)); ++ return 1; ++} + + static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- DES_cblock *deskey = (DES_cblock *)key; +-#ifdef KSSL_DEBUG +- { ++ const unsigned char *iv, int enc) ++{ ++ DES_cblock *deskey = (DES_cblock *)key; ++# ifdef KSSL_DEBUG ++ { + int i; + printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); +- printf("\tKEY= "); +- for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); +- printf("\t IV= "); +- for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); +- } +-#endif /* KSSL_DEBUG */ ++ printf("\tKEY= "); ++ for (i = 0; i < 24; i++) ++ printf("%02X", key[i]); ++ printf("\n"); ++ printf("\t IV= "); ++ for (i = 0; i < 8; i++) ++ printf("%02X", iv[i]); ++ printf("\n"); ++ } ++# endif /* KSSL_DEBUG */ + +-#ifdef EVP_CHECK_DES_KEY +- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1) +- || DES_set_key_checked(&deskey[1],&data(ctx)->ks2) +- || DES_set_key_checked(&deskey[2],&data(ctx)->ks3)) +- return 0; +-#else +- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); +- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); +- DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); +-#endif +- return 1; +- } ++# ifdef EVP_CHECK_DES_KEY ++ if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1) ++ || DES_set_key_checked(&deskey[1], &data(ctx)->ks2) ++ || DES_set_key_checked(&deskey[2], &data(ctx)->ks3)) ++ return 0; ++# else ++ DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); ++ DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); ++ DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); ++# endif ++ return 1; ++} + + static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +- { ++{ + +- DES_cblock *deskey = ptr; ++ DES_cblock *deskey = ptr; + +- switch(type) +- { +- case EVP_CTRL_RAND_KEY: +- if (RAND_bytes(ptr, c->key_len) <= 0) +- return 0; +- DES_set_odd_parity(deskey); +- if (c->key_len >= 16) +- DES_set_odd_parity(deskey + 1); +- if (c->key_len >= 24) +- DES_set_odd_parity(deskey + 2); +- return 1; ++ switch (type) { ++ case EVP_CTRL_RAND_KEY: ++ if (RAND_bytes(ptr, c->key_len) <= 0) ++ return 0; ++ DES_set_odd_parity(deskey); ++ if (c->key_len >= 16) ++ DES_set_odd_parity(deskey + 1); ++ if (c->key_len >= 24) ++ DES_set_odd_parity(deskey + 2); ++ return 1; + +- default: +- return -1; +- } +- } ++ default: ++ return -1; ++ } ++} + + const EVP_CIPHER *EVP_des_ede(void) + { +- return &des_ede_ecb; ++ return &des_ede_ecb; + } + + const EVP_CIPHER *EVP_des_ede3(void) + { +- return &des_ede3_ecb; ++ return &des_ede3_ecb; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +index 48c33a7..035034b 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,59 +60,60 @@ + #include "cryptlib.h" + + #ifndef OPENSSL_NO_IDEA +-#include +-#include +-#include "evp_locl.h" +-#include ++# include ++# include ++# include "evp_locl.h" ++# include + + static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + +-/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special +- * case ++/* ++ * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a ++ * special case + */ + + static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) ++ const unsigned char *in, unsigned int inl) + { +- BLOCK_CIPHER_ecb_loop() +- idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); +- return 1; ++ BLOCK_CIPHER_ecb_loop() ++ idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); ++ return 1; + } + + /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ + +-typedef struct +- { +- IDEA_KEY_SCHEDULE ks; +- } EVP_IDEA_KEY; ++typedef struct { ++ IDEA_KEY_SCHEDULE ks; ++} EVP_IDEA_KEY; + + BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) +-BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) +-BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) ++ BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) ++ BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) + +-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, +- 0, idea_init_key, NULL, +- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) ++ BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, ++ 0, idea_init_key, NULL, ++ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + + static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- if(!enc) { +- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; +- else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; +- } +- if (enc) idea_set_encrypt_key(key,ctx->cipher_data); +- else +- { +- IDEA_KEY_SCHEDULE tmp; ++ const unsigned char *iv, int enc) ++{ ++ if (!enc) { ++ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) ++ enc = 1; ++ else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) ++ enc = 1; ++ } ++ if (enc) ++ idea_set_encrypt_key(key, ctx->cipher_data); ++ else { ++ IDEA_KEY_SCHEDULE tmp; + +- idea_set_encrypt_key(key,&tmp); +- idea_set_decrypt_key(&tmp,ctx->cipher_data); +- OPENSSL_cleanse((unsigned char *)&tmp, +- sizeof(IDEA_KEY_SCHEDULE)); +- } +- return 1; +- } ++ idea_set_encrypt_key(key, &tmp); ++ idea_set_decrypt_key(&tmp, ctx->cipher_data); ++ OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); ++ } ++ return 1; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c +index 0872d73..13e359c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_null.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,41 +62,39 @@ + #include + + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); +-static const EVP_CIPHER n_cipher= +- { +- NID_undef, +- 1,0,0, +- EVP_CIPH_FLAG_FIPS, +- null_init_key, +- null_cipher, +- NULL, +- 0, +- NULL, +- NULL, +- NULL, +- NULL +- }; ++ const unsigned char *in, unsigned int inl); ++static const EVP_CIPHER n_cipher = { ++ NID_undef, ++ 1, 0, 0, ++ EVP_CIPH_FLAG_FIPS, ++ null_init_key, ++ null_cipher, ++ NULL, ++ 0, ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; + + const EVP_CIPHER *EVP_enc_null(void) +- { +- return(&n_cipher); +- } ++{ ++ return (&n_cipher); ++} + + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- /* memset(&(ctx->c),0,sizeof(ctx->c));*/ +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ /* memset(&(ctx->c),0,sizeof(ctx->c)); */ ++ return 1; ++} + + static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { +- if (in != out) +- memcpy((char *)out,(const char *)in,(size_t)inl); +- return 1; +- } +- ++ const unsigned char *in, unsigned int inl) ++{ ++ if (in != out) ++ memcpy((char *)out, (const char *)in, (size_t)inl); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c +index 1642af4..c93f5a5 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_old.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c +@@ -1,6 +1,7 @@ + /* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,66 +61,104 @@ + static void *dummy = &dummy; + #else + +-#include ++# include + +-/* Define some deprecated functions, so older programs +- don't crash and burn too quickly. On Windows and VMS, +- these will never be used, since functions and variables +- in shared libraries are selected by entry point location, +- not by name. */ ++/* ++ * Define some deprecated functions, so older programs don't crash and burn ++ * too quickly. On Windows and VMS, these will never be used, since ++ * functions and variables in shared libraries are selected by entry point ++ * location, not by name. ++ */ + +-#ifndef OPENSSL_NO_BF +-#undef EVP_bf_cfb ++# ifndef OPENSSL_NO_BF ++# undef EVP_bf_cfb + const EVP_CIPHER *EVP_bf_cfb(void); +-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); } +-#endif ++const EVP_CIPHER *EVP_bf_cfb(void) ++{ ++ return EVP_bf_cfb64(); ++} ++# endif + +-#ifndef OPENSSL_NO_DES +-#undef EVP_des_cfb ++# ifndef OPENSSL_NO_DES ++# undef EVP_des_cfb + const EVP_CIPHER *EVP_des_cfb(void); +-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); } +-#undef EVP_des_ede3_cfb ++const EVP_CIPHER *EVP_des_cfb(void) ++{ ++ return EVP_des_cfb64(); ++} ++ ++# undef EVP_des_ede3_cfb + const EVP_CIPHER *EVP_des_ede3_cfb(void); +-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); } +-#undef EVP_des_ede_cfb ++const EVP_CIPHER *EVP_des_ede3_cfb(void) ++{ ++ return EVP_des_ede3_cfb64(); ++} ++ ++# undef EVP_des_ede_cfb + const EVP_CIPHER *EVP_des_ede_cfb(void); +-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); } +-#endif ++const EVP_CIPHER *EVP_des_ede_cfb(void) ++{ ++ return EVP_des_ede_cfb64(); ++} ++# endif + +-#ifndef OPENSSL_NO_IDEA +-#undef EVP_idea_cfb ++# ifndef OPENSSL_NO_IDEA ++# undef EVP_idea_cfb + const EVP_CIPHER *EVP_idea_cfb(void); +-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); } +-#endif ++const EVP_CIPHER *EVP_idea_cfb(void) ++{ ++ return EVP_idea_cfb64(); ++} ++# endif + +-#ifndef OPENSSL_NO_RC2 +-#undef EVP_rc2_cfb ++# ifndef OPENSSL_NO_RC2 ++# undef EVP_rc2_cfb + const EVP_CIPHER *EVP_rc2_cfb(void); +-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); } +-#endif ++const EVP_CIPHER *EVP_rc2_cfb(void) ++{ ++ return EVP_rc2_cfb64(); ++} ++# endif + +-#ifndef OPENSSL_NO_CAST +-#undef EVP_cast5_cfb ++# ifndef OPENSSL_NO_CAST ++# undef EVP_cast5_cfb + const EVP_CIPHER *EVP_cast5_cfb(void); +-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); } +-#endif ++const EVP_CIPHER *EVP_cast5_cfb(void) ++{ ++ return EVP_cast5_cfb64(); ++} ++# endif + +-#ifndef OPENSSL_NO_RC5 +-#undef EVP_rc5_32_12_16_cfb ++# ifndef OPENSSL_NO_RC5 ++# undef EVP_rc5_32_12_16_cfb + const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); +-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); } +-#endif ++const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) ++{ ++ return EVP_rc5_32_12_16_cfb64(); ++} ++# endif + +-#ifndef OPENSSL_NO_AES +-#undef EVP_aes_128_cfb ++# ifndef OPENSSL_NO_AES ++# undef EVP_aes_128_cfb + const EVP_CIPHER *EVP_aes_128_cfb(void); +-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); } +-#undef EVP_aes_192_cfb ++const EVP_CIPHER *EVP_aes_128_cfb(void) ++{ ++ return EVP_aes_128_cfb128(); ++} ++ ++# undef EVP_aes_192_cfb + const EVP_CIPHER *EVP_aes_192_cfb(void); +-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); } +-#undef EVP_aes_256_cfb ++const EVP_CIPHER *EVP_aes_192_cfb(void) ++{ ++ return EVP_aes_192_cfb128(); ++} ++ ++# undef EVP_aes_256_cfb + const EVP_CIPHER *EVP_aes_256_cfb(void); +-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); } +-#endif ++const EVP_CIPHER *EVP_aes_256_cfb(void) ++{ ++ return EVP_aes_256_cfb128(); ++} ++# endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +index d37726f..2990f91 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,172 +61,170 @@ + + #ifndef OPENSSL_NO_RC2 + +-#include +-#include +-#include "evp_locl.h" +-#include ++# include ++# include ++# include "evp_locl.h" ++# include + + static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); + static int rc2_magic_to_meth(int i); + static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); + static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +-typedef struct +- { +- int key_bits; /* effective key bits */ +- RC2_KEY ks; /* key schedule */ +- } EVP_RC2_KEY; ++typedef struct { ++ int key_bits; /* effective key bits */ ++ RC2_KEY ks; /* key schedule */ ++} EVP_RC2_KEY; + +-#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) ++# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) + + IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, +- 8, +- RC2_KEY_LENGTH, 8, 64, +- EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, +- rc2_init_key, NULL, +- rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, +- rc2_ctrl) +- +-#define RC2_40_MAGIC 0xa0 +-#define RC2_64_MAGIC 0x78 +-#define RC2_128_MAGIC 0x3a +- +-static const EVP_CIPHER r2_64_cbc_cipher= +- { +- NID_rc2_64_cbc, +- 8,8 /* 64 bit */,8, +- EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, +- rc2_init_key, +- rc2_cbc_cipher, +- NULL, +- sizeof(EVP_RC2_KEY), +- rc2_set_asn1_type_and_iv, +- rc2_get_asn1_type_and_iv, +- rc2_ctrl, +- NULL +- }; +- +-static const EVP_CIPHER r2_40_cbc_cipher= +- { +- NID_rc2_40_cbc, +- 8,5 /* 40 bit */,8, +- EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, +- rc2_init_key, +- rc2_cbc_cipher, +- NULL, +- sizeof(EVP_RC2_KEY), +- rc2_set_asn1_type_and_iv, +- rc2_get_asn1_type_and_iv, +- rc2_ctrl, +- NULL +- }; ++ 8, ++ RC2_KEY_LENGTH, 8, 64, ++ EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, ++ rc2_init_key, NULL, ++ rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, ++ rc2_ctrl) ++# define RC2_40_MAGIC 0xa0 ++# define RC2_64_MAGIC 0x78 ++# define RC2_128_MAGIC 0x3a ++static const EVP_CIPHER r2_64_cbc_cipher = { ++ NID_rc2_64_cbc, ++ 8, 8 /* 64 bit */ , 8, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, ++ rc2_init_key, ++ rc2_cbc_cipher, ++ NULL, ++ sizeof(EVP_RC2_KEY), ++ rc2_set_asn1_type_and_iv, ++ rc2_get_asn1_type_and_iv, ++ rc2_ctrl, ++ NULL ++}; ++ ++static const EVP_CIPHER r2_40_cbc_cipher = { ++ NID_rc2_40_cbc, ++ 8, 5 /* 40 bit */ , 8, ++ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, ++ rc2_init_key, ++ rc2_cbc_cipher, ++ NULL, ++ sizeof(EVP_RC2_KEY), ++ rc2_set_asn1_type_and_iv, ++ rc2_get_asn1_type_and_iv, ++ rc2_ctrl, ++ NULL ++}; + + const EVP_CIPHER *EVP_rc2_64_cbc(void) +- { +- return(&r2_64_cbc_cipher); +- } ++{ ++ return (&r2_64_cbc_cipher); ++} + + const EVP_CIPHER *EVP_rc2_40_cbc(void) +- { +- return(&r2_40_cbc_cipher); +- } +- ++{ ++ return (&r2_40_cbc_cipher); ++} ++ + static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), +- key,data(ctx)->key_bits); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), ++ key, data(ctx)->key_bits); ++ return 1; ++} + + static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) +- { +- int i; +- +- EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); +- if (i == 128) return(RC2_128_MAGIC); +- else if (i == 64) return(RC2_64_MAGIC); +- else if (i == 40) return(RC2_40_MAGIC); +- else return(0); +- } ++{ ++ int i; ++ ++ EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); ++ if (i == 128) ++ return (RC2_128_MAGIC); ++ else if (i == 64) ++ return (RC2_64_MAGIC); ++ else if (i == 40) ++ return (RC2_40_MAGIC); ++ else ++ return (0); ++} + + static int rc2_magic_to_meth(int i) +- { +- if (i == RC2_128_MAGIC) return 128; +- else if (i == RC2_64_MAGIC) return 64; +- else if (i == RC2_40_MAGIC) return 40; +- else +- { +- EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE); +- return(0); +- } +- } ++{ ++ if (i == RC2_128_MAGIC) ++ return 128; ++ else if (i == RC2_64_MAGIC) ++ return 64; ++ else if (i == RC2_40_MAGIC) ++ return 40; ++ else { ++ EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE); ++ return (0); ++ } ++} + + static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +- { +- long num=0; +- int i=0; +- int key_bits; +- unsigned int l; +- unsigned char iv[EVP_MAX_IV_LENGTH]; +- +- if (type != NULL) +- { +- l=EVP_CIPHER_CTX_iv_length(c); +- OPENSSL_assert(l <= sizeof(iv)); +- i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); +- if (i != (int)l) +- return(-1); +- key_bits =rc2_magic_to_meth((int)num); +- if (!key_bits) +- return(-1); +- if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); +- EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); +- EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); +- } +- return(i); +- } ++{ ++ long num = 0; ++ int i = 0; ++ int key_bits; ++ unsigned int l; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ ++ if (type != NULL) { ++ l = EVP_CIPHER_CTX_iv_length(c); ++ OPENSSL_assert(l <= sizeof(iv)); ++ i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); ++ if (i != (int)l) ++ return (-1); ++ key_bits = rc2_magic_to_meth((int)num); ++ if (!key_bits) ++ return (-1); ++ if (i > 0) ++ EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); ++ EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); ++ EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); ++ } ++ return (i); ++} + + static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +- { +- long num; +- int i=0,j; +- +- if (type != NULL) +- { +- num=rc2_meth_to_magic(c); +- j=EVP_CIPHER_CTX_iv_length(c); +- i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j); +- } +- return(i); +- } ++{ ++ long num; ++ int i = 0, j; ++ ++ if (type != NULL) { ++ num = rc2_meth_to_magic(c); ++ j = EVP_CIPHER_CTX_iv_length(c); ++ i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); ++ } ++ return (i); ++} + + static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +- { +- switch(type) +- { +- case EVP_CTRL_INIT: +- data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; +- return 1; +- +- case EVP_CTRL_GET_RC2_KEY_BITS: +- *(int *)ptr = data(c)->key_bits; +- return 1; +- +- case EVP_CTRL_SET_RC2_KEY_BITS: +- if(arg > 0) +- { +- data(c)->key_bits = arg; +- return 1; +- } +- return 0; +- +- default: +- return -1; +- } +- } ++{ ++ switch (type) { ++ case EVP_CTRL_INIT: ++ data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; ++ return 1; ++ ++ case EVP_CTRL_GET_RC2_KEY_BITS: ++ *(int *)ptr = data(c)->key_bits; ++ return 1; ++ ++ case EVP_CTRL_SET_RC2_KEY_BITS: ++ if (arg > 0) { ++ data(c)->key_bits = arg; ++ return 1; ++ } ++ return 0; ++ ++ default: ++ return -1; ++ } ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +index 55baad7..544cc25 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,77 +61,73 @@ + + #ifndef OPENSSL_NO_RC4 + +-#include +-#include +-#include +-#include "evp_locl.h" ++# include ++# include ++# include ++# include "evp_locl.h" + + /* FIXME: surely this is available elsewhere? */ +-#define EVP_RC4_KEY_SIZE 16 ++# define EVP_RC4_KEY_SIZE 16 + +-typedef struct +- { +- RC4_KEY ks; /* working key */ +- } EVP_RC4_KEY; ++typedef struct { ++ RC4_KEY ks; /* working key */ ++} EVP_RC4_KEY; + +-#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) ++# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) + + static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); +-static const EVP_CIPHER r4_cipher= +- { +- NID_rc4, +- 1,EVP_RC4_KEY_SIZE,0, +- EVP_CIPH_VARIABLE_LENGTH, +- rc4_init_key, +- rc4_cipher, +- NULL, +- sizeof(EVP_RC4_KEY), +- NULL, +- NULL, +- NULL, +- NULL +- }; ++ const unsigned char *in, unsigned int inl); ++static const EVP_CIPHER r4_cipher = { ++ NID_rc4, ++ 1, EVP_RC4_KEY_SIZE, 0, ++ EVP_CIPH_VARIABLE_LENGTH, ++ rc4_init_key, ++ rc4_cipher, ++ NULL, ++ sizeof(EVP_RC4_KEY), ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; + +-static const EVP_CIPHER r4_40_cipher= +- { +- NID_rc4_40, +- 1,5 /* 40 bit */,0, +- EVP_CIPH_VARIABLE_LENGTH, +- rc4_init_key, +- rc4_cipher, +- NULL, +- sizeof(EVP_RC4_KEY), +- NULL, +- NULL, +- NULL, +- NULL +- }; ++static const EVP_CIPHER r4_40_cipher = { ++ NID_rc4_40, ++ 1, 5 /* 40 bit */ , 0, ++ EVP_CIPH_VARIABLE_LENGTH, ++ rc4_init_key, ++ rc4_cipher, ++ NULL, ++ sizeof(EVP_RC4_KEY), ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; + + const EVP_CIPHER *EVP_rc4(void) +- { +- return(&r4_cipher); +- } ++{ ++ return (&r4_cipher); ++} + + const EVP_CIPHER *EVP_rc4_40(void) +- { +- return(&r4_40_cipher); +- } ++{ ++ return (&r4_40_cipher); ++} + + static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), +- key); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); ++ return 1; ++} + + static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { +- RC4(&data(ctx)->ks,inl,in,out); +- return 1; +- } ++ const unsigned char *in, unsigned int inl) ++{ ++ RC4(&data(ctx)->ks, inl, in, out); ++ return 1; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +index 19a10c6..f17e99d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,66 +61,62 @@ + + #ifndef OPENSSL_NO_RC5 + +-#include +-#include +-#include "evp_locl.h" +-#include ++# include ++# include ++# include "evp_locl.h" ++# include + + static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +-typedef struct +- { +- int rounds; /* number of rounds */ +- RC5_32_KEY ks; /* key schedule */ +- } EVP_RC5_KEY; ++typedef struct { ++ int rounds; /* number of rounds */ ++ RC5_32_KEY ks; /* key schedule */ ++} EVP_RC5_KEY; + +-#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) ++# define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) + + IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, +- 8, RC5_32_KEY_LENGTH, 8, 64, +- EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, +- r_32_12_16_init_key, NULL, +- NULL, NULL, rc5_ctrl) ++ 8, RC5_32_KEY_LENGTH, 8, 64, ++ EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, ++ r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) + + static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +- { +- switch(type) +- { +- case EVP_CTRL_INIT: +- data(c)->rounds = RC5_12_ROUNDS; +- return 1; ++{ ++ switch (type) { ++ case EVP_CTRL_INIT: ++ data(c)->rounds = RC5_12_ROUNDS; ++ return 1; ++ ++ case EVP_CTRL_GET_RC5_ROUNDS: ++ *(int *)ptr = data(c)->rounds; ++ return 1; + +- case EVP_CTRL_GET_RC5_ROUNDS: +- *(int *)ptr = data(c)->rounds; +- return 1; +- +- case EVP_CTRL_SET_RC5_ROUNDS: +- switch(arg) +- { +- case RC5_8_ROUNDS: +- case RC5_12_ROUNDS: +- case RC5_16_ROUNDS: +- data(c)->rounds = arg; +- return 1; ++ case EVP_CTRL_SET_RC5_ROUNDS: ++ switch (arg) { ++ case RC5_8_ROUNDS: ++ case RC5_12_ROUNDS: ++ case RC5_16_ROUNDS: ++ data(c)->rounds = arg; ++ return 1; + +- default: +- EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); +- return 0; +- } ++ default: ++ EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); ++ return 0; ++ } + +- default: +- return -1; +- } +- } ++ default: ++ return -1; ++ } ++} + + static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), +- key,data(ctx)->rounds); +- return 1; +- } ++ const unsigned char *iv, int enc) ++{ ++ RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), ++ key, data(ctx)->rounds); ++ return 1; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +index 8832da2..105967f 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,65 +61,60 @@ + + #ifndef OPENSSL_NO_DES + +-#include +-#include +-#include ++# include ++# include ++# include + + static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv,int enc); ++ const unsigned char *iv, int enc); + static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl); +- ++ const unsigned char *in, unsigned int inl); + +-typedef struct +- { +- DES_key_schedule ks;/* key schedule */ ++typedef struct { ++ DES_key_schedule ks; /* key schedule */ + DES_cblock inw; + DES_cblock outw; +- } DESX_CBC_KEY; ++} DESX_CBC_KEY; + +-#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) ++# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) + +-static const EVP_CIPHER d_xcbc_cipher= +- { +- NID_desx_cbc, +- 8,24,8, +- EVP_CIPH_CBC_MODE, +- desx_cbc_init_key, +- desx_cbc_cipher, +- NULL, +- sizeof(DESX_CBC_KEY), +- EVP_CIPHER_set_asn1_iv, +- EVP_CIPHER_get_asn1_iv, +- NULL, +- NULL +- }; ++static const EVP_CIPHER d_xcbc_cipher = { ++ NID_desx_cbc, ++ 8, 24, 8, ++ EVP_CIPH_CBC_MODE, ++ desx_cbc_init_key, ++ desx_cbc_cipher, ++ NULL, ++ sizeof(DESX_CBC_KEY), ++ EVP_CIPHER_set_asn1_iv, ++ EVP_CIPHER_get_asn1_iv, ++ NULL, ++ NULL ++}; + + const EVP_CIPHER *EVP_desx_cbc(void) +- { +- return(&d_xcbc_cipher); +- } +- ++{ ++ return (&d_xcbc_cipher); ++} ++ + static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { +- DES_cblock *deskey = (DES_cblock *)key; ++ const unsigned char *iv, int enc) ++{ ++ DES_cblock *deskey = (DES_cblock *)key; + +- DES_set_key_unchecked(deskey,&data(ctx)->ks); +- memcpy(&data(ctx)->inw[0],&key[8],8); +- memcpy(&data(ctx)->outw[0],&key[16],8); ++ DES_set_key_unchecked(deskey, &data(ctx)->ks); ++ memcpy(&data(ctx)->inw[0], &key[8], 8); ++ memcpy(&data(ctx)->outw[0], &key[16], 8); + +- return 1; +- } ++ return 1; ++} + + static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { +- DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, +- (DES_cblock *)&(ctx->iv[0]), +- &data(ctx)->inw, +- &data(ctx)->outw, +- ctx->encrypt); +- return 1; +- } ++ const unsigned char *in, unsigned int inl) ++{ ++ DES_xcbc_encrypt(in, out, inl, &data(ctx)->ks, ++ (DES_cblock *)&(ctx->iv[0]), ++ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); ++ return 1; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c +index a8c176f..77e0126 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/enc_min.c ++++ b/Cryptlib/OpenSSL/crypto/evp/enc_min.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,330 +62,349 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include "evp_locl.h" + + void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) +- { ++{ + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ FIPS_selftest_check(); + #endif +- memset(ctx,0,sizeof(EVP_CIPHER_CTX)); +- /* ctx->cipher=NULL; */ +- } ++ memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); ++ /* ctx->cipher=NULL; */ ++} + + #ifdef OPENSSL_FIPS + +-/* The purpose of these is to trap programs that attempt to use non FIPS ++/* ++ * The purpose of these is to trap programs that attempt to use non FIPS + * algorithms in FIPS mode and ignore the errors. + */ + + static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +- { FIPS_ERROR_IGNORED("Cipher init"); return 0;} ++ const unsigned char *iv, int enc) ++{ ++ FIPS_ERROR_IGNORED("Cipher init"); ++ return 0; ++} + + static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, unsigned int inl) +- { FIPS_ERROR_IGNORED("Cipher update"); return 0;} ++ const unsigned char *in, unsigned int inl) ++{ ++ FIPS_ERROR_IGNORED("Cipher update"); ++ return 0; ++} + + /* NB: no cleanup because it is allowed after failed init */ + + static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) +- { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;} ++{ ++ FIPS_ERROR_IGNORED("Cipher set_asn1"); ++ return 0; ++} ++ + static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ) +- { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;} ++{ ++ FIPS_ERROR_IGNORED("Cipher get_asn1"); ++ return 0; ++} ++ + static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +- { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;} +- +-static const EVP_CIPHER bad_cipher = +- { +- 0, +- 0, +- 0, +- 0, +- 0, +- bad_init, +- bad_do_cipher, +- NULL, +- 0, +- bad_set_asn1, +- bad_get_asn1, +- bad_ctrl, +- NULL +- }; ++{ ++ FIPS_ERROR_IGNORED("Cipher ctrl"); ++ return 0; ++} ++ ++static const EVP_CIPHER bad_cipher = { ++ 0, ++ 0, ++ 0, ++ 0, ++ 0, ++ bad_init, ++ bad_do_cipher, ++ NULL, ++ 0, ++ bad_set_asn1, ++ bad_get_asn1, ++ bad_ctrl, ++ NULL ++}; + + #endif + + #ifndef OPENSSL_NO_ENGINE + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS ++ ++static int do_engine_null(ENGINE *impl) ++{ ++ return 0; ++} + +-static int do_engine_null(ENGINE *impl) { return 0;} + static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER **pciph, ENGINE *impl) +- { return 1; } ++ const EVP_CIPHER **pciph, ENGINE *impl) ++{ ++ return 1; ++} + +-static int (*do_engine_finish)(ENGINE *impl) +- = do_engine_null; ++static int (*do_engine_finish) (ENGINE *impl) ++ = do_engine_null; + + static int (*do_evp_enc_engine) +- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl) +- = do_evp_enc_engine_null; +- +-void int_EVP_CIPHER_set_engine_callbacks( +- int (*eng_ciph_fin)(ENGINE *impl), +- int (*eng_ciph_evp) +- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)) +- { +- do_engine_finish = eng_ciph_fin; +- do_evp_enc_engine = eng_ciph_evp; +- } +- +-#else +- +-#define do_engine_finish ENGINE_finish +- +-static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) +- { +- if(impl) +- { +- if (!ENGINE_init(impl)) +- { +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } +- else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_cipher_engine((*pcipher)->nid); +- if(impl) +- { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); +- if(!c) +- { +- /* One positive side-effect of US's export +- * control history, is that we should at least +- * be able to avoid using US mispellings of +- * "initialisation"? */ +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- /* We'll use the ENGINE's private cipher definition */ +- *pcipher = c; +- /* Store the ENGINE functional reference so we know +- * 'cipher' came from an ENGINE and we need to release +- * it when done. */ +- ctx->engine = impl; +- } +- else +- ctx->engine = NULL; +- return 1; +- } ++ (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl) ++ = do_evp_enc_engine_null; ++ ++void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl), ++ int (*eng_ciph_evp) ++ (EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER **pciph, ++ ENGINE *impl)) ++{ ++ do_engine_finish = eng_ciph_fin; ++ do_evp_enc_engine = eng_ciph_evp; ++} + +-#endif ++# else ++ ++# define do_engine_finish ENGINE_finish ++ ++static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ++ ENGINE *impl) ++{ ++ if (impl) { ++ if (!ENGINE_init(impl)) { ++ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } else ++ /* Ask if an ENGINE is reserved for this job */ ++ impl = ENGINE_get_cipher_engine((*pcipher)->nid); ++ if (impl) { ++ /* There's an ENGINE for this job ... (apparently) */ ++ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); ++ if (!c) { ++ /* ++ * One positive side-effect of US's export control history, is ++ * that we should at least be able to avoid using US mispellings ++ * of "initialisation"? ++ */ ++ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ /* We'll use the ENGINE's private cipher definition */ ++ *pcipher = c; ++ /* ++ * Store the ENGINE functional reference so we know 'cipher' came ++ * from an ENGINE and we need to release it when done. ++ */ ++ ctx->engine = impl; ++ } else ++ ctx->engine = NULL; ++ return 1; ++} ++ ++# endif + + #endif + +-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, const unsigned char *iv, int enc) +- { +- if (enc == -1) +- enc = ctx->encrypt; +- else +- { +- if (enc) +- enc = 1; +- ctx->encrypt = enc; +- } ++int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv, int enc) ++{ ++ if (enc == -1) ++ enc = ctx->encrypt; ++ else { ++ if (enc) ++ enc = 1; ++ ctx->encrypt = enc; ++ } + #ifdef OPENSSL_FIPS +- if(FIPS_selftest_failed()) +- { +- FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); +- ctx->cipher = &bad_cipher; +- return 0; +- } ++ if (FIPS_selftest_failed()) { ++ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED); ++ ctx->cipher = &bad_cipher; ++ return 0; ++ } + #endif + #ifndef OPENSSL_NO_ENGINE +- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts +- * so this context may already have an ENGINE! Try to avoid releasing +- * the previous handle, re-querying for an ENGINE, and having a +- * reinitialisation, when it may all be unecessary. */ +- if (ctx->engine && ctx->cipher && (!cipher || +- (cipher && (cipher->nid == ctx->cipher->nid)))) +- goto skip_to_init; ++ /* ++ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so ++ * this context may already have an ENGINE! Try to avoid releasing the ++ * previous handle, re-querying for an ENGINE, and having a ++ * reinitialisation, when it may all be unecessary. ++ */ ++ if (ctx->engine && ctx->cipher && (!cipher || ++ (cipher ++ && (cipher->nid == ++ ctx->cipher->nid)))) ++ goto skip_to_init; + #endif +- if (cipher) +- { +- /* Ensure a context left lying around from last time is cleared +- * (the previous check attempted to avoid this if the same +- * ENGINE and EVP_CIPHER could be used). */ +- EVP_CIPHER_CTX_cleanup(ctx); +- +- /* Restore encrypt field: it is zeroed by cleanup */ +- ctx->encrypt = enc; ++ if (cipher) { ++ /* ++ * Ensure a context left lying around from last time is cleared (the ++ * previous check attempted to avoid this if the same ENGINE and ++ * EVP_CIPHER could be used). ++ */ ++ EVP_CIPHER_CTX_cleanup(ctx); ++ ++ /* Restore encrypt field: it is zeroed by cleanup */ ++ ctx->encrypt = enc; + #ifndef OPENSSL_NO_ENGINE +- if (!do_evp_enc_engine(ctx, &cipher, impl)) +- return 0; ++ if (!do_evp_enc_engine(ctx, &cipher, impl)) ++ return 0; + #endif + +- ctx->cipher=cipher; +- if (ctx->cipher->ctx_size) +- { +- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); +- if (!ctx->cipher_data) +- { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- else +- { +- ctx->cipher_data = NULL; +- } +- ctx->key_len = cipher->key_len; +- ctx->flags = 0; +- if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) +- { +- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) +- { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } +- } +- else if(!ctx->cipher) +- { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); +- return 0; +- } ++ ctx->cipher = cipher; ++ if (ctx->cipher->ctx_size) { ++ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); ++ if (!ctx->cipher_data) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } else { ++ ctx->cipher_data = NULL; ++ } ++ ctx->key_len = cipher->key_len; ++ ctx->flags = 0; ++ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { ++ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } ++ } else if (!ctx->cipher) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); ++ return 0; ++ } + #ifndef OPENSSL_NO_ENGINE +-skip_to_init: ++ skip_to_init: + #endif +- /* we assume block size is a power of 2 in *cryptUpdate */ +- OPENSSL_assert(ctx->cipher->block_size == 1 +- || ctx->cipher->block_size == 8 +- || ctx->cipher->block_size == 16); +- +- if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { +- switch(EVP_CIPHER_CTX_mode(ctx)) { +- +- case EVP_CIPH_STREAM_CIPHER: +- case EVP_CIPH_ECB_MODE: +- break; +- +- case EVP_CIPH_CFB_MODE: +- case EVP_CIPH_OFB_MODE: +- +- ctx->num = 0; +- /* fall-through */ +- +- case EVP_CIPH_CBC_MODE: +- +- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= +- (int)sizeof(ctx->iv)); +- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); +- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); +- break; +- +- default: +- return 0; +- break; +- } +- } +- ++ /* we assume block size is a power of 2 in *cryptUpdate */ ++ OPENSSL_assert(ctx->cipher->block_size == 1 ++ || ctx->cipher->block_size == 8 ++ || ctx->cipher->block_size == 16); ++ ++ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { ++ switch (EVP_CIPHER_CTX_mode(ctx)) { ++ ++ case EVP_CIPH_STREAM_CIPHER: ++ case EVP_CIPH_ECB_MODE: ++ break; ++ ++ case EVP_CIPH_CFB_MODE: ++ case EVP_CIPH_OFB_MODE: ++ ++ ctx->num = 0; ++ /* fall-through */ ++ ++ case EVP_CIPH_CBC_MODE: ++ ++ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= ++ (int)sizeof(ctx->iv)); ++ if (iv) ++ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); ++ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); ++ break; ++ ++ default: ++ return 0; ++ break; ++ } ++ } + #ifdef OPENSSL_FIPS +- /* After 'key' is set no further parameters changes are permissible. +- * So only check for non FIPS enabling at this point. +- */ +- if (key && FIPS_mode()) +- { +- if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) +- & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) +- { +- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); +-#if 0 +- ERR_add_error_data(2, "cipher=", +- EVP_CIPHER_name(ctx->cipher)); +-#endif +- ctx->cipher = &bad_cipher; +- return 0; +- } +- } ++ /* ++ * After 'key' is set no further parameters changes are permissible. So ++ * only check for non FIPS enabling at this point. ++ */ ++ if (key && FIPS_mode()) { ++ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS) ++ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS); ++# if 0 ++ ERR_add_error_data(2, "cipher=", EVP_CIPHER_name(ctx->cipher)); ++# endif ++ ctx->cipher = &bad_cipher; ++ return 0; ++ } ++ } + #endif + +- if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { +- if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; +- } +- ctx->buf_len=0; +- ctx->final_used=0; +- ctx->block_mask=ctx->cipher->block_size-1; +- return 1; +- } ++ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { ++ if (!ctx->cipher->init(ctx, key, iv, enc)) ++ return 0; ++ } ++ ctx->buf_len = 0; ++ ctx->final_used = 0; ++ ctx->block_mask = ctx->cipher->block_size - 1; ++ return 1; ++} + + int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) +- { +- if (c->cipher != NULL) +- { +- if(c->cipher->cleanup && !c->cipher->cleanup(c)) +- return 0; +- /* Cleanse cipher context data */ +- if (c->cipher_data) +- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); +- } +- if (c->cipher_data) +- OPENSSL_free(c->cipher_data); ++{ ++ if (c->cipher != NULL) { ++ if (c->cipher->cleanup && !c->cipher->cleanup(c)) ++ return 0; ++ /* Cleanse cipher context data */ ++ if (c->cipher_data) ++ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); ++ } ++ if (c->cipher_data) ++ OPENSSL_free(c->cipher_data); + #ifndef OPENSSL_NO_ENGINE +- if (c->engine) +- /* The EVP_CIPHER we used belongs to an ENGINE, release the +- * functional reference we held for this reason. */ +- do_engine_finish(c->engine); ++ if (c->engine) ++ /* ++ * The EVP_CIPHER we used belongs to an ENGINE, release the ++ * functional reference we held for this reason. ++ */ ++ do_engine_finish(c->engine); + #endif +- memset(c,0,sizeof(EVP_CIPHER_CTX)); +- return 1; +- } ++ memset(c, 0, sizeof(EVP_CIPHER_CTX)); ++ return 1; ++} + +-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) +- { ++int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, unsigned int inl) ++{ + #ifdef OPENSSL_FIPS +- FIPS_selftest_check(); ++ FIPS_selftest_check(); + #endif +- return ctx->cipher->do_cipher(ctx,out,in,inl); +- } ++ return ctx->cipher->do_cipher(ctx, out, in, inl); ++} + + int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) + { +- int ret; +- if(!ctx->cipher) { +- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); +- return 0; +- } +- +- if(!ctx->cipher->ctrl) { +- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); +- return 0; +- } +- +- ret = ctx->cipher->ctrl(ctx, type, arg, ptr); +- if(ret == -1) { +- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); +- return 0; +- } +- return ret; ++ int ret; ++ if (!ctx->cipher) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); ++ return 0; ++ } ++ ++ if (!ctx->cipher->ctrl) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); ++ return 0; ++ } ++ ++ ret = ctx->cipher->ctrl(ctx, type, arg, ptr); ++ if (ret == -1) { ++ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, ++ EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); ++ return 0; ++ } ++ return ret; + } + + unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->cipher->flags; +- } ++{ ++ return ctx->cipher->flags; ++} + + int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->cipher->iv_len; +- } ++{ ++ return ctx->cipher->iv_len; ++} + + int EVP_CIPHER_nid(const EVP_CIPHER *cipher) +- { +- return cipher->nid; +- } ++{ ++ return cipher->nid; ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c +index 69f7cca..9bdcd57 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/encode.c ++++ b/Cryptlib/OpenSSL/crypto/evp/encode.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,20 +61,21 @@ + #include + + #ifndef CHARSET_EBCDIC +-#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +-#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) ++# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) ++# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) + #else +-/* We assume that PEM encoded files are EBCDIC files +- * (i.e., printable text files). Convert them here while decoding. +- * When encoding, output is EBCDIC (text) format again. +- * (No need for conversion in the conv_bin2ascii macro, as the +- * underlying textstring data_bin2ascii[] is already EBCDIC) ++/* ++ * We assume that PEM encoded files are EBCDIC files (i.e., printable text ++ * files). Convert them here while decoding. When encoding, output is EBCDIC ++ * (text) format again. (No need for conversion in the conv_bin2ascii macro, ++ * as the underlying textstring data_bin2ascii[] is already EBCDIC) + */ +-#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) +-#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) ++# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) ++# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) + #endif + +-/* 64 char lines ++/*- ++ * 64 char lines + * pad input with 0 + * left over chars are set to = + * 1 byte => xx== +@@ -85,362 +86,367 @@ + #define CHUNKS_PER_LINE (64/4) + #define CHAR_PER_LINE (64+1) + +-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ ++static unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ + abcdefghijklmnopqrstuvwxyz0123456789+/"; + +-/* 0xF0 is a EOLN ++/*- ++ * 0xF0 is a EOLN + * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). + * 0xF2 is EOF + * 0xE0 is ignore at start of line. + * 0xFF is error + */ + +-#define B64_EOLN 0xF0 +-#define B64_CR 0xF1 +-#define B64_EOF 0xF2 +-#define B64_WS 0xE0 +-#define B64_ERROR 0xFF +-#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) +- +-static unsigned char data_ascii2bin[128]={ +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, +- 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F, +- 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B, +- 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF, +- 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06, +- 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E, +- 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16, +- 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF, +- 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, +- 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, +- 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, +- 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, +- }; ++#define B64_EOLN 0xF0 ++#define B64_CR 0xF1 ++#define B64_EOF 0xF2 ++#define B64_WS 0xE0 ++#define B64_ERROR 0xFF ++#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) ++ ++static unsigned char data_ascii2bin[128] = { ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, ++ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, ++ 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, ++ 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, ++ 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, ++ 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, ++ 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++ 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, ++ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, ++ 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, ++ 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, ++}; + + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) +- { +- ctx->length=48; +- ctx->num=0; +- ctx->line_num=0; +- } ++{ ++ ctx->length = 48; ++ ctx->num = 0; ++ ctx->line_num = 0; ++} + + void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +- const unsigned char *in, int inl) +- { +- int i,j; +- unsigned int total=0; +- +- *outl=0; +- if (inl == 0) return; +- OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); +- if ((ctx->num+inl) < ctx->length) +- { +- memcpy(&(ctx->enc_data[ctx->num]),in,inl); +- ctx->num+=inl; +- return; +- } +- if (ctx->num != 0) +- { +- i=ctx->length-ctx->num; +- memcpy(&(ctx->enc_data[ctx->num]),in,i); +- in+=i; +- inl-=i; +- j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length); +- ctx->num=0; +- out+=j; +- *(out++)='\n'; +- *out='\0'; +- total=j+1; +- } +- while (inl >= ctx->length) +- { +- j=EVP_EncodeBlock(out,in,ctx->length); +- in+=ctx->length; +- inl-=ctx->length; +- out+=j; +- *(out++)='\n'; +- *out='\0'; +- total+=j+1; +- } +- if (inl != 0) +- memcpy(&(ctx->enc_data[0]),in,inl); +- ctx->num=inl; +- *outl=total; +- } ++ const unsigned char *in, int inl) ++{ ++ int i, j; ++ unsigned int total = 0; ++ ++ *outl = 0; ++ if (inl == 0) ++ return; ++ OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); ++ if ((ctx->num + inl) < ctx->length) { ++ memcpy(&(ctx->enc_data[ctx->num]), in, inl); ++ ctx->num += inl; ++ return; ++ } ++ if (ctx->num != 0) { ++ i = ctx->length - ctx->num; ++ memcpy(&(ctx->enc_data[ctx->num]), in, i); ++ in += i; ++ inl -= i; ++ j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length); ++ ctx->num = 0; ++ out += j; ++ *(out++) = '\n'; ++ *out = '\0'; ++ total = j + 1; ++ } ++ while (inl >= ctx->length) { ++ j = EVP_EncodeBlock(out, in, ctx->length); ++ in += ctx->length; ++ inl -= ctx->length; ++ out += j; ++ *(out++) = '\n'; ++ *out = '\0'; ++ total += j + 1; ++ } ++ if (inl != 0) ++ memcpy(&(ctx->enc_data[0]), in, inl); ++ ctx->num = inl; ++ *outl = total; ++} + + void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) +- { +- unsigned int ret=0; +- +- if (ctx->num != 0) +- { +- ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num); +- out[ret++]='\n'; +- out[ret]='\0'; +- ctx->num=0; +- } +- *outl=ret; +- } ++{ ++ unsigned int ret = 0; ++ ++ if (ctx->num != 0) { ++ ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num); ++ out[ret++] = '\n'; ++ out[ret] = '\0'; ++ ctx->num = 0; ++ } ++ *outl = ret; ++} + + int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) +- { +- int i,ret=0; +- unsigned long l; +- +- for (i=dlen; i > 0; i-=3) +- { +- if (i >= 3) +- { +- l= (((unsigned long)f[0])<<16L)| +- (((unsigned long)f[1])<< 8L)|f[2]; +- *(t++)=conv_bin2ascii(l>>18L); +- *(t++)=conv_bin2ascii(l>>12L); +- *(t++)=conv_bin2ascii(l>> 6L); +- *(t++)=conv_bin2ascii(l ); +- } +- else +- { +- l=((unsigned long)f[0])<<16L; +- if (i == 2) l|=((unsigned long)f[1]<<8L); +- +- *(t++)=conv_bin2ascii(l>>18L); +- *(t++)=conv_bin2ascii(l>>12L); +- *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L); +- *(t++)='='; +- } +- ret+=4; +- f+=3; +- } +- +- *t='\0'; +- return(ret); +- } ++{ ++ int i, ret = 0; ++ unsigned long l; ++ ++ for (i = dlen; i > 0; i -= 3) { ++ if (i >= 3) { ++ l = (((unsigned long)f[0]) << 16L) | ++ (((unsigned long)f[1]) << 8L) | f[2]; ++ *(t++) = conv_bin2ascii(l >> 18L); ++ *(t++) = conv_bin2ascii(l >> 12L); ++ *(t++) = conv_bin2ascii(l >> 6L); ++ *(t++) = conv_bin2ascii(l); ++ } else { ++ l = ((unsigned long)f[0]) << 16L; ++ if (i == 2) ++ l |= ((unsigned long)f[1] << 8L); ++ ++ *(t++) = conv_bin2ascii(l >> 18L); ++ *(t++) = conv_bin2ascii(l >> 12L); ++ *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L); ++ *(t++) = '='; ++ } ++ ret += 4; ++ f += 3; ++ } ++ ++ *t = '\0'; ++ return (ret); ++} + + void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) +- { +- ctx->length=30; +- ctx->num=0; +- ctx->line_num=0; +- ctx->expect_nl=0; +- } +- +-/* -1 for error ++{ ++ ctx->length = 30; ++ ctx->num = 0; ++ ctx->line_num = 0; ++ ctx->expect_nl = 0; ++} ++ ++/*- ++ * -1 for error + * 0 for last line + * 1 for full line + */ + int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +- const unsigned char *in, int inl) +- { +- int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl; +- unsigned char *d; +- +- n=ctx->num; +- d=ctx->enc_data; +- ln=ctx->line_num; +- exp_nl=ctx->expect_nl; +- +- /* last line of input. */ +- if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) +- { rv=0; goto end; } +- +- /* We parse the input data */ +- for (i=0; i 80 characters, scream alot */ +- if (ln >= 80) { rv= -1; goto end; } +- +- /* Get char and put it into the buffer */ +- tmp= *(in++); +- v=conv_ascii2bin(tmp); +- /* only save the good data :-) */ +- if (!B64_NOT_BASE64(v)) +- { +- OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); +- d[n++]=tmp; +- ln++; +- } +- else if (v == B64_ERROR) +- { +- rv= -1; +- goto end; +- } +- +- /* have we seen a '=' which is 'definitly' the last +- * input line. seof will point to the character that +- * holds it. and eof will hold how many characters to +- * chop off. */ +- if (tmp == '=') +- { +- if (seof == -1) seof=n; +- eof++; +- } +- +- if (v == B64_CR) +- { +- ln = 0; +- if (exp_nl) +- continue; +- } +- +- /* eoln */ +- if (v == B64_EOLN) +- { +- ln=0; +- if (exp_nl) +- { +- exp_nl=0; +- continue; +- } +- } +- exp_nl=0; +- +- /* If we are at the end of input and it looks like a +- * line, process it. */ +- if (((i+1) == inl) && (((n&3) == 0) || eof)) +- { +- v=B64_EOF; +- /* In case things were given us in really small +- records (so two '=' were given in separate +- updates), eof may contain the incorrect number +- of ending bytes to skip, so let's redo the count */ +- eof = 0; +- if (d[n-1] == '=') eof++; +- if (d[n-2] == '=') eof++; +- /* There will never be more than two '=' */ +- } +- +- if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) +- { +- /* This is needed to work correctly on 64 byte input +- * lines. We process the line and then need to +- * accept the '\n' */ +- if ((v != B64_EOF) && (n >= 64)) exp_nl=1; +- if (n > 0) +- { +- v=EVP_DecodeBlock(out,d,n); +- n=0; +- if (v < 0) { rv=0; goto end; } +- if (eof > v) { rv=-1; goto end; } +- ret+=(v-eof); +- } +- else +- { +- eof=1; +- v=0; +- } +- +- /* This is the case where we have had a short +- * but valid input line */ +- if ((v < ctx->length) && eof) +- { +- rv=0; +- goto end; +- } +- else +- ctx->length=v; +- +- if (seof >= 0) { rv=0; goto end; } +- out+=v; +- } +- } +- rv=1; +-end: +- *outl=ret; +- ctx->num=n; +- ctx->line_num=ln; +- ctx->expect_nl=exp_nl; +- return(rv); +- } ++ const unsigned char *in, int inl) ++{ ++ int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; ++ unsigned char *d; ++ ++ n = ctx->num; ++ d = ctx->enc_data; ++ ln = ctx->line_num; ++ exp_nl = ctx->expect_nl; ++ ++ /* last line of input. */ ++ if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { ++ rv = 0; ++ goto end; ++ } ++ ++ /* We parse the input data */ ++ for (i = 0; i < inl; i++) { ++ /* If the current line is > 80 characters, scream alot */ ++ if (ln >= 80) { ++ rv = -1; ++ goto end; ++ } ++ ++ /* Get char and put it into the buffer */ ++ tmp = *(in++); ++ v = conv_ascii2bin(tmp); ++ /* only save the good data :-) */ ++ if (!B64_NOT_BASE64(v)) { ++ OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); ++ d[n++] = tmp; ++ ln++; ++ } else if (v == B64_ERROR) { ++ rv = -1; ++ goto end; ++ } ++ ++ /* ++ * have we seen a '=' which is 'definitly' the last input line. seof ++ * will point to the character that holds it. and eof will hold how ++ * many characters to chop off. ++ */ ++ if (tmp == '=') { ++ if (seof == -1) ++ seof = n; ++ eof++; ++ } ++ ++ if (v == B64_CR) { ++ ln = 0; ++ if (exp_nl) ++ continue; ++ } ++ ++ /* eoln */ ++ if (v == B64_EOLN) { ++ ln = 0; ++ if (exp_nl) { ++ exp_nl = 0; ++ continue; ++ } ++ } ++ exp_nl = 0; ++ ++ /* ++ * If we are at the end of input and it looks like a line, process ++ * it. ++ */ ++ if (((i + 1) == inl) && (((n & 3) == 0) || eof)) { ++ v = B64_EOF; ++ /* ++ * In case things were given us in really small records (so two ++ * '=' were given in separate updates), eof may contain the ++ * incorrect number of ending bytes to skip, so let's redo the ++ * count ++ */ ++ eof = 0; ++ if (d[n - 1] == '=') ++ eof++; ++ if (d[n - 2] == '=') ++ eof++; ++ /* There will never be more than two '=' */ ++ } ++ ++ if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) { ++ /* ++ * This is needed to work correctly on 64 byte input lines. We ++ * process the line and then need to accept the '\n' ++ */ ++ if ((v != B64_EOF) && (n >= 64)) ++ exp_nl = 1; ++ if (n > 0) { ++ v = EVP_DecodeBlock(out, d, n); ++ n = 0; ++ if (v < 0) { ++ rv = 0; ++ goto end; ++ } ++ if (eof > v) { ++ rv = -1; ++ goto end; ++ } ++ ret += (v - eof); ++ } else { ++ eof = 1; ++ v = 0; ++ } ++ ++ /* ++ * This is the case where we have had a short but valid input ++ * line ++ */ ++ if ((v < ctx->length) && eof) { ++ rv = 0; ++ goto end; ++ } else ++ ctx->length = v; ++ ++ if (seof >= 0) { ++ rv = 0; ++ goto end; ++ } ++ out += v; ++ } ++ } ++ rv = 1; ++ end: ++ *outl = ret; ++ ctx->num = n; ++ ctx->line_num = ln; ++ ctx->expect_nl = exp_nl; ++ return (rv); ++} + + int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) +- { +- int i,ret=0,a,b,c,d; +- unsigned long l; +- +- /* trim white space from the start of the line. */ +- while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) +- { +- f++; +- n--; +- } +- +- /* strip off stuff at the end of the line +- * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ +- while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1])))) +- n--; +- +- if (n%4 != 0) return(-1); +- +- for (i=0; i>16L)&0xff; +- *(t++)=(unsigned char)(l>> 8L)&0xff; +- *(t++)=(unsigned char)(l )&0xff; +- ret+=3; +- } +- return(ret); +- } ++{ ++ int i, ret = 0, a, b, c, d; ++ unsigned long l; ++ ++ /* trim white space from the start of the line. */ ++ while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) { ++ f++; ++ n--; ++ } ++ ++ /* ++ * strip off stuff at the end of the line ascii2bin values B64_WS, ++ * B64_EOLN, B64_EOLN and B64_EOF ++ */ ++ while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1])))) ++ n--; ++ ++ if (n % 4 != 0) ++ return (-1); ++ ++ for (i = 0; i < n; i += 4) { ++ a = conv_ascii2bin(*(f++)); ++ b = conv_ascii2bin(*(f++)); ++ c = conv_ascii2bin(*(f++)); ++ d = conv_ascii2bin(*(f++)); ++ if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80)) ++ return (-1); ++ l = ((((unsigned long)a) << 18L) | ++ (((unsigned long)b) << 12L) | ++ (((unsigned long)c) << 6L) | (((unsigned long)d))); ++ *(t++) = (unsigned char)(l >> 16L) & 0xff; ++ *(t++) = (unsigned char)(l >> 8L) & 0xff; ++ *(t++) = (unsigned char)(l) & 0xff; ++ ret += 3; ++ } ++ return (ret); ++} + + int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) +- { +- int i; +- +- *outl=0; +- if (ctx->num != 0) +- { +- i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num); +- if (i < 0) return(-1); +- ctx->num=0; +- *outl=i; +- return(1); +- } +- else +- return(1); +- } ++{ ++ int i; ++ ++ *outl = 0; ++ if (ctx->num != 0) { ++ i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num); ++ if (i < 0) ++ return (-1); ++ ctx->num = 0; ++ *outl = i; ++ return (1); ++ } else ++ return (1); ++} + + #ifdef undef + int EVP_DecodeValid(unsigned char *buf, int len) +- { +- int i,num=0,bad=0; +- +- if (len == 0) return(-1); +- while (conv_ascii2bin(*buf) == B64_WS) +- { +- buf++; +- len--; +- if (len == 0) return(-1); +- } +- +- for (i=len; i >= 4; i-=4) +- { +- if ( (conv_ascii2bin(buf[0]) >= 0x40) || +- (conv_ascii2bin(buf[1]) >= 0x40) || +- (conv_ascii2bin(buf[2]) >= 0x40) || +- (conv_ascii2bin(buf[3]) >= 0x40)) +- return(-1); +- buf+=4; +- num+=1+(buf[2] != '=')+(buf[3] != '='); +- } +- if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) +- return(num); +- if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && +- (conv_ascii2bin(buf[0]) == B64_EOLN)) +- return(num); +- return(1); +- } ++{ ++ int i, num = 0, bad = 0; ++ ++ if (len == 0) ++ return (-1); ++ while (conv_ascii2bin(*buf) == B64_WS) { ++ buf++; ++ len--; ++ if (len == 0) ++ return (-1); ++ } ++ ++ for (i = len; i >= 4; i -= 4) { ++ if ((conv_ascii2bin(buf[0]) >= 0x40) || ++ (conv_ascii2bin(buf[1]) >= 0x40) || ++ (conv_ascii2bin(buf[2]) >= 0x40) || ++ (conv_ascii2bin(buf[3]) >= 0x40)) ++ return (-1); ++ buf += 4; ++ num += 1 + (buf[2] != '=') + (buf[3] != '='); ++ } ++ if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) ++ return (num); ++ if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && ++ (conv_ascii2bin(buf[0]) == B64_EOLN)) ++ return (num); ++ return (1); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +index 643a186..9703116 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +@@ -1,6 +1,7 @@ + /* evp_acnf.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,14 +61,13 @@ + #include + #include + +- +-/* Load all algorithms and configure OpenSSL. +- * This function is called automatically when +- * OPENSSL_LOAD_CONF is set. ++/* ++ * Load all algorithms and configure OpenSSL. This function is called ++ * automatically when OPENSSL_LOAD_CONF is set. + */ + + void OPENSSL_add_all_algorithms_conf(void) +- { +- OPENSSL_add_all_algorithms_noconf(); +- OPENSSL_config(NULL); +- } ++{ ++ OPENSSL_add_all_algorithms_noconf(); ++ OPENSSL_config(NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +index 2e4db30..6fd3a6d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +@@ -1,6 +1,7 @@ + /* evp_cnf.c */ +-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL +- * project 2007. ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2007. + */ + /* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,61 +66,53 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +- + /* Algorithm configuration module. */ + + static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) +- { +- int i; +- const char *oid_section; +- STACK_OF(CONF_VALUE) *sktmp; +- CONF_VALUE *oval; +- oid_section = CONF_imodule_get_value(md); +- if(!(sktmp = NCONF_get_section(cnf, oid_section))) +- { +- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); +- return 0; +- } +- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) +- { +- oval = sk_CONF_VALUE_value(sktmp, i); +- if (!strcmp(oval->name, "fips_mode")) +- { +- int m; +- if (!X509V3_get_value_bool(oval, &m)) +- { +- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); +- return 0; +- } +- if (m > 0) +- { ++{ ++ int i; ++ const char *oid_section; ++ STACK_OF(CONF_VALUE) *sktmp; ++ CONF_VALUE *oval; ++ oid_section = CONF_imodule_get_value(md); ++ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { ++ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); ++ return 0; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { ++ oval = sk_CONF_VALUE_value(sktmp, i); ++ if (!strcmp(oval->name, "fips_mode")) { ++ int m; ++ if (!X509V3_get_value_bool(oval, &m)) { ++ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); ++ return 0; ++ } ++ if (m > 0) { + #ifdef OPENSSL_FIPS +- if (!FIPS_mode() && !FIPS_mode_set(1)) +- { +- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE); +- return 0; +- } ++ if (!FIPS_mode() && !FIPS_mode_set(1)) { ++ EVPerr(EVP_F_ALG_MODULE_INIT, ++ EVP_R_ERROR_SETTING_FIPS_MODE); ++ return 0; ++ } + #else +- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); +- return 0; ++ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); ++ return 0; + #endif +- } +- } +- else +- { +- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); +- ERR_add_error_data(4, "name=", oval->name, +- ", value=", oval->value); +- } +- +- } +- return 1; +- } ++ } ++ } else { ++ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); ++ ERR_add_error_data(4, "name=", oval->name, ++ ", value=", oval->value); ++ } ++ ++ } ++ return 1; ++} + + void EVP_add_alg_module(void) +- { +- CONF_module_add("alg_section", alg_module_init, 0); +- } ++{ ++ CONF_module_add("alg_section", alg_module_init, 0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +index 30e0ca4..8a91a67 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,379 +62,359 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include "evp_locl.h" + + #ifdef OPENSSL_FIPS +- #define M_do_cipher(ctx, out, in, inl) \ +- EVP_Cipher(ctx,out,in,inl) ++# define M_do_cipher(ctx, out, in, inl) \ ++ EVP_Cipher(ctx,out,in,inl) + #else +- #define M_do_cipher(ctx, out, in, inl) \ +- ctx->cipher->do_cipher(ctx,out,in,inl) ++# define M_do_cipher(ctx, out, in, inl) \ ++ ctx->cipher->do_cipher(ctx,out,in,inl) + #endif + +-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; ++const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; + + EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) +- { +- EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx); +- if (ctx) +- EVP_CIPHER_CTX_init(ctx); +- return ctx; +- } ++{ ++ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); ++ if (ctx) ++ EVP_CIPHER_CTX_init(ctx); ++ return ctx; ++} + + int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv, int enc) +- { +- if (cipher) +- EVP_CIPHER_CTX_init(ctx); +- return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); +- } ++ const unsigned char *key, const unsigned char *iv, int enc) ++{ ++ if (cipher) ++ EVP_CIPHER_CTX_init(ctx); ++ return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); ++} + + int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, +- const unsigned char *in, int inl) +- { +- if (ctx->encrypt) +- return EVP_EncryptUpdate(ctx,out,outl,in,inl); +- else return EVP_DecryptUpdate(ctx,out,outl,in,inl); +- } ++ const unsigned char *in, int inl) ++{ ++ if (ctx->encrypt) ++ return EVP_EncryptUpdate(ctx, out, outl, in, inl); ++ else ++ return EVP_DecryptUpdate(ctx, out, outl, in, inl); ++} + + int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- if (ctx->encrypt) +- return EVP_EncryptFinal_ex(ctx,out,outl); +- else return EVP_DecryptFinal_ex(ctx,out,outl); +- } ++{ ++ if (ctx->encrypt) ++ return EVP_EncryptFinal_ex(ctx, out, outl); ++ else ++ return EVP_DecryptFinal_ex(ctx, out, outl); ++} + + int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- if (ctx->encrypt) +- return EVP_EncryptFinal(ctx,out,outl); +- else return EVP_DecryptFinal(ctx,out,outl); +- } ++{ ++ if (ctx->encrypt) ++ return EVP_EncryptFinal(ctx, out, outl); ++ else ++ return EVP_DecryptFinal(ctx, out, outl); ++} + + int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv) +- { +- return EVP_CipherInit(ctx, cipher, key, iv, 1); +- } +- +-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, const unsigned char *iv) +- { +- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); +- } ++ const unsigned char *key, const unsigned char *iv) ++{ ++ return EVP_CipherInit(ctx, cipher, key, iv, 1); ++} ++ ++int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv) ++{ ++ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); ++} + + int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv) +- { +- return EVP_CipherInit(ctx, cipher, key, iv, 0); +- } +- +-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, const unsigned char *iv) +- { +- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); +- } ++ const unsigned char *key, const unsigned char *iv) ++{ ++ return EVP_CipherInit(ctx, cipher, key, iv, 0); ++} ++ ++int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv) ++{ ++ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); ++} + + int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, +- const unsigned char *in, int inl) +- { +- int i,j,bl; +- +- if (inl <= 0) +- { +- *outl = 0; +- return inl == 0; +- } +- +- if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) +- { +- if(M_do_cipher(ctx,out,in,inl)) +- { +- *outl=inl; +- return 1; +- } +- else +- { +- *outl=0; +- return 0; +- } +- } +- i=ctx->buf_len; +- bl=ctx->cipher->block_size; +- OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); +- if (i != 0) +- { +- if (i+inl < bl) +- { +- memcpy(&(ctx->buf[i]),in,inl); +- ctx->buf_len+=inl; +- *outl=0; +- return 1; +- } +- else +- { +- j=bl-i; +- memcpy(&(ctx->buf[i]),in,j); +- if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; +- inl-=j; +- in+=j; +- out+=bl; +- *outl=bl; +- } +- } +- else +- *outl = 0; +- i=inl&(bl-1); +- inl-=i; +- if (inl > 0) +- { +- if(!M_do_cipher(ctx,out,in,inl)) return 0; +- *outl+=inl; +- } +- +- if (i != 0) +- memcpy(ctx->buf,&(in[inl]),i); +- ctx->buf_len=i; +- return 1; +- } ++ const unsigned char *in, int inl) ++{ ++ int i, j, bl; ++ ++ if (inl <= 0) { ++ *outl = 0; ++ return inl == 0; ++ } ++ ++ if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { ++ if (M_do_cipher(ctx, out, in, inl)) { ++ *outl = inl; ++ return 1; ++ } else { ++ *outl = 0; ++ return 0; ++ } ++ } ++ i = ctx->buf_len; ++ bl = ctx->cipher->block_size; ++ OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); ++ if (i != 0) { ++ if (i + inl < bl) { ++ memcpy(&(ctx->buf[i]), in, inl); ++ ctx->buf_len += inl; ++ *outl = 0; ++ return 1; ++ } else { ++ j = bl - i; ++ memcpy(&(ctx->buf[i]), in, j); ++ if (!M_do_cipher(ctx, out, ctx->buf, bl)) ++ return 0; ++ inl -= j; ++ in += j; ++ out += bl; ++ *outl = bl; ++ } ++ } else ++ *outl = 0; ++ i = inl & (bl - 1); ++ inl -= i; ++ if (inl > 0) { ++ if (!M_do_cipher(ctx, out, in, inl)) ++ return 0; ++ *outl += inl; ++ } ++ ++ if (i != 0) ++ memcpy(ctx->buf, &(in[inl]), i); ++ ctx->buf_len = i; ++ return 1; ++} + + int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- int ret; +- ret = EVP_EncryptFinal_ex(ctx, out, outl); +- return ret; +- } ++{ ++ int ret; ++ ret = EVP_EncryptFinal_ex(ctx, out, outl); ++ return ret; ++} + + int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- int n,ret; +- unsigned int i, b, bl; +- +- b=ctx->cipher->block_size; +- OPENSSL_assert(b <= sizeof ctx->buf); +- if (b == 1) +- { +- *outl=0; +- return 1; +- } +- bl=ctx->buf_len; +- if (ctx->flags & EVP_CIPH_NO_PADDING) +- { +- if(bl) +- { +- EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; +- } +- *outl = 0; +- return 1; +- } +- +- n=b-bl; +- for (i=bl; ibuf[i]=n; +- ret=M_do_cipher(ctx,out,ctx->buf,b); +- +- +- if(ret) +- *outl=b; +- +- return ret; +- } ++{ ++ int n, ret; ++ unsigned int i, b, bl; ++ ++ b = ctx->cipher->block_size; ++ OPENSSL_assert(b <= sizeof ctx->buf); ++ if (b == 1) { ++ *outl = 0; ++ return 1; ++ } ++ bl = ctx->buf_len; ++ if (ctx->flags & EVP_CIPH_NO_PADDING) { ++ if (bl) { ++ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, ++ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); ++ return 0; ++ } ++ *outl = 0; ++ return 1; ++ } ++ ++ n = b - bl; ++ for (i = bl; i < b; i++) ++ ctx->buf[i] = n; ++ ret = M_do_cipher(ctx, out, ctx->buf, b); ++ ++ if (ret) ++ *outl = b; ++ ++ return ret; ++} + + int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, +- const unsigned char *in, int inl) +- { +- int fix_len; +- unsigned int b; +- +- if (inl <= 0) +- { +- *outl = 0; +- return inl == 0; +- } +- +- if (ctx->flags & EVP_CIPH_NO_PADDING) +- return EVP_EncryptUpdate(ctx, out, outl, in, inl); +- +- b=ctx->cipher->block_size; +- OPENSSL_assert(b <= sizeof ctx->final); +- +- if(ctx->final_used) +- { +- memcpy(out,ctx->final,b); +- out+=b; +- fix_len = 1; +- } +- else +- fix_len = 0; +- +- +- if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) +- return 0; +- +- /* if we have 'decrypted' a multiple of block size, make sure +- * we have a copy of this last block */ +- if (b > 1 && !ctx->buf_len) +- { +- *outl-=b; +- ctx->final_used=1; +- memcpy(ctx->final,&out[*outl],b); +- } +- else +- ctx->final_used = 0; +- +- if (fix_len) +- *outl += b; +- +- return 1; +- } ++ const unsigned char *in, int inl) ++{ ++ int fix_len; ++ unsigned int b; ++ ++ if (inl <= 0) { ++ *outl = 0; ++ return inl == 0; ++ } ++ ++ if (ctx->flags & EVP_CIPH_NO_PADDING) ++ return EVP_EncryptUpdate(ctx, out, outl, in, inl); ++ ++ b = ctx->cipher->block_size; ++ OPENSSL_assert(b <= sizeof ctx->final); ++ ++ if (ctx->final_used) { ++ memcpy(out, ctx->final, b); ++ out += b; ++ fix_len = 1; ++ } else ++ fix_len = 0; ++ ++ if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) ++ return 0; ++ ++ /* ++ * if we have 'decrypted' a multiple of block size, make sure we have a ++ * copy of this last block ++ */ ++ if (b > 1 && !ctx->buf_len) { ++ *outl -= b; ++ ctx->final_used = 1; ++ memcpy(ctx->final, &out[*outl], b); ++ } else ++ ctx->final_used = 0; ++ ++ if (fix_len) ++ *outl += b; ++ ++ return 1; ++} + + int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- int ret; +- ret = EVP_DecryptFinal_ex(ctx, out, outl); +- return ret; +- } ++{ ++ int ret; ++ ret = EVP_DecryptFinal_ex(ctx, out, outl); ++ return ret; ++} + + int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- int i,n; +- unsigned int b; +- +- *outl=0; +- b=ctx->cipher->block_size; +- if (ctx->flags & EVP_CIPH_NO_PADDING) +- { +- if(ctx->buf_len) +- { +- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); +- return 0; +- } +- *outl = 0; +- return 1; +- } +- if (b > 1) +- { +- if (ctx->buf_len || !ctx->final_used) +- { +- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH); +- return(0); +- } +- OPENSSL_assert(b <= sizeof ctx->final); +- n=ctx->final[b-1]; +- if (n == 0 || n > (int)b) +- { +- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); +- return(0); +- } +- for (i=0; ifinal[--b] != n) +- { +- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); +- return(0); +- } +- } +- n=ctx->cipher->block_size-n; +- for (i=0; ifinal[i]; +- *outl=n; +- } +- else +- *outl=0; +- return(1); +- } ++{ ++ int i, n; ++ unsigned int b; ++ ++ *outl = 0; ++ b = ctx->cipher->block_size; ++ if (ctx->flags & EVP_CIPH_NO_PADDING) { ++ if (ctx->buf_len) { ++ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, ++ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); ++ return 0; ++ } ++ *outl = 0; ++ return 1; ++ } ++ if (b > 1) { ++ if (ctx->buf_len || !ctx->final_used) { ++ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH); ++ return (0); ++ } ++ OPENSSL_assert(b <= sizeof ctx->final); ++ n = ctx->final[b - 1]; ++ if (n == 0 || n > (int)b) { ++ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); ++ return (0); ++ } ++ for (i = 0; i < n; i++) { ++ if (ctx->final[--b] != n) { ++ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); ++ return (0); ++ } ++ } ++ n = ctx->cipher->block_size - n; ++ for (i = 0; i < n; i++) ++ out[i] = ctx->final[i]; ++ *outl = n; ++ } else ++ *outl = 0; ++ return (1); ++} + + void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +- { +- if (ctx) +- { +- EVP_CIPHER_CTX_cleanup(ctx); +- OPENSSL_free(ctx); +- } +- } ++{ ++ if (ctx) { ++ EVP_CIPHER_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} + + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) +- { +- if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) +- return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); +- if(c->key_len == keylen) return 1; +- if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) +- { +- c->key_len = keylen; +- return 1; +- } +- EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); +- return 0; +- } ++{ ++ if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) ++ return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); ++ if (c->key_len == keylen) ++ return 1; ++ if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { ++ c->key_len = keylen; ++ return 1; ++ } ++ EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH); ++ return 0; ++} + + int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) +- { +- if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; +- else ctx->flags |= EVP_CIPH_NO_PADDING; +- return 1; +- } ++{ ++ if (pad) ++ ctx->flags &= ~EVP_CIPH_NO_PADDING; ++ else ++ ctx->flags |= EVP_CIPH_NO_PADDING; ++ return 1; ++} + + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +- { +- if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) +- return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); +- if (RAND_bytes(key, ctx->key_len) <= 0) +- return 0; +- return 1; +- } ++{ ++ if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) ++ return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); ++ if (RAND_bytes(key, ctx->key_len) <= 0) ++ return 0; ++ return 1; ++} + + #ifndef OPENSSL_NO_ENGINE + +-#ifdef OPENSSL_FIPS +- +-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) +- { +- if(impl) +- { +- if (!ENGINE_init(impl)) +- { +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- } +- else +- /* Ask if an ENGINE is reserved for this job */ +- impl = ENGINE_get_cipher_engine((*pcipher)->nid); +- if(impl) +- { +- /* There's an ENGINE for this job ... (apparently) */ +- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); +- if(!c) +- { +- /* One positive side-effect of US's export +- * control history, is that we should at least +- * be able to avoid using US mispellings of +- * "initialisation"? */ +- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- /* We'll use the ENGINE's private cipher definition */ +- *pcipher = c; +- /* Store the ENGINE functional reference so we know +- * 'cipher' came from an ENGINE and we need to release +- * it when done. */ +- ctx->engine = impl; +- } +- else +- ctx->engine = NULL; +- return 1; +- } ++# ifdef OPENSSL_FIPS ++ ++static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, ++ const EVP_CIPHER **pcipher, ENGINE *impl) ++{ ++ if (impl) { ++ if (!ENGINE_init(impl)) { ++ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ } else ++ /* Ask if an ENGINE is reserved for this job */ ++ impl = ENGINE_get_cipher_engine((*pcipher)->nid); ++ if (impl) { ++ /* There's an ENGINE for this job ... (apparently) */ ++ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); ++ if (!c) { ++ /* ++ * One positive side-effect of US's export control history, is ++ * that we should at least be able to avoid using US mispellings ++ * of "initialisation"? ++ */ ++ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); ++ return 0; ++ } ++ /* We'll use the ENGINE's private cipher definition */ ++ *pcipher = c; ++ /* ++ * Store the ENGINE functional reference so we know 'cipher' came ++ * from an ENGINE and we need to release it when done. ++ */ ++ ctx->engine = impl; ++ } else ++ ctx->engine = NULL; ++ return 1; ++} + + void int_EVP_CIPHER_init_engine_callbacks(void) +- { +- int_EVP_CIPHER_set_engine_callbacks( +- ENGINE_finish, do_evp_enc_engine_full); +- } ++{ ++ int_EVP_CIPHER_set_engine_callbacks(ENGINE_finish, ++ do_evp_enc_engine_full); ++} + +-#endif ++# endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +index b5b900d..02d24ec 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,124 +66,131 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) + +-static ERR_STRING_DATA EVP_str_functs[]= +- { +-{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +-{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, +-{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, +-{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, +-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, +-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, +-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, +-{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, +-{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, +-{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, +-{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +-{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, +-{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, +-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, +-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, +-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +-{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, +-{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, +-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, +-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +-{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, +-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, +-{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, +-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, +-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, +-{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, +-{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, +-{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, +-{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, +-{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, +-{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, +-{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, +-{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, +-{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA EVP_str_functs[] = { ++ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, ++ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, ++ {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, ++ {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, ++ {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, ++ {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, ++ {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, ++ {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, ++ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, ++ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), ++ "EVP_CIPHER_CTX_set_key_length"}, ++ {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, ++ {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, ++ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, ++ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, ++ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, ++ {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, ++ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, ++ {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, ++ {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, ++ {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, ++ {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, ++ {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, ++ {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, ++ {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, ++ {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, ++ {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, ++ {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA EVP_str_reasons[]= +- { +-{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"}, +-{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"}, +-{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"}, +-{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"}, +-{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"}, +-{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"}, +-{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"}, +-{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"}, +-{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"}, +-{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"}, +-{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"}, +-{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, +-{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, +-{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, +-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, +-{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, +-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, +-{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, +-{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, +-{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, +-{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, +-{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, +-{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, +-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, +-{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, +-{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, +-{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, +-{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, +-{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, +-{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, +-{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, +-{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, +-{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"}, +-{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"}, +-{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"}, +-{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, +-{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, +-{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, +-{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"}, +-{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, +-{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, +-{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"}, +-{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"}, +-{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"}, +-{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA EVP_str_reasons[] = { ++ {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, ++ {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"}, ++ {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"}, ++ {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, ++ {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"}, ++ {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, ++ {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, ++ {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), ++ "camellia key setup failed"}, ++ {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, ++ {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, ++ {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), ++ "ctrl operation not implemented"}, ++ {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), ++ "data not multiple of block length"}, ++ {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, ++ {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, ++ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, ++ {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"}, ++ {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, ++ {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, ++ {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, ++ {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, ++ {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, ++ {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, ++ {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, ++ {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, ++ {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, ++ {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, ++ {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, ++ {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, ++ {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, ++ {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, ++ {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, ++ {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, ++ {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, ++ {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, ++ {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"}, ++ {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), ++ "no sign function configured"}, ++ {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), ++ "no verify function configured"}, ++ {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), ++ "pkcs8 unknown broken type"}, ++ {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, ++ {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED), "seed key setup failed"}, ++ {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, ++ {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, ++ {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), ++ "unsuported number of rounds"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), ++ "unsupported key derivation function"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), ++ "unsupported private key algorithm"}, ++ {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, ++ {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, ++ {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_EVP_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,EVP_str_functs); +- ERR_load_strings(0,EVP_str_reasons); +- } ++ if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, EVP_str_functs); ++ ERR_load_strings(0, EVP_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +index 361ea69..924e12f 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,109 +67,112 @@ + static char prompt_string[80]; + + void EVP_set_pw_prompt(const char *prompt) +- { +- if (prompt == NULL) +- prompt_string[0]='\0'; +- else +- { +- strncpy(prompt_string,prompt,79); +- prompt_string[79]='\0'; +- } +- } ++{ ++ if (prompt == NULL) ++ prompt_string[0] = '\0'; ++ else { ++ strncpy(prompt_string, prompt, 79); ++ prompt_string[79] = '\0'; ++ } ++} + + char *EVP_get_pw_prompt(void) +- { +- if (prompt_string[0] == '\0') +- return(NULL); +- else +- return(prompt_string); +- } ++{ ++ if (prompt_string[0] == '\0') ++ return (NULL); ++ else ++ return (prompt_string); ++} + +-/* For historical reasons, the standard function for reading passwords is +- * in the DES library -- if someone ever wants to disable DES, +- * this function will fail */ ++/* ++ * For historical reasons, the standard function for reading passwords is in ++ * the DES library -- if someone ever wants to disable DES, this function ++ * will fail ++ */ + int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) +- { +- int ret; +- char buff[BUFSIZ]; +- UI *ui; +- +- if ((prompt == NULL) && (prompt_string[0] != '\0')) +- prompt=prompt_string; +- ui = UI_new(); +- UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); +- if (verify) +- UI_add_verify_string(ui,prompt,0, +- buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); +- ret = UI_process(ui); +- UI_free(ui); +- OPENSSL_cleanse(buff,BUFSIZ); +- return ret; +- } ++{ ++ int ret; ++ char buff[BUFSIZ]; ++ UI *ui; + +-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +- const unsigned char *salt, const unsigned char *data, int datal, +- int count, unsigned char *key, unsigned char *iv) +- { +- EVP_MD_CTX c; +- unsigned char md_buf[EVP_MAX_MD_SIZE]; +- int niv,nkey,addmd=0; +- unsigned int mds=0,i; ++ if ((prompt == NULL) && (prompt_string[0] != '\0')) ++ prompt = prompt_string; ++ ui = UI_new(); ++ UI_add_input_string(ui, prompt, 0, buf, 0, ++ (len >= BUFSIZ) ? BUFSIZ - 1 : len); ++ if (verify) ++ UI_add_verify_string(ui, prompt, 0, ++ buff, 0, (len >= BUFSIZ) ? BUFSIZ - 1 : len, ++ buf); ++ ret = UI_process(ui); ++ UI_free(ui); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return ret; ++} + +- nkey=type->key_len; +- niv=type->iv_len; +- OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); +- OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); ++int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, ++ const unsigned char *salt, const unsigned char *data, ++ int datal, int count, unsigned char *key, ++ unsigned char *iv) ++{ ++ EVP_MD_CTX c; ++ unsigned char md_buf[EVP_MAX_MD_SIZE]; ++ int niv, nkey, addmd = 0; ++ unsigned int mds = 0, i; + +- if (data == NULL) return(nkey); ++ nkey = type->key_len; ++ niv = type->iv_len; ++ OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); ++ OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); + +- EVP_MD_CTX_init(&c); +- for (;;) +- { +- if (!EVP_DigestInit_ex(&c,md, NULL)) +- return 0; +- if (addmd++) +- EVP_DigestUpdate(&c,&(md_buf[0]),mds); +- EVP_DigestUpdate(&c,data,datal); +- if (salt != NULL) +- EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); +- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); ++ if (data == NULL) ++ return (nkey); + +- for (i=1; i<(unsigned int)count; i++) +- { +- EVP_DigestInit_ex(&c,md, NULL); +- EVP_DigestUpdate(&c,&(md_buf[0]),mds); +- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); +- } +- i=0; +- if (nkey) +- { +- for (;;) +- { +- if (nkey == 0) break; +- if (i == mds) break; +- if (key != NULL) +- *(key++)=md_buf[i]; +- nkey--; +- i++; +- } +- } +- if (niv && (i != mds)) +- { +- for (;;) +- { +- if (niv == 0) break; +- if (i == mds) break; +- if (iv != NULL) +- *(iv++)=md_buf[i]; +- niv--; +- i++; +- } +- } +- if ((nkey == 0) && (niv == 0)) break; +- } +- EVP_MD_CTX_cleanup(&c); +- OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE); +- return(type->key_len); +- } ++ EVP_MD_CTX_init(&c); ++ for (;;) { ++ if (!EVP_DigestInit_ex(&c, md, NULL)) ++ return 0; ++ if (addmd++) ++ EVP_DigestUpdate(&c, &(md_buf[0]), mds); ++ EVP_DigestUpdate(&c, data, datal); ++ if (salt != NULL) ++ EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); ++ EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds); + ++ for (i = 1; i < (unsigned int)count; i++) { ++ EVP_DigestInit_ex(&c, md, NULL); ++ EVP_DigestUpdate(&c, &(md_buf[0]), mds); ++ EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds); ++ } ++ i = 0; ++ if (nkey) { ++ for (;;) { ++ if (nkey == 0) ++ break; ++ if (i == mds) ++ break; ++ if (key != NULL) ++ *(key++) = md_buf[i]; ++ nkey--; ++ i++; ++ } ++ } ++ if (niv && (i != mds)) { ++ for (;;) { ++ if (niv == 0) ++ break; ++ if (i == mds) ++ break; ++ if (iv != NULL) ++ *(iv++) = md_buf[i]; ++ niv--; ++ i++; ++ } ++ } ++ if ((nkey == 0) && (niv == 0)) ++ break; ++ } ++ EVP_MD_CTX_cleanup(&c); ++ OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE); ++ return (type->key_len); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +index 9c20061..13dad6e 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,223 +62,222 @@ + #include + + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +- { +- int ret; +- +- if (c->cipher->set_asn1_parameters != NULL) +- ret=c->cipher->set_asn1_parameters(c,type); +- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) +- ret=EVP_CIPHER_set_asn1_iv(c, type); +- else +- ret=-1; +- return(ret); +- } ++{ ++ int ret; ++ ++ if (c->cipher->set_asn1_parameters != NULL) ++ ret = c->cipher->set_asn1_parameters(c, type); ++ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) ++ ret = EVP_CIPHER_set_asn1_iv(c, type); ++ else ++ ret = -1; ++ return (ret); ++} + + int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +- { +- int ret; +- +- if (c->cipher->get_asn1_parameters != NULL) +- ret=c->cipher->get_asn1_parameters(c,type); +- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) +- ret=EVP_CIPHER_get_asn1_iv(c, type); +- else +- ret=-1; +- return(ret); +- } ++{ ++ int ret; ++ ++ if (c->cipher->get_asn1_parameters != NULL) ++ ret = c->cipher->get_asn1_parameters(c, type); ++ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) ++ ret = EVP_CIPHER_get_asn1_iv(c, type); ++ else ++ ret = -1; ++ return (ret); ++} + + int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +- { +- int i=0; +- unsigned int l; +- +- if (type != NULL) +- { +- l=EVP_CIPHER_CTX_iv_length(c); +- OPENSSL_assert(l <= sizeof(c->iv)); +- i=ASN1_TYPE_get_octetstring(type,c->oiv,l); +- if (i != (int)l) +- return(-1); +- else if (i > 0) +- memcpy(c->iv,c->oiv,l); +- } +- return(i); +- } ++{ ++ int i = 0; ++ unsigned int l; ++ ++ if (type != NULL) { ++ l = EVP_CIPHER_CTX_iv_length(c); ++ OPENSSL_assert(l <= sizeof(c->iv)); ++ i = ASN1_TYPE_get_octetstring(type, c->oiv, l); ++ if (i != (int)l) ++ return (-1); ++ else if (i > 0) ++ memcpy(c->iv, c->oiv, l); ++ } ++ return (i); ++} + + int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +- { +- int i=0; +- unsigned int j; +- +- if (type != NULL) +- { +- j=EVP_CIPHER_CTX_iv_length(c); +- OPENSSL_assert(j <= sizeof(c->iv)); +- i=ASN1_TYPE_set_octetstring(type,c->oiv,j); +- } +- return(i); +- } ++{ ++ int i = 0; ++ unsigned int j; ++ ++ if (type != NULL) { ++ j = EVP_CIPHER_CTX_iv_length(c); ++ OPENSSL_assert(j <= sizeof(c->iv)); ++ i = ASN1_TYPE_set_octetstring(type, c->oiv, j); ++ } ++ return (i); ++} + + /* Convert the various cipher NIDs and dummies to a proper OID NID */ + int EVP_CIPHER_type(const EVP_CIPHER *ctx) + { +- int nid; +- ASN1_OBJECT *otmp; +- nid = EVP_CIPHER_nid(ctx); ++ int nid; ++ ASN1_OBJECT *otmp; ++ nid = EVP_CIPHER_nid(ctx); + +- switch(nid) { ++ switch (nid) { + +- case NID_rc2_cbc: +- case NID_rc2_64_cbc: +- case NID_rc2_40_cbc: ++ case NID_rc2_cbc: ++ case NID_rc2_64_cbc: ++ case NID_rc2_40_cbc: + +- return NID_rc2_cbc; ++ return NID_rc2_cbc; + +- case NID_rc4: +- case NID_rc4_40: ++ case NID_rc4: ++ case NID_rc4_40: + +- return NID_rc4; ++ return NID_rc4; + +- case NID_aes_128_cfb128: +- case NID_aes_128_cfb8: +- case NID_aes_128_cfb1: ++ case NID_aes_128_cfb128: ++ case NID_aes_128_cfb8: ++ case NID_aes_128_cfb1: + +- return NID_aes_128_cfb128; ++ return NID_aes_128_cfb128; + +- case NID_aes_192_cfb128: +- case NID_aes_192_cfb8: +- case NID_aes_192_cfb1: ++ case NID_aes_192_cfb128: ++ case NID_aes_192_cfb8: ++ case NID_aes_192_cfb1: + +- return NID_aes_192_cfb128; ++ return NID_aes_192_cfb128; + +- case NID_aes_256_cfb128: +- case NID_aes_256_cfb8: +- case NID_aes_256_cfb1: ++ case NID_aes_256_cfb128: ++ case NID_aes_256_cfb8: ++ case NID_aes_256_cfb1: + +- return NID_aes_256_cfb128; ++ return NID_aes_256_cfb128; + +- case NID_des_cfb64: +- case NID_des_cfb8: +- case NID_des_cfb1: ++ case NID_des_cfb64: ++ case NID_des_cfb8: ++ case NID_des_cfb1: + +- return NID_des_cfb64; ++ return NID_des_cfb64; + +- case NID_des_ede3_cfb64: +- case NID_des_ede3_cfb8: +- case NID_des_ede3_cfb1: ++ case NID_des_ede3_cfb64: ++ case NID_des_ede3_cfb8: ++ case NID_des_ede3_cfb1: + +- return NID_des_cfb64; ++ return NID_des_cfb64; + +- default: +- /* Check it has an OID and it is valid */ +- otmp = OBJ_nid2obj(nid); +- if(!otmp || !otmp->data) nid = NID_undef; +- ASN1_OBJECT_free(otmp); +- return nid; +- } ++ default: ++ /* Check it has an OID and it is valid */ ++ otmp = OBJ_nid2obj(nid); ++ if (!otmp || !otmp->data) ++ nid = NID_undef; ++ ASN1_OBJECT_free(otmp); ++ return nid; ++ } + } + + int EVP_CIPHER_block_size(const EVP_CIPHER *e) +- { +- return e->block_size; +- } ++{ ++ return e->block_size; ++} + + int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->cipher->block_size; +- } ++{ ++ return ctx->cipher->block_size; ++} + + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->cipher; +- } ++{ ++ return ctx->cipher; ++} + + unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) +- { +- return cipher->flags; +- } ++{ ++ return cipher->flags; ++} + + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->app_data; +- } ++{ ++ return ctx->app_data; ++} + + void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) +- { +- ctx->app_data = data; +- } ++{ ++ ctx->app_data = data; ++} + + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) +- { +- return cipher->iv_len; +- } ++{ ++ return cipher->iv_len; ++} + + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) +- { +- return cipher->key_len; +- } ++{ ++ return cipher->key_len; ++} + + int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->key_len; +- } ++{ ++ return ctx->key_len; ++} + + int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) +- { +- return ctx->cipher->nid; +- } ++{ ++ return ctx->cipher->nid; ++} + +-int EVP_MD_block_size(const EVP_MD *md) +- { +- return md->block_size; +- } ++int EVP_MD_block_size(const EVP_MD *md) ++{ ++ return md->block_size; ++} + + int EVP_MD_type(const EVP_MD *md) +- { +- return md->type; +- } ++{ ++ return md->type; ++} + + int EVP_MD_pkey_type(const EVP_MD *md) +- { +- return md->pkey_type; +- } ++{ ++ return md->pkey_type; ++} + + int EVP_MD_size(const EVP_MD *md) +- { +- return md->md_size; +- } ++{ ++ return md->md_size; ++} + +-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx) +- { +- return ctx->digest; +- } ++const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) ++{ ++ return ctx->digest; ++} + + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) +- { +- ctx->flags |= flags; +- } ++{ ++ ctx->flags |= flags; ++} + + void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) +- { +- ctx->flags &= ~flags; +- } ++{ ++ ctx->flags &= ~flags; ++} + + int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) +- { +- return (ctx->flags & flags); +- } ++{ ++ return (ctx->flags & flags); ++} + + void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) +- { +- ctx->flags |= flags; +- } ++{ ++ ctx->flags |= flags; ++} + + void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) +- { +- ctx->flags &= ~flags; +- } ++{ ++ ctx->flags &= ~flags; ++} + + int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) +- { +- return (ctx->flags & flags); +- } ++{ ++ return (ctx->flags & flags); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +index 766ea42..e83fbe7 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +@@ -1,6 +1,7 @@ + /* evp_pbe.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -68,103 +69,101 @@ static STACK *pbe_algs; + /* Setup a cipher context from a PBE algorithm */ + + typedef struct { +-int pbe_nid; +-const EVP_CIPHER *cipher; +-const EVP_MD *md; +-EVP_PBE_KEYGEN *keygen; ++ int pbe_nid; ++ const EVP_CIPHER *cipher; ++ const EVP_MD *md; ++ EVP_PBE_KEYGEN *keygen; + } EVP_PBE_CTL; + + int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) ++ ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) + { + +- EVP_PBE_CTL *pbetmp, pbelu; +- int i; +- pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); +- if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); +- else i = -1; ++ EVP_PBE_CTL *pbetmp, pbelu; ++ int i; ++ pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); ++ if (pbelu.pbe_nid != NID_undef) ++ i = sk_find(pbe_algs, (char *)&pbelu); ++ else ++ i = -1; + +- if (i == -1) { +- char obj_tmp[80]; +- EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); +- if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); +- else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); +- ERR_add_error_data(2, "TYPE=", obj_tmp); +- return 0; +- } +- if(!pass) passlen = 0; +- else if (passlen == -1) passlen = strlen(pass); +- pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); +- i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, +- pbetmp->md, en_de); +- if (!i) { +- EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); +- return 0; +- } +- return 1; ++ if (i == -1) { ++ char obj_tmp[80]; ++ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); ++ if (!pbe_obj) ++ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); ++ else ++ i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); ++ ERR_add_error_data(2, "TYPE=", obj_tmp); ++ return 0; ++ } ++ if (!pass) ++ passlen = 0; ++ else if (passlen == -1) ++ passlen = strlen(pass); ++ pbetmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); ++ i = (*pbetmp->keygen) (ctx, pass, passlen, param, pbetmp->cipher, ++ pbetmp->md, en_de); ++ if (!i) { ++ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE); ++ return 0; ++ } ++ return 1; + } + +-static int pbe_cmp(const char * const *a, const char * const *b) ++static int pbe_cmp(const char *const *a, const char *const *b) + { +- const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a, +- * const *pbe2 = (const EVP_PBE_CTL * const *)b; +- return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); ++ const EVP_PBE_CTL *const *pbe1 = (const EVP_PBE_CTL *const *)a, ++ *const *pbe2 = (const EVP_PBE_CTL *const *)b; ++ return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); + } + + /* Add a PBE algorithm */ + + int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, +- EVP_PBE_KEYGEN *keygen) ++ EVP_PBE_KEYGEN *keygen) + { +- EVP_PBE_CTL *pbe_tmp = NULL, pbelu; +- int i; +- if (!pbe_algs) +- { +- pbe_algs = sk_new(pbe_cmp); +- if (!pbe_algs) +- { +- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- else +- { +- /* Check if already present */ +- pbelu.pbe_nid = nid; +- i = sk_find(pbe_algs, (char *)&pbelu); +- if (i >= 0) +- { +- pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); +- /* If everything identical leave alone */ +- if (pbe_tmp->cipher == cipher +- && pbe_tmp->md == md +- && pbe_tmp->keygen == keygen) +- return 1; +- } +- } ++ EVP_PBE_CTL *pbe_tmp = NULL, pbelu; ++ int i; ++ if (!pbe_algs) { ++ pbe_algs = sk_new(pbe_cmp); ++ if (!pbe_algs) { ++ EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } else { ++ /* Check if already present */ ++ pbelu.pbe_nid = nid; ++ i = sk_find(pbe_algs, (char *)&pbelu); ++ if (i >= 0) { ++ pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i); ++ /* If everything identical leave alone */ ++ if (pbe_tmp->cipher == cipher ++ && pbe_tmp->md == md && pbe_tmp->keygen == keygen) ++ return 1; ++ } ++ } + +- if (!pbe_tmp) +- { +- pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL)); +- if (!pbe_tmp) +- { +- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- /* If adding a new PBE, set nid, append and sort */ +- pbe_tmp->pbe_nid = nid; +- sk_push (pbe_algs, (char *)pbe_tmp); +- sk_sort(pbe_algs); +- } +- +- pbe_tmp->cipher = cipher; +- pbe_tmp->md = md; +- pbe_tmp->keygen = keygen; +- return 1; ++ if (!pbe_tmp) { ++ pbe_tmp = OPENSSL_malloc(sizeof(EVP_PBE_CTL)); ++ if (!pbe_tmp) { ++ EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ /* If adding a new PBE, set nid, append and sort */ ++ pbe_tmp->pbe_nid = nid; ++ sk_push(pbe_algs, (char *)pbe_tmp); ++ sk_sort(pbe_algs); ++ } ++ ++ pbe_tmp->cipher = cipher; ++ pbe_tmp->md = md; ++ pbe_tmp->keygen = keygen; ++ return 1; + } + + void EVP_PBE_cleanup(void) + { +- sk_pop_free(pbe_algs, OPENSSL_freeFunc); +- pbe_algs = NULL; ++ sk_pop_free(pbe_algs, OPENSSL_freeFunc); ++ pbe_algs = NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +index 10d9e9e..bc4d5c2 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +@@ -1,6 +1,7 @@ + /* evp_pkey.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,10 +63,10 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #include + +@@ -80,654 +81,641 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); + + EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) + { +- EVP_PKEY *pkey = NULL; ++ EVP_PKEY *pkey = NULL; + #ifndef OPENSSL_NO_RSA +- RSA *rsa = NULL; ++ RSA *rsa = NULL; + #endif + #ifndef OPENSSL_NO_DSA +- DSA *dsa = NULL; +- ASN1_TYPE *t1, *t2; +- ASN1_INTEGER *privkey; +- STACK_OF(ASN1_TYPE) *ndsa = NULL; ++ DSA *dsa = NULL; ++ ASN1_TYPE *t1, *t2; ++ ASN1_INTEGER *privkey; ++ STACK_OF(ASN1_TYPE) *ndsa = NULL; + #endif + #ifndef OPENSSL_NO_EC +- EC_KEY *eckey = NULL; +- const unsigned char *p_tmp; ++ EC_KEY *eckey = NULL; ++ const unsigned char *p_tmp; + #endif + #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) +- ASN1_TYPE *param = NULL; +- BN_CTX *ctx = NULL; +- int plen; ++ ASN1_TYPE *param = NULL; ++ BN_CTX *ctx = NULL; ++ int plen; + #endif +- X509_ALGOR *a; +- const unsigned char *p; +- const unsigned char *cp; +- int pkeylen; +- int nid; +- char obj_tmp[80]; +- +- if(p8->pkey->type == V_ASN1_OCTET_STRING) { +- p8->broken = PKCS8_OK; +- p = p8->pkey->value.octet_string->data; +- pkeylen = p8->pkey->value.octet_string->length; +- } else { +- p8->broken = PKCS8_NO_OCTET; +- p = p8->pkey->value.sequence->data; +- pkeylen = p8->pkey->value.sequence->length; +- } +- if (!(pkey = EVP_PKEY_new())) { +- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- a = p8->pkeyalg; +- nid = OBJ_obj2nid(a->algorithm); +- switch(nid) +- { ++ X509_ALGOR *a; ++ const unsigned char *p; ++ const unsigned char *cp; ++ int pkeylen; ++ int nid; ++ char obj_tmp[80]; ++ ++ if (p8->pkey->type == V_ASN1_OCTET_STRING) { ++ p8->broken = PKCS8_OK; ++ p = p8->pkey->value.octet_string->data; ++ pkeylen = p8->pkey->value.octet_string->length; ++ } else { ++ p8->broken = PKCS8_NO_OCTET; ++ p = p8->pkey->value.sequence->data; ++ pkeylen = p8->pkey->value.sequence->length; ++ } ++ if (!(pkey = EVP_PKEY_new())) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ a = p8->pkeyalg; ++ nid = OBJ_obj2nid(a->algorithm); ++ switch (nid) { + #ifndef OPENSSL_NO_RSA +- case NID_rsaEncryption: +- cp = p; +- if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- return NULL; +- } +- EVP_PKEY_assign_RSA (pkey, rsa); +- break; ++ case NID_rsaEncryption: ++ cp = p; ++ if (!(rsa = d2i_RSAPrivateKey(NULL, &cp, pkeylen))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ return NULL; ++ } ++ EVP_PKEY_assign_RSA(pkey, rsa); ++ break; + #endif + #ifndef OPENSSL_NO_DSA +- case NID_dsa: +- /* PKCS#8 DSA is weird: you just get a private key integer +- * and parameters in the AlgorithmIdentifier the pubkey must +- * be recalculated. +- */ +- +- /* Check for broken DSA PKCS#8, UGH! */ +- if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { +- if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, +- d2i_ASN1_TYPE, +- ASN1_TYPE_free))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- if(sk_ASN1_TYPE_num(ndsa) != 2 ) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- /* Handle Two broken types: +- * SEQUENCE {parameters, priv_key} +- * SEQUENCE {pub_key, priv_key} +- */ +- +- t1 = sk_ASN1_TYPE_value(ndsa, 0); +- t2 = sk_ASN1_TYPE_value(ndsa, 1); +- if(t1->type == V_ASN1_SEQUENCE) { +- p8->broken = PKCS8_EMBEDDED_PARAM; +- param = t1; +- } else if(a->parameter->type == V_ASN1_SEQUENCE) { +- p8->broken = PKCS8_NS_DB; +- param = a->parameter; +- } else { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- +- if(t2->type != V_ASN1_INTEGER) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- privkey = t2->value.integer; +- } else { +- if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- param = p8->pkeyalg->parameter; +- } +- if (!param || (param->type != V_ASN1_SEQUENCE)) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- cp = p = param->value.sequence->data; +- plen = param->value.sequence->length; +- if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto dsaerr; +- } +- /* We have parameters now set private key */ +- if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { +- EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); +- goto dsaerr; +- } +- /* Calculate public key (ouch!) */ +- if (!(dsa->pub_key = BN_new())) { +- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); +- goto dsaerr; +- } +- if (!(ctx = BN_CTX_new())) { +- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); +- goto dsaerr; +- } +- +- if (!BN_mod_exp(dsa->pub_key, dsa->g, +- dsa->priv_key, dsa->p, ctx)) { +- +- EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); +- goto dsaerr; +- } +- +- EVP_PKEY_assign_DSA(pkey, dsa); +- BN_CTX_free (ctx); +- if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- else ASN1_INTEGER_free(privkey); +- break; +- dsaerr: +- BN_CTX_free (ctx); +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- DSA_free(dsa); +- EVP_PKEY_free(pkey); +- return NULL; +- break; ++ case NID_dsa: ++ /* ++ * PKCS#8 DSA is weird: you just get a private key integer and ++ * parameters in the AlgorithmIdentifier the pubkey must be ++ * recalculated. ++ */ ++ ++ /* Check for broken DSA PKCS#8, UGH! */ ++ if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { ++ if (!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, ++ d2i_ASN1_TYPE, ++ ASN1_TYPE_free))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ if (sk_ASN1_TYPE_num(ndsa) != 2) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ /* ++ * Handle Two broken types: SEQUENCE {parameters, priv_key} ++ * SEQUENCE {pub_key, priv_key} ++ */ ++ ++ t1 = sk_ASN1_TYPE_value(ndsa, 0); ++ t2 = sk_ASN1_TYPE_value(ndsa, 1); ++ if (t1->type == V_ASN1_SEQUENCE) { ++ p8->broken = PKCS8_EMBEDDED_PARAM; ++ param = t1; ++ } else if (a->parameter->type == V_ASN1_SEQUENCE) { ++ p8->broken = PKCS8_NS_DB; ++ param = a->parameter; ++ } else { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ ++ if (t2->type != V_ASN1_INTEGER) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ privkey = t2->value.integer; ++ } else { ++ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pkeylen))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ param = p8->pkeyalg->parameter; ++ } ++ if (!param || (param->type != V_ASN1_SEQUENCE)) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ cp = p = param->value.sequence->data; ++ plen = param->value.sequence->length; ++ if (!(dsa = d2i_DSAparams(NULL, &cp, plen))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto dsaerr; ++ } ++ /* We have parameters now set private key */ ++ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR); ++ goto dsaerr; ++ } ++ /* Calculate public key (ouch!) */ ++ if (!(dsa->pub_key = BN_new())) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); ++ goto dsaerr; ++ } ++ if (!(ctx = BN_CTX_new())) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); ++ goto dsaerr; ++ } ++ ++ if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { ++ ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_PUBKEY_ERROR); ++ goto dsaerr; ++ } ++ ++ EVP_PKEY_assign_DSA(pkey, dsa); ++ BN_CTX_free(ctx); ++ if (ndsa) ++ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); ++ else ++ ASN1_INTEGER_free(privkey); ++ break; ++ dsaerr: ++ BN_CTX_free(ctx); ++ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); ++ DSA_free(dsa); ++ EVP_PKEY_free(pkey); ++ return NULL; ++ break; + #endif + #ifndef OPENSSL_NO_EC +- case NID_X9_62_id_ecPublicKey: +- p_tmp = p; +- /* extract the ec parameters */ +- param = p8->pkeyalg->parameter; +- +- if (!param || ((param->type != V_ASN1_SEQUENCE) && +- (param->type != V_ASN1_OBJECT))) +- { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto ecerr; +- } +- +- if (param->type == V_ASN1_SEQUENCE) +- { +- cp = p = param->value.sequence->data; +- plen = param->value.sequence->length; +- +- if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) +- { +- EVPerr(EVP_F_EVP_PKCS82PKEY, +- EVP_R_DECODE_ERROR); +- goto ecerr; +- } +- } +- else +- { +- EC_GROUP *group; +- cp = p = param->value.object->data; +- plen = param->value.object->length; +- +- /* type == V_ASN1_OBJECT => the parameters are given +- * by an asn1 OID +- */ +- if ((eckey = EC_KEY_new()) == NULL) +- { +- EVPerr(EVP_F_EVP_PKCS82PKEY, +- ERR_R_MALLOC_FAILURE); +- goto ecerr; +- } +- group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); +- if (group == NULL) +- goto ecerr; +- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); +- if (EC_KEY_set_group(eckey, group) == 0) +- goto ecerr; +- EC_GROUP_free(group); +- } +- +- /* We have parameters now set private key */ +- if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) +- { +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); +- goto ecerr; +- } +- +- /* calculate public key (if necessary) */ +- if (EC_KEY_get0_public_key(eckey) == NULL) +- { +- const BIGNUM *priv_key; +- const EC_GROUP *group; +- EC_POINT *pub_key; +- /* the public key was not included in the SEC1 private +- * key => calculate the public key */ +- group = EC_KEY_get0_group(eckey); +- pub_key = EC_POINT_new(group); +- if (pub_key == NULL) +- { +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) +- { +- EC_POINT_free(pub_key); +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- priv_key = EC_KEY_get0_private_key(eckey); +- if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) +- { +- EC_POINT_free(pub_key); +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- if (EC_KEY_set_public_key(eckey, pub_key) == 0) +- { +- EC_POINT_free(pub_key); +- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); +- goto ecerr; +- } +- EC_POINT_free(pub_key); +- } +- +- EVP_PKEY_assign_EC_KEY(pkey, eckey); +- if (ctx) +- BN_CTX_free(ctx); +- break; +-ecerr: +- if (ctx) +- BN_CTX_free(ctx); +- if (eckey) +- EC_KEY_free(eckey); +- if (pkey) +- EVP_PKEY_free(pkey); +- return NULL; ++ case NID_X9_62_id_ecPublicKey: ++ p_tmp = p; ++ /* extract the ec parameters */ ++ param = p8->pkeyalg->parameter; ++ ++ if (!param || ((param->type != V_ASN1_SEQUENCE) && ++ (param->type != V_ASN1_OBJECT))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto ecerr; ++ } ++ ++ if (param->type == V_ASN1_SEQUENCE) { ++ cp = p = param->value.sequence->data; ++ plen = param->value.sequence->length; ++ ++ if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto ecerr; ++ } ++ } else { ++ EC_GROUP *group; ++ cp = p = param->value.object->data; ++ plen = param->value.object->length; ++ ++ /* ++ * type == V_ASN1_OBJECT => the parameters are given by an asn1 ++ * OID ++ */ ++ if ((eckey = EC_KEY_new()) == NULL) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); ++ goto ecerr; ++ } ++ group = ++ EC_GROUP_new_by_curve_name(OBJ_obj2nid ++ (a->parameter->value.object)); ++ if (group == NULL) ++ goto ecerr; ++ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); ++ if (EC_KEY_set_group(eckey, group) == 0) ++ goto ecerr; ++ EC_GROUP_free(group); ++ } ++ ++ /* We have parameters now set private key */ ++ if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); ++ goto ecerr; ++ } ++ ++ /* calculate public key (if necessary) */ ++ if (EC_KEY_get0_public_key(eckey) == NULL) { ++ const BIGNUM *priv_key; ++ const EC_GROUP *group; ++ EC_POINT *pub_key; ++ /* ++ * the public key was not included in the SEC1 private key => ++ * calculate the public key ++ */ ++ group = EC_KEY_get0_group(eckey); ++ pub_key = EC_POINT_new(group); ++ if (pub_key == NULL) { ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); ++ goto ecerr; ++ } ++ if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { ++ EC_POINT_free(pub_key); ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); ++ goto ecerr; ++ } ++ priv_key = EC_KEY_get0_private_key(eckey); ++ if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { ++ EC_POINT_free(pub_key); ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); ++ goto ecerr; ++ } ++ if (EC_KEY_set_public_key(eckey, pub_key) == 0) { ++ EC_POINT_free(pub_key); ++ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); ++ goto ecerr; ++ } ++ EC_POINT_free(pub_key); ++ } ++ ++ EVP_PKEY_assign_EC_KEY(pkey, eckey); ++ if (ctx) ++ BN_CTX_free(ctx); ++ break; ++ ecerr: ++ if (ctx) ++ BN_CTX_free(ctx); ++ if (eckey) ++ EC_KEY_free(eckey); ++ if (pkey) ++ EVP_PKEY_free(pkey); ++ return NULL; + #endif +- default: +- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); +- if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); +- else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); +- ERR_add_error_data(2, "TYPE=", obj_tmp); +- EVP_PKEY_free (pkey); +- return NULL; +- } +- return pkey; ++ default: ++ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); ++ if (!a->algorithm) ++ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); ++ else ++ i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ++ ERR_add_error_data(2, "TYPE=", obj_tmp); ++ EVP_PKEY_free(pkey); ++ return NULL; ++ } ++ return pkey; + } + + PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) + { +- return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); ++ return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); + } + + /* Turn a private key into a PKCS8 structure */ + + PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) + { +- PKCS8_PRIV_KEY_INFO *p8; +- +- if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- p8->broken = broken; +- if (!ASN1_INTEGER_set(p8->version, 0)) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); +- PKCS8_PRIV_KEY_INFO_free (p8); +- return NULL; +- } +- if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); +- PKCS8_PRIV_KEY_INFO_free (p8); +- return NULL; +- } +- p8->pkey->type = V_ASN1_OCTET_STRING; +- switch (EVP_PKEY_type(pkey->type)) { ++ PKCS8_PRIV_KEY_INFO *p8; ++ ++ if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ p8->broken = broken; ++ if (!ASN1_INTEGER_set(p8->version, 0)) { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return NULL; ++ } ++ if (!(p8->pkeyalg->parameter = ASN1_TYPE_new())) { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return NULL; ++ } ++ p8->pkey->type = V_ASN1_OCTET_STRING; ++ switch (EVP_PKEY_type(pkey->type)) { + #ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- +- if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; +- +- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); +- p8->pkeyalg->parameter->type = V_ASN1_NULL; +- if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey, +- &p8->pkey->value.octet_string)) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE); +- PKCS8_PRIV_KEY_INFO_free (p8); +- return NULL; +- } +- break; ++ case EVP_PKEY_RSA: ++ ++ if (p8->broken == PKCS8_NO_OCTET) ++ p8->pkey->type = V_ASN1_SEQUENCE; ++ ++ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); ++ p8->pkeyalg->parameter->type = V_ASN1_NULL; ++ if (!ASN1_pack_string_of(EVP_PKEY, pkey, i2d_PrivateKey, ++ &p8->pkey->value.octet_string)) { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return NULL; ++ } ++ break; + #endif + #ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- if(!dsa_pkey2pkcs8(p8, pkey)) { +- PKCS8_PRIV_KEY_INFO_free (p8); +- return NULL; +- } ++ case EVP_PKEY_DSA: ++ if (!dsa_pkey2pkcs8(p8, pkey)) { ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return NULL; ++ } + +- break; ++ break; + #endif + #ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- if (!eckey_pkey2pkcs8(p8, pkey)) +- { +- PKCS8_PRIV_KEY_INFO_free(p8); +- return(NULL); +- } +- break; ++ case EVP_PKEY_EC: ++ if (!eckey_pkey2pkcs8(p8, pkey)) { ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return (NULL); ++ } ++ break; + #endif +- default: +- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); +- PKCS8_PRIV_KEY_INFO_free (p8); +- return NULL; +- } +- RAND_add(p8->pkey->value.octet_string->data, +- p8->pkey->value.octet_string->length, 0.0); +- return p8; ++ default: ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ++ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ return NULL; ++ } ++ RAND_add(p8->pkey->value.octet_string->data, ++ p8->pkey->value.octet_string->length, 0.0); ++ return p8; + } + + PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) + { +- switch (broken) { +- +- case PKCS8_OK: +- p8->broken = PKCS8_OK; +- return p8; +- break; +- +- case PKCS8_NO_OCTET: +- p8->broken = PKCS8_NO_OCTET; +- p8->pkey->type = V_ASN1_SEQUENCE; +- return p8; +- break; +- +- default: +- EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); +- return NULL; +- } ++ switch (broken) { ++ ++ case PKCS8_OK: ++ p8->broken = PKCS8_OK; ++ return p8; ++ break; ++ ++ case PKCS8_NO_OCTET: ++ p8->broken = PKCS8_NO_OCTET; ++ p8->pkey->type = V_ASN1_SEQUENCE; ++ return p8; ++ break; ++ ++ default: ++ EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); ++ return NULL; ++ } + } + + #ifndef OPENSSL_NO_DSA + static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) + { +- ASN1_STRING *params = NULL; +- ASN1_INTEGER *prkey = NULL; +- ASN1_TYPE *ttmp = NULL; +- STACK_OF(ASN1_TYPE) *ndsa = NULL; +- unsigned char *p = NULL, *q; +- int len; +- +- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); +- len = i2d_DSAparams (pkey->pkey.dsa, NULL); +- if (!(p = OPENSSL_malloc(len))) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- q = p; +- i2d_DSAparams (pkey->pkey.dsa, &q); +- if (!(params = ASN1_STRING_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!ASN1_STRING_set(params, p, len)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- OPENSSL_free(p); +- p = NULL; +- /* Get private key into integer */ +- if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); +- goto err; +- } +- +- switch(p8->broken) { +- +- case PKCS8_OK: +- case PKCS8_NO_OCTET: +- +- if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER, +- &p8->pkey->value.octet_string)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- M_ASN1_INTEGER_free (prkey); +- prkey = NULL; +- p8->pkeyalg->parameter->value.sequence = params; +- params = NULL; +- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; +- +- break; +- +- case PKCS8_NS_DB: +- +- p8->pkeyalg->parameter->value.sequence = params; +- params = NULL; +- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; +- if (!(ndsa = sk_ASN1_TYPE_new_null())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!(ttmp->value.integer = +- BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR); +- goto err; +- } +- ttmp->type = V_ASN1_INTEGER; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp->value.integer = prkey; +- prkey = NULL; +- ttmp->type = V_ASN1_INTEGER; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp = NULL; +- +- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, +- &p8->pkey->value.octet_string->data, +- &p8->pkey->value.octet_string->length)) { +- +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- break; +- +- case PKCS8_EMBEDDED_PARAM: +- +- p8->pkeyalg->parameter->type = V_ASN1_NULL; +- if (!(ndsa = sk_ASN1_TYPE_new_null())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp->value.sequence = params; +- params = NULL; +- ttmp->type = V_ASN1_SEQUENCE; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!(ttmp = ASN1_TYPE_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp->value.integer = prkey; +- prkey = NULL; +- ttmp->type = V_ASN1_INTEGER; +- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ttmp = NULL; +- +- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, +- &p8->pkey->value.octet_string->data, +- &p8->pkey->value.octet_string->length)) { +- +- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- break; +- } +- return 1; +-err: +- if (p != NULL) OPENSSL_free(p); +- if (params != NULL) ASN1_STRING_free(params); +- if (prkey != NULL) M_ASN1_INTEGER_free(prkey); +- if (ttmp != NULL) ASN1_TYPE_free(ttmp); +- if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); +- return 0; ++ ASN1_STRING *params = NULL; ++ ASN1_INTEGER *prkey = NULL; ++ ASN1_TYPE *ttmp = NULL; ++ STACK_OF(ASN1_TYPE) *ndsa = NULL; ++ unsigned char *p = NULL, *q; ++ int len; ++ ++ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); ++ len = i2d_DSAparams(pkey->pkey.dsa, NULL); ++ if (!(p = OPENSSL_malloc(len))) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ q = p; ++ i2d_DSAparams(pkey->pkey.dsa, &q); ++ if (!(params = ASN1_STRING_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!ASN1_STRING_set(params, p, len)) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ OPENSSL_free(p); ++ p = NULL; ++ /* Get private key into integer */ ++ if (!(prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL))) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); ++ goto err; ++ } ++ ++ switch (p8->broken) { ++ ++ case PKCS8_OK: ++ case PKCS8_NO_OCTET: ++ ++ if (!ASN1_pack_string_of(ASN1_INTEGER, prkey, i2d_ASN1_INTEGER, ++ &p8->pkey->value.octet_string)) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ M_ASN1_INTEGER_free(prkey); ++ prkey = NULL; ++ p8->pkeyalg->parameter->value.sequence = params; ++ params = NULL; ++ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; ++ ++ break; ++ ++ case PKCS8_NS_DB: ++ ++ p8->pkeyalg->parameter->value.sequence = params; ++ params = NULL; ++ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; ++ if (!(ndsa = sk_ASN1_TYPE_new_null())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!(ttmp = ASN1_TYPE_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!(ttmp->value.integer = ++ BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR); ++ goto err; ++ } ++ ttmp->type = V_ASN1_INTEGER; ++ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!(ttmp = ASN1_TYPE_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ttmp->value.integer = prkey; ++ prkey = NULL; ++ ttmp->type = V_ASN1_INTEGER; ++ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ttmp = NULL; ++ ++ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, ++ &p8->pkey->value.octet_string->data, ++ &p8->pkey->value.octet_string->length)) { ++ ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); ++ break; ++ ++ case PKCS8_EMBEDDED_PARAM: ++ ++ p8->pkeyalg->parameter->type = V_ASN1_NULL; ++ if (!(ndsa = sk_ASN1_TYPE_new_null())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!(ttmp = ASN1_TYPE_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ttmp->value.sequence = params; ++ params = NULL; ++ ttmp->type = V_ASN1_SEQUENCE; ++ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!(ttmp = ASN1_TYPE_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ttmp->value.integer = prkey; ++ prkey = NULL; ++ ttmp->type = V_ASN1_INTEGER; ++ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ttmp = NULL; ++ ++ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) { ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, ++ &p8->pkey->value.octet_string->data, ++ &p8->pkey->value.octet_string->length)) { ++ ++ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); ++ break; ++ } ++ return 1; ++ err: ++ if (p != NULL) ++ OPENSSL_free(p); ++ if (params != NULL) ++ ASN1_STRING_free(params); ++ if (prkey != NULL) ++ M_ASN1_INTEGER_free(prkey); ++ if (ttmp != NULL) ++ ASN1_TYPE_free(ttmp); ++ if (ndsa != NULL) ++ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); ++ return 0; + } + #endif + + #ifndef OPENSSL_NO_EC + static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) + { +- EC_KEY *ec_key; +- const EC_GROUP *group; +- unsigned char *p, *pp; +- int nid, i, ret = 0; +- unsigned int tmp_flags, old_flags; +- +- ec_key = pkey->pkey.ec; +- if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); +- return 0; +- } +- +- /* set the ec parameters OID */ +- if (p8->pkeyalg->algorithm) +- ASN1_OBJECT_free(p8->pkeyalg->algorithm); +- +- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); +- +- /* set the ec parameters */ +- +- if (p8->pkeyalg->parameter) +- { +- ASN1_TYPE_free(p8->pkeyalg->parameter); +- p8->pkeyalg->parameter = NULL; +- } +- +- if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- if (EC_GROUP_get_asn1_flag(group) +- && (nid = EC_GROUP_get_curve_name(group))) +- { +- /* we have a 'named curve' => just set the OID */ +- p8->pkeyalg->parameter->type = V_ASN1_OBJECT; +- p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); +- } +- else /* explicit parameters */ +- { +- if ((i = i2d_ECParameters(ec_key, NULL)) == 0) +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- return 0; +- } +- if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- pp = p; +- if (!i2d_ECParameters(ec_key, &pp)) +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- OPENSSL_free(p); +- return 0; +- } +- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; +- if ((p8->pkeyalg->parameter->value.sequence +- = ASN1_STRING_new()) == NULL) +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); +- OPENSSL_free(p); +- return 0; +- } +- ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); +- OPENSSL_free(p); +- } +- +- /* set the private key */ +- +- /* do not include the parameters in the SEC1 private key +- * see PKCS#11 12.11 */ +- old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); +- tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; +- EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); +- i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); +- if (!i) +- { +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- return 0; +- } +- p = (unsigned char *) OPENSSL_malloc(i); +- if (!p) +- { +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- pp = p; +- if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) +- { +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); +- OPENSSL_free(p); +- return 0; +- } +- /* restore old encoding flags */ +- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); +- +- switch(p8->broken) { +- +- case PKCS8_OK: +- p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); +- if (!p8->pkey->value.octet_string || +- !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, +- (const void *)p, i)) +- +- { +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); +- } +- else +- ret = 1; +- break; +- case PKCS8_NO_OCTET: /* RSA specific */ +- case PKCS8_NS_DB: /* DSA specific */ +- case PKCS8_EMBEDDED_PARAM: /* DSA specific */ +- default: +- EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); +- } +- OPENSSL_cleanse(p, (size_t)i); +- OPENSSL_free(p); +- return ret; ++ EC_KEY *ec_key; ++ const EC_GROUP *group; ++ unsigned char *p, *pp; ++ int nid, i, ret = 0; ++ unsigned int tmp_flags, old_flags; ++ ++ ec_key = pkey->pkey.ec; ++ if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); ++ return 0; ++ } ++ ++ /* set the ec parameters OID */ ++ if (p8->pkeyalg->algorithm) ++ ASN1_OBJECT_free(p8->pkeyalg->algorithm); ++ ++ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); ++ ++ /* set the ec parameters */ ++ ++ if (p8->pkeyalg->parameter) { ++ ASN1_TYPE_free(p8->pkeyalg->parameter); ++ p8->pkeyalg->parameter = NULL; ++ } ++ ++ if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ if (EC_GROUP_get_asn1_flag(group) ++ && (nid = EC_GROUP_get_curve_name(group))) { ++ /* we have a 'named curve' => just set the OID */ ++ p8->pkeyalg->parameter->type = V_ASN1_OBJECT; ++ p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); ++ } else { /* explicit parameters */ ++ ++ if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); ++ return 0; ++ } ++ if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ pp = p; ++ if (!i2d_ECParameters(ec_key, &pp)) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); ++ OPENSSL_free(p); ++ return 0; ++ } ++ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; ++ if ((p8->pkeyalg->parameter->value.sequence ++ = ASN1_STRING_new()) == NULL) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); ++ OPENSSL_free(p); ++ return 0; ++ } ++ ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); ++ OPENSSL_free(p); ++ } ++ ++ /* set the private key */ ++ ++ /* ++ * do not include the parameters in the SEC1 private key see PKCS#11 ++ * 12.11 ++ */ ++ old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); ++ tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; ++ EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); ++ i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); ++ if (!i) { ++ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); ++ return 0; ++ } ++ p = (unsigned char *)OPENSSL_malloc(i); ++ if (!p) { ++ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ pp = p; ++ if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) { ++ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); ++ OPENSSL_free(p); ++ return 0; ++ } ++ /* restore old encoding flags */ ++ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); ++ ++ switch (p8->broken) { ++ ++ case PKCS8_OK: ++ p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); ++ if (!p8->pkey->value.octet_string || ++ !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, ++ (const void *)p, i)) { ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ } else ++ ret = 1; ++ break; ++ case PKCS8_NO_OCTET: /* RSA specific */ ++ case PKCS8_NS_DB: /* DSA specific */ ++ case PKCS8_EMBEDDED_PARAM: /* DSA specific */ ++ default: ++ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_ENCODE_ERROR); ++ } ++ OPENSSL_cleanse(p, (size_t)i); ++ OPENSSL_free(p); ++ return ret; + } + #endif + +@@ -735,60 +723,60 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key) + { +- return X509at_get_attr_count(key->attributes); ++ return X509at_get_attr_count(key->attributes); + } + +-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, +- int lastpos) ++int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) + { +- return X509at_get_attr_by_NID(key->attributes, nid, lastpos); ++ return X509at_get_attr_by_NID(key->attributes, nid, lastpos); + } + + int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, +- int lastpos) ++ int lastpos) + { +- return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); ++ return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); + } + + X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) + { +- return X509at_get_attr(key->attributes, loc); ++ return X509at_get_attr(key->attributes, loc); + } + + X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) + { +- return X509at_delete_attr(key->attributes, loc); ++ return X509at_delete_attr(key->attributes, loc); + } + + int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) + { +- if(X509at_add1_attr(&key->attributes, attr)) return 1; +- return 0; ++ if (X509at_add1_attr(&key->attributes, attr)) ++ return 1; ++ return 0; + } + + int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, +- const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len) ++ const ASN1_OBJECT *obj, int type, ++ const unsigned char *bytes, int len) + { +- if(X509at_add1_attr_by_OBJ(&key->attributes, obj, +- type, bytes, len)) return 1; +- return 0; ++ if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) ++ return 1; ++ return 0; + } + + int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, +- int nid, int type, +- const unsigned char *bytes, int len) ++ int nid, int type, ++ const unsigned char *bytes, int len) + { +- if(X509at_add1_attr_by_NID(&key->attributes, nid, +- type, bytes, len)) return 1; +- return 0; ++ if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) ++ return 1; ++ return 0; + } + + int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, +- const char *attrname, int type, +- const unsigned char *bytes, int len) ++ const char *attrname, int type, ++ const unsigned char *bytes, int len) + { +- if(X509at_add1_attr_by_txt(&key->attributes, attrname, +- type, bytes, len)) return 1; +- return 0; ++ if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len)) ++ return 1; ++ return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +index 6b0c0aa..24c852d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_dss.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,38 +62,43 @@ + #include + #include + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + + #ifndef OPENSSL_NO_SHA + + static int init(EVP_MD_CTX *ctx) +- { return SHA1_Init(ctx->md_data); } ++{ ++ return SHA1_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA1_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA1_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} + +-static const EVP_MD dsa_md= +- { +- NID_dsaWithSHA, +- NID_dsaWithSHA, +- SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_FIPS, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_DSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA_CTX), +- }; ++static const EVP_MD dsa_md = { ++ NID_dsaWithSHA, ++ NID_dsaWithSHA, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_FIPS, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; + + const EVP_MD *EVP_dss(void) +- { +- return(&dsa_md); +- } ++{ ++ return (&dsa_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +index da8babc..137eb36 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,43 +61,48 @@ + + #ifndef OPENSSL_NO_SHA + +-#include +-#include +-#include +-#ifndef OPENSSL_NO_DSA +-#include +-#endif ++# include ++# include ++# include ++# ifndef OPENSSL_NO_DSA ++# include ++# endif + +-#ifndef OPENSSL_FIPS ++# ifndef OPENSSL_FIPS + + static int init(EVP_MD_CTX *ctx) +- { return SHA1_Init(ctx->md_data); } ++{ ++ return SHA1_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA1_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA1_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} + +-static const EVP_MD dss1_md= +- { +- NID_dsa, +- NID_dsaWithSHA1, +- SHA_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_DSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA_CTX), +- }; ++static const EVP_MD dss1_md = { ++ NID_dsa, ++ NID_dsaWithSHA1, ++ SHA_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; + + const EVP_MD *EVP_dss1(void) +- { +- return(&dss1_md); +- } +-#endif ++{ ++ return (&dss1_md); ++} ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +index fad270f..aef84c2 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,21 +58,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -87,10 +87,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -102,7 +102,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -117,32 +117,37 @@ + + #ifndef OPENSSL_NO_SHA + static int init(EVP_MD_CTX *ctx) +- { return SHA1_Init(ctx->md_data); } ++{ ++ return SHA1_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA1_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA1_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} + +-static const EVP_MD ecdsa_md= +- { +- NID_ecdsa_with_SHA1, +- NID_ecdsa_with_SHA1, +- SHA_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_ECDSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA_CTX), +- }; ++static const EVP_MD ecdsa_md = { ++ NID_ecdsa_with_SHA1, ++ NID_ecdsa_with_SHA1, ++ SHA_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_ECDSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; + + const EVP_MD *EVP_ecdsa(void) +- { +- return(&ecdsa_md); +- } ++{ ++ return (&ecdsa_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +index 8eee623..7c6efd1 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,41 +62,46 @@ + + #ifndef OPENSSL_NO_MD2 + +-#include +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif ++# include ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) +- { return MD2_Init(ctx->md_data); } ++{ ++ return MD2_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return MD2_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return MD2_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return MD2_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return MD2_Final(md, ctx->md_data); ++} + +-static const EVP_MD md2_md= +- { +- NID_md2, +- NID_md2WithRSAEncryption, +- MD2_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- MD2_BLOCK, +- sizeof(EVP_MD *)+sizeof(MD2_CTX), +- }; ++static const EVP_MD md2_md = { ++ NID_md2, ++ NID_md2WithRSAEncryption, ++ MD2_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ MD2_BLOCK, ++ sizeof(EVP_MD *) + sizeof(MD2_CTX), ++}; + + const EVP_MD *EVP_md2(void) +- { +- return(&md2_md); +- } ++{ ++ return (&md2_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +index 5cd2ab5..01a05ad 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,41 +62,46 @@ + + #ifndef OPENSSL_NO_MD4 + +-#include +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif ++# include ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) +- { return MD4_Init(ctx->md_data); } ++{ ++ return MD4_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return MD4_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return MD4_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return MD4_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return MD4_Final(md, ctx->md_data); ++} + +-static const EVP_MD md4_md= +- { +- NID_md4, +- NID_md4WithRSAEncryption, +- MD4_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- MD4_CBLOCK, +- sizeof(EVP_MD *)+sizeof(MD4_CTX), +- }; ++static const EVP_MD md4_md = { ++ NID_md4, ++ NID_md4WithRSAEncryption, ++ MD4_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ MD4_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(MD4_CTX), ++}; + + const EVP_MD *EVP_md4(void) +- { +- return(&md4_md); +- } ++{ ++ return (&md4_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +index 6455829..5aabcb7 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,42 +61,47 @@ + + #ifndef OPENSSL_NO_MD5 + +-#include +-#include "evp_locl.h" +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif ++# include ++# include "evp_locl.h" ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) +- { return MD5_Init(ctx->md_data); } ++{ ++ return MD5_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return MD5_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return MD5_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return MD5_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return MD5_Final(md, ctx->md_data); ++} + +-static const EVP_MD md5_md= +- { +- NID_md5, +- NID_md5WithRSAEncryption, +- MD5_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- MD5_CBLOCK, +- sizeof(EVP_MD *)+sizeof(MD5_CTX), +- }; ++static const EVP_MD md5_md = { ++ NID_md5, ++ NID_md5WithRSAEncryption, ++ MD5_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ MD5_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(MD5_CTX), ++}; + + const EVP_MD *EVP_md5(void) +- { +- return(&md5_md); +- } ++{ ++ return (&md5_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c +index cb07216..017e1fe 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_null.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_null.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,33 +63,36 @@ + #include + + static int init(EVP_MD_CTX *ctx) +- { return 1; } ++{ ++ return 1; ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return 1; } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return 1; ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return 1; } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return 1; ++} + +-static const EVP_MD null_md= +- { +- NID_undef, +- NID_undef, +- 0, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_NULL_method, +- 0, +- sizeof(EVP_MD *), +- }; ++static const EVP_MD null_md = { ++ NID_undef, ++ NID_undef, ++ 0, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_NULL_method, ++ 0, ++ sizeof(EVP_MD *), ++}; + + const EVP_MD *EVP_md_null(void) +- { +- return(&null_md); +- } +- +- ++{ ++ return (&null_md); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +index a1d60ee..979f77c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,41 +61,46 @@ + + #ifndef OPENSSL_NO_RIPEMD + +-#include +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif ++# include ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) +- { return RIPEMD160_Init(ctx->md_data); } ++{ ++ return RIPEMD160_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return RIPEMD160_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return RIPEMD160_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return RIPEMD160_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return RIPEMD160_Final(md, ctx->md_data); ++} + +-static const EVP_MD ripemd160_md= +- { +- NID_ripemd160, +- NID_ripemd160WithRSA, +- RIPEMD160_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- RIPEMD160_CBLOCK, +- sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), +- }; ++static const EVP_MD ripemd160_md = { ++ NID_ripemd160, ++ NID_ripemd160WithRSA, ++ RIPEMD160_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ RIPEMD160_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), ++}; + + const EVP_MD *EVP_ripemd160(void) +- { +- return(&ripemd160_md); +- } ++{ ++ return (&ripemd160_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +index 3f30dfc..918ca5e 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_sha.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,40 +62,45 @@ + + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) + +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) +- { return SHA_Init(ctx->md_data); } ++{ ++ return SHA_Init(ctx->md_data); ++} + +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA_Update(ctx->md_data,data,count); } ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA_Update(ctx->md_data, data, count); ++} + +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA_Final(md,ctx->md_data); } ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA_Final(md, ctx->md_data); ++} + +-static const EVP_MD sha_md= +- { +- NID_sha, +- NID_shaWithRSAEncryption, +- SHA_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA_CTX), +- }; ++static const EVP_MD sha_md = { ++ NID_sha, ++ NID_shaWithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; + + const EVP_MD *EVP_sha(void) +- { +- return(&sha_md); +- } ++{ ++ return (&sha_md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +index 471ec30..4b10769 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,149 +61,180 @@ + + #ifndef OPENSSL_NO_SHA + +-#include +-#include +-#include +-#ifndef OPENSSL_NO_RSA +-#include +-#endif ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + +-#ifndef OPENSSL_FIPS ++# ifndef OPENSSL_FIPS + + static int init(EVP_MD_CTX *ctx) +- { return SHA1_Init(ctx->md_data); } +- +-static int update(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA1_Update(ctx->md_data,data,count); } +- +-static int final(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA1_Final(md,ctx->md_data); } +- +-static const EVP_MD sha1_md= +- { +- NID_sha1, +- NID_sha1WithRSAEncryption, +- SHA_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA_CTX), +- }; ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD sha1_md = { ++ NID_sha1, ++ NID_sha1WithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; + + const EVP_MD *EVP_sha1(void) +- { +- return(&sha1_md); +- } ++{ ++ return (&sha1_md); ++} + +-#ifndef OPENSSL_NO_SHA256 ++# ifndef OPENSSL_NO_SHA256 + static int init224(EVP_MD_CTX *ctx) +- { return SHA224_Init(ctx->md_data); } ++{ ++ return SHA224_Init(ctx->md_data); ++} ++ + static int init256(EVP_MD_CTX *ctx) +- { return SHA256_Init(ctx->md_data); } ++{ ++ return SHA256_Init(ctx->md_data); ++} ++ + /* + * Even though there're separate SHA224_[Update|Final], we call + * SHA256 functions even in SHA224 context. This is what happens + * there anyway, so we can spare few CPU cycles:-) + */ +-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA256_Update(ctx->md_data,data,count); } +-static int final256(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA256_Final(md,ctx->md_data); } +- +-static const EVP_MD sha224_md= +- { +- NID_sha224, +- NID_sha224WithRSAEncryption, +- SHA224_DIGEST_LENGTH, +- 0, +- init224, +- update256, +- final256, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA256_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA256_CTX), +- }; ++static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA256_Update(ctx->md_data, data, count); ++} ++ ++static int final256(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA256_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD sha224_md = { ++ NID_sha224, ++ NID_sha224WithRSAEncryption, ++ SHA224_DIGEST_LENGTH, ++ 0, ++ init224, ++ update256, ++ final256, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA256_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA256_CTX), ++}; + + const EVP_MD *EVP_sha224(void) +- { return(&sha224_md); } +- +-static const EVP_MD sha256_md= +- { +- NID_sha256, +- NID_sha256WithRSAEncryption, +- SHA256_DIGEST_LENGTH, +- 0, +- init256, +- update256, +- final256, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA256_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA256_CTX), +- }; ++{ ++ return (&sha224_md); ++} ++ ++static const EVP_MD sha256_md = { ++ NID_sha256, ++ NID_sha256WithRSAEncryption, ++ SHA256_DIGEST_LENGTH, ++ 0, ++ init256, ++ update256, ++ final256, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA256_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA256_CTX), ++}; + + const EVP_MD *EVP_sha256(void) +- { return(&sha256_md); } +-#endif /* ifndef OPENSSL_NO_SHA256 */ ++{ ++ return (&sha256_md); ++} ++# endif /* ifndef OPENSSL_NO_SHA256 */ + +-#ifndef OPENSSL_NO_SHA512 ++# ifndef OPENSSL_NO_SHA512 + static int init384(EVP_MD_CTX *ctx) +- { return SHA384_Init(ctx->md_data); } ++{ ++ return SHA384_Init(ctx->md_data); ++} ++ + static int init512(EVP_MD_CTX *ctx) +- { return SHA512_Init(ctx->md_data); } ++{ ++ return SHA512_Init(ctx->md_data); ++} ++ + /* See comment in SHA224/256 section */ +-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count) +- { return SHA512_Update(ctx->md_data,data,count); } +-static int final512(EVP_MD_CTX *ctx,unsigned char *md) +- { return SHA512_Final(md,ctx->md_data); } +- +-static const EVP_MD sha384_md= +- { +- NID_sha384, +- NID_sha384WithRSAEncryption, +- SHA384_DIGEST_LENGTH, +- 0, +- init384, +- update512, +- final512, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA512_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA512_CTX), +- }; ++static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA512_Update(ctx->md_data, data, count); ++} ++ ++static int final512(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA512_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD sha384_md = { ++ NID_sha384, ++ NID_sha384WithRSAEncryption, ++ SHA384_DIGEST_LENGTH, ++ 0, ++ init384, ++ update512, ++ final512, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA512_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA512_CTX), ++}; + + const EVP_MD *EVP_sha384(void) +- { return(&sha384_md); } +- +-static const EVP_MD sha512_md= +- { +- NID_sha512, +- NID_sha512WithRSAEncryption, +- SHA512_DIGEST_LENGTH, +- 0, +- init512, +- update512, +- final512, +- NULL, +- NULL, +- EVP_PKEY_RSA_method, +- SHA512_CBLOCK, +- sizeof(EVP_MD *)+sizeof(SHA512_CTX), +- }; ++{ ++ return (&sha384_md); ++} ++ ++static const EVP_MD sha512_md = { ++ NID_sha512, ++ NID_sha512WithRSAEncryption, ++ SHA512_DIGEST_LENGTH, ++ 0, ++ init512, ++ update512, ++ final512, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA512_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA512_CTX), ++}; + + const EVP_MD *EVP_sha512(void) +- { return(&sha512_md); } +-#endif /* ifndef OPENSSL_NO_SHA512 */ ++{ ++ return (&sha512_md); ++} ++# endif /* ifndef OPENSSL_NO_SHA512 */ + +-#endif ++# endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c +index 945879d..d05c000 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/names.c ++++ b/Cryptlib/OpenSSL/crypto/evp/names.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,68 +63,76 @@ + #include + + int EVP_add_cipher(const EVP_CIPHER *c) +- { +- int r; ++{ ++ int r; + + #ifdef OPENSSL_FIPS +- OPENSSL_init(); ++ OPENSSL_init(); + #endif + +- r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); +- if (r == 0) return(0); +- r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); +- return(r); +- } ++ r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, ++ (const char *)c); ++ if (r == 0) ++ return (0); ++ r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, ++ (const char *)c); ++ return (r); ++} + + int EVP_add_digest(const EVP_MD *md) +- { +- int r; +- const char *name; ++{ ++ int r; ++ const char *name; + + #ifdef OPENSSL_FIPS +- OPENSSL_init(); ++ OPENSSL_init(); + #endif +- name=OBJ_nid2sn(md->type); +- r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); +- if (r == 0) return(0); +- r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md); +- if (r == 0) return(0); ++ name = OBJ_nid2sn(md->type); ++ r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); ++ if (r == 0) ++ return (0); ++ r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, ++ (const char *)md); ++ if (r == 0) ++ return (0); + +- if (md->pkey_type && md->type != md->pkey_type) +- { +- r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), +- OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); +- if (r == 0) return(0); +- r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), +- OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); +- } +- return(r); +- } ++ if (md->pkey_type && md->type != md->pkey_type) { ++ r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), ++ OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); ++ if (r == 0) ++ return (0); ++ r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), ++ OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); ++ } ++ return (r); ++} + + const EVP_CIPHER *EVP_get_cipherbyname(const char *name) +- { +- const EVP_CIPHER *cp; ++{ ++ const EVP_CIPHER *cp; + +- cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH); +- return(cp); +- } ++ cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); ++ return (cp); ++} + + const EVP_MD *EVP_get_digestbyname(const char *name) +- { +- const EVP_MD *cp; ++{ ++ const EVP_MD *cp; + +- cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH); +- return(cp); +- } ++ cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); ++ return (cp); ++} + + void EVP_cleanup(void) +- { +- OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); +- OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); +- /* The above calls will only clean out the contents of the name +- hash table, but not the hash table itself. The following line +- does that part. -- Richard Levitte */ +- OBJ_NAME_cleanup(-1); ++{ ++ OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); ++ OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); ++ /* ++ * The above calls will only clean out the contents of the name hash ++ * table, but not the hash table itself. The following line does that ++ * part. -- Richard Levitte ++ */ ++ OBJ_NAME_cleanup(-1); + +- EVP_PBE_cleanup(); +- } ++ EVP_PBE_cleanup(); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +index 2a265fd..0607fea 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +@@ -1,6 +1,7 @@ + /* p5_crpt.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,98 +63,103 @@ + #include + #include + +-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. ++/* ++ * PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. + */ + + void PKCS5_PBE_add(void) + { + #ifndef OPENSSL_NO_DES +-# ifndef OPENSSL_NO_MD5 +-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_MD2 +-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_SHA +-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), +- PKCS5_PBE_keyivgen); +-# endif ++# ifndef OPENSSL_NO_MD5 ++ EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), ++ PKCS5_PBE_keyivgen); ++# endif ++# ifndef OPENSSL_NO_MD2 ++ EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), ++ PKCS5_PBE_keyivgen); ++# endif ++# ifndef OPENSSL_NO_SHA ++ EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), ++ PKCS5_PBE_keyivgen); ++# endif + #endif + #ifndef OPENSSL_NO_RC2 +-# ifndef OPENSSL_NO_MD5 +-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_MD2 +-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), +- PKCS5_PBE_keyivgen); +-# endif +-# ifndef OPENSSL_NO_SHA +-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), +- PKCS5_PBE_keyivgen); +-# endif ++# ifndef OPENSSL_NO_MD5 ++ EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), ++ PKCS5_PBE_keyivgen); ++# endif ++# ifndef OPENSSL_NO_MD2 ++ EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), ++ PKCS5_PBE_keyivgen); ++# endif ++# ifndef OPENSSL_NO_SHA ++ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), ++ PKCS5_PBE_keyivgen); ++# endif + #endif + #ifndef OPENSSL_NO_HMAC +-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); + #endif + } + + int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, +- int en_de) ++ ASN1_TYPE *param, const EVP_CIPHER *cipher, ++ const EVP_MD *md, int en_de) + { +- EVP_MD_CTX ctx; +- unsigned char md_tmp[EVP_MAX_MD_SIZE]; +- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; +- int i; +- PBEPARAM *pbe; +- int saltlen, iter; +- unsigned char *salt; +- const unsigned char *pbuf; ++ EVP_MD_CTX ctx; ++ unsigned char md_tmp[EVP_MAX_MD_SIZE]; ++ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; ++ int i; ++ PBEPARAM *pbe; ++ int saltlen, iter; ++ unsigned char *salt; ++ const unsigned char *pbuf; + +- /* Extract useful info from parameter */ +- if (param == NULL || param->type != V_ASN1_SEQUENCE || +- param->value.sequence == NULL) { +- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); +- return 0; +- } ++ /* Extract useful info from parameter */ ++ if (param == NULL || param->type != V_ASN1_SEQUENCE || ++ param->value.sequence == NULL) { ++ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ return 0; ++ } + +- pbuf = param->value.sequence->data; +- if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { +- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); +- return 0; +- } ++ pbuf = param->value.sequence->data; ++ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { ++ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ return 0; ++ } + +- if (!pbe->iter) iter = 1; +- else iter = ASN1_INTEGER_get (pbe->iter); +- salt = pbe->salt->data; +- saltlen = pbe->salt->length; ++ if (!pbe->iter) ++ iter = 1; ++ else ++ iter = ASN1_INTEGER_get(pbe->iter); ++ salt = pbe->salt->data; ++ saltlen = pbe->salt->length; + +- if(!pass) passlen = 0; +- else if(passlen == -1) passlen = strlen(pass); ++ if (!pass) ++ passlen = 0; ++ else if (passlen == -1) ++ passlen = strlen(pass); + +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit_ex(&ctx, md, NULL); +- EVP_DigestUpdate(&ctx, pass, passlen); +- EVP_DigestUpdate(&ctx, salt, saltlen); +- PBEPARAM_free(pbe); +- EVP_DigestFinal_ex(&ctx, md_tmp, NULL); +- for (i = 1; i < iter; i++) { +- EVP_DigestInit_ex(&ctx, md, NULL); +- EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); +- EVP_DigestFinal_ex (&ctx, md_tmp, NULL); +- } +- EVP_MD_CTX_cleanup(&ctx); +- OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); +- memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); +- OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); +- memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), +- EVP_CIPHER_iv_length(cipher)); +- EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); +- OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); +- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); +- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); +- return 1; ++ EVP_MD_CTX_init(&ctx); ++ EVP_DigestInit_ex(&ctx, md, NULL); ++ EVP_DigestUpdate(&ctx, pass, passlen); ++ EVP_DigestUpdate(&ctx, salt, saltlen); ++ PBEPARAM_free(pbe); ++ EVP_DigestFinal_ex(&ctx, md_tmp, NULL); ++ for (i = 1; i < iter; i++) { ++ EVP_DigestInit_ex(&ctx, md, NULL); ++ EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); ++ EVP_DigestFinal_ex(&ctx, md_tmp, NULL); ++ } ++ EVP_MD_CTX_cleanup(&ctx); ++ OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); ++ memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); ++ OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16); ++ memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), ++ EVP_CIPHER_iv_length(cipher)); ++ EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); ++ OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); ++ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); ++ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +index 6bec77b..4c9496c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +@@ -1,6 +1,7 @@ + /* p5_crpt2.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -59,205 +60,212 @@ + #include + #include "cryptlib.h" + #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) +-#include +-#include +-#include ++# include ++# include ++# include + + /* set this to print out info about the keygen algorithm */ + /* #define DEBUG_PKCS5V2 */ + +-#ifdef DEBUG_PKCS5V2 +- static void h__dump (const unsigned char *p, int len); +-#endif ++# ifdef DEBUG_PKCS5V2 ++static void h__dump(const unsigned char *p, int len); ++# endif + +-/* This is an implementation of PKCS#5 v2.0 password based encryption key ++/* ++ * This is an implementation of PKCS#5 v2.0 password based encryption key + * derivation function PBKDF2 using the only currently defined function HMAC + * with SHA1. Verified against test vectors posted by Peter Gutmann +- * to the PKCS-TNG mailing list. ++ * to the PKCS-TNG mailing ++ * list. + */ + + int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +- const unsigned char *salt, int saltlen, int iter, +- int keylen, unsigned char *out) ++ const unsigned char *salt, int saltlen, int iter, ++ int keylen, unsigned char *out) + { +- unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; +- int cplen, j, k, tkeylen; +- unsigned long i = 1; +- HMAC_CTX hctx; ++ unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; ++ int cplen, j, k, tkeylen; ++ unsigned long i = 1; ++ HMAC_CTX hctx; + +- HMAC_CTX_init(&hctx); +- p = out; +- tkeylen = keylen; +- if(!pass) passlen = 0; +- else if(passlen == -1) passlen = strlen(pass); +- while(tkeylen) { +- if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; +- else cplen = tkeylen; +- /* We are unlikely to ever use more than 256 blocks (5120 bits!) +- * but just in case... +- */ +- itmp[0] = (unsigned char)((i >> 24) & 0xff); +- itmp[1] = (unsigned char)((i >> 16) & 0xff); +- itmp[2] = (unsigned char)((i >> 8) & 0xff); +- itmp[3] = (unsigned char)(i & 0xff); +- HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); +- HMAC_Update(&hctx, salt, saltlen); +- HMAC_Update(&hctx, itmp, 4); +- HMAC_Final(&hctx, digtmp, NULL); +- memcpy(p, digtmp, cplen); +- for(j = 1; j < iter; j++) { +- HMAC(EVP_sha1(), pass, passlen, +- digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); +- for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; +- } +- tkeylen-= cplen; +- i++; +- p+= cplen; +- } +- HMAC_CTX_cleanup(&hctx); +-#ifdef DEBUG_PKCS5V2 +- fprintf(stderr, "Password:\n"); +- h__dump (pass, passlen); +- fprintf(stderr, "Salt:\n"); +- h__dump (salt, saltlen); +- fprintf(stderr, "Iteration count %d\n", iter); +- fprintf(stderr, "Key:\n"); +- h__dump (out, keylen); +-#endif +- return 1; ++ HMAC_CTX_init(&hctx); ++ p = out; ++ tkeylen = keylen; ++ if (!pass) ++ passlen = 0; ++ else if (passlen == -1) ++ passlen = strlen(pass); ++ while (tkeylen) { ++ if (tkeylen > SHA_DIGEST_LENGTH) ++ cplen = SHA_DIGEST_LENGTH; ++ else ++ cplen = tkeylen; ++ /* ++ * We are unlikely to ever use more than 256 blocks (5120 bits!) but ++ * just in case... ++ */ ++ itmp[0] = (unsigned char)((i >> 24) & 0xff); ++ itmp[1] = (unsigned char)((i >> 16) & 0xff); ++ itmp[2] = (unsigned char)((i >> 8) & 0xff); ++ itmp[3] = (unsigned char)(i & 0xff); ++ HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); ++ HMAC_Update(&hctx, salt, saltlen); ++ HMAC_Update(&hctx, itmp, 4); ++ HMAC_Final(&hctx, digtmp, NULL); ++ memcpy(p, digtmp, cplen); ++ for (j = 1; j < iter; j++) { ++ HMAC(EVP_sha1(), pass, passlen, ++ digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); ++ for (k = 0; k < cplen; k++) ++ p[k] ^= digtmp[k]; ++ } ++ tkeylen -= cplen; ++ i++; ++ p += cplen; ++ } ++ HMAC_CTX_cleanup(&hctx); ++# ifdef DEBUG_PKCS5V2 ++ fprintf(stderr, "Password:\n"); ++ h__dump(pass, passlen); ++ fprintf(stderr, "Salt:\n"); ++ h__dump(salt, saltlen); ++ fprintf(stderr, "Iteration count %d\n", iter); ++ fprintf(stderr, "Key:\n"); ++ h__dump(out, keylen); ++# endif ++ return 1; + } + +-#ifdef DO_TEST ++# ifdef DO_TEST + main() + { +- unsigned char out[4]; +- unsigned char salt[] = {0x12, 0x34, 0x56, 0x78}; +- PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); +- fprintf(stderr, "Out %02X %02X %02X %02X\n", +- out[0], out[1], out[2], out[3]); ++ unsigned char out[4]; ++ unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 }; ++ PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); ++ fprintf(stderr, "Out %02X %02X %02X %02X\n", ++ out[0], out[1], out[2], out[3]); + } + +-#endif ++# endif + +-/* Now the key derivation function itself. This is a bit evil because +- * it has to check the ASN1 parameters are valid: and there are quite a +- * few of them... ++/* ++ * Now the key derivation function itself. This is a bit evil because it has ++ * to check the ASN1 parameters are valid: and there are quite a few of ++ * them... + */ + + int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, +- int en_de) ++ ASN1_TYPE *param, const EVP_CIPHER *c, ++ const EVP_MD *md, int en_de) + { +- unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; +- const unsigned char *pbuf; +- int saltlen, iter, plen; +- unsigned int keylen; +- PBE2PARAM *pbe2 = NULL; +- const EVP_CIPHER *cipher; +- PBKDF2PARAM *kdf = NULL; ++ unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; ++ const unsigned char *pbuf; ++ int saltlen, iter, plen; ++ unsigned int keylen; ++ PBE2PARAM *pbe2 = NULL; ++ const EVP_CIPHER *cipher; ++ PBKDF2PARAM *kdf = NULL; + +- if (param == NULL || param->type != V_ASN1_SEQUENCE || +- param->value.sequence == NULL) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); +- return 0; +- } ++ if (param == NULL || param->type != V_ASN1_SEQUENCE || ++ param->value.sequence == NULL) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ return 0; ++ } + +- pbuf = param->value.sequence->data; +- plen = param->value.sequence->length; +- if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); +- return 0; +- } ++ pbuf = param->value.sequence->data; ++ plen = param->value.sequence->length; ++ if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ return 0; ++ } + +- /* See if we recognise the key derivation function */ ++ /* See if we recognise the key derivation function */ + +- if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, +- EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); +- goto err; +- } ++ if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, ++ EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); ++ goto err; ++ } + +- /* lets see if we recognise the encryption algorithm. +- */ ++ /* ++ * lets see if we recognise the encryption algorithm. ++ */ + +- cipher = EVP_get_cipherbyname( +- OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm))); ++ cipher = ++ EVP_get_cipherbyname(OBJ_nid2sn ++ (OBJ_obj2nid(pbe2->encryption->algorithm))); + +- if(!cipher) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, +- EVP_R_UNSUPPORTED_CIPHER); +- goto err; +- } ++ if (!cipher) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER); ++ goto err; ++ } + +- /* Fixup cipher based on AlgorithmIdentifier */ +- EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); +- if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, +- EVP_R_CIPHER_PARAMETER_ERROR); +- goto err; +- } +- keylen = EVP_CIPHER_CTX_key_length(ctx); +- OPENSSL_assert(keylen <= sizeof key); ++ /* Fixup cipher based on AlgorithmIdentifier */ ++ EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); ++ if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); ++ goto err; ++ } ++ keylen = EVP_CIPHER_CTX_key_length(ctx); ++ OPENSSL_assert(keylen <= sizeof key); + +- /* Now decode key derivation function */ ++ /* Now decode key derivation function */ + +- if(!pbe2->keyfunc->parameter || +- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) +- { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); +- goto err; +- } ++ if (!pbe2->keyfunc->parameter || ++ (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ goto err; ++ } + +- pbuf = pbe2->keyfunc->parameter->value.sequence->data; +- plen = pbe2->keyfunc->parameter->value.sequence->length; +- if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); +- goto err; +- } ++ pbuf = pbe2->keyfunc->parameter->value.sequence->data; ++ plen = pbe2->keyfunc->parameter->value.sequence->length; ++ if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ goto err; ++ } + +- PBE2PARAM_free(pbe2); +- pbe2 = NULL; ++ PBE2PARAM_free(pbe2); ++ pbe2 = NULL; + +- /* Now check the parameters of the kdf */ ++ /* Now check the parameters of the kdf */ + +- if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, +- EVP_R_UNSUPPORTED_KEYLENGTH); +- goto err; +- } ++ if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH); ++ goto err; ++ } + +- if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); +- goto err; +- } ++ if (kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); ++ goto err; ++ } + +- if(kdf->salt->type != V_ASN1_OCTET_STRING) { +- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, +- EVP_R_UNSUPPORTED_SALT_TYPE); +- goto err; +- } ++ if (kdf->salt->type != V_ASN1_OCTET_STRING) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE); ++ goto err; ++ } + +- /* it seems that its all OK */ +- salt = kdf->salt->value.octet_string->data; +- saltlen = kdf->salt->value.octet_string->length; +- iter = ASN1_INTEGER_get(kdf->iter); +- PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); +- EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); +- OPENSSL_cleanse(key, keylen); +- PBKDF2PARAM_free(kdf); +- return 1; ++ /* it seems that its all OK */ ++ salt = kdf->salt->value.octet_string->data; ++ saltlen = kdf->salt->value.octet_string->length; ++ iter = ASN1_INTEGER_get(kdf->iter); ++ PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); ++ EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); ++ OPENSSL_cleanse(key, keylen); ++ PBKDF2PARAM_free(kdf); ++ return 1; + +- err: +- PBE2PARAM_free(pbe2); +- PBKDF2PARAM_free(kdf); +- return 0; ++ err: ++ PBE2PARAM_free(pbe2); ++ PBKDF2PARAM_free(kdf); ++ return 0; + } + +-#ifdef DEBUG_PKCS5V2 +-static void h__dump (const unsigned char *p, int len) ++# ifdef DEBUG_PKCS5V2 ++static void h__dump(const unsigned char *p, int len) + { +- for (; len --; p++) fprintf(stderr, "%02X ", *p); +- fprintf(stderr, "\n"); ++ for (; len--; p++) ++ fprintf(stderr, "%02X ", *p); ++ fprintf(stderr, "\n"); + } +-#endif ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +index f64901f..65d3fef 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,28 +60,28 @@ + #include "cryptlib.h" + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #include + #include + #include + + int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl, +- EVP_PKEY *priv) +- { +- int ret= -1; +- ++ EVP_PKEY *priv) ++{ ++ int ret = -1; ++ + #ifndef OPENSSL_NO_RSA +- if (priv->type != EVP_PKEY_RSA) +- { ++ if (priv->type != EVP_PKEY_RSA) { + #endif +- EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); ++ EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_PUBLIC_KEY_NOT_RSA); + #ifndef OPENSSL_NO_RSA +- goto err; +- } ++ goto err; ++ } + +- ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); +-err: ++ ret = ++ RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING); ++ err: + #endif +- return(ret); +- } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +index c2dfdc5..5342146 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,27 +60,28 @@ + #include "cryptlib.h" + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #include + #include + #include + + int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len, +- EVP_PKEY *pubk) +- { +- int ret=0; +- ++ EVP_PKEY *pubk) ++{ ++ int ret = 0; ++ + #ifndef OPENSSL_NO_RSA +- if (pubk->type != EVP_PKEY_RSA) +- { ++ if (pubk->type != EVP_PKEY_RSA) { + #endif +- EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); ++ EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_PUBLIC_KEY_NOT_RSA); + #ifndef OPENSSL_NO_RSA +- goto err; +- } +- ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); +-err: ++ goto err; ++ } ++ ret = ++ RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, ++ RSA_PKCS1_PADDING); ++ err: + #endif +- return(ret); +- } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +index 22155ec..6430f6c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,317 +65,308 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + + static void EVP_PKEY_free_it(EVP_PKEY *x); + + int EVP_PKEY_bits(EVP_PKEY *pkey) +- { +- if (0) +- return 0; ++{ ++ if (0) ++ return 0; + #ifndef OPENSSL_NO_RSA +- else if (pkey->type == EVP_PKEY_RSA) +- return(BN_num_bits(pkey->pkey.rsa->n)); ++ else if (pkey->type == EVP_PKEY_RSA) ++ return (BN_num_bits(pkey->pkey.rsa->n)); + #endif + #ifndef OPENSSL_NO_DSA +- else if (pkey->type == EVP_PKEY_DSA) +- return(BN_num_bits(pkey->pkey.dsa->p)); ++ else if (pkey->type == EVP_PKEY_DSA) ++ return (BN_num_bits(pkey->pkey.dsa->p)); + #endif + #ifndef OPENSSL_NO_EC +- else if (pkey->type == EVP_PKEY_EC) +- { +- BIGNUM *order = BN_new(); +- const EC_GROUP *group; +- int ret; +- +- if (!order) +- { +- ERR_clear_error(); +- return 0; +- } +- group = EC_KEY_get0_group(pkey->pkey.ec); +- if (!EC_GROUP_get_order(group, order, NULL)) +- { +- ERR_clear_error(); +- return 0; +- } +- +- ret = BN_num_bits(order); +- BN_free(order); +- return ret; +- } ++ else if (pkey->type == EVP_PKEY_EC) { ++ BIGNUM *order = BN_new(); ++ const EC_GROUP *group; ++ int ret; ++ ++ if (!order) { ++ ERR_clear_error(); ++ return 0; ++ } ++ group = EC_KEY_get0_group(pkey->pkey.ec); ++ if (!EC_GROUP_get_order(group, order, NULL)) { ++ ERR_clear_error(); ++ return 0; ++ } ++ ++ ret = BN_num_bits(order); ++ BN_free(order); ++ return ret; ++ } + #endif +- return(0); +- } ++ return (0); ++} + + int EVP_PKEY_size(EVP_PKEY *pkey) +- { +- if (pkey == NULL) +- return(0); ++{ ++ if (pkey == NULL) ++ return (0); + #ifndef OPENSSL_NO_RSA +- if (pkey->type == EVP_PKEY_RSA) +- return(RSA_size(pkey->pkey.rsa)); +- else ++ if (pkey->type == EVP_PKEY_RSA) ++ return (RSA_size(pkey->pkey.rsa)); ++ else + #endif + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- return(DSA_size(pkey->pkey.dsa)); ++ if (pkey->type == EVP_PKEY_DSA) ++ return (DSA_size(pkey->pkey.dsa)); + #endif + #ifndef OPENSSL_NO_ECDSA +- if (pkey->type == EVP_PKEY_EC) +- return(ECDSA_size(pkey->pkey.ec)); ++ if (pkey->type == EVP_PKEY_EC) ++ return (ECDSA_size(pkey->pkey.ec)); + #endif + +- return(0); +- } ++ return (0); ++} + + int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) +- { ++{ + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- { +- int ret=pkey->save_parameters; +- +- if (mode >= 0) +- pkey->save_parameters=mode; +- return(ret); +- } ++ if (pkey->type == EVP_PKEY_DSA) { ++ int ret = pkey->save_parameters; ++ ++ if (mode >= 0) ++ pkey->save_parameters = mode; ++ return (ret); ++ } + #endif + #ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) +- { +- int ret = pkey->save_parameters; +- +- if (mode >= 0) +- pkey->save_parameters = mode; +- return(ret); +- } ++ if (pkey->type == EVP_PKEY_EC) { ++ int ret = pkey->save_parameters; ++ ++ if (mode >= 0) ++ pkey->save_parameters = mode; ++ return (ret); ++ } + #endif +- return(0); +- } ++ return (0); ++} + + int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +- { +- if (to->type != from->type) +- { +- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES); +- goto err; +- } +- +- if (EVP_PKEY_missing_parameters(from)) +- { +- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); +- goto err; +- } ++{ ++ if (to->type != from->type) { ++ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); ++ goto err; ++ } ++ ++ if (EVP_PKEY_missing_parameters(from)) { ++ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS); ++ goto err; ++ } + #ifndef OPENSSL_NO_DSA +- if (to->type == EVP_PKEY_DSA) +- { +- BIGNUM *a; +- +- if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err; +- if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); +- to->pkey.dsa->p=a; +- +- if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err; +- if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); +- to->pkey.dsa->q=a; +- +- if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err; +- if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); +- to->pkey.dsa->g=a; +- } ++ if (to->type == EVP_PKEY_DSA) { ++ BIGNUM *a; ++ ++ if ((a = BN_dup(from->pkey.dsa->p)) == NULL) ++ goto err; ++ if (to->pkey.dsa->p != NULL) ++ BN_free(to->pkey.dsa->p); ++ to->pkey.dsa->p = a; ++ ++ if ((a = BN_dup(from->pkey.dsa->q)) == NULL) ++ goto err; ++ if (to->pkey.dsa->q != NULL) ++ BN_free(to->pkey.dsa->q); ++ to->pkey.dsa->q = a; ++ ++ if ((a = BN_dup(from->pkey.dsa->g)) == NULL) ++ goto err; ++ if (to->pkey.dsa->g != NULL) ++ BN_free(to->pkey.dsa->g); ++ to->pkey.dsa->g = a; ++ } + #endif + #ifndef OPENSSL_NO_EC +- if (to->type == EVP_PKEY_EC) +- { +- EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); +- if (group == NULL) +- goto err; +- if (EC_KEY_set_group(to->pkey.ec, group) == 0) +- goto err; +- EC_GROUP_free(group); +- } ++ if (to->type == EVP_PKEY_EC) { ++ EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); ++ if (group == NULL) ++ goto err; ++ if (EC_KEY_set_group(to->pkey.ec, group) == 0) ++ goto err; ++ EC_GROUP_free(group); ++ } + #endif +- return(1); +-err: +- return(0); +- } ++ return (1); ++ err: ++ return (0); ++} + + int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) +- { ++{ + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) +- { +- DSA *dsa; +- +- dsa=pkey->pkey.dsa; +- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) +- return(1); +- } ++ if (pkey->type == EVP_PKEY_DSA) { ++ DSA *dsa; ++ ++ dsa = pkey->pkey.dsa; ++ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) ++ return (1); ++ } + #endif + #ifndef OPENSSL_NO_EC +- if (pkey->type == EVP_PKEY_EC) +- { +- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) +- return(1); +- } ++ if (pkey->type == EVP_PKEY_EC) { ++ if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) ++ return (1); ++ } + #endif + +- return(0); +- } ++ return (0); ++} + + int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +- { ++{ + #ifndef OPENSSL_NO_DSA +- if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) +- { +- if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || +- BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || +- BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) +- return(0); +- else +- return(1); +- } ++ if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) { ++ if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || ++ BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || ++ BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) ++ return (0); ++ else ++ return (1); ++ } + #endif + #ifndef OPENSSL_NO_EC +- if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) +- { +- const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), +- *group_b = EC_KEY_get0_group(b->pkey.ec); +- if (EC_GROUP_cmp(group_a, group_b, NULL)) +- return 0; +- else +- return 1; +- } ++ if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) { ++ const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), ++ *group_b = EC_KEY_get0_group(b->pkey.ec); ++ if (EC_GROUP_cmp(group_a, group_b, NULL)) ++ return 0; ++ else ++ return 1; ++ } + #endif +- return(-1); +- } ++ return (-1); ++} + + int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +- { +- if (a->type != b->type) +- return -1; ++{ ++ if (a->type != b->type) ++ return -1; + +- if (EVP_PKEY_cmp_parameters(a, b) == 0) +- return 0; ++ if (EVP_PKEY_cmp_parameters(a, b) == 0) ++ return 0; + +- switch (a->type) +- { ++ switch (a->type) { + #ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 +- || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) +- return 0; +- break; ++ case EVP_PKEY_RSA: ++ if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ++ || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) ++ return 0; ++ break; + #endif + #ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) +- return 0; +- break; ++ case EVP_PKEY_DSA: ++ if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) ++ return 0; ++ break; + #endif + #ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- { +- int r; +- const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); +- const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), +- *pb = EC_KEY_get0_public_key(b->pkey.ec); +- r = EC_POINT_cmp(group, pa, pb, NULL); +- if (r != 0) +- { +- if (r == 1) +- return 0; +- else +- return -2; +- } +- } +- break; ++ case EVP_PKEY_EC: ++ { ++ int r; ++ const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); ++ const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), ++ *pb = EC_KEY_get0_public_key(b->pkey.ec); ++ r = EC_POINT_cmp(group, pa, pb, NULL); ++ if (r != 0) { ++ if (r == 1) ++ return 0; ++ else ++ return -2; ++ } ++ } ++ break; + #endif + #ifndef OPENSSL_NO_DH +- case EVP_PKEY_DH: +- return -2; ++ case EVP_PKEY_DH: ++ return -2; + #endif +- default: +- return -2; +- } ++ default: ++ return -2; ++ } + +- return 1; +- } ++ return 1; ++} + + EVP_PKEY *EVP_PKEY_new(void) +- { +- EVP_PKEY *ret; +- +- ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); +- if (ret == NULL) +- { +- EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- ret->type=EVP_PKEY_NONE; +- ret->references=1; +- ret->pkey.ptr=NULL; +- ret->attributes=NULL; +- ret->save_parameters=1; +- return(ret); +- } ++{ ++ EVP_PKEY *ret; ++ ++ ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); ++ if (ret == NULL) { ++ EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ ret->type = EVP_PKEY_NONE; ++ ret->references = 1; ++ ret->pkey.ptr = NULL; ++ ret->attributes = NULL; ++ ret->save_parameters = 1; ++ return (ret); ++} + + int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) +- { +- if (pkey == NULL) return(0); +- if (pkey->pkey.ptr != NULL) +- EVP_PKEY_free_it(pkey); +- pkey->type=EVP_PKEY_type(type); +- pkey->save_type=type; +- pkey->pkey.ptr=key; +- return(key != NULL); +- } ++{ ++ if (pkey == NULL) ++ return (0); ++ if (pkey->pkey.ptr != NULL) ++ EVP_PKEY_free_it(pkey); ++ pkey->type = EVP_PKEY_type(type); ++ pkey->save_type = type; ++ pkey->pkey.ptr = key; ++ return (key != NULL); ++} + + #ifndef OPENSSL_NO_RSA + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) + { +- int ret = EVP_PKEY_assign_RSA(pkey, key); +- if(ret) +- RSA_up_ref(key); +- return ret; ++ int ret = EVP_PKEY_assign_RSA(pkey, key); ++ if (ret) ++ RSA_up_ref(key); ++ return ret; + } + + RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) +- { +- if(pkey->type != EVP_PKEY_RSA) { +- EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); +- return NULL; +- } +- RSA_up_ref(pkey->pkey.rsa); +- return pkey->pkey.rsa; ++{ ++ if (pkey->type != EVP_PKEY_RSA) { ++ EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); ++ return NULL; ++ } ++ RSA_up_ref(pkey->pkey.rsa); ++ return pkey->pkey.rsa; + } + #endif + + #ifndef OPENSSL_NO_DSA + int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) + { +- int ret = EVP_PKEY_assign_DSA(pkey, key); +- if(ret) +- DSA_up_ref(key); +- return ret; ++ int ret = EVP_PKEY_assign_DSA(pkey, key); ++ if (ret) ++ DSA_up_ref(key); ++ return ret; + } + + DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) +- { +- if(pkey->type != EVP_PKEY_DSA) { +- EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); +- return NULL; +- } +- DSA_up_ref(pkey->pkey.dsa); +- return pkey->pkey.dsa; ++{ ++ if (pkey->type != EVP_PKEY_DSA) { ++ EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); ++ return NULL; ++ } ++ DSA_up_ref(pkey->pkey.dsa); ++ return pkey->pkey.dsa; + } + #endif + +@@ -383,120 +374,116 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) + + int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) + { +- int ret = EVP_PKEY_assign_EC_KEY(pkey,key); +- if (ret) +- EC_KEY_up_ref(key); +- return ret; ++ int ret = EVP_PKEY_assign_EC_KEY(pkey, key); ++ if (ret) ++ EC_KEY_up_ref(key); ++ return ret; + } + + EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) + { +- if (pkey->type != EVP_PKEY_EC) +- { +- EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); +- return NULL; +- } +- EC_KEY_up_ref(pkey->pkey.ec); +- return pkey->pkey.ec; ++ if (pkey->type != EVP_PKEY_EC) { ++ EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); ++ return NULL; ++ } ++ EC_KEY_up_ref(pkey->pkey.ec); ++ return pkey->pkey.ec; + } + #endif + +- + #ifndef OPENSSL_NO_DH + + int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) + { +- int ret = EVP_PKEY_assign_DH(pkey, key); +- if(ret) +- DH_up_ref(key); +- return ret; ++ int ret = EVP_PKEY_assign_DH(pkey, key); ++ if (ret) ++ DH_up_ref(key); ++ return ret; + } + + DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) +- { +- if(pkey->type != EVP_PKEY_DH) { +- EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); +- return NULL; +- } +- DH_up_ref(pkey->pkey.dh); +- return pkey->pkey.dh; ++{ ++ if (pkey->type != EVP_PKEY_DH) { ++ EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); ++ return NULL; ++ } ++ DH_up_ref(pkey->pkey.dh); ++ return pkey->pkey.dh; + } + #endif + + int EVP_PKEY_type(int type) +- { +- switch (type) +- { +- case EVP_PKEY_RSA: +- case EVP_PKEY_RSA2: +- return(EVP_PKEY_RSA); +- case EVP_PKEY_DSA: +- case EVP_PKEY_DSA1: +- case EVP_PKEY_DSA2: +- case EVP_PKEY_DSA3: +- case EVP_PKEY_DSA4: +- return(EVP_PKEY_DSA); +- case EVP_PKEY_DH: +- return(EVP_PKEY_DH); +- case EVP_PKEY_EC: +- return(EVP_PKEY_EC); +- default: +- return(NID_undef); +- } +- } ++{ ++ switch (type) { ++ case EVP_PKEY_RSA: ++ case EVP_PKEY_RSA2: ++ return (EVP_PKEY_RSA); ++ case EVP_PKEY_DSA: ++ case EVP_PKEY_DSA1: ++ case EVP_PKEY_DSA2: ++ case EVP_PKEY_DSA3: ++ case EVP_PKEY_DSA4: ++ return (EVP_PKEY_DSA); ++ case EVP_PKEY_DH: ++ return (EVP_PKEY_DH); ++ case EVP_PKEY_EC: ++ return (EVP_PKEY_EC); ++ default: ++ return (NID_undef); ++ } ++} + + void EVP_PKEY_free(EVP_PKEY *x) +- { +- int i; ++{ ++ int i; + +- if (x == NULL) return; ++ if (x == NULL) ++ return; + +- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY); ++ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",x); ++ REF_PRINT("EVP_PKEY", x); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"EVP_PKEY_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "EVP_PKEY_free, bad reference count\n"); ++ abort(); ++ } + #endif +- EVP_PKEY_free_it(x); +- if (x->attributes) +- sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); +- OPENSSL_free(x); +- } ++ EVP_PKEY_free_it(x); ++ if (x->attributes) ++ sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); ++ OPENSSL_free(x); ++} + + static void EVP_PKEY_free_it(EVP_PKEY *x) +- { +- switch (x->type) +- { ++{ ++ switch (x->type) { + #ifndef OPENSSL_NO_RSA +- case EVP_PKEY_RSA: +- case EVP_PKEY_RSA2: +- RSA_free(x->pkey.rsa); +- break; ++ case EVP_PKEY_RSA: ++ case EVP_PKEY_RSA2: ++ RSA_free(x->pkey.rsa); ++ break; + #endif + #ifndef OPENSSL_NO_DSA +- case EVP_PKEY_DSA: +- case EVP_PKEY_DSA2: +- case EVP_PKEY_DSA3: +- case EVP_PKEY_DSA4: +- DSA_free(x->pkey.dsa); +- break; ++ case EVP_PKEY_DSA: ++ case EVP_PKEY_DSA2: ++ case EVP_PKEY_DSA3: ++ case EVP_PKEY_DSA4: ++ DSA_free(x->pkey.dsa); ++ break; + #endif + #ifndef OPENSSL_NO_EC +- case EVP_PKEY_EC: +- EC_KEY_free(x->pkey.ec); +- break; ++ case EVP_PKEY_EC: ++ EC_KEY_free(x->pkey.ec); ++ break; + #endif + #ifndef OPENSSL_NO_DH +- case EVP_PKEY_DH: +- DH_free(x->pkey.dh); +- break; ++ case EVP_PKEY_DH: ++ DH_free(x->pkey.dh); ++ break; + #endif +- } +- } +- ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c +index 9935206..6740ac8 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_open.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,67 +61,68 @@ + + #ifndef OPENSSL_NO_RSA + +-#include +-#include +-#include +-#include ++# include ++# include ++# include ++# include + + int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +- const unsigned char *ek, int ekl, const unsigned char *iv, +- EVP_PKEY *priv) +- { +- unsigned char *key=NULL; +- int i,size=0,ret=0; ++ const unsigned char *ek, int ekl, const unsigned char *iv, ++ EVP_PKEY *priv) ++{ ++ unsigned char *key = NULL; ++ int i, size = 0, ret = 0; + +- if(type) { +- EVP_CIPHER_CTX_init(ctx); +- if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0; +- } ++ if (type) { ++ EVP_CIPHER_CTX_init(ctx); ++ if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) ++ return 0; ++ } + +- if(!priv) return 1; ++ if (!priv) ++ return 1; + +- if (priv->type != EVP_PKEY_RSA) +- { +- EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); +- goto err; +- } ++ if (priv->type != EVP_PKEY_RSA) { ++ EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA); ++ goto err; ++ } + +- size=RSA_size(priv->pkey.rsa); +- key=(unsigned char *)OPENSSL_malloc(size+2); +- if (key == NULL) +- { +- /* ERROR */ +- EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ size = RSA_size(priv->pkey.rsa); ++ key = (unsigned char *)OPENSSL_malloc(size + 2); ++ if (key == NULL) { ++ /* ERROR */ ++ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- i=EVP_PKEY_decrypt(key,ek,ekl,priv); +- if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) +- { +- /* ERROR */ +- goto err; +- } +- if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err; ++ i = EVP_PKEY_decrypt(key, ek, ekl, priv); ++ if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { ++ /* ERROR */ ++ goto err; ++ } ++ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) ++ goto err; + +- ret=1; +-err: +- if (key != NULL) OPENSSL_cleanse(key,size); +- OPENSSL_free(key); +- return(ret); +- } ++ ret = 1; ++ err: ++ if (key != NULL) ++ OPENSSL_cleanse(key, size); ++ OPENSSL_free(key); ++ return (ret); ++} + + int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +- { +- int i; ++{ ++ int i; + +- i=EVP_DecryptFinal_ex(ctx,out,outl); +- EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); +- return(i); +- } +-#else /* !OPENSSL_NO_RSA */ ++ i = EVP_DecryptFinal_ex(ctx, out, outl); ++ EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); ++ return (i); ++} ++#else /* !OPENSSL_NO_RSA */ + + # ifdef PEDANTIC +-static void *dummy=&dummy; ++static void *dummy = &dummy; + # endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +index 8cc8fcb..be297dc 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,56 +60,59 @@ + #include "cryptlib.h" + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #include + #include + #include + +-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, +- int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) +- { +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- int i; +- +- if(type) { +- EVP_CIPHER_CTX_init(ctx); +- if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0; +- } +- if ((npubk <= 0) || !pubk) +- return 1; +- if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) +- return 0; +- if (EVP_CIPHER_CTX_iv_length(ctx)) +- RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); ++int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ++ unsigned char **ek, int *ekl, unsigned char *iv, ++ EVP_PKEY **pubk, int npubk) ++{ ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ int i; ++ ++ if (type) { ++ EVP_CIPHER_CTX_init(ctx); ++ if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) ++ return 0; ++ } ++ if ((npubk <= 0) || !pubk) ++ return 1; ++ if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) ++ return 0; ++ if (EVP_CIPHER_CTX_iv_length(ctx)) ++ RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); + +- if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0; ++ if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) ++ return 0; + +- for (i=0; idigest->required_pkey_type[i]; +- if (v == 0) break; +- if (pkey->type == v) +- { +- ok=1; +- break; +- } +- } +- if (!ok) +- { +- EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); +- return(0); +- } +- if (ctx->digest->sign == NULL) +- { +- EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); +- return(0); +- } +- EVP_MD_CTX_init(&tmp_ctx); +- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); +- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) +- { +- EVP_MD_SVCTX sctmp; +- sctmp.mctx = &tmp_ctx; +- sctmp.key = pkey->pkey.ptr; +- i = ctx->digest->sign(ctx->digest->type, +- NULL, -1, sigret, siglen, &sctmp); +- } +- else +- { +- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); +- i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, +- pkey->pkey.ptr); +- } +- EVP_MD_CTX_cleanup(&tmp_ctx); +- return i; +- } ++int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, ++ unsigned int *siglen, EVP_PKEY *pkey) ++{ ++ unsigned char m[EVP_MAX_MD_SIZE]; ++ unsigned int m_len; ++ int i, ok = 0, v; ++ EVP_MD_CTX tmp_ctx; + ++ *siglen = 0; ++ for (i = 0; i < 4; i++) { ++ v = ctx->digest->required_pkey_type[i]; ++ if (v == 0) ++ break; ++ if (pkey->type == v) { ++ ok = 1; ++ break; ++ } ++ } ++ if (!ok) { ++ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); ++ return (0); ++ } ++ if (ctx->digest->sign == NULL) { ++ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); ++ return (0); ++ } ++ EVP_MD_CTX_init(&tmp_ctx); ++ EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); ++ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) { ++ EVP_MD_SVCTX sctmp; ++ sctmp.mctx = &tmp_ctx; ++ sctmp.key = pkey->pkey.ptr; ++ i = ctx->digest->sign(ctx->digest->type, ++ NULL, -1, sigret, siglen, &sctmp); ++ } else { ++ EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len); ++ i = ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, ++ pkey->pkey.ptr); ++ } ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ return i; ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +index 072c127..ee2f257 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,51 +63,44 @@ + #include + + int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, +- unsigned int siglen, EVP_PKEY *pkey) +- { +- unsigned char m[EVP_MAX_MD_SIZE]; +- unsigned int m_len; +- int i,ok=0,v; +- EVP_MD_CTX tmp_ctx; +- +- for (i=0; i<4; i++) +- { +- v=ctx->digest->required_pkey_type[i]; +- if (v == 0) break; +- if (pkey->type == v) +- { +- ok=1; +- break; +- } +- } +- if (!ok) +- { +- EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); +- return(-1); +- } +- if (ctx->digest->verify == NULL) +- { +- EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); +- return(0); +- } ++ unsigned int siglen, EVP_PKEY *pkey) ++{ ++ unsigned char m[EVP_MAX_MD_SIZE]; ++ unsigned int m_len; ++ int i, ok = 0, v; ++ EVP_MD_CTX tmp_ctx; + +- EVP_MD_CTX_init(&tmp_ctx); +- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); +- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) +- { +- EVP_MD_SVCTX sctmp; +- sctmp.mctx = &tmp_ctx; +- sctmp.key = pkey->pkey.ptr; +- i = ctx->digest->verify(ctx->digest->type, +- NULL, -1, sigbuf, siglen, &sctmp); +- } +- else +- { +- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); +- i = ctx->digest->verify(ctx->digest->type,m,m_len, +- sigbuf,siglen,pkey->pkey.ptr); +- } +- EVP_MD_CTX_cleanup(&tmp_ctx); +- return i; +- } ++ for (i = 0; i < 4; i++) { ++ v = ctx->digest->required_pkey_type[i]; ++ if (v == 0) ++ break; ++ if (pkey->type == v) { ++ ok = 1; ++ break; ++ } ++ } ++ if (!ok) { ++ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); ++ return (-1); ++ } ++ if (ctx->digest->verify == NULL) { ++ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); ++ return (0); ++ } + ++ EVP_MD_CTX_init(&tmp_ctx); ++ EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); ++ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) { ++ EVP_MD_SVCTX sctmp; ++ sctmp.mctx = &tmp_ctx; ++ sctmp.key = pkey->pkey.ptr; ++ i = ctx->digest->verify(ctx->digest->type, ++ NULL, -1, sigbuf, siglen, &sctmp); ++ } else { ++ EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len); ++ i = ctx->digest->verify(ctx->digest->type, m, m_len, ++ sigbuf, siglen, pkey->pkey.ptr); ++ } ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ return i; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c +index 3b11e7a..efd9911 100644 +--- a/Cryptlib/OpenSSL/crypto/ex_data.c ++++ b/Cryptlib/OpenSSL/crypto/ex_data.c +@@ -34,21 +34,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -63,10 +63,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -78,7 +78,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -92,7 +92,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -142,103 +142,108 @@ + #include + + /* What an "implementation of ex_data functionality" looks like */ +-struct st_CRYPTO_EX_DATA_IMPL +- { +- /*********************/ +- /* GLOBAL OPERATIONS */ +- /* Return a new class index */ +- int (*cb_new_class)(void); +- /* Cleanup all state used by the implementation */ +- void (*cb_cleanup)(void); +- /************************/ +- /* PER-CLASS OPERATIONS */ +- /* Get a new method index within a class */ +- int (*cb_get_new_index)(int class_index, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func); +- /* Initialise a new CRYPTO_EX_DATA of a given class */ +- int (*cb_new_ex_data)(int class_index, void *obj, +- CRYPTO_EX_DATA *ad); +- /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ +- int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to, +- CRYPTO_EX_DATA *from); +- /* Cleanup a CRYPTO_EX_DATA of a given class */ +- void (*cb_free_ex_data)(int class_index, void *obj, +- CRYPTO_EX_DATA *ad); +- }; ++struct st_CRYPTO_EX_DATA_IMPL { ++ /*********************/ ++ /* GLOBAL OPERATIONS */ ++ /* Return a new class index */ ++ int (*cb_new_class) (void); ++ /* Cleanup all state used by the implementation */ ++ void (*cb_cleanup) (void); ++ /************************/ ++ /* PER-CLASS OPERATIONS */ ++ /* Get a new method index within a class */ ++ int (*cb_get_new_index) (int class_index, long argl, void *argp, ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++ /* Initialise a new CRYPTO_EX_DATA of a given class */ ++ int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); ++ /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ ++ int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to, ++ CRYPTO_EX_DATA *from); ++ /* Cleanup a CRYPTO_EX_DATA of a given class */ ++ void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); ++}; + + /* The implementation we use at run-time */ + static const CRYPTO_EX_DATA_IMPL *impl = NULL; + +-/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg. +- * EX_IMPL(get_new_index)(...); */ ++/* ++ * To call "impl" functions, use this macro rather than referring to 'impl' ++ * directly, eg. EX_IMPL(get_new_index)(...); ++ */ + #define EX_IMPL(a) impl->cb_##a + + /* Predeclare the "default" ex_data implementation */ + static int int_new_class(void); + static void int_cleanup(void); + static int int_get_new_index(int class_index, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func); +-static int int_new_ex_data(int class_index, void *obj, +- CRYPTO_EX_DATA *ad); ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, +- CRYPTO_EX_DATA *from); +-static void int_free_ex_data(int class_index, void *obj, +- CRYPTO_EX_DATA *ad); +-static CRYPTO_EX_DATA_IMPL impl_default = +- { +- int_new_class, +- int_cleanup, +- int_get_new_index, +- int_new_ex_data, +- int_dup_ex_data, +- int_free_ex_data +- }; +- +-/* Internal function that checks whether "impl" is set and if not, sets it to +- * the default. */ ++ CRYPTO_EX_DATA *from); ++static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); ++static CRYPTO_EX_DATA_IMPL impl_default = { ++ int_new_class, ++ int_cleanup, ++ int_get_new_index, ++ int_new_ex_data, ++ int_dup_ex_data, ++ int_free_ex_data ++}; ++ ++/* ++ * Internal function that checks whether "impl" is set and if not, sets it to ++ * the default. ++ */ + static void impl_check(void) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- if(!impl) +- impl = &impl_default; +- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); +- } +-/* A macro wrapper for impl_check that first uses a non-locked test before +- * invoking the function (which checks again inside a lock). */ ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ if (!impl) ++ impl = &impl_default; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++} ++ ++/* ++ * A macro wrapper for impl_check that first uses a non-locked test before ++ * invoking the function (which checks again inside a lock). ++ */ + #define IMPL_CHECK if(!impl) impl_check(); + + /* API functions to get/set the "ex_data" implementation */ + const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) +- { +- IMPL_CHECK +- return impl; +- } ++{ ++ IMPL_CHECK return impl; ++} ++ + int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) +- { +- int toret = 0; +- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- if(!impl) +- { +- impl = i; +- toret = 1; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); +- return toret; +- } ++{ ++ int toret = 0; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ if (!impl) { ++ impl = i; ++ toret = 1; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; ++} + + /****************************************************************************/ +-/* Interal (default) implementation of "ex_data" support. API functions are +- * further down. */ ++/* ++ * Interal (default) implementation of "ex_data" support. API functions are ++ * further down. ++ */ + +-/* The type that represents what each "class" used to implement locally. A STACK +- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global +- * value representing the class that is used to distinguish these items. */ ++/* ++ * The type that represents what each "class" used to implement locally. A ++ * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is ++ * the global value representing the class that is used to distinguish these ++ * items. ++ */ + typedef struct st_ex_class_item { +- int class_index; +- STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; +- int meth_num; ++ int class_index; ++ STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; ++ int meth_num; + } EX_CLASS_ITEM; + + /* When assigning new class indexes, this is our counter */ +@@ -249,384 +254,388 @@ static LHASH *ex_data = NULL; + + /* The callbacks required in the "ex_data" hash table */ + static unsigned long ex_hash_cb(const void *a_void) +- { +- return ((const EX_CLASS_ITEM *)a_void)->class_index; +- } ++{ ++ return ((const EX_CLASS_ITEM *)a_void)->class_index; ++} ++ + static int ex_cmp_cb(const void *a_void, const void *b_void) +- { +- return (((const EX_CLASS_ITEM *)a_void)->class_index - +- ((const EX_CLASS_ITEM *)b_void)->class_index); +- } ++{ ++ return (((const EX_CLASS_ITEM *)a_void)->class_index - ++ ((const EX_CLASS_ITEM *)b_void)->class_index); ++} + +-/* Internal functions used by the "impl_default" implementation to access the +- * state */ ++/* ++ * Internal functions used by the "impl_default" implementation to access the ++ * state ++ */ + + static int ex_data_check(void) +- { +- int toret = 1; +- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) +- toret = 0; +- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); +- return toret; +- } +-/* This macros helps reduce the locking from repeated checks because the +- * ex_data_check() function checks ex_data again inside a lock. */ ++{ ++ int toret = 1; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ if (!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) ++ toret = 0; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; ++} ++ ++/* ++ * This macros helps reduce the locking from repeated checks because the ++ * ex_data_check() function checks ex_data again inside a lock. ++ */ + #define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} + + /* This "inner" callback is used by the callback function that follows it */ + static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) +- { +- OPENSSL_free(funcs); +- } ++{ ++ OPENSSL_free(funcs); ++} + +-/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from +- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do +- * any locking. */ ++/* ++ * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from ++ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't ++ * do any locking. ++ */ + static void def_cleanup_cb(void *a_void) +- { +- EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; +- sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); +- OPENSSL_free(item); +- } +- +-/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a +- * given class. Handles locking. */ ++{ ++ EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; ++ sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); ++ OPENSSL_free(item); ++} ++ ++/* ++ * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to ++ * a given class. Handles locking. ++ */ + static EX_CLASS_ITEM *def_get_class(int class_index) +- { +- EX_CLASS_ITEM d, *p, *gen; +- EX_DATA_CHECK(return NULL;) +- d.class_index = class_index; +- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- p = lh_retrieve(ex_data, &d); +- if(!p) +- { +- gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); +- if(gen) +- { +- gen->class_index = class_index; +- gen->meth_num = 0; +- gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); +- if(!gen->meth) +- OPENSSL_free(gen); +- else +- { +- /* Because we're inside the ex_data lock, the +- * return value from the insert will be NULL */ +- lh_insert(ex_data, gen); +- p = gen; +- } +- } +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); +- if(!p) +- CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE); +- return p; +- } +- +-/* Add a new method to the given EX_CLASS_ITEM and return the corresponding +- * index (or -1 for error). Handles locking. */ ++{ ++ EX_CLASS_ITEM d, *p, *gen; ++ EX_DATA_CHECK(return NULL;) ++ d.class_index = class_index; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ p = lh_retrieve(ex_data, &d); ++ if (!p) { ++ gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); ++ if (gen) { ++ gen->class_index = class_index; ++ gen->meth_num = 0; ++ gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); ++ if (!gen->meth) ++ OPENSSL_free(gen); ++ else { ++ /* ++ * Because we're inside the ex_data lock, the return value ++ * from the insert will be NULL ++ */ ++ lh_insert(ex_data, gen); ++ p = gen; ++ } ++ } ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ if (!p) ++ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); ++ return p; ++} ++ ++/* ++ * Add a new method to the given EX_CLASS_ITEM and return the corresponding ++ * index (or -1 for error). Handles locking. ++ */ + static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func) +- { +- int toret = -1; +- CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc( +- sizeof(CRYPTO_EX_DATA_FUNCS)); +- if(!a) +- { +- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); +- return -1; +- } +- a->argl=argl; +- a->argp=argp; +- a->new_func=new_func; +- a->dup_func=dup_func; +- a->free_func=free_func; +- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) +- { +- if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) +- { +- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); +- OPENSSL_free(a); +- goto err; +- } +- } +- toret = item->meth_num++; +- (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); +-err: +- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); +- return toret; +- } ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ int toret = -1; ++ CRYPTO_EX_DATA_FUNCS *a = ++ (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); ++ if (!a) { ++ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ a->argl = argl; ++ a->argp = argp; ++ a->new_func = new_func; ++ a->dup_func = dup_func; ++ a->free_func = free_func; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) { ++ if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) { ++ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(a); ++ goto err; ++ } ++ } ++ toret = item->meth_num++; ++ (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); ++ err: ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; ++} + + /**************************************************************/ + /* The functions in the default CRYPTO_EX_DATA_IMPL structure */ + + static int int_new_class(void) +- { +- int toret; +- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); +- toret = ex_class++; +- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); +- return toret; +- } ++{ ++ int toret; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ toret = ex_class++; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; ++} + + static void int_cleanup(void) +- { +- EX_DATA_CHECK(return;) +- lh_doall(ex_data, def_cleanup_cb); +- lh_free(ex_data); +- ex_data = NULL; +- impl = NULL; +- } ++{ ++ EX_DATA_CHECK(return;) ++ lh_doall(ex_data, def_cleanup_cb); ++ lh_free(ex_data); ++ ex_data = NULL; ++ impl = NULL; ++} + + static int int_get_new_index(int class_index, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func) +- { +- EX_CLASS_ITEM *item = def_get_class(class_index); +- if(!item) +- return -1; +- return def_add_index(item, argl, argp, new_func, dup_func, free_func); +- } +- +-/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in +- * the lock, then using them outside the lock. NB: Thread-safety only applies to +- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad' +- * itself. */ +-static int int_new_ex_data(int class_index, void *obj, +- CRYPTO_EX_DATA *ad) +- { +- int mx,i; +- void *ptr; +- CRYPTO_EX_DATA_FUNCS **storage = NULL; +- EX_CLASS_ITEM *item = def_get_class(class_index); +- if(!item) +- /* error is already set */ +- return 0; +- ad->sk = NULL; +- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); +- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); +- if(mx > 0) +- { +- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); +- if(!storage) +- goto skip; +- for(i = 0; i < mx; i++) +- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); +- } +-skip: +- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); +- if((mx > 0) && !storage) +- { +- CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- for(i = 0; i < mx; i++) +- { +- if(storage[i] && storage[i]->new_func) +- { +- ptr = CRYPTO_get_ex_data(ad, i); +- storage[i]->new_func(obj,ptr,ad,i, +- storage[i]->argl,storage[i]->argp); +- } +- } +- if(storage) +- OPENSSL_free(storage); +- return 1; +- } ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ EX_CLASS_ITEM *item = def_get_class(class_index); ++ if (!item) ++ return -1; ++ return def_add_index(item, argl, argp, new_func, dup_func, free_func); ++} ++ ++/* ++ * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries ++ * in the lock, then using them outside the lock. NB: Thread-safety only ++ * applies to the global "ex_data" state (ie. class definitions), not ++ * thread-safe on 'ad' itself. ++ */ ++static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) ++{ ++ int mx, i; ++ void *ptr; ++ CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ EX_CLASS_ITEM *item = def_get_class(class_index); ++ if (!item) ++ /* error is already set */ ++ return 0; ++ ad->sk = NULL; ++ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); ++ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); ++ if (mx > 0) { ++ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); ++ if (!storage) ++ goto skip; ++ for (i = 0; i < mx; i++) ++ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); ++ } ++ skip: ++ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); ++ if ((mx > 0) && !storage) { ++ CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ for (i = 0; i < mx; i++) { ++ if (storage[i] && storage[i]->new_func) { ++ ptr = CRYPTO_get_ex_data(ad, i); ++ storage[i]->new_func(obj, ptr, ad, i, ++ storage[i]->argl, storage[i]->argp); ++ } ++ } ++ if (storage) ++ OPENSSL_free(storage); ++ return 1; ++} + + /* Same thread-safety notes as for "int_new_ex_data" */ + static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, +- CRYPTO_EX_DATA *from) +- { +- int mx, j, i; +- char *ptr; +- CRYPTO_EX_DATA_FUNCS **storage = NULL; +- EX_CLASS_ITEM *item; +- if(!from->sk) +- /* 'to' should be "blank" which *is* just like 'from' */ +- return 1; +- if((item = def_get_class(class_index)) == NULL) +- return 0; +- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); +- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); +- j = sk_num(from->sk); +- if(j < mx) +- mx = j; +- if(mx > 0) +- { +- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); +- if(!storage) +- goto skip; +- for(i = 0; i < mx; i++) +- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); +- } +-skip: +- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); +- if((mx > 0) && !storage) +- { +- CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- for(i = 0; i < mx; i++) +- { +- ptr = CRYPTO_get_ex_data(from, i); +- if(storage[i] && storage[i]->dup_func) +- storage[i]->dup_func(to,from,&ptr,i, +- storage[i]->argl,storage[i]->argp); +- CRYPTO_set_ex_data(to,i,ptr); +- } +- if(storage) +- OPENSSL_free(storage); +- return 1; +- } ++ CRYPTO_EX_DATA *from) ++{ ++ int mx, j, i; ++ char *ptr; ++ CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ EX_CLASS_ITEM *item; ++ if (!from->sk) ++ /* 'to' should be "blank" which *is* just like 'from' */ ++ return 1; ++ if ((item = def_get_class(class_index)) == NULL) ++ return 0; ++ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); ++ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); ++ j = sk_num(from->sk); ++ if (j < mx) ++ mx = j; ++ if (mx > 0) { ++ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); ++ if (!storage) ++ goto skip; ++ for (i = 0; i < mx; i++) ++ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); ++ } ++ skip: ++ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); ++ if ((mx > 0) && !storage) { ++ CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ for (i = 0; i < mx; i++) { ++ ptr = CRYPTO_get_ex_data(from, i); ++ if (storage[i] && storage[i]->dup_func) ++ storage[i]->dup_func(to, from, &ptr, i, ++ storage[i]->argl, storage[i]->argp); ++ CRYPTO_set_ex_data(to, i, ptr); ++ } ++ if (storage) ++ OPENSSL_free(storage); ++ return 1; ++} + + /* Same thread-safety notes as for "int_new_ex_data" */ +-static void int_free_ex_data(int class_index, void *obj, +- CRYPTO_EX_DATA *ad) +- { +- int mx,i; +- EX_CLASS_ITEM *item; +- void *ptr; +- CRYPTO_EX_DATA_FUNCS **storage = NULL; +- if((item = def_get_class(class_index)) == NULL) +- return; +- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); +- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); +- if(mx > 0) +- { +- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); +- if(!storage) +- goto skip; +- for(i = 0; i < mx; i++) +- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); +- } +-skip: +- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); +- if((mx > 0) && !storage) +- { +- CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE); +- return; +- } +- for(i = 0; i < mx; i++) +- { +- if(storage[i] && storage[i]->free_func) +- { +- ptr = CRYPTO_get_ex_data(ad,i); +- storage[i]->free_func(obj,ptr,ad,i, +- storage[i]->argl,storage[i]->argp); +- } +- } +- if(storage) +- OPENSSL_free(storage); +- if(ad->sk) +- { +- sk_free(ad->sk); +- ad->sk=NULL; +- } +- } ++static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) ++{ ++ int mx, i; ++ EX_CLASS_ITEM *item; ++ void *ptr; ++ CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ if ((item = def_get_class(class_index)) == NULL) ++ return; ++ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); ++ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); ++ if (mx > 0) { ++ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); ++ if (!storage) ++ goto skip; ++ for (i = 0; i < mx; i++) ++ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); ++ } ++ skip: ++ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); ++ if ((mx > 0) && !storage) { ++ CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); ++ return; ++ } ++ for (i = 0; i < mx; i++) { ++ if (storage[i] && storage[i]->free_func) { ++ ptr = CRYPTO_get_ex_data(ad, i); ++ storage[i]->free_func(obj, ptr, ad, i, ++ storage[i]->argl, storage[i]->argp); ++ } ++ } ++ if (storage) ++ OPENSSL_free(storage); ++ if (ad->sk) { ++ sk_free(ad->sk); ++ ad->sk = NULL; ++ } ++} + + /********************************************************************/ +-/* API functions that defer all "state" operations to the "ex_data" +- * implementation we have set. */ ++/* ++ * API functions that defer all "state" operations to the "ex_data" ++ * implementation we have set. ++ */ + +-/* Obtain an index for a new class (not the same as getting a new index within +- * an existing class - this is actually getting a new *class*) */ ++/* ++ * Obtain an index for a new class (not the same as getting a new index ++ * within an existing class - this is actually getting a new *class*) ++ */ + int CRYPTO_ex_data_new_class(void) +- { +- IMPL_CHECK +- return EX_IMPL(new_class)(); +- } ++{ ++ IMPL_CHECK return EX_IMPL(new_class) (); ++} + +-/* Release all "ex_data" state to prevent memory leaks. This can't be made ++/* ++ * Release all "ex_data" state to prevent memory leaks. This can't be made + * thread-safe without overhauling a lot of stuff, and shouldn't really be + * called under potential race-conditions anyway (it's for program shutdown +- * after all). */ ++ * after all). ++ */ + void CRYPTO_cleanup_all_ex_data(void) +- { +- IMPL_CHECK +- EX_IMPL(cleanup)(); +- } ++{ ++ IMPL_CHECK EX_IMPL(cleanup) (); ++} + + /* Inside an existing class, get/register a new index. */ + int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func) +- { +- int ret = -1; +- +- IMPL_CHECK +- ret = EX_IMPL(get_new_index)(class_index, +- argl, argp, new_func, dup_func, free_func); +- return ret; +- } +- +-/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including +- * calling new() callbacks for each index in the class used by this variable */ ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ int ret = -1; ++ ++ IMPL_CHECK ++ ret = EX_IMPL(get_new_index) (class_index, ++ argl, argp, new_func, dup_func, ++ free_func); ++ return ret; ++} ++ ++/* ++ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including ++ * calling new() callbacks for each index in the class used by this variable ++ */ + int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +- { +- IMPL_CHECK +- return EX_IMPL(new_ex_data)(class_index, obj, ad); +- } ++{ ++ IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad); ++} + +-/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for +- * each index in the class used by this variable */ ++/* ++ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks ++ * for each index in the class used by this variable ++ */ + int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, +- CRYPTO_EX_DATA *from) +- { +- IMPL_CHECK +- return EX_IMPL(dup_ex_data)(class_index, to, from); +- } +- +-/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for +- * each index in the class used by this variable */ ++ CRYPTO_EX_DATA *from) ++{ ++ IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from); ++} ++ ++/* ++ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for ++ * each index in the class used by this variable ++ */ + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +- { +- IMPL_CHECK +- EX_IMPL(free_ex_data)(class_index, obj, ad); +- } ++{ ++ IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad); ++} + +-/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a +- * particular index in the class used by this variable */ ++/* ++ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a ++ * particular index in the class used by this variable ++ */ + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) +- { +- int i; +- +- if (ad->sk == NULL) +- { +- if ((ad->sk=sk_new_null()) == NULL) +- { +- CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- } +- i=sk_num(ad->sk); +- +- while (i <= idx) +- { +- if (!sk_push(ad->sk,NULL)) +- { +- CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- i++; +- } +- sk_set(ad->sk,idx,val); +- return(1); +- } +- +-/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a +- * particular index in the class used by this variable */ ++{ ++ int i; ++ ++ if (ad->sk == NULL) { ++ if ((ad->sk = sk_new_null()) == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ } ++ i = sk_num(ad->sk); ++ ++ while (i <= idx) { ++ if (!sk_push(ad->sk, NULL)) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ i++; ++ } ++ sk_set(ad->sk, idx, val); ++ return (1); ++} ++ ++/* ++ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a ++ * particular index in the class used by this variable ++ */ + void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) +- { +- if (ad->sk == NULL) +- return(0); +- else if (idx >= sk_num(ad->sk)) +- return(0); +- else +- return(sk_value(ad->sk,idx)); +- } ++{ ++ if (ad->sk == NULL) ++ return (0); ++ else if (idx >= sk_num(ad->sk)) ++ return (0); ++ else ++ return (sk_value(ad->sk, idx)); ++} + + IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) +diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c +index 09f1174..1788ed2 100644 +--- a/Cryptlib/OpenSSL/crypto/fips_err.c ++++ b/Cryptlib/OpenSSL/crypto/fips_err.c +@@ -3,5 +3,5 @@ + #ifdef OPENSSL_FIPS + # include "fips_err.h" + #else +-static void *dummy=&dummy; ++static void *dummy = &dummy; + #endif +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +index 6899be6..639fd8c 100644 +--- a/Cryptlib/OpenSSL/crypto/hmac/hmac.c ++++ b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,117 +64,109 @@ + #ifndef OPENSSL_FIPS + + void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md, ENGINE *impl) +- { +- int i,j,reset=0; +- unsigned char pad[HMAC_MAX_MD_CBLOCK]; +- +- if (md != NULL) +- { +- reset=1; +- ctx->md=md; +- } +- else +- md=ctx->md; +- +- if (key != NULL) +- { +- reset=1; +- j=EVP_MD_block_size(md); +- OPENSSL_assert(j <= (int)sizeof(ctx->key)); +- if (j < len) +- { +- EVP_DigestInit_ex(&ctx->md_ctx,md, impl); +- EVP_DigestUpdate(&ctx->md_ctx,key,len); +- EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, +- &ctx->key_length); +- } +- else +- { +- OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key)); +- memcpy(ctx->key,key,len); +- ctx->key_length=len; +- } +- if(ctx->key_length != HMAC_MAX_MD_CBLOCK) +- memset(&ctx->key[ctx->key_length], 0, +- HMAC_MAX_MD_CBLOCK - ctx->key_length); +- } +- +- if (reset) +- { +- for (i=0; ikey[i]; +- EVP_DigestInit_ex(&ctx->i_ctx,md, impl); +- EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); +- +- for (i=0; ikey[i]; +- EVP_DigestInit_ex(&ctx->o_ctx,md, impl); +- EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); +- } +- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); +- } +- +-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md) +- { +- if(key && md) +- HMAC_CTX_init(ctx); +- HMAC_Init_ex(ctx,key,len,md, NULL); +- } ++ const EVP_MD *md, ENGINE *impl) ++{ ++ int i, j, reset = 0; ++ unsigned char pad[HMAC_MAX_MD_CBLOCK]; ++ ++ if (md != NULL) { ++ reset = 1; ++ ctx->md = md; ++ } else ++ md = ctx->md; ++ ++ if (key != NULL) { ++ reset = 1; ++ j = EVP_MD_block_size(md); ++ OPENSSL_assert(j <= (int)sizeof(ctx->key)); ++ if (j < len) { ++ EVP_DigestInit_ex(&ctx->md_ctx, md, impl); ++ EVP_DigestUpdate(&ctx->md_ctx, key, len); ++ EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length); ++ } else { ++ OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); ++ memcpy(ctx->key, key, len); ++ ctx->key_length = len; ++ } ++ if (ctx->key_length != HMAC_MAX_MD_CBLOCK) ++ memset(&ctx->key[ctx->key_length], 0, ++ HMAC_MAX_MD_CBLOCK - ctx->key_length); ++ } ++ ++ if (reset) { ++ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) ++ pad[i] = 0x36 ^ ctx->key[i]; ++ EVP_DigestInit_ex(&ctx->i_ctx, md, impl); ++ EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)); ++ ++ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) ++ pad[i] = 0x5c ^ ctx->key[i]; ++ EVP_DigestInit_ex(&ctx->o_ctx, md, impl); ++ EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)); ++ } ++ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx); ++} ++ ++void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) ++{ ++ if (key && md) ++ HMAC_CTX_init(ctx); ++ HMAC_Init_ex(ctx, key, len, md, NULL); ++} + + void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) +- { +- EVP_DigestUpdate(&ctx->md_ctx,data,len); +- } ++{ ++ EVP_DigestUpdate(&ctx->md_ctx, data, len); ++} + + void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) +- { +- unsigned int i; +- unsigned char buf[EVP_MAX_MD_SIZE]; ++{ ++ unsigned int i; ++ unsigned char buf[EVP_MAX_MD_SIZE]; + +- EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); +- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); +- EVP_DigestUpdate(&ctx->md_ctx,buf,i); +- EVP_DigestFinal_ex(&ctx->md_ctx,md,len); +- } ++ EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i); ++ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx); ++ EVP_DigestUpdate(&ctx->md_ctx, buf, i); ++ EVP_DigestFinal_ex(&ctx->md_ctx, md, len); ++} + + void HMAC_CTX_init(HMAC_CTX *ctx) +- { +- EVP_MD_CTX_init(&ctx->i_ctx); +- EVP_MD_CTX_init(&ctx->o_ctx); +- EVP_MD_CTX_init(&ctx->md_ctx); +- } ++{ ++ EVP_MD_CTX_init(&ctx->i_ctx); ++ EVP_MD_CTX_init(&ctx->o_ctx); ++ EVP_MD_CTX_init(&ctx->md_ctx); ++} + + void HMAC_CTX_cleanup(HMAC_CTX *ctx) +- { +- EVP_MD_CTX_cleanup(&ctx->i_ctx); +- EVP_MD_CTX_cleanup(&ctx->o_ctx); +- EVP_MD_CTX_cleanup(&ctx->md_ctx); +- memset(ctx,0,sizeof *ctx); +- } ++{ ++ EVP_MD_CTX_cleanup(&ctx->i_ctx); ++ EVP_MD_CTX_cleanup(&ctx->o_ctx); ++ EVP_MD_CTX_cleanup(&ctx->md_ctx); ++ memset(ctx, 0, sizeof *ctx); ++} + + unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, +- const unsigned char *d, size_t n, unsigned char *md, +- unsigned int *md_len) +- { +- HMAC_CTX c; +- static unsigned char m[EVP_MAX_MD_SIZE]; +- +- if (md == NULL) md=m; +- HMAC_CTX_init(&c); +- HMAC_Init(&c,key,key_len,evp_md); +- HMAC_Update(&c,d,n); +- HMAC_Final(&c,md,md_len); +- HMAC_CTX_cleanup(&c); +- return(md); +- } ++ const unsigned char *d, size_t n, unsigned char *md, ++ unsigned int *md_len) ++{ ++ HMAC_CTX c; ++ static unsigned char m[EVP_MAX_MD_SIZE]; ++ ++ if (md == NULL) ++ md = m; ++ HMAC_CTX_init(&c); ++ HMAC_Init(&c, key, key_len, evp_md); ++ HMAC_Update(&c, d, n); ++ HMAC_Final(&c, md, md_len); ++ HMAC_CTX_cleanup(&c); ++ return (md); ++} + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) +- { +- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); +- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); +- } ++{ ++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c +index ecb9cb8..950df98 100644 +--- a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c ++++ b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,110 +59,113 @@ + #include + #include "idea_lcl.h" + +-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt) +- { +- register unsigned long tin0,tin1; +- register unsigned long tout0,tout1,xor0,xor1; +- register long l=length; +- unsigned long tin[2]; ++void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, ++ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, ++ int encrypt) ++{ ++ register unsigned long tin0, tin1; ++ register unsigned long tout0, tout1, xor0, xor1; ++ register long l = length; ++ unsigned long tin[2]; + +- if (encrypt) +- { +- n2l(iv,tout0); +- n2l(iv,tout1); +- iv-=8; +- for (l-=8; l>=0; l-=8) +- { +- n2l(in,tin0); +- n2l(in,tin1); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- idea_encrypt(tin,ks); +- tout0=tin[0]; l2n(tout0,out); +- tout1=tin[1]; l2n(tout1,out); +- } +- if (l != -8) +- { +- n2ln(in,tin0,tin1,l+8); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- idea_encrypt(tin,ks); +- tout0=tin[0]; l2n(tout0,out); +- tout1=tin[1]; l2n(tout1,out); +- } +- l2n(tout0,iv); +- l2n(tout1,iv); +- } +- else +- { +- n2l(iv,xor0); +- n2l(iv,xor1); +- iv-=8; +- for (l-=8; l>=0; l-=8) +- { +- n2l(in,tin0); tin[0]=tin0; +- n2l(in,tin1); tin[1]=tin1; +- idea_encrypt(tin,ks); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2n(tout0,out); +- l2n(tout1,out); +- xor0=tin0; +- xor1=tin1; +- } +- if (l != -8) +- { +- n2l(in,tin0); tin[0]=tin0; +- n2l(in,tin1); tin[1]=tin1; +- idea_encrypt(tin,ks); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2nn(tout0,tout1,out,l+8); +- xor0=tin0; +- xor1=tin1; +- } +- l2n(xor0,iv); +- l2n(xor1,iv); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; +- } ++ if (encrypt) { ++ n2l(iv, tout0); ++ n2l(iv, tout1); ++ iv -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ n2l(in, tin0); ++ n2l(in, tin1); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ idea_encrypt(tin, ks); ++ tout0 = tin[0]; ++ l2n(tout0, out); ++ tout1 = tin[1]; ++ l2n(tout1, out); ++ } ++ if (l != -8) { ++ n2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ idea_encrypt(tin, ks); ++ tout0 = tin[0]; ++ l2n(tout0, out); ++ tout1 = tin[1]; ++ l2n(tout1, out); ++ } ++ l2n(tout0, iv); ++ l2n(tout1, iv); ++ } else { ++ n2l(iv, xor0); ++ n2l(iv, xor1); ++ iv -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ n2l(in, tin0); ++ tin[0] = tin0; ++ n2l(in, tin1); ++ tin[1] = tin1; ++ idea_encrypt(tin, ks); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2n(tout0, out); ++ l2n(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ n2l(in, tin0); ++ tin[0] = tin0; ++ n2l(in, tin1); ++ tin[1] = tin1; ++ idea_encrypt(tin, ks); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2nn(tout0, tout1, out, l + 8); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ l2n(xor0, iv); ++ l2n(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} + + void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key) +- { +- register IDEA_INT *p; +- register unsigned long x1,x2,x3,x4,t0,t1,ul; ++{ ++ register IDEA_INT *p; ++ register unsigned long x1, x2, x3, x4, t0, t1, ul; + +- x2=d[0]; +- x1=(x2>>16); +- x4=d[1]; +- x3=(x4>>16); ++ x2 = d[0]; ++ x1 = (x2 >> 16); ++ x4 = d[1]; ++ x3 = (x4 >> 16); + +- p= &(key->data[0][0]); ++ p = &(key->data[0][0]); + +- E_IDEA(0); +- E_IDEA(1); +- E_IDEA(2); +- E_IDEA(3); +- E_IDEA(4); +- E_IDEA(5); +- E_IDEA(6); +- E_IDEA(7); ++ E_IDEA(0); ++ E_IDEA(1); ++ E_IDEA(2); ++ E_IDEA(3); ++ E_IDEA(4); ++ E_IDEA(5); ++ E_IDEA(6); ++ E_IDEA(7); + +- x1&=0xffff; +- idea_mul(x1,x1,*p,ul); p++; ++ x1 &= 0xffff; ++ idea_mul(x1, x1, *p, ul); ++ p++; + +- t0= x3+ *(p++); +- t1= x2+ *(p++); ++ t0 = x3 + *(p++); ++ t1 = x2 + *(p++); + +- x4&=0xffff; +- idea_mul(x4,x4,*p,ul); ++ x4 &= 0xffff; ++ idea_mul(x4, x4, *p, ul); + +- d[0]=(t0&0xffff)|((x1&0xffff)<<16); +- d[1]=(x4&0xffff)|((t1&0xffff)<<16); +- } ++ d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16); ++ d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16); ++} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c +index 66d49d5..a1547ed 100644 +--- a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c ++++ b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,64 +59,65 @@ + #include + #include "idea_lcl.h" + +-/* The input and output encrypted as though 64bit cfb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + + void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *schedule, +- unsigned char *ivec, int *num, int encrypt) +- { +- register unsigned long v0,v1,t; +- register int n= *num; +- register long l=length; +- unsigned long ti[2]; +- unsigned char *iv,c,cc; +- +- iv=(unsigned char *)ivec; +- if (encrypt) +- { +- while (l--) +- { +- if (n == 0) +- { +- n2l(iv,v0); ti[0]=v0; +- n2l(iv,v1); ti[1]=v1; +- idea_encrypt((unsigned long *)ti,schedule); +- iv=(unsigned char *)ivec; +- t=ti[0]; l2n(t,iv); +- t=ti[1]; l2n(t,iv); +- iv=(unsigned char *)ivec; +- } +- c= *(in++)^iv[n]; +- *(out++)=c; +- iv[n]=c; +- n=(n+1)&0x07; +- } +- } +- else +- { +- while (l--) +- { +- if (n == 0) +- { +- n2l(iv,v0); ti[0]=v0; +- n2l(iv,v1); ti[1]=v1; +- idea_encrypt((unsigned long *)ti,schedule); +- iv=(unsigned char *)ivec; +- t=ti[0]; l2n(t,iv); +- t=ti[1]; l2n(t,iv); +- iv=(unsigned char *)ivec; +- } +- cc= *(in++); +- c=iv[n]; +- iv[n]=cc; +- *(out++)=c^cc; +- n=(n+1)&0x07; +- } +- } +- v0=v1=ti[0]=ti[1]=t=c=cc=0; +- *num=n; +- } ++ long length, IDEA_KEY_SCHEDULE *schedule, ++ unsigned char *ivec, int *num, int encrypt) ++{ ++ register unsigned long v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ unsigned long ti[2]; ++ unsigned char *iv, c, cc; + ++ iv = (unsigned char *)ivec; ++ if (encrypt) { ++ while (l--) { ++ if (n == 0) { ++ n2l(iv, v0); ++ ti[0] = v0; ++ n2l(iv, v1); ++ ti[1] = v1; ++ idea_encrypt((unsigned long *)ti, schedule); ++ iv = (unsigned char *)ivec; ++ t = ti[0]; ++ l2n(t, iv); ++ t = ti[1]; ++ l2n(t, iv); ++ iv = (unsigned char *)ivec; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ n2l(iv, v0); ++ ti[0] = v0; ++ n2l(iv, v1); ++ ti[1] = v1; ++ idea_encrypt((unsigned long *)ti, schedule); ++ iv = (unsigned char *)ivec; ++ t = ti[0]; ++ l2n(t, iv); ++ t = ti[1]; ++ l2n(t, iv); ++ iv = (unsigned char *)ivec; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c +index fef3823..a6b879a 100644 +--- a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c ++++ b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,26 +60,29 @@ + #include "idea_lcl.h" + #include + +-const char IDEA_version[]="IDEA" OPENSSL_VERSION_PTEXT; ++const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT; + + const char *idea_options(void) +- { +- if (sizeof(short) != sizeof(IDEA_INT)) +- return("idea(int)"); +- else +- return("idea(short)"); +- } ++{ ++ if (sizeof(short) != sizeof(IDEA_INT)) ++ return ("idea(int)"); ++ else ++ return ("idea(short)"); ++} + + void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, +- IDEA_KEY_SCHEDULE *ks) +- { +- unsigned long l0,l1,d[2]; +- +- n2l(in,l0); d[0]=l0; +- n2l(in,l1); d[1]=l1; +- idea_encrypt(d,ks); +- l0=d[0]; l2n(l0,out); +- l1=d[1]; l2n(l1,out); +- l0=l1=d[0]=d[1]=0; +- } ++ IDEA_KEY_SCHEDULE *ks) ++{ ++ unsigned long l0, l1, d[2]; + ++ n2l(in, l0); ++ d[0] = l0; ++ n2l(in, l1); ++ d[1] = l1; ++ idea_encrypt(d, ks); ++ l0 = d[0]; ++ l2n(l0, out); ++ l1 = d[1]; ++ l2n(l1, out); ++ l0 = l1 = d[0] = d[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c +index e749e88..aa59488 100644 +--- a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c ++++ b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,53 +59,52 @@ + #include + #include "idea_lcl.h" + +-/* The input and output encrypted as though 64bit ofb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, IDEA_KEY_SCHEDULE *schedule, +- unsigned char *ivec, int *num) +- { +- register unsigned long v0,v1,t; +- register int n= *num; +- register long l=length; +- unsigned char d[8]; +- register char *dp; +- unsigned long ti[2]; +- unsigned char *iv; +- int save=0; +- +- iv=(unsigned char *)ivec; +- n2l(iv,v0); +- n2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- dp=(char *)d; +- l2n(v0,dp); +- l2n(v1,dp); +- while (l--) +- { +- if (n == 0) +- { +- idea_encrypt((unsigned long *)ti,schedule); +- dp=(char *)d; +- t=ti[0]; l2n(t,dp); +- t=ti[1]; l2n(t,dp); +- save++; +- } +- *(out++)= *(in++)^d[n]; +- n=(n+1)&0x07; +- } +- if (save) +- { +- v0=ti[0]; +- v1=ti[1]; +- iv=(unsigned char *)ivec; +- l2n(v0,iv); +- l2n(v1,iv); +- } +- t=v0=v1=ti[0]=ti[1]=0; +- *num=n; +- } ++ long length, IDEA_KEY_SCHEDULE *schedule, ++ unsigned char *ivec, int *num) ++{ ++ register unsigned long v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ unsigned char d[8]; ++ register char *dp; ++ unsigned long ti[2]; ++ unsigned char *iv; ++ int save = 0; + ++ iv = (unsigned char *)ivec; ++ n2l(iv, v0); ++ n2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = (char *)d; ++ l2n(v0, dp); ++ l2n(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ idea_encrypt((unsigned long *)ti, schedule); ++ dp = (char *)d; ++ t = ti[0]; ++ l2n(t, dp); ++ t = ti[1]; ++ l2n(t, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++ v0 = ti[0]; ++ v1 = ti[1]; ++ iv = (unsigned char *)ivec; ++ l2n(v0, iv); ++ l2n(v1, iv); ++ } ++ t = v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c +index fa75b14..195e2ef 100644 +--- a/Cryptlib/OpenSSL/crypto/idea/i_skey.c ++++ b/Cryptlib/OpenSSL/crypto/idea/i_skey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,7 +59,7 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include "idea_lcl.h" +@@ -68,107 +68,113 @@ static IDEA_INT inverse(unsigned int xin); + + #ifdef OPENSSL_FIPS + void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) +- { +- if (FIPS_mode()) +- FIPS_BAD_ABORT(IDEA) +- private_idea_set_encrypt_key(key, ks); +- } ++{ ++ if (FIPS_mode()) ++ FIPS_BAD_ABORT(IDEA) ++ private_idea_set_encrypt_key(key, ks); ++} ++ + void private_idea_set_encrypt_key(const unsigned char *key, +- IDEA_KEY_SCHEDULE *ks) ++ IDEA_KEY_SCHEDULE *ks) + #else + void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) + #endif +- { +- int i; +- register IDEA_INT *kt,*kf,r0,r1,r2; ++{ ++ int i; ++ register IDEA_INT *kt, *kf, r0, r1, r2; + +- kt= &(ks->data[0][0]); +- n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]); +- n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]); ++ kt = &(ks->data[0][0]); ++ n2s(key, kt[0]); ++ n2s(key, kt[1]); ++ n2s(key, kt[2]); ++ n2s(key, kt[3]); ++ n2s(key, kt[4]); ++ n2s(key, kt[5]); ++ n2s(key, kt[6]); ++ n2s(key, kt[7]); + +- kf=kt; +- kt+=8; +- for (i=0; i<6; i++) +- { +- r2= kf[1]; +- r1= kf[2]; +- *(kt++)= ((r2<<9) | (r1>>7))&0xffff; +- r0= kf[3]; +- *(kt++)= ((r1<<9) | (r0>>7))&0xffff; +- r1= kf[4]; +- *(kt++)= ((r0<<9) | (r1>>7))&0xffff; +- r0= kf[5]; +- *(kt++)= ((r1<<9) | (r0>>7))&0xffff; +- r1= kf[6]; +- *(kt++)= ((r0<<9) | (r1>>7))&0xffff; +- r0= kf[7]; +- *(kt++)= ((r1<<9) | (r0>>7))&0xffff; +- r1= kf[0]; +- if (i >= 5) break; +- *(kt++)= ((r0<<9) | (r1>>7))&0xffff; +- *(kt++)= ((r1<<9) | (r2>>7))&0xffff; +- kf+=8; +- } +- } ++ kf = kt; ++ kt += 8; ++ for (i = 0; i < 6; i++) { ++ r2 = kf[1]; ++ r1 = kf[2]; ++ *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff; ++ r0 = kf[3]; ++ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; ++ r1 = kf[4]; ++ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; ++ r0 = kf[5]; ++ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; ++ r1 = kf[6]; ++ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; ++ r0 = kf[7]; ++ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; ++ r1 = kf[0]; ++ if (i >= 5) ++ break; ++ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; ++ *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff; ++ kf += 8; ++ } ++} + + void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) +- { +- int r; +- register IDEA_INT *tp,t; +- const IDEA_INT *fp; ++{ ++ int r; ++ register IDEA_INT *tp, t; ++ const IDEA_INT *fp; + +- tp= &(dk->data[0][0]); +- fp= &(ek->data[8][0]); +- for (r=0; r<9; r++) +- { +- *(tp++)=inverse(fp[0]); +- *(tp++)=((int)(0x10000L-fp[2])&0xffff); +- *(tp++)=((int)(0x10000L-fp[1])&0xffff); +- *(tp++)=inverse(fp[3]); +- if (r == 8) break; +- fp-=6; +- *(tp++)=fp[4]; +- *(tp++)=fp[5]; +- } ++ tp = &(dk->data[0][0]); ++ fp = &(ek->data[8][0]); ++ for (r = 0; r < 9; r++) { ++ *(tp++) = inverse(fp[0]); ++ *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff); ++ *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff); ++ *(tp++) = inverse(fp[3]); ++ if (r == 8) ++ break; ++ fp -= 6; ++ *(tp++) = fp[4]; ++ *(tp++) = fp[5]; ++ } + +- tp= &(dk->data[0][0]); +- t=tp[1]; +- tp[1]=tp[2]; +- tp[2]=t; ++ tp = &(dk->data[0][0]); ++ t = tp[1]; ++ tp[1] = tp[2]; ++ tp[2] = t; + +- t=tp[49]; +- tp[49]=tp[50]; +- tp[50]=t; +- } ++ t = tp[49]; ++ tp[49] = tp[50]; ++ tp[50] = t; ++} + + /* taken directly from the 'paper' I'll have a look at it later */ + static IDEA_INT inverse(unsigned int xin) +- { +- long n1,n2,q,r,b1,b2,t; ++{ ++ long n1, n2, q, r, b1, b2, t; + +- if (xin == 0) +- b2=0; +- else +- { +- n1=0x10001; +- n2=xin; +- b2=1; +- b1=0; ++ if (xin == 0) ++ b2 = 0; ++ else { ++ n1 = 0x10001; ++ n2 = xin; ++ b2 = 1; ++ b1 = 0; + +- do { +- r=(n1%n2); +- q=(n1-r)/n2; +- if (r == 0) +- { if (b2 < 0) b2=0x10001+b2; } +- else +- { +- n1=n2; +- n2=r; +- t=b2; +- b2=b1-q*b2; +- b1=t; +- } +- } while (r != 0); +- } +- return((IDEA_INT)b2); +- } ++ do { ++ r = (n1 % n2); ++ q = (n1 - r) / n2; ++ if (r == 0) { ++ if (b2 < 0) ++ b2 = 0x10001 + b2; ++ } else { ++ n1 = n2; ++ n2 = r; ++ t = b2; ++ b2 = b1 - q * b2; ++ b1 = t; ++ } ++ } while (r != 0); ++ } ++ return ((IDEA_INT) b2); ++} +diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c +index 1fb741d..d9851e9 100644 +--- a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c ++++ b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c +@@ -1,7 +1,8 @@ + /* krb5_asn.c */ +-/* Written by Vern Staats for the OpenSSL project, +-** using ocsp/{*.h,*asn*.c} as a starting point +-*/ ++/* ++ * Written by Vern Staats for the OpenSSL project, ** ++ * using ocsp/{*.h,*asn*.c} as a starting point ++ */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,107 +62,101 @@ + + + ASN1_SEQUENCE(KRB5_ENCDATA) = { +- ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), +- ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), +- ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) ++ ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), ++ ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), ++ ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) + } ASN1_SEQUENCE_END(KRB5_ENCDATA) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA) + + + ASN1_SEQUENCE(KRB5_PRINCNAME) = { +- ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), +- ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) ++ ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), ++ ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) + } ASN1_SEQUENCE_END(KRB5_PRINCNAME) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME) + +- + /* [APPLICATION 1] = 0x61 */ + ASN1_SEQUENCE(KRB5_TKTBODY) = { +- ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), +- ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), +- ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), +- ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) ++ ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), ++ ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), ++ ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) + } ASN1_SEQUENCE_END(KRB5_TKTBODY) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY) + + +-ASN1_ITEM_TEMPLATE(KRB5_TICKET) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, +- KRB5_TICKET, KRB5_TKTBODY) ++ASN1_ITEM_TEMPLATE(KRB5_TICKET) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, ++ KRB5_TICKET, KRB5_TKTBODY) + ASN1_ITEM_TEMPLATE_END(KRB5_TICKET) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET) + +- + /* [APPLICATION 14] = 0x6e */ + ASN1_SEQUENCE(KRB5_APREQBODY) = { +- ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), +- ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), +- ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), +- ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), +- ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), ++ ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), ++ ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), ++ ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), ++ ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), + } ASN1_SEQUENCE_END(KRB5_APREQBODY) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY) + +-ASN1_ITEM_TEMPLATE(KRB5_APREQ) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, +- KRB5_APREQ, KRB5_APREQBODY) ++ASN1_ITEM_TEMPLATE(KRB5_APREQ) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, ++ KRB5_APREQ, KRB5_APREQBODY) + ASN1_ITEM_TEMPLATE_END(KRB5_APREQ) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ) + +- +-/* Authenticator stuff */ ++/* Authenticator stuff */ + + ASN1_SEQUENCE(KRB5_CHECKSUM) = { +- ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), +- ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) ++ ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) + } ASN1_SEQUENCE_END(KRB5_CHECKSUM) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM) + + + ASN1_SEQUENCE(KRB5_ENCKEY) = { +- ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), +- ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) ++ ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) + } ASN1_SEQUENCE_END(KRB5_ENCKEY) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY) + +- + /* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */ + ASN1_SEQUENCE(KRB5_AUTHDATA) = { +- ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), +- ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) ++ ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) + } ASN1_SEQUENCE_END(KRB5_AUTHDATA) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA) + +- + /* [APPLICATION 2] = 0x62 */ + ASN1_SEQUENCE(KRB5_AUTHENTBODY) = { +- ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), +- ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), +- ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), +- ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), +- ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), +- ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), +- ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), +- ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), +- ASN1_EXP_SEQUENCE_OF_OPT +- (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), ++ ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), ++ ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), ++ ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), ++ ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), ++ ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), ++ ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), ++ ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), ++ ASN1_EXP_SEQUENCE_OF_OPT ++ (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), + } ASN1_SEQUENCE_END(KRB5_AUTHENTBODY) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) + +-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, +- KRB5_AUTHENT, KRB5_AUTHENTBODY) ++ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, ++ KRB5_AUTHENT, KRB5_AUTHENTBODY) + ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT) + + IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT) +- +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +index 5aa7766..2e87a46 100644 +--- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c ++++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,190 +59,188 @@ + #include + #include + #include +-/* If you wish to build this outside of SSLeay, remove the following lines +- * and things should work as expected */ ++/* ++ * If you wish to build this outside of SSLeay, remove the following lines ++ * and things should work as expected ++ */ + #include "cryptlib.h" + + #ifndef OPENSSL_NO_BIO +-#include ++# include + #endif + #include + + #ifdef OPENSSL_NO_BIO + + void lh_stats(LHASH *lh, FILE *out) +- { +- fprintf(out,"num_items = %lu\n",lh->num_items); +- fprintf(out,"num_nodes = %u\n",lh->num_nodes); +- fprintf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); +- fprintf(out,"num_expands = %lu\n",lh->num_expands); +- fprintf(out,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); +- fprintf(out,"num_contracts = %lu\n",lh->num_contracts); +- fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); +- fprintf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); +- fprintf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); +- fprintf(out,"num_insert = %lu\n",lh->num_insert); +- fprintf(out,"num_replace = %lu\n",lh->num_replace); +- fprintf(out,"num_delete = %lu\n",lh->num_delete); +- fprintf(out,"num_no_delete = %lu\n",lh->num_no_delete); +- fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); +- fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); +- fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); +-#if 0 +- fprintf(out,"p = %u\n",lh->p); +- fprintf(out,"pmax = %u\n",lh->pmax); +- fprintf(out,"up_load = %lu\n",lh->up_load); +- fprintf(out,"down_load = %lu\n",lh->down_load); +-#endif +- } ++{ ++ fprintf(out, "num_items = %lu\n", lh->num_items); ++ fprintf(out, "num_nodes = %u\n", lh->num_nodes); ++ fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); ++ fprintf(out, "num_expands = %lu\n", lh->num_expands); ++ fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); ++ fprintf(out, "num_contracts = %lu\n", lh->num_contracts); ++ fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); ++ fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); ++ fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); ++ fprintf(out, "num_insert = %lu\n", lh->num_insert); ++ fprintf(out, "num_replace = %lu\n", lh->num_replace); ++ fprintf(out, "num_delete = %lu\n", lh->num_delete); ++ fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); ++ fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); ++ fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); ++ fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); ++# if 0 ++ fprintf(out, "p = %u\n", lh->p); ++ fprintf(out, "pmax = %u\n", lh->pmax); ++ fprintf(out, "up_load = %lu\n", lh->up_load); ++ fprintf(out, "down_load = %lu\n", lh->down_load); ++# endif ++} + + void lh_node_stats(LHASH *lh, FILE *out) +- { +- LHASH_NODE *n; +- unsigned int i,num; +- +- for (i=0; inum_nodes; i++) +- { +- for (n=lh->b[i],num=0; n != NULL; n=n->next) +- num++; +- fprintf(out,"node %6u -> %3u\n",i,num); +- } +- } ++{ ++ LHASH_NODE *n; ++ unsigned int i, num; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ for (n = lh->b[i], num = 0; n != NULL; n = n->next) ++ num++; ++ fprintf(out, "node %6u -> %3u\n", i, num); ++ } ++} + + void lh_node_usage_stats(LHASH *lh, FILE *out) +- { +- LHASH_NODE *n; +- unsigned long num; +- unsigned int i; +- unsigned long total=0,n_used=0; +- +- for (i=0; inum_nodes; i++) +- { +- for (n=lh->b[i],num=0; n != NULL; n=n->next) +- num++; +- if (num != 0) +- { +- n_used++; +- total+=num; +- } +- } +- fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); +- fprintf(out,"%lu items\n",total); +- if (n_used == 0) return; +- fprintf(out,"load %d.%02d actual load %d.%02d\n", +- (int)(total/lh->num_nodes), +- (int)((total%lh->num_nodes)*100/lh->num_nodes), +- (int)(total/n_used), +- (int)((total%n_used)*100/n_used)); +- } ++{ ++ LHASH_NODE *n; ++ unsigned long num; ++ unsigned int i; ++ unsigned long total = 0, n_used = 0; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ for (n = lh->b[i], num = 0; n != NULL; n = n->next) ++ num++; ++ if (num != 0) { ++ n_used++; ++ total += num; ++ } ++ } ++ fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); ++ fprintf(out, "%lu items\n", total); ++ if (n_used == 0) ++ return; ++ fprintf(out, "load %d.%02d actual load %d.%02d\n", ++ (int)(total / lh->num_nodes), ++ (int)((total % lh->num_nodes) * 100 / lh->num_nodes), ++ (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); ++} + + #else + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + void lh_stats(const LHASH *lh, FILE *fp) +- { +- BIO *bp; +- +- bp=BIO_new(BIO_s_file()); +- if (bp == NULL) goto end; +- BIO_set_fp(bp,fp,BIO_NOCLOSE); +- lh_stats_bio(lh,bp); +- BIO_free(bp); +-end:; +- } ++{ ++ BIO *bp; ++ ++ bp = BIO_new(BIO_s_file()); ++ if (bp == NULL) ++ goto end; ++ BIO_set_fp(bp, fp, BIO_NOCLOSE); ++ lh_stats_bio(lh, bp); ++ BIO_free(bp); ++ end:; ++} + + void lh_node_stats(const LHASH *lh, FILE *fp) +- { +- BIO *bp; +- +- bp=BIO_new(BIO_s_file()); +- if (bp == NULL) goto end; +- BIO_set_fp(bp,fp,BIO_NOCLOSE); +- lh_node_stats_bio(lh,bp); +- BIO_free(bp); +-end:; +- } ++{ ++ BIO *bp; ++ ++ bp = BIO_new(BIO_s_file()); ++ if (bp == NULL) ++ goto end; ++ BIO_set_fp(bp, fp, BIO_NOCLOSE); ++ lh_node_stats_bio(lh, bp); ++ BIO_free(bp); ++ end:; ++} + + void lh_node_usage_stats(const LHASH *lh, FILE *fp) +- { +- BIO *bp; ++{ ++ BIO *bp; + +- bp=BIO_new(BIO_s_file()); +- if (bp == NULL) goto end; +- BIO_set_fp(bp,fp,BIO_NOCLOSE); +- lh_node_usage_stats_bio(lh,bp); +- BIO_free(bp); +-end:; +- } ++ bp = BIO_new(BIO_s_file()); ++ if (bp == NULL) ++ goto end; ++ BIO_set_fp(bp, fp, BIO_NOCLOSE); ++ lh_node_usage_stats_bio(lh, bp); ++ BIO_free(bp); ++ end:; ++} + +-#endif ++# endif + + void lh_stats_bio(const LHASH *lh, BIO *out) +- { +- BIO_printf(out,"num_items = %lu\n",lh->num_items); +- BIO_printf(out,"num_nodes = %u\n",lh->num_nodes); +- BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); +- BIO_printf(out,"num_expands = %lu\n",lh->num_expands); +- BIO_printf(out,"num_expand_reallocs = %lu\n", +- lh->num_expand_reallocs); +- BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts); +- BIO_printf(out,"num_contract_reallocs = %lu\n", +- lh->num_contract_reallocs); +- BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); +- BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); +- BIO_printf(out,"num_insert = %lu\n",lh->num_insert); +- BIO_printf(out,"num_replace = %lu\n",lh->num_replace); +- BIO_printf(out,"num_delete = %lu\n",lh->num_delete); +- BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete); +- BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve); +- BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); +- BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); +-#if 0 +- BIO_printf(out,"p = %u\n",lh->p); +- BIO_printf(out,"pmax = %u\n",lh->pmax); +- BIO_printf(out,"up_load = %lu\n",lh->up_load); +- BIO_printf(out,"down_load = %lu\n",lh->down_load); +-#endif +- } ++{ ++ BIO_printf(out, "num_items = %lu\n", lh->num_items); ++ BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); ++ BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); ++ BIO_printf(out, "num_expands = %lu\n", lh->num_expands); ++ BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); ++ BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); ++ BIO_printf(out, "num_contract_reallocs = %lu\n", ++ lh->num_contract_reallocs); ++ BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); ++ BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); ++ BIO_printf(out, "num_insert = %lu\n", lh->num_insert); ++ BIO_printf(out, "num_replace = %lu\n", lh->num_replace); ++ BIO_printf(out, "num_delete = %lu\n", lh->num_delete); ++ BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); ++ BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); ++ BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); ++ BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); ++# if 0 ++ BIO_printf(out, "p = %u\n", lh->p); ++ BIO_printf(out, "pmax = %u\n", lh->pmax); ++ BIO_printf(out, "up_load = %lu\n", lh->up_load); ++ BIO_printf(out, "down_load = %lu\n", lh->down_load); ++# endif ++} + + void lh_node_stats_bio(const LHASH *lh, BIO *out) +- { +- LHASH_NODE *n; +- unsigned int i,num; +- +- for (i=0; inum_nodes; i++) +- { +- for (n=lh->b[i],num=0; n != NULL; n=n->next) +- num++; +- BIO_printf(out,"node %6u -> %3u\n",i,num); +- } +- } ++{ ++ LHASH_NODE *n; ++ unsigned int i, num; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ for (n = lh->b[i], num = 0; n != NULL; n = n->next) ++ num++; ++ BIO_printf(out, "node %6u -> %3u\n", i, num); ++ } ++} + + void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) +- { +- LHASH_NODE *n; +- unsigned long num; +- unsigned int i; +- unsigned long total=0,n_used=0; +- +- for (i=0; inum_nodes; i++) +- { +- for (n=lh->b[i],num=0; n != NULL; n=n->next) +- num++; +- if (num != 0) +- { +- n_used++; +- total+=num; +- } +- } +- BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); +- BIO_printf(out,"%lu items\n",total); +- if (n_used == 0) return; +- BIO_printf(out,"load %d.%02d actual load %d.%02d\n", +- (int)(total/lh->num_nodes), +- (int)((total%lh->num_nodes)*100/lh->num_nodes), +- (int)(total/n_used), +- (int)((total%n_used)*100/n_used)); +- } ++{ ++ LHASH_NODE *n; ++ unsigned long num; ++ unsigned int i; ++ unsigned long total = 0, n_used = 0; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ for (n = lh->b[i], num = 0; n != NULL; n = n->next) ++ num++; ++ if (num != 0) { ++ n_used++; ++ total += num; ++ } ++ } ++ BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); ++ BIO_printf(out, "%lu items\n", total); ++ if (n_used == 0) ++ return; ++ BIO_printf(out, "load %d.%02d actual load %d.%02d\n", ++ (int)(total / lh->num_nodes), ++ (int)((total % lh->num_nodes) * 100 / lh->num_nodes), ++ (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +index 0b41f87..d48fe56 100644 +--- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c ++++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,32 +49,33 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* Code for dynamic hash table routines ++/*- ++ * Code for dynamic hash table routines + * Author - Eric Young v 2.0 + * + * 2.2 eay - added #include "crypto.h" so the memory leak checking code is +- * present. eay 18-Jun-98 ++ * present. eay 18-Jun-98 + * + * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 + * + * 2.0 eay - Fixed a bug that occurred when using lh_delete +- * from inside lh_doall(). As entries were deleted, +- * the 'table' was 'contract()ed', making some entries +- * jump from the end of the table to the start, there by +- * skipping the lh_doall() processing. eay - 4/12/95 ++ * from inside lh_doall(). As entries were deleted, ++ * the 'table' was 'contract()ed', making some entries ++ * jump from the end of the table to the start, there by ++ * skipping the lh_doall() processing. eay - 4/12/95 + * + * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs +- * were not being free()ed. 21/11/95 ++ * were not being free()ed. 21/11/95 + * + * 1.8 eay - Put the stats routines into a separate file, lh_stats.c +- * 19/09/95 ++ * 19/09/95 + * + * 1.7 eay - Removed the fputs() for realloc failures - the code + * should silently tolerate them. I have also fixed things +@@ -100,375 +101,357 @@ + #include + #include + +-const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT; ++const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; + +-#undef MIN_NODES +-#define MIN_NODES 16 +-#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ +-#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ ++#undef MIN_NODES ++#define MIN_NODES 16 ++#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ ++#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ + + static void expand(LHASH *lh); + static void contract(LHASH *lh); + static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash); + + LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) +- { +- LHASH *ret; +- int i; +- +- if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) +- goto err0; +- if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) +- goto err1; +- for (i=0; ib[i]=NULL; +- ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c); +- ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h); +- ret->num_nodes=MIN_NODES/2; +- ret->num_alloc_nodes=MIN_NODES; +- ret->p=0; +- ret->pmax=MIN_NODES/2; +- ret->up_load=UP_LOAD; +- ret->down_load=DOWN_LOAD; +- ret->num_items=0; +- +- ret->num_expands=0; +- ret->num_expand_reallocs=0; +- ret->num_contracts=0; +- ret->num_contract_reallocs=0; +- ret->num_hash_calls=0; +- ret->num_comp_calls=0; +- ret->num_insert=0; +- ret->num_replace=0; +- ret->num_delete=0; +- ret->num_no_delete=0; +- ret->num_retrieve=0; +- ret->num_retrieve_miss=0; +- ret->num_hash_comps=0; +- +- ret->error=0; +- return(ret); +-err1: +- OPENSSL_free(ret); +-err0: +- return(NULL); +- } ++{ ++ LHASH *ret; ++ int i; ++ ++ if ((ret = (LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) ++ goto err0; ++ if ((ret->b = ++ (LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == ++ NULL) ++ goto err1; ++ for (i = 0; i < MIN_NODES; i++) ++ ret->b[i] = NULL; ++ ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c); ++ ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h); ++ ret->num_nodes = MIN_NODES / 2; ++ ret->num_alloc_nodes = MIN_NODES; ++ ret->p = 0; ++ ret->pmax = MIN_NODES / 2; ++ ret->up_load = UP_LOAD; ++ ret->down_load = DOWN_LOAD; ++ ret->num_items = 0; ++ ++ ret->num_expands = 0; ++ ret->num_expand_reallocs = 0; ++ ret->num_contracts = 0; ++ ret->num_contract_reallocs = 0; ++ ret->num_hash_calls = 0; ++ ret->num_comp_calls = 0; ++ ret->num_insert = 0; ++ ret->num_replace = 0; ++ ret->num_delete = 0; ++ ret->num_no_delete = 0; ++ ret->num_retrieve = 0; ++ ret->num_retrieve_miss = 0; ++ ret->num_hash_comps = 0; ++ ++ ret->error = 0; ++ return (ret); ++ err1: ++ OPENSSL_free(ret); ++ err0: ++ return (NULL); ++} + + void lh_free(LHASH *lh) +- { +- unsigned int i; +- LHASH_NODE *n,*nn; +- +- if (lh == NULL) +- return; +- +- for (i=0; inum_nodes; i++) +- { +- n=lh->b[i]; +- while (n != NULL) +- { +- nn=n->next; +- OPENSSL_free(n); +- n=nn; +- } +- } +- OPENSSL_free(lh->b); +- OPENSSL_free(lh); +- } ++{ ++ unsigned int i; ++ LHASH_NODE *n, *nn; ++ ++ if (lh == NULL) ++ return; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ n = lh->b[i]; ++ while (n != NULL) { ++ nn = n->next; ++ OPENSSL_free(n); ++ n = nn; ++ } ++ } ++ OPENSSL_free(lh->b); ++ OPENSSL_free(lh); ++} + + void *lh_insert(LHASH *lh, void *data) +- { +- unsigned long hash; +- LHASH_NODE *nn,**rn; +- void *ret; +- +- lh->error=0; +- if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) +- expand(lh); +- +- rn=getrn(lh,data,&hash); +- +- if (*rn == NULL) +- { +- if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) +- { +- lh->error++; +- return(NULL); +- } +- nn->data=data; +- nn->next=NULL; ++{ ++ unsigned long hash; ++ LHASH_NODE *nn, **rn; ++ void *ret; ++ ++ lh->error = 0; ++ if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) ++ expand(lh); ++ ++ rn = getrn(lh, data, &hash); ++ ++ if (*rn == NULL) { ++ if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) { ++ lh->error++; ++ return (NULL); ++ } ++ nn->data = data; ++ nn->next = NULL; + #ifndef OPENSSL_NO_HASH_COMP +- nn->hash=hash; ++ nn->hash = hash; + #endif +- *rn=nn; +- ret=NULL; +- lh->num_insert++; +- lh->num_items++; +- } +- else /* replace same key */ +- { +- ret= (*rn)->data; +- (*rn)->data=data; +- lh->num_replace++; +- } +- return(ret); +- } ++ *rn = nn; ++ ret = NULL; ++ lh->num_insert++; ++ lh->num_items++; ++ } else { /* replace same key */ ++ ++ ret = (*rn)->data; ++ (*rn)->data = data; ++ lh->num_replace++; ++ } ++ return (ret); ++} + + void *lh_delete(LHASH *lh, const void *data) +- { +- unsigned long hash; +- LHASH_NODE *nn,**rn; +- void *ret; +- +- lh->error=0; +- rn=getrn(lh,data,&hash); +- +- if (*rn == NULL) +- { +- lh->num_no_delete++; +- return(NULL); +- } +- else +- { +- nn= *rn; +- *rn=nn->next; +- ret=nn->data; +- OPENSSL_free(nn); +- lh->num_delete++; +- } +- +- lh->num_items--; +- if ((lh->num_nodes > MIN_NODES) && +- (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) +- contract(lh); +- +- return(ret); +- } ++{ ++ unsigned long hash; ++ LHASH_NODE *nn, **rn; ++ void *ret; ++ ++ lh->error = 0; ++ rn = getrn(lh, data, &hash); ++ ++ if (*rn == NULL) { ++ lh->num_no_delete++; ++ return (NULL); ++ } else { ++ nn = *rn; ++ *rn = nn->next; ++ ret = nn->data; ++ OPENSSL_free(nn); ++ lh->num_delete++; ++ } ++ ++ lh->num_items--; ++ if ((lh->num_nodes > MIN_NODES) && ++ (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) ++ contract(lh); ++ ++ return (ret); ++} + + void *lh_retrieve(LHASH *lh, const void *data) +- { +- unsigned long hash; +- LHASH_NODE **rn; +- void *ret; +- +- lh->error=0; +- rn=getrn(lh,data,&hash); +- +- if (*rn == NULL) +- { +- lh->num_retrieve_miss++; +- return(NULL); +- } +- else +- { +- ret= (*rn)->data; +- lh->num_retrieve++; +- } +- return(ret); +- } ++{ ++ unsigned long hash; ++ LHASH_NODE **rn; ++ void *ret; ++ ++ lh->error = 0; ++ rn = getrn(lh, data, &hash); ++ ++ if (*rn == NULL) { ++ lh->num_retrieve_miss++; ++ return (NULL); ++ } else { ++ ret = (*rn)->data; ++ lh->num_retrieve++; ++ } ++ return (ret); ++} + + static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, +- LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) +- { +- int i; +- LHASH_NODE *a,*n; +- +- /* reverse the order so we search from 'top to bottom' +- * We were having memory leaks otherwise */ +- for (i=lh->num_nodes-1; i>=0; i--) +- { +- a=lh->b[i]; +- while (a != NULL) +- { +- /* 28/05/91 - eay - n added so items can be deleted +- * via lh_doall */ +- n=a->next; +- if(use_arg) +- func_arg(a->data,arg); +- else +- func(a->data); +- a=n; +- } +- } +- } ++ LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) ++{ ++ int i; ++ LHASH_NODE *a, *n; ++ ++ /* ++ * reverse the order so we search from 'top to bottom' We were having ++ * memory leaks otherwise ++ */ ++ for (i = lh->num_nodes - 1; i >= 0; i--) { ++ a = lh->b[i]; ++ while (a != NULL) { ++ /* ++ * 28/05/91 - eay - n added so items can be deleted via lh_doall ++ */ ++ n = a->next; ++ if (use_arg) ++ func_arg(a->data, arg); ++ else ++ func(a->data); ++ a = n; ++ } ++ } ++} + + void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) +- { +- doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); +- } ++{ ++ doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); ++} + + void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) +- { +- doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); +- } ++{ ++ doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); ++} + + static void expand(LHASH *lh) +- { +- LHASH_NODE **n,**n1,**n2,*np; +- unsigned int p,i,j,pmax; +- unsigned long hash,nni; +- +- p=(int)lh->p++; +- nni=lh->num_alloc_nodes; +- pmax=lh->pmax; +- +- if ((lh->p) >= lh->pmax) +- { +- j=(int)lh->num_alloc_nodes*2; +- n=(LHASH_NODE **)OPENSSL_realloc(lh->b, +- (int)sizeof(LHASH_NODE *)*j); +- if (n == NULL) +- { +-/* fputs("realloc error in lhash",stderr); */ +- lh->error++; +- lh->p=0; +- return; +- } +- /* else */ +- for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; +- lh->num_alloc_nodes=j; +- lh->num_expand_reallocs++; +- lh->p=0; +- lh->b=n; +- } +- +- lh->num_nodes++; +- lh->num_expands++; +- n1= &(lh->b[p]); +- n2= &(lh->b[p+pmax]); +- *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */ +- +- for (np= *n1; np != NULL; ) +- { ++{ ++ LHASH_NODE **n, **n1, **n2, *np; ++ unsigned int p, i, j, pmax; ++ unsigned long hash, nni; ++ ++ p = (int)lh->p++; ++ nni = lh->num_alloc_nodes; ++ pmax = lh->pmax; ++ ++ if ((lh->p) >= lh->pmax) { ++ j = (int)lh->num_alloc_nodes * 2; ++ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, ++ (int)sizeof(LHASH_NODE *) * j); ++ if (n == NULL) { ++/* fputs("realloc error in lhash",stderr); */ ++ lh->error++; ++ lh->p = 0; ++ return; ++ } ++ /* else */ ++ for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ ++ n[i] = NULL; /* 02/03/92 eay */ ++ lh->pmax = lh->num_alloc_nodes; ++ lh->num_alloc_nodes = j; ++ lh->num_expand_reallocs++; ++ lh->p = 0; ++ lh->b = n; ++ } ++ ++ lh->num_nodes++; ++ lh->num_expands++; ++ n1 = &(lh->b[p]); ++ n2 = &(lh->b[p + pmax]); ++ *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ ++ ++ for (np = *n1; np != NULL;) { + #ifndef OPENSSL_NO_HASH_COMP +- hash=np->hash; ++ hash = np->hash; + #else +- hash=lh->hash(np->data); +- lh->num_hash_calls++; ++ hash = lh->hash(np->data); ++ lh->num_hash_calls++; + #endif +- if ((hash%nni) != p) +- { /* move it */ +- *n1= (*n1)->next; +- np->next= *n2; +- *n2=np; +- } +- else +- n1= &((*n1)->next); +- np= *n1; +- } +- +- } ++ if ((hash % nni) != p) { /* move it */ ++ *n1 = (*n1)->next; ++ np->next = *n2; ++ *n2 = np; ++ } else ++ n1 = &((*n1)->next); ++ np = *n1; ++ } ++ ++} + + static void contract(LHASH *lh) +- { +- LHASH_NODE **n,*n1,*np; +- int idx = lh->p+lh->pmax-1; +- +- np=lh->b[idx]; +- if (lh->p == 0) +- { +- n=(LHASH_NODE **)OPENSSL_realloc(lh->b, +- (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); +- if (n == NULL) +- { +-/* fputs("realloc error in lhash",stderr); */ +- lh->error++; +- return; +- } +- lh->num_contract_reallocs++; +- lh->num_alloc_nodes/=2; +- lh->pmax/=2; +- lh->p=lh->pmax-1; +- lh->b=n; +- } +- else +- lh->p--; +- +- lh->b[idx] = NULL; +- lh->num_nodes--; +- lh->num_contracts++; +- +- n1=lh->b[(int)lh->p]; +- if (n1 == NULL) +- lh->b[(int)lh->p]=np; +- else +- { +- while (n1->next != NULL) +- n1=n1->next; +- n1->next=np; +- } +- } ++{ ++ LHASH_NODE **n, *n1, *np; ++ int idx = lh->p + lh->pmax - 1; ++ ++ np = lh->b[idx]; ++ if (lh->p == 0) { ++ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, ++ (unsigned int)(sizeof(LHASH_NODE *) ++ * lh->pmax)); ++ if (n == NULL) { ++/* fputs("realloc error in lhash",stderr); */ ++ lh->error++; ++ return; ++ } ++ lh->num_contract_reallocs++; ++ lh->num_alloc_nodes /= 2; ++ lh->pmax /= 2; ++ lh->p = lh->pmax - 1; ++ lh->b = n; ++ } else ++ lh->p--; ++ ++ lh->b[idx] = NULL; ++ lh->num_nodes--; ++ lh->num_contracts++; ++ ++ n1 = lh->b[(int)lh->p]; ++ if (n1 == NULL) ++ lh->b[(int)lh->p] = np; ++ else { ++ while (n1->next != NULL) ++ n1 = n1->next; ++ n1->next = np; ++ } ++} + + static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) +- { +- LHASH_NODE **ret,*n1; +- unsigned long hash,nn; +- LHASH_COMP_FN_TYPE cf; +- +- hash=(*(lh->hash))(data); +- lh->num_hash_calls++; +- *rhash=hash; +- +- nn=hash%lh->pmax; +- if (nn < lh->p) +- nn=hash%lh->num_alloc_nodes; +- +- cf=lh->comp; +- ret= &(lh->b[(int)nn]); +- for (n1= *ret; n1 != NULL; n1=n1->next) +- { ++{ ++ LHASH_NODE **ret, *n1; ++ unsigned long hash, nn; ++ LHASH_COMP_FN_TYPE cf; ++ ++ hash = (*(lh->hash)) (data); ++ lh->num_hash_calls++; ++ *rhash = hash; ++ ++ nn = hash % lh->pmax; ++ if (nn < lh->p) ++ nn = hash % lh->num_alloc_nodes; ++ ++ cf = lh->comp; ++ ret = &(lh->b[(int)nn]); ++ for (n1 = *ret; n1 != NULL; n1 = n1->next) { + #ifndef OPENSSL_NO_HASH_COMP +- lh->num_hash_comps++; +- if (n1->hash != hash) +- { +- ret= &(n1->next); +- continue; +- } ++ lh->num_hash_comps++; ++ if (n1->hash != hash) { ++ ret = &(n1->next); ++ continue; ++ } + #endif +- lh->num_comp_calls++; +- if(cf(n1->data,data) == 0) +- break; +- ret= &(n1->next); +- } +- return(ret); +- } +- +-/* The following hash seems to work very well on normal text strings +- * no collisions on /usr/dict/words and it distributes on %2^n quite +- * well, not as good as MD5, but still good. ++ lh->num_comp_calls++; ++ if (cf(n1->data, data) == 0) ++ break; ++ ret = &(n1->next); ++ } ++ return (ret); ++} ++ ++/* ++ * The following hash seems to work very well on normal text strings no ++ * collisions on /usr/dict/words and it distributes on %2^n quite well, not ++ * as good as MD5, but still good. + */ + unsigned long lh_strhash(const char *c) +- { +- unsigned long ret=0; +- long n; +- unsigned long v; +- int r; +- +- if ((c == NULL) || (*c == '\0')) +- return(ret); +-/* +- unsigned char b[16]; +- MD5(c,strlen(c),b); +- return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); ++{ ++ unsigned long ret = 0; ++ long n; ++ unsigned long v; ++ int r; ++ ++ if ((c == NULL) || (*c == '\0')) ++ return (ret); ++/*- ++ unsigned char b[16]; ++ MD5(c,strlen(c),b); ++ return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); + */ + +- n=0x100; +- while (*c) +- { +- v=n|(*c); +- n+=0x100; +- r= (int)((v>>2)^v)&0x0f; +- ret=(ret<>(32-r)); +- ret&=0xFFFFFFFFL; +- ret^=v*v; +- c++; +- } +- return((ret>>16)^ret); +- } ++ n = 0x100; ++ while (*c) { ++ v = n | (*c); ++ n += 0x100; ++ r = (int)((v >> 2) ^ v) & 0x0f; ++ ret = (ret << r) | (ret >> (32 - r)); ++ ret &= 0xFFFFFFFFL; ++ ret ^= v * v; ++ c++; ++ } ++ return ((ret >> 16) ^ ret); ++} + + unsigned long lh_num_items(const LHASH *lh) +- { +- return lh ? lh->num_items : 0; +- } ++{ ++ return lh ? lh->num_items : 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c +index cc4eeaf..75e7417 100644 +--- a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,170 +63,167 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include + +-const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; ++const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT; + +-/* Implemented from RFC1319 The MD2 Message-Digest Algorithm ++/* ++ * Implemented from RFC1319 The MD2 Message-Digest Algorithm + */ + +-#define UCHAR unsigned char ++#define UCHAR unsigned char + + static void md2_block(MD2_CTX *c, const unsigned char *d); +-/* The magic S table - I have converted it to hex since it is +- * basically just a random byte string. */ +-static MD2_INT S[256]={ +- 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, +- 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, +- 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, +- 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, +- 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, +- 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, +- 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, +- 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, +- 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, +- 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, +- 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, +- 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, +- 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, +- 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, +- 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, +- 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, +- 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, +- 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, +- 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, +- 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, +- 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, +- 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, +- 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, +- 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, +- 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, +- 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, +- 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, +- 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, +- 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, +- 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, +- 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, +- 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, +- }; ++/* ++ * The magic S table - I have converted it to hex since it is basically just ++ * a random byte string. ++ */ ++static MD2_INT S[256] = { ++ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, ++ 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, ++ 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, ++ 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, ++ 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, ++ 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, ++ 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, ++ 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, ++ 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, ++ 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, ++ 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, ++ 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, ++ 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, ++ 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, ++ 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, ++ 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, ++ 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, ++ 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, ++ 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, ++ 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, ++ 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, ++ 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, ++ 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, ++ 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, ++ 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, ++ 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, ++ 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, ++ 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, ++ 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, ++ 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, ++ 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, ++ 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, ++}; + + const char *MD2_options(void) +- { +- if (sizeof(MD2_INT) == 1) +- return("md2(char)"); +- else +- return("md2(int)"); +- } ++{ ++ if (sizeof(MD2_INT) == 1) ++ return ("md2(char)"); ++ else ++ return ("md2(int)"); ++} + + FIPS_NON_FIPS_MD_Init(MD2) +- { +- c->num=0; +- memset(c->state,0,sizeof c->state); +- memset(c->cksm,0,sizeof c->cksm); +- memset(c->data,0,sizeof c->data); +- return 1; +- } ++{ ++ c->num = 0; ++ memset(c->state, 0, sizeof c->state); ++ memset(c->cksm, 0, sizeof c->cksm); ++ memset(c->data, 0, sizeof c->data); ++ return 1; ++} + + int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len) +- { +- register UCHAR *p; +- +- if (len == 0) return 1; +- +- p=c->data; +- if (c->num != 0) +- { +- if ((c->num+len) >= MD2_BLOCK) +- { +- memcpy(&(p[c->num]),data,MD2_BLOCK-c->num); +- md2_block(c,c->data); +- data+=(MD2_BLOCK - c->num); +- len-=(MD2_BLOCK - c->num); +- c->num=0; +- /* drop through and do the rest */ +- } +- else +- { +- memcpy(&(p[c->num]),data,len); +- /* data+=len; */ +- c->num+=(int)len; +- return 1; +- } +- } +- /* we now can process the input data in blocks of MD2_BLOCK +- * chars and save the leftovers to c->data. */ +- while (len >= MD2_BLOCK) +- { +- md2_block(c,data); +- data+=MD2_BLOCK; +- len-=MD2_BLOCK; +- } +- memcpy(p,data,len); +- c->num=(int)len; +- return 1; +- } ++{ ++ register UCHAR *p; ++ ++ if (len == 0) ++ return 1; ++ ++ p = c->data; ++ if (c->num != 0) { ++ if ((c->num + len) >= MD2_BLOCK) { ++ memcpy(&(p[c->num]), data, MD2_BLOCK - c->num); ++ md2_block(c, c->data); ++ data += (MD2_BLOCK - c->num); ++ len -= (MD2_BLOCK - c->num); ++ c->num = 0; ++ /* drop through and do the rest */ ++ } else { ++ memcpy(&(p[c->num]), data, len); ++ /* data+=len; */ ++ c->num += (int)len; ++ return 1; ++ } ++ } ++ /* ++ * we now can process the input data in blocks of MD2_BLOCK chars and ++ * save the leftovers to c->data. ++ */ ++ while (len >= MD2_BLOCK) { ++ md2_block(c, data); ++ data += MD2_BLOCK; ++ len -= MD2_BLOCK; ++ } ++ memcpy(p, data, len); ++ c->num = (int)len; ++ return 1; ++} + + static void md2_block(MD2_CTX *c, const unsigned char *d) +- { +- register MD2_INT t,*sp1,*sp2; +- register int i,j; +- MD2_INT state[48]; +- +- sp1=c->state; +- sp2=c->cksm; +- j=sp2[MD2_BLOCK-1]; +- for (i=0; i<16; i++) +- { +- state[i]=sp1[i]; +- state[i+16]=t=d[i]; +- state[i+32]=(t^sp1[i]); +- j=sp2[i]^=S[t^j]; +- } +- t=0; +- for (i=0; i<18; i++) +- { +- for (j=0; j<48; j+=8) +- { +- t= state[j+ 0]^=S[t]; +- t= state[j+ 1]^=S[t]; +- t= state[j+ 2]^=S[t]; +- t= state[j+ 3]^=S[t]; +- t= state[j+ 4]^=S[t]; +- t= state[j+ 5]^=S[t]; +- t= state[j+ 6]^=S[t]; +- t= state[j+ 7]^=S[t]; +- } +- t=(t+i)&0xff; +- } +- memcpy(sp1,state,16*sizeof(MD2_INT)); +- OPENSSL_cleanse(state,48*sizeof(MD2_INT)); +- } ++{ ++ register MD2_INT t, *sp1, *sp2; ++ register int i, j; ++ MD2_INT state[48]; ++ ++ sp1 = c->state; ++ sp2 = c->cksm; ++ j = sp2[MD2_BLOCK - 1]; ++ for (i = 0; i < 16; i++) { ++ state[i] = sp1[i]; ++ state[i + 16] = t = d[i]; ++ state[i + 32] = (t ^ sp1[i]); ++ j = sp2[i] ^= S[t ^ j]; ++ } ++ t = 0; ++ for (i = 0; i < 18; i++) { ++ for (j = 0; j < 48; j += 8) { ++ t = state[j + 0] ^= S[t]; ++ t = state[j + 1] ^= S[t]; ++ t = state[j + 2] ^= S[t]; ++ t = state[j + 3] ^= S[t]; ++ t = state[j + 4] ^= S[t]; ++ t = state[j + 5] ^= S[t]; ++ t = state[j + 6] ^= S[t]; ++ t = state[j + 7] ^= S[t]; ++ } ++ t = (t + i) & 0xff; ++ } ++ memcpy(sp1, state, 16 * sizeof(MD2_INT)); ++ OPENSSL_cleanse(state, 48 * sizeof(MD2_INT)); ++} + + int MD2_Final(unsigned char *md, MD2_CTX *c) +- { +- int i,v; +- register UCHAR *cp; +- register MD2_INT *p1,*p2; +- +- cp=c->data; +- p1=c->state; +- p2=c->cksm; +- v=MD2_BLOCK-c->num; +- for (i=c->num; idata; ++ p1 = c->state; ++ p2 = c->cksm; ++ v = MD2_BLOCK - c->num; ++ for (i = c->num; i < MD2_BLOCK; i++) ++ cp[i] = (UCHAR) v; ++ ++ md2_block(c, cp); ++ ++ for (i = 0; i < MD2_BLOCK; i++) ++ cp[i] = (UCHAR) p2[i]; ++ md2_block(c, cp); ++ ++ for (i = 0; i < 16; i++) ++ md[i] = (UCHAR) (p1[i] & 0xff); ++ memset((char *)&c, 0, sizeof(c)); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c +index f7fef5c..cd2631b 100644 +--- a/Cryptlib/OpenSSL/crypto/md2/md2_one.c ++++ b/Cryptlib/OpenSSL/crypto/md2/md2_one.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,35 +60,37 @@ + #include "cryptlib.h" + #include + +-/* This is a separate file so that #defines in cryptlib.h can +- * map my MD functions to different names */ ++/* ++ * This is a separate file so that #defines in cryptlib.h can map my MD ++ * functions to different names ++ */ + + unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) +- { +- MD2_CTX c; +- static unsigned char m[MD2_DIGEST_LENGTH]; ++{ ++ MD2_CTX c; ++ static unsigned char m[MD2_DIGEST_LENGTH]; + +- if (md == NULL) md=m; +- if (!MD2_Init(&c)) +- return NULL; ++ if (md == NULL) ++ md = m; ++ if (!MD2_Init(&c)) ++ return NULL; + #ifndef CHARSET_EBCDIC +- MD2_Update(&c,d,n); ++ MD2_Update(&c, d, n); + #else +- { +- char temp[1024]; +- unsigned long chunk; ++ { ++ char temp[1024]; ++ unsigned long chunk; + +- while (n > 0) +- { +- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; +- ebcdic2ascii(temp, d, chunk); +- MD2_Update(&c,temp,chunk); +- n -= chunk; +- d += chunk; +- } +- } ++ while (n > 0) { ++ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; ++ ebcdic2ascii(temp, d, chunk); ++ MD2_Update(&c, temp, chunk); ++ n -= chunk; ++ d += chunk; ++ } ++ } + #endif +- MD2_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */ +- return(md); +- } ++ MD2_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */ ++ return (md); ++} +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +index 0f54486..584d9b8 100644 +--- a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,13 +61,13 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + ++const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT; + +-const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; +- +-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm ++/* ++ * Implemented from RFC1186 The MD4 Message-Digest Algorithm + */ + + #define INIT_DATA_A (unsigned long)0x67452301L +@@ -76,99 +76,129 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; + #define INIT_DATA_D (unsigned long)0x10325476L + + FIPS_NON_FIPS_MD_Init(MD4) +- { +- c->A=INIT_DATA_A; +- c->B=INIT_DATA_B; +- c->C=INIT_DATA_C; +- c->D=INIT_DATA_D; +- c->Nl=0; +- c->Nh=0; +- c->num=0; +- return 1; +- } ++{ ++ c->A = INIT_DATA_A; ++ c->B = INIT_DATA_B; ++ c->C = INIT_DATA_C; ++ c->D = INIT_DATA_D; ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ return 1; ++} + + #ifndef md4_block_data_order +-#ifdef X +-#undef X +-#endif +-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) +- { +- const unsigned char *data=data_; +- register unsigned MD32_REG_T A,B,C,D,l; +-#ifndef MD32_XARRAY +- /* See comment in crypto/sha/sha_locl.h for details. */ +- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, +- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +-# define X(i) XX##i +-#else +- MD4_LONG XX[MD4_LBLOCK]; +-# define X(i) XX[i] +-#endif ++# ifdef X ++# undef X ++# endif ++void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) ++{ ++ const unsigned char *data = data_; ++ register unsigned MD32_REG_T A, B, C, D, l; ++# ifndef MD32_XARRAY ++ /* See comment in crypto/sha/sha_locl.h for details. */ ++ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, ++ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; ++# define X(i) XX##i ++# else ++ MD4_LONG XX[MD4_LBLOCK]; ++# define X(i) XX[i] ++# endif + +- A=c->A; +- B=c->B; +- C=c->C; +- D=c->D; ++ A = c->A; ++ B = c->B; ++ C = c->C; ++ D = c->D; + +- for (;num--;) +- { +- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; +- /* Round 0 */ +- R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l; +- R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l; +- R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l; +- R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l; +- R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l; +- R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l; +- R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l; +- R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l; +- R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l; +- R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l; +- R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l; +- R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l; +- R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l; +- R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l; +- R0(C,D,A,B,X(14),11,0); +- R0(B,C,D,A,X(15),19,0); +- /* Round 1 */ +- R1(A,B,C,D,X( 0), 3,0x5A827999L); +- R1(D,A,B,C,X( 4), 5,0x5A827999L); +- R1(C,D,A,B,X( 8), 9,0x5A827999L); +- R1(B,C,D,A,X(12),13,0x5A827999L); +- R1(A,B,C,D,X( 1), 3,0x5A827999L); +- R1(D,A,B,C,X( 5), 5,0x5A827999L); +- R1(C,D,A,B,X( 9), 9,0x5A827999L); +- R1(B,C,D,A,X(13),13,0x5A827999L); +- R1(A,B,C,D,X( 2), 3,0x5A827999L); +- R1(D,A,B,C,X( 6), 5,0x5A827999L); +- R1(C,D,A,B,X(10), 9,0x5A827999L); +- R1(B,C,D,A,X(14),13,0x5A827999L); +- R1(A,B,C,D,X( 3), 3,0x5A827999L); +- R1(D,A,B,C,X( 7), 5,0x5A827999L); +- R1(C,D,A,B,X(11), 9,0x5A827999L); +- R1(B,C,D,A,X(15),13,0x5A827999L); +- /* Round 2 */ +- R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L); +- R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L); +- R2(C,D,A,B,X( 4),11,0x6ED9EBA1L); +- R2(B,C,D,A,X(12),15,0x6ED9EBA1L); +- R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L); +- R2(D,A,B,C,X(10), 9,0x6ED9EBA1L); +- R2(C,D,A,B,X( 6),11,0x6ED9EBA1L); +- R2(B,C,D,A,X(14),15,0x6ED9EBA1L); +- R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L); +- R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L); +- R2(C,D,A,B,X( 5),11,0x6ED9EBA1L); +- R2(B,C,D,A,X(13),15,0x6ED9EBA1L); +- R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L); +- R2(D,A,B,C,X(11), 9,0x6ED9EBA1L); +- R2(C,D,A,B,X( 7),11,0x6ED9EBA1L); +- R2(B,C,D,A,X(15),15,0x6ED9EBA1L); ++ for (; num--;) { ++ HOST_c2l(data, l); ++ X(0) = l; ++ HOST_c2l(data, l); ++ X(1) = l; ++ /* Round 0 */ ++ R0(A, B, C, D, X(0), 3, 0); ++ HOST_c2l(data, l); ++ X(2) = l; ++ R0(D, A, B, C, X(1), 7, 0); ++ HOST_c2l(data, l); ++ X(3) = l; ++ R0(C, D, A, B, X(2), 11, 0); ++ HOST_c2l(data, l); ++ X(4) = l; ++ R0(B, C, D, A, X(3), 19, 0); ++ HOST_c2l(data, l); ++ X(5) = l; ++ R0(A, B, C, D, X(4), 3, 0); ++ HOST_c2l(data, l); ++ X(6) = l; ++ R0(D, A, B, C, X(5), 7, 0); ++ HOST_c2l(data, l); ++ X(7) = l; ++ R0(C, D, A, B, X(6), 11, 0); ++ HOST_c2l(data, l); ++ X(8) = l; ++ R0(B, C, D, A, X(7), 19, 0); ++ HOST_c2l(data, l); ++ X(9) = l; ++ R0(A, B, C, D, X(8), 3, 0); ++ HOST_c2l(data, l); ++ X(10) = l; ++ R0(D, A, B, C, X(9), 7, 0); ++ HOST_c2l(data, l); ++ X(11) = l; ++ R0(C, D, A, B, X(10), 11, 0); ++ HOST_c2l(data, l); ++ X(12) = l; ++ R0(B, C, D, A, X(11), 19, 0); ++ HOST_c2l(data, l); ++ X(13) = l; ++ R0(A, B, C, D, X(12), 3, 0); ++ HOST_c2l(data, l); ++ X(14) = l; ++ R0(D, A, B, C, X(13), 7, 0); ++ HOST_c2l(data, l); ++ X(15) = l; ++ R0(C, D, A, B, X(14), 11, 0); ++ R0(B, C, D, A, X(15), 19, 0); ++ /* Round 1 */ ++ R1(A, B, C, D, X(0), 3, 0x5A827999L); ++ R1(D, A, B, C, X(4), 5, 0x5A827999L); ++ R1(C, D, A, B, X(8), 9, 0x5A827999L); ++ R1(B, C, D, A, X(12), 13, 0x5A827999L); ++ R1(A, B, C, D, X(1), 3, 0x5A827999L); ++ R1(D, A, B, C, X(5), 5, 0x5A827999L); ++ R1(C, D, A, B, X(9), 9, 0x5A827999L); ++ R1(B, C, D, A, X(13), 13, 0x5A827999L); ++ R1(A, B, C, D, X(2), 3, 0x5A827999L); ++ R1(D, A, B, C, X(6), 5, 0x5A827999L); ++ R1(C, D, A, B, X(10), 9, 0x5A827999L); ++ R1(B, C, D, A, X(14), 13, 0x5A827999L); ++ R1(A, B, C, D, X(3), 3, 0x5A827999L); ++ R1(D, A, B, C, X(7), 5, 0x5A827999L); ++ R1(C, D, A, B, X(11), 9, 0x5A827999L); ++ R1(B, C, D, A, X(15), 13, 0x5A827999L); ++ /* Round 2 */ ++ R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L); ++ R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L); ++ R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L); ++ R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L); + +- A = c->A += A; +- B = c->B += B; +- C = c->C += C; +- D = c->D += D; +- } +- } ++ A = c->A += A; ++ B = c->B += B; ++ C = c->C += C; ++ D = c->D += D; ++ } ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c +index bb64362..32ebd5f 100644 +--- a/Cryptlib/OpenSSL/crypto/md4/md4_one.c ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_one.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,36 +62,35 @@ + #include + + #ifdef CHARSET_EBCDIC +-#include ++# include + #endif + + unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) +- { +- MD4_CTX c; +- static unsigned char m[MD4_DIGEST_LENGTH]; ++{ ++ MD4_CTX c; ++ static unsigned char m[MD4_DIGEST_LENGTH]; + +- if (md == NULL) md=m; +- if (!MD4_Init(&c)) +- return NULL; ++ if (md == NULL) ++ md = m; ++ if (!MD4_Init(&c)) ++ return NULL; + #ifndef CHARSET_EBCDIC +- MD4_Update(&c,d,n); ++ MD4_Update(&c, d, n); + #else +- { +- char temp[1024]; +- unsigned long chunk; ++ { ++ char temp[1024]; ++ unsigned long chunk; + +- while (n > 0) +- { +- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; +- ebcdic2ascii(temp, d, chunk); +- MD4_Update(&c,temp,chunk); +- n -= chunk; +- d += chunk; +- } +- } ++ while (n > 0) { ++ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; ++ ebcdic2ascii(temp, d, chunk); ++ MD4_Update(&c, temp, chunk); ++ n -= chunk; ++ d += chunk; ++ } ++ } + #endif +- MD4_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ +- return(md); +- } +- ++ MD4_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ ++ return (md); ++} +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +index 47bb902..efebf9e 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,13 +61,13 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + ++const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT; + +-const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; +- +-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm ++/* ++ * Implemented from RFC1321 The MD5 Message-Digest Algorithm + */ + + #define INIT_DATA_A (unsigned long)0x67452301L +@@ -76,116 +76,146 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; + #define INIT_DATA_D (unsigned long)0x10325476L + + FIPS_NON_FIPS_MD_Init(MD5) +- { +- c->A=INIT_DATA_A; +- c->B=INIT_DATA_B; +- c->C=INIT_DATA_C; +- c->D=INIT_DATA_D; +- c->Nl=0; +- c->Nh=0; +- c->num=0; +- return 1; +- } ++{ ++ c->A = INIT_DATA_A; ++ c->B = INIT_DATA_B; ++ c->C = INIT_DATA_C; ++ c->D = INIT_DATA_D; ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ return 1; ++} + + #ifndef md5_block_data_order +-#ifdef X +-#undef X +-#endif +-void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) +- { +- const unsigned char *data=data_; +- register unsigned MD32_REG_T A,B,C,D,l; +-#ifndef MD32_XARRAY +- /* See comment in crypto/sha/sha_locl.h for details. */ +- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, +- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +-# define X(i) XX##i +-#else +- MD5_LONG XX[MD5_LBLOCK]; +-# define X(i) XX[i] +-#endif ++# ifdef X ++# undef X ++# endif ++void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) ++{ ++ const unsigned char *data = data_; ++ register unsigned MD32_REG_T A, B, C, D, l; ++# ifndef MD32_XARRAY ++ /* See comment in crypto/sha/sha_locl.h for details. */ ++ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, ++ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; ++# define X(i) XX##i ++# else ++ MD5_LONG XX[MD5_LBLOCK]; ++# define X(i) XX[i] ++# endif + +- A=c->A; +- B=c->B; +- C=c->C; +- D=c->D; ++ A = c->A; ++ B = c->B; ++ C = c->C; ++ D = c->D; + +- for (;num--;) +- { +- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; +- /* Round 0 */ +- R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l; +- R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l; +- R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l; +- R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l; +- R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l; +- R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l; +- R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l; +- R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l; +- R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l; +- R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l; +- R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l; +- R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l; +- R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l; +- R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l; +- R0(C,D,A,B,X(14),17,0xa679438eL); +- R0(B,C,D,A,X(15),22,0x49b40821L); +- /* Round 1 */ +- R1(A,B,C,D,X( 1), 5,0xf61e2562L); +- R1(D,A,B,C,X( 6), 9,0xc040b340L); +- R1(C,D,A,B,X(11),14,0x265e5a51L); +- R1(B,C,D,A,X( 0),20,0xe9b6c7aaL); +- R1(A,B,C,D,X( 5), 5,0xd62f105dL); +- R1(D,A,B,C,X(10), 9,0x02441453L); +- R1(C,D,A,B,X(15),14,0xd8a1e681L); +- R1(B,C,D,A,X( 4),20,0xe7d3fbc8L); +- R1(A,B,C,D,X( 9), 5,0x21e1cde6L); +- R1(D,A,B,C,X(14), 9,0xc33707d6L); +- R1(C,D,A,B,X( 3),14,0xf4d50d87L); +- R1(B,C,D,A,X( 8),20,0x455a14edL); +- R1(A,B,C,D,X(13), 5,0xa9e3e905L); +- R1(D,A,B,C,X( 2), 9,0xfcefa3f8L); +- R1(C,D,A,B,X( 7),14,0x676f02d9L); +- R1(B,C,D,A,X(12),20,0x8d2a4c8aL); +- /* Round 2 */ +- R2(A,B,C,D,X( 5), 4,0xfffa3942L); +- R2(D,A,B,C,X( 8),11,0x8771f681L); +- R2(C,D,A,B,X(11),16,0x6d9d6122L); +- R2(B,C,D,A,X(14),23,0xfde5380cL); +- R2(A,B,C,D,X( 1), 4,0xa4beea44L); +- R2(D,A,B,C,X( 4),11,0x4bdecfa9L); +- R2(C,D,A,B,X( 7),16,0xf6bb4b60L); +- R2(B,C,D,A,X(10),23,0xbebfbc70L); +- R2(A,B,C,D,X(13), 4,0x289b7ec6L); +- R2(D,A,B,C,X( 0),11,0xeaa127faL); +- R2(C,D,A,B,X( 3),16,0xd4ef3085L); +- R2(B,C,D,A,X( 6),23,0x04881d05L); +- R2(A,B,C,D,X( 9), 4,0xd9d4d039L); +- R2(D,A,B,C,X(12),11,0xe6db99e5L); +- R2(C,D,A,B,X(15),16,0x1fa27cf8L); +- R2(B,C,D,A,X( 2),23,0xc4ac5665L); +- /* Round 3 */ +- R3(A,B,C,D,X( 0), 6,0xf4292244L); +- R3(D,A,B,C,X( 7),10,0x432aff97L); +- R3(C,D,A,B,X(14),15,0xab9423a7L); +- R3(B,C,D,A,X( 5),21,0xfc93a039L); +- R3(A,B,C,D,X(12), 6,0x655b59c3L); +- R3(D,A,B,C,X( 3),10,0x8f0ccc92L); +- R3(C,D,A,B,X(10),15,0xffeff47dL); +- R3(B,C,D,A,X( 1),21,0x85845dd1L); +- R3(A,B,C,D,X( 8), 6,0x6fa87e4fL); +- R3(D,A,B,C,X(15),10,0xfe2ce6e0L); +- R3(C,D,A,B,X( 6),15,0xa3014314L); +- R3(B,C,D,A,X(13),21,0x4e0811a1L); +- R3(A,B,C,D,X( 4), 6,0xf7537e82L); +- R3(D,A,B,C,X(11),10,0xbd3af235L); +- R3(C,D,A,B,X( 2),15,0x2ad7d2bbL); +- R3(B,C,D,A,X( 9),21,0xeb86d391L); ++ for (; num--;) { ++ HOST_c2l(data, l); ++ X(0) = l; ++ HOST_c2l(data, l); ++ X(1) = l; ++ /* Round 0 */ ++ R0(A, B, C, D, X(0), 7, 0xd76aa478L); ++ HOST_c2l(data, l); ++ X(2) = l; ++ R0(D, A, B, C, X(1), 12, 0xe8c7b756L); ++ HOST_c2l(data, l); ++ X(3) = l; ++ R0(C, D, A, B, X(2), 17, 0x242070dbL); ++ HOST_c2l(data, l); ++ X(4) = l; ++ R0(B, C, D, A, X(3), 22, 0xc1bdceeeL); ++ HOST_c2l(data, l); ++ X(5) = l; ++ R0(A, B, C, D, X(4), 7, 0xf57c0fafL); ++ HOST_c2l(data, l); ++ X(6) = l; ++ R0(D, A, B, C, X(5), 12, 0x4787c62aL); ++ HOST_c2l(data, l); ++ X(7) = l; ++ R0(C, D, A, B, X(6), 17, 0xa8304613L); ++ HOST_c2l(data, l); ++ X(8) = l; ++ R0(B, C, D, A, X(7), 22, 0xfd469501L); ++ HOST_c2l(data, l); ++ X(9) = l; ++ R0(A, B, C, D, X(8), 7, 0x698098d8L); ++ HOST_c2l(data, l); ++ X(10) = l; ++ R0(D, A, B, C, X(9), 12, 0x8b44f7afL); ++ HOST_c2l(data, l); ++ X(11) = l; ++ R0(C, D, A, B, X(10), 17, 0xffff5bb1L); ++ HOST_c2l(data, l); ++ X(12) = l; ++ R0(B, C, D, A, X(11), 22, 0x895cd7beL); ++ HOST_c2l(data, l); ++ X(13) = l; ++ R0(A, B, C, D, X(12), 7, 0x6b901122L); ++ HOST_c2l(data, l); ++ X(14) = l; ++ R0(D, A, B, C, X(13), 12, 0xfd987193L); ++ HOST_c2l(data, l); ++ X(15) = l; ++ R0(C, D, A, B, X(14), 17, 0xa679438eL); ++ R0(B, C, D, A, X(15), 22, 0x49b40821L); ++ /* Round 1 */ ++ R1(A, B, C, D, X(1), 5, 0xf61e2562L); ++ R1(D, A, B, C, X(6), 9, 0xc040b340L); ++ R1(C, D, A, B, X(11), 14, 0x265e5a51L); ++ R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL); ++ R1(A, B, C, D, X(5), 5, 0xd62f105dL); ++ R1(D, A, B, C, X(10), 9, 0x02441453L); ++ R1(C, D, A, B, X(15), 14, 0xd8a1e681L); ++ R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L); ++ R1(A, B, C, D, X(9), 5, 0x21e1cde6L); ++ R1(D, A, B, C, X(14), 9, 0xc33707d6L); ++ R1(C, D, A, B, X(3), 14, 0xf4d50d87L); ++ R1(B, C, D, A, X(8), 20, 0x455a14edL); ++ R1(A, B, C, D, X(13), 5, 0xa9e3e905L); ++ R1(D, A, B, C, X(2), 9, 0xfcefa3f8L); ++ R1(C, D, A, B, X(7), 14, 0x676f02d9L); ++ R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL); ++ /* Round 2 */ ++ R2(A, B, C, D, X(5), 4, 0xfffa3942L); ++ R2(D, A, B, C, X(8), 11, 0x8771f681L); ++ R2(C, D, A, B, X(11), 16, 0x6d9d6122L); ++ R2(B, C, D, A, X(14), 23, 0xfde5380cL); ++ R2(A, B, C, D, X(1), 4, 0xa4beea44L); ++ R2(D, A, B, C, X(4), 11, 0x4bdecfa9L); ++ R2(C, D, A, B, X(7), 16, 0xf6bb4b60L); ++ R2(B, C, D, A, X(10), 23, 0xbebfbc70L); ++ R2(A, B, C, D, X(13), 4, 0x289b7ec6L); ++ R2(D, A, B, C, X(0), 11, 0xeaa127faL); ++ R2(C, D, A, B, X(3), 16, 0xd4ef3085L); ++ R2(B, C, D, A, X(6), 23, 0x04881d05L); ++ R2(A, B, C, D, X(9), 4, 0xd9d4d039L); ++ R2(D, A, B, C, X(12), 11, 0xe6db99e5L); ++ R2(C, D, A, B, X(15), 16, 0x1fa27cf8L); ++ R2(B, C, D, A, X(2), 23, 0xc4ac5665L); ++ /* Round 3 */ ++ R3(A, B, C, D, X(0), 6, 0xf4292244L); ++ R3(D, A, B, C, X(7), 10, 0x432aff97L); ++ R3(C, D, A, B, X(14), 15, 0xab9423a7L); ++ R3(B, C, D, A, X(5), 21, 0xfc93a039L); ++ R3(A, B, C, D, X(12), 6, 0x655b59c3L); ++ R3(D, A, B, C, X(3), 10, 0x8f0ccc92L); ++ R3(C, D, A, B, X(10), 15, 0xffeff47dL); ++ R3(B, C, D, A, X(1), 21, 0x85845dd1L); ++ R3(A, B, C, D, X(8), 6, 0x6fa87e4fL); ++ R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L); ++ R3(C, D, A, B, X(6), 15, 0xa3014314L); ++ R3(B, C, D, A, X(13), 21, 0x4e0811a1L); ++ R3(A, B, C, D, X(4), 6, 0xf7537e82L); ++ R3(D, A, B, C, X(11), 10, 0xbd3af235L); ++ R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL); ++ R3(B, C, D, A, X(9), 21, 0xeb86d391L); + +- A = c->A += A; +- B = c->B += B; +- C = c->C += C; +- D = c->D += D; +- } +- } ++ A = c->A += A; ++ B = c->B += B; ++ C = c->C += C; ++ D = c->D += D; ++ } ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c +index 43fee89..4ac882e 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_one.c ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_one.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,36 +62,35 @@ + #include + + #ifdef CHARSET_EBCDIC +-#include ++# include + #endif + + unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) +- { +- MD5_CTX c; +- static unsigned char m[MD5_DIGEST_LENGTH]; ++{ ++ MD5_CTX c; ++ static unsigned char m[MD5_DIGEST_LENGTH]; + +- if (md == NULL) md=m; +- if (!MD5_Init(&c)) +- return NULL; ++ if (md == NULL) ++ md = m; ++ if (!MD5_Init(&c)) ++ return NULL; + #ifndef CHARSET_EBCDIC +- MD5_Update(&c,d,n); ++ MD5_Update(&c, d, n); + #else +- { +- char temp[1024]; +- unsigned long chunk; ++ { ++ char temp[1024]; ++ unsigned long chunk; + +- while (n > 0) +- { +- chunk = (n > sizeof(temp)) ? sizeof(temp) : n; +- ebcdic2ascii(temp, d, chunk); +- MD5_Update(&c,temp,chunk); +- n -= chunk; +- d += chunk; +- } +- } ++ while (n > 0) { ++ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; ++ ebcdic2ascii(temp, d, chunk); ++ MD5_Update(&c, temp, chunk); ++ n -= chunk; ++ d += chunk; ++ } ++ } + #endif +- MD5_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ +- return(md); +- } +- ++ MD5_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ ++ return (md); ++} +diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c +index 05d7b9c..0620a51 100644 +--- a/Cryptlib/OpenSSL/crypto/mem.c ++++ b/Cryptlib/OpenSSL/crypto/mem.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,390 +61,427 @@ + #include + #include "cryptlib.h" + ++static int allow_customize = 1; /* we provide flexible functions for */ ++static int allow_customize_debug = 1; /* exchanging memory-related functions ++ * at run-time, but this must be done ++ * before any blocks are actually ++ * allocated; or we'll run into huge ++ * problems when malloc/free pairs ++ * don't match etc. */ + +-static int allow_customize = 1; /* we provide flexible functions for */ +-static int allow_customize_debug = 1;/* exchanging memory-related functions at +- * run-time, but this must be done +- * before any blocks are actually +- * allocated; or we'll run into huge +- * problems when malloc/free pairs +- * don't match etc. */ +- +- +- +-/* the following pointers may be changed as long as 'allow_customize' is set */ ++/* ++ * the following pointers may be changed as long as 'allow_customize' is set ++ */ + +-static void *(*malloc_func)(size_t) = malloc; ++static void *(*malloc_func) (size_t) = malloc; + static void *default_malloc_ex(size_t num, const char *file, int line) +- { return malloc_func(num); } +-static void *(*malloc_ex_func)(size_t, const char *file, int line) +- = default_malloc_ex; ++{ ++ return malloc_func(num); ++} + +-static void *(*realloc_func)(void *, size_t)= realloc; ++static void *(*malloc_ex_func) (size_t, const char *file, int line) ++ = default_malloc_ex; ++ ++static void *(*realloc_func) (void *, size_t) = realloc; + static void *default_realloc_ex(void *str, size_t num, +- const char *file, int line) +- { return realloc_func(str,num); } +-static void *(*realloc_ex_func)(void *, size_t, const char *file, int line) +- = default_realloc_ex; ++ const char *file, int line) ++{ ++ return realloc_func(str, num); ++} + +-static void (*free_func)(void *) = free; ++static void *(*realloc_ex_func) (void *, size_t, const char *file, int line) ++ = default_realloc_ex; + +-static void *(*malloc_locked_func)(size_t) = malloc; +-static void *default_malloc_locked_ex(size_t num, const char *file, int line) +- { return malloc_locked_func(num); } +-static void *(*malloc_locked_ex_func)(size_t, const char *file, int line) +- = default_malloc_locked_ex; ++static void (*free_func) (void *) = free; + +-static void (*free_locked_func)(void *) = free; ++static void *(*malloc_locked_func) (size_t) = malloc; ++static void *default_malloc_locked_ex(size_t num, const char *file, int line) ++{ ++ return malloc_locked_func(num); ++} + ++static void *(*malloc_locked_ex_func) (size_t, const char *file, int line) ++ = default_malloc_locked_ex; + ++static void (*free_locked_func) (void *) = free; + + /* may be changed as long as 'allow_customize_debug' is set */ + /* XXX use correct function pointer types */ + #if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) + /* use default functions from mem_dbg.c */ +-static void (*malloc_debug_func)(void *,int,const char *,int,int) +- = CRYPTO_dbg_malloc; +-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) +- = CRYPTO_dbg_realloc; +-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; +-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; +-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; +- +-static int (*push_info_func)(const char *info, const char *file, int line) +- = CRYPTO_dbg_push_info; +-static int (*pop_info_func)(void) +- = CRYPTO_dbg_pop_info; +-static int (*remove_all_info_func)(void) +- = CRYPTO_dbg_remove_all_info; ++static void (*malloc_debug_func) (void *, int, const char *, int, int) ++ = CRYPTO_dbg_malloc; ++static void (*realloc_debug_func) (void *, void *, int, const char *, int, ++ int) ++ = CRYPTO_dbg_realloc; ++static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free; ++static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options; ++static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options; ++ ++static int (*push_info_func) (const char *info, const char *file, int line) ++ = CRYPTO_dbg_push_info; ++static int (*pop_info_func) (void) ++ = CRYPTO_dbg_pop_info; ++static int (*remove_all_info_func) (void) ++ = CRYPTO_dbg_remove_all_info; + + #else +-/* applications can use CRYPTO_malloc_debug_init() to select above case +- * at run-time */ +-static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL; +-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) +- = NULL; +-static void (*free_debug_func)(void *,int) = NULL; +-static void (*set_debug_options_func)(long) = NULL; +-static long (*get_debug_options_func)(void) = NULL; +- +- +-static int (*push_info_func)(const char *info, const char *file, int line) +- = NULL; +-static int (*pop_info_func)(void) = NULL; +-static int (*remove_all_info_func)(void) = NULL; ++/* ++ * applications can use CRYPTO_malloc_debug_init() to select above case at ++ * run-time ++ */ ++static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL; ++static void (*realloc_debug_func) (void *, void *, int, const char *, int, ++ int) ++ = NULL; ++static void (*free_debug_func) (void *, int) = NULL; ++static void (*set_debug_options_func) (long) = NULL; ++static long (*get_debug_options_func) (void) = NULL; ++ ++static int (*push_info_func) (const char *info, const char *file, int line) ++ = NULL; ++static int (*pop_info_func) (void) = NULL; ++static int (*remove_all_info_func) (void) = NULL; + + #endif + +- +-int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), +- void (*f)(void *)) +- { +- if (!allow_customize) +- return 0; +- if ((m == 0) || (r == 0) || (f == 0)) +- return 0; +- malloc_func=m; malloc_ex_func=default_malloc_ex; +- realloc_func=r; realloc_ex_func=default_realloc_ex; +- free_func=f; +- malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; +- free_locked_func=f; +- return 1; +- } +- +-int CRYPTO_set_mem_ex_functions( +- void *(*m)(size_t,const char *,int), +- void *(*r)(void *, size_t,const char *,int), +- void (*f)(void *)) +- { +- if (!allow_customize) +- return 0; +- if ((m == 0) || (r == 0) || (f == 0)) +- return 0; +- malloc_func=0; malloc_ex_func=m; +- realloc_func=0; realloc_ex_func=r; +- free_func=f; +- malloc_locked_func=0; malloc_locked_ex_func=m; +- free_locked_func=f; +- return 1; +- } +- +-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *)) +- { +- if (!allow_customize) +- return 0; +- if ((m == NULL) || (f == NULL)) +- return 0; +- malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; +- free_locked_func=f; +- return 1; +- } +- +-int CRYPTO_set_locked_mem_ex_functions( +- void *(*m)(size_t,const char *,int), +- void (*f)(void *)) +- { +- if (!allow_customize) +- return 0; +- if ((m == NULL) || (f == NULL)) +- return 0; +- malloc_locked_func=0; malloc_locked_ex_func=m; +- free_func=f; +- return 1; +- } +- +-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), +- void (*r)(void *,void *,int,const char *,int,int), +- void (*f)(void *,int), +- void (*so)(long), +- long (*go)(void)) +- { +- if (!allow_customize_debug) +- return 0; +- malloc_debug_func=m; +- realloc_debug_func=r; +- free_debug_func=f; +- set_debug_options_func=so; +- get_debug_options_func=go; +- return 1; +- } +- +-void CRYPTO_set_mem_info_functions( +- int (*push_info_fn)(const char *info, const char *file, int line), +- int (*pop_info_fn)(void), +- int (*remove_all_info_fn)(void)) +- { +- push_info_func = push_info_fn; +- pop_info_func = pop_info_fn; +- remove_all_info_func = remove_all_info_fn; +- } +- +-void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), +- void (**f)(void *)) +- { +- if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? +- malloc_func : 0; +- if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? +- realloc_func : 0; +- if (f != NULL) *f=free_func; +- } +- +-void CRYPTO_get_mem_ex_functions( +- void *(**m)(size_t,const char *,int), +- void *(**r)(void *, size_t,const char *,int), +- void (**f)(void *)) +- { +- if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ? +- malloc_ex_func : 0; +- if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ? +- realloc_ex_func : 0; +- if (f != NULL) *f=free_func; +- } +- +-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)) +- { +- if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? +- malloc_locked_func : 0; +- if (f != NULL) *f=free_locked_func; +- } +- +-void CRYPTO_get_locked_mem_ex_functions( +- void *(**m)(size_t,const char *,int), +- void (**f)(void *)) +- { +- if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? +- malloc_locked_ex_func : 0; +- if (f != NULL) *f=free_locked_func; +- } +- +-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), +- void (**r)(void *,void *,int,const char *,int,int), +- void (**f)(void *,int), +- void (**so)(long), +- long (**go)(void)) +- { +- if (m != NULL) *m=malloc_debug_func; +- if (r != NULL) *r=realloc_debug_func; +- if (f != NULL) *f=free_debug_func; +- if (so != NULL) *so=set_debug_options_func; +- if (go != NULL) *go=get_debug_options_func; +- } +- ++int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), ++ void (*f) (void *)) ++{ ++ if (!allow_customize) ++ return 0; ++ if ((m == 0) || (r == 0) || (f == 0)) ++ return 0; ++ malloc_func = m; ++ malloc_ex_func = default_malloc_ex; ++ realloc_func = r; ++ realloc_ex_func = default_realloc_ex; ++ free_func = f; ++ malloc_locked_func = m; ++ malloc_locked_ex_func = default_malloc_locked_ex; ++ free_locked_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void *(*r) (void *, size_t, const char *, ++ int), void (*f) (void *)) ++{ ++ if (!allow_customize) ++ return 0; ++ if ((m == 0) || (r == 0) || (f == 0)) ++ return 0; ++ malloc_func = 0; ++ malloc_ex_func = m; ++ realloc_func = 0; ++ realloc_ex_func = r; ++ free_func = f; ++ malloc_locked_func = 0; ++ malloc_locked_ex_func = m; ++ free_locked_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *)) ++{ ++ if (!allow_customize) ++ return 0; ++ if ((m == NULL) || (f == NULL)) ++ return 0; ++ malloc_locked_func = m; ++ malloc_locked_ex_func = default_malloc_locked_ex; ++ free_locked_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void (*f) (void *)) ++{ ++ if (!allow_customize) ++ return 0; ++ if ((m == NULL) || (f == NULL)) ++ return 0; ++ malloc_locked_func = 0; ++ malloc_locked_ex_func = m; ++ free_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_mem_debug_functions(void (*m) ++ (void *, int, const char *, int, int), ++ void (*r) (void *, void *, int, ++ const char *, int, int), ++ void (*f) (void *, int), void (*so) (long), ++ long (*go) (void)) ++{ ++ if (!allow_customize_debug) ++ return 0; ++ malloc_debug_func = m; ++ realloc_debug_func = r; ++ free_debug_func = f; ++ set_debug_options_func = so; ++ get_debug_options_func = go; ++ return 1; ++} ++ ++void CRYPTO_set_mem_info_functions(int (*push_info_fn) ++ (const char *info, const char *file, ++ int line), int (*pop_info_fn) (void), ++ int (*remove_all_info_fn) (void)) ++{ ++ push_info_func = push_info_fn; ++ pop_info_func = pop_info_fn; ++ remove_all_info_func = remove_all_info_fn; ++} ++ ++void CRYPTO_get_mem_functions(void *(**m) (size_t), ++ void *(**r) (void *, size_t), ++ void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0; ++ if (r != NULL) ++ *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0; ++ if (f != NULL) ++ *f = free_func; ++} ++ ++void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), ++ void *(**r) (void *, size_t, const char *, ++ int), void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0; ++ if (r != NULL) ++ *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0; ++ if (f != NULL) ++ *f = free_func; ++} ++ ++void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), ++ void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? ++ malloc_locked_func : 0; ++ if (f != NULL) ++ *f = free_locked_func; ++} ++ ++void CRYPTO_get_locked_mem_ex_functions(void ++ *(**m) (size_t, const char *, int), ++ void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? ++ malloc_locked_ex_func : 0; ++ if (f != NULL) ++ *f = free_locked_func; ++} ++ ++void CRYPTO_get_mem_debug_functions(void (**m) ++ (void *, int, const char *, int, int), ++ void (**r) (void *, void *, int, ++ const char *, int, int), ++ void (**f) (void *, int), ++ void (**so) (long), long (**go) (void)) ++{ ++ if (m != NULL) ++ *m = malloc_debug_func; ++ if (r != NULL) ++ *r = realloc_debug_func; ++ if (f != NULL) ++ *f = free_debug_func; ++ if (so != NULL) ++ *so = set_debug_options_func; ++ if (go != NULL) ++ *go = get_debug_options_func; ++} + + void *CRYPTO_malloc_locked(int num, const char *file, int line) +- { +- void *ret = NULL; +- extern unsigned char cleanse_ctr; +- +- if (num <= 0) return NULL; +- +- allow_customize = 0; +- if (malloc_debug_func != NULL) +- { +- allow_customize_debug = 0; +- malloc_debug_func(NULL, num, file, line, 0); +- } +- ret = malloc_locked_ex_func(num,file,line); ++{ ++ void *ret = NULL; ++ extern unsigned char cleanse_ctr; ++ ++ if (num <= 0) ++ return NULL; ++ ++ allow_customize = 0; ++ if (malloc_debug_func != NULL) { ++ allow_customize_debug = 0; ++ malloc_debug_func(NULL, num, file, line, 0); ++ } ++ ret = malloc_locked_ex_func(num, file, line); + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); + #endif +- if (malloc_debug_func != NULL) +- malloc_debug_func(ret, num, file, line, 1); ++ if (malloc_debug_func != NULL) ++ malloc_debug_func(ret, num, file, line, 1); + +- /* Create a dependency on the value of 'cleanse_ctr' so our memory +- * sanitisation function can't be optimised out. NB: We only do +- * this for >2Kb so the overhead doesn't bother us. */ +- if(ret && (num > 2048)) +- ((unsigned char *)ret)[0] = cleanse_ctr; ++ /* ++ * Create a dependency on the value of 'cleanse_ctr' so our memory ++ * sanitisation function can't be optimised out. NB: We only do this for ++ * >2Kb so the overhead doesn't bother us. ++ */ ++ if (ret && (num > 2048)) ++ ((unsigned char *)ret)[0] = cleanse_ctr; + +- return ret; +- } ++ return ret; ++} + + void CRYPTO_free_locked(void *str) +- { +- if (free_debug_func != NULL) +- free_debug_func(str, 0); ++{ ++ if (free_debug_func != NULL) ++ free_debug_func(str, 0); + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); + #endif +- free_locked_func(str); +- if (free_debug_func != NULL) +- free_debug_func(NULL, 1); +- } ++ free_locked_func(str); ++ if (free_debug_func != NULL) ++ free_debug_func(NULL, 1); ++} + + void *CRYPTO_malloc(int num, const char *file, int line) +- { +- void *ret = NULL; +- extern unsigned char cleanse_ctr; +- +- if (num <= 0) return NULL; +- +- allow_customize = 0; +- if (malloc_debug_func != NULL) +- { +- allow_customize_debug = 0; +- malloc_debug_func(NULL, num, file, line, 0); +- } +- ret = malloc_ex_func(num,file,line); ++{ ++ void *ret = NULL; ++ extern unsigned char cleanse_ctr; ++ ++ if (num <= 0) ++ return NULL; ++ ++ allow_customize = 0; ++ if (malloc_debug_func != NULL) { ++ allow_customize_debug = 0; ++ malloc_debug_func(NULL, num, file, line, 0); ++ } ++ ret = malloc_ex_func(num, file, line); + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); + #endif +- if (malloc_debug_func != NULL) +- malloc_debug_func(ret, num, file, line, 1); ++ if (malloc_debug_func != NULL) ++ malloc_debug_func(ret, num, file, line, 1); + +- /* Create a dependency on the value of 'cleanse_ctr' so our memory +- * sanitisation function can't be optimised out. NB: We only do +- * this for >2Kb so the overhead doesn't bother us. */ +- if(ret && (num > 2048)) +- ((unsigned char *)ret)[0] = cleanse_ctr; ++ /* ++ * Create a dependency on the value of 'cleanse_ctr' so our memory ++ * sanitisation function can't be optimised out. NB: We only do this for ++ * >2Kb so the overhead doesn't bother us. ++ */ ++ if (ret && (num > 2048)) ++ ((unsigned char *)ret)[0] = cleanse_ctr; + +- return ret; +- } ++ return ret; ++} + + void *CRYPTO_realloc(void *str, int num, const char *file, int line) +- { +- void *ret = NULL; ++{ ++ void *ret = NULL; + +- if (str == NULL) +- return CRYPTO_malloc(num, file, line); ++ if (str == NULL) ++ return CRYPTO_malloc(num, file, line); + +- if (num <= 0) return NULL; ++ if (num <= 0) ++ return NULL; + +- if (realloc_debug_func != NULL) +- realloc_debug_func(str, NULL, num, file, line, 0); +- ret = realloc_ex_func(str,num,file,line); ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, NULL, num, file, line, 0); ++ ret = realloc_ex_func(str, num, file, line); + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ++ ret, num); + #endif +- if (realloc_debug_func != NULL) +- realloc_debug_func(str, ret, num, file, line, 1); ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, ret, num, file, line, 1); + +- return ret; +- } ++ return ret; ++} + + void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, +- int line) +- { +- void *ret = NULL; +- +- if (str == NULL) +- return CRYPTO_malloc(num, file, line); +- +- if (num <= 0) return NULL; +- +- /* We don't support shrinking the buffer. Note the memcpy that copies +- * |old_len| bytes to the new buffer, below. */ +- if (num < old_len) return NULL; +- +- if (realloc_debug_func != NULL) +- realloc_debug_func(str, NULL, num, file, line, 0); +- ret=malloc_ex_func(num,file,line); +- if(ret) +- { +- memcpy(ret,str,old_len); +- OPENSSL_cleanse(str,old_len); +- free_func(str); +- } ++ int line) ++{ ++ void *ret = NULL; ++ ++ if (str == NULL) ++ return CRYPTO_malloc(num, file, line); ++ ++ if (num <= 0) ++ return NULL; ++ ++ /* ++ * We don't support shrinking the buffer. Note the memcpy that copies ++ * |old_len| bytes to the new buffer, below. ++ */ ++ if (num < old_len) ++ return NULL; ++ ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, NULL, num, file, line, 0); ++ ret = malloc_ex_func(num, file, line); ++ if (ret) { ++ memcpy(ret, str, old_len); ++ OPENSSL_cleanse(str, old_len); ++ free_func(str); ++ } + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, +- "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", +- str, ret, num); ++ fprintf(stderr, ++ "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", ++ str, ret, num); + #endif +- if (realloc_debug_func != NULL) +- realloc_debug_func(str, ret, num, file, line, 1); ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, ret, num, file, line, 1); + +- return ret; +- } ++ return ret; ++} + + void CRYPTO_free(void *str) +- { +- if (free_debug_func != NULL) +- free_debug_func(str, 0); ++{ ++ if (free_debug_func != NULL) ++ free_debug_func(str, 0); + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); + #endif +- free_func(str); +- if (free_debug_func != NULL) +- free_debug_func(NULL, 1); +- } ++ free_func(str); ++ if (free_debug_func != NULL) ++ free_debug_func(NULL, 1); ++} + + void *CRYPTO_remalloc(void *a, int num, const char *file, int line) +- { +- if (a != NULL) OPENSSL_free(a); +- a=(char *)OPENSSL_malloc(num); +- return(a); +- } ++{ ++ if (a != NULL) ++ OPENSSL_free(a); ++ a = (char *)OPENSSL_malloc(num); ++ return (a); ++} + + void CRYPTO_set_mem_debug_options(long bits) +- { +- if (set_debug_options_func != NULL) +- set_debug_options_func(bits); +- } ++{ ++ if (set_debug_options_func != NULL) ++ set_debug_options_func(bits); ++} + + long CRYPTO_get_mem_debug_options(void) +- { +- if (get_debug_options_func != NULL) +- return get_debug_options_func(); +- return 0; +- } ++{ ++ if (get_debug_options_func != NULL) ++ return get_debug_options_func(); ++ return 0; ++} + + int CRYPTO_push_info_(const char *info, const char *file, int line) +- { +- if (push_info_func) +- return push_info_func(info, file, line); +- return 1; +- } ++{ ++ if (push_info_func) ++ return push_info_func(info, file, line); ++ return 1; ++} + + int CRYPTO_pop_info(void) +- { +- if (pop_info_func) +- return pop_info_func(); +- return 1; +- } ++{ ++ if (pop_info_func) ++ return pop_info_func(); ++ return 1; ++} + + int CRYPTO_remove_all_info(void) +- { +- if (remove_all_info_func) +- return remove_all_info_func(); +- return 1; +- } ++{ ++ if (remove_all_info_func) ++ return remove_all_info_func(); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c +index add1f78..3df1f39 100644 +--- a/Cryptlib/OpenSSL/crypto/mem_clr.c ++++ b/Cryptlib/OpenSSL/crypto/mem_clr.c +@@ -1,6 +1,7 @@ + /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL +- * project 2002. ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2002. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,16 +63,15 @@ + unsigned char cleanse_ctr = 0; + + void OPENSSL_cleanse(void *ptr, size_t len) +- { +- unsigned char *p = ptr; +- size_t loop = len, ctr = cleanse_ctr; +- while(loop--) +- { +- *(p++) = (unsigned char)ctr; +- ctr += (17 + ((size_t)p & 0xF)); +- } +- p=memchr(ptr, (unsigned char)ctr, len); +- if(p) +- ctr += (63 + (size_t)p); +- cleanse_ctr = (unsigned char)ctr; +- } ++{ ++ unsigned char *p = ptr; ++ size_t loop = len, ctr = cleanse_ctr; ++ while (loop--) { ++ *(p++) = (unsigned char)ctr; ++ ctr += (17 + ((size_t)p & 0xF)); ++ } ++ p = memchr(ptr, (unsigned char)ctr, len); ++ if (p) ++ ctr += (63 + (size_t)p); ++ cleanse_ctr = (unsigned char)ctr; ++} +diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c +index dfeb084..e506e6b 100644 +--- a/Cryptlib/OpenSSL/crypto/mem_dbg.c ++++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -58,760 +58,712 @@ + + #include + #include +-#include ++#include + #include "cryptlib.h" + #include + #include + #include + #include + +-static int mh_mode=CRYPTO_MEM_CHECK_OFF; +-/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE +- * when the application asks for it (usually after library initialisation +- * for which no book-keeping is desired). +- * +- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library +- * thinks that certain allocations should not be checked (e.g. the data +- * structures used for memory checking). It is not suitable as an initial +- * state: the library will unexpectedly enable memory checking when it +- * executes one of those sections that want to disable checking +- * temporarily. +- * +- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever. ++static int mh_mode = CRYPTO_MEM_CHECK_OFF; ++/* ++ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when ++ * the application asks for it (usually after library initialisation for ++ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only ++ * temporarily when the library thinks that certain allocations should not be ++ * checked (e.g. the data structures used for memory checking). It is not ++ * suitable as an initial state: the library will unexpectedly enable memory ++ * checking when it executes one of those sections that want to disable ++ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes ++ * no sense whatsoever. + */ + + static unsigned long order = 0; /* number of memory requests */ +-static LHASH *mh=NULL; /* hash-table of memory requests (address as key); +- * access requires MALLOC2 lock */ +- ++static LHASH *mh = NULL; /* hash-table of memory requests (address as ++ * key); access requires MALLOC2 lock */ + + typedef struct app_mem_info_st +-/* For application-defined information (static C-string `info') ++/*- ++ * For application-defined information (static C-string `info') + * to be displayed in memory leak list. + * Each thread has its own stack. For applications, there is + * CRYPTO_push_info("...") to push an entry, + * CRYPTO_pop_info() to pop an entry, + * CRYPTO_remove_all_info() to pop all entries. + */ +- { +- unsigned long thread; +- const char *file; +- int line; +- const char *info; +- struct app_mem_info_st *next; /* tail of thread's stack */ +- int references; +- } APP_INFO; ++{ ++ unsigned long thread; ++ const char *file; ++ int line; ++ const char *info; ++ struct app_mem_info_st *next; /* tail of thread's stack */ ++ int references; ++} APP_INFO; + + static void app_info_free(APP_INFO *); + +-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's +- * that are at the top of their thread's stack +- * (with `thread' as key); +- * access requires MALLOC2 lock */ ++static LHASH *amih = NULL; /* hash-table with those app_mem_info_st's ++ * that are at the top of their thread's ++ * stack (with `thread' as key); access ++ * requires MALLOC2 lock */ + + typedef struct mem_st + /* memory-block description */ +- { +- void *addr; +- int num; +- const char *file; +- int line; +- unsigned long thread; +- unsigned long order; +- time_t time; +- APP_INFO *app_info; +- } MEM; +- +-static long options = /* extra information to be recorded */ ++{ ++ void *addr; ++ int num; ++ const char *file; ++ int line; ++ unsigned long thread; ++ unsigned long order; ++ time_t time; ++ APP_INFO *app_info; ++} MEM; ++ ++static long options = /* extra information to be recorded */ + #if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL) +- V_CRYPTO_MDEBUG_TIME | ++ V_CRYPTO_MDEBUG_TIME | + #endif + #if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL) +- V_CRYPTO_MDEBUG_THREAD | ++ V_CRYPTO_MDEBUG_THREAD | + #endif +- 0; +- ++ 0; + +-static unsigned int num_disable = 0; /* num_disable > 0 +- * iff +- * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) +- */ ++static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode == ++ * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ + static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. + * CRYPTO_LOCK_MALLOC2 is locked + * exactly in this case (by the +- * thread named in disabling_thread). +- */ ++ * thread named in ++ * disabling_thread). */ + + static void app_info_free(APP_INFO *inf) +- { +- if (--(inf->references) <= 0) +- { +- if (inf->next != NULL) +- { +- app_info_free(inf->next); +- } +- OPENSSL_free(inf); +- } +- } ++{ ++ if (--(inf->references) <= 0) { ++ if (inf->next != NULL) { ++ app_info_free(inf->next); ++ } ++ OPENSSL_free(inf); ++ } ++} + + int CRYPTO_mem_ctrl(int mode) +- { +- int ret=mh_mode; +- +- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); +- switch (mode) +- { +- /* for applications (not to be called while multiple threads +- * use the library): */ +- case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ +- mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; +- num_disable = 0; +- break; +- case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ +- mh_mode = 0; +- num_disable = 0; /* should be true *before* MemCheck_stop is used, +- or there'll be a lot of confusion */ +- break; +- +- /* switch off temporarily (for library-internal use): */ +- case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ +- if (mh_mode & CRYPTO_MEM_CHECK_ON) +- { +- if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ +- { +- /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while +- * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if +- * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release +- * it because we block entry to this function). +- * Give them a chance, first, and then claim the locks in +- * appropriate order (long-time lock first). +- */ +- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); +- /* Note that after we have waited for CRYPTO_LOCK_MALLOC2 +- * and CRYPTO_LOCK_MALLOC, we'll still be in the right +- * "case" and "if" branch because MemCheck_start and +- * MemCheck_stop may never be used while there are multiple +- * OpenSSL threads. */ +- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); +- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); +- mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; +- disabling_thread=CRYPTO_thread_id(); +- } +- num_disable++; +- } +- break; +- case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ +- if (mh_mode & CRYPTO_MEM_CHECK_ON) +- { +- if (num_disable) /* always true, or something is going wrong */ +- { +- num_disable--; +- if (num_disable == 0) +- { +- mh_mode|=CRYPTO_MEM_CHECK_ENABLE; +- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); +- } +- } +- } +- break; +- +- default: +- break; +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); +- return(ret); +- } ++{ ++ int ret = mh_mode; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); ++ switch (mode) { ++ /* ++ * for applications (not to be called while multiple threads use the ++ * library): ++ */ ++ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ ++ mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE; ++ num_disable = 0; ++ break; ++ case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ ++ mh_mode = 0; ++ num_disable = 0; /* should be true *before* MemCheck_stop is ++ * used, or there'll be a lot of confusion */ ++ break; ++ ++ /* switch off temporarily (for library-internal use): */ ++ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ ++ if (mh_mode & CRYPTO_MEM_CHECK_ON) { ++ /* otherwise we already have the MALLOC2 lock */ ++ if (!num_disable || (disabling_thread != CRYPTO_thread_id())) { ++ /* ++ * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed ++ * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock ++ * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot ++ * release it because we block entry to this function). Give ++ * them a chance, first, and then claim the locks in ++ * appropriate order (long-time lock first). ++ */ ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); ++ /* ++ * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and ++ * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and ++ * "if" branch because MemCheck_start and MemCheck_stop may ++ * never be used while there are multiple OpenSSL threads. ++ */ ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); ++ mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; ++ disabling_thread = CRYPTO_thread_id(); ++ } ++ num_disable++; ++ } ++ break; ++ case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ ++ if (mh_mode & CRYPTO_MEM_CHECK_ON) { ++ if (num_disable) { /* always true, or something is going wrong */ ++ num_disable--; ++ if (num_disable == 0) { ++ mh_mode |= CRYPTO_MEM_CHECK_ENABLE; ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); ++ } ++ } ++ } ++ break; ++ ++ default: ++ break; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); ++ return (ret); ++} + + int CRYPTO_is_mem_check_on(void) +- { +- int ret = 0; ++{ ++ int ret = 0; + +- if (mh_mode & CRYPTO_MEM_CHECK_ON) +- { +- CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); ++ if (mh_mode & CRYPTO_MEM_CHECK_ON) { ++ CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); + +- ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) +- || (disabling_thread != CRYPTO_thread_id()); +- +- CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); +- } +- return(ret); +- } ++ ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) ++ || (disabling_thread != CRYPTO_thread_id()); + ++ CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); ++ } ++ return (ret); ++} + + void CRYPTO_dbg_set_options(long bits) +- { +- options = bits; +- } ++{ ++ options = bits; ++} + + long CRYPTO_dbg_get_options(void) +- { +- return options; +- } ++{ ++ return options; ++} + + /* static int mem_cmp(MEM *a, MEM *b) */ + static int mem_cmp(const void *a_void, const void *b_void) +- { ++{ + #ifdef _WIN64 +- const char *a=(const char *)((const MEM *)a_void)->addr, +- *b=(const char *)((const MEM *)b_void)->addr; +- if (a==b) return 0; +- else if (a>b) return 1; +- else return -1; ++ const char *a = (const char *)((const MEM *)a_void)->addr, ++ *b = (const char *)((const MEM *)b_void)->addr; ++ if (a == b) ++ return 0; ++ else if (a > b) ++ return 1; ++ else ++ return -1; + #else +- return((const char *)((const MEM *)a_void)->addr +- - (const char *)((const MEM *)b_void)->addr); ++ return ((const char *)((const MEM *)a_void)->addr ++ - (const char *)((const MEM *)b_void)->addr); + #endif +- } ++} + + /* static unsigned long mem_hash(MEM *a) */ + static unsigned long mem_hash(const void *a_void) +- { +- unsigned long ret; ++{ ++ unsigned long ret; + +- ret=(unsigned long)((const MEM *)a_void)->addr; ++ ret = (unsigned long)((const MEM *)a_void)->addr; + +- ret=ret*17851+(ret>>14)*7+(ret>>4)*251; +- return(ret); +- } ++ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; ++ return (ret); ++} + + /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ + static int app_info_cmp(const void *a_void, const void *b_void) +- { +- return(((const APP_INFO *)a_void)->thread +- != ((const APP_INFO *)b_void)->thread); +- } ++{ ++ return (((const APP_INFO *)a_void)->thread ++ != ((const APP_INFO *)b_void)->thread); ++} + + /* static unsigned long app_info_hash(APP_INFO *a) */ + static unsigned long app_info_hash(const void *a_void) +- { +- unsigned long ret; ++{ ++ unsigned long ret; + +- ret=(unsigned long)((const APP_INFO *)a_void)->thread; ++ ret = (unsigned long)((const APP_INFO *)a_void)->thread; + +- ret=ret*17851+(ret>>14)*7+(ret>>4)*251; +- return(ret); +- } ++ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; ++ return (ret); ++} + + static APP_INFO *pop_info(void) +- { +- APP_INFO tmp; +- APP_INFO *ret = NULL; +- +- if (amih != NULL) +- { +- tmp.thread=CRYPTO_thread_id(); +- if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL) +- { +- APP_INFO *next=ret->next; +- +- if (next != NULL) +- { +- next->references++; +- lh_insert(amih,(char *)next); +- } ++{ ++ APP_INFO tmp; ++ APP_INFO *ret = NULL; ++ ++ if (amih != NULL) { ++ tmp.thread = CRYPTO_thread_id(); ++ if ((ret = (APP_INFO *)lh_delete(amih, &tmp)) != NULL) { ++ APP_INFO *next = ret->next; ++ ++ if (next != NULL) { ++ next->references++; ++ lh_insert(amih, (char *)next); ++ } + #ifdef LEVITTE_DEBUG_MEM +- if (ret->thread != tmp.thread) +- { +- fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", +- ret->thread, tmp.thread); +- abort(); +- } ++ if (ret->thread != tmp.thread) { ++ fprintf(stderr, ++ "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", ++ ret->thread, tmp.thread); ++ abort(); ++ } + #endif +- if (--(ret->references) <= 0) +- { +- ret->next = NULL; +- if (next != NULL) +- next->references--; +- OPENSSL_free(ret); +- } +- } +- } +- return(ret); +- } ++ if (--(ret->references) <= 0) { ++ ret->next = NULL; ++ if (next != NULL) ++ next->references--; ++ OPENSSL_free(ret); ++ } ++ } ++ } ++ return (ret); ++} + + int CRYPTO_dbg_push_info(const char *info, const char *file, int line) +- { +- APP_INFO *ami, *amim; +- int ret=0; +- +- if (is_MemCheck_on()) +- { +- MemCheck_off(); /* obtain MALLOC2 lock */ +- +- if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) +- { +- ret=0; +- goto err; +- } +- if (amih == NULL) +- { +- if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL) +- { +- OPENSSL_free(ami); +- ret=0; +- goto err; +- } +- } +- +- ami->thread=CRYPTO_thread_id(); +- ami->file=file; +- ami->line=line; +- ami->info=info; +- ami->references=1; +- ami->next=NULL; +- +- if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) +- { ++{ ++ APP_INFO *ami, *amim; ++ int ret = 0; ++ ++ if (is_MemCheck_on()) { ++ MemCheck_off(); /* obtain MALLOC2 lock */ ++ ++ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { ++ ret = 0; ++ goto err; ++ } ++ if (amih == NULL) { ++ if ((amih = lh_new(app_info_hash, app_info_cmp)) == NULL) { ++ OPENSSL_free(ami); ++ ret = 0; ++ goto err; ++ } ++ } ++ ++ ami->thread = CRYPTO_thread_id(); ++ ami->file = file; ++ ami->line = line; ++ ami->info = info; ++ ami->references = 1; ++ ami->next = NULL; ++ ++ if ((amim = (APP_INFO *)lh_insert(amih, (char *)ami)) != NULL) { + #ifdef LEVITTE_DEBUG_MEM +- if (ami->thread != amim->thread) +- { +- fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", +- amim->thread, ami->thread); +- abort(); +- } ++ if (ami->thread != amim->thread) { ++ fprintf(stderr, ++ "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", ++ amim->thread, ami->thread); ++ abort(); ++ } + #endif +- ami->next=amim; +- } ++ ami->next = amim; ++ } + err: +- MemCheck_on(); /* release MALLOC2 lock */ +- } ++ MemCheck_on(); /* release MALLOC2 lock */ ++ } + +- return(ret); +- } ++ return (ret); ++} + + int CRYPTO_dbg_pop_info(void) +- { +- int ret=0; ++{ ++ int ret = 0; + +- if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ +- { +- MemCheck_off(); /* obtain MALLOC2 lock */ ++ if (is_MemCheck_on()) { /* _must_ be true, or something went severely ++ * wrong */ ++ MemCheck_off(); /* obtain MALLOC2 lock */ + +- ret=(pop_info() != NULL); ++ ret = (pop_info() != NULL); + +- MemCheck_on(); /* release MALLOC2 lock */ +- } +- return(ret); +- } ++ MemCheck_on(); /* release MALLOC2 lock */ ++ } ++ return (ret); ++} + + int CRYPTO_dbg_remove_all_info(void) +- { +- int ret=0; +- +- if (is_MemCheck_on()) /* _must_ be true */ +- { +- MemCheck_off(); /* obtain MALLOC2 lock */ ++{ ++ int ret = 0; + +- while(pop_info() != NULL) +- ret++; ++ if (is_MemCheck_on()) { /* _must_ be true */ ++ MemCheck_off(); /* obtain MALLOC2 lock */ + +- MemCheck_on(); /* release MALLOC2 lock */ +- } +- return(ret); +- } ++ while (pop_info() != NULL) ++ ret++; + ++ MemCheck_on(); /* release MALLOC2 lock */ ++ } ++ return (ret); ++} + +-static unsigned long break_order_num=0; ++static unsigned long break_order_num = 0; + void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, +- int before_p) +- { +- MEM *m,*mm; +- APP_INFO tmp,*amim; +- +- switch(before_p & 127) +- { +- case 0: +- break; +- case 1: +- if (addr == NULL) +- break; +- +- if (is_MemCheck_on()) +- { +- MemCheck_off(); /* make sure we hold MALLOC2 lock */ +- if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) +- { +- OPENSSL_free(addr); +- MemCheck_on(); /* release MALLOC2 lock +- * if num_disabled drops to 0 */ +- return; +- } +- if (mh == NULL) +- { +- if ((mh=lh_new(mem_hash, mem_cmp)) == NULL) +- { +- OPENSSL_free(addr); +- OPENSSL_free(m); +- addr=NULL; +- goto err; +- } +- } +- +- m->addr=addr; +- m->file=file; +- m->line=line; +- m->num=num; +- if (options & V_CRYPTO_MDEBUG_THREAD) +- m->thread=CRYPTO_thread_id(); +- else +- m->thread=0; +- +- if (order == break_order_num) +- { +- /* BREAK HERE */ +- m->order=order; +- } +- m->order=order++; ++ int before_p) ++{ ++ MEM *m, *mm; ++ APP_INFO tmp, *amim; ++ ++ switch (before_p & 127) { ++ case 0: ++ break; ++ case 1: ++ if (addr == NULL) ++ break; ++ ++ if (is_MemCheck_on()) { ++ MemCheck_off(); /* make sure we hold MALLOC2 lock */ ++ if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) { ++ OPENSSL_free(addr); ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ ++ return; ++ } ++ if (mh == NULL) { ++ if ((mh = lh_new(mem_hash, mem_cmp)) == NULL) { ++ OPENSSL_free(addr); ++ OPENSSL_free(m); ++ addr = NULL; ++ goto err; ++ } ++ } ++ ++ m->addr = addr; ++ m->file = file; ++ m->line = line; ++ m->num = num; ++ if (options & V_CRYPTO_MDEBUG_THREAD) ++ m->thread = CRYPTO_thread_id(); ++ else ++ m->thread = 0; ++ ++ if (order == break_order_num) { ++ /* BREAK HERE */ ++ m->order = order; ++ } ++ m->order = order++; + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", +- m->order, +- (before_p & 128) ? '*' : '+', +- m->addr, m->num); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", ++ m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); + #endif +- if (options & V_CRYPTO_MDEBUG_TIME) +- m->time=time(NULL); +- else +- m->time=0; +- +- tmp.thread=CRYPTO_thread_id(); +- m->app_info=NULL; +- if (amih != NULL +- && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL) +- { +- m->app_info = amim; +- amim->references++; +- } +- +- if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL) +- { +- /* Not good, but don't sweat it */ +- if (mm->app_info != NULL) +- { +- mm->app_info->references--; +- } +- OPENSSL_free(mm); +- } +- err: +- MemCheck_on(); /* release MALLOC2 lock +- * if num_disabled drops to 0 */ +- } +- break; +- } +- return; +- } ++ if (options & V_CRYPTO_MDEBUG_TIME) ++ m->time = time(NULL); ++ else ++ m->time = 0; ++ ++ tmp.thread = CRYPTO_thread_id(); ++ m->app_info = NULL; ++ if (amih != NULL ++ && (amim = ++ (APP_INFO *)lh_retrieve(amih, (char *)&tmp)) != NULL) { ++ m->app_info = amim; ++ amim->references++; ++ } ++ ++ if ((mm = (MEM *)lh_insert(mh, (char *)m)) != NULL) { ++ /* Not good, but don't sweat it */ ++ if (mm->app_info != NULL) { ++ mm->app_info->references--; ++ } ++ OPENSSL_free(mm); ++ } ++ err: ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ ++ } ++ break; ++ } ++ return; ++} + + void CRYPTO_dbg_free(void *addr, int before_p) +- { +- MEM m,*mp; +- +- switch(before_p) +- { +- case 0: +- if (addr == NULL) +- break; +- +- if (is_MemCheck_on() && (mh != NULL)) +- { +- MemCheck_off(); /* make sure we hold MALLOC2 lock */ +- +- m.addr=addr; +- mp=(MEM *)lh_delete(mh,(char *)&m); +- if (mp != NULL) +- { ++{ ++ MEM m, *mp; ++ ++ switch (before_p) { ++ case 0: ++ if (addr == NULL) ++ break; ++ ++ if (is_MemCheck_on() && (mh != NULL)) { ++ MemCheck_off(); /* make sure we hold MALLOC2 lock */ ++ ++ m.addr = addr; ++ mp = (MEM *)lh_delete(mh, (char *)&m); ++ if (mp != NULL) { + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", +- mp->order, mp->addr, mp->num); ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", ++ mp->order, mp->addr, mp->num); + #endif +- if (mp->app_info != NULL) +- app_info_free(mp->app_info); +- OPENSSL_free(mp); +- } +- +- MemCheck_on(); /* release MALLOC2 lock +- * if num_disabled drops to 0 */ +- } +- break; +- case 1: +- break; +- } +- } ++ if (mp->app_info != NULL) ++ app_info_free(mp->app_info); ++ OPENSSL_free(mp); ++ } ++ ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ ++ } ++ break; ++ case 1: ++ break; ++ } ++} + + void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, +- const char *file, int line, int before_p) +- { +- MEM m,*mp; ++ const char *file, int line, int before_p) ++{ ++ MEM m, *mp; + + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", +- addr1, addr2, num, file, line, before_p); ++ fprintf(stderr, ++ "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", ++ addr1, addr2, num, file, line, before_p); + #endif + +- switch(before_p) +- { +- case 0: +- break; +- case 1: +- if (addr2 == NULL) +- break; +- +- if (addr1 == NULL) +- { +- CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); +- break; +- } +- +- if (is_MemCheck_on()) +- { +- MemCheck_off(); /* make sure we hold MALLOC2 lock */ +- +- m.addr=addr1; +- mp=(MEM *)lh_delete(mh,(char *)&m); +- if (mp != NULL) +- { ++ switch (before_p) { ++ case 0: ++ break; ++ case 1: ++ if (addr2 == NULL) ++ break; ++ ++ if (addr1 == NULL) { ++ CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); ++ break; ++ } ++ ++ if (is_MemCheck_on()) { ++ MemCheck_off(); /* make sure we hold MALLOC2 lock */ ++ ++ m.addr = addr1; ++ mp = (MEM *)lh_delete(mh, (char *)&m); ++ if (mp != NULL) { + #ifdef LEVITTE_DEBUG_MEM +- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", +- mp->order, +- mp->addr, mp->num, +- addr2, num); ++ fprintf(stderr, ++ "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", ++ mp->order, mp->addr, mp->num, addr2, num); + #endif +- mp->addr=addr2; +- mp->num=num; +- lh_insert(mh,(char *)mp); +- } +- +- MemCheck_on(); /* release MALLOC2 lock +- * if num_disabled drops to 0 */ +- } +- break; +- } +- return; +- } +- +- +-typedef struct mem_leak_st +- { +- BIO *bio; +- int chunks; +- long bytes; +- } MEM_LEAK; ++ mp->addr = addr2; ++ mp->num = num; ++ lh_insert(mh, (char *)mp); ++ } ++ ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ ++ } ++ break; ++ } ++ return; ++} ++ ++typedef struct mem_leak_st { ++ BIO *bio; ++ int chunks; ++ long bytes; ++} MEM_LEAK; + + static void print_leak(const MEM *m, MEM_LEAK *l) +- { +- char buf[1024]; +- char *bufp = buf; +- APP_INFO *amip; +- int ami_cnt; +- struct tm *lcl = NULL; +- unsigned long ti; ++{ ++ char buf[1024]; ++ char *bufp = buf; ++ APP_INFO *amip; ++ int ami_cnt; ++ struct tm *lcl = NULL; ++ unsigned long ti; + + #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) + +- if(m->addr == (char *)l->bio) +- return; +- +- if (options & V_CRYPTO_MDEBUG_TIME) +- { +- lcl = localtime(&m->time); +- +- BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", +- lcl->tm_hour,lcl->tm_min,lcl->tm_sec); +- bufp += strlen(bufp); +- } +- +- BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", +- m->order,m->file,m->line); +- bufp += strlen(bufp); +- +- if (options & V_CRYPTO_MDEBUG_THREAD) +- { +- BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); +- bufp += strlen(bufp); +- } +- +- BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", +- m->num,(unsigned long)m->addr); +- bufp += strlen(bufp); +- +- BIO_puts(l->bio,buf); +- +- l->chunks++; +- l->bytes+=m->num; +- +- amip=m->app_info; +- ami_cnt=0; +- if (!amip) +- return; +- ti=amip->thread; +- +- do +- { +- int buf_len; +- int info_len; +- +- ami_cnt++; +- memset(buf,'>',ami_cnt); +- BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, +- " thread=%lu, file=%s, line=%d, info=\"", +- amip->thread, amip->file, amip->line); +- buf_len=strlen(buf); +- info_len=strlen(amip->info); +- if (128 - buf_len - 3 < info_len) +- { +- memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); +- buf_len = 128 - 3; +- } +- else +- { +- BUF_strlcpy(buf + buf_len, amip->info, +- sizeof buf - buf_len); +- buf_len = strlen(buf); +- } +- BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); +- +- BIO_puts(l->bio,buf); +- +- amip = amip->next; +- } +- while(amip && amip->thread == ti); +- ++ if (m->addr == (char *)l->bio) ++ return; ++ ++ if (options & V_CRYPTO_MDEBUG_TIME) { ++ lcl = localtime(&m->time); ++ ++ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", ++ lcl->tm_hour, lcl->tm_min, lcl->tm_sec); ++ bufp += strlen(bufp); ++ } ++ ++ BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", ++ m->order, m->file, m->line); ++ bufp += strlen(bufp); ++ ++ if (options & V_CRYPTO_MDEBUG_THREAD) { ++ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); ++ bufp += strlen(bufp); ++ } ++ ++ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", ++ m->num, (unsigned long)m->addr); ++ bufp += strlen(bufp); ++ ++ BIO_puts(l->bio, buf); ++ ++ l->chunks++; ++ l->bytes += m->num; ++ ++ amip = m->app_info; ++ ami_cnt = 0; ++ if (!amip) ++ return; ++ ti = amip->thread; ++ ++ do { ++ int buf_len; ++ int info_len; ++ ++ ami_cnt++; ++ memset(buf, '>', ami_cnt); ++ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, ++ " thread=%lu, file=%s, line=%d, info=\"", ++ amip->thread, amip->file, amip->line); ++ buf_len = strlen(buf); ++ info_len = strlen(amip->info); ++ if (128 - buf_len - 3 < info_len) { ++ memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); ++ buf_len = 128 - 3; ++ } else { ++ BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); ++ buf_len = strlen(buf); ++ } ++ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); ++ ++ BIO_puts(l->bio, buf); ++ ++ amip = amip->next; ++ } ++ while (amip && amip->thread == ti); ++ + #ifdef LEVITTE_DEBUG_MEM +- if (amip) +- { +- fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); +- abort(); +- } ++ if (amip) { ++ fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); ++ abort(); ++ } + #endif +- } ++} + + static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) + + void CRYPTO_mem_leaks(BIO *b) +- { +- MEM_LEAK ml; +- +- if (mh == NULL && amih == NULL) +- return; +- +- MemCheck_off(); /* obtain MALLOC2 lock */ +- +- ml.bio=b; +- ml.bytes=0; +- ml.chunks=0; +- if (mh != NULL) +- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), +- (char *)&ml); +- if (ml.chunks != 0) +- { +- BIO_printf(b,"%ld bytes leaked in %d chunks\n", +- ml.bytes,ml.chunks); +- } +- else +- { +- /* Make sure that, if we found no leaks, memory-leak debugging itself +- * does not introduce memory leaks (which might irritate +- * external debugging tools). +- * (When someone enables leak checking, but does not call +- * this function, we declare it to be their fault.) +- * +- * XXX This should be in CRYPTO_mem_leaks_cb, +- * and CRYPTO_mem_leaks should be implemented by +- * using CRYPTO_mem_leaks_cb. +- * (Also their should be a variant of lh_doall_arg +- * that takes a function pointer instead of a void *; +- * this would obviate the ugly and illegal +- * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. +- * Otherwise the code police will come and get us.) +- */ +- int old_mh_mode; +- +- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); +- +- /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(), +- * which uses CRYPTO_is_mem_check_on */ +- old_mh_mode = mh_mode; +- mh_mode = CRYPTO_MEM_CHECK_OFF; +- +- if (mh != NULL) +- { +- lh_free(mh); +- mh = NULL; +- } +- if (amih != NULL) +- { +- if (lh_num_items(amih) == 0) +- { +- lh_free(amih); +- amih = NULL; +- } +- } +- +- mh_mode = old_mh_mode; +- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); +- } +- MemCheck_on(); /* release MALLOC2 lock */ +- } ++{ ++ MEM_LEAK ml; ++ ++ if (mh == NULL && amih == NULL) ++ return; ++ ++ MemCheck_off(); /* obtain MALLOC2 lock */ ++ ++ ml.bio = b; ++ ml.bytes = 0; ++ ml.chunks = 0; ++ if (mh != NULL) ++ lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), (char *)&ml); ++ if (ml.chunks != 0) { ++ BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks); ++ } else { ++ /* ++ * Make sure that, if we found no leaks, memory-leak debugging itself ++ * does not introduce memory leaks (which might irritate external ++ * debugging tools). (When someone enables leak checking, but does not ++ * call this function, we declare it to be their fault.) XXX This ++ * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be ++ * implemented by using CRYPTO_mem_leaks_cb. (Also their should be a ++ * variant of lh_doall_arg that takes a function pointer instead of a ++ * void *; this would obviate the ugly and illegal void_fn_to_char ++ * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come ++ * and get us.) ++ */ ++ int old_mh_mode; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); ++ ++ /* ++ * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses ++ * CRYPTO_is_mem_check_on ++ */ ++ old_mh_mode = mh_mode; ++ mh_mode = CRYPTO_MEM_CHECK_OFF; ++ ++ if (mh != NULL) { ++ lh_free(mh); ++ mh = NULL; ++ } ++ if (amih != NULL) { ++ if (lh_num_items(amih) == 0) { ++ lh_free(amih); ++ amih = NULL; ++ } ++ } ++ ++ mh_mode = old_mh_mode; ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); ++ } ++ MemCheck_on(); /* release MALLOC2 lock */ ++} + + #ifndef OPENSSL_NO_FP_API + void CRYPTO_mem_leaks_fp(FILE *fp) +- { +- BIO *b; +- +- if (mh == NULL) return; +- /* Need to turn off memory checking when allocated BIOs ... especially +- * as we're creating them at a time when we're trying to check we've not +- * left anything un-free()'d!! */ +- MemCheck_off(); +- b = BIO_new(BIO_s_file()); +- MemCheck_on(); +- if(!b) return; +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- CRYPTO_mem_leaks(b); +- BIO_free(b); +- } ++{ ++ BIO *b; ++ ++ if (mh == NULL) ++ return; ++ /* ++ * Need to turn off memory checking when allocated BIOs ... especially as ++ * we're creating them at a time when we're trying to check we've not ++ * left anything un-free()'d!! ++ */ ++ MemCheck_off(); ++ b = BIO_new(BIO_s_file()); ++ MemCheck_on(); ++ if (!b) ++ return; ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ CRYPTO_mem_leaks(b); ++ BIO_free(b); ++} + #endif + +- +- +-/* FIXME: We really don't allow much to the callback. For example, it has +- no chance of reaching the info stack for the item it processes. Should +- it really be this way? -- Richard Levitte */ +-/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h +- * If this code is restructured, remove the callback type if it is no longer +- * needed. -- Geoff Thorpe */ ++/* ++ * FIXME: We really don't allow much to the callback. For example, it has no ++ * chance of reaching the info stack for the item it processes. Should it ++ * really be this way? -- Richard Levitte ++ */ ++/* ++ * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside ++ * crypto.h If this code is restructured, remove the callback type if it is ++ * no longer needed. -- Geoff Thorpe ++ */ + static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb) +- { +- (**cb)(m->order,m->file,m->line,m->num,m->addr); +- } ++{ ++ (**cb) (m->order, m->file, m->line, m->num, m->addr); ++} + +-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **) ++static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, ++ CRYPTO_MEM_LEAK_CB **) + + void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) +- { +- if (mh == NULL) return; +- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); +- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); +- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); +- } ++{ ++ if (mh == NULL) ++ return; ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); ++ lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); ++} + + void CRYPTO_malloc_debug_init(void) +- { +- CRYPTO_set_mem_debug_functions( +- CRYPTO_dbg_malloc, +- CRYPTO_dbg_realloc, +- CRYPTO_dbg_free, +- CRYPTO_dbg_set_options, +- CRYPTO_dbg_get_options); +- CRYPTO_set_mem_info_functions( +- CRYPTO_dbg_push_info, +- CRYPTO_dbg_pop_info, +- CRYPTO_dbg_remove_all_info); +- } ++{ ++ CRYPTO_set_mem_debug_functions(CRYPTO_dbg_malloc, ++ CRYPTO_dbg_realloc, ++ CRYPTO_dbg_free, ++ CRYPTO_dbg_set_options, ++ CRYPTO_dbg_get_options); ++ CRYPTO_set_mem_info_functions(CRYPTO_dbg_push_info, ++ CRYPTO_dbg_pop_info, ++ CRYPTO_dbg_remove_all_info); ++} + + char *CRYPTO_strdup(const char *str, const char *file, int line) +- { +- char *ret = CRYPTO_malloc(strlen(str)+1, file, line); ++{ ++ char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); + +- strcpy(ret, str); +- return ret; +- } ++ strcpy(ret, str); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c +index 42891ea..2624244 100644 +--- a/Cryptlib/OpenSSL/crypto/o_dir.c ++++ b/Cryptlib/OpenSSL/crypto/o_dir.c +@@ -1,6 +1,7 @@ + /* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -59,9 +60,11 @@ + #include + #include + +-/* The routines really come from the Levitte Programming, so to make +- life simple, let's just use the raw files and hack the symbols to +- fit our namespace. */ ++/* ++ * The routines really come from the Levitte Programming, so to make life ++ * simple, let's just use the raw files and hack the symbols to fit our ++ * namespace. ++ */ + #define LP_DIR_CTX OPENSSL_DIR_CTX + #define LP_dir_context_st OPENSSL_dir_context_st + #define LP_find_file OPENSSL_DIR_read +@@ -71,13 +74,13 @@ + + #define LPDIR_H + #if defined OPENSSL_SYS_UNIX || defined DJGPP +-#include "LPdir_unix.c" ++# include "LPdir_unix.c" + #elif defined OPENSSL_SYS_VMS +-#include "LPdir_vms.c" ++# include "LPdir_vms.c" + #elif defined OPENSSL_SYS_WIN32 +-#include "LPdir_win32.c" ++# include "LPdir_win32.c" + #elif defined OPENSSL_SYS_WINCE +-#include "LPdir_wince.c" ++# include "LPdir_wince.c" + #else +-#include "LPdir_nyi.c" ++# include "LPdir_nyi.c" + #endif +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +index c89fda5..6f5103e 100644 +--- a/Cryptlib/OpenSSL/crypto/o_init.c ++++ b/Cryptlib/OpenSSL/crypto/o_init.c +@@ -1,5 +1,6 @@ + /* o_init.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,50 +62,50 @@ + + /* Internal only functions: only ever used here */ + #ifdef OPENSSL_FIPS +-extern void int_ERR_lib_init(void); ++extern void int_ERR_lib_init(void); + # ifndef OPENSSL_NO_ENGINE +-extern void int_EVP_MD_init_engine_callbacks(void ); +-extern void int_EVP_CIPHER_init_engine_callbacks(void ); +-extern void int_RAND_init_engine_callbacks(void ); ++extern void int_EVP_MD_init_engine_callbacks(void); ++extern void int_EVP_CIPHER_init_engine_callbacks(void); ++extern void int_RAND_init_engine_callbacks(void); + # endif + #endif + +-/* Perform any essential OpenSSL initialization operations. +- * Currently only sets FIPS callbacks ++/* ++ * Perform any essential OpenSSL initialization operations. Currently only ++ * sets FIPS callbacks + */ + + void OPENSSL_init(void) +- { ++{ + #ifdef OPENSSL_FIPS +- static int done = 0; +- if (!done) +- { +- int_ERR_lib_init(); +-#ifdef CRYPTO_MDEBUG +- CRYPTO_malloc_debug_init(); +-#endif +-#ifndef OPENSSL_NO_ENGINE +- int_EVP_MD_init_engine_callbacks(); +- int_EVP_CIPHER_init_engine_callbacks(); +- int_RAND_init_engine_callbacks(); +-#endif +- done = 1; +- } ++ static int done = 0; ++ if (!done) { ++ int_ERR_lib_init(); ++# ifdef CRYPTO_MDEBUG ++ CRYPTO_malloc_debug_init(); ++# endif ++# ifndef OPENSSL_NO_ENGINE ++ int_EVP_MD_init_engine_callbacks(); ++ int_EVP_CIPHER_init_engine_callbacks(); ++ int_RAND_init_engine_callbacks(); ++# endif ++ done = 1; ++ } + #endif +- } +- ++} ++ + #ifdef OPENSSL_FIPS + + int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) +- { +- size_t i; +- const unsigned char *a = in_a; +- const unsigned char *b = in_b; +- unsigned char x = 0; ++{ ++ size_t i; ++ const unsigned char *a = in_a; ++ const unsigned char *b = in_b; ++ unsigned char x = 0; + +- for (i = 0; i < len; i++) +- x |= a[i] ^ b[i]; ++ for (i = 0; i < len; i++) ++ x |= a[i] ^ b[i]; + +- return x; +- } ++ return x; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c +index 56104a6..b23ef32 100644 +--- a/Cryptlib/OpenSSL/crypto/o_str.c ++++ b/Cryptlib/OpenSSL/crypto/o_str.c +@@ -1,6 +1,7 @@ + /* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. + */ + /* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,45 +68,49 @@ + #endif + + int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) +- { ++{ + #if defined(OPENSSL_IMPLEMENTS_strncasecmp) +- while (*str1 && *str2 && n) +- { +- int res = toupper(*str1) - toupper(*str2); +- if (res) return res < 0 ? -1 : 1; +- str1++; +- str2++; +- n--; +- } +- if (n == 0) +- return 0; +- if (*str1) +- return 1; +- if (*str2) +- return -1; +- return 0; ++ while (*str1 && *str2 && n) { ++ int res = toupper(*str1) - toupper(*str2); ++ if (res) ++ return res < 0 ? -1 : 1; ++ str1++; ++ str2++; ++ n--; ++ } ++ if (n == 0) ++ return 0; ++ if (*str1) ++ return 1; ++ if (*str2) ++ return -1; ++ return 0; + #else +- /* Recursion hazard warning! Whenever strncasecmp is #defined as +- * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be +- * defined as well. */ +- return strncasecmp(str1, str2, n); ++ /* ++ * Recursion hazard warning! Whenever strncasecmp is #defined as ++ * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as ++ * well. ++ */ ++ return strncasecmp(str1, str2, n); + #endif +- } ++} ++ + int OPENSSL_strcasecmp(const char *str1, const char *str2) +- { ++{ + #if defined(OPENSSL_IMPLEMENTS_strncasecmp) +- return OPENSSL_strncasecmp(str1, str2, (size_t)-1); ++ return OPENSSL_strncasecmp(str1, str2, (size_t)-1); + #else +- return strcasecmp(str1, str2); ++ return strcasecmp(str1, str2); + #endif +- } ++} + +-int OPENSSL_memcmp(const void *v1,const void *v2,size_t n) +- { +- const unsigned char *c1=v1,*c2=v2; +- int ret=0; ++int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) ++{ ++ const unsigned char *c1 = v1, *c2 = v2; ++ int ret = 0; + +- while(n && (ret=*c1-*c2)==0) n--,c1++,c2++; ++ while (n && (ret = *c1 - *c2) == 0) ++ n--, c1++, c2++; + +- return ret; +- } ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c +index e29091d..504e313 100644 +--- a/Cryptlib/OpenSSL/crypto/o_time.c ++++ b/Cryptlib/OpenSSL/crypto/o_time.c +@@ -1,6 +1,7 @@ + /* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -70,148 +71,157 @@ + #endif + + struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) +- { +- struct tm *ts = NULL; ++{ ++ struct tm *ts = NULL; + + #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) +- /* should return &data, but doesn't on some systems, +- so we don't even look at the return value */ +- gmtime_r(timer,result); +- ts = result; ++ /* ++ * should return &data, but doesn't on some systems, so we don't even ++ * look at the return value ++ */ ++ gmtime_r(timer, result); ++ ts = result; + #elif !defined(OPENSSL_SYS_VMS) +- ts = gmtime(timer); +- if (ts == NULL) +- return NULL; ++ ts = gmtime(timer); ++ if (ts == NULL) ++ return NULL; + +- memcpy(result, ts, sizeof(struct tm)); +- ts = result; ++ memcpy(result, ts, sizeof(struct tm)); ++ ts = result; + #endif + #ifdef OPENSSL_SYS_VMS +- if (ts == NULL) +- { +- static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); +- static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL"); +- char logvalue[256]; +- unsigned int reslen = 0; +- struct { +- short buflen; +- short code; +- void *bufaddr; +- unsigned int *reslen; +- } itemlist[] = { +- { 0, LNM$_STRING, 0, 0 }, +- { 0, 0, 0, 0 }, +- }; +- int status; +- time_t t; +- +- /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */ +- itemlist[0].buflen = sizeof(logvalue); +- itemlist[0].bufaddr = logvalue; +- itemlist[0].reslen = &reslen; +- status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist); +- if (!(status & 1)) +- return NULL; +- logvalue[reslen] = '\0'; +- +- t = *timer; ++ if (ts == NULL) { ++ static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL"); ++ static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL"); ++ char logvalue[256]; ++ unsigned int reslen = 0; ++ struct { ++ short buflen; ++ short code; ++ void *bufaddr; ++ unsigned int *reslen; ++ } itemlist[] = { ++ { ++ 0, LNM$_STRING, 0, 0 ++ }, ++ { ++ 0, 0, 0, 0 ++ }, ++ }; ++ int status; ++ time_t t; ++ ++ /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */ ++ itemlist[0].buflen = sizeof(logvalue); ++ itemlist[0].bufaddr = logvalue; ++ itemlist[0].reslen = &reslen; ++ status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist); ++ if (!(status & 1)) ++ return NULL; ++ logvalue[reslen] = '\0'; ++ ++ t = *timer; + + /* The following is extracted from the DEC C header time.h */ +-/* +-** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime +-** have two implementations. One implementation is provided +-** for compatibility and deals with time in terms of local time, +-** the other __utc_* deals with time in terms of UTC. +-*/ +-/* We use the same conditions as in said time.h to check if we should +- assume that t contains local time (and should therefore be adjusted) +- or UTC (and should therefore be left untouched). */ +-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE +- /* Get the numerical value of the equivalence string */ +- status = atoi(logvalue); +- +- /* and use it to move time to GMT */ +- t -= status; +-#endif +- +- /* then convert the result to the time structure */ +- +- /* Since there was no gmtime_r() to do this stuff for us, +- we have to do it the hard way. */ +- { +- /* The VMS epoch is the astronomical Smithsonian date, +- if I remember correctly, which is November 17, 1858. +- Furthermore, time is measure in thenths of microseconds +- and stored in quadwords (64 bit integers). unix_epoch +- below is January 1st 1970 expressed as a VMS time. The +- following code was used to get this number: +- +- #include +- #include +- #include +- #include +- +- main() +- { +- unsigned long systime[2]; +- unsigned short epoch_values[7] = +- { 1970, 1, 1, 0, 0, 0, 0 }; +- +- lib$cvt_vectim(epoch_values, systime); +- +- printf("%u %u", systime[0], systime[1]); +- } +- */ +- unsigned long unix_epoch[2] = { 1273708544, 8164711 }; +- unsigned long deltatime[2]; +- unsigned long systime[2]; +- struct vms_vectime +- { +- short year, month, day, hour, minute, second, +- centi_second; +- } time_values; +- long operation; +- +- /* Turn the number of seconds since January 1st 1970 to +- an internal delta time. +- Note that lib$cvt_to_internal_time() will assume +- that t is signed, and will therefore break on 32-bit +- systems some time in 2038. +- */ +- operation = LIB$K_DELTA_SECONDS; +- status = lib$cvt_to_internal_time(&operation, +- &t, deltatime); +- +- /* Add the delta time with the Unix epoch and we have +- the current UTC time in internal format */ +- status = lib$add_times(unix_epoch, deltatime, systime); +- +- /* Turn the internal time into a time vector */ +- status = sys$numtim(&time_values, systime); +- +- /* Fill in the struct tm with the result */ +- result->tm_sec = time_values.second; +- result->tm_min = time_values.minute; +- result->tm_hour = time_values.hour; +- result->tm_mday = time_values.day; +- result->tm_mon = time_values.month - 1; +- result->tm_year = time_values.year - 1900; +- +- operation = LIB$K_DAY_OF_WEEK; +- status = lib$cvt_from_internal_time(&operation, +- &result->tm_wday, systime); +- result->tm_wday %= 7; +- +- operation = LIB$K_DAY_OF_YEAR; +- status = lib$cvt_from_internal_time(&operation, +- &result->tm_yday, systime); +- result->tm_yday--; +- +- result->tm_isdst = 0; /* There's no way to know... */ +- +- ts = result; +- } +- } ++ /* ++ ** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime ++ ** have two implementations. One implementation is provided ++ ** for compatibility and deals with time in terms of local time, ++ ** the other __utc_* deals with time in terms of UTC. ++ */ ++ /* ++ * We use the same conditions as in said time.h to check if we should ++ * assume that t contains local time (and should therefore be ++ * adjusted) or UTC (and should therefore be left untouched). ++ */ ++# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE ++ /* Get the numerical value of the equivalence string */ ++ status = atoi(logvalue); ++ ++ /* and use it to move time to GMT */ ++ t -= status; ++# endif ++ ++ /* then convert the result to the time structure */ ++ ++ /* ++ * Since there was no gmtime_r() to do this stuff for us, we have to ++ * do it the hard way. ++ */ ++ { ++ /*- ++ * The VMS epoch is the astronomical Smithsonian date, ++ if I remember correctly, which is November 17, 1858. ++ Furthermore, time is measure in thenths of microseconds ++ and stored in quadwords (64 bit integers). unix_epoch ++ below is January 1st 1970 expressed as a VMS time. The ++ following code was used to get this number: ++ ++ #include ++ #include ++ #include ++ #include ++ ++ main() ++ { ++ unsigned long systime[2]; ++ unsigned short epoch_values[7] = ++ { 1970, 1, 1, 0, 0, 0, 0 }; ++ ++ lib$cvt_vectim(epoch_values, systime); ++ ++ printf("%u %u", systime[0], systime[1]); ++ } ++ */ ++ unsigned long unix_epoch[2] = { 1273708544, 8164711 }; ++ unsigned long deltatime[2]; ++ unsigned long systime[2]; ++ struct vms_vectime { ++ short year, month, day, hour, minute, second, centi_second; ++ } time_values; ++ long operation; ++ ++ /* ++ * Turn the number of seconds since January 1st 1970 to an ++ * internal delta time. Note that lib$cvt_to_internal_time() will ++ * assume that t is signed, and will therefore break on 32-bit ++ * systems some time in 2038. ++ */ ++ operation = LIB$K_DELTA_SECONDS; ++ status = lib$cvt_to_internal_time(&operation, &t, deltatime); ++ ++ /* ++ * Add the delta time with the Unix epoch and we have the current ++ * UTC time in internal format ++ */ ++ status = lib$add_times(unix_epoch, deltatime, systime); ++ ++ /* Turn the internal time into a time vector */ ++ status = sys$numtim(&time_values, systime); ++ ++ /* Fill in the struct tm with the result */ ++ result->tm_sec = time_values.second; ++ result->tm_min = time_values.minute; ++ result->tm_hour = time_values.hour; ++ result->tm_mday = time_values.day; ++ result->tm_mon = time_values.month - 1; ++ result->tm_year = time_values.year - 1900; ++ ++ operation = LIB$K_DAY_OF_WEEK; ++ status = lib$cvt_from_internal_time(&operation, ++ &result->tm_wday, systime); ++ result->tm_wday %= 7; ++ ++ operation = LIB$K_DAY_OF_YEAR; ++ status = lib$cvt_from_internal_time(&operation, ++ &result->tm_yday, systime); ++ result->tm_yday--; ++ ++ result->tm_isdst = 0; /* There's no way to know... */ ++ ++ ts = result; ++ } ++ } + #endif +- return ts; +- } ++ return ts; ++} +diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c +index adb5731..1c41c08 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/o_names.c ++++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c +@@ -8,7 +8,8 @@ + #include + #include + +-/* Later versions of DEC C has started to add lnkage information to certain ++/* ++ * Later versions of DEC C has started to add lnkage information to certain + * functions, which makes it tricky to use them as values to regular function + * pointers. One way is to define a macro that takes care of casting them + * correctly. +@@ -19,351 +20,340 @@ + # define OPENSSL_strcmp strcmp + #endif + +-/* I use the ex_data stuff to manage the identifiers for the obj_name_types ++/* ++ * I use the ex_data stuff to manage the identifiers for the obj_name_types + * that applications may define. I only really use the free function field. + */ +-static LHASH *names_lh=NULL; +-static int names_type_num=OBJ_NAME_TYPE_NUM; ++static LHASH *names_lh = NULL; ++static int names_type_num = OBJ_NAME_TYPE_NUM; + +-typedef struct name_funcs_st +- { +- unsigned long (*hash_func)(const char *name); +- int (*cmp_func)(const char *a,const char *b); +- void (*free_func)(const char *, int, const char *); +- } NAME_FUNCS; ++typedef struct name_funcs_st { ++ unsigned long (*hash_func) (const char *name); ++ int (*cmp_func) (const char *a, const char *b); ++ void (*free_func) (const char *, int, const char *); ++} NAME_FUNCS; + + DECLARE_STACK_OF(NAME_FUNCS) + IMPLEMENT_STACK_OF(NAME_FUNCS) + + static STACK_OF(NAME_FUNCS) *name_funcs_stack; + +-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable +- * casting in the functions. This prevents function pointer casting without the +- * need for macro-generated wrapper functions. */ ++/* ++ * The LHASH callbacks now use the raw "void *" prototypes and do ++ * per-variable casting in the functions. This prevents function pointer ++ * casting without the need for macro-generated wrapper functions. ++ */ + + /* static unsigned long obj_name_hash(OBJ_NAME *a); */ + static unsigned long obj_name_hash(const void *a_void); + /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ +-static int obj_name_cmp(const void *a_void,const void *b_void); ++static int obj_name_cmp(const void *a_void, const void *b_void); + + int OBJ_NAME_init(void) +- { +- if (names_lh != NULL) return(1); +- MemCheck_off(); +- names_lh=lh_new(obj_name_hash, obj_name_cmp); +- MemCheck_on(); +- return(names_lh != NULL); +- } +- +-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), +- int (*cmp_func)(const char *, const char *), +- void (*free_func)(const char *, int, const char *)) +- { +- int ret; +- int i; +- NAME_FUNCS *name_funcs; +- +- if (name_funcs_stack == NULL) +- { +- MemCheck_off(); +- name_funcs_stack=sk_NAME_FUNCS_new_null(); +- MemCheck_on(); +- } +- if ((name_funcs_stack == NULL)) +- { +- /* ERROR */ +- return(0); +- } +- ret=names_type_num; +- names_type_num++; +- for (i=sk_NAME_FUNCS_num(name_funcs_stack); ihash_func = lh_strhash; +- name_funcs->cmp_func = OPENSSL_strcmp; +- name_funcs->free_func = 0; /* NULL is often declared to +- * ((void *)0), which according +- * to Compaq C is not really +- * compatible with a function +- * pointer. -- Richard Levitte*/ +- MemCheck_off(); +- sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); +- MemCheck_on(); +- } +- name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); +- if (hash_func != NULL) +- name_funcs->hash_func = hash_func; +- if (cmp_func != NULL) +- name_funcs->cmp_func = cmp_func; +- if (free_func != NULL) +- name_funcs->free_func = free_func; +- return(ret); +- } ++{ ++ if (names_lh != NULL) ++ return (1); ++ MemCheck_off(); ++ names_lh = lh_new(obj_name_hash, obj_name_cmp); ++ MemCheck_on(); ++ return (names_lh != NULL); ++} ++ ++int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), ++ int (*cmp_func) (const char *, const char *), ++ void (*free_func) (const char *, int, const char *)) ++{ ++ int ret; ++ int i; ++ NAME_FUNCS *name_funcs; ++ ++ if (name_funcs_stack == NULL) { ++ MemCheck_off(); ++ name_funcs_stack = sk_NAME_FUNCS_new_null(); ++ MemCheck_on(); ++ } ++ if ((name_funcs_stack == NULL)) { ++ /* ERROR */ ++ return (0); ++ } ++ ret = names_type_num; ++ names_type_num++; ++ for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { ++ MemCheck_off(); ++ name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); ++ MemCheck_on(); ++ if (!name_funcs) { ++ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ name_funcs->hash_func = lh_strhash; ++ name_funcs->cmp_func = OPENSSL_strcmp; ++ name_funcs->free_func = 0; /* NULL is often declared to * ((void ++ * *)0), which according * to Compaq C is ++ * not really * compatible with a function ++ * * pointer. -- Richard Levitte */ ++ MemCheck_off(); ++ sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); ++ MemCheck_on(); ++ } ++ name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); ++ if (hash_func != NULL) ++ name_funcs->hash_func = hash_func; ++ if (cmp_func != NULL) ++ name_funcs->cmp_func = cmp_func; ++ if (free_func != NULL) ++ name_funcs->free_func = free_func; ++ return (ret); ++} + + /* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ + static int obj_name_cmp(const void *a_void, const void *b_void) +- { +- int ret; +- const OBJ_NAME *a = (const OBJ_NAME *)a_void; +- const OBJ_NAME *b = (const OBJ_NAME *)b_void; +- +- ret=a->type-b->type; +- if (ret == 0) +- { +- if ((name_funcs_stack != NULL) +- && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) +- { +- ret=sk_NAME_FUNCS_value(name_funcs_stack, +- a->type)->cmp_func(a->name,b->name); +- } +- else +- ret=strcmp(a->name,b->name); +- } +- return(ret); +- } ++{ ++ int ret; ++ const OBJ_NAME *a = (const OBJ_NAME *)a_void; ++ const OBJ_NAME *b = (const OBJ_NAME *)b_void; ++ ++ ret = a->type - b->type; ++ if (ret == 0) { ++ if ((name_funcs_stack != NULL) ++ && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { ++ ret = sk_NAME_FUNCS_value(name_funcs_stack, ++ a->type)->cmp_func(a->name, b->name); ++ } else ++ ret = strcmp(a->name, b->name); ++ } ++ return (ret); ++} + + /* static unsigned long obj_name_hash(OBJ_NAME *a) */ + static unsigned long obj_name_hash(const void *a_void) +- { +- unsigned long ret; +- const OBJ_NAME *a = (const OBJ_NAME *)a_void; +- +- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) +- { +- ret=sk_NAME_FUNCS_value(name_funcs_stack, +- a->type)->hash_func(a->name); +- } +- else +- { +- ret=lh_strhash(a->name); +- } +- ret^=a->type; +- return(ret); +- } ++{ ++ unsigned long ret; ++ const OBJ_NAME *a = (const OBJ_NAME *)a_void; ++ ++ if ((name_funcs_stack != NULL) ++ && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { ++ ret = ++ sk_NAME_FUNCS_value(name_funcs_stack, ++ a->type)->hash_func(a->name); ++ } else { ++ ret = lh_strhash(a->name); ++ } ++ ret ^= a->type; ++ return (ret); ++} + + const char *OBJ_NAME_get(const char *name, int type) +- { +- OBJ_NAME on,*ret; +- int num=0,alias; +- +- if (name == NULL) return(NULL); +- if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL); +- +- alias=type&OBJ_NAME_ALIAS; +- type&= ~OBJ_NAME_ALIAS; +- +- on.name=name; +- on.type=type; +- +- for (;;) +- { +- ret=(OBJ_NAME *)lh_retrieve(names_lh,&on); +- if (ret == NULL) return(NULL); +- if ((ret->alias) && !alias) +- { +- if (++num > 10) return(NULL); +- on.name=ret->data; +- } +- else +- { +- return(ret->data); +- } +- } +- } ++{ ++ OBJ_NAME on, *ret; ++ int num = 0, alias; ++ ++ if (name == NULL) ++ return (NULL); ++ if ((names_lh == NULL) && !OBJ_NAME_init()) ++ return (NULL); ++ ++ alias = type & OBJ_NAME_ALIAS; ++ type &= ~OBJ_NAME_ALIAS; ++ ++ on.name = name; ++ on.type = type; ++ ++ for (;;) { ++ ret = (OBJ_NAME *)lh_retrieve(names_lh, &on); ++ if (ret == NULL) ++ return (NULL); ++ if ((ret->alias) && !alias) { ++ if (++num > 10) ++ return (NULL); ++ on.name = ret->data; ++ } else { ++ return (ret->data); ++ } ++ } ++} + + int OBJ_NAME_add(const char *name, int type, const char *data) +- { +- OBJ_NAME *onp,*ret; +- int alias; +- +- if ((names_lh == NULL) && !OBJ_NAME_init()) return(0); +- +- alias=type&OBJ_NAME_ALIAS; +- type&= ~OBJ_NAME_ALIAS; +- +- onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); +- if (onp == NULL) +- { +- /* ERROR */ +- return(0); +- } +- +- onp->name=name; +- onp->alias=alias; +- onp->type=type; +- onp->data=data; +- +- ret=(OBJ_NAME *)lh_insert(names_lh,onp); +- if (ret != NULL) +- { +- /* free things */ +- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) +- { +- /* XXX: I'm not sure I understand why the free +- * function should get three arguments... +- * -- Richard Levitte +- */ +- sk_NAME_FUNCS_value(name_funcs_stack, +- ret->type)->free_func(ret->name,ret->type,ret->data); +- } +- OPENSSL_free(ret); +- } +- else +- { +- if (lh_error(names_lh)) +- { +- /* ERROR */ +- return(0); +- } +- } +- return(1); +- } ++{ ++ OBJ_NAME *onp, *ret; ++ int alias; ++ ++ if ((names_lh == NULL) && !OBJ_NAME_init()) ++ return (0); ++ ++ alias = type & OBJ_NAME_ALIAS; ++ type &= ~OBJ_NAME_ALIAS; ++ ++ onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); ++ if (onp == NULL) { ++ /* ERROR */ ++ return (0); ++ } ++ ++ onp->name = name; ++ onp->alias = alias; ++ onp->type = type; ++ onp->data = data; ++ ++ ret = (OBJ_NAME *)lh_insert(names_lh, onp); ++ if (ret != NULL) { ++ /* free things */ ++ if ((name_funcs_stack != NULL) ++ && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { ++ /* ++ * XXX: I'm not sure I understand why the free function should ++ * get three arguments... -- Richard Levitte ++ */ ++ sk_NAME_FUNCS_value(name_funcs_stack, ++ ret->type)->free_func(ret->name, ret->type, ++ ret->data); ++ } ++ OPENSSL_free(ret); ++ } else { ++ if (lh_error(names_lh)) { ++ /* ERROR */ ++ return (0); ++ } ++ } ++ return (1); ++} + + int OBJ_NAME_remove(const char *name, int type) +- { +- OBJ_NAME on,*ret; +- +- if (names_lh == NULL) return(0); +- +- type&= ~OBJ_NAME_ALIAS; +- on.name=name; +- on.type=type; +- ret=(OBJ_NAME *)lh_delete(names_lh,&on); +- if (ret != NULL) +- { +- /* free things */ +- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) +- { +- /* XXX: I'm not sure I understand why the free +- * function should get three arguments... +- * -- Richard Levitte +- */ +- sk_NAME_FUNCS_value(name_funcs_stack, +- ret->type)->free_func(ret->name,ret->type,ret->data); +- } +- OPENSSL_free(ret); +- return(1); +- } +- else +- return(0); +- } +- +-struct doall +- { +- int type; +- void (*fn)(const OBJ_NAME *,void *arg); +- void *arg; +- }; +- +-static void do_all_fn(const OBJ_NAME *name,struct doall *d) +- { +- if(name->type == d->type) +- d->fn(name,d->arg); +- } +- +-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *) +- +-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) +- { +- struct doall d; +- +- d.type=type; +- d.fn=fn; +- d.arg=arg; +- +- lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d); +- } +- +-struct doall_sorted +- { +- int type; +- int n; +- const OBJ_NAME **names; +- }; +- +-static void do_all_sorted_fn(const OBJ_NAME *name,void *d_) +- { +- struct doall_sorted *d=d_; +- +- if(name->type != d->type) +- return; +- +- d->names[d->n++]=name; +- } +- +-static int do_all_sorted_cmp(const void *n1_,const void *n2_) +- { +- const OBJ_NAME * const *n1=n1_; +- const OBJ_NAME * const *n2=n2_; +- +- return strcmp((*n1)->name,(*n2)->name); +- } +- +-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), +- void *arg) +- { +- struct doall_sorted d; +- int n; +- +- d.type=type; +- d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names); +- d.n=0; +- OBJ_NAME_do_all(type,do_all_sorted_fn,&d); +- +- qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp); +- +- for(n=0 ; n < d.n ; ++n) +- fn(d.names[n],arg); +- +- OPENSSL_free((void *)d.names); +- } ++{ ++ OBJ_NAME on, *ret; ++ ++ if (names_lh == NULL) ++ return (0); ++ ++ type &= ~OBJ_NAME_ALIAS; ++ on.name = name; ++ on.type = type; ++ ret = (OBJ_NAME *)lh_delete(names_lh, &on); ++ if (ret != NULL) { ++ /* free things */ ++ if ((name_funcs_stack != NULL) ++ && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { ++ /* ++ * XXX: I'm not sure I understand why the free function should ++ * get three arguments... -- Richard Levitte ++ */ ++ sk_NAME_FUNCS_value(name_funcs_stack, ++ ret->type)->free_func(ret->name, ret->type, ++ ret->data); ++ } ++ OPENSSL_free(ret); ++ return (1); ++ } else ++ return (0); ++} ++ ++struct doall { ++ int type; ++ void (*fn) (const OBJ_NAME *, void *arg); ++ void *arg; ++}; ++ ++static void do_all_fn(const OBJ_NAME *name, struct doall *d) ++{ ++ if (name->type == d->type) ++ d->fn(name, d->arg); ++} ++ ++static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, ++ struct doall *) ++ ++void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), ++ void *arg) ++{ ++ struct doall d; ++ ++ d.type = type; ++ d.fn = fn; ++ d.arg = arg; ++ ++ lh_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), &d); ++} ++ ++struct doall_sorted { ++ int type; ++ int n; ++ const OBJ_NAME **names; ++}; ++ ++static void do_all_sorted_fn(const OBJ_NAME *name, void *d_) ++{ ++ struct doall_sorted *d = d_; ++ ++ if (name->type != d->type) ++ return; ++ ++ d->names[d->n++] = name; ++} ++ ++static int do_all_sorted_cmp(const void *n1_, const void *n2_) ++{ ++ const OBJ_NAME *const *n1 = n1_; ++ const OBJ_NAME *const *n2 = n2_; ++ ++ return strcmp((*n1)->name, (*n2)->name); ++} ++ ++void OBJ_NAME_do_all_sorted(int type, ++ void (*fn) (const OBJ_NAME *, void *arg), ++ void *arg) ++{ ++ struct doall_sorted d; ++ int n; ++ ++ d.type = type; ++ d.names = OPENSSL_malloc(lh_num_items(names_lh) * sizeof *d.names); ++ d.n = 0; ++ OBJ_NAME_do_all(type, do_all_sorted_fn, &d); ++ ++ qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); ++ ++ for (n = 0; n < d.n; ++n) ++ fn(d.names[n], arg); ++ ++ OPENSSL_free((void *)d.names); ++} + + static int free_type; + + static void names_lh_free(OBJ_NAME *onp) + { +- if(onp == NULL) +- return; ++ if (onp == NULL) ++ return; + +- if ((free_type < 0) || (free_type == onp->type)) +- { +- OBJ_NAME_remove(onp->name,onp->type); +- } +- } ++ if ((free_type < 0) || (free_type == onp->type)) { ++ OBJ_NAME_remove(onp->name, onp->type); ++ } ++} + + static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *) + + static void name_funcs_free(NAME_FUNCS *ptr) +- { +- OPENSSL_free(ptr); +- } ++{ ++ OPENSSL_free(ptr); ++} + + void OBJ_NAME_cleanup(int type) +- { +- unsigned long down_load; +- +- if (names_lh == NULL) return; +- +- free_type=type; +- down_load=names_lh->down_load; +- names_lh->down_load=0; +- +- lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); +- if (type < 0) +- { +- lh_free(names_lh); +- sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free); +- names_lh=NULL; +- name_funcs_stack = NULL; +- } +- else +- names_lh->down_load=down_load; +- } +- ++{ ++ unsigned long down_load; ++ ++ if (names_lh == NULL) ++ return; ++ ++ free_type = type; ++ down_load = names_lh->down_load; ++ names_lh->down_load = 0; ++ ++ lh_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); ++ if (type < 0) { ++ lh_free(names_lh); ++ sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); ++ names_lh = NULL; ++ name_funcs_stack = NULL; ++ } else ++ names_lh->down_load = down_load; ++} +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +index cf5ba2a..9654775 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,13 +67,13 @@ + + /* obj_dat.h is generated from objects.h by obj_dat.pl */ + #ifndef OPENSSL_NO_OBJECT +-#include "obj_dat.h" ++# include "obj_dat.h" + #else + /* You will have to load all the objects needed manually in the application */ +-#define NUM_NID 0 +-#define NUM_SN 0 +-#define NUM_LN 0 +-#define NUM_OBJ 0 ++# define NUM_NID 0 ++# define NUM_SN 0 ++# define NUM_LN 0 ++# define NUM_OBJ 0 + static unsigned char lvalues[1]; + static ASN1_OBJECT nid_objs[1]; + static ASN1_OBJECT *sn_objs[1]; +@@ -84,708 +84,689 @@ static ASN1_OBJECT *obj_objs[1]; + static int sn_cmp(const void *a, const void *b); + static int ln_cmp(const void *a, const void *b); + static int obj_cmp(const void *a, const void *b); +-#define ADDED_DATA 0 +-#define ADDED_SNAME 1 +-#define ADDED_LNAME 2 +-#define ADDED_NID 3 ++#define ADDED_DATA 0 ++#define ADDED_SNAME 1 ++#define ADDED_LNAME 2 ++#define ADDED_NID 3 + +-typedef struct added_obj_st +- { +- int type; +- ASN1_OBJECT *obj; +- } ADDED_OBJ; ++typedef struct added_obj_st { ++ int type; ++ ASN1_OBJECT *obj; ++} ADDED_OBJ; + +-static int new_nid=NUM_NID; +-static LHASH *added=NULL; ++static int new_nid = NUM_NID; ++static LHASH *added = NULL; + + static int sn_cmp(const void *a, const void *b) +- { +- const ASN1_OBJECT * const *ap = a, * const *bp = b; +- return(strcmp((*ap)->sn,(*bp)->sn)); +- } ++{ ++ const ASN1_OBJECT *const *ap = a, *const *bp = b; ++ return (strcmp((*ap)->sn, (*bp)->sn)); ++} + + static int ln_cmp(const void *a, const void *b) +- { +- const ASN1_OBJECT * const *ap = a, * const *bp = b; +- return(strcmp((*ap)->ln,(*bp)->ln)); +- } ++{ ++ const ASN1_OBJECT *const *ap = a, *const *bp = b; ++ return (strcmp((*ap)->ln, (*bp)->ln)); ++} + + /* static unsigned long add_hash(ADDED_OBJ *ca) */ + static unsigned long add_hash(const void *ca_void) +- { +- const ASN1_OBJECT *a; +- int i; +- unsigned long ret=0; +- unsigned char *p; +- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; +- +- a=ca->obj; +- switch (ca->type) +- { +- case ADDED_DATA: +- ret=a->length<<20L; +- p=(unsigned char *)a->data; +- for (i=0; ilength; i++) +- ret^=p[i]<<((i*3)%24); +- break; +- case ADDED_SNAME: +- ret=lh_strhash(a->sn); +- break; +- case ADDED_LNAME: +- ret=lh_strhash(a->ln); +- break; +- case ADDED_NID: +- ret=a->nid; +- break; +- default: +- /* abort(); */ +- return 0; +- } +- ret&=0x3fffffffL; +- ret|=ca->type<<30L; +- return(ret); +- } ++{ ++ const ASN1_OBJECT *a; ++ int i; ++ unsigned long ret = 0; ++ unsigned char *p; ++ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; ++ ++ a = ca->obj; ++ switch (ca->type) { ++ case ADDED_DATA: ++ ret = a->length << 20L; ++ p = (unsigned char *)a->data; ++ for (i = 0; i < a->length; i++) ++ ret ^= p[i] << ((i * 3) % 24); ++ break; ++ case ADDED_SNAME: ++ ret = lh_strhash(a->sn); ++ break; ++ case ADDED_LNAME: ++ ret = lh_strhash(a->ln); ++ break; ++ case ADDED_NID: ++ ret = a->nid; ++ break; ++ default: ++ /* abort(); */ ++ return 0; ++ } ++ ret &= 0x3fffffffL; ++ ret |= ca->type << 30L; ++ return (ret); ++} + + /* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */ + static int add_cmp(const void *ca_void, const void *cb_void) +- { +- ASN1_OBJECT *a,*b; +- int i; +- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; +- const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; +- +- i=ca->type-cb->type; +- if (i) return(i); +- a=ca->obj; +- b=cb->obj; +- switch (ca->type) +- { +- case ADDED_DATA: +- i=(a->length - b->length); +- if (i) return(i); +- return(memcmp(a->data,b->data,(size_t)a->length)); +- case ADDED_SNAME: +- if (a->sn == NULL) return(-1); +- else if (b->sn == NULL) return(1); +- else return(strcmp(a->sn,b->sn)); +- case ADDED_LNAME: +- if (a->ln == NULL) return(-1); +- else if (b->ln == NULL) return(1); +- else return(strcmp(a->ln,b->ln)); +- case ADDED_NID: +- return(a->nid-b->nid); +- default: +- /* abort(); */ +- return 0; +- } +- } ++{ ++ ASN1_OBJECT *a, *b; ++ int i; ++ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void; ++ const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void; ++ ++ i = ca->type - cb->type; ++ if (i) ++ return (i); ++ a = ca->obj; ++ b = cb->obj; ++ switch (ca->type) { ++ case ADDED_DATA: ++ i = (a->length - b->length); ++ if (i) ++ return (i); ++ return (memcmp(a->data, b->data, (size_t)a->length)); ++ case ADDED_SNAME: ++ if (a->sn == NULL) ++ return (-1); ++ else if (b->sn == NULL) ++ return (1); ++ else ++ return (strcmp(a->sn, b->sn)); ++ case ADDED_LNAME: ++ if (a->ln == NULL) ++ return (-1); ++ else if (b->ln == NULL) ++ return (1); ++ else ++ return (strcmp(a->ln, b->ln)); ++ case ADDED_NID: ++ return (a->nid - b->nid); ++ default: ++ /* abort(); */ ++ return 0; ++ } ++} + + static int init_added(void) +- { +- if (added != NULL) return(1); +- added=lh_new(add_hash,add_cmp); +- return(added != NULL); +- } ++{ ++ if (added != NULL) ++ return (1); ++ added = lh_new(add_hash, add_cmp); ++ return (added != NULL); ++} + + static void cleanup1(ADDED_OBJ *a) +- { +- a->obj->nid=0; +- a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| +- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| +- ASN1_OBJECT_FLAG_DYNAMIC_DATA; +- } ++{ ++ a->obj->nid = 0; ++ a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC | ++ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA; ++} + + static void cleanup2(ADDED_OBJ *a) +- { a->obj->nid++; } ++{ ++ a->obj->nid++; ++} + + static void cleanup3(ADDED_OBJ *a) +- { +- if (--a->obj->nid == 0) +- ASN1_OBJECT_free(a->obj); +- OPENSSL_free(a); +- } ++{ ++ if (--a->obj->nid == 0) ++ ASN1_OBJECT_free(a->obj); ++ OPENSSL_free(a); ++} + + static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *) + static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *) + static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *) + + void OBJ_cleanup(void) +- { +- if (added == NULL) return; +- added->down_load=0; +- lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ +- lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ +- lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ +- lh_free(added); +- added=NULL; +- } ++{ ++ if (added == NULL) ++ return; ++ added->down_load = 0; ++ lh_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ ++ lh_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ ++ lh_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ ++ lh_free(added); ++ added = NULL; ++} + + int OBJ_new_nid(int num) +- { +- int i; ++{ ++ int i; + +- i=new_nid; +- new_nid+=num; +- return(i); +- } ++ i = new_nid; ++ new_nid += num; ++ return (i); ++} + + int OBJ_add_object(const ASN1_OBJECT *obj) +- { +- ASN1_OBJECT *o; +- ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop; +- int i; +- +- if (added == NULL) +- if (!init_added()) return(0); +- if ((o=OBJ_dup(obj)) == NULL) goto err; +- if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; +- if ((o->length != 0) && (obj->data != NULL)) +- if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; +- if (o->sn != NULL) +- if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; +- if (o->ln != NULL) +- if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2; +- +- for (i=ADDED_DATA; i<=ADDED_NID; i++) +- { +- if (ao[i] != NULL) +- { +- ao[i]->type=i; +- ao[i]->obj=o; +- aop=(ADDED_OBJ *)lh_insert(added,ao[i]); +- /* memory leak, buit should not normally matter */ +- if (aop != NULL) +- OPENSSL_free(aop); +- } +- } +- o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| +- ASN1_OBJECT_FLAG_DYNAMIC_DATA); +- +- return(o->nid); +-err2: +- OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE); +-err: +- for (i=ADDED_DATA; i<=ADDED_NID; i++) +- if (ao[i] != NULL) OPENSSL_free(ao[i]); +- if (o != NULL) OPENSSL_free(o); +- return(NID_undef); +- } ++{ ++ ASN1_OBJECT *o; ++ ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop; ++ int i; ++ ++ if (added == NULL) ++ if (!init_added()) ++ return (0); ++ if ((o = OBJ_dup(obj)) == NULL) ++ goto err; ++ if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) ++ goto err2; ++ if ((o->length != 0) && (obj->data != NULL)) ++ if (! ++ (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) ++ goto err2; ++ if (o->sn != NULL) ++ if (! ++ (ao[ADDED_SNAME] = ++ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) ++ goto err2; ++ if (o->ln != NULL) ++ if (! ++ (ao[ADDED_LNAME] = ++ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) ++ goto err2; ++ ++ for (i = ADDED_DATA; i <= ADDED_NID; i++) { ++ if (ao[i] != NULL) { ++ ao[i]->type = i; ++ ao[i]->obj = o; ++ aop = (ADDED_OBJ *)lh_insert(added, ao[i]); ++ /* memory leak, buit should not normally matter */ ++ if (aop != NULL) ++ OPENSSL_free(aop); ++ } ++ } ++ o->flags &= ++ ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ++ ASN1_OBJECT_FLAG_DYNAMIC_DATA); ++ ++ return (o->nid); ++ err2: ++ OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE); ++ err: ++ for (i = ADDED_DATA; i <= ADDED_NID; i++) ++ if (ao[i] != NULL) ++ OPENSSL_free(ao[i]); ++ if (o != NULL) ++ OPENSSL_free(o); ++ return (NID_undef); ++} + + ASN1_OBJECT *OBJ_nid2obj(int n) +- { +- ADDED_OBJ ad,*adp; +- ASN1_OBJECT ob; +- +- if ((n >= 0) && (n < NUM_NID)) +- { +- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) +- { +- OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); +- return(NULL); +- } +- return((ASN1_OBJECT *)&(nid_objs[n])); +- } +- else if (added == NULL) +- return(NULL); +- else +- { +- ad.type=ADDED_NID; +- ad.obj= &ob; +- ob.nid=n; +- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); +- if (adp != NULL) +- return(adp->obj); +- else +- { +- OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); +- return(NULL); +- } +- } +- } ++{ ++ ADDED_OBJ ad, *adp; ++ ASN1_OBJECT ob; ++ ++ if ((n >= 0) && (n < NUM_NID)) { ++ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { ++ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ return ((ASN1_OBJECT *)&(nid_objs[n])); ++ } else if (added == NULL) ++ return (NULL); ++ else { ++ ad.type = ADDED_NID; ++ ad.obj = &ob; ++ ob.nid = n; ++ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ if (adp != NULL) ++ return (adp->obj); ++ else { ++ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ } ++} + + const char *OBJ_nid2sn(int n) +- { +- ADDED_OBJ ad,*adp; +- ASN1_OBJECT ob; +- +- if ((n >= 0) && (n < NUM_NID)) +- { +- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) +- { +- OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); +- return(NULL); +- } +- return(nid_objs[n].sn); +- } +- else if (added == NULL) +- return(NULL); +- else +- { +- ad.type=ADDED_NID; +- ad.obj= &ob; +- ob.nid=n; +- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); +- if (adp != NULL) +- return(adp->obj->sn); +- else +- { +- OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); +- return(NULL); +- } +- } +- } ++{ ++ ADDED_OBJ ad, *adp; ++ ASN1_OBJECT ob; ++ ++ if ((n >= 0) && (n < NUM_NID)) { ++ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { ++ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ return (nid_objs[n].sn); ++ } else if (added == NULL) ++ return (NULL); ++ else { ++ ad.type = ADDED_NID; ++ ad.obj = &ob; ++ ob.nid = n; ++ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ if (adp != NULL) ++ return (adp->obj->sn); ++ else { ++ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ } ++} + + const char *OBJ_nid2ln(int n) +- { +- ADDED_OBJ ad,*adp; +- ASN1_OBJECT ob; +- +- if ((n >= 0) && (n < NUM_NID)) +- { +- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) +- { +- OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); +- return(NULL); +- } +- return(nid_objs[n].ln); +- } +- else if (added == NULL) +- return(NULL); +- else +- { +- ad.type=ADDED_NID; +- ad.obj= &ob; +- ob.nid=n; +- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); +- if (adp != NULL) +- return(adp->obj->ln); +- else +- { +- OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); +- return(NULL); +- } +- } +- } ++{ ++ ADDED_OBJ ad, *adp; ++ ASN1_OBJECT ob; ++ ++ if ((n >= 0) && (n < NUM_NID)) { ++ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { ++ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ return (nid_objs[n].ln); ++ } else if (added == NULL) ++ return (NULL); ++ else { ++ ad.type = ADDED_NID; ++ ad.obj = &ob; ++ ob.nid = n; ++ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ if (adp != NULL) ++ return (adp->obj->ln); ++ else { ++ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ } ++} + + int OBJ_obj2nid(const ASN1_OBJECT *a) +- { +- ASN1_OBJECT **op; +- ADDED_OBJ ad,*adp; +- +- if (a == NULL) +- return(NID_undef); +- if (a->nid != 0) +- return(a->nid); +- +- if (added != NULL) +- { +- ad.type=ADDED_DATA; +- ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ +- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); +- if (adp != NULL) return (adp->obj->nid); +- } +- op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs, +- NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp); +- if (op == NULL) +- return(NID_undef); +- return((*op)->nid); +- } +- +-/* Convert an object name into an ASN1_OBJECT +- * if "noname" is not set then search for short and long names first. +- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid +- * it can be used with any objects, not just registered ones. ++{ ++ ASN1_OBJECT **op; ++ ADDED_OBJ ad, *adp; ++ ++ if (a == NULL) ++ return (NID_undef); ++ if (a->nid != 0) ++ return (a->nid); ++ ++ if (added != NULL) { ++ ad.type = ADDED_DATA; ++ ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ ++ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ if (adp != NULL) ++ return (adp->obj->nid); ++ } ++ op = (ASN1_OBJECT **)OBJ_bsearch((const char *)&a, (const char *)obj_objs, ++ NUM_OBJ, sizeof(ASN1_OBJECT *), obj_cmp); ++ if (op == NULL) ++ return (NID_undef); ++ return ((*op)->nid); ++} ++ ++/* ++ * Convert an object name into an ASN1_OBJECT if "noname" is not set then ++ * search for short and long names first. This will convert the "dotted" form ++ * into an object: unlike OBJ_txt2nid it can be used with any objects, not ++ * just registered ones. + */ + + ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) +- { +- int nid = NID_undef; +- ASN1_OBJECT *op=NULL; +- unsigned char *buf; +- unsigned char *p; +- const unsigned char *cp; +- int i, j; +- +- if(!no_name) { +- if( ((nid = OBJ_sn2nid(s)) != NID_undef) || +- ((nid = OBJ_ln2nid(s)) != NID_undef) ) +- return OBJ_nid2obj(nid); +- } +- +- /* Work out size of content octets */ +- i=a2d_ASN1_OBJECT(NULL,0,s,-1); +- if (i <= 0) { +- /* Don't clear the error */ +- /*ERR_clear_error();*/ +- return NULL; +- } +- /* Work out total size */ +- j = ASN1_object_size(0,i,V_ASN1_OBJECT); +- +- if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL; +- +- p = buf; +- /* Write out tag+length */ +- ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); +- /* Write out contents */ +- a2d_ASN1_OBJECT(p,i,s,-1); +- +- cp=buf; +- op=d2i_ASN1_OBJECT(NULL,&cp,j); +- OPENSSL_free(buf); +- return op; +- } ++{ ++ int nid = NID_undef; ++ ASN1_OBJECT *op = NULL; ++ unsigned char *buf; ++ unsigned char *p; ++ const unsigned char *cp; ++ int i, j; ++ ++ if (!no_name) { ++ if (((nid = OBJ_sn2nid(s)) != NID_undef) || ++ ((nid = OBJ_ln2nid(s)) != NID_undef)) ++ return OBJ_nid2obj(nid); ++ } ++ ++ /* Work out size of content octets */ ++ i = a2d_ASN1_OBJECT(NULL, 0, s, -1); ++ if (i <= 0) { ++ /* Don't clear the error */ ++ /* ++ * ERR_clear_error(); ++ */ ++ return NULL; ++ } ++ /* Work out total size */ ++ j = ASN1_object_size(0, i, V_ASN1_OBJECT); ++ ++ if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL) ++ return NULL; ++ ++ p = buf; ++ /* Write out tag+length */ ++ ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); ++ /* Write out contents */ ++ a2d_ASN1_OBJECT(p, i, s, -1); ++ ++ cp = buf; ++ op = d2i_ASN1_OBJECT(NULL, &cp, j); ++ OPENSSL_free(buf); ++ return op; ++} + + int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + { +- int i,n=0,len,nid, first, use_bn; +- BIGNUM *bl; +- unsigned long l; +- unsigned char *p; +- char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; +- +- /* Ensure that, at every state, |buf| is NUL-terminated. */ +- if (buf && buf_len > 0) +- buf[0] = '\0'; +- +- if ((a == NULL) || (a->data == NULL)) +- return(0); +- +- if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef) +- { +- const char *s; +- s=OBJ_nid2ln(nid); +- if (s == NULL) +- s=OBJ_nid2sn(nid); +- if (s) +- { +- if (buf) +- BUF_strlcpy(buf,s,buf_len); +- n=strlen(s); +- return n; +- } +- } +- +- +- len=a->length; +- p=a->data; +- +- first = 1; +- bl = NULL; +- +- while (len > 0) +- { +- l=0; +- use_bn = 0; +- for (;;) +- { +- unsigned char c = *p++; +- len--; +- if ((len == 0) && (c & 0x80)) +- goto err; +- if (use_bn) +- { +- if (!BN_add_word(bl, c & 0x7f)) +- goto err; +- } +- else +- l |= c & 0x7f; +- if (!(c & 0x80)) +- break; +- if (!use_bn && (l > (ULONG_MAX >> 7L))) +- { +- if (!bl && !(bl = BN_new())) +- goto err; +- if (!BN_set_word(bl, l)) +- goto err; +- use_bn = 1; +- } +- if (use_bn) +- { +- if (!BN_lshift(bl, bl, 7)) +- goto err; +- } +- else +- l<<=7L; +- } +- +- if (first) +- { +- first = 0; +- if (l >= 80) +- { +- i = 2; +- if (use_bn) +- { +- if (!BN_sub_word(bl, 80)) +- goto err; +- } +- else +- l -= 80; +- } +- else +- { +- i=(int)(l/40); +- l-=(long)(i*40); +- } +- if (buf && (buf_len > 1)) +- { +- *buf++ = i + '0'; +- *buf = '\0'; +- buf_len--; +- } +- n++; +- } +- +- if (use_bn) +- { +- char *bndec; +- bndec = BN_bn2dec(bl); +- if (!bndec) +- goto err; +- i = strlen(bndec); +- if (buf) +- { +- if (buf_len > 1) +- { +- *buf++ = '.'; +- *buf = '\0'; +- buf_len--; +- } +- BUF_strlcpy(buf,bndec,buf_len); +- if (i > buf_len) +- { +- buf += buf_len; +- buf_len = 0; +- } +- else +- { +- buf+=i; +- buf_len-=i; +- } +- } +- n++; +- n += i; +- OPENSSL_free(bndec); +- } +- else +- { +- BIO_snprintf(tbuf,sizeof tbuf,".%lu",l); +- i=strlen(tbuf); +- if (buf && (buf_len > 0)) +- { +- BUF_strlcpy(buf,tbuf,buf_len); +- if (i > buf_len) +- { +- buf += buf_len; +- buf_len = 0; +- } +- else +- { +- buf+=i; +- buf_len-=i; +- } +- } +- n+=i; +- l=0; +- } +- } +- +- if (bl) +- BN_free(bl); +- return n; +- +- err: +- if (bl) +- BN_free(bl); +- return -1; ++ int i, n = 0, len, nid, first, use_bn; ++ BIGNUM *bl; ++ unsigned long l; ++ unsigned char *p; ++ char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2]; ++ ++ /* Ensure that, at every state, |buf| is NUL-terminated. */ ++ if (buf && buf_len > 0) ++ buf[0] = '\0'; ++ ++ if ((a == NULL) || (a->data == NULL)) ++ return (0); ++ ++ if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) { ++ const char *s; ++ s = OBJ_nid2ln(nid); ++ if (s == NULL) ++ s = OBJ_nid2sn(nid); ++ if (s) { ++ if (buf) ++ BUF_strlcpy(buf, s, buf_len); ++ n = strlen(s); ++ return n; ++ } ++ } ++ ++ len = a->length; ++ p = a->data; ++ ++ first = 1; ++ bl = NULL; ++ ++ while (len > 0) { ++ l = 0; ++ use_bn = 0; ++ for (;;) { ++ unsigned char c = *p++; ++ len--; ++ if ((len == 0) && (c & 0x80)) ++ goto err; ++ if (use_bn) { ++ if (!BN_add_word(bl, c & 0x7f)) ++ goto err; ++ } else ++ l |= c & 0x7f; ++ if (!(c & 0x80)) ++ break; ++ if (!use_bn && (l > (ULONG_MAX >> 7L))) { ++ if (!bl && !(bl = BN_new())) ++ goto err; ++ if (!BN_set_word(bl, l)) ++ goto err; ++ use_bn = 1; ++ } ++ if (use_bn) { ++ if (!BN_lshift(bl, bl, 7)) ++ goto err; ++ } else ++ l <<= 7L; ++ } ++ ++ if (first) { ++ first = 0; ++ if (l >= 80) { ++ i = 2; ++ if (use_bn) { ++ if (!BN_sub_word(bl, 80)) ++ goto err; ++ } else ++ l -= 80; ++ } else { ++ i = (int)(l / 40); ++ l -= (long)(i * 40); ++ } ++ if (buf && (buf_len > 1)) { ++ *buf++ = i + '0'; ++ *buf = '\0'; ++ buf_len--; ++ } ++ n++; ++ } ++ ++ if (use_bn) { ++ char *bndec; ++ bndec = BN_bn2dec(bl); ++ if (!bndec) ++ goto err; ++ i = strlen(bndec); ++ if (buf) { ++ if (buf_len > 1) { ++ *buf++ = '.'; ++ *buf = '\0'; ++ buf_len--; ++ } ++ BUF_strlcpy(buf, bndec, buf_len); ++ if (i > buf_len) { ++ buf += buf_len; ++ buf_len = 0; ++ } else { ++ buf += i; ++ buf_len -= i; ++ } ++ } ++ n++; ++ n += i; ++ OPENSSL_free(bndec); ++ } else { ++ BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); ++ i = strlen(tbuf); ++ if (buf && (buf_len > 0)) { ++ BUF_strlcpy(buf, tbuf, buf_len); ++ if (i > buf_len) { ++ buf += buf_len; ++ buf_len = 0; ++ } else { ++ buf += i; ++ buf_len -= i; ++ } ++ } ++ n += i; ++ l = 0; ++ } ++ } ++ ++ if (bl) ++ BN_free(bl); ++ return n; ++ ++ err: ++ if (bl) ++ BN_free(bl); ++ return -1; + } + + int OBJ_txt2nid(const char *s) + { +- ASN1_OBJECT *obj; +- int nid; +- obj = OBJ_txt2obj(s, 0); +- nid = OBJ_obj2nid(obj); +- ASN1_OBJECT_free(obj); +- return nid; ++ ASN1_OBJECT *obj; ++ int nid; ++ obj = OBJ_txt2obj(s, 0); ++ nid = OBJ_obj2nid(obj); ++ ASN1_OBJECT_free(obj); ++ return nid; + } + + int OBJ_ln2nid(const char *s) +- { +- ASN1_OBJECT o,*oo= &o,**op; +- ADDED_OBJ ad,*adp; +- +- o.ln=s; +- if (added != NULL) +- { +- ad.type=ADDED_LNAME; +- ad.obj= &o; +- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); +- if (adp != NULL) return (adp->obj->nid); +- } +- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN, +- sizeof(ASN1_OBJECT *),ln_cmp); +- if (op == NULL) return(NID_undef); +- return((*op)->nid); +- } ++{ ++ ASN1_OBJECT o, *oo = &o, **op; ++ ADDED_OBJ ad, *adp; ++ ++ o.ln = s; ++ if (added != NULL) { ++ ad.type = ADDED_LNAME; ++ ad.obj = &o; ++ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ if (adp != NULL) ++ return (adp->obj->nid); ++ } ++ op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)ln_objs, NUM_LN, ++ sizeof(ASN1_OBJECT *), ln_cmp); ++ if (op == NULL) ++ return (NID_undef); ++ return ((*op)->nid); ++} + + int OBJ_sn2nid(const char *s) +- { +- ASN1_OBJECT o,*oo= &o,**op; +- ADDED_OBJ ad,*adp; +- +- o.sn=s; +- if (added != NULL) +- { +- ad.type=ADDED_SNAME; +- ad.obj= &o; +- adp=(ADDED_OBJ *)lh_retrieve(added,&ad); +- if (adp != NULL) return (adp->obj->nid); +- } +- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, +- sizeof(ASN1_OBJECT *),sn_cmp); +- if (op == NULL) return(NID_undef); +- return((*op)->nid); +- } ++{ ++ ASN1_OBJECT o, *oo = &o, **op; ++ ADDED_OBJ ad, *adp; ++ ++ o.sn = s; ++ if (added != NULL) { ++ ad.type = ADDED_SNAME; ++ ad.obj = &o; ++ adp = (ADDED_OBJ *)lh_retrieve(added, &ad); ++ if (adp != NULL) ++ return (adp->obj->nid); ++ } ++ op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)sn_objs, NUM_SN, ++ sizeof(ASN1_OBJECT *), sn_cmp); ++ if (op == NULL) ++ return (NID_undef); ++ return ((*op)->nid); ++} + + static int obj_cmp(const void *ap, const void *bp) +- { +- int j; +- const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap; +- const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp; +- +- j=(a->length - b->length); +- if (j) return(j); +- return(memcmp(a->data,b->data,a->length)); +- } ++{ ++ int j; ++ const ASN1_OBJECT *a = *(ASN1_OBJECT *const *)ap; ++ const ASN1_OBJECT *b = *(ASN1_OBJECT *const *)bp; ++ ++ j = (a->length - b->length); ++ if (j) ++ return (j); ++ return (memcmp(a->data, b->data, a->length)); ++} + + const char *OBJ_bsearch(const char *key, const char *base, int num, int size, +- int (*cmp)(const void *, const void *)) +- { +- return OBJ_bsearch_ex(key, base, num, size, cmp, 0); +- } ++ int (*cmp) (const void *, const void *)) ++{ ++ return OBJ_bsearch_ex(key, base, num, size, cmp, 0); ++} + + const char *OBJ_bsearch_ex(const char *key, const char *base, int num, +- int size, int (*cmp)(const void *, const void *), int flags) +- { +- int l,h,i=0,c=0; +- const char *p = NULL; +- +- if (num == 0) return(NULL); +- l=0; +- h=num; +- while (l < h) +- { +- i=(l+h)/2; +- p= &(base[i*size]); +- c=(*cmp)(key,p); +- if (c < 0) +- h=i; +- else if (c > 0) +- l=i+1; +- else +- break; +- } ++ int size, int (*cmp) (const void *, const void *), ++ int flags) ++{ ++ int l, h, i = 0, c = 0; ++ const char *p = NULL; ++ ++ if (num == 0) ++ return (NULL); ++ l = 0; ++ h = num; ++ while (l < h) { ++ i = (l + h) / 2; ++ p = &(base[i * size]); ++ c = (*cmp) (key, p); ++ if (c < 0) ++ h = i; ++ else if (c > 0) ++ l = i + 1; ++ else ++ break; ++ } + #ifdef CHARSET_EBCDIC +-/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and +- * I don't have perl (yet), we revert to a *LINEAR* search +- * when the object wasn't found in the binary search. +- */ +- if (c != 0) +- { +- for (i=0; i 0 && (*cmp)(key,&(base[(i-1)*size])) == 0) +- i--; +- p = &(base[i*size]); +- } +- return(p); +- } ++ if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)) ++ p = NULL; ++ else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) { ++ while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0) ++ i--; ++ p = &(base[i * size]); ++ } ++ return (p); ++} + + int OBJ_create_objects(BIO *in) +- { +- MS_STATIC char buf[512]; +- int i,num=0; +- char *o,*s,*l=NULL; +- +- for (;;) +- { +- s=o=NULL; +- i=BIO_gets(in,buf,512); +- if (i <= 0) return(num); +- buf[i-1]='\0'; +- if (!isalnum((unsigned char)buf[0])) return(num); +- o=s=buf; +- while (isdigit((unsigned char)*s) || (*s == '.')) +- s++; +- if (*s != '\0') +- { +- *(s++)='\0'; +- while (isspace((unsigned char)*s)) +- s++; +- if (*s == '\0') +- s=NULL; +- else +- { +- l=s; +- while ((*l != '\0') && !isspace((unsigned char)*l)) +- l++; +- if (*l != '\0') +- { +- *(l++)='\0'; +- while (isspace((unsigned char)*l)) +- l++; +- if (*l == '\0') l=NULL; +- } +- else +- l=NULL; +- } +- } +- else +- s=NULL; +- if ((o == NULL) || (*o == '\0')) return(num); +- if (!OBJ_create(o,s,l)) return(num); +- num++; +- } +- /* return(num); */ +- } ++{ ++ MS_STATIC char buf[512]; ++ int i, num = 0; ++ char *o, *s, *l = NULL; ++ ++ for (;;) { ++ s = o = NULL; ++ i = BIO_gets(in, buf, 512); ++ if (i <= 0) ++ return (num); ++ buf[i - 1] = '\0'; ++ if (!isalnum((unsigned char)buf[0])) ++ return (num); ++ o = s = buf; ++ while (isdigit((unsigned char)*s) || (*s == '.')) ++ s++; ++ if (*s != '\0') { ++ *(s++) = '\0'; ++ while (isspace((unsigned char)*s)) ++ s++; ++ if (*s == '\0') ++ s = NULL; ++ else { ++ l = s; ++ while ((*l != '\0') && !isspace((unsigned char)*l)) ++ l++; ++ if (*l != '\0') { ++ *(l++) = '\0'; ++ while (isspace((unsigned char)*l)) ++ l++; ++ if (*l == '\0') ++ l = NULL; ++ } else ++ l = NULL; ++ } ++ } else ++ s = NULL; ++ if ((o == NULL) || (*o == '\0')) ++ return (num); ++ if (!OBJ_create(o, s, l)) ++ return (num); ++ num++; ++ } ++ /* return(num); */ ++} + + int OBJ_create(const char *oid, const char *sn, const char *ln) +- { +- int ok=0; +- ASN1_OBJECT *op=NULL; +- unsigned char *buf; +- int i; +- +- i=a2d_ASN1_OBJECT(NULL,0,oid,-1); +- if (i <= 0) return(0); +- +- if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) +- { +- OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- i=a2d_ASN1_OBJECT(buf,i,oid,-1); +- if (i == 0) +- goto err; +- op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); +- if (op == NULL) +- goto err; +- ok=OBJ_add_object(op); +-err: +- ASN1_OBJECT_free(op); +- OPENSSL_free(buf); +- return(ok); +- } ++{ ++ int ok = 0; ++ ASN1_OBJECT *op = NULL; ++ unsigned char *buf; ++ int i; ++ ++ i = a2d_ASN1_OBJECT(NULL, 0, oid, -1); ++ if (i <= 0) ++ return (0); ++ ++ if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) { ++ OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ i = a2d_ASN1_OBJECT(buf, i, oid, -1); ++ if (i == 0) ++ goto err; ++ op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln); ++ if (op == NULL) ++ goto err; ++ ok = OBJ_add_object(op); ++ err: ++ ASN1_OBJECT_free(op); ++ OPENSSL_free(buf); ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +index 12b4885..75321ec 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_err.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,38 +66,35 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) + +-static ERR_STRING_DATA OBJ_str_functs[]= +- { +-{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"}, +-{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"}, +-{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"}, +-{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"}, +-{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"}, +-{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"}, +-{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA OBJ_str_functs[] = { ++ {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"}, ++ {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"}, ++ {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"}, ++ {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"}, ++ {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"}, ++ {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"}, ++ {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA OBJ_str_reasons[]= +- { +-{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"}, +-{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA OBJ_str_reasons[] = { ++ {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"}, ++ {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_OBJ_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,OBJ_str_functs); +- ERR_load_strings(0,OBJ_str_reasons); +- } ++ if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, OBJ_str_functs); ++ ERR_load_strings(0, OBJ_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +index 706fa0b..0687602 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,66 +63,69 @@ + #include + + ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) +- { +- ASN1_OBJECT *r; +- int i; +- char *ln=NULL; ++{ ++ ASN1_OBJECT *r; ++ int i; ++ char *ln = NULL; + +- if (o == NULL) return(NULL); +- if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) +- return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of +- duplication is this??? */ ++ if (o == NULL) ++ return (NULL); ++ if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) ++ return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication ++ * is this??? */ + +- r=ASN1_OBJECT_new(); +- if (r == NULL) +- { +- OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); +- return(NULL); +- } +- r->data=OPENSSL_malloc(o->length); +- if (r->data == NULL) +- goto err; +- if (o->data != NULL) +- memcpy(r->data,o->data,o->length); +- r->length=o->length; +- r->nid=o->nid; +- r->ln=r->sn=NULL; +- if (o->ln != NULL) +- { +- i=strlen(o->ln)+1; +- r->ln=ln=OPENSSL_malloc(i); +- if (r->ln == NULL) goto err; +- memcpy(ln,o->ln,i); +- } ++ r = ASN1_OBJECT_new(); ++ if (r == NULL) { ++ OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB); ++ return (NULL); ++ } ++ r->data = OPENSSL_malloc(o->length); ++ if (r->data == NULL) ++ goto err; ++ if (o->data != NULL) ++ memcpy(r->data, o->data, o->length); ++ r->length = o->length; ++ r->nid = o->nid; ++ r->ln = r->sn = NULL; ++ if (o->ln != NULL) { ++ i = strlen(o->ln) + 1; ++ r->ln = ln = OPENSSL_malloc(i); ++ if (r->ln == NULL) ++ goto err; ++ memcpy(ln, o->ln, i); ++ } + +- if (o->sn != NULL) +- { +- char *s; ++ if (o->sn != NULL) { ++ char *s; + +- i=strlen(o->sn)+1; +- r->sn=s=OPENSSL_malloc(i); +- if (r->sn == NULL) goto err; +- memcpy(s,o->sn,i); +- } +- r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| +- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA); +- return(r); +-err: +- OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); +- if (r != NULL) +- { +- if (ln != NULL) OPENSSL_free(ln); +- if (r->data != NULL) OPENSSL_free(r->data); +- OPENSSL_free(r); +- } +- return(NULL); +- } ++ i = strlen(o->sn) + 1; ++ r->sn = s = OPENSSL_malloc(i); ++ if (r->sn == NULL) ++ goto err; ++ memcpy(s, o->sn, i); ++ } ++ r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | ++ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ++ ASN1_OBJECT_FLAG_DYNAMIC_DATA); ++ return (r); ++ err: ++ OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE); ++ if (r != NULL) { ++ if (ln != NULL) ++ OPENSSL_free(ln); ++ if (r->data != NULL) ++ OPENSSL_free(r->data); ++ OPENSSL_free(r); ++ } ++ return (NULL); ++} + + int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) +- { +- int ret; ++{ ++ int ret; + +- ret=(a->length-b->length); +- if (ret) return(ret); +- return(memcmp(a->data,b->data,a->length)); +- } ++ ret = (a->length - b->length); ++ if (ret) ++ return (ret); ++ return (memcmp(a->data, b->data, a->length)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c +index bfe892a..e2e52e7 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c +@@ -1,6 +1,7 @@ + /* ocsp_asn.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,41 +61,41 @@ + #include + + ASN1_SEQUENCE(OCSP_SIGNATURE) = { +- ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), +- ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), +- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) ++ ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), ++ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) + } ASN1_SEQUENCE_END(OCSP_SIGNATURE) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) + + ASN1_SEQUENCE(OCSP_CERTID) = { +- ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), +- ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), +- ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), +- ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) ++ ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) + } ASN1_SEQUENCE_END(OCSP_CERTID) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) + + ASN1_SEQUENCE(OCSP_ONEREQ) = { +- ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), +- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) ++ ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), ++ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) + } ASN1_SEQUENCE_END(OCSP_ONEREQ) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ) + + ASN1_SEQUENCE(OCSP_REQINFO) = { +- ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), +- ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), +- ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), +- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) ++ ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), ++ ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), ++ ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), ++ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) + } ASN1_SEQUENCE_END(OCSP_REQINFO) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) + + ASN1_SEQUENCE(OCSP_REQUEST) = { +- ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), +- ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) ++ ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), ++ ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) + } ASN1_SEQUENCE_END(OCSP_REQUEST) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) +@@ -102,81 +103,81 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) + /* OCSP_RESPONSE templates */ + + ASN1_SEQUENCE(OCSP_RESPBYTES) = { +- ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), +- ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), ++ ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END(OCSP_RESPBYTES) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) + + ASN1_SEQUENCE(OCSP_RESPONSE) = { +- ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), +- ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) ++ ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), ++ ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) + } ASN1_SEQUENCE_END(OCSP_RESPONSE) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) + + ASN1_CHOICE(OCSP_RESPID) = { +- ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), +- ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) ++ ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), ++ ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) + } ASN1_CHOICE_END(OCSP_RESPID) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) + + ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { +- ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), +- ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) ++ ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), ++ ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) + } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) + + ASN1_CHOICE(OCSP_CERTSTATUS) = { +- ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), +- ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), +- ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) ++ ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), ++ ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), ++ ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) + } ASN1_CHOICE_END(OCSP_CERTSTATUS) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) + + ASN1_SEQUENCE(OCSP_SINGLERESP) = { +- ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), +- ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), +- ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), +- ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), +- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) ++ ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), ++ ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), ++ ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), ++ ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), ++ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) + } ASN1_SEQUENCE_END(OCSP_SINGLERESP) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) + + ASN1_SEQUENCE(OCSP_RESPDATA) = { +- ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), +- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), +- ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), +- ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), +- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) ++ ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), ++ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), ++ ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), ++ ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), ++ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) + } ASN1_SEQUENCE_END(OCSP_RESPDATA) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) + + ASN1_SEQUENCE(OCSP_BASICRESP) = { +- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), +- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), +- ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), +- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) ++ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), ++ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), ++ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) + } ASN1_SEQUENCE_END(OCSP_BASICRESP) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) + + ASN1_SEQUENCE(OCSP_CRLID) = { +- ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), +- ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), +- ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) ++ ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), ++ ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), ++ ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) + } ASN1_SEQUENCE_END(OCSP_CRLID) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) + + ASN1_SEQUENCE(OCSP_SERVICELOC) = { +- ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), +- ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) ++ ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), ++ ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) + } ASN1_SEQUENCE_END(OCSP_SERVICELOC) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC) +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +index 17bab5f..bbb1830 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +@@ -1,11 +1,14 @@ + /* ocsp_cl.c */ +-/* Written by Tom Titchener for the OpenSSL +- * project. */ ++/* ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ + +-/* History: +- This file was transfered to Richard Levitte from CertCo by Kathy +- Weinhold in mid-spring 2000 to be included in OpenSSL or released +- as a patch kit. */ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +@@ -15,7 +18,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -71,302 +74,312 @@ + #include + #include + +-/* Utility functions related to sending OCSP requests and extracting +- * relevant information from the response. ++/* ++ * Utility functions related to sending OCSP requests and extracting relevant ++ * information from the response. + */ + +-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ +- * pointer: useful if we want to add extensions. ++/* ++ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer: ++ * useful if we want to add extensions. + */ + + OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) +- { +- OCSP_ONEREQ *one = NULL; +- +- if (!(one = OCSP_ONEREQ_new())) goto err; +- if (one->reqCert) OCSP_CERTID_free(one->reqCert); +- one->reqCert = cid; +- if (req && +- !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) +- goto err; +- return one; +-err: +- OCSP_ONEREQ_free(one); +- return NULL; +- } ++{ ++ OCSP_ONEREQ *one = NULL; ++ ++ if (!(one = OCSP_ONEREQ_new())) ++ goto err; ++ if (one->reqCert) ++ OCSP_CERTID_free(one->reqCert); ++ one->reqCert = cid; ++ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) ++ goto err; ++ return one; ++ err: ++ OCSP_ONEREQ_free(one); ++ return NULL; ++} + + /* Set requestorName from an X509_NAME structure */ + + int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) +- { +- GENERAL_NAME *gen; +- gen = GENERAL_NAME_new(); +- if (gen == NULL) +- return 0; +- if (!X509_NAME_set(&gen->d.directoryName, nm)) +- { +- GENERAL_NAME_free(gen); +- return 0; +- } +- gen->type = GEN_DIRNAME; +- if (req->tbsRequest->requestorName) +- GENERAL_NAME_free(req->tbsRequest->requestorName); +- req->tbsRequest->requestorName = gen; +- return 1; +- } +- ++{ ++ GENERAL_NAME *gen; ++ gen = GENERAL_NAME_new(); ++ if (gen == NULL) ++ return 0; ++ if (!X509_NAME_set(&gen->d.directoryName, nm)) { ++ GENERAL_NAME_free(gen); ++ return 0; ++ } ++ gen->type = GEN_DIRNAME; ++ if (req->tbsRequest->requestorName) ++ GENERAL_NAME_free(req->tbsRequest->requestorName); ++ req->tbsRequest->requestorName = gen; ++ return 1; ++} + + /* Add a certificate to an OCSP request */ + + int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) +- { +- OCSP_SIGNATURE *sig; +- if (!req->optionalSignature) +- req->optionalSignature = OCSP_SIGNATURE_new(); +- sig = req->optionalSignature; +- if (!sig) return 0; +- if (!cert) return 1; +- if (!sig->certs && !(sig->certs = sk_X509_new_null())) +- return 0; +- +- if(!sk_X509_push(sig->certs, cert)) return 0; +- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); +- return 1; +- } +- +-/* Sign an OCSP request set the requestorName to the subjec +- * name of an optional signers certificate and include one +- * or more optional certificates in the request. Behaves +- * like PKCS7_sign(). ++{ ++ OCSP_SIGNATURE *sig; ++ if (!req->optionalSignature) ++ req->optionalSignature = OCSP_SIGNATURE_new(); ++ sig = req->optionalSignature; ++ if (!sig) ++ return 0; ++ if (!cert) ++ return 1; ++ if (!sig->certs && !(sig->certs = sk_X509_new_null())) ++ return 0; ++ ++ if (!sk_X509_push(sig->certs, cert)) ++ return 0; ++ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); ++ return 1; ++} ++ ++/* ++ * Sign an OCSP request set the requestorName to the subjec name of an ++ * optional signers certificate and include one or more optional certificates ++ * in the request. Behaves like PKCS7_sign(). + */ + +-int OCSP_request_sign(OCSP_REQUEST *req, +- X509 *signer, +- EVP_PKEY *key, +- const EVP_MD *dgst, +- STACK_OF(X509) *certs, +- unsigned long flags) +- { +- int i; +- OCSP_SIGNATURE *sig; +- X509 *x; +- +- if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) +- goto err; +- +- if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; +- if (!dgst) dgst = EVP_sha1(); +- if (key) +- { +- if (!X509_check_private_key(signer, key)) +- { +- OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); +- goto err; +- } +- if (!OCSP_REQUEST_sign(req, key, dgst)) goto err; +- } +- +- if (!(flags & OCSP_NOCERTS)) +- { +- if(!OCSP_request_add1_cert(req, signer)) goto err; +- for (i = 0; i < sk_X509_num(certs); i++) +- { +- x = sk_X509_value(certs, i); +- if (!OCSP_request_add1_cert(req, x)) goto err; +- } +- } +- +- return 1; +-err: +- OCSP_SIGNATURE_free(req->optionalSignature); +- req->optionalSignature = NULL; +- return 0; +- } ++int OCSP_request_sign(OCSP_REQUEST *req, ++ X509 *signer, ++ EVP_PKEY *key, ++ const EVP_MD *dgst, ++ STACK_OF(X509) *certs, unsigned long flags) ++{ ++ int i; ++ OCSP_SIGNATURE *sig; ++ X509 *x; ++ ++ if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) ++ goto err; ++ ++ if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) ++ goto err; ++ if (!dgst) ++ dgst = EVP_sha1(); ++ if (key) { ++ if (!X509_check_private_key(signer, key)) { ++ OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, ++ OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); ++ goto err; ++ } ++ if (!OCSP_REQUEST_sign(req, key, dgst)) ++ goto err; ++ } ++ ++ if (!(flags & OCSP_NOCERTS)) { ++ if (!OCSP_request_add1_cert(req, signer)) ++ goto err; ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ x = sk_X509_value(certs, i); ++ if (!OCSP_request_add1_cert(req, x)) ++ goto err; ++ } ++ } ++ ++ return 1; ++ err: ++ OCSP_SIGNATURE_free(req->optionalSignature); ++ req->optionalSignature = NULL; ++ return 0; ++} + + /* Get response status */ + + int OCSP_response_status(OCSP_RESPONSE *resp) +- { +- return ASN1_ENUMERATED_get(resp->responseStatus); +- } ++{ ++ return ASN1_ENUMERATED_get(resp->responseStatus); ++} + +-/* Extract basic response from OCSP_RESPONSE or NULL if +- * no basic response present. ++/* ++ * Extract basic response from OCSP_RESPONSE or NULL if no basic response ++ * present. + */ +- + + OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) +- { +- OCSP_RESPBYTES *rb; +- rb = resp->responseBytes; +- if (!rb) +- { +- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA); +- return NULL; +- } +- if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) +- { +- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE); +- return NULL; +- } +- +- return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); +- } +- +-/* Return number of OCSP_SINGLERESP reponses present in +- * a basic response. ++{ ++ OCSP_RESPBYTES *rb; ++ rb = resp->responseBytes; ++ if (!rb) { ++ OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA); ++ return NULL; ++ } ++ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { ++ OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE); ++ return NULL; ++ } ++ ++ return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); ++} ++ ++/* ++ * Return number of OCSP_SINGLERESP reponses present in a basic response. + */ + + int OCSP_resp_count(OCSP_BASICRESP *bs) +- { +- if (!bs) return -1; +- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); +- } ++{ ++ if (!bs) ++ return -1; ++ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); ++} + + /* Extract an OCSP_SINGLERESP response with a given index */ + + OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) +- { +- if (!bs) return NULL; +- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); +- } ++{ ++ if (!bs) ++ return NULL; ++ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); ++} + + /* Look single response matching a given certificate ID */ + + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) +- { +- int i; +- STACK_OF(OCSP_SINGLERESP) *sresp; +- OCSP_SINGLERESP *single; +- if (!bs) return -1; +- if (last < 0) last = 0; +- else last++; +- sresp = bs->tbsResponseData->responses; +- for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) +- { +- single = sk_OCSP_SINGLERESP_value(sresp, i); +- if (!OCSP_id_cmp(id, single->certId)) return i; +- } +- return -1; +- } +- +-/* Extract status information from an OCSP_SINGLERESP structure. +- * Note: the revtime and reason values are only set if the +- * certificate status is revoked. Returns numerical value of +- * status. ++{ ++ int i; ++ STACK_OF(OCSP_SINGLERESP) *sresp; ++ OCSP_SINGLERESP *single; ++ if (!bs) ++ return -1; ++ if (last < 0) ++ last = 0; ++ else ++ last++; ++ sresp = bs->tbsResponseData->responses; ++ for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { ++ single = sk_OCSP_SINGLERESP_value(sresp, i); ++ if (!OCSP_id_cmp(id, single->certId)) ++ return i; ++ } ++ return -1; ++} ++ ++/* ++ * Extract status information from an OCSP_SINGLERESP structure. Note: the ++ * revtime and reason values are only set if the certificate status is ++ * revoked. Returns numerical value of status. + */ + + int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +- ASN1_GENERALIZEDTIME **revtime, +- ASN1_GENERALIZEDTIME **thisupd, +- ASN1_GENERALIZEDTIME **nextupd) +- { +- int ret; +- OCSP_CERTSTATUS *cst; +- if(!single) return -1; +- cst = single->certStatus; +- ret = cst->type; +- if (ret == V_OCSP_CERTSTATUS_REVOKED) +- { +- OCSP_REVOKEDINFO *rev = cst->value.revoked; +- if (revtime) *revtime = rev->revocationTime; +- if (reason) +- { +- if(rev->revocationReason) +- *reason = ASN1_ENUMERATED_get(rev->revocationReason); +- else *reason = -1; +- } +- } +- if(thisupd) *thisupd = single->thisUpdate; +- if(nextupd) *nextupd = single->nextUpdate; +- return ret; +- } +- +-/* This function combines the previous ones: look up a certificate ID and +- * if found extract status information. Return 0 is successful. ++ ASN1_GENERALIZEDTIME **revtime, ++ ASN1_GENERALIZEDTIME **thisupd, ++ ASN1_GENERALIZEDTIME **nextupd) ++{ ++ int ret; ++ OCSP_CERTSTATUS *cst; ++ if (!single) ++ return -1; ++ cst = single->certStatus; ++ ret = cst->type; ++ if (ret == V_OCSP_CERTSTATUS_REVOKED) { ++ OCSP_REVOKEDINFO *rev = cst->value.revoked; ++ if (revtime) ++ *revtime = rev->revocationTime; ++ if (reason) { ++ if (rev->revocationReason) ++ *reason = ASN1_ENUMERATED_get(rev->revocationReason); ++ else ++ *reason = -1; ++ } ++ } ++ if (thisupd) ++ *thisupd = single->thisUpdate; ++ if (nextupd) ++ *nextupd = single->nextUpdate; ++ return ret; ++} ++ ++/* ++ * This function combines the previous ones: look up a certificate ID and if ++ * found extract status information. Return 0 is successful. + */ + + int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +- int *reason, +- ASN1_GENERALIZEDTIME **revtime, +- ASN1_GENERALIZEDTIME **thisupd, +- ASN1_GENERALIZEDTIME **nextupd) +- { +- int i; +- OCSP_SINGLERESP *single; +- i = OCSP_resp_find(bs, id, -1); +- /* Maybe check for multiple responses and give an error? */ +- if(i < 0) return 0; +- single = OCSP_resp_get0(bs, i); +- i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); +- if(status) *status = i; +- return 1; +- } +- +-/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will +- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid +- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time. +- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage ++ int *reason, ++ ASN1_GENERALIZEDTIME **revtime, ++ ASN1_GENERALIZEDTIME **thisupd, ++ ASN1_GENERALIZEDTIME **nextupd) ++{ ++ int i; ++ OCSP_SINGLERESP *single; ++ i = OCSP_resp_find(bs, id, -1); ++ /* Maybe check for multiple responses and give an error? */ ++ if (i < 0) ++ return 0; ++ single = OCSP_resp_get0(bs, i); ++ i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); ++ if (status) ++ *status = i; ++ return 1; ++} ++ ++/* ++ * Check validity of thisUpdate and nextUpdate fields. It is possible that ++ * the request will take a few seconds to process and/or the time wont be ++ * totally accurate. Therefore to avoid rejecting otherwise valid time we ++ * allow the times to be within 'nsec' of the current time. Also to avoid ++ * accepting very old responses without a nextUpdate field an optional maxage + * parameter specifies the maximum age the thisUpdate field can be. + */ + +-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) +- { +- int ret = 1; +- time_t t_now, t_tmp; +- time(&t_now); +- /* Check thisUpdate is valid and not more than nsec in the future */ +- if (!ASN1_GENERALIZEDTIME_check(thisupd)) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD); +- ret = 0; +- } +- else +- { +- t_tmp = t_now + nsec; +- if (X509_cmp_time(thisupd, &t_tmp) > 0) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID); +- ret = 0; +- } +- +- /* If maxsec specified check thisUpdate is not more than maxsec in the past */ +- if (maxsec >= 0) +- { +- t_tmp = t_now - maxsec; +- if (X509_cmp_time(thisupd, &t_tmp) < 0) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD); +- ret = 0; +- } +- } +- } +- +- +- if (!nextupd) return ret; +- +- /* Check nextUpdate is valid and not more than nsec in the past */ +- if (!ASN1_GENERALIZEDTIME_check(nextupd)) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); +- ret = 0; +- } +- else +- { +- t_tmp = t_now - nsec; +- if (X509_cmp_time(nextupd, &t_tmp) < 0) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED); +- ret = 0; +- } +- } +- +- /* Also don't allow nextUpdate to precede thisUpdate */ +- if (ASN1_STRING_cmp(nextupd, thisupd) < 0) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); +- ret = 0; +- } +- +- return ret; +- } ++int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ++ ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) ++{ ++ int ret = 1; ++ time_t t_now, t_tmp; ++ time(&t_now); ++ /* Check thisUpdate is valid and not more than nsec in the future */ ++ if (!ASN1_GENERALIZEDTIME_check(thisupd)) { ++ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD); ++ ret = 0; ++ } else { ++ t_tmp = t_now + nsec; ++ if (X509_cmp_time(thisupd, &t_tmp) > 0) { ++ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID); ++ ret = 0; ++ } ++ ++ /* ++ * If maxsec specified check thisUpdate is not more than maxsec in ++ * the past ++ */ ++ if (maxsec >= 0) { ++ t_tmp = t_now - maxsec; ++ if (X509_cmp_time(thisupd, &t_tmp) < 0) { ++ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD); ++ ret = 0; ++ } ++ } ++ } ++ ++ if (!nextupd) ++ return ret; ++ ++ /* Check nextUpdate is valid and not more than nsec in the past */ ++ if (!ASN1_GENERALIZEDTIME_check(nextupd)) { ++ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); ++ ret = 0; ++ } else { ++ t_tmp = t_now - nsec; ++ if (X509_cmp_time(nextupd, &t_tmp) < 0) { ++ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED); ++ ret = 0; ++ } ++ } ++ ++ /* Also don't allow nextUpdate to precede thisUpdate */ ++ if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { ++ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, ++ OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); ++ ret = 0; ++ } ++ ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +index d2f2e79..0bbf71f 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,77 +66,83 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) + +-static ERR_STRING_DATA OCSP_str_functs[]= +- { +-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, +-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, +-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, +-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, +-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, +-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, +-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, +-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, +-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, +-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, +-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, +-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, +-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, +-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, +-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, +-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, +-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, +-{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA OCSP_str_functs[] = { ++ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, ++ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, ++ {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, ++ {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, ++ {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, ++ {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, ++ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, ++ {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, ++ {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, ++ {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, ++ {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, ++ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, ++ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, ++ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA OCSP_str_reasons[]= +- { +-{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, +-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +-{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, +-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, +-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, +-{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, +-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, +-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, +-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, +-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, +-{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, +-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, +-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, +-{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, +-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, +-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, +-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, +-{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, +-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, +-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, +-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, +-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, +-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +-{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, +-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, +-{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, +-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, +-{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, +-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA OCSP_str_reasons[] = { ++ {ERR_REASON(OCSP_R_BAD_DATA), "bad data"}, ++ {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, ++ {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"}, ++ {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), ++ "error in nextupdate field"}, ++ {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), ++ "error in thisupdate field"}, ++ {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"}, ++ {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), ++ "missing ocspsigning usage"}, ++ {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), ++ "nextupdate before thisupdate"}, ++ {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"}, ++ {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, ++ {ERR_REASON(OCSP_R_NO_CONTENT), "no content"}, ++ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"}, ++ {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"}, ++ {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"}, ++ {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), ++ "private key does not match certificate"}, ++ {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"}, ++ {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), ++ "response contains no revocation data"}, ++ {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"}, ++ {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"}, ++ {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, ++ {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), ++ "server response parse error"}, ++ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"}, ++ {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"}, ++ {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), ++ "signer certificate not found"}, ++ {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"}, ++ {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"}, ++ {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"}, ++ {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, ++ {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"}, ++ {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), ++ "unsupported requestorname type"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_OCSP_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,OCSP_str_functs); +- ERR_load_strings(0,OCSP_str_reasons); +- } ++ if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, OCSP_str_functs); ++ ERR_load_strings(0, OCSP_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +index 815cc29..e341cae 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +@@ -1,11 +1,14 @@ + /* ocsp_ext.c */ +-/* Written by Tom Titchener for the OpenSSL +- * project. */ ++/* ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ + +-/* History: +- This file was transfered to Richard Levitte from CertCo by Kathy +- Weinhold in mid-spring 2000 to be included in OpenSSL or released +- as a patch kit. */ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +@@ -15,7 +18,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -74,293 +77,318 @@ + /* OCSP request extensions */ + + int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) +- { +- return(X509v3_get_ext_count(x->tbsRequest->requestExtensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->tbsRequest->requestExtensions)); ++} + + int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos)); +- } +- +-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID ++ (x->tbsRequest->requestExtensions, nid, lastpos)); ++} ++ ++int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, ++ int lastpos) ++{ ++ return (X509v3_get_ext_by_OBJ ++ (x->tbsRequest->requestExtensions, obj, lastpos)); ++} + + int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_critical ++ (x->tbsRequest->requestExtensions, crit, lastpos)); ++} + + X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) +- { +- return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc)); ++} + + X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) +- { +- return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc)); +- } ++{ ++ return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc)); ++} + + void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) +- { +- return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); +- } ++{ ++ return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); ++} + + int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, +- unsigned long flags) +- { +- return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags); +- } ++ unsigned long flags) ++{ ++ return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, ++ crit, flags); ++} + + int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != ++ NULL); ++} + + /* Single extensions */ + + int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) +- { +- return(X509v3_get_ext_count(x->singleRequestExtensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->singleRequestExtensions)); ++} + + int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos)); ++} + + int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos)); ++} + + int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_critical ++ (x->singleRequestExtensions, crit, lastpos)); ++} + + X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) +- { +- return(X509v3_get_ext(x->singleRequestExtensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->singleRequestExtensions, loc)); ++} + + X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) +- { +- return(X509v3_delete_ext(x->singleRequestExtensions,loc)); +- } ++{ ++ return (X509v3_delete_ext(x->singleRequestExtensions, loc)); ++} + + void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) +- { +- return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); +- } ++{ ++ return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); ++} + + int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, +- unsigned long flags) +- { +- return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags); +- } ++ unsigned long flags) ++{ ++ return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, ++ flags); ++} + + int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL); ++} + + /* OCSP Basic response */ + + int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) +- { +- return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); ++} + + int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos)); +- } +- +-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos)); +- } +- +-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID ++ (x->tbsResponseData->responseExtensions, nid, lastpos)); ++} ++ ++int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, ++ int lastpos) ++{ ++ return (X509v3_get_ext_by_OBJ ++ (x->tbsResponseData->responseExtensions, obj, lastpos)); ++} ++ ++int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, ++ int lastpos) ++{ ++ return (X509v3_get_ext_by_critical ++ (x->tbsResponseData->responseExtensions, crit, lastpos)); ++} + + X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) +- { +- return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc)); ++} + + X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) +- { +- return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc)); +- } +- +-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx) +- { +- return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx); +- } +- +-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, +- unsigned long flags) +- { +- return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags); +- } ++{ ++ return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc)); ++} ++ ++void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, ++ int *idx) ++{ ++ return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, ++ idx); ++} ++ ++int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, ++ int crit, unsigned long flags) ++{ ++ return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, ++ value, crit, flags); ++} + + int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc) ++ != NULL); ++} + + /* OCSP single response extensions */ + + int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) +- { +- return(X509v3_get_ext_count(x->singleExtensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->singleExtensions)); ++} + + int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos)); +- } +- +-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos)); +- } +- +-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos)); ++} ++ ++int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, ++ int lastpos) ++{ ++ return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos)); ++} ++ ++int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, ++ int lastpos) ++{ ++ return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos)); ++} + + X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) +- { +- return(X509v3_get_ext(x->singleExtensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->singleExtensions, loc)); ++} + + X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) +- { +- return(X509v3_delete_ext(x->singleExtensions,loc)); +- } +- +-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx) +- { +- return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); +- } +- +-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, +- unsigned long flags) +- { +- return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); +- } ++{ ++ return (X509v3_delete_ext(x->singleExtensions, loc)); ++} ++ ++void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, ++ int *idx) ++{ ++ return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); ++} ++ ++int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, ++ int crit, unsigned long flags) ++{ ++ return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); ++} + + int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL); ++} + + /* also CRL Entry Extensions */ + + ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, +- void *data, STACK_OF(ASN1_OBJECT) *sk) +- { +- int i; +- unsigned char *p, *b = NULL; +- +- if (data) +- { +- if ((i=i2d(data,NULL)) <= 0) goto err; +- if (!(b=p=OPENSSL_malloc((unsigned int)i))) +- goto err; +- if (i2d(data, &p) <= 0) goto err; +- } +- else if (sk) +- { +- if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, +- (I2D_OF(ASN1_OBJECT))i2d, +- V_ASN1_SEQUENCE, +- V_ASN1_UNIVERSAL, +- IS_SEQUENCE))<=0) goto err; +- if (!(b=p=OPENSSL_malloc((unsigned int)i))) +- goto err; +- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, +- V_ASN1_SEQUENCE, +- V_ASN1_UNIVERSAL, +- IS_SEQUENCE)<=0) goto err; +- } +- else +- { +- OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA); +- goto err; +- } +- if (!s && !(s = ASN1_STRING_new())) goto err; +- if (!(ASN1_STRING_set(s, b, i))) goto err; +- OPENSSL_free(b); +- return s; +-err: +- if (b) OPENSSL_free(b); +- return NULL; +- } ++ void *data, STACK_OF(ASN1_OBJECT) *sk) ++{ ++ int i; ++ unsigned char *p, *b = NULL; ++ ++ if (data) { ++ if ((i = i2d(data, NULL)) <= 0) ++ goto err; ++ if (!(b = p = OPENSSL_malloc((unsigned int)i))) ++ goto err; ++ if (i2d(data, &p) <= 0) ++ goto err; ++ } else if (sk) { ++ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, ++ (I2D_OF(ASN1_OBJECT)) i2d, ++ V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, ++ IS_SEQUENCE)) <= 0) ++ goto err; ++ if (!(b = p = OPENSSL_malloc((unsigned int)i))) ++ goto err; ++ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d, ++ V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) ++ goto err; ++ } else { ++ OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); ++ goto err; ++ } ++ if (!s && !(s = ASN1_STRING_new())) ++ goto err; ++ if (!(ASN1_STRING_set(s, b, i))) ++ goto err; ++ OPENSSL_free(b); ++ return s; ++ err: ++ if (b) ++ OPENSSL_free(b); ++ return NULL; ++} + + /* Nonce handling functions */ + +-/* Add a nonce to an extension stack. A nonce can be specificed or if NULL +- * a random nonce will be generated. +- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the +- * nonce, previous versions used the raw nonce. ++/* ++ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a ++ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an ++ * OCTET STRING containing the nonce, previous versions used the raw nonce. + */ + +-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) +- { +- unsigned char *tmpval; +- ASN1_OCTET_STRING os; +- int ret = 0; +- if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; +- /* Create the OCTET STRING manually by writing out the header and +- * appending the content octets. This avoids an extra memory allocation +- * operation in some cases. Applications should *NOT* do this because +- * it relies on library internals. +- */ +- os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); +- os.data = OPENSSL_malloc(os.length); +- if (os.data == NULL) +- goto err; +- tmpval = os.data; +- ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); +- if (val) +- memcpy(tmpval, val, len); +- else +- RAND_pseudo_bytes(tmpval, len); +- if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, +- &os, 0, X509V3_ADD_REPLACE)) +- goto err; +- ret = 1; +- err: +- if (os.data) +- OPENSSL_free(os.data); +- return ret; +- } +- ++static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, ++ unsigned char *val, int len) ++{ ++ unsigned char *tmpval; ++ ASN1_OCTET_STRING os; ++ int ret = 0; ++ if (len <= 0) ++ len = OCSP_DEFAULT_NONCE_LENGTH; ++ /* ++ * Create the OCTET STRING manually by writing out the header and ++ * appending the content octets. This avoids an extra memory allocation ++ * operation in some cases. Applications should *NOT* do this because it ++ * relies on library internals. ++ */ ++ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); ++ os.data = OPENSSL_malloc(os.length); ++ if (os.data == NULL) ++ goto err; ++ tmpval = os.data; ++ ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); ++ if (val) ++ memcpy(tmpval, val, len); ++ else ++ RAND_pseudo_bytes(tmpval, len); ++ if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, ++ &os, 0, X509V3_ADD_REPLACE)) ++ goto err; ++ ret = 1; ++ err: ++ if (os.data) ++ OPENSSL_free(os.data); ++ return ret; ++} + + /* Add nonce to an OCSP request */ + + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) +- { +- return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); +- } ++{ ++ return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); ++} + + /* Same as above but for a response */ + + int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) +- { +- return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len); +- } ++{ ++ return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, ++ len); ++} + +-/* Check nonce validity in a request and response. ++/*- ++ * Check nonce validity in a request and response. + * Return value reflects result: + * 1: nonces present and equal. + * 2: nonces both absent. +@@ -374,172 +402,204 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) + */ + + int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) +- { +- /* +- * Since we are only interested in the presence or absence of +- * the nonce and comparing its value there is no need to use +- * the X509V3 routines: this way we can avoid them allocating an +- * ASN1_OCTET_STRING structure for the value which would be +- * freed immediately anyway. +- */ +- +- int req_idx, resp_idx; +- X509_EXTENSION *req_ext, *resp_ext; +- req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); +- resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); +- /* Check both absent */ +- if((req_idx < 0) && (resp_idx < 0)) +- return 2; +- /* Check in request only */ +- if((req_idx >= 0) && (resp_idx < 0)) +- return -1; +- /* Check in response but not request */ +- if((req_idx < 0) && (resp_idx >= 0)) +- return 3; +- /* Otherwise nonce in request and response so retrieve the extensions */ +- req_ext = OCSP_REQUEST_get_ext(req, req_idx); +- resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); +- if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) +- return 0; +- return 1; +- } +- +-/* Copy the nonce value (if any) from an OCSP request to +- * a response. ++{ ++ /* ++ * Since we are only interested in the presence or absence of ++ * the nonce and comparing its value there is no need to use ++ * the X509V3 routines: this way we can avoid them allocating an ++ * ASN1_OCTET_STRING structure for the value which would be ++ * freed immediately anyway. ++ */ ++ ++ int req_idx, resp_idx; ++ X509_EXTENSION *req_ext, *resp_ext; ++ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); ++ resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); ++ /* Check both absent */ ++ if ((req_idx < 0) && (resp_idx < 0)) ++ return 2; ++ /* Check in request only */ ++ if ((req_idx >= 0) && (resp_idx < 0)) ++ return -1; ++ /* Check in response but not request */ ++ if ((req_idx < 0) && (resp_idx >= 0)) ++ return 3; ++ /* ++ * Otherwise nonce in request and response so retrieve the extensions ++ */ ++ req_ext = OCSP_REQUEST_get_ext(req, req_idx); ++ resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); ++ if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) ++ return 0; ++ return 1; ++} ++ ++/* ++ * Copy the nonce value (if any) from an OCSP request to a response. + */ + + int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) +- { +- X509_EXTENSION *req_ext; +- int req_idx; +- /* Check for nonce in request */ +- req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); +- /* If no nonce that's OK */ +- if (req_idx < 0) return 2; +- req_ext = OCSP_REQUEST_get_ext(req, req_idx); +- return OCSP_BASICRESP_add_ext(resp, req_ext, -1); +- } ++{ ++ X509_EXTENSION *req_ext; ++ int req_idx; ++ /* Check for nonce in request */ ++ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); ++ /* If no nonce that's OK */ ++ if (req_idx < 0) ++ return 2; ++ req_ext = OCSP_REQUEST_get_ext(req, req_idx); ++ return OCSP_BASICRESP_add_ext(resp, req_ext, -1); ++} + + X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) +- { +- X509_EXTENSION *x = NULL; +- OCSP_CRLID *cid = NULL; +- +- if (!(cid = OCSP_CRLID_new())) goto err; +- if (url) +- { +- if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err; +- if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err; +- } +- if (n) +- { +- if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; +- if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; +- } +- if (tim) +- { +- if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; +- if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) +- goto err; +- } +- if (!(x = X509_EXTENSION_new())) goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; +- if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, +- NULL))) +- goto err; +- OCSP_CRLID_free(cid); +- return x; +-err: +- if (x) X509_EXTENSION_free(x); +- if (cid) OCSP_CRLID_free(cid); +- return NULL; +- } ++{ ++ X509_EXTENSION *x = NULL; ++ OCSP_CRLID *cid = NULL; ++ ++ if (!(cid = OCSP_CRLID_new())) ++ goto err; ++ if (url) { ++ if (!(cid->crlUrl = ASN1_IA5STRING_new())) ++ goto err; ++ if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) ++ goto err; ++ } ++ if (n) { ++ if (!(cid->crlNum = ASN1_INTEGER_new())) ++ goto err; ++ if (!(ASN1_INTEGER_set(cid->crlNum, *n))) ++ goto err; ++ } ++ if (tim) { ++ if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) ++ goto err; ++ if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) ++ goto err; ++ } ++ if (!(x = X509_EXTENSION_new())) ++ goto err; ++ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) ++ goto err; ++ if (!(ASN1_STRING_encode_of(OCSP_CRLID, x->value, i2d_OCSP_CRLID, cid, ++ NULL))) ++ goto err; ++ OCSP_CRLID_free(cid); ++ return x; ++ err: ++ if (x) ++ X509_EXTENSION_free(x); ++ if (cid) ++ OCSP_CRLID_free(cid); ++ return NULL; ++} + + /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ + X509_EXTENSION *OCSP_accept_responses_new(char **oids) +- { +- int nid; +- STACK_OF(ASN1_OBJECT) *sk = NULL; +- ASN1_OBJECT *o = NULL; +- X509_EXTENSION *x = NULL; +- +- if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; +- while (oids && *oids) +- { +- if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) +- sk_ASN1_OBJECT_push(sk, o); +- oids++; +- } +- if (!(x = X509_EXTENSION_new())) goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) +- goto err; +- if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, +- sk))) +- goto err; +- sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); +- return x; +-err: +- if (x) X509_EXTENSION_free(x); +- if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); +- return NULL; +- } ++{ ++ int nid; ++ STACK_OF(ASN1_OBJECT) *sk = NULL; ++ ASN1_OBJECT *o = NULL; ++ X509_EXTENSION *x = NULL; ++ ++ if (!(sk = sk_ASN1_OBJECT_new_null())) ++ goto err; ++ while (oids && *oids) { ++ if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid))) ++ sk_ASN1_OBJECT_push(sk, o); ++ oids++; ++ } ++ if (!(x = X509_EXTENSION_new())) ++ goto err; ++ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) ++ goto err; ++ if (!(ASN1_STRING_encode_of(ASN1_OBJECT, x->value, i2d_ASN1_OBJECT, NULL, ++ sk))) ++ goto err; ++ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); ++ return x; ++ err: ++ if (x) ++ X509_EXTENSION_free(x); ++ if (sk) ++ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); ++ return NULL; ++} + + /* ArchiveCutoff ::= GeneralizedTime */ +-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) +- { +- X509_EXTENSION *x=NULL; +- ASN1_GENERALIZEDTIME *gt = NULL; +- +- if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; +- if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; +- if (!(x = X509_EXTENSION_new())) goto err; +- if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; +- if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, +- i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err; +- ASN1_GENERALIZEDTIME_free(gt); +- return x; +-err: +- if (gt) ASN1_GENERALIZEDTIME_free(gt); +- if (x) X509_EXTENSION_free(x); +- return NULL; +- } +- +-/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently +- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This +- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. ++X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) ++{ ++ X509_EXTENSION *x = NULL; ++ ASN1_GENERALIZEDTIME *gt = NULL; ++ ++ if (!(gt = ASN1_GENERALIZEDTIME_new())) ++ goto err; ++ if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) ++ goto err; ++ if (!(x = X509_EXTENSION_new())) ++ goto err; ++ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff))) ++ goto err; ++ if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME, x->value, ++ i2d_ASN1_GENERALIZEDTIME, gt, NULL))) ++ goto err; ++ ASN1_GENERALIZEDTIME_free(gt); ++ return x; ++ err: ++ if (gt) ++ ASN1_GENERALIZEDTIME_free(gt); ++ if (x) ++ X509_EXTENSION_free(x); ++ return NULL; ++} ++ ++/* ++ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently ++ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method ++ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. + */ +-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) +- { +- X509_EXTENSION *x = NULL; +- ASN1_IA5STRING *ia5 = NULL; +- OCSP_SERVICELOC *sloc = NULL; +- ACCESS_DESCRIPTION *ad = NULL; +- +- if (!(sloc = OCSP_SERVICELOC_new())) goto err; +- if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; +- if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err; +- while (urls && *urls) +- { +- if (!(ad = ACCESS_DESCRIPTION_new())) goto err; +- if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; +- if (!(ad->location = GENERAL_NAME_new())) goto err; +- if (!(ia5 = ASN1_IA5STRING_new())) goto err; +- if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; +- ad->location->type = GEN_URI; +- ad->location->d.ia5 = ia5; +- if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; +- urls++; +- } +- if (!(x = X509_EXTENSION_new())) goto err; +- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) +- goto err; +- if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, +- i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; +- OCSP_SERVICELOC_free(sloc); +- return x; +-err: +- if (x) X509_EXTENSION_free(x); +- if (sloc) OCSP_SERVICELOC_free(sloc); +- return NULL; +- } +- ++X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) ++{ ++ X509_EXTENSION *x = NULL; ++ ASN1_IA5STRING *ia5 = NULL; ++ OCSP_SERVICELOC *sloc = NULL; ++ ACCESS_DESCRIPTION *ad = NULL; ++ ++ if (!(sloc = OCSP_SERVICELOC_new())) ++ goto err; ++ if (!(sloc->issuer = X509_NAME_dup(issuer))) ++ goto err; ++ if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) ++ goto err; ++ while (urls && *urls) { ++ if (!(ad = ACCESS_DESCRIPTION_new())) ++ goto err; ++ if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP))) ++ goto err; ++ if (!(ad->location = GENERAL_NAME_new())) ++ goto err; ++ if (!(ia5 = ASN1_IA5STRING_new())) ++ goto err; ++ if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) ++ goto err; ++ ad->location->type = GEN_URI; ++ ad->location->d.ia5 = ia5; ++ if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) ++ goto err; ++ urls++; ++ } ++ if (!(x = X509_EXTENSION_new())) ++ goto err; ++ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) ++ goto err; ++ if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC, x->value, ++ i2d_OCSP_SERVICELOC, sloc, NULL))) ++ goto err; ++ OCSP_SERVICELOC_free(sloc); ++ return x; ++ err: ++ if (x) ++ X509_EXTENSION_free(x); ++ if (sloc) ++ OCSP_SERVICELOC_free(sloc); ++ return NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +index fb87cd7..6754642 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +@@ -1,6 +1,7 @@ + /* ocsp_ht.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2006. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. + */ + /* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,416 +67,378 @@ + #include + #include + #ifdef OPENSSL_SYS_SUNOS +-#define strtoul (unsigned long)strtol +-#endif /* OPENSSL_SYS_SUNOS */ ++# define strtoul (unsigned long)strtol ++#endif /* OPENSSL_SYS_SUNOS */ + + /* Stateful OCSP request code, supporting non-blocking I/O */ + + /* Opaque OCSP request status structure */ + + struct ocsp_req_ctx_st { +- int state; /* Current I/O state */ +- unsigned char *iobuf; /* Line buffer */ +- int iobuflen; /* Line buffer length */ +- BIO *io; /* BIO to perform I/O with */ +- BIO *mem; /* Memory BIO response is built into */ +- unsigned long asn1_len; /* ASN1 length of response */ +- }; ++ int state; /* Current I/O state */ ++ unsigned char *iobuf; /* Line buffer */ ++ int iobuflen; /* Line buffer length */ ++ BIO *io; /* BIO to perform I/O with */ ++ BIO *mem; /* Memory BIO response is built into */ ++ unsigned long asn1_len; /* ASN1 length of response */ ++}; + +-#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) +-#define OCSP_MAX_LINE_LEN 4096; ++#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) ++#define OCSP_MAX_LINE_LEN 4096; + + /* OCSP states */ + + /* If set no reading should be performed */ +-#define OHS_NOREAD 0x1000 ++#define OHS_NOREAD 0x1000 + /* Error condition */ +-#define OHS_ERROR (0 | OHS_NOREAD) ++#define OHS_ERROR (0 | OHS_NOREAD) + /* First line being read */ +-#define OHS_FIRSTLINE 1 ++#define OHS_FIRSTLINE 1 + /* MIME headers being read */ +-#define OHS_HEADERS 2 ++#define OHS_HEADERS 2 + /* OCSP initial header (tag + length) being read */ +-#define OHS_ASN1_HEADER 3 ++#define OHS_ASN1_HEADER 3 + /* OCSP content octets being read */ +-#define OHS_ASN1_CONTENT 4 ++#define OHS_ASN1_CONTENT 4 + /* Request being sent */ +-#define OHS_ASN1_WRITE (6 | OHS_NOREAD) ++#define OHS_ASN1_WRITE (6 | OHS_NOREAD) + /* Request being flushed */ +-#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) ++#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) + /* Completed */ +-#define OHS_DONE (8 | OHS_NOREAD) +- ++#define OHS_DONE (8 | OHS_NOREAD) + + static int parse_http_line1(char *line); + + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) +- { +- if (rctx->mem) +- BIO_free(rctx->mem); +- if (rctx->iobuf) +- OPENSSL_free(rctx->iobuf); +- OPENSSL_free(rctx); +- } ++{ ++ if (rctx->mem) ++ BIO_free(rctx->mem); ++ if (rctx->iobuf) ++ OPENSSL_free(rctx->iobuf); ++ OPENSSL_free(rctx); ++} + + OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, +- int maxline) +- { +- static char post_hdr[] = "POST %s HTTP/1.0\r\n" +- "Content-Type: application/ocsp-request\r\n" +- "Content-Length: %d\r\n\r\n"; +- +- OCSP_REQ_CTX *rctx; +- rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); +- rctx->state = OHS_FIRSTLINE; +- rctx->mem = BIO_new(BIO_s_mem()); +- rctx->io = io; +- if (maxline > 0) +- rctx->iobuflen = maxline; +- else +- rctx->iobuflen = OCSP_MAX_LINE_LEN; +- rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); +- if (!path) +- path = "/"; +- +- if (BIO_printf(rctx->mem, post_hdr, path, +- i2d_OCSP_REQUEST(req, NULL)) <= 0) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- rctx->state = OHS_ASN1_WRITE; +- rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); +- +- return rctx; +- } +- +-/* Parse the HTTP response. This will look like this: +- * "HTTP/1.0 200 OK". We need to obtain the numeric code and +- * (optional) informational message. ++ int maxline) ++{ ++ static char post_hdr[] = "POST %s HTTP/1.0\r\n" ++ "Content-Type: application/ocsp-request\r\n" ++ "Content-Length: %d\r\n\r\n"; ++ ++ OCSP_REQ_CTX *rctx; ++ rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); ++ rctx->state = OHS_FIRSTLINE; ++ rctx->mem = BIO_new(BIO_s_mem()); ++ rctx->io = io; ++ if (maxline > 0) ++ rctx->iobuflen = maxline; ++ else ++ rctx->iobuflen = OCSP_MAX_LINE_LEN; ++ rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); ++ if (!path) ++ path = "/"; ++ ++ if (BIO_printf(rctx->mem, post_hdr, path, ++ i2d_OCSP_REQUEST(req, NULL)) <= 0) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ rctx->state = OHS_ASN1_WRITE; ++ rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); ++ ++ return rctx; ++} ++ ++/* ++ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We ++ * need to obtain the numeric code and (optional) informational message. + */ + + static int parse_http_line1(char *line) +- { +- int retcode; +- char *p, *q, *r; +- /* Skip to first white space (passed protocol info) */ +- +- for(p = line; *p && !isspace((unsigned char)*p); p++) +- continue; +- if(!*p) +- { +- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, +- OCSP_R_SERVER_RESPONSE_PARSE_ERROR); +- return 0; +- } +- +- /* Skip past white space to start of response code */ +- while(*p && isspace((unsigned char)*p)) +- p++; +- +- if(!*p) +- { +- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, +- OCSP_R_SERVER_RESPONSE_PARSE_ERROR); +- return 0; +- } +- +- /* Find end of response code: first whitespace after start of code */ +- for(q = p; *q && !isspace((unsigned char)*q); q++) +- continue; +- +- if(!*q) +- { +- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, +- OCSP_R_SERVER_RESPONSE_PARSE_ERROR); +- return 0; +- } +- +- /* Set end of response code and start of message */ +- *q++ = 0; +- +- /* Attempt to parse numeric code */ +- retcode = strtoul(p, &r, 10); +- +- if(*r) +- return 0; +- +- /* Skip over any leading white space in message */ +- while(*q && isspace((unsigned char)*q)) +- q++; +- +- if(*q) +- { +- /* Finally zap any trailing white space in message (include +- * CRLF) */ +- +- /* We know q has a non white space character so this is OK */ +- for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) +- *r = 0; +- } +- if(retcode != 200) +- { +- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); +- if(!*q) +- ERR_add_error_data(2, "Code=", p); +- else +- ERR_add_error_data(4, "Code=", p, ",Reason=", q); +- return 0; +- } +- +- +- return 1; +- +- } ++{ ++ int retcode; ++ char *p, *q, *r; ++ /* Skip to first white space (passed protocol info) */ ++ ++ for (p = line; *p && !isspace((unsigned char)*p); p++) ++ continue; ++ if (!*p) { ++ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); ++ return 0; ++ } ++ ++ /* Skip past white space to start of response code */ ++ while (*p && isspace((unsigned char)*p)) ++ p++; ++ ++ if (!*p) { ++ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); ++ return 0; ++ } ++ ++ /* Find end of response code: first whitespace after start of code */ ++ for (q = p; *q && !isspace((unsigned char)*q); q++) ++ continue; ++ ++ if (!*q) { ++ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); ++ return 0; ++ } ++ ++ /* Set end of response code and start of message */ ++ *q++ = 0; ++ ++ /* Attempt to parse numeric code */ ++ retcode = strtoul(p, &r, 10); ++ ++ if (*r) ++ return 0; ++ ++ /* Skip over any leading white space in message */ ++ while (*q && isspace((unsigned char)*q)) ++ q++; ++ ++ if (*q) { ++ /* ++ * Finally zap any trailing white space in message (include CRLF) ++ */ ++ ++ /* We know q has a non white space character so this is OK */ ++ for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) ++ *r = 0; ++ } ++ if (retcode != 200) { ++ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); ++ if (!*q) ++ ERR_add_error_data(2, "Code=", p); ++ else ++ ERR_add_error_data(4, "Code=", p, ",Reason=", q); ++ return 0; ++ } ++ ++ return 1; ++ ++} + + int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) +- { +- int i, n; +- const unsigned char *p; +- next_io: +- if (!(rctx->state & OHS_NOREAD)) +- { +- n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); +- +- if (n <= 0) +- { +- if (BIO_should_retry(rctx->io)) +- return -1; +- return 0; +- } +- +- /* Write data to memory BIO */ +- +- if (BIO_write(rctx->mem, rctx->iobuf, n) != n) +- return 0; +- } +- +- switch(rctx->state) +- { +- +- case OHS_ASN1_WRITE: +- n = BIO_get_mem_data(rctx->mem, &p); +- +- i = BIO_write(rctx->io, +- p + (n - rctx->asn1_len), rctx->asn1_len); +- +- if (i <= 0) +- { +- if (BIO_should_retry(rctx->io)) +- return -1; +- rctx->state = OHS_ERROR; +- return 0; +- } +- +- rctx->asn1_len -= i; +- +- if (rctx->asn1_len > 0) +- goto next_io; +- +- rctx->state = OHS_ASN1_FLUSH; +- +- (void)BIO_reset(rctx->mem); +- +- case OHS_ASN1_FLUSH: +- +- i = BIO_flush(rctx->io); +- +- if (i > 0) +- { +- rctx->state = OHS_FIRSTLINE; +- goto next_io; +- } +- +- if (BIO_should_retry(rctx->io)) +- return -1; +- +- rctx->state = OHS_ERROR; +- return 0; +- +- case OHS_ERROR: +- return 0; +- +- case OHS_FIRSTLINE: +- case OHS_HEADERS: +- +- /* Attempt to read a line in */ +- +- next_line: +- /* Due to &%^*$" memory BIO behaviour with BIO_gets we +- * have to check there's a complete line in there before +- * calling BIO_gets or we'll just get a partial read. +- */ +- n = BIO_get_mem_data(rctx->mem, &p); +- if ((n <= 0) || !memchr(p, '\n', n)) +- { +- if (n >= rctx->iobuflen) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- goto next_io; +- } +- n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); +- +- if (n <= 0) +- { +- if (BIO_should_retry(rctx->mem)) +- goto next_io; +- rctx->state = OHS_ERROR; +- return 0; +- } +- +- /* Don't allow excessive lines */ +- if (n == rctx->iobuflen) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- +- /* First line */ +- if (rctx->state == OHS_FIRSTLINE) +- { +- if (parse_http_line1((char *)rctx->iobuf)) +- { +- rctx->state = OHS_HEADERS; +- goto next_line; +- } +- else +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- } +- else +- { +- /* Look for blank line: end of headers */ +- for (p = rctx->iobuf; *p; p++) +- { +- if ((*p != '\r') && (*p != '\n')) +- break; +- } +- if (*p) +- goto next_line; +- +- rctx->state = OHS_ASN1_HEADER; +- +- } +- +- /* Fall thru */ +- +- +- case OHS_ASN1_HEADER: +- /* Now reading ASN1 header: can read at least 2 bytes which +- * is enough for ASN1 SEQUENCE header and either length field +- * or at least the length of the length field. +- */ +- n = BIO_get_mem_data(rctx->mem, &p); +- if (n < 2) +- goto next_io; +- +- /* Check it is an ASN1 SEQUENCE */ +- if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- +- /* Check out length field */ +- if (*p & 0x80) +- { +- /* If MSB set on initial length octet we can now +- * always read 6 octets: make sure we have them. +- */ +- if (n < 6) +- goto next_io; +- n = *p & 0x7F; +- /* Not NDEF or excessive length */ +- if (!n || (n > 4)) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- p++; +- rctx->asn1_len = 0; +- for (i = 0; i < n; i++) +- { +- rctx->asn1_len <<= 8; +- rctx->asn1_len |= *p++; +- } +- +- if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) +- { +- rctx->state = OHS_ERROR; +- return 0; +- } +- +- rctx->asn1_len += n + 2; +- } +- else +- rctx->asn1_len = *p + 2; +- +- rctx->state = OHS_ASN1_CONTENT; +- +- /* Fall thru */ +- +- case OHS_ASN1_CONTENT: +- n = BIO_get_mem_data(rctx->mem, &p); +- if (n < (int)rctx->asn1_len) +- goto next_io; +- +- +- *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); +- if (*presp) +- { +- rctx->state = OHS_DONE; +- return 1; +- } +- +- rctx->state = OHS_ERROR; +- return 0; +- +- break; +- +- case OHS_DONE: +- return 1; +- +- } +- +- +- +- return 0; +- +- +- } ++{ ++ int i, n; ++ const unsigned char *p; ++ next_io: ++ if (!(rctx->state & OHS_NOREAD)) { ++ n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); ++ ++ if (n <= 0) { ++ if (BIO_should_retry(rctx->io)) ++ return -1; ++ return 0; ++ } ++ ++ /* Write data to memory BIO */ ++ ++ if (BIO_write(rctx->mem, rctx->iobuf, n) != n) ++ return 0; ++ } ++ ++ switch (rctx->state) { ++ ++ case OHS_ASN1_WRITE: ++ n = BIO_get_mem_data(rctx->mem, &p); ++ ++ i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len); ++ ++ if (i <= 0) { ++ if (BIO_should_retry(rctx->io)) ++ return -1; ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ ++ rctx->asn1_len -= i; ++ ++ if (rctx->asn1_len > 0) ++ goto next_io; ++ ++ rctx->state = OHS_ASN1_FLUSH; ++ ++ (void)BIO_reset(rctx->mem); ++ ++ case OHS_ASN1_FLUSH: ++ ++ i = BIO_flush(rctx->io); ++ ++ if (i > 0) { ++ rctx->state = OHS_FIRSTLINE; ++ goto next_io; ++ } ++ ++ if (BIO_should_retry(rctx->io)) ++ return -1; ++ ++ rctx->state = OHS_ERROR; ++ return 0; ++ ++ case OHS_ERROR: ++ return 0; ++ ++ case OHS_FIRSTLINE: ++ case OHS_HEADERS: ++ ++ /* Attempt to read a line in */ ++ ++ next_line: ++ /* ++ * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check ++ * there's a complete line in there before calling BIO_gets or we'll ++ * just get a partial read. ++ */ ++ n = BIO_get_mem_data(rctx->mem, &p); ++ if ((n <= 0) || !memchr(p, '\n', n)) { ++ if (n >= rctx->iobuflen) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ goto next_io; ++ } ++ n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); ++ ++ if (n <= 0) { ++ if (BIO_should_retry(rctx->mem)) ++ goto next_io; ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ ++ /* Don't allow excessive lines */ ++ if (n == rctx->iobuflen) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ ++ /* First line */ ++ if (rctx->state == OHS_FIRSTLINE) { ++ if (parse_http_line1((char *)rctx->iobuf)) { ++ rctx->state = OHS_HEADERS; ++ goto next_line; ++ } else { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ } else { ++ /* Look for blank line: end of headers */ ++ for (p = rctx->iobuf; *p; p++) { ++ if ((*p != '\r') && (*p != '\n')) ++ break; ++ } ++ if (*p) ++ goto next_line; ++ ++ rctx->state = OHS_ASN1_HEADER; ++ ++ } ++ ++ /* Fall thru */ ++ ++ case OHS_ASN1_HEADER: ++ /* ++ * Now reading ASN1 header: can read at least 2 bytes which is enough ++ * for ASN1 SEQUENCE header and either length field or at least the ++ * length of the length field. ++ */ ++ n = BIO_get_mem_data(rctx->mem, &p); ++ if (n < 2) ++ goto next_io; ++ ++ /* Check it is an ASN1 SEQUENCE */ ++ if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ ++ /* Check out length field */ ++ if (*p & 0x80) { ++ /* ++ * If MSB set on initial length octet we can now always read 6 ++ * octets: make sure we have them. ++ */ ++ if (n < 6) ++ goto next_io; ++ n = *p & 0x7F; ++ /* Not NDEF or excessive length */ ++ if (!n || (n > 4)) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ p++; ++ rctx->asn1_len = 0; ++ for (i = 0; i < n; i++) { ++ rctx->asn1_len <<= 8; ++ rctx->asn1_len |= *p++; ++ } ++ ++ if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) { ++ rctx->state = OHS_ERROR; ++ return 0; ++ } ++ ++ rctx->asn1_len += n + 2; ++ } else ++ rctx->asn1_len = *p + 2; ++ ++ rctx->state = OHS_ASN1_CONTENT; ++ ++ /* Fall thru */ ++ ++ case OHS_ASN1_CONTENT: ++ n = BIO_get_mem_data(rctx->mem, &p); ++ if (n < (int)rctx->asn1_len) ++ goto next_io; ++ ++ *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); ++ if (*presp) { ++ rctx->state = OHS_DONE; ++ return 1; ++ } ++ ++ rctx->state = OHS_ERROR; ++ return 0; ++ ++ break; ++ ++ case OHS_DONE: ++ return 1; ++ ++ } ++ ++ return 0; ++ ++} + + /* Blocking OCSP request handler: now a special case of non-blocking I/O */ + + OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) +- { +- OCSP_RESPONSE *resp = NULL; +- OCSP_REQ_CTX *ctx; +- int rv; ++{ ++ OCSP_RESPONSE *resp = NULL; ++ OCSP_REQ_CTX *ctx; ++ int rv; + +- ctx = OCSP_sendreq_new(b, path, req, -1); ++ ctx = OCSP_sendreq_new(b, path, req, -1); + +- if (!ctx) +- return NULL; ++ if (!ctx) ++ return NULL; + +- do +- { +- rv = OCSP_sendreq_nbio(&resp, ctx); +- } while ((rv == -1) && BIO_should_retry(b)); ++ do { ++ rv = OCSP_sendreq_nbio(&resp, ctx); ++ } while ((rv == -1) && BIO_should_retry(b)); + +- OCSP_REQ_CTX_free(ctx); ++ OCSP_REQ_CTX_free(ctx); + +- if (rv) +- return resp; ++ if (rv) ++ return resp; + +- return NULL; +- } ++ return NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +index 5883b4e..a6686e5 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +@@ -1,11 +1,14 @@ + /* ocsp_lib.c */ +-/* Written by Tom Titchener for the OpenSSL +- * project. */ ++/* ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ + +-/* History: +- This file was transfered to Richard Levitte from CertCo by Kathy +- Weinhold in mid-spring 2000 to be included in OpenSSL or released +- as a patch kit. */ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +@@ -15,7 +18,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -74,200 +77,210 @@ + + OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) + { +- X509_NAME *iname; +- ASN1_INTEGER *serial; +- ASN1_BIT_STRING *ikey; ++ X509_NAME *iname; ++ ASN1_INTEGER *serial; ++ ASN1_BIT_STRING *ikey; + #ifndef OPENSSL_NO_SHA1 +- if(!dgst) dgst = EVP_sha1(); ++ if (!dgst) ++ dgst = EVP_sha1(); + #endif +- if (subject) +- { +- iname = X509_get_issuer_name(subject); +- serial = X509_get_serialNumber(subject); +- } +- else +- { +- iname = X509_get_subject_name(issuer); +- serial = NULL; +- } +- ikey = X509_get0_pubkey_bitstr(issuer); +- return OCSP_cert_id_new(dgst, iname, ikey, serial); ++ if (subject) { ++ iname = X509_get_issuer_name(subject); ++ serial = X509_get_serialNumber(subject); ++ } else { ++ iname = X509_get_subject_name(issuer); ++ serial = NULL; ++ } ++ ikey = X509_get0_pubkey_bitstr(issuer); ++ return OCSP_cert_id_new(dgst, iname, ikey, serial); + } + +- +-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +- X509_NAME *issuerName, +- ASN1_BIT_STRING* issuerKey, +- ASN1_INTEGER *serialNumber) +- { +- int nid; +- unsigned int i; +- X509_ALGOR *alg; +- OCSP_CERTID *cid = NULL; +- unsigned char md[EVP_MAX_MD_SIZE]; +- +- if (!(cid = OCSP_CERTID_new())) goto err; +- +- alg = cid->hashAlgorithm; +- if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); +- if ((nid = EVP_MD_type(dgst)) == NID_undef) +- { +- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); +- goto err; +- } +- if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; +- if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err; +- alg->parameter->type=V_ASN1_NULL; +- +- if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; +- if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err; +- +- /* Calculate the issuerKey hash, excluding tag and length */ +- EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); +- +- if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err; +- +- if (serialNumber) +- { +- ASN1_INTEGER_free(cid->serialNumber); +- if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err; +- } +- return cid; +-digerr: +- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR); +-err: +- if (cid) OCSP_CERTID_free(cid); +- return NULL; +- } ++OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, ++ X509_NAME *issuerName, ++ ASN1_BIT_STRING *issuerKey, ++ ASN1_INTEGER *serialNumber) ++{ ++ int nid; ++ unsigned int i; ++ X509_ALGOR *alg; ++ OCSP_CERTID *cid = NULL; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ ++ if (!(cid = OCSP_CERTID_new())) ++ goto err; ++ ++ alg = cid->hashAlgorithm; ++ if (alg->algorithm != NULL) ++ ASN1_OBJECT_free(alg->algorithm); ++ if ((nid = EVP_MD_type(dgst)) == NID_undef) { ++ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); ++ goto err; ++ } ++ if (!(alg->algorithm = OBJ_nid2obj(nid))) ++ goto err; ++ if ((alg->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ alg->parameter->type = V_ASN1_NULL; ++ ++ if (!X509_NAME_digest(issuerName, dgst, md, &i)) ++ goto digerr; ++ if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) ++ goto err; ++ ++ /* Calculate the issuerKey hash, excluding tag and length */ ++ EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); ++ ++ if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) ++ goto err; ++ ++ if (serialNumber) { ++ ASN1_INTEGER_free(cid->serialNumber); ++ if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) ++ goto err; ++ } ++ return cid; ++ digerr: ++ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); ++ err: ++ if (cid) ++ OCSP_CERTID_free(cid); ++ return NULL; ++} + + int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +- { +- int ret; +- ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); +- if (ret) return ret; +- ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); +- if (ret) return ret; +- return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); +- } ++{ ++ int ret; ++ ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); ++ if (ret) ++ return ret; ++ ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); ++ if (ret) ++ return ret; ++ return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); ++} + + int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +- { +- int ret; +- ret = OCSP_id_issuer_cmp(a, b); +- if (ret) return ret; +- return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); +- } +- ++{ ++ int ret; ++ ret = OCSP_id_issuer_cmp(a, b); ++ if (ret) ++ return ret; ++ return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); ++} + +-/* Parse a URL and split it up into host, port and path components and whether +- * it is SSL. ++/* ++ * Parse a URL and split it up into host, port and path components and ++ * whether it is SSL. + */ + +-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) +- { +- char *p, *buf; +- +- char *host, *port; +- +- *phost = NULL; +- *pport = NULL; +- *ppath = NULL; +- +- /* dup the buffer since we are going to mess with it */ +- buf = BUF_strdup(url); +- if (!buf) goto mem_err; +- +- /* Check for initial colon */ +- p = strchr(buf, ':'); +- +- if (!p) goto parse_err; +- +- *(p++) = '\0'; +- +- if (!strcmp(buf, "http")) +- { +- *pssl = 0; +- port = "80"; +- } +- else if (!strcmp(buf, "https")) +- { +- *pssl = 1; +- port = "443"; +- } +- else +- goto parse_err; +- +- /* Check for double slash */ +- if ((p[0] != '/') || (p[1] != '/')) +- goto parse_err; +- +- p += 2; +- +- host = p; +- +- /* Check for trailing part of path */ +- +- p = strchr(p, '/'); +- +- if (!p) +- *ppath = BUF_strdup("/"); +- else +- { +- *ppath = BUF_strdup(p); +- /* Set start of path to 0 so hostname is valid */ +- *p = '\0'; +- } +- +- if (!*ppath) goto mem_err; +- +- p = host; +- if(host[0] == '[') +- { +- /* ipv6 literal */ +- host++; +- p = strchr(host, ']'); +- if(!p) goto parse_err; +- *p = '\0'; +- p++; +- } +- +- /* Look for optional ':' for port number */ +- if ((p = strchr(p, ':'))) +- { +- *p = 0; +- port = p + 1; +- } +- else +- { +- /* Not found: set default port */ +- if (*pssl) port = "443"; +- else port = "80"; +- } +- +- *pport = BUF_strdup(port); +- if (!*pport) goto mem_err; +- +- *phost = BUF_strdup(host); +- +- if (!*phost) goto mem_err; +- +- OPENSSL_free(buf); +- +- return 1; +- +- mem_err: +- OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); +- goto err; +- +- parse_err: +- OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); +- ++int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, ++ int *pssl) ++{ ++ char *p, *buf; ++ ++ char *host, *port; ++ ++ *phost = NULL; ++ *pport = NULL; ++ *ppath = NULL; ++ ++ /* dup the buffer since we are going to mess with it */ ++ buf = BUF_strdup(url); ++ if (!buf) ++ goto mem_err; ++ ++ /* Check for initial colon */ ++ p = strchr(buf, ':'); ++ ++ if (!p) ++ goto parse_err; ++ ++ *(p++) = '\0'; ++ ++ if (!strcmp(buf, "http")) { ++ *pssl = 0; ++ port = "80"; ++ } else if (!strcmp(buf, "https")) { ++ *pssl = 1; ++ port = "443"; ++ } else ++ goto parse_err; ++ ++ /* Check for double slash */ ++ if ((p[0] != '/') || (p[1] != '/')) ++ goto parse_err; ++ ++ p += 2; ++ ++ host = p; ++ ++ /* Check for trailing part of path */ ++ ++ p = strchr(p, '/'); ++ ++ if (!p) ++ *ppath = BUF_strdup("/"); ++ else { ++ *ppath = BUF_strdup(p); ++ /* Set start of path to 0 so hostname is valid */ ++ *p = '\0'; ++ } ++ ++ if (!*ppath) ++ goto mem_err; ++ ++ p = host; ++ if (host[0] == '[') { ++ /* ipv6 literal */ ++ host++; ++ p = strchr(host, ']'); ++ if (!p) ++ goto parse_err; ++ *p = '\0'; ++ p++; ++ } ++ ++ /* Look for optional ':' for port number */ ++ if ((p = strchr(p, ':'))) { ++ *p = 0; ++ port = p + 1; ++ } else { ++ /* Not found: set default port */ ++ if (*pssl) ++ port = "443"; ++ else ++ port = "80"; ++ } ++ ++ *pport = BUF_strdup(port); ++ if (!*pport) ++ goto mem_err; ++ ++ *phost = BUF_strdup(host); ++ ++ if (!*phost) ++ goto mem_err; ++ ++ OPENSSL_free(buf); ++ ++ return 1; ++ ++ mem_err: ++ OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ ++ parse_err: ++ OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); ++ ++ err: ++ if (buf) ++ OPENSSL_free(buf); ++ if (*ppath) ++ OPENSSL_free(*ppath); ++ if (*pport) ++ OPENSSL_free(*pport); ++ if (*phost) ++ OPENSSL_free(*phost); ++ return 0; + +- err: +- if (buf) OPENSSL_free(buf); +- if (*ppath) OPENSSL_free(*ppath); +- if (*pport) OPENSSL_free(*pport); +- if (*phost) OPENSSL_free(*phost); +- return 0; +- +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +index b8b7871..f618177 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +@@ -1,11 +1,14 @@ + /* ocsp_prn.c */ +-/* Written by Tom Titchener for the OpenSSL +- * project. */ ++/* ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ + +-/* History: +- This file was originally part of ocsp.c and was transfered to Richard +- Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included +- in OpenSSL or released as a patch kit. */ ++/* ++ * History: This file was originally part of ocsp.c and was transfered to ++ * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be ++ * included in OpenSSL or released as a patch kit. ++ */ + + /* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. +@@ -15,7 +18,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,225 +69,232 @@ + #include + #include + +-static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) +- { +- BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); +- indent += 2; +- BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); +- i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); +- BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); +- i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); +- BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); +- i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); +- BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); +- i2a_ASN1_INTEGER(bp, a->serialNumber); +- BIO_printf(bp, "\n"); +- return 1; +- } ++static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) ++{ ++ BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); ++ indent += 2; ++ BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); ++ i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); ++ BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); ++ i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); ++ BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); ++ i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); ++ BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); ++ i2a_ASN1_INTEGER(bp, a->serialNumber); ++ BIO_printf(bp, "\n"); ++ return 1; ++} + +-typedef struct +- { +- long t; +- char *m; +- } OCSP_TBLSTR; ++typedef struct { ++ long t; ++ char *m; ++} OCSP_TBLSTR; + + static char *table2string(long s, OCSP_TBLSTR *ts, int len) + { +- OCSP_TBLSTR *p; +- for (p=ts; p < ts + len; p++) +- if (p->t == s) +- return p->m; +- return "(UNKNOWN)"; ++ OCSP_TBLSTR *p; ++ for (p = ts; p < ts + len; p++) ++ if (p->t == s) ++ return p->m; ++ return "(UNKNOWN)"; + } + + char *OCSP_response_status_str(long s) +- { +- static OCSP_TBLSTR rstat_tbl[] = { +- { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, +- { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, +- { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, +- { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, +- { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, +- { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; +- return table2string(s, rstat_tbl, 6); +- } ++{ ++ static OCSP_TBLSTR rstat_tbl[] = { ++ {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"}, ++ {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"}, ++ {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"}, ++ {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"}, ++ {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"}, ++ {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"} ++ }; ++ return table2string(s, rstat_tbl, 6); ++} + + char *OCSP_cert_status_str(long s) +- { +- static OCSP_TBLSTR cstat_tbl[] = { +- { V_OCSP_CERTSTATUS_GOOD, "good" }, +- { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, +- { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; +- return table2string(s, cstat_tbl, 3); +- } ++{ ++ static OCSP_TBLSTR cstat_tbl[] = { ++ {V_OCSP_CERTSTATUS_GOOD, "good"}, ++ {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, ++ {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} ++ }; ++ return table2string(s, cstat_tbl, 3); ++} + + char *OCSP_crl_reason_str(long s) +- { +- OCSP_TBLSTR reason_tbl[] = { +- { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, +- { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, +- { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, +- { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, +- { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, +- { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, +- { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, +- { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; +- return table2string(s, reason_tbl, 8); +- } ++{ ++ OCSP_TBLSTR reason_tbl[] = { ++ {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"}, ++ {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"}, ++ {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"}, ++ {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"}, ++ {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"}, ++ {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"}, ++ {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"}, ++ {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"} ++ }; ++ return table2string(s, reason_tbl, 8); ++} + +-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) +- { +- int i; +- long l; +- OCSP_CERTID* cid = NULL; +- OCSP_ONEREQ *one = NULL; +- OCSP_REQINFO *inf = o->tbsRequest; +- OCSP_SIGNATURE *sig = o->optionalSignature; ++int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) ++{ ++ int i; ++ long l; ++ OCSP_CERTID *cid = NULL; ++ OCSP_ONEREQ *one = NULL; ++ OCSP_REQINFO *inf = o->tbsRequest; ++ OCSP_SIGNATURE *sig = o->optionalSignature; + +- if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err; +- l=ASN1_INTEGER_get(inf->version); +- if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err; +- if (inf->requestorName != NULL) +- { +- if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) +- goto err; +- GENERAL_NAME_print(bp, inf->requestorName); +- } +- if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err; +- for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) +- { +- one = sk_OCSP_ONEREQ_value(inf->requestList, i); +- cid = one->reqCert; +- ocsp_certid_print(bp, cid, 8); +- if (!X509V3_extensions_print(bp, +- "Request Single Extensions", +- one->singleRequestExtensions, flags, 8)) +- goto err; +- } +- if (!X509V3_extensions_print(bp, "Request Extensions", +- inf->requestExtensions, flags, 4)) +- goto err; +- if (sig) +- { +- X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); +- for (i=0; icerts); i++) +- { +- X509_print(bp, sk_X509_value(sig->certs,i)); +- PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); +- } +- } +- return 1; +-err: +- return 0; +- } ++ if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) ++ goto err; ++ l = ASN1_INTEGER_get(inf->version); ++ if (BIO_printf(bp, " Version: %lu (0x%lx)", l + 1, l) <= 0) ++ goto err; ++ if (inf->requestorName != NULL) { ++ if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) ++ goto err; ++ GENERAL_NAME_print(bp, inf->requestorName); ++ } ++ if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) ++ goto err; ++ for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { ++ one = sk_OCSP_ONEREQ_value(inf->requestList, i); ++ cid = one->reqCert; ++ ocsp_certid_print(bp, cid, 8); ++ if (!X509V3_extensions_print(bp, ++ "Request Single Extensions", ++ one->singleRequestExtensions, flags, 8)) ++ goto err; ++ } ++ if (!X509V3_extensions_print(bp, "Request Extensions", ++ inf->requestExtensions, flags, 4)) ++ goto err; ++ if (sig) { ++ X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); ++ for (i = 0; i < sk_X509_num(sig->certs); i++) { ++ X509_print(bp, sk_X509_value(sig->certs, i)); ++ PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); ++ } ++ } ++ return 1; ++ err: ++ return 0; ++} + +-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) +- { +- int i, ret = 0; +- long l; +- OCSP_CERTID *cid = NULL; +- OCSP_BASICRESP *br = NULL; +- OCSP_RESPID *rid = NULL; +- OCSP_RESPDATA *rd = NULL; +- OCSP_CERTSTATUS *cst = NULL; +- OCSP_REVOKEDINFO *rev = NULL; +- OCSP_SINGLERESP *single = NULL; +- OCSP_RESPBYTES *rb = o->responseBytes; ++int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) ++{ ++ int i, ret = 0; ++ long l; ++ OCSP_CERTID *cid = NULL; ++ OCSP_BASICRESP *br = NULL; ++ OCSP_RESPID *rid = NULL; ++ OCSP_RESPDATA *rd = NULL; ++ OCSP_CERTSTATUS *cst = NULL; ++ OCSP_REVOKEDINFO *rev = NULL; ++ OCSP_SINGLERESP *single = NULL; ++ OCSP_RESPBYTES *rb = o->responseBytes; + +- if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; +- l=ASN1_ENUMERATED_get(o->responseStatus); +- if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", +- OCSP_response_status_str(l), l) <= 0) goto err; +- if (rb == NULL) return 1; +- if (BIO_puts(bp," Response Type: ") <= 0) +- goto err; +- if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) +- goto err; +- if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) +- { +- BIO_puts(bp," (unknown response type)\n"); +- return 1; +- } ++ if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) ++ goto err; ++ l = ASN1_ENUMERATED_get(o->responseStatus); ++ if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", ++ OCSP_response_status_str(l), l) <= 0) ++ goto err; ++ if (rb == NULL) ++ return 1; ++ if (BIO_puts(bp, " Response Type: ") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) ++ goto err; ++ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { ++ BIO_puts(bp, " (unknown response type)\n"); ++ return 1; ++ } + +- i = ASN1_STRING_length(rb->response); +- if (!(br = OCSP_response_get1_basic(o))) goto err; +- rd = br->tbsResponseData; +- l=ASN1_INTEGER_get(rd->version); +- if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", +- l+1,l) <= 0) goto err; +- if (BIO_puts(bp," Responder Id: ") <= 0) goto err; ++ i = ASN1_STRING_length(rb->response); ++ if (!(br = OCSP_response_get1_basic(o))) ++ goto err; ++ rd = br->tbsResponseData; ++ l = ASN1_INTEGER_get(rd->version); ++ if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0) ++ goto err; ++ if (BIO_puts(bp, " Responder Id: ") <= 0) ++ goto err; + +- rid = rd->responderId; +- switch (rid->type) +- { +- case V_OCSP_RESPID_NAME: +- X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); +- break; +- case V_OCSP_RESPID_KEY: +- i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); +- break; +- } ++ rid = rd->responderId; ++ switch (rid->type) { ++ case V_OCSP_RESPID_NAME: ++ X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); ++ break; ++ case V_OCSP_RESPID_KEY: ++ i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); ++ break; ++ } + +- if (BIO_printf(bp,"\n Produced At: ")<=0) goto err; +- if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; +- if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err; +- for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) +- { +- if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue; +- single = sk_OCSP_SINGLERESP_value(rd->responses, i); +- cid = single->certId; +- if(ocsp_certid_print(bp, cid, 4) <= 0) goto err; +- cst = single->certStatus; +- if (BIO_printf(bp," Cert Status: %s", +- OCSP_cert_status_str(cst->type)) <= 0) +- goto err; +- if (cst->type == V_OCSP_CERTSTATUS_REVOKED) +- { +- rev = cst->value.revoked; +- if (BIO_printf(bp, "\n Revocation Time: ") <= 0) +- goto err; +- if (!ASN1_GENERALIZEDTIME_print(bp, +- rev->revocationTime)) +- goto err; +- if (rev->revocationReason) +- { +- l=ASN1_ENUMERATED_get(rev->revocationReason); +- if (BIO_printf(bp, +- "\n Revocation Reason: %s (0x%lx)", +- OCSP_crl_reason_str(l), l) <= 0) +- goto err; +- } +- } +- if (BIO_printf(bp,"\n This Update: ") <= 0) goto err; +- if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) +- goto err; +- if (single->nextUpdate) +- { +- if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err; +- if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) +- goto err; +- } +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- if (!X509V3_extensions_print(bp, +- "Response Single Extensions", +- single->singleExtensions, flags, 8)) +- goto err; +- if (BIO_write(bp,"\n",1) <= 0) goto err; +- } +- if (!X509V3_extensions_print(bp, "Response Extensions", +- rd->responseExtensions, flags, 4)) +- goto err; +- if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) +- goto err; ++ if (BIO_printf(bp, "\n Produced At: ") <= 0) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) ++ goto err; ++ if (BIO_printf(bp, "\n Responses:\n") <= 0) ++ goto err; ++ for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { ++ if (!sk_OCSP_SINGLERESP_value(rd->responses, i)) ++ continue; ++ single = sk_OCSP_SINGLERESP_value(rd->responses, i); ++ cid = single->certId; ++ if (ocsp_certid_print(bp, cid, 4) <= 0) ++ goto err; ++ cst = single->certStatus; ++ if (BIO_printf(bp, " Cert Status: %s", ++ OCSP_cert_status_str(cst->type)) <= 0) ++ goto err; ++ if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { ++ rev = cst->value.revoked; ++ if (BIO_printf(bp, "\n Revocation Time: ") <= 0) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime)) ++ goto err; ++ if (rev->revocationReason) { ++ l = ASN1_ENUMERATED_get(rev->revocationReason); ++ if (BIO_printf(bp, ++ "\n Revocation Reason: %s (0x%lx)", ++ OCSP_crl_reason_str(l), l) <= 0) ++ goto err; ++ } ++ } ++ if (BIO_printf(bp, "\n This Update: ") <= 0) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) ++ goto err; ++ if (single->nextUpdate) { ++ if (BIO_printf(bp, "\n Next Update: ") <= 0) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) ++ goto err; ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ if (!X509V3_extensions_print(bp, ++ "Response Single Extensions", ++ single->singleExtensions, flags, 8)) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!X509V3_extensions_print(bp, "Response Extensions", ++ rd->responseExtensions, flags, 4)) ++ goto err; ++ if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) ++ goto err; + +- for (i=0; icerts); i++) +- { +- X509_print(bp, sk_X509_value(br->certs,i)); +- PEM_write_bio_X509(bp,sk_X509_value(br->certs,i)); +- } ++ for (i = 0; i < sk_X509_num(br->certs); i++) { ++ X509_print(bp, sk_X509_value(br->certs, i)); ++ PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); ++ } + +- ret = 1; +-err: +- OCSP_BASICRESP_free(br); +- return ret; +- } ++ ret = 1; ++ err: ++ OCSP_BASICRESP_free(br); ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c +index 1c606dd..2ec2c63 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c +@@ -1,6 +1,7 @@ + /* ocsp_srv.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,200 +66,206 @@ + #include + #include + +-/* Utility functions related to sending OCSP responses and extracting ++/* ++ * Utility functions related to sending OCSP responses and extracting + * relevant information from the request. + */ + + int OCSP_request_onereq_count(OCSP_REQUEST *req) +- { +- return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); +- } ++{ ++ return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); ++} + + OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) +- { +- return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); +- } ++{ ++ return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); ++} + + OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) +- { +- return one->reqCert; +- } ++{ ++ return one->reqCert; ++} + + int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +- ASN1_OCTET_STRING **pikeyHash, +- ASN1_INTEGER **pserial, OCSP_CERTID *cid) +- { +- if (!cid) return 0; +- if (pmd) *pmd = cid->hashAlgorithm->algorithm; +- if(piNameHash) *piNameHash = cid->issuerNameHash; +- if (pikeyHash) *pikeyHash = cid->issuerKeyHash; +- if (pserial) *pserial = cid->serialNumber; +- return 1; +- } ++ ASN1_OCTET_STRING **pikeyHash, ++ ASN1_INTEGER **pserial, OCSP_CERTID *cid) ++{ ++ if (!cid) ++ return 0; ++ if (pmd) ++ *pmd = cid->hashAlgorithm->algorithm; ++ if (piNameHash) ++ *piNameHash = cid->issuerNameHash; ++ if (pikeyHash) ++ *pikeyHash = cid->issuerKeyHash; ++ if (pserial) ++ *pserial = cid->serialNumber; ++ return 1; ++} + + int OCSP_request_is_signed(OCSP_REQUEST *req) +- { +- if(req->optionalSignature) return 1; +- return 0; +- } ++{ ++ if (req->optionalSignature) ++ return 1; ++ return 0; ++} + + /* Create an OCSP response and encode an optional basic response */ + OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) +- { +- OCSP_RESPONSE *rsp = NULL; +- +- if (!(rsp = OCSP_RESPONSE_new())) goto err; +- if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err; +- if (!bs) return rsp; +- if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err; +- rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); +- if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) +- goto err; +- return rsp; +-err: +- if (rsp) OCSP_RESPONSE_free(rsp); +- return NULL; +- } +- ++{ ++ OCSP_RESPONSE *rsp = NULL; ++ ++ if (!(rsp = OCSP_RESPONSE_new())) ++ goto err; ++ if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) ++ goto err; ++ if (!bs) ++ return rsp; ++ if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) ++ goto err; ++ rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); ++ if (!ASN1_item_pack ++ (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) ++ goto err; ++ return rsp; ++ err: ++ if (rsp) ++ OCSP_RESPONSE_free(rsp); ++ return NULL; ++} + + OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, +- OCSP_CERTID *cid, +- int status, int reason, +- ASN1_TIME *revtime, +- ASN1_TIME *thisupd, ASN1_TIME *nextupd) +- { +- OCSP_SINGLERESP *single = NULL; +- OCSP_CERTSTATUS *cs; +- OCSP_REVOKEDINFO *ri; +- +- if(!rsp->tbsResponseData->responses && +- !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) +- goto err; +- +- if (!(single = OCSP_SINGLERESP_new())) +- goto err; +- +- +- +- if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) +- goto err; +- if (nextupd && +- !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) +- goto err; +- +- OCSP_CERTID_free(single->certId); +- +- if(!(single->certId = OCSP_CERTID_dup(cid))) +- goto err; +- +- cs = single->certStatus; +- switch(cs->type = status) +- { +- case V_OCSP_CERTSTATUS_REVOKED: +- if (!revtime) +- { +- OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME); +- goto err; +- } +- if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; +- if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) +- goto err; +- if (reason != OCSP_REVOKED_STATUS_NOSTATUS) +- { +- if (!(ri->revocationReason = ASN1_ENUMERATED_new())) +- goto err; +- if (!(ASN1_ENUMERATED_set(ri->revocationReason, +- reason))) +- goto err; +- } +- break; +- +- case V_OCSP_CERTSTATUS_GOOD: +- cs->value.good = ASN1_NULL_new(); +- break; +- +- case V_OCSP_CERTSTATUS_UNKNOWN: +- cs->value.unknown = ASN1_NULL_new(); +- break; +- +- default: +- goto err; +- +- } +- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) +- goto err; +- return single; +-err: +- OCSP_SINGLERESP_free(single); +- return NULL; +- } ++ OCSP_CERTID *cid, ++ int status, int reason, ++ ASN1_TIME *revtime, ++ ASN1_TIME *thisupd, ++ ASN1_TIME *nextupd) ++{ ++ OCSP_SINGLERESP *single = NULL; ++ OCSP_CERTSTATUS *cs; ++ OCSP_REVOKEDINFO *ri; ++ ++ if (!rsp->tbsResponseData->responses && ++ !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) ++ goto err; ++ ++ if (!(single = OCSP_SINGLERESP_new())) ++ goto err; ++ ++ if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) ++ goto err; ++ if (nextupd && ++ !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) ++ goto err; ++ ++ OCSP_CERTID_free(single->certId); ++ ++ if (!(single->certId = OCSP_CERTID_dup(cid))) ++ goto err; ++ ++ cs = single->certStatus; ++ switch (cs->type = status) { ++ case V_OCSP_CERTSTATUS_REVOKED: ++ if (!revtime) { ++ OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME); ++ goto err; ++ } ++ if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) ++ goto err; ++ if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) ++ goto err; ++ if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { ++ if (!(ri->revocationReason = ASN1_ENUMERATED_new())) ++ goto err; ++ if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) ++ goto err; ++ } ++ break; ++ ++ case V_OCSP_CERTSTATUS_GOOD: ++ cs->value.good = ASN1_NULL_new(); ++ break; ++ ++ case V_OCSP_CERTSTATUS_UNKNOWN: ++ cs->value.unknown = ASN1_NULL_new(); ++ break; ++ ++ default: ++ goto err; ++ ++ } ++ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) ++ goto err; ++ return single; ++ err: ++ OCSP_SINGLERESP_free(single); ++ return NULL; ++} + + /* Add a certificate to an OCSP request */ + + int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) +- { +- if (!resp->certs && !(resp->certs = sk_X509_new_null())) +- return 0; +- +- if(!sk_X509_push(resp->certs, cert)) return 0; +- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); +- return 1; +- } +- +-int OCSP_basic_sign(OCSP_BASICRESP *brsp, +- X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +- STACK_OF(X509) *certs, unsigned long flags) +- { +- int i; +- OCSP_RESPID *rid; +- +- if (!X509_check_private_key(signer, key)) +- { +- OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); +- goto err; +- } +- +- if(!(flags & OCSP_NOCERTS)) +- { +- if(!OCSP_basic_add1_cert(brsp, signer)) +- goto err; +- for (i = 0; i < sk_X509_num(certs); i++) +- { +- X509 *tmpcert = sk_X509_value(certs, i); +- if(!OCSP_basic_add1_cert(brsp, tmpcert)) +- goto err; +- } +- } +- +- rid = brsp->tbsResponseData->responderId; +- if (flags & OCSP_RESPID_KEY) +- { +- unsigned char md[SHA_DIGEST_LENGTH]; +- X509_pubkey_digest(signer, EVP_sha1(), md, NULL); +- if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) +- goto err; +- if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) +- goto err; +- rid->type = V_OCSP_RESPID_KEY; +- } +- else +- { +- if (!X509_NAME_set(&rid->value.byName, +- X509_get_subject_name(signer))) +- goto err; +- rid->type = V_OCSP_RESPID_NAME; +- } +- +- if (!(flags & OCSP_NOTIME) && +- !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) +- goto err; +- +- /* Right now, I think that not doing double hashing is the right +- thing. -- Richard Levitte */ +- +- if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err; +- +- return 1; +-err: +- return 0; +- } ++{ ++ if (!resp->certs && !(resp->certs = sk_X509_new_null())) ++ return 0; ++ ++ if (!sk_X509_push(resp->certs, cert)) ++ return 0; ++ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); ++ return 1; ++} ++ ++int OCSP_basic_sign(OCSP_BASICRESP *brsp, ++ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, ++ STACK_OF(X509) *certs, unsigned long flags) ++{ ++ int i; ++ OCSP_RESPID *rid; ++ ++ if (!X509_check_private_key(signer, key)) { ++ OCSPerr(OCSP_F_OCSP_BASIC_SIGN, ++ OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); ++ goto err; ++ } ++ ++ if (!(flags & OCSP_NOCERTS)) { ++ if (!OCSP_basic_add1_cert(brsp, signer)) ++ goto err; ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ X509 *tmpcert = sk_X509_value(certs, i); ++ if (!OCSP_basic_add1_cert(brsp, tmpcert)) ++ goto err; ++ } ++ } ++ ++ rid = brsp->tbsResponseData->responderId; ++ if (flags & OCSP_RESPID_KEY) { ++ unsigned char md[SHA_DIGEST_LENGTH]; ++ X509_pubkey_digest(signer, EVP_sha1(), md, NULL); ++ if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) ++ goto err; ++ if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) ++ goto err; ++ rid->type = V_OCSP_RESPID_KEY; ++ } else { ++ if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer))) ++ goto err; ++ rid->type = V_OCSP_RESPID_NAME; ++ } ++ ++ if (!(flags & OCSP_NOTIME) && ++ !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) ++ goto err; ++ ++ /* ++ * Right now, I think that not doing double hashing is the right thing. ++ * -- Richard Levitte ++ */ ++ ++ if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) ++ goto err; ++ ++ return 1; ++ err: ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +index f24080f..726ea03 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +@@ -1,6 +1,7 @@ + /* ocsp_vfy.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,389 +61,377 @@ + #include + #include + +-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +- X509_STORE *st, unsigned long flags); ++static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, ++ STACK_OF(X509) *certs, X509_STORE *st, ++ unsigned long flags); + static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); +-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags); +-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); +-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); ++static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, ++ unsigned long flags); ++static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, ++ OCSP_CERTID **ret); ++static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, ++ STACK_OF(OCSP_SINGLERESP) *sresp); + static int ocsp_check_delegated(X509 *x, int flags); +-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, +- X509_STORE *st, unsigned long flags); ++static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, ++ X509_NAME *nm, STACK_OF(X509) *certs, ++ X509_STORE *st, unsigned long flags); + + /* Verify a basic response message */ + + int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +- X509_STORE *st, unsigned long flags) +- { +- X509 *signer, *x; +- STACK_OF(X509) *chain = NULL; +- X509_STORE_CTX ctx; +- int i, ret = 0; +- ret = ocsp_find_signer(&signer, bs, certs, st, flags); +- if (!ret) +- { +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); +- goto end; +- } +- if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) +- flags |= OCSP_NOVERIFY; +- if (!(flags & OCSP_NOSIGS)) +- { +- EVP_PKEY *skey; +- skey = X509_get_pubkey(signer); +- if (skey) +- { +- ret = OCSP_BASICRESP_verify(bs, skey, 0); +- EVP_PKEY_free(skey); +- } +- if(!skey || ret <= 0) +- { +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); +- goto end; +- } +- } +- if (!(flags & OCSP_NOVERIFY)) +- { +- int init_res; +- if(flags & OCSP_NOCHAIN) +- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); +- else +- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); +- if(!init_res) +- { +- ret = -1; +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); +- goto end; +- } +- +- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); +- ret = X509_verify_cert(&ctx); +- chain = X509_STORE_CTX_get1_chain(&ctx); +- X509_STORE_CTX_cleanup(&ctx); +- if (ret <= 0) +- { +- i = X509_STORE_CTX_get_error(&ctx); +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); +- ERR_add_error_data(2, "Verify error:", +- X509_verify_cert_error_string(i)); +- goto end; +- } +- if(flags & OCSP_NOCHECKS) +- { +- ret = 1; +- goto end; +- } +- /* At this point we have a valid certificate chain +- * need to verify it against the OCSP issuer criteria. +- */ +- ret = ocsp_check_issuer(bs, chain, flags); +- +- /* If fatal error or valid match then finish */ +- if (ret != 0) goto end; +- +- /* Easy case: explicitly trusted. Get root CA and +- * check for explicit trust +- */ +- if(flags & OCSP_NOEXPLICIT) goto end; +- +- x = sk_X509_value(chain, sk_X509_num(chain) - 1); +- if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) +- { +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED); +- goto end; +- } +- ret = 1; +- } +- +- +- +- end: +- if(chain) sk_X509_pop_free(chain, X509_free); +- return ret; +- } +- +- +-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +- X509_STORE *st, unsigned long flags) +- { +- X509 *signer; +- OCSP_RESPID *rid = bs->tbsResponseData->responderId; +- if ((signer = ocsp_find_signer_sk(certs, rid))) +- { +- *psigner = signer; +- return 2; +- } +- if(!(flags & OCSP_NOINTERN) && +- (signer = ocsp_find_signer_sk(bs->certs, rid))) +- { +- *psigner = signer; +- return 1; +- } +- /* Maybe lookup from store if by subject name */ +- +- *psigner = NULL; +- return 0; +- } ++ X509_STORE *st, unsigned long flags) ++{ ++ X509 *signer, *x; ++ STACK_OF(X509) *chain = NULL; ++ X509_STORE_CTX ctx; ++ int i, ret = 0; ++ ret = ocsp_find_signer(&signer, bs, certs, st, flags); ++ if (!ret) { ++ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ++ OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); ++ goto end; ++ } ++ if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) ++ flags |= OCSP_NOVERIFY; ++ if (!(flags & OCSP_NOSIGS)) { ++ EVP_PKEY *skey; ++ skey = X509_get_pubkey(signer); ++ if (skey) { ++ ret = OCSP_BASICRESP_verify(bs, skey, 0); ++ EVP_PKEY_free(skey); ++ } ++ if (!skey || ret <= 0) { ++ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); ++ goto end; ++ } ++ } ++ if (!(flags & OCSP_NOVERIFY)) { ++ int init_res; ++ if (flags & OCSP_NOCHAIN) ++ init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); ++ else ++ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); ++ if (!init_res) { ++ ret = -1; ++ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); ++ goto end; ++ } + ++ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); ++ ret = X509_verify_cert(&ctx); ++ chain = X509_STORE_CTX_get1_chain(&ctx); ++ X509_STORE_CTX_cleanup(&ctx); ++ if (ret <= 0) { ++ i = X509_STORE_CTX_get_error(&ctx); ++ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ++ OCSP_R_CERTIFICATE_VERIFY_ERROR); ++ ERR_add_error_data(2, "Verify error:", ++ X509_verify_cert_error_string(i)); ++ goto end; ++ } ++ if (flags & OCSP_NOCHECKS) { ++ ret = 1; ++ goto end; ++ } ++ /* ++ * At this point we have a valid certificate chain need to verify it ++ * against the OCSP issuer criteria. ++ */ ++ ret = ocsp_check_issuer(bs, chain, flags); ++ ++ /* If fatal error or valid match then finish */ ++ if (ret != 0) ++ goto end; ++ ++ /* ++ * Easy case: explicitly trusted. Get root CA and check for explicit ++ * trust ++ */ ++ if (flags & OCSP_NOEXPLICIT) ++ goto end; ++ ++ x = sk_X509_value(chain, sk_X509_num(chain) - 1); ++ if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { ++ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); ++ goto end; ++ } ++ ret = 1; ++ } ++ ++ end: ++ if (chain) ++ sk_X509_pop_free(chain, X509_free); ++ return ret; ++} ++ ++static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, ++ STACK_OF(X509) *certs, X509_STORE *st, ++ unsigned long flags) ++{ ++ X509 *signer; ++ OCSP_RESPID *rid = bs->tbsResponseData->responderId; ++ if ((signer = ocsp_find_signer_sk(certs, rid))) { ++ *psigner = signer; ++ return 2; ++ } ++ if (!(flags & OCSP_NOINTERN) && ++ (signer = ocsp_find_signer_sk(bs->certs, rid))) { ++ *psigner = signer; ++ return 1; ++ } ++ /* Maybe lookup from store if by subject name */ ++ ++ *psigner = NULL; ++ return 0; ++} + + static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) +- { +- int i; +- unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; +- X509 *x; +- +- /* Easy if lookup by name */ +- if (id->type == V_OCSP_RESPID_NAME) +- return X509_find_by_subject(certs, id->value.byName); +- +- /* Lookup by key hash */ +- +- /* If key hash isn't SHA1 length then forget it */ +- if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; +- keyhash = id->value.byKey->data; +- /* Calculate hash of each key and compare */ +- for (i = 0; i < sk_X509_num(certs); i++) +- { +- x = sk_X509_value(certs, i); +- X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); +- if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) +- return x; +- } +- return NULL; +- } +- +- +-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags) +- { +- STACK_OF(OCSP_SINGLERESP) *sresp; +- X509 *signer, *sca; +- OCSP_CERTID *caid = NULL; +- int i; +- sresp = bs->tbsResponseData->responses; +- +- if (sk_X509_num(chain) <= 0) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); +- return -1; +- } +- +- /* See if the issuer IDs match. */ +- i = ocsp_check_ids(sresp, &caid); +- +- /* If ID mismatch or other error then return */ +- if (i <= 0) return i; +- +- signer = sk_X509_value(chain, 0); +- /* Check to see if OCSP responder CA matches request CA */ +- if (sk_X509_num(chain) > 1) +- { +- sca = sk_X509_value(chain, 1); +- i = ocsp_match_issuerid(sca, caid, sresp); +- if (i < 0) return i; +- if (i) +- { +- /* We have a match, if extensions OK then success */ +- if (ocsp_check_delegated(signer, flags)) return 1; +- return 0; +- } +- } +- +- /* Otherwise check if OCSP request signed directly by request CA */ +- return ocsp_match_issuerid(signer, caid, sresp); +- } +- +- +-/* Check the issuer certificate IDs for equality. If there is a mismatch with the same +- * algorithm then there's no point trying to match any certificates against the issuer. +- * If the issuer IDs all match then we just need to check equality against one of them. ++{ ++ int i; ++ unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; ++ X509 *x; ++ ++ /* Easy if lookup by name */ ++ if (id->type == V_OCSP_RESPID_NAME) ++ return X509_find_by_subject(certs, id->value.byName); ++ ++ /* Lookup by key hash */ ++ ++ /* If key hash isn't SHA1 length then forget it */ ++ if (id->value.byKey->length != SHA_DIGEST_LENGTH) ++ return NULL; ++ keyhash = id->value.byKey->data; ++ /* Calculate hash of each key and compare */ ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ x = sk_X509_value(certs, i); ++ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); ++ if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) ++ return x; ++ } ++ return NULL; ++} ++ ++static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, ++ unsigned long flags) ++{ ++ STACK_OF(OCSP_SINGLERESP) *sresp; ++ X509 *signer, *sca; ++ OCSP_CERTID *caid = NULL; ++ int i; ++ sresp = bs->tbsResponseData->responses; ++ ++ if (sk_X509_num(chain) <= 0) { ++ OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); ++ return -1; ++ } ++ ++ /* See if the issuer IDs match. */ ++ i = ocsp_check_ids(sresp, &caid); ++ ++ /* If ID mismatch or other error then return */ ++ if (i <= 0) ++ return i; ++ ++ signer = sk_X509_value(chain, 0); ++ /* Check to see if OCSP responder CA matches request CA */ ++ if (sk_X509_num(chain) > 1) { ++ sca = sk_X509_value(chain, 1); ++ i = ocsp_match_issuerid(sca, caid, sresp); ++ if (i < 0) ++ return i; ++ if (i) { ++ /* We have a match, if extensions OK then success */ ++ if (ocsp_check_delegated(signer, flags)) ++ return 1; ++ return 0; ++ } ++ } ++ ++ /* Otherwise check if OCSP request signed directly by request CA */ ++ return ocsp_match_issuerid(signer, caid, sresp); ++} ++ ++/* ++ * Check the issuer certificate IDs for equality. If there is a mismatch with ++ * the same algorithm then there's no point trying to match any certificates ++ * against the issuer. If the issuer IDs all match then we just need to check ++ * equality against one of them. + */ +- ++ + static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) +- { +- OCSP_CERTID *tmpid, *cid; +- int i, idcount; +- +- idcount = sk_OCSP_SINGLERESP_num(sresp); +- if (idcount <= 0) +- { +- OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); +- return -1; +- } +- +- cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; +- +- *ret = NULL; +- +- for (i = 1; i < idcount; i++) +- { +- tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; +- /* Check to see if IDs match */ +- if (OCSP_id_issuer_cmp(cid, tmpid)) +- { +- /* If algoritm mismatch let caller deal with it */ +- if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, +- cid->hashAlgorithm->algorithm)) +- return 2; +- /* Else mismatch */ +- return 0; +- } +- } +- +- /* All IDs match: only need to check one ID */ +- *ret = cid; +- return 1; +- } ++{ ++ OCSP_CERTID *tmpid, *cid; ++ int i, idcount; ++ ++ idcount = sk_OCSP_SINGLERESP_num(sresp); ++ if (idcount <= 0) { ++ OCSPerr(OCSP_F_OCSP_CHECK_IDS, ++ OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); ++ return -1; ++ } ++ ++ cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; ++ ++ *ret = NULL; ++ ++ for (i = 1; i < idcount; i++) { ++ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; ++ /* Check to see if IDs match */ ++ if (OCSP_id_issuer_cmp(cid, tmpid)) { ++ /* If algoritm mismatch let caller deal with it */ ++ if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, ++ cid->hashAlgorithm->algorithm)) ++ return 2; ++ /* Else mismatch */ ++ return 0; ++ } ++ } + ++ /* All IDs match: only need to check one ID */ ++ *ret = cid; ++ return 1; ++} + + static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, +- STACK_OF(OCSP_SINGLERESP) *sresp) +- { +- /* If only one ID to match then do it */ +- if(cid) +- { +- const EVP_MD *dgst; +- X509_NAME *iname; +- int mdlen; +- unsigned char md[EVP_MAX_MD_SIZE]; +- if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) +- { +- OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); +- return -1; +- } +- +- mdlen = EVP_MD_size(dgst); +- if ((cid->issuerNameHash->length != mdlen) || +- (cid->issuerKeyHash->length != mdlen)) +- return 0; +- iname = X509_get_subject_name(cert); +- if (!X509_NAME_digest(iname, dgst, md, NULL)) +- return -1; +- if (memcmp(md, cid->issuerNameHash->data, mdlen)) +- return 0; +- X509_pubkey_digest(cert, EVP_sha1(), md, NULL); +- if (memcmp(md, cid->issuerKeyHash->data, mdlen)) +- return 0; +- +- return 1; +- +- } +- else +- { +- /* We have to match the whole lot */ +- int i, ret; +- OCSP_CERTID *tmpid; +- for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) +- { +- tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; +- ret = ocsp_match_issuerid(cert, tmpid, NULL); +- if (ret <= 0) return ret; +- } +- return 1; +- } +- +- } ++ STACK_OF(OCSP_SINGLERESP) *sresp) ++{ ++ /* If only one ID to match then do it */ ++ if (cid) { ++ const EVP_MD *dgst; ++ X509_NAME *iname; ++ int mdlen; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) { ++ OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, ++ OCSP_R_UNKNOWN_MESSAGE_DIGEST); ++ return -1; ++ } ++ ++ mdlen = EVP_MD_size(dgst); ++ if ((cid->issuerNameHash->length != mdlen) || ++ (cid->issuerKeyHash->length != mdlen)) ++ return 0; ++ iname = X509_get_subject_name(cert); ++ if (!X509_NAME_digest(iname, dgst, md, NULL)) ++ return -1; ++ if (memcmp(md, cid->issuerNameHash->data, mdlen)) ++ return 0; ++ X509_pubkey_digest(cert, EVP_sha1(), md, NULL); ++ if (memcmp(md, cid->issuerKeyHash->data, mdlen)) ++ return 0; ++ ++ return 1; ++ ++ } else { ++ /* We have to match the whole lot */ ++ int i, ret; ++ OCSP_CERTID *tmpid; ++ for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) { ++ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; ++ ret = ocsp_match_issuerid(cert, tmpid, NULL); ++ if (ret <= 0) ++ return ret; ++ } ++ return 1; ++ } ++ ++} + + static int ocsp_check_delegated(X509 *x, int flags) +- { +- X509_check_purpose(x, -1, 0); +- if ((x->ex_flags & EXFLAG_XKUSAGE) && +- (x->ex_xkusage & XKU_OCSP_SIGN)) +- return 1; +- OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); +- return 0; +- } +- +-/* Verify an OCSP request. This is fortunately much easier than OCSP +- * response verify. Just find the signers certificate and verify it +- * against a given trust value. ++{ ++ X509_check_purpose(x, -1, 0); ++ if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN)) ++ return 1; ++ OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); ++ return 0; ++} ++ ++/* ++ * Verify an OCSP request. This is fortunately much easier than OCSP response ++ * verify. Just find the signers certificate and verify it against a given ++ * trust value. + */ + +-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) +- { +- X509 *signer; +- X509_NAME *nm; +- GENERAL_NAME *gen; +- int ret; +- X509_STORE_CTX ctx; +- if (!req->optionalSignature) +- { +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); +- return 0; +- } +- gen = req->tbsRequest->requestorName; +- if (!gen || gen->type != GEN_DIRNAME) +- { +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); +- return 0; +- } +- nm = gen->d.directoryName; +- ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); +- if (ret <= 0) +- { +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); +- return 0; +- } +- if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) +- flags |= OCSP_NOVERIFY; +- if (!(flags & OCSP_NOSIGS)) +- { +- EVP_PKEY *skey; +- skey = X509_get_pubkey(signer); +- ret = OCSP_REQUEST_verify(req, skey); +- EVP_PKEY_free(skey); +- if(ret <= 0) +- { +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); +- return 0; +- } +- } +- if (!(flags & OCSP_NOVERIFY)) +- { +- int init_res; +- if(flags & OCSP_NOCHAIN) +- init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); +- else +- init_res = X509_STORE_CTX_init(&ctx, store, signer, +- req->optionalSignature->certs); +- if(!init_res) +- { +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); +- return 0; +- } +- +- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); +- X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); +- ret = X509_verify_cert(&ctx); +- X509_STORE_CTX_cleanup(&ctx); +- if (ret <= 0) +- { +- ret = X509_STORE_CTX_get_error(&ctx); +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); +- ERR_add_error_data(2, "Verify error:", +- X509_verify_cert_error_string(ret)); +- return 0; +- } +- } +- return 1; ++int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, ++ X509_STORE *store, unsigned long flags) ++{ ++ X509 *signer; ++ X509_NAME *nm; ++ GENERAL_NAME *gen; ++ int ret; ++ X509_STORE_CTX ctx; ++ if (!req->optionalSignature) { ++ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); ++ return 0; ++ } ++ gen = req->tbsRequest->requestorName; ++ if (!gen || gen->type != GEN_DIRNAME) { ++ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ++ OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); ++ return 0; ++ } ++ nm = gen->d.directoryName; ++ ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); ++ if (ret <= 0) { ++ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ++ OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); ++ return 0; ++ } ++ if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) ++ flags |= OCSP_NOVERIFY; ++ if (!(flags & OCSP_NOSIGS)) { ++ EVP_PKEY *skey; ++ skey = X509_get_pubkey(signer); ++ ret = OCSP_REQUEST_verify(req, skey); ++ EVP_PKEY_free(skey); ++ if (ret <= 0) { ++ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); ++ return 0; ++ } ++ } ++ if (!(flags & OCSP_NOVERIFY)) { ++ int init_res; ++ if (flags & OCSP_NOCHAIN) ++ init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); ++ else ++ init_res = X509_STORE_CTX_init(&ctx, store, signer, ++ req->optionalSignature->certs); ++ if (!init_res) { ++ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); ++ return 0; + } + +-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, +- X509_STORE *st, unsigned long flags) +- { +- X509 *signer; +- if(!(flags & OCSP_NOINTERN)) +- { +- signer = X509_find_by_subject(req->optionalSignature->certs, nm); +- *psigner = signer; +- return 1; +- } +- +- signer = X509_find_by_subject(certs, nm); +- if (signer) +- { +- *psigner = signer; +- return 2; +- } +- return 0; +- } ++ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); ++ X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); ++ ret = X509_verify_cert(&ctx); ++ X509_STORE_CTX_cleanup(&ctx); ++ if (ret <= 0) { ++ ret = X509_STORE_CTX_get_error(&ctx); ++ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ++ OCSP_R_CERTIFICATE_VERIFY_ERROR); ++ ERR_add_error_data(2, "Verify error:", ++ X509_verify_cert_error_string(ret)); ++ return 0; ++ } ++ } ++ return 1; ++} ++ ++static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, ++ X509_NAME *nm, STACK_OF(X509) *certs, ++ X509_STORE *st, unsigned long flags) ++{ ++ X509 *signer; ++ if (!(flags & OCSP_NOINTERN)) { ++ signer = X509_find_by_subject(req->optionalSignature->certs, nm); ++ *psigner = signer; ++ return 1; ++ } ++ ++ signer = X509_find_by_subject(certs, nm); ++ if (signer) { ++ *psigner = signer; ++ return 2; ++ } ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +index 69dd19b..d4022aa 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_all.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -118,13 +118,13 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DH +-#include ++# include + #endif + + #ifndef OPENSSL_NO_RSA +@@ -141,342 +141,319 @@ static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); + IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) + + IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) +- + IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL) +- + IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) + + IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, +- PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) +- +- ++ PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) + #ifndef OPENSSL_NO_RSA +- +-/* We treat RSA or DSA private keys as a special case. +- * +- * For private keys we read in an EVP_PKEY structure with +- * PEM_read_bio_PrivateKey() and extract the relevant private +- * key: this means can handle "traditional" and PKCS#8 formats +- * transparently. ++/* ++ * We treat RSA or DSA private keys as a special case. For private keys we ++ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract ++ * the relevant private key: this means can handle "traditional" and PKCS#8 ++ * formats transparently. + */ +- + static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) + { +- RSA *rtmp; +- if(!key) return NULL; +- rtmp = EVP_PKEY_get1_RSA(key); +- EVP_PKEY_free(key); +- if(!rtmp) return NULL; +- if(rsa) { +- RSA_free(*rsa); +- *rsa = rtmp; +- } +- return rtmp; ++ RSA *rtmp; ++ if (!key) ++ return NULL; ++ rtmp = EVP_PKEY_get1_RSA(key); ++ EVP_PKEY_free(key); ++ if (!rtmp) ++ return NULL; ++ if (rsa) { ++ RSA_free(*rsa); ++ *rsa = rtmp; ++ } ++ return rtmp; + } + + RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, +- void *u) ++ void *u) + { +- EVP_PKEY *pktmp; +- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); +- return pkey_get_rsa(pktmp, rsa); ++ EVP_PKEY *pktmp; ++ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); ++ return pkey_get_rsa(pktmp, rsa); + } + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + +-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, +- void *u) ++RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) + { +- EVP_PKEY *pktmp; +- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); +- return pkey_get_rsa(pktmp, rsa); ++ EVP_PKEY *pktmp; ++ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); ++ return pkey_get_rsa(pktmp, rsa); + } + +-#endif ++# endif + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + + int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_RSA(k, x); +- +- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_RSA(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; + } + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; + +- EVP_PKEY_set1_RSA(k, x); ++ EVP_PKEY_set1_RSA(k, x); + +- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; + } +-#endif ++# endif + +-#else +- +-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) +- +-#endif +- +-IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) +-IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) ++# else + ++IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, ++ RSAPrivateKey) ++# endif ++IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, ++ RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, ++ PEM_STRING_PUBLIC, ++ RSA_PUBKEY) + #endif +- + #ifndef OPENSSL_NO_DSA +- + static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) + { +- DSA *dtmp; +- if(!key) return NULL; +- dtmp = EVP_PKEY_get1_DSA(key); +- EVP_PKEY_free(key); +- if(!dtmp) return NULL; +- if(dsa) { +- DSA_free(*dsa); +- *dsa = dtmp; +- } +- return dtmp; ++ DSA *dtmp; ++ if (!key) ++ return NULL; ++ dtmp = EVP_PKEY_get1_DSA(key); ++ EVP_PKEY_free(key); ++ if (!dtmp) ++ return NULL; ++ if (dsa) { ++ DSA_free(*dsa); ++ *dsa = dtmp; ++ } ++ return dtmp; + } + + DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, +- void *u) ++ void *u) + { +- EVP_PKEY *pktmp; +- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); +- return pkey_get_dsa(pktmp, dsa); ++ EVP_PKEY *pktmp; ++ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); ++ return pkey_get_dsa(pktmp, dsa); + } + +-#ifdef OPENSSL_FIPS ++# ifdef OPENSSL_FIPS + + int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_DSA(k, x); +- +- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_DSA(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; + } + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_DSA(k, x); +- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_DSA(k, x); ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; + } +-#endif ++# endif + +-#else +- +-IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +- +-#endif ++# else + +-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +- +-#ifndef OPENSSL_NO_FP_API +- +-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, +- void *u) ++IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, ++ DSAPrivateKey) ++# endif ++ IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) ++# ifndef OPENSSL_NO_FP_API ++DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) + { +- EVP_PKEY *pktmp; +- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); +- return pkey_get_dsa(pktmp, dsa); ++ EVP_PKEY *pktmp; ++ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); ++ return pkey_get_dsa(pktmp, dsa); + } + +-#endif ++# endif + + IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) +- + #endif +- +- + #ifndef OPENSSL_NO_EC + static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) + { +- EC_KEY *dtmp; +- if(!key) return NULL; +- dtmp = EVP_PKEY_get1_EC_KEY(key); +- EVP_PKEY_free(key); +- if(!dtmp) return NULL; +- if(eckey) +- { +- EC_KEY_free(*eckey); +- *eckey = dtmp; +- } +- return dtmp; ++ EC_KEY *dtmp; ++ if (!key) ++ return NULL; ++ dtmp = EVP_PKEY_get1_EC_KEY(key); ++ EVP_PKEY_free(key); ++ if (!dtmp) ++ return NULL; ++ if (eckey) { ++ EC_KEY_free(*eckey); ++ *eckey = dtmp; ++ } ++ return dtmp; + } + + EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, +- void *u) ++ void *u) + { +- EVP_PKEY *pktmp; +- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); +- return pkey_get_eckey(pktmp, key); ++ EVP_PKEY *pktmp; ++ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); ++ return pkey_get_eckey(pktmp, key); + } + +-IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) +- +- +- +-#ifdef OPENSSL_FIPS +- ++IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ++ ECPKParameters) ++# ifdef OPENSSL_FIPS + int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_EC_KEY(k, x); +- +- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_EC_KEY(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; + } + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- EVP_PKEY *k; +- int ret; +- k = EVP_PKEY_new(); +- if (!k) +- return 0; +- EVP_PKEY_set1_EC_KEY(k, x); +- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); +- EVP_PKEY_free(k); +- return ret; ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_EC_KEY(k, x); ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; + } +-#endif +- +-#else +- +-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) +- +-#endif ++# endif + ++# else ++ IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ++ ECPrivateKey) ++# endif + IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) +- +-#ifndef OPENSSL_NO_FP_API +- ++# ifndef OPENSSL_NO_FP_API + EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, +- void *u) ++ void *u) + { +- EVP_PKEY *pktmp; +- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); +- return pkey_get_eckey(pktmp, eckey); ++ EVP_PKEY *pktmp; ++ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); ++ return pkey_get_eckey(pktmp, eckey); + } + +-#endif ++# endif + + #endif + + #ifndef OPENSSL_NO_DH + + IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +- + #endif +- +- +-/* The PrivateKey case is not that straightforward. ++/*- ++ * The PrivateKey case is not that straightforward. + * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) + * does not work, RSA and DSA keys have specific strings. + * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything + * appropriate.) + */ +- + #ifdef OPENSSL_FIPS +- + static const char *pkey_str(EVP_PKEY *x) +- { +- switch (x->type) +- { +- case EVP_PKEY_RSA: +- return PEM_STRING_RSA; +- +- case EVP_PKEY_DSA: +- return PEM_STRING_DSA; ++{ ++ switch (x->type) { ++ case EVP_PKEY_RSA: ++ return PEM_STRING_RSA; + +- case EVP_PKEY_EC: +- return PEM_STRING_ECPRIVATEKEY; ++ case EVP_PKEY_DSA: ++ return PEM_STRING_DSA; + +- default: +- return NULL; +- } +- } ++ case EVP_PKEY_EC: ++ return PEM_STRING_ECPRIVATEKEY; + ++ default: ++ return NULL; ++ } ++} + + int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) +- { +- if (FIPS_mode()) +- return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, +- (char *)kstr, klen, cb, u); +- else +- return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, +- pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u); +- } +- +-#ifndef OPENSSL_NO_FP_API ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) ++ return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, ++ (char *)kstr, klen, cb, u); ++ else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, ++ pkey_str(x), bp, (char *)x, enc, kstr, klen, ++ cb, u); ++} ++ ++# ifndef OPENSSL_NO_FP_API + int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) +- { +- if (FIPS_mode()) +- return PEM_write_PKCS8PrivateKey(fp, x, enc, +- (char *)kstr, klen, cb, u); +- else +- return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, +- pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u); +- } +-#endif ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) ++ return PEM_write_PKCS8PrivateKey(fp, x, enc, ++ (char *)kstr, klen, cb, u); ++ else ++ return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, ++ pkey_str(x), fp, (char *)x, enc, kstr, klen, cb, ++ u); ++} ++# endif + + #else +-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ +- (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) +- ++IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ++ ((x->type == ++ EVP_PKEY_DSA) ? PEM_STRING_DSA : (x->type == ++ EVP_PKEY_RSA) ? ++ PEM_STRING_RSA : PEM_STRING_ECPRIVATEKEY), PrivateKey) + #endif +- +-IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) +- ++ IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +index 3133563..7452d25 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,71 +66,71 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) + +-static ERR_STRING_DATA PEM_str_functs[]= +- { +-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, +-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, +-{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, +-{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, +-{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, +-{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, +-{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, +-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, +-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, +-{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, +-{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, +-{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, +-{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, +-{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, +-{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, +-{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, +-{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, +-{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, +-{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, +-{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, +-{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, +-{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, +-{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, +-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, +-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, +-{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA PEM_str_functs[] = { ++ {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, ++ {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, ++ {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, ++ {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, ++ {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, ++ {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, ++ {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, ++ {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, ++ {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, ++ {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, ++ {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, ++ {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), ++ "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, ++ {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, ++ {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, ++ {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, ++ {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, ++ {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, ++ {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, ++ {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, ++ {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, ++ {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, ++ {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, ++ {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, ++ {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, ++ {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, ++ {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA PEM_str_reasons[]= +- { +-{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"}, +-{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"}, +-{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"}, +-{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"}, +-{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"}, +-{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"}, +-{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"}, +-{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"}, +-{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"}, +-{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"}, +-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"}, +-{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"}, +-{ERR_REASON(PEM_R_READ_KEY) ,"read key"}, +-{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"}, +-{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, +-{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA PEM_str_reasons[] = { ++ {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, ++ {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"}, ++ {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"}, ++ {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"}, ++ {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"}, ++ {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), ++ "error converting private key"}, ++ {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, ++ {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, ++ {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, ++ {ERR_REASON(PEM_R_NO_START_LINE), "no start line"}, ++ {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), ++ "problems getting password"}, ++ {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"}, ++ {ERR_REASON(PEM_R_READ_KEY), "read key"}, ++ {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, ++ {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, ++ {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_PEM_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,PEM_str_functs); +- ERR_load_strings(0,PEM_str_reasons); +- } ++ if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, PEM_str_functs); ++ ERR_load_strings(0, PEM_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +index 3a273f6..91842b6 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_info.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,334 +64,320 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + + #ifndef OPENSSL_NO_FP_API +-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) +- { +- BIO *b; +- STACK_OF(X509_INFO) *ret; ++STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, ++ pem_password_cb *cb, void *u) ++{ ++ BIO *b; ++ STACK_OF(X509_INFO) *ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=PEM_X509_INFO_read_bio(b,sk,cb,u); +- BIO_free(b); +- return(ret); +- } ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_X509_INFO_read_bio(b, sk, cb, u); ++ BIO_free(b); ++ return (ret); ++} + #endif + +-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) +- { +- X509_INFO *xi=NULL; +- char *name=NULL,*header=NULL; +- void *pp; +- unsigned char *data=NULL; +- const unsigned char *p; +- long len,error=0; +- int ok=0; +- STACK_OF(X509_INFO) *ret=NULL; +- unsigned int i,raw; +- d2i_of_void *d2i; ++STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, ++ pem_password_cb *cb, void *u) ++{ ++ X509_INFO *xi = NULL; ++ char *name = NULL, *header = NULL; ++ void *pp; ++ unsigned char *data = NULL; ++ const unsigned char *p; ++ long len, error = 0; ++ int ok = 0; ++ STACK_OF(X509_INFO) *ret = NULL; ++ unsigned int i, raw; ++ d2i_of_void *d2i; + +- if (sk == NULL) +- { +- if ((ret=sk_X509_INFO_new_null()) == NULL) +- { +- PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- else +- ret=sk; ++ if (sk == NULL) { ++ if ((ret = sk_X509_INFO_new_null()) == NULL) { ++ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } else ++ ret = sk; + +- if ((xi=X509_INFO_new()) == NULL) goto err; +- for (;;) +- { +- raw=0; +- i=PEM_read_bio(bp,&name,&header,&data,&len); +- if (i == 0) +- { +- error=ERR_GET_REASON(ERR_peek_last_error()); +- if (error == PEM_R_NO_START_LINE) +- { +- ERR_clear_error(); +- break; +- } +- goto err; +- } +-start: +- if ( (strcmp(name,PEM_STRING_X509) == 0) || +- (strcmp(name,PEM_STRING_X509_OLD) == 0)) +- { +- d2i=(D2I_OF(void))d2i_X509; +- if (xi->x509 != NULL) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- if ((xi=X509_INFO_new()) == NULL) goto err; +- goto start; +- } +- pp=&(xi->x509); +- } +- else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) +- { +- d2i=(D2I_OF(void))d2i_X509_AUX; +- if (xi->x509 != NULL) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- if ((xi=X509_INFO_new()) == NULL) goto err; +- goto start; +- } +- pp=&(xi->x509); +- } +- else if (strcmp(name,PEM_STRING_X509_CRL) == 0) +- { +- d2i=(D2I_OF(void))d2i_X509_CRL; +- if (xi->crl != NULL) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- if ((xi=X509_INFO_new()) == NULL) goto err; +- goto start; +- } +- pp=&(xi->crl); +- } +- else ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ for (;;) { ++ raw = 0; ++ i = PEM_read_bio(bp, &name, &header, &data, &len); ++ if (i == 0) { ++ error = ERR_GET_REASON(ERR_peek_last_error()); ++ if (error == PEM_R_NO_START_LINE) { ++ ERR_clear_error(); ++ break; ++ } ++ goto err; ++ } ++ start: ++ if ((strcmp(name, PEM_STRING_X509) == 0) || ++ (strcmp(name, PEM_STRING_X509_OLD) == 0)) { ++ d2i = (D2I_OF(void)) d2i_X509; ++ if (xi->x509 != NULL) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ goto start; ++ } ++ pp = &(xi->x509); ++ } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) { ++ d2i = (D2I_OF(void)) d2i_X509_AUX; ++ if (xi->x509 != NULL) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ goto start; ++ } ++ pp = &(xi->x509); ++ } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { ++ d2i = (D2I_OF(void)) d2i_X509_CRL; ++ if (xi->crl != NULL) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ goto start; ++ } ++ pp = &(xi->crl); ++ } else + #ifndef OPENSSL_NO_RSA +- if (strcmp(name,PEM_STRING_RSA) == 0) +- { +- d2i=(D2I_OF(void))d2i_RSAPrivateKey; +- if (xi->x_pkey != NULL) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- if ((xi=X509_INFO_new()) == NULL) goto err; +- goto start; +- } ++ if (strcmp(name, PEM_STRING_RSA) == 0) { ++ d2i = (D2I_OF(void)) d2i_RSAPrivateKey; ++ if (xi->x_pkey != NULL) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ goto start; ++ } + +- xi->enc_data=NULL; +- xi->enc_len=0; ++ xi->enc_data = NULL; ++ xi->enc_len = 0; + +- xi->x_pkey=X509_PKEY_new(); +- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) +- goto err; +- xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; +- pp=&(xi->x_pkey->dec_pkey->pkey.rsa); +- if ((int)strlen(header) > 10) /* assume encrypted */ +- raw=1; +- } +- else ++ xi->x_pkey = X509_PKEY_new(); ++ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) ++ goto err; ++ xi->x_pkey->dec_pkey->type = EVP_PKEY_RSA; ++ pp = &(xi->x_pkey->dec_pkey->pkey.rsa); ++ if ((int)strlen(header) > 10) /* assume encrypted */ ++ raw = 1; ++ } else + #endif + #ifndef OPENSSL_NO_DSA +- if (strcmp(name,PEM_STRING_DSA) == 0) +- { +- d2i=(D2I_OF(void))d2i_DSAPrivateKey; +- if (xi->x_pkey != NULL) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- if ((xi=X509_INFO_new()) == NULL) goto err; +- goto start; +- } ++ if (strcmp(name, PEM_STRING_DSA) == 0) { ++ d2i = (D2I_OF(void)) d2i_DSAPrivateKey; ++ if (xi->x_pkey != NULL) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ goto start; ++ } + +- xi->enc_data=NULL; +- xi->enc_len=0; ++ xi->enc_data = NULL; ++ xi->enc_len = 0; + +- xi->x_pkey=X509_PKEY_new(); +- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) +- goto err; +- xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; +- pp=&xi->x_pkey->dec_pkey->pkey.dsa; +- if ((int)strlen(header) > 10) /* assume encrypted */ +- raw=1; +- } +- else ++ xi->x_pkey = X509_PKEY_new(); ++ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) ++ goto err; ++ xi->x_pkey->dec_pkey->type = EVP_PKEY_DSA; ++ pp = &xi->x_pkey->dec_pkey->pkey.dsa; ++ if ((int)strlen(header) > 10) /* assume encrypted */ ++ raw = 1; ++ } else + #endif + #ifndef OPENSSL_NO_EC +- if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0) +- { +- d2i=(D2I_OF(void))d2i_ECPrivateKey; +- if (xi->x_pkey != NULL) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- if ((xi=X509_INFO_new()) == NULL) goto err; +- goto start; +- } +- +- xi->enc_data=NULL; +- xi->enc_len=0; +- +- xi->x_pkey=X509_PKEY_new(); +- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) +- goto err; +- xi->x_pkey->dec_pkey->type=EVP_PKEY_EC; +- pp=&(xi->x_pkey->dec_pkey->pkey.ec); +- if ((int)strlen(header) > 10) /* assume encrypted */ +- raw=1; +- } +- else ++ if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) { ++ d2i = (D2I_OF(void)) d2i_ECPrivateKey; ++ if (xi->x_pkey != NULL) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ if ((xi = X509_INFO_new()) == NULL) ++ goto err; ++ goto start; ++ } ++ ++ xi->enc_data = NULL; ++ xi->enc_len = 0; ++ ++ xi->x_pkey = X509_PKEY_new(); ++ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL) ++ goto err; ++ xi->x_pkey->dec_pkey->type = EVP_PKEY_EC; ++ pp = &(xi->x_pkey->dec_pkey->pkey.ec); ++ if ((int)strlen(header) > 10) /* assume encrypted */ ++ raw = 1; ++ } else + #endif +- { +- d2i=NULL; +- pp=NULL; +- } ++ { ++ d2i = NULL; ++ pp = NULL; ++ } + +- if (d2i != NULL) +- { +- if (!raw) +- { +- EVP_CIPHER_INFO cipher; ++ if (d2i != NULL) { ++ if (!raw) { ++ EVP_CIPHER_INFO cipher; + +- if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) +- goto err; +- if (!PEM_do_header(&cipher,data,&len,cb,u)) +- goto err; +- p=data; +- if (d2i(pp,&p,len) == NULL) +- { +- PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); +- goto err; +- } +- } +- else +- { /* encrypted RSA data */ +- if (!PEM_get_EVP_CIPHER_INFO(header, +- &xi->enc_cipher)) goto err; +- xi->enc_data=(char *)data; +- xi->enc_len=(int)len; +- data=NULL; +- } +- } +- else { +- /* unknown */ +- } +- if (name != NULL) OPENSSL_free(name); +- if (header != NULL) OPENSSL_free(header); +- if (data != NULL) OPENSSL_free(data); +- name=NULL; +- header=NULL; +- data=NULL; +- } ++ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) ++ goto err; ++ if (!PEM_do_header(&cipher, data, &len, cb, u)) ++ goto err; ++ p = data; ++ if (d2i(pp, &p, len) == NULL) { ++ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } else { /* encrypted RSA data */ ++ if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher)) ++ goto err; ++ xi->enc_data = (char *)data; ++ xi->enc_len = (int)len; ++ data = NULL; ++ } ++ } else { ++ /* unknown */ ++ } ++ if (name != NULL) ++ OPENSSL_free(name); ++ if (header != NULL) ++ OPENSSL_free(header); ++ if (data != NULL) ++ OPENSSL_free(data); ++ name = NULL; ++ header = NULL; ++ data = NULL; ++ } + +- /* if the last one hasn't been pushed yet and there is anything +- * in it then add it to the stack ... +- */ +- if ((xi->x509 != NULL) || (xi->crl != NULL) || +- (xi->x_pkey != NULL) || (xi->enc_data != NULL)) +- { +- if (!sk_X509_INFO_push(ret,xi)) goto err; +- xi=NULL; +- } +- ok=1; +-err: +- if (xi != NULL) X509_INFO_free(xi); +- if (!ok) +- { +- for (i=0; ((int)i)x509 != NULL) || (xi->crl != NULL) || ++ (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { ++ if (!sk_X509_INFO_push(ret, xi)) ++ goto err; ++ xi = NULL; ++ } ++ ok = 1; ++ err: ++ if (xi != NULL) ++ X509_INFO_free(xi); ++ if (!ok) { ++ for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { ++ xi = sk_X509_INFO_value(ret, i); ++ X509_INFO_free(xi); ++ } ++ if (ret != sk) ++ sk_X509_INFO_free(ret); ++ ret = NULL; ++ } + ++ if (name != NULL) ++ OPENSSL_free(name); ++ if (header != NULL) ++ OPENSSL_free(header); ++ if (data != NULL) ++ OPENSSL_free(data); ++ return (ret); ++} + + /* A TJH addition */ + int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, +- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) +- { +- EVP_CIPHER_CTX ctx; +- int i,ret=0; +- unsigned char *data=NULL; +- const char *objstr=NULL; +- char buf[PEM_BUFSIZE]; +- unsigned char *iv=NULL; +- +- if (enc != NULL) +- { +- objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); +- if (objstr == NULL) +- { +- PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); +- goto err; +- } +- } ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ EVP_CIPHER_CTX ctx; ++ int i, ret = 0; ++ unsigned char *data = NULL; ++ const char *objstr = NULL; ++ char buf[PEM_BUFSIZE]; ++ unsigned char *iv = NULL; ++ ++ if (enc != NULL) { ++ objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); ++ if (objstr == NULL) { ++ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); ++ goto err; ++ } ++ } + +- /* now for the fun part ... if we have a private key then +- * we have to be able to handle a not-yet-decrypted key +- * being written out correctly ... if it is decrypted or +- * it is non-encrypted then we use the base code +- */ +- if (xi->x_pkey!=NULL) +- { +- if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) +- { +- /* copy from weirdo names into more normal things */ +- iv=xi->enc_cipher.iv; +- data=(unsigned char *)xi->enc_data; +- i=xi->enc_len; ++ /* ++ * now for the fun part ... if we have a private key then we have to be ++ * able to handle a not-yet-decrypted key being written out correctly ... ++ * if it is decrypted or it is non-encrypted then we use the base code ++ */ ++ if (xi->x_pkey != NULL) { ++ if ((xi->enc_data != NULL) && (xi->enc_len > 0)) { ++ /* copy from weirdo names into more normal things */ ++ iv = xi->enc_cipher.iv; ++ data = (unsigned char *)xi->enc_data; ++ i = xi->enc_len; + +- /* we take the encryption data from the +- * internal stuff rather than what the +- * user has passed us ... as we have to +- * match exactly for some strange reason +- */ +- objstr=OBJ_nid2sn( +- EVP_CIPHER_nid(xi->enc_cipher.cipher)); +- if (objstr == NULL) +- { +- PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); +- goto err; +- } ++ /* ++ * we take the encryption data from the internal stuff rather ++ * than what the user has passed us ... as we have to match ++ * exactly for some strange reason ++ */ ++ objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher)); ++ if (objstr == NULL) { ++ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, ++ PEM_R_UNSUPPORTED_CIPHER); ++ goto err; ++ } + +- /* create the right magic header stuff */ +- OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); +- buf[0]='\0'; +- PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); +- PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); ++ /* create the right magic header stuff */ ++ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= ++ sizeof buf); ++ buf[0] = '\0'; ++ PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); ++ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); + +- /* use the normal code to write things out */ +- i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); +- if (i <= 0) goto err; +- } +- else +- { +- /* Add DSA/DH */ ++ /* use the normal code to write things out */ ++ i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); ++ if (i <= 0) ++ goto err; ++ } else { ++ /* Add DSA/DH */ + #ifndef OPENSSL_NO_RSA +- /* normal optionally encrypted stuff */ +- if (PEM_write_bio_RSAPrivateKey(bp, +- xi->x_pkey->dec_pkey->pkey.rsa, +- enc,kstr,klen,cb,u)<=0) +- goto err; ++ /* normal optionally encrypted stuff */ ++ if (PEM_write_bio_RSAPrivateKey(bp, ++ xi->x_pkey->dec_pkey->pkey.rsa, ++ enc, kstr, klen, cb, u) <= 0) ++ goto err; + #endif +- } +- } ++ } ++ } + +- /* if we have a certificate then write it out now */ +- if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0)) +- goto err; ++ /* if we have a certificate then write it out now */ ++ if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) ++ goto err; + +- /* we are ignoring anything else that is loaded into the X509_INFO +- * structure for the moment ... as I don't need it so I'm not +- * coding it here and Eric can do it when this makes it into the +- * base library --tjh +- */ ++ /* ++ * we are ignoring anything else that is loaded into the X509_INFO ++ * structure for the moment ... as I don't need it so I'm not coding it ++ * here and Eric can do it when this makes it into the base library --tjh ++ */ + +- ret=1; ++ ret = 1; + +-err: +- OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); +- OPENSSL_cleanse(buf,PEM_BUFSIZE); +- return(ret); +- } ++ err: ++ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); ++ OPENSSL_cleanse(buf, PEM_BUFSIZE); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +index 22bb791..8febf10 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -66,717 +66,725 @@ + #include + #include + #ifndef OPENSSL_NO_DES +-#include ++# include + #endif + +-const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT; ++const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT; + +-#define MIN_LENGTH 4 ++#define MIN_LENGTH 4 + +-static int load_iv(char **fromp,unsigned char *to, int num); ++static int load_iv(char **fromp, unsigned char *to, int num); + static int check_pem(const char *nm, const char *name); + + int PEM_def_callback(char *buf, int num, int w, void *key) +- { ++{ + #ifdef OPENSSL_NO_FP_API +- /* We should not ever call the default callback routine from +- * windows. */ +- PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return(-1); ++ /* ++ * We should not ever call the default callback routine from windows. ++ */ ++ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return (-1); + #else +- int i,j; +- const char *prompt; +- if(key) { +- i=strlen(key); +- i=(i > num)?num:i; +- memcpy(buf,key,i); +- return(i); +- } +- +- prompt=EVP_get_pw_prompt(); +- if (prompt == NULL) +- prompt="Enter PEM pass phrase:"; +- +- for (;;) +- { +- i=EVP_read_pw_string(buf,num,prompt,w); +- if (i != 0) +- { +- PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); +- memset(buf,0,(unsigned int)num); +- return(-1); +- } +- j=strlen(buf); +- if (j < MIN_LENGTH) +- { +- fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH); +- } +- else +- break; +- } +- return(j); ++ int i, j; ++ const char *prompt; ++ if (key) { ++ i = strlen(key); ++ i = (i > num) ? num : i; ++ memcpy(buf, key, i); ++ return (i); ++ } ++ ++ prompt = EVP_get_pw_prompt(); ++ if (prompt == NULL) ++ prompt = "Enter PEM pass phrase:"; ++ ++ for (;;) { ++ i = EVP_read_pw_string(buf, num, prompt, w); ++ if (i != 0) { ++ PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); ++ memset(buf, 0, (unsigned int)num); ++ return (-1); ++ } ++ j = strlen(buf); ++ if (j < MIN_LENGTH) { ++ fprintf(stderr, ++ "phrase is too short, needs to be at least %d chars\n", ++ MIN_LENGTH); ++ } else ++ break; ++ } ++ return (j); + #endif +- } ++} + + void PEM_proc_type(char *buf, int type) +- { +- const char *str; +- +- if (type == PEM_TYPE_ENCRYPTED) +- str="ENCRYPTED"; +- else if (type == PEM_TYPE_MIC_CLEAR) +- str="MIC-CLEAR"; +- else if (type == PEM_TYPE_MIC_ONLY) +- str="MIC-ONLY"; +- else +- str="BAD-TYPE"; +- +- BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); +- BUF_strlcat(buf,str,PEM_BUFSIZE); +- BUF_strlcat(buf,"\n",PEM_BUFSIZE); +- } ++{ ++ const char *str; ++ ++ if (type == PEM_TYPE_ENCRYPTED) ++ str = "ENCRYPTED"; ++ else if (type == PEM_TYPE_MIC_CLEAR) ++ str = "MIC-CLEAR"; ++ else if (type == PEM_TYPE_MIC_ONLY) ++ str = "MIC-ONLY"; ++ else ++ str = "BAD-TYPE"; ++ ++ BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); ++ BUF_strlcat(buf, str, PEM_BUFSIZE); ++ BUF_strlcat(buf, "\n", PEM_BUFSIZE); ++} + + void PEM_dek_info(char *buf, const char *type, int len, char *str) +- { +- static const unsigned char map[17]="0123456789ABCDEF"; +- long i; +- int j; +- +- BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); +- BUF_strlcat(buf,type,PEM_BUFSIZE); +- BUF_strlcat(buf,",",PEM_BUFSIZE); +- j=strlen(buf); +- if (j + (len * 2) + 1 > PEM_BUFSIZE) +- return; +- for (i=0; i>4)&0x0f]; +- buf[j+i*2+1]=map[(str[i] )&0x0f]; +- } +- buf[j+i*2]='\n'; +- buf[j+i*2+1]='\0'; +- } ++{ ++ static const unsigned char map[17] = "0123456789ABCDEF"; ++ long i; ++ int j; ++ ++ BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); ++ BUF_strlcat(buf, type, PEM_BUFSIZE); ++ BUF_strlcat(buf, ",", PEM_BUFSIZE); ++ j = strlen(buf); ++ if (j + (len * 2) + 1 > PEM_BUFSIZE) ++ return; ++ for (i = 0; i < len; i++) { ++ buf[j + i * 2] = map[(str[i] >> 4) & 0x0f]; ++ buf[j + i * 2 + 1] = map[(str[i]) & 0x0f]; ++ } ++ buf[j + i * 2] = '\n'; ++ buf[j + i * 2 + 1] = '\0'; ++} + + #ifndef OPENSSL_NO_FP_API + void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, +- pem_password_cb *cb, void *u) +- { +- BIO *b; +- void *ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); +- BIO_free(b); +- return(ret); +- } ++ pem_password_cb *cb, void *u) ++{ ++ BIO *b; ++ void *ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u); ++ BIO_free(b); ++ return (ret); ++} + #endif + + static int check_pem(const char *nm, const char *name) + { +- /* Normal matching nm and name */ +- if (!strcmp(nm,name)) return 1; ++ /* Normal matching nm and name */ ++ if (!strcmp(nm, name)) ++ return 1; + +- /* Make PEM_STRING_EVP_PKEY match any private key */ ++ /* Make PEM_STRING_EVP_PKEY match any private key */ + +- if(!strcmp(nm,PEM_STRING_PKCS8) && +- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; ++ if (!strcmp(nm, PEM_STRING_PKCS8) && !strcmp(name, PEM_STRING_EVP_PKEY)) ++ return 1; + +- if(!strcmp(nm,PEM_STRING_PKCS8INF) && +- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; ++ if (!strcmp(nm, PEM_STRING_PKCS8INF) && ++ !strcmp(name, PEM_STRING_EVP_PKEY)) ++ return 1; + +- if(!strcmp(nm,PEM_STRING_RSA) && +- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; ++ if (!strcmp(nm, PEM_STRING_RSA) && !strcmp(name, PEM_STRING_EVP_PKEY)) ++ return 1; + +- if(!strcmp(nm,PEM_STRING_DSA) && +- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; ++ if (!strcmp(nm, PEM_STRING_DSA) && !strcmp(name, PEM_STRING_EVP_PKEY)) ++ return 1; + +- if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) && +- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; +- /* Permit older strings */ ++ if (!strcmp(nm, PEM_STRING_ECPRIVATEKEY) && ++ !strcmp(name, PEM_STRING_EVP_PKEY)) ++ return 1; ++ /* Permit older strings */ + +- if(!strcmp(nm,PEM_STRING_X509_OLD) && +- !strcmp(name,PEM_STRING_X509)) return 1; ++ if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) ++ return 1; + +- if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && +- !strcmp(name,PEM_STRING_X509_REQ)) return 1; ++ if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) && ++ !strcmp(name, PEM_STRING_X509_REQ)) ++ return 1; + +- /* Allow normal certs to be read as trusted certs */ +- if(!strcmp(nm,PEM_STRING_X509) && +- !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; ++ /* Allow normal certs to be read as trusted certs */ ++ if (!strcmp(nm, PEM_STRING_X509) && ++ !strcmp(name, PEM_STRING_X509_TRUSTED)) ++ return 1; + +- if(!strcmp(nm,PEM_STRING_X509_OLD) && +- !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; ++ if (!strcmp(nm, PEM_STRING_X509_OLD) && ++ !strcmp(name, PEM_STRING_X509_TRUSTED)) ++ return 1; + +- /* Some CAs use PKCS#7 with CERTIFICATE headers */ +- if(!strcmp(nm, PEM_STRING_X509) && +- !strcmp(name, PEM_STRING_PKCS7)) return 1; ++ /* Some CAs use PKCS#7 with CERTIFICATE headers */ ++ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) ++ return 1; + +- if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && +- !strcmp(name, PEM_STRING_PKCS7)) return 1; ++ if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && ++ !strcmp(name, PEM_STRING_PKCS7)) ++ return 1; + +- return 0; ++ return 0; + } + +-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, +- pem_password_cb *cb, void *u) +- { +- EVP_CIPHER_INFO cipher; +- char *nm=NULL,*header=NULL; +- unsigned char *data=NULL; +- long len; +- int ret = 0; +- +- for (;;) +- { +- if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { +- if(ERR_GET_REASON(ERR_peek_error()) == +- PEM_R_NO_START_LINE) +- ERR_add_error_data(2, "Expecting: ", name); +- return 0; +- } +- if(check_pem(nm, name)) break; +- OPENSSL_free(nm); +- OPENSSL_free(header); +- OPENSSL_free(data); +- } +- if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; +- if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; +- +- *pdata = data; +- *plen = len; +- +- if (pnm) +- *pnm = nm; +- +- ret = 1; +- +-err: +- if (!ret || !pnm) OPENSSL_free(nm); +- OPENSSL_free(header); +- if (!ret) OPENSSL_free(data); +- return ret; +- } ++int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, ++ const char *name, BIO *bp, pem_password_cb *cb, ++ void *u) ++{ ++ EVP_CIPHER_INFO cipher; ++ char *nm = NULL, *header = NULL; ++ unsigned char *data = NULL; ++ long len; ++ int ret = 0; ++ ++ for (;;) { ++ if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { ++ if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) ++ ERR_add_error_data(2, "Expecting: ", name); ++ return 0; ++ } ++ if (check_pem(nm, name)) ++ break; ++ OPENSSL_free(nm); ++ OPENSSL_free(header); ++ OPENSSL_free(data); ++ } ++ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) ++ goto err; ++ if (!PEM_do_header(&cipher, data, &len, cb, u)) ++ goto err; ++ ++ *pdata = data; ++ *plen = len; ++ ++ if (pnm) ++ *pnm = nm; ++ ++ ret = 1; ++ ++ err: ++ if (!ret || !pnm) ++ OPENSSL_free(nm); ++ OPENSSL_free(header); ++ if (!ret) ++ OPENSSL_free(data); ++ return ret; ++} + + #ifndef OPENSSL_NO_FP_API + int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, +- char *x, const EVP_CIPHER *enc, unsigned char *kstr, +- int klen, pem_password_cb *callback, void *u) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); +- BIO_free(b); +- return(ret); +- } ++ char *x, const EVP_CIPHER *enc, unsigned char *kstr, ++ int klen, pem_password_cb *callback, void *u) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u); ++ BIO_free(b); ++ return (ret); ++} + #endif + + int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, +- char *x, const EVP_CIPHER *enc, unsigned char *kstr, +- int klen, pem_password_cb *callback, void *u) +- { +- EVP_CIPHER_CTX ctx; +- int dsize=0,i,j,ret=0; +- unsigned char *p,*data=NULL; +- const char *objstr=NULL; +- char buf[PEM_BUFSIZE]; +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- unsigned char iv[EVP_MAX_IV_LENGTH]; +- +- if (enc != NULL) +- { +- objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); +- if (objstr == NULL) +- { +- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); +- goto err; +- } +- } +- +- if ((dsize=i2d(x,NULL)) < 0) +- { +- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB); +- dsize=0; +- goto err; +- } +- /* dzise + 8 bytes are needed */ +- /* actually it needs the cipher block size extra... */ +- data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); +- if (data == NULL) +- { +- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p=data; +- i=i2d(x,&p); +- +- if (enc != NULL) +- { +- if (kstr == NULL) +- { +- if (callback == NULL) +- klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); +- else +- klen=(*callback)(buf,PEM_BUFSIZE,1,u); +- if (klen <= 0) +- { +- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); +- goto err; +- } ++ char *x, const EVP_CIPHER *enc, unsigned char *kstr, ++ int klen, pem_password_cb *callback, void *u) ++{ ++ EVP_CIPHER_CTX ctx; ++ int dsize = 0, i, j, ret = 0; ++ unsigned char *p, *data = NULL; ++ const char *objstr = NULL; ++ char buf[PEM_BUFSIZE]; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ ++ if (enc != NULL) { ++ objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); ++ if (objstr == NULL) { ++ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER); ++ goto err; ++ } ++ } ++ ++ if ((dsize = i2d(x, NULL)) < 0) { ++ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB); ++ dsize = 0; ++ goto err; ++ } ++ /* dzise + 8 bytes are needed */ ++ /* actually it needs the cipher block size extra... */ ++ data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20); ++ if (data == NULL) { ++ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p = data; ++ i = i2d(x, &p); ++ ++ if (enc != NULL) { ++ if (kstr == NULL) { ++ if (callback == NULL) ++ klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); ++ else ++ klen = (*callback) (buf, PEM_BUFSIZE, 1, u); ++ if (klen <= 0) { ++ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY); ++ goto err; ++ } + #ifdef CHARSET_EBCDIC +- /* Convert the pass phrase from EBCDIC */ +- ebcdic2ascii(buf, buf, klen); ++ /* Convert the pass phrase from EBCDIC */ ++ ebcdic2ascii(buf, buf, klen); + #endif +- kstr=(unsigned char *)buf; +- } +- RAND_add(data,i,0);/* put in the RSA key. */ +- OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); +- if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ +- goto err; +- /* The 'iv' is used as the iv and as a salt. It is +- * NOT taken from the BytesToKey function */ +- EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); +- +- if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE); +- +- OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf); +- +- buf[0]='\0'; +- PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); +- PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); +- /* k=strlen(buf); */ +- +- EVP_CIPHER_CTX_init(&ctx); +- EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv); +- EVP_EncryptUpdate(&ctx,data,&j,data,i); +- EVP_EncryptFinal_ex(&ctx,&(data[j]),&i); +- EVP_CIPHER_CTX_cleanup(&ctx); +- i+=j; +- ret=1; +- } +- else +- { +- ret=1; +- buf[0]='\0'; +- } +- i=PEM_write_bio(bp,name,buf,data,i); +- if (i <= 0) ret=0; +-err: +- OPENSSL_cleanse(key,sizeof(key)); +- OPENSSL_cleanse(iv,sizeof(iv)); +- OPENSSL_cleanse((char *)&ctx,sizeof(ctx)); +- OPENSSL_cleanse(buf,PEM_BUFSIZE); +- if (data != NULL) +- { +- OPENSSL_cleanse(data,(unsigned int)dsize); +- OPENSSL_free(data); +- } +- return(ret); +- } ++ kstr = (unsigned char *)buf; ++ } ++ RAND_add(data, i, 0); /* put in the RSA key. */ ++ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); ++ if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */ ++ goto err; ++ /* ++ * The 'iv' is used as the iv and as a salt. It is NOT taken from ++ * the BytesToKey function ++ */ ++ EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL); ++ ++ if (kstr == (unsigned char *)buf) ++ OPENSSL_cleanse(buf, PEM_BUFSIZE); ++ ++ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= ++ sizeof buf); ++ ++ buf[0] = '\0'; ++ PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); ++ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); ++ /* k=strlen(buf); */ ++ ++ EVP_CIPHER_CTX_init(&ctx); ++ EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv); ++ EVP_EncryptUpdate(&ctx, data, &j, data, i); ++ EVP_EncryptFinal_ex(&ctx, &(data[j]), &i); ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ i += j; ++ ret = 1; ++ } else { ++ ret = 1; ++ buf[0] = '\0'; ++ } ++ i = PEM_write_bio(bp, name, buf, data, i); ++ if (i <= 0) ++ ret = 0; ++ err: ++ OPENSSL_cleanse(key, sizeof(key)); ++ OPENSSL_cleanse(iv, sizeof(iv)); ++ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); ++ OPENSSL_cleanse(buf, PEM_BUFSIZE); ++ if (data != NULL) { ++ OPENSSL_cleanse(data, (unsigned int)dsize); ++ OPENSSL_free(data); ++ } ++ return (ret); ++} + + int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, +- pem_password_cb *callback,void *u) +- { +- int i,j,o,klen; +- long len; +- EVP_CIPHER_CTX ctx; +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- char buf[PEM_BUFSIZE]; +- +- len= *plen; +- +- if (cipher->cipher == NULL) return(1); +- if (callback == NULL) +- klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); +- else +- klen=callback(buf,PEM_BUFSIZE,0,u); +- if (klen <= 0) +- { +- PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); +- return(0); +- } ++ pem_password_cb *callback, void *u) ++{ ++ int i, j, o, klen; ++ long len; ++ EVP_CIPHER_CTX ctx; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ char buf[PEM_BUFSIZE]; ++ ++ len = *plen; ++ ++ if (cipher->cipher == NULL) ++ return (1); ++ if (callback == NULL) ++ klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); ++ else ++ klen = callback(buf, PEM_BUFSIZE, 0, u); ++ if (klen <= 0) { ++ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); ++ return (0); ++ } + #ifdef CHARSET_EBCDIC +- /* Convert the pass phrase from EBCDIC */ +- ebcdic2ascii(buf, buf, klen); ++ /* Convert the pass phrase from EBCDIC */ ++ ebcdic2ascii(buf, buf, klen); + #endif + +- EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), +- (unsigned char *)buf,klen,1,key,NULL); +- +- j=(int)len; +- EVP_CIPHER_CTX_init(&ctx); +- EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); +- EVP_DecryptUpdate(&ctx,data,&i,data,j); +- o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); +- EVP_CIPHER_CTX_cleanup(&ctx); +- OPENSSL_cleanse((char *)buf,sizeof(buf)); +- OPENSSL_cleanse((char *)key,sizeof(key)); +- j+=i; +- if (!o) +- { +- PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); +- return(0); +- } +- *plen=j; +- return(1); +- } ++ EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), ++ (unsigned char *)buf, klen, 1, key, NULL); ++ ++ j = (int)len; ++ EVP_CIPHER_CTX_init(&ctx); ++ EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); ++ EVP_DecryptUpdate(&ctx, data, &i, data, j); ++ o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ OPENSSL_cleanse((char *)buf, sizeof(buf)); ++ OPENSSL_cleanse((char *)key, sizeof(key)); ++ j += i; ++ if (!o) { ++ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); ++ return (0); ++ } ++ *plen = j; ++ return (1); ++} + + int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) +- { +- const EVP_CIPHER *enc=NULL; +- char *p,c; +- char **header_pp = &header; +- +- cipher->cipher=NULL; +- if ((header == NULL) || (*header == '\0') || (*header == '\n')) +- return(1); +- if (strncmp(header,"Proc-Type: ",11) != 0) +- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } +- header+=11; +- if (*header != '4') return(0); header++; +- if (*header != ',') return(0); header++; +- if (strncmp(header,"ENCRYPTED",9) != 0) +- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } +- for (; (*header != '\n') && (*header != '\0'); header++) +- ; +- if (*header == '\0') +- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } +- header++; +- if (strncmp(header,"DEK-Info: ",10) != 0) +- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } +- header+=10; +- +- p=header; +- for (;;) +- { +- c= *header; ++{ ++ const EVP_CIPHER *enc = NULL; ++ char *p, c; ++ char **header_pp = &header; ++ ++ cipher->cipher = NULL; ++ if ((header == NULL) || (*header == '\0') || (*header == '\n')) ++ return (1); ++ if (strncmp(header, "Proc-Type: ", 11) != 0) { ++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE); ++ return (0); ++ } ++ header += 11; ++ if (*header != '4') ++ return (0); ++ header++; ++ if (*header != ',') ++ return (0); ++ header++; ++ if (strncmp(header, "ENCRYPTED", 9) != 0) { ++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED); ++ return (0); ++ } ++ for (; (*header != '\n') && (*header != '\0'); header++) ; ++ if (*header == '\0') { ++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER); ++ return (0); ++ } ++ header++; ++ if (strncmp(header, "DEK-Info: ", 10) != 0) { ++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO); ++ return (0); ++ } ++ header += 10; ++ ++ p = header; ++ for (;;) { ++ c = *header; + #ifndef CHARSET_EBCDIC +- if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || +- ((c >= '0') && (c <= '9')))) +- break; ++ if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') || ++ ((c >= '0') && (c <= '9')))) ++ break; + #else +- if (!( isupper(c) || (c == '-') || +- isdigit(c))) +- break; ++ if (!(isupper(c) || (c == '-') || isdigit(c))) ++ break; + #endif +- header++; +- } +- *header='\0'; +- cipher->cipher=enc=EVP_get_cipherbyname(p); +- *header=c; +- header++; +- +- if (enc == NULL) +- { +- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); +- return(0); +- } +- if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len)) +- return(0); +- +- return(1); +- } ++ header++; ++ } ++ *header = '\0'; ++ cipher->cipher = enc = EVP_get_cipherbyname(p); ++ *header = c; ++ header++; ++ ++ if (enc == NULL) { ++ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION); ++ return (0); ++ } ++ if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len)) ++ return (0); ++ ++ return (1); ++} + + static int load_iv(char **fromp, unsigned char *to, int num) +- { +- int v,i; +- char *from; +- +- from= *fromp; +- for (i=0; i= '0') && (*from <= '9')) +- v= *from-'0'; +- else if ((*from >= 'A') && (*from <= 'F')) +- v= *from-'A'+10; +- else if ((*from >= 'a') && (*from <= 'f')) +- v= *from-'a'+10; +- else +- { +- PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); +- return(0); +- } +- from++; +- to[i/2]|=v<<(long)((!(i&1))*4); +- } +- +- *fromp=from; +- return(1); +- } ++{ ++ int v, i; ++ char *from; ++ ++ from = *fromp; ++ for (i = 0; i < num; i++) ++ to[i] = 0; ++ num *= 2; ++ for (i = 0; i < num; i++) { ++ if ((*from >= '0') && (*from <= '9')) ++ v = *from - '0'; ++ else if ((*from >= 'A') && (*from <= 'F')) ++ v = *from - 'A' + 10; ++ else if ((*from >= 'a') && (*from <= 'f')) ++ v = *from - 'a' + 10; ++ else { ++ PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS); ++ return (0); ++ } ++ from++; ++ to[i / 2] |= v << (long)((!(i & 1)) * 4); ++ } ++ ++ *fromp = from; ++ return (1); ++} + + #ifndef OPENSSL_NO_FP_API + int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, +- long len) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=PEM_write_bio(b, name, header, data,len); +- BIO_free(b); +- return(ret); +- } ++ long len) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_write_bio(b, name, header, data, len); ++ BIO_free(b); ++ return (ret); ++} + #endif + +-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, +- long len) +- { +- int nlen,n,i,j,outl; +- unsigned char *buf = NULL; +- EVP_ENCODE_CTX ctx; +- int reason=ERR_R_BUF_LIB; +- +- EVP_EncodeInit(&ctx); +- nlen=strlen(name); +- +- if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || +- (BIO_write(bp,name,nlen) != nlen) || +- (BIO_write(bp,"-----\n",6) != 6)) +- goto err; +- +- i=strlen(header); +- if (i > 0) +- { +- if ( (BIO_write(bp,header,i) != i) || +- (BIO_write(bp,"\n",1) != 1)) +- goto err; +- } +- +- buf = OPENSSL_malloc(PEM_BUFSIZE*8); +- if (buf == NULL) +- { +- reason=ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- i=j=0; +- while (len > 0) +- { +- n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); +- EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); +- if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl)) +- goto err; +- i+=outl; +- len-=n; +- j+=n; +- } +- EVP_EncodeFinal(&ctx,buf,&outl); +- if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; +- OPENSSL_cleanse(buf, PEM_BUFSIZE*8); +- OPENSSL_free(buf); +- buf = NULL; +- if ( (BIO_write(bp,"-----END ",9) != 9) || +- (BIO_write(bp,name,nlen) != nlen) || +- (BIO_write(bp,"-----\n",6) != 6)) +- goto err; +- return(i+outl); +-err: +- if (buf) { +- OPENSSL_cleanse(buf, PEM_BUFSIZE*8); +- OPENSSL_free(buf); +- } +- PEMerr(PEM_F_PEM_WRITE_BIO,reason); +- return(0); +- } ++int PEM_write_bio(BIO *bp, const char *name, char *header, ++ unsigned char *data, long len) ++{ ++ int nlen, n, i, j, outl; ++ unsigned char *buf = NULL; ++ EVP_ENCODE_CTX ctx; ++ int reason = ERR_R_BUF_LIB; ++ ++ EVP_EncodeInit(&ctx); ++ nlen = strlen(name); ++ ++ if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || ++ (BIO_write(bp, name, nlen) != nlen) || ++ (BIO_write(bp, "-----\n", 6) != 6)) ++ goto err; ++ ++ i = strlen(header); ++ if (i > 0) { ++ if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) ++ goto err; ++ } ++ ++ buf = OPENSSL_malloc(PEM_BUFSIZE * 8); ++ if (buf == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ ++ i = j = 0; ++ while (len > 0) { ++ n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len); ++ EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n); ++ if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl)) ++ goto err; ++ i += outl; ++ len -= n; ++ j += n; ++ } ++ EVP_EncodeFinal(&ctx, buf, &outl); ++ if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) ++ goto err; ++ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); ++ OPENSSL_free(buf); ++ buf = NULL; ++ if ((BIO_write(bp, "-----END ", 9) != 9) || ++ (BIO_write(bp, name, nlen) != nlen) || ++ (BIO_write(bp, "-----\n", 6) != 6)) ++ goto err; ++ return (i + outl); ++ err: ++ if (buf) { ++ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); ++ OPENSSL_free(buf); ++ } ++ PEMerr(PEM_F_PEM_WRITE_BIO, reason); ++ return (0); ++} + + #ifndef OPENSSL_NO_FP_API + int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, +- long *len) +- { +- BIO *b; +- int ret; +- +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=PEM_read_bio(b, name, header, data,len); +- BIO_free(b); +- return(ret); +- } ++ long *len) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_read_bio(b, name, header, data, len); ++ BIO_free(b); ++ return (ret); ++} + #endif + + int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, +- long *len) +- { +- EVP_ENCODE_CTX ctx; +- int end=0,i,k,bl=0,hl=0,nohead=0; +- char buf[256]; +- BUF_MEM *nameB; +- BUF_MEM *headerB; +- BUF_MEM *dataB,*tmpB; +- +- nameB=BUF_MEM_new(); +- headerB=BUF_MEM_new(); +- dataB=BUF_MEM_new(); +- if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) +- { +- BUF_MEM_free(nameB); +- BUF_MEM_free(headerB); +- BUF_MEM_free(dataB); +- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- +- buf[254]='\0'; +- for (;;) +- { +- i=BIO_gets(bp,buf,254); +- +- if (i <= 0) +- { +- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE); +- goto err; +- } +- +- while ((i >= 0) && (buf[i] <= ' ')) i--; +- buf[++i]='\n'; buf[++i]='\0'; +- +- if (strncmp(buf,"-----BEGIN ",11) == 0) +- { +- i=strlen(&(buf[11])); +- +- if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) +- continue; +- if (!BUF_MEM_grow(nameB,i+9)) +- { +- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- memcpy(nameB->data,&(buf[11]),i-6); +- nameB->data[i-6]='\0'; +- break; +- } +- } +- hl=0; +- if (!BUF_MEM_grow(headerB,256)) +- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } +- headerB->data[0]='\0'; +- for (;;) +- { +- i=BIO_gets(bp,buf,254); +- if (i <= 0) break; +- +- while ((i >= 0) && (buf[i] <= ' ')) i--; +- buf[++i]='\n'; buf[++i]='\0'; +- +- if (buf[0] == '\n') break; +- if (!BUF_MEM_grow(headerB,hl+i+9)) +- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } +- if (strncmp(buf,"-----END ",9) == 0) +- { +- nohead=1; +- break; +- } +- memcpy(&(headerB->data[hl]),buf,i); +- headerB->data[hl+i]='\0'; +- hl+=i; +- } +- +- bl=0; +- if (!BUF_MEM_grow(dataB,1024)) +- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } +- dataB->data[0]='\0'; +- if (!nohead) +- { +- for (;;) +- { +- i=BIO_gets(bp,buf,254); +- if (i <= 0) break; +- +- while ((i >= 0) && (buf[i] <= ' ')) i--; +- buf[++i]='\n'; buf[++i]='\0'; +- +- if (i != 65) end=1; +- if (strncmp(buf,"-----END ",9) == 0) +- break; +- if (i > 65) break; +- if (!BUF_MEM_grow_clean(dataB,i+bl+9)) +- { +- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- memcpy(&(dataB->data[bl]),buf,i); +- dataB->data[bl+i]='\0'; +- bl+=i; +- if (end) +- { +- buf[0]='\0'; +- i=BIO_gets(bp,buf,254); +- if (i <= 0) break; +- +- while ((i >= 0) && (buf[i] <= ' ')) i--; +- buf[++i]='\n'; buf[++i]='\0'; +- +- break; +- } +- } +- } +- else +- { +- tmpB=headerB; +- headerB=dataB; +- dataB=tmpB; +- bl=hl; +- } +- i=strlen(nameB->data); +- if ( (strncmp(buf,"-----END ",9) != 0) || +- (strncmp(nameB->data,&(buf[9]),i) != 0) || +- (strncmp(&(buf[9+i]),"-----\n",6) != 0)) +- { +- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); +- goto err; +- } +- +- EVP_DecodeInit(&ctx); +- i=EVP_DecodeUpdate(&ctx, +- (unsigned char *)dataB->data,&bl, +- (unsigned char *)dataB->data,bl); +- if (i < 0) +- { +- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); +- goto err; +- } +- i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); +- if (i < 0) +- { +- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); +- goto err; +- } +- bl+=k; +- +- if (bl == 0) goto err; +- *name=nameB->data; +- *header=headerB->data; +- *data=(unsigned char *)dataB->data; +- *len=bl; +- OPENSSL_free(nameB); +- OPENSSL_free(headerB); +- OPENSSL_free(dataB); +- return(1); +-err: +- BUF_MEM_free(nameB); +- BUF_MEM_free(headerB); +- BUF_MEM_free(dataB); +- return(0); +- } ++ long *len) ++{ ++ EVP_ENCODE_CTX ctx; ++ int end = 0, i, k, bl = 0, hl = 0, nohead = 0; ++ char buf[256]; ++ BUF_MEM *nameB; ++ BUF_MEM *headerB; ++ BUF_MEM *dataB, *tmpB; ++ ++ nameB = BUF_MEM_new(); ++ headerB = BUF_MEM_new(); ++ dataB = BUF_MEM_new(); ++ if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) { ++ BUF_MEM_free(nameB); ++ BUF_MEM_free(headerB); ++ BUF_MEM_free(dataB); ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ ++ buf[254] = '\0'; ++ for (;;) { ++ i = BIO_gets(bp, buf, 254); ++ ++ if (i <= 0) { ++ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE); ++ goto err; ++ } ++ ++ while ((i >= 0) && (buf[i] <= ' ')) ++ i--; ++ buf[++i] = '\n'; ++ buf[++i] = '\0'; ++ ++ if (strncmp(buf, "-----BEGIN ", 11) == 0) { ++ i = strlen(&(buf[11])); ++ ++ if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0) ++ continue; ++ if (!BUF_MEM_grow(nameB, i + 9)) { ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ memcpy(nameB->data, &(buf[11]), i - 6); ++ nameB->data[i - 6] = '\0'; ++ break; ++ } ++ } ++ hl = 0; ++ if (!BUF_MEM_grow(headerB, 256)) { ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ headerB->data[0] = '\0'; ++ for (;;) { ++ i = BIO_gets(bp, buf, 254); ++ if (i <= 0) ++ break; ++ ++ while ((i >= 0) && (buf[i] <= ' ')) ++ i--; ++ buf[++i] = '\n'; ++ buf[++i] = '\0'; ++ ++ if (buf[0] == '\n') ++ break; ++ if (!BUF_MEM_grow(headerB, hl + i + 9)) { ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (strncmp(buf, "-----END ", 9) == 0) { ++ nohead = 1; ++ break; ++ } ++ memcpy(&(headerB->data[hl]), buf, i); ++ headerB->data[hl + i] = '\0'; ++ hl += i; ++ } ++ ++ bl = 0; ++ if (!BUF_MEM_grow(dataB, 1024)) { ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ dataB->data[0] = '\0'; ++ if (!nohead) { ++ for (;;) { ++ i = BIO_gets(bp, buf, 254); ++ if (i <= 0) ++ break; ++ ++ while ((i >= 0) && (buf[i] <= ' ')) ++ i--; ++ buf[++i] = '\n'; ++ buf[++i] = '\0'; ++ ++ if (i != 65) ++ end = 1; ++ if (strncmp(buf, "-----END ", 9) == 0) ++ break; ++ if (i > 65) ++ break; ++ if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) { ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ memcpy(&(dataB->data[bl]), buf, i); ++ dataB->data[bl + i] = '\0'; ++ bl += i; ++ if (end) { ++ buf[0] = '\0'; ++ i = BIO_gets(bp, buf, 254); ++ if (i <= 0) ++ break; ++ ++ while ((i >= 0) && (buf[i] <= ' ')) ++ i--; ++ buf[++i] = '\n'; ++ buf[++i] = '\0'; ++ ++ break; ++ } ++ } ++ } else { ++ tmpB = headerB; ++ headerB = dataB; ++ dataB = tmpB; ++ bl = hl; ++ } ++ i = strlen(nameB->data); ++ if ((strncmp(buf, "-----END ", 9) != 0) || ++ (strncmp(nameB->data, &(buf[9]), i) != 0) || ++ (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) { ++ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE); ++ goto err; ++ } ++ ++ EVP_DecodeInit(&ctx); ++ i = EVP_DecodeUpdate(&ctx, ++ (unsigned char *)dataB->data, &bl, ++ (unsigned char *)dataB->data, bl); ++ if (i < 0) { ++ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); ++ goto err; ++ } ++ i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k); ++ if (i < 0) { ++ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); ++ goto err; ++ } ++ bl += k; ++ ++ if (bl == 0) ++ goto err; ++ *name = nameB->data; ++ *header = headerB->data; ++ *data = (unsigned char *)dataB->data; ++ *len = bl; ++ OPENSSL_free(nameB); ++ OPENSSL_free(headerB); ++ OPENSSL_free(dataB); ++ return (1); ++ err: ++ BUF_MEM_free(nameB); ++ BUF_MEM_free(headerB); ++ BUF_MEM_free(dataB); ++ return (0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c +index b33868d..1dd3bd7 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -68,19 +68,19 @@ + /* Handle 'other' PEMs: not private keys */ + + void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, +- pem_password_cb *cb, void *u) +- { +- const unsigned char *p=NULL; +- unsigned char *data=NULL; +- long len; +- char *ret=NULL; ++ pem_password_cb *cb, void *u) ++{ ++ const unsigned char *p = NULL; ++ unsigned char *data = NULL; ++ long len; ++ char *ret = NULL; + +- if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) +- return NULL; +- p = data; +- ret=d2i(x,&p,len); +- if (ret == NULL) +- PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); +- OPENSSL_free(data); +- return(ret); +- } ++ if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) ++ return NULL; ++ p = data; ++ ret = d2i(x, &p, len); ++ if (ret == NULL) ++ PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB); ++ OPENSSL_free(data); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +index 6deab8c..b98c76c 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,176 +67,191 @@ + #include + + static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, +- int nid, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); ++ int nid, const EVP_CIPHER *enc, ++ char *kstr, int klen, pem_password_cb *cb, void *u); + static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, +- int nid, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u); ++ int nid, const EVP_CIPHER *enc, ++ char *kstr, int klen, pem_password_cb *cb, void *u); + +-/* These functions write a private key in PKCS#8 format: it is a "drop in" ++/* ++ * These functions write a private key in PKCS#8 format: it is a "drop in" + * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' + * is NULL then it uses the unencrypted private key form. The 'nid' versions + * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. + */ + + int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); ++ return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); + } + + int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); ++ return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); + } + + int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); ++ return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); + } + + int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); ++ return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); + } + +-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, ++ const EVP_CIPHER *enc, char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- X509_SIG *p8; +- PKCS8_PRIV_KEY_INFO *p8inf; +- char buf[PEM_BUFSIZE]; +- int ret; +- if(!(p8inf = EVP_PKEY2PKCS8(x))) { +- PEMerr(PEM_F_DO_PK8PKEY, +- PEM_R_ERROR_CONVERTING_PRIVATE_KEY); +- return 0; +- } +- if(enc || (nid != -1)) { +- if(!kstr) { +- if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); +- else klen = cb(buf, PEM_BUFSIZE, 1, u); +- if(klen <= 0) { +- PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY); +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- return 0; +- } +- +- kstr = buf; +- } +- p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); +- if(kstr == buf) OPENSSL_cleanse(buf, klen); +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- if(isder) ret = i2d_PKCS8_bio(bp, p8); +- else ret = PEM_write_bio_PKCS8(bp, p8); +- X509_SIG_free(p8); +- return ret; +- } else { +- if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); +- else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- return ret; +- } ++ X509_SIG *p8; ++ PKCS8_PRIV_KEY_INFO *p8inf; ++ char buf[PEM_BUFSIZE]; ++ int ret; ++ if (!(p8inf = EVP_PKEY2PKCS8(x))) { ++ PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); ++ return 0; ++ } ++ if (enc || (nid != -1)) { ++ if (!kstr) { ++ if (!cb) ++ klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); ++ else ++ klen = cb(buf, PEM_BUFSIZE, 1, u); ++ if (klen <= 0) { ++ PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY); ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ return 0; ++ } ++ ++ kstr = buf; ++ } ++ p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); ++ if (kstr == buf) ++ OPENSSL_cleanse(buf, klen); ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ if (isder) ++ ret = i2d_PKCS8_bio(bp, p8); ++ else ++ ret = PEM_write_bio_PKCS8(bp, p8); ++ X509_SIG_free(p8); ++ return ret; ++ } else { ++ if (isder) ++ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); ++ else ++ ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ return ret; ++ } + } + +-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) ++EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, ++ void *u) + { +- PKCS8_PRIV_KEY_INFO *p8inf = NULL; +- X509_SIG *p8 = NULL; +- int klen; +- EVP_PKEY *ret; +- char psbuf[PEM_BUFSIZE]; +- p8 = d2i_PKCS8_bio(bp, NULL); +- if(!p8) return NULL; +- if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); +- else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); +- if (klen <= 0) { +- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); +- X509_SIG_free(p8); +- return NULL; +- } +- p8inf = PKCS8_decrypt(p8, psbuf, klen); +- X509_SIG_free(p8); +- if(!p8inf) return NULL; +- ret = EVP_PKCS82PKEY(p8inf); +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- if(!ret) return NULL; +- if(x) { +- if(*x) EVP_PKEY_free(*x); +- *x = ret; +- } +- return ret; ++ PKCS8_PRIV_KEY_INFO *p8inf = NULL; ++ X509_SIG *p8 = NULL; ++ int klen; ++ EVP_PKEY *ret; ++ char psbuf[PEM_BUFSIZE]; ++ p8 = d2i_PKCS8_bio(bp, NULL); ++ if (!p8) ++ return NULL; ++ if (cb) ++ klen = cb(psbuf, PEM_BUFSIZE, 0, u); ++ else ++ klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); ++ if (klen <= 0) { ++ PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); ++ X509_SIG_free(p8); ++ return NULL; ++ } ++ p8inf = PKCS8_decrypt(p8, psbuf, klen); ++ X509_SIG_free(p8); ++ if (!p8inf) ++ return NULL; ++ ret = EVP_PKCS82PKEY(p8inf); ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ if (!ret) ++ return NULL; ++ if (x) { ++ if (*x) ++ EVP_PKEY_free(*x); ++ *x = ret; ++ } ++ return ret; + } + + #ifndef OPENSSL_NO_FP_API + + int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, pem_password_cb *cb, void *u) + { +- return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); ++ return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); + } + + int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); ++ return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); + } + + int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++ char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); ++ return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); + } + + int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +- char *kstr, int klen, pem_password_cb *cb, void *u) ++ char *kstr, int klen, pem_password_cb *cb, ++ void *u) + { +- return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); ++ return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); + } + +-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, +- char *kstr, int klen, +- pem_password_cb *cb, void *u) ++static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, ++ const EVP_CIPHER *enc, char *kstr, int klen, ++ pem_password_cb *cb, void *u) + { +- BIO *bp; +- int ret; +- if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { +- PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB); +- return(0); +- } +- ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); +- BIO_free(bp); +- return ret; ++ BIO *bp; ++ int ret; ++ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { ++ PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); ++ BIO_free(bp); ++ return ret; + } + +-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) ++EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, ++ void *u) + { +- BIO *bp; +- EVP_PKEY *ret; +- if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { +- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB); +- return NULL; +- } +- ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); +- BIO_free(bp); +- return ret; ++ BIO *bp; ++ EVP_PKEY *ret; ++ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { ++ PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB); ++ return NULL; ++ } ++ ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); ++ BIO_free(bp); ++ return ret; + } + + #endif + + IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) ++ ++ + IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, +- PKCS8_PRIV_KEY_INFO) ++ PKCS8_PRIV_KEY_INFO) +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +index 4da4c31..5f5c4fe 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -66,84 +66,90 @@ + #include + #include + ++EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, ++ void *u) ++{ ++ char *nm = NULL; ++ const unsigned char *p = NULL; ++ unsigned char *data = NULL; ++ long len; ++ EVP_PKEY *ret = NULL; + +-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) +- { +- char *nm=NULL; +- const unsigned char *p=NULL; +- unsigned char *data=NULL; +- long len; +- EVP_PKEY *ret=NULL; +- +- if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) +- return NULL; +- p = data; ++ if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) ++ return NULL; ++ p = data; + +- if (strcmp(nm,PEM_STRING_RSA) == 0) +- ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); +- else if (strcmp(nm,PEM_STRING_DSA) == 0) +- ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); +- else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0) +- ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len); +- else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { +- PKCS8_PRIV_KEY_INFO *p8inf; +- p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); +- if(!p8inf) goto p8err; +- ret = EVP_PKCS82PKEY(p8inf); +- if(x) { +- if(*x) EVP_PKEY_free((EVP_PKEY *)*x); +- *x = ret; +- } +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { +- PKCS8_PRIV_KEY_INFO *p8inf; +- X509_SIG *p8; +- int klen; +- char psbuf[PEM_BUFSIZE]; +- p8 = d2i_X509_SIG(NULL, &p, len); +- if(!p8) goto p8err; +- if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); +- else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); +- if (klen <= 0) { +- PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, +- PEM_R_BAD_PASSWORD_READ); +- X509_SIG_free(p8); +- goto err; +- } +- p8inf = PKCS8_decrypt(p8, psbuf, klen); +- X509_SIG_free(p8); +- if(!p8inf) goto p8err; +- ret = EVP_PKCS82PKEY(p8inf); +- if(x) { +- if(*x) EVP_PKEY_free((EVP_PKEY *)*x); +- *x = ret; +- } +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- } +-p8err: +- if (ret == NULL) +- PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB); +-err: +- OPENSSL_free(nm); +- OPENSSL_cleanse(data, len); +- OPENSSL_free(data); +- return(ret); +- } ++ if (strcmp(nm, PEM_STRING_RSA) == 0) ++ ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len); ++ else if (strcmp(nm, PEM_STRING_DSA) == 0) ++ ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len); ++ else if (strcmp(nm, PEM_STRING_ECPRIVATEKEY) == 0) ++ ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len); ++ else if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { ++ PKCS8_PRIV_KEY_INFO *p8inf; ++ p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); ++ if (!p8inf) ++ goto p8err; ++ ret = EVP_PKCS82PKEY(p8inf); ++ if (x) { ++ if (*x) ++ EVP_PKEY_free((EVP_PKEY *)*x); ++ *x = ret; ++ } ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) { ++ PKCS8_PRIV_KEY_INFO *p8inf; ++ X509_SIG *p8; ++ int klen; ++ char psbuf[PEM_BUFSIZE]; ++ p8 = d2i_X509_SIG(NULL, &p, len); ++ if (!p8) ++ goto p8err; ++ if (cb) ++ klen = cb(psbuf, PEM_BUFSIZE, 0, u); ++ else ++ klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); ++ if (klen <= 0) { ++ PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ); ++ X509_SIG_free(p8); ++ goto err; ++ } ++ p8inf = PKCS8_decrypt(p8, psbuf, klen); ++ X509_SIG_free(p8); ++ if (!p8inf) ++ goto p8err; ++ ret = EVP_PKCS82PKEY(p8inf); ++ if (x) { ++ if (*x) ++ EVP_PKEY_free((EVP_PKEY *)*x); ++ *x = ret; ++ } ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ } ++ p8err: ++ if (ret == NULL) ++ PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); ++ err: ++ OPENSSL_free(nm); ++ OPENSSL_cleanse(data, len); ++ OPENSSL_free(data); ++ return (ret); ++} + + #ifndef OPENSSL_NO_FP_API +-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +- { +- BIO *b; +- EVP_PKEY *ret; ++EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, ++ void *u) ++{ ++ BIO *b; ++ EVP_PKEY *ret; + +- if ((b=BIO_new(BIO_s_file())) == NULL) +- { +- PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB); +- return(0); +- } +- BIO_set_fp(b,fp,BIO_NOCLOSE); +- ret=PEM_read_bio_PrivateKey(b,x,cb,u); +- BIO_free(b); +- return(ret); +- } ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = PEM_read_bio_PrivateKey(b, x, cb, u); ++ BIO_free(b); ++ return (ret); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +index 59690b5..a4a556a 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,141 +49,141 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-#include /* for OPENSSL_NO_RSA */ ++#include /* for OPENSSL_NO_RSA */ + #ifndef OPENSSL_NO_RSA +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include +-#include ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++# include ++# include + + int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, +- unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, +- int npubk) +- { +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- int ret= -1; +- int i,j,max=0; +- char *s=NULL; +- +- for (i=0; itype != EVP_PKEY_RSA) +- { +- PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA); +- goto err; +- } +- j=RSA_size(pubk[i]->pkey.rsa); +- if (j > max) max=j; +- } +- s=(char *)OPENSSL_malloc(max*2); +- if (s == NULL) +- { +- PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- EVP_EncodeInit(&ctx->encode); +- +- EVP_MD_CTX_init(&ctx->md); +- EVP_SignInit(&ctx->md,md_type); +- +- EVP_CIPHER_CTX_init(&ctx->cipher); +- ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); +- if (ret <= 0) goto err; +- +- /* base64 encode the keys */ +- for (i=0; ipkey.rsa)); +- ekl[i]=j; +- memcpy(ek[i],s,j+1); +- } +- +- ret=npubk; +-err: +- if (s != NULL) OPENSSL_free(s); +- OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH); +- return(ret); +- } ++ unsigned char **ek, int *ekl, unsigned char *iv, ++ EVP_PKEY **pubk, int npubk) ++{ ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ int ret = -1; ++ int i, j, max = 0; ++ char *s = NULL; ++ ++ for (i = 0; i < npubk; i++) { ++ if (pubk[i]->type != EVP_PKEY_RSA) { ++ PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); ++ goto err; ++ } ++ j = RSA_size(pubk[i]->pkey.rsa); ++ if (j > max) ++ max = j; ++ } ++ s = (char *)OPENSSL_malloc(max * 2); ++ if (s == NULL) { ++ PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ EVP_EncodeInit(&ctx->encode); ++ ++ EVP_MD_CTX_init(&ctx->md); ++ EVP_SignInit(&ctx->md, md_type); ++ ++ EVP_CIPHER_CTX_init(&ctx->cipher); ++ ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); ++ if (ret <= 0) ++ goto err; ++ ++ /* base64 encode the keys */ ++ for (i = 0; i < npubk; i++) { ++ j = EVP_EncodeBlock((unsigned char *)s, ek[i], ++ RSA_size(pubk[i]->pkey.rsa)); ++ ekl[i] = j; ++ memcpy(ek[i], s, j + 1); ++ } ++ ++ ret = npubk; ++ err: ++ if (s != NULL) ++ OPENSSL_free(s); ++ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); ++ return (ret); ++} + + void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, +- unsigned char *in, int inl) +- { +- unsigned char buffer[1600]; +- int i,j; +- +- *outl=0; +- EVP_SignUpdate(&ctx->md,in,inl); +- for (;;) +- { +- if (inl <= 0) break; +- if (inl > 1200) +- i=1200; +- else +- i=inl; +- EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); +- EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); +- *outl+=j; +- out+=j; +- in+=i; +- inl-=i; +- } +- } ++ unsigned char *in, int inl) ++{ ++ unsigned char buffer[1600]; ++ int i, j; ++ ++ *outl = 0; ++ EVP_SignUpdate(&ctx->md, in, inl); ++ for (;;) { ++ if (inl <= 0) ++ break; ++ if (inl > 1200) ++ i = 1200; ++ else ++ i = inl; ++ EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i); ++ EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j); ++ *outl += j; ++ out += j; ++ in += i; ++ inl -= i; ++ } ++} + + int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, +- unsigned char *out, int *outl, EVP_PKEY *priv) +- { +- unsigned char *s=NULL; +- int ret=0,j; +- unsigned int i; +- +- if (priv->type != EVP_PKEY_RSA) +- { +- PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA); +- goto err; +- } +- i=RSA_size(priv->pkey.rsa); +- if (i < 100) i=100; +- s=(unsigned char *)OPENSSL_malloc(i*2); +- if (s == NULL) +- { +- PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); +- EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); +- *outl=j; +- out+=j; +- EVP_EncodeFinal(&ctx->encode,out,&j); +- *outl+=j; +- +- if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; +- *sigl=EVP_EncodeBlock(sig,s,i); +- +- ret=1; +-err: +- EVP_MD_CTX_cleanup(&ctx->md); +- EVP_CIPHER_CTX_cleanup(&ctx->cipher); +- if (s != NULL) OPENSSL_free(s); +- return(ret); +- } +-#else /* !OPENSSL_NO_RSA */ ++ unsigned char *out, int *outl, EVP_PKEY *priv) ++{ ++ unsigned char *s = NULL; ++ int ret = 0, j; ++ unsigned int i; ++ ++ if (priv->type != EVP_PKEY_RSA) { ++ PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA); ++ goto err; ++ } ++ i = RSA_size(priv->pkey.rsa); ++ if (i < 100) ++ i = 100; ++ s = (unsigned char *)OPENSSL_malloc(i * 2); ++ if (s == NULL) { ++ PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i); ++ EVP_EncodeUpdate(&ctx->encode, out, &j, s, i); ++ *outl = j; ++ out += j; ++ EVP_EncodeFinal(&ctx->encode, out, &j); ++ *outl += j; ++ ++ if (!EVP_SignFinal(&ctx->md, s, &i, priv)) ++ goto err; ++ *sigl = EVP_EncodeBlock(sig, s, i); ++ ++ ret = 1; ++ err: ++ EVP_MD_CTX_cleanup(&ctx->md); ++ EVP_CIPHER_CTX_cleanup(&ctx->cipher); ++ if (s != NULL) ++ OPENSSL_free(s); ++ return (ret); ++} ++#else /* !OPENSSL_NO_RSA */ + + # if PEDANTIC +-static void *dummy=&dummy; ++static void *dummy = &dummy; + # endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c +index c3b9808..b5e5c29 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,38 +65,37 @@ + #include + + void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) +- { +- EVP_DigestInit_ex(ctx, type, NULL); +- } +- +-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, +- unsigned int count) +- { +- EVP_DigestUpdate(ctx,data,count); +- } ++{ ++ EVP_DigestInit_ex(ctx, type, NULL); ++} + +-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, +- EVP_PKEY *pkey) +- { +- unsigned char *m; +- int i,ret=0; +- unsigned int m_len; ++void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) ++{ ++ EVP_DigestUpdate(ctx, data, count); ++} + +- m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2); +- if (m == NULL) +- { +- PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, ++ unsigned int *siglen, EVP_PKEY *pkey) ++{ ++ unsigned char *m; ++ int i, ret = 0; ++ unsigned int m_len; + +- if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err; ++ m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); ++ if (m == NULL) { ++ PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- i=EVP_EncodeBlock(sigret,m,m_len); +- *siglen=i; +- ret=1; +-err: +- /* ctx has been zeroed by EVP_SignFinal() */ +- if (m != NULL) OPENSSL_free(m); +- return(ret); +- } ++ if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0) ++ goto err; + ++ i = EVP_EncodeBlock(sigret, m, m_len); ++ *siglen = i; ++ ret = 1; ++ err: ++ /* ctx has been zeroed by EVP_SignFinal() */ ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +index 3f709f1..9d75d20 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +@@ -1,6 +1,7 @@ + /* pem_x509.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,4 +67,3 @@ + #include + + IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) +- +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +index 7cc7491..ebd1803 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +@@ -1,6 +1,7 @@ + /* pem_xaux.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,4 +67,5 @@ + #include + + IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) +-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR) ++IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, ++ X509_CERT_PAIR) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +index 1f3e378..54e4af5 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +@@ -1,6 +1,7 @@ + /* p12_add.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,163 +63,167 @@ + + /* Pack an object into an OCTET STRING and turn into a safebag */ + +-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, +- int nid2) ++PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, ++ int nid1, int nid2) + { +- PKCS12_BAGS *bag; +- PKCS12_SAFEBAG *safebag; +- if (!(bag = PKCS12_BAGS_new())) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- bag->type = OBJ_nid2obj(nid1); +- if (!ASN1_item_pack(obj, it, &bag->value.octet)) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- if (!(safebag = PKCS12_SAFEBAG_new())) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- safebag->value.bag = bag; +- safebag->type = OBJ_nid2obj(nid2); +- return safebag; ++ PKCS12_BAGS *bag; ++ PKCS12_SAFEBAG *safebag; ++ if (!(bag = PKCS12_BAGS_new())) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ bag->type = OBJ_nid2obj(nid1); ++ if (!ASN1_item_pack(obj, it, &bag->value.octet)) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (!(safebag = PKCS12_SAFEBAG_new())) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ safebag->value.bag = bag; ++ safebag->type = OBJ_nid2obj(nid2); ++ return safebag; + } + + /* Turn PKCS8 object into a keybag */ + + PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) + { +- PKCS12_SAFEBAG *bag; +- if (!(bag = PKCS12_SAFEBAG_new())) { +- PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- bag->type = OBJ_nid2obj(NID_keyBag); +- bag->value.keybag = p8; +- return bag; ++ PKCS12_SAFEBAG *bag; ++ if (!(bag = PKCS12_SAFEBAG_new())) { ++ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ bag->type = OBJ_nid2obj(NID_keyBag); ++ bag->value.keybag = p8; ++ return bag; + } + + /* Turn PKCS8 object into a shrouded keybag */ + + PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, +- int passlen, unsigned char *salt, int saltlen, int iter, +- PKCS8_PRIV_KEY_INFO *p8) ++ int passlen, unsigned char *salt, ++ int saltlen, int iter, ++ PKCS8_PRIV_KEY_INFO *p8) + { +- PKCS12_SAFEBAG *bag; +- +- /* Set up the safe bag */ +- if (!(bag = PKCS12_SAFEBAG_new())) { +- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); +- if (!(bag->value.shkeybag = +- PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, +- p8))) { +- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- return bag; ++ PKCS12_SAFEBAG *bag; ++ ++ /* Set up the safe bag */ ++ if (!(bag = PKCS12_SAFEBAG_new())) { ++ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); ++ if (!(bag->value.shkeybag = ++ PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, ++ p8))) { ++ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ return bag; + } + + /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ + PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) + { +- PKCS7 *p7; +- if (!(p7 = PKCS7_new())) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- p7->type = OBJ_nid2obj(NID_pkcs7_data); +- if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); +- return NULL; +- } +- return p7; ++ PKCS7 *p7; ++ if (!(p7 = PKCS7_new())) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ p7->type = OBJ_nid2obj(NID_pkcs7_data); ++ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); ++ return NULL; ++ } ++ return p7; + } + + /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ + STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) + { +- if(!PKCS7_type_is_data(p7)) +- { +- PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA); +- return NULL; +- } +- return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); ++ if (!PKCS7_type_is_data(p7)) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, ++ PKCS12_R_CONTENT_TYPE_NOT_DATA); ++ return NULL; ++ } ++ return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + } + + /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ + + PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, +- unsigned char *salt, int saltlen, int iter, +- STACK_OF(PKCS12_SAFEBAG) *bags) ++ unsigned char *salt, int saltlen, int iter, ++ STACK_OF(PKCS12_SAFEBAG) *bags) + { +- PKCS7 *p7; +- X509_ALGOR *pbe; +- if (!(p7 = PKCS7_new())) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, +- PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); +- return NULL; +- } +- if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); +- p7->d.encrypted->enc_data->algorithm = pbe; +- M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); +- if (!(p7->d.encrypted->enc_data->enc_data = +- PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, +- bags, 1))) { +- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); +- return NULL; +- } +- +- return p7; ++ PKCS7 *p7; ++ X509_ALGOR *pbe; ++ if (!(p7 = PKCS7_new())) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ++ PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); ++ return NULL; ++ } ++ if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); ++ p7->d.encrypted->enc_data->algorithm = pbe; ++ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); ++ if (!(p7->d.encrypted->enc_data->enc_data = ++ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, ++ passlen, bags, 1))) { ++ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); ++ return NULL; ++ } ++ ++ return p7; + } + +-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) ++STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, ++ int passlen) + { +- if(!PKCS7_type_is_encrypted(p7)) return NULL; +- return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, +- ASN1_ITEM_rptr(PKCS12_SAFEBAGS), +- pass, passlen, +- p7->d.encrypted->enc_data->enc_data, 1); ++ if (!PKCS7_type_is_encrypted(p7)) ++ return NULL; ++ return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, ++ ASN1_ITEM_rptr(PKCS12_SAFEBAGS), ++ pass, passlen, ++ p7->d.encrypted->enc_data->enc_data, 1); + } + +-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, +- int passlen) ++PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, ++ const char *pass, int passlen) + { +- return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); ++ return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); + } + +-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) ++int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) + { +- if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), +- &p12->authsafes->d.data)) +- return 1; +- return 0; ++ if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), ++ &p12->authsafes->d.data)) ++ return 1; ++ return 0; + } + + STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) + { +- if (!PKCS7_type_is_data(p12->authsafes)) +- { +- PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA); +- return NULL; +- } +- return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); ++ if (!PKCS7_type_is_data(p12->authsafes)) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, ++ PKCS12_R_CONTENT_TYPE_NOT_DATA); ++ return NULL; ++ } ++ return ASN1_item_unpack(p12->authsafes->d.data, ++ ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c +index 6e27633..370ddbd 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c +@@ -1,6 +1,7 @@ + /* p12_asn.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,17 +65,17 @@ + /* PKCS#12 ASN1 module */ + + ASN1_SEQUENCE(PKCS12) = { +- ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), +- ASN1_SIMPLE(PKCS12, authsafes, PKCS7), +- ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) ++ ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), ++ ASN1_SIMPLE(PKCS12, authsafes, PKCS7), ++ ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) + } ASN1_SEQUENCE_END(PKCS12) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS12) + + ASN1_SEQUENCE(PKCS12_MAC_DATA) = { +- ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), +- ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), +- ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) ++ ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), ++ ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), ++ ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) + } ASN1_SEQUENCE_END(PKCS12_MAC_DATA) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +@@ -82,14 +83,14 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) + ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0); + + ASN1_ADB(PKCS12_BAGS) = { +- ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), +- ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), +- ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), ++ ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), ++ ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), ++ ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), + } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); + + ASN1_SEQUENCE(PKCS12_BAGS) = { +- ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), +- ASN1_ADB_OBJECT(PKCS12_BAGS), ++ ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), ++ ASN1_ADB_OBJECT(PKCS12_BAGS), + } ASN1_SEQUENCE_END(PKCS12_BAGS) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) +@@ -97,29 +98,28 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) + ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0); + + ASN1_ADB(PKCS12_SAFEBAG) = { +- ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), +- ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), +- ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), +- ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), +- ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), +- ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) ++ ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ++ ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), ++ ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ++ ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ++ ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ++ ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) + } ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL); + + ASN1_SEQUENCE(PKCS12_SAFEBAG) = { +- ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), +- ASN1_ADB_OBJECT(PKCS12_SAFEBAG), +- ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) ++ ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), ++ ASN1_ADB_OBJECT(PKCS12_SAFEBAG), ++ ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) + } ASN1_SEQUENCE_END(PKCS12_SAFEBAG) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG) + + /* SEQUENCE OF SafeBag */ +-ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) ++ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) + ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS) + + /* Authsafes: SEQUENCE OF PKCS7 */ +-ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) ++ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) + ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES) +- +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +index 856933d..1b57ac8 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +@@ -1,6 +1,7 @@ + /* p12_attr.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,90 +63,91 @@ + + #ifdef OPENSSL_SYS_NETWARE + /* Rename these functions to avoid name clashes on NetWare OS */ +-#define uni2asc OPENSSL_uni2asc +-#define asc2uni OPENSSL_asc2uni ++# define uni2asc OPENSSL_uni2asc ++# define asc2uni OPENSSL_asc2uni + #endif + + /* Add a local keyid to a safebag */ + + int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, +- int namelen) ++ int namelen) + { +- if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, +- V_ASN1_OCTET_STRING, name, namelen)) +- return 1; +- else +- return 0; ++ if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, ++ V_ASN1_OCTET_STRING, name, namelen)) ++ return 1; ++ else ++ return 0; + } + + /* Add key usage to PKCS#8 structure */ + + int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) + { +- unsigned char us_val; +- us_val = (unsigned char) usage; +- if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, +- V_ASN1_BIT_STRING, &us_val, 1)) +- return 1; +- else +- return 0; ++ unsigned char us_val; ++ us_val = (unsigned char)usage; ++ if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, ++ V_ASN1_BIT_STRING, &us_val, 1)) ++ return 1; ++ else ++ return 0; + } + + /* Add a friendlyname to a safebag */ + + int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, +- int namelen) ++ int namelen) + { +- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, +- MBSTRING_ASC, (unsigned char *)name, namelen)) +- return 1; +- else +- return 0; ++ if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, ++ MBSTRING_ASC, (unsigned char *)name, namelen)) ++ return 1; ++ else ++ return 0; + } + +- + int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, +- const unsigned char *name, int namelen) ++ const unsigned char *name, int namelen) + { +- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, +- MBSTRING_BMP, name, namelen)) +- return 1; +- else +- return 0; ++ if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, ++ MBSTRING_BMP, name, namelen)) ++ return 1; ++ else ++ return 0; + } + +-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, +- int namelen) ++int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) + { +- if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, +- MBSTRING_ASC, (unsigned char *)name, namelen)) +- return 1; +- else +- return 0; ++ if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, ++ MBSTRING_ASC, (unsigned char *)name, namelen)) ++ return 1; ++ else ++ return 0; + } + + ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) + { +- X509_ATTRIBUTE *attrib; +- int i; +- if (!attrs) return NULL; +- for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) { +- attrib = sk_X509_ATTRIBUTE_value (attrs, i); +- if (OBJ_obj2nid (attrib->object) == attr_nid) { +- if (sk_ASN1_TYPE_num (attrib->value.set)) +- return sk_ASN1_TYPE_value(attrib->value.set, 0); +- else return NULL; +- } +- } +- return NULL; ++ X509_ATTRIBUTE *attrib; ++ int i; ++ if (!attrs) ++ return NULL; ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { ++ attrib = sk_X509_ATTRIBUTE_value(attrs, i); ++ if (OBJ_obj2nid(attrib->object) == attr_nid) { ++ if (sk_ASN1_TYPE_num(attrib->value.set)) ++ return sk_ASN1_TYPE_value(attrib->value.set, 0); ++ else ++ return NULL; ++ } ++ } ++ return NULL; + } + + char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) + { +- ASN1_TYPE *atype; +- if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; +- if (atype->type != V_ASN1_BMPSTRING) return NULL; +- return uni2asc(atype->value.bmpstring->data, +- atype->value.bmpstring->length); ++ ASN1_TYPE *atype; ++ if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) ++ return NULL; ++ if (atype->type != V_ASN1_BMPSTRING) ++ return NULL; ++ return uni2asc(atype->value.bmpstring->data, ++ atype->value.bmpstring->length); + } +- +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +index f8b952e..d75adf5 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +@@ -1,6 +1,7 @@ + /* p12_crpt.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,66 +66,69 @@ + void PKCS12_PBE_add(void) + { + #ifndef OPENSSL_NO_RC4 +-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), +- PKCS12_PBE_keyivgen); +-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), +- PKCS12_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), ++ PKCS12_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), ++ PKCS12_PBE_keyivgen); + #endif + #ifndef OPENSSL_NO_DES +-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, +- EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); +-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, +- EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, ++ EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, ++ EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); + #endif + #ifndef OPENSSL_NO_RC2 +-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), +- EVP_sha1(), PKCS12_PBE_keyivgen); +-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), +- EVP_sha1(), PKCS12_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), ++ EVP_sha1(), PKCS12_PBE_keyivgen); ++ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), ++ EVP_sha1(), PKCS12_PBE_keyivgen); + #endif + } + + int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, +- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) ++ ASN1_TYPE *param, const EVP_CIPHER *cipher, ++ const EVP_MD *md, int en_de) + { +- PBEPARAM *pbe; +- int saltlen, iter, ret; +- unsigned char *salt; +- const unsigned char *pbuf; +- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; ++ PBEPARAM *pbe; ++ int saltlen, iter, ret; ++ unsigned char *salt; ++ const unsigned char *pbuf; ++ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + +- /* Extract useful info from parameter */ +- if (param == NULL || param->type != V_ASN1_SEQUENCE || +- param->value.sequence == NULL) { +- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); +- return 0; +- } ++ /* Extract useful info from parameter */ ++ if (param == NULL || param->type != V_ASN1_SEQUENCE || ++ param->value.sequence == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } + +- pbuf = param->value.sequence->data; +- if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { +- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR); +- return 0; +- } ++ pbuf = param->value.sequence->data; ++ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } + +- if (!pbe->iter) iter = 1; +- else iter = ASN1_INTEGER_get (pbe->iter); +- salt = pbe->salt->data; +- saltlen = pbe->salt->length; +- if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, +- iter, EVP_CIPHER_key_length(cipher), key, md)) { +- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR); +- PBEPARAM_free(pbe); +- return 0; +- } +- if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, +- iter, EVP_CIPHER_iv_length(cipher), iv, md)) { +- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR); +- PBEPARAM_free(pbe); +- return 0; +- } +- PBEPARAM_free(pbe); +- ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); +- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); +- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); +- return ret; ++ if (!pbe->iter) ++ iter = 1; ++ else ++ iter = ASN1_INTEGER_get(pbe->iter); ++ salt = pbe->salt->data; ++ saltlen = pbe->salt->length; ++ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, ++ iter, EVP_CIPHER_key_length(cipher), key, md)) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); ++ PBEPARAM_free(pbe); ++ return 0; ++ } ++ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, ++ iter, EVP_CIPHER_iv_length(cipher), iv, md)) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); ++ PBEPARAM_free(pbe); ++ return 0; ++ } ++ PBEPARAM_free(pbe); ++ ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); ++ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); ++ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +index 3ef3be1..e9b150c 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +@@ -1,5 +1,6 @@ + /* p12_crt.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,319 +61,301 @@ + #include "cryptlib.h" + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +- +- +-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); ++static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, ++ PKCS12_SAFEBAG *bag); + + static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) +- { +- int idx; +- X509_ATTRIBUTE *attr; +- idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); +- if (idx < 0) +- return 1; +- attr = EVP_PKEY_get_attr(pkey, idx); +- if (!X509at_add1_attr(&bag->attrib, attr)) +- return 0; +- return 1; +- } ++{ ++ int idx; ++ X509_ATTRIBUTE *attr; ++ idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); ++ if (idx < 0) ++ return 1; ++ attr = EVP_PKEY_get_attr(pkey, idx); ++ if (!X509at_add1_attr(&bag->attrib, attr)) ++ return 0; ++ return 1; ++} + + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, +- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, +- int keytype) ++ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, ++ int mac_iter, int keytype) + { +- PKCS12 *p12 = NULL; +- STACK_OF(PKCS7) *safes = NULL; +- STACK_OF(PKCS12_SAFEBAG) *bags = NULL; +- PKCS12_SAFEBAG *bag = NULL; +- int i; +- unsigned char keyid[EVP_MAX_MD_SIZE]; +- unsigned int keyidlen = 0; +- +- /* Set defaults */ +- if (!nid_cert) +- { ++ PKCS12 *p12 = NULL; ++ STACK_OF(PKCS7) *safes = NULL; ++ STACK_OF(PKCS12_SAFEBAG) *bags = NULL; ++ PKCS12_SAFEBAG *bag = NULL; ++ int i; ++ unsigned char keyid[EVP_MAX_MD_SIZE]; ++ unsigned int keyidlen = 0; ++ ++ /* Set defaults */ ++ if (!nid_cert) { + #ifdef OPENSSL_FIPS +- if (FIPS_mode()) +- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +- else ++ if (FIPS_mode()) ++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++ else + #endif + #ifdef OPENSSL_NO_RC2 +- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + #else +- nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; ++ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + #endif +- } +- if (!nid_key) +- nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; +- if (!iter) +- iter = PKCS12_DEFAULT_ITER; +- if (!mac_iter) +- mac_iter = 1; +- +- if(!pkey && !cert && !ca) +- { +- PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); +- return NULL; +- } +- +- if (pkey && cert) +- { +- if(!X509_check_private_key(cert, pkey)) +- return NULL; +- X509_digest(cert, EVP_sha1(), keyid, &keyidlen); +- } +- +- if (cert) +- { +- bag = PKCS12_add_cert(&bags, cert); +- if(name && !PKCS12_add_friendlyname(bag, name, -1)) +- goto err; +- if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) +- goto err; +- } +- +- /* Add all other certificates */ +- for(i = 0; i < sk_X509_num(ca); i++) +- { +- if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) +- goto err; +- } +- +- if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) +- goto err; +- +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- bags = NULL; +- +- if (pkey) +- { +- bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); +- +- if (!bag) +- goto err; +- +- if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) +- goto err; +- if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) +- goto err; +- +- if(name && !PKCS12_add_friendlyname(bag, name, -1)) +- goto err; +- if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) +- goto err; +- } +- +- if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) +- goto err; +- +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- bags = NULL; +- +- p12 = PKCS12_add_safes(safes, 0); +- +- if (!p12) +- goto err; +- +- sk_PKCS7_pop_free(safes, PKCS7_free); +- +- safes = NULL; +- +- if ((mac_iter != -1) && +- !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) +- goto err; +- +- return p12; +- +- err: +- +- if (p12) +- PKCS12_free(p12); +- if (safes) +- sk_PKCS7_pop_free(safes, PKCS7_free); +- if (bags) +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- return NULL; ++ } ++ if (!nid_key) ++ nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++ if (!iter) ++ iter = PKCS12_DEFAULT_ITER; ++ if (!mac_iter) ++ mac_iter = 1; ++ ++ if (!pkey && !cert && !ca) { ++ PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT); ++ return NULL; ++ } ++ ++ if (pkey && cert) { ++ if (!X509_check_private_key(cert, pkey)) ++ return NULL; ++ X509_digest(cert, EVP_sha1(), keyid, &keyidlen); ++ } ++ ++ if (cert) { ++ bag = PKCS12_add_cert(&bags, cert); ++ if (name && !PKCS12_add_friendlyname(bag, name, -1)) ++ goto err; ++ if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) ++ goto err; ++ } ++ ++ /* Add all other certificates */ ++ for (i = 0; i < sk_X509_num(ca); i++) { ++ if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) ++ goto err; ++ } ++ ++ if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) ++ goto err; ++ ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ bags = NULL; ++ ++ if (pkey) { ++ bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); ++ ++ if (!bag) ++ goto err; ++ ++ if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) ++ goto err; ++ if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) ++ goto err; ++ ++ if (name && !PKCS12_add_friendlyname(bag, name, -1)) ++ goto err; ++ if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) ++ goto err; ++ } ++ ++ if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) ++ goto err; ++ ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ bags = NULL; ++ ++ p12 = PKCS12_add_safes(safes, 0); ++ ++ if (!p12) ++ goto err; ++ ++ sk_PKCS7_pop_free(safes, PKCS7_free); ++ ++ safes = NULL; ++ ++ if ((mac_iter != -1) && ++ !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) ++ goto err; ++ ++ return p12; ++ ++ err: ++ ++ if (p12) ++ PKCS12_free(p12); ++ if (safes) ++ sk_PKCS7_pop_free(safes, PKCS7_free); ++ if (bags) ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ return NULL; + + } + + PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) +- { +- PKCS12_SAFEBAG *bag = NULL; +- char *name; +- int namelen = -1; +- unsigned char *keyid; +- int keyidlen = -1; ++{ ++ PKCS12_SAFEBAG *bag = NULL; ++ char *name; ++ int namelen = -1; ++ unsigned char *keyid; ++ int keyidlen = -1; + +- /* Add user certificate */ +- if(!(bag = PKCS12_x5092certbag(cert))) +- goto err; ++ /* Add user certificate */ ++ if (!(bag = PKCS12_x5092certbag(cert))) ++ goto err; + +- /* Use friendlyName and localKeyID in certificate. +- * (if present) +- */ ++ /* ++ * Use friendlyName and localKeyID in certificate. (if present) ++ */ + +- name = (char *)X509_alias_get0(cert, &namelen); ++ name = (char *)X509_alias_get0(cert, &namelen); + +- if(name && !PKCS12_add_friendlyname(bag, name, namelen)) +- goto err; ++ if (name && !PKCS12_add_friendlyname(bag, name, namelen)) ++ goto err; + +- keyid = X509_keyid_get0(cert, &keyidlen); ++ keyid = X509_keyid_get0(cert, &keyidlen); + +- if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) +- goto err; ++ if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) ++ goto err; + +- if (!pkcs12_add_bag(pbags, bag)) +- goto err; ++ if (!pkcs12_add_bag(pbags, bag)) ++ goto err; + +- return bag; ++ return bag; + +- err: ++ err: + +- if (bag) +- PKCS12_SAFEBAG_free(bag); ++ if (bag) ++ PKCS12_SAFEBAG_free(bag); + +- return NULL; ++ return NULL; + +- } ++} + +-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, +- int key_usage, int iter, +- int nid_key, char *pass) +- { ++PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, ++ EVP_PKEY *key, int key_usage, int iter, ++ int nid_key, char *pass) ++{ + +- PKCS12_SAFEBAG *bag = NULL; +- PKCS8_PRIV_KEY_INFO *p8 = NULL; ++ PKCS12_SAFEBAG *bag = NULL; ++ PKCS8_PRIV_KEY_INFO *p8 = NULL; + +- /* Make a PKCS#8 structure */ +- if(!(p8 = EVP_PKEY2PKCS8(key))) +- goto err; +- if(key_usage && !PKCS8_add_keyusage(p8, key_usage)) +- goto err; +- if (nid_key != -1) +- { +- bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); +- PKCS8_PRIV_KEY_INFO_free(p8); +- } +- else +- bag = PKCS12_MAKE_KEYBAG(p8); ++ /* Make a PKCS#8 structure */ ++ if (!(p8 = EVP_PKEY2PKCS8(key))) ++ goto err; ++ if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) ++ goto err; ++ if (nid_key != -1) { ++ bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ } else ++ bag = PKCS12_MAKE_KEYBAG(p8); + +- if(!bag) +- goto err; ++ if (!bag) ++ goto err; + +- if (!pkcs12_add_bag(pbags, bag)) +- goto err; ++ if (!pkcs12_add_bag(pbags, bag)) ++ goto err; + +- return bag; ++ return bag; + +- err: ++ err: + +- if (bag) +- PKCS12_SAFEBAG_free(bag); ++ if (bag) ++ PKCS12_SAFEBAG_free(bag); + +- return NULL; ++ return NULL; + +- } ++} + + int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, +- int nid_safe, int iter, char *pass) +- { +- PKCS7 *p7 = NULL; +- int free_safes = 0; +- +- if (!*psafes) +- { +- *psafes = sk_PKCS7_new_null(); +- if (!*psafes) +- return 0; +- free_safes = 1; +- } +- else +- free_safes = 0; +- +- if (nid_safe == 0) ++ int nid_safe, int iter, char *pass) ++{ ++ PKCS7 *p7 = NULL; ++ int free_safes = 0; ++ ++ if (!*psafes) { ++ *psafes = sk_PKCS7_new_null(); ++ if (!*psafes) ++ return 0; ++ free_safes = 1; ++ } else ++ free_safes = 0; ++ ++ if (nid_safe == 0) + #ifdef OPENSSL_NO_RC2 +- nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + #else +- nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; ++ nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; + #endif + +- if (nid_safe == -1) +- p7 = PKCS12_pack_p7data(bags); +- else +- p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, +- iter, bags); +- if (!p7) +- goto err; +- +- if (!sk_PKCS7_push(*psafes, p7)) +- goto err; +- +- return 1; +- +- err: +- if (free_safes) +- { +- sk_PKCS7_free(*psafes); +- *psafes = NULL; +- } +- +- if (p7) +- PKCS7_free(p7); +- +- return 0; +- +- } +- +-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) +- { +- int free_bags; +- if (!pbags) +- return 1; +- if (!*pbags) +- { +- *pbags = sk_PKCS12_SAFEBAG_new_null(); +- if (!*pbags) +- return 0; +- free_bags = 1; +- } +- else +- free_bags = 0; +- +- if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) +- { +- if (free_bags) +- { +- sk_PKCS12_SAFEBAG_free(*pbags); +- *pbags = NULL; +- } +- return 0; +- } +- +- return 1; +- +- } +- ++ if (nid_safe == -1) ++ p7 = PKCS12_pack_p7data(bags); ++ else ++ p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags); ++ if (!p7) ++ goto err; ++ ++ if (!sk_PKCS7_push(*psafes, p7)) ++ goto err; ++ ++ return 1; ++ ++ err: ++ if (free_safes) { ++ sk_PKCS7_free(*psafes); ++ *psafes = NULL; ++ } ++ ++ if (p7) ++ PKCS7_free(p7); ++ ++ return 0; ++ ++} ++ ++static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, ++ PKCS12_SAFEBAG *bag) ++{ ++ int free_bags; ++ if (!pbags) ++ return 1; ++ if (!*pbags) { ++ *pbags = sk_PKCS12_SAFEBAG_new_null(); ++ if (!*pbags) ++ return 0; ++ free_bags = 1; ++ } else ++ free_bags = 0; ++ ++ if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) { ++ if (free_bags) { ++ sk_PKCS12_SAFEBAG_free(*pbags); ++ *pbags = NULL; ++ } ++ return 0; ++ } ++ ++ return 1; ++ ++} + + PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) +- { +- PKCS12 *p12; +- if (nid_p7 <= 0) +- nid_p7 = NID_pkcs7_data; +- p12 = PKCS12_init(nid_p7); ++{ ++ PKCS12 *p12; ++ if (nid_p7 <= 0) ++ nid_p7 = NID_pkcs7_data; ++ p12 = PKCS12_init(nid_p7); + +- if (!p12) +- return NULL; ++ if (!p12) ++ return NULL; + +- if(!PKCS12_pack_authsafes(p12, safes)) +- { +- PKCS12_free(p12); +- return NULL; +- } ++ if (!PKCS12_pack_authsafes(p12, safes)) { ++ PKCS12_free(p12); ++ return NULL; ++ } + +- return p12; ++ return p12; + +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +index ba77dbb..af0b7f8 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +@@ -1,6 +1,7 @@ + /* p12_decr.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,117 +62,131 @@ + #include + + /* Define this to dump decrypted output to files called DERnnn */ +-/*#define DEBUG_DECRYPT*/ +- ++/* ++ * #define DEBUG_DECRYPT ++ */ + +-/* Encrypt/Decrypt a buffer based on password and algor, result in a ++/* ++ * Encrypt/Decrypt a buffer based on password and algor, result in a + * OPENSSL_malloc'ed buffer + */ + +-unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, +- int passlen, unsigned char *in, int inlen, unsigned char **data, +- int *datalen, int en_de) ++unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, ++ int passlen, unsigned char *in, int inlen, ++ unsigned char **data, int *datalen, int en_de) + { +- unsigned char *out; +- int outlen, i; +- EVP_CIPHER_CTX ctx; +- +- EVP_CIPHER_CTX_init(&ctx); +- /* Decrypt data */ +- if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, +- algor->parameter, &ctx, en_de)) { +- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); +- return NULL; +- } +- +- if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { +- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- EVP_CipherUpdate(&ctx, out, &i, in, inlen); +- outlen = i; +- if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) { +- OPENSSL_free(out); +- out = NULL; +- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); +- goto err; +- } +- outlen += i; +- if (datalen) *datalen = outlen; +- if (data) *data = out; +- err: +- EVP_CIPHER_CTX_cleanup(&ctx); +- return out; ++ unsigned char *out; ++ int outlen, i; ++ EVP_CIPHER_CTX ctx; ++ ++ EVP_CIPHER_CTX_init(&ctx); ++ /* Decrypt data */ ++ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, ++ algor->parameter, &ctx, en_de)) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ++ PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); ++ return NULL; ++ } ++ ++ if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ EVP_CipherUpdate(&ctx, out, &i, in, inlen); ++ outlen = i; ++ if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { ++ OPENSSL_free(out); ++ out = NULL; ++ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ++ PKCS12_R_PKCS12_CIPHERFINAL_ERROR); ++ goto err; ++ } ++ outlen += i; ++ if (datalen) ++ *datalen = outlen; ++ if (data) ++ *data = out; ++ err: ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ return out; + + } + +-/* Decrypt an OCTET STRING and decode ASN1 structure +- * if zbuf set zero buffer after use. ++/* ++ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer ++ * after use. + */ + +-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, +- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) ++void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, ++ const char *pass, int passlen, ++ ASN1_OCTET_STRING *oct, int zbuf) + { +- unsigned char *out; +- const unsigned char *p; +- void *ret; +- int outlen; +- +- if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, +- &out, &outlen, 0)) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); +- return NULL; +- } +- p = out; ++ unsigned char *out; ++ const unsigned char *p; ++ void *ret; ++ int outlen; ++ ++ if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, ++ &out, &outlen, 0)) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, ++ PKCS12_R_PKCS12_PBE_CRYPT_ERROR); ++ return NULL; ++ } ++ p = out; + #ifdef DEBUG_DECRYPT +- { +- FILE *op; +- +- char fname[30]; +- static int fnm = 1; +- sprintf(fname, "DER%d", fnm++); +- op = fopen(fname, "wb"); +- fwrite (p, 1, outlen, op); +- fclose(op); +- } ++ { ++ FILE *op; ++ ++ char fname[30]; ++ static int fnm = 1; ++ sprintf(fname, "DER%d", fnm++); ++ op = fopen(fname, "wb"); ++ fwrite(p, 1, outlen, op); ++ fclose(op); ++ } + #endif +- ret = ASN1_item_d2i(NULL, &p, outlen, it); +- if (zbuf) OPENSSL_cleanse(out, outlen); +- if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); +- OPENSSL_free(out); +- return ret; ++ ret = ASN1_item_d2i(NULL, &p, outlen, it); ++ if (zbuf) ++ OPENSSL_cleanse(out, outlen); ++ if (!ret) ++ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR); ++ OPENSSL_free(out); ++ return ret; + } + +-/* Encode ASN1 structure and encrypt, return OCTET STRING +- * if zbuf set zero encoding. ++/* ++ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero ++ * encoding. + */ + +-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, +- const char *pass, int passlen, +- void *obj, int zbuf) ++ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, ++ const ASN1_ITEM *it, ++ const char *pass, int passlen, ++ void *obj, int zbuf) + { +- ASN1_OCTET_STRING *oct; +- unsigned char *in = NULL; +- int inlen; +- if (!(oct = M_ASN1_OCTET_STRING_new ())) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- inlen = ASN1_item_i2d(obj, &in, it); +- if (!in) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); +- return NULL; +- } +- if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, +- &oct->length, 1)) { +- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); +- OPENSSL_free(in); +- return NULL; +- } +- if (zbuf) OPENSSL_cleanse(in, inlen); +- OPENSSL_free(in); +- return oct; ++ ASN1_OCTET_STRING *oct; ++ unsigned char *in = NULL; ++ int inlen; ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ inlen = ASN1_item_i2d(obj, &in, it); ++ if (!in) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR); ++ return NULL; ++ } ++ if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, ++ &oct->length, 1)) { ++ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); ++ OPENSSL_free(in); ++ return NULL; ++ } ++ if (zbuf) ++ OPENSSL_cleanse(in, inlen); ++ OPENSSL_free(in); ++ return oct; + } + + IMPLEMENT_PKCS12_STACK_OF(PKCS7) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c +index d4d84b0..0322df9 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c +@@ -1,6 +1,7 @@ + /* p12_init.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,29 +65,28 @@ + + PKCS12 *PKCS12_init(int mode) + { +- PKCS12 *pkcs12; +- if (!(pkcs12 = PKCS12_new())) { +- PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- ASN1_INTEGER_set(pkcs12->version, 3); +- pkcs12->authsafes->type = OBJ_nid2obj(mode); +- switch (mode) { +- case NID_pkcs7_data: +- if (!(pkcs12->authsafes->d.data = +- M_ASN1_OCTET_STRING_new())) { +- PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- break; +- default: +- PKCS12err(PKCS12_F_PKCS12_INIT, +- PKCS12_R_UNSUPPORTED_PKCS12_MODE); +- goto err; +- } +- +- return pkcs12; +-err: +- if (pkcs12 != NULL) PKCS12_free(pkcs12); +- return NULL; ++ PKCS12 *pkcs12; ++ if (!(pkcs12 = PKCS12_new())) { ++ PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ASN1_INTEGER_set(pkcs12->version, 3); ++ pkcs12->authsafes->type = OBJ_nid2obj(mode); ++ switch (mode) { ++ case NID_pkcs7_data: ++ if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) { ++ PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ break; ++ default: ++ PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE); ++ goto err; ++ } ++ ++ return pkcs12; ++ err: ++ if (pkcs12 != NULL) ++ PKCS12_free(pkcs12); ++ return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +index 03cbcd8..dcccc10 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +@@ -1,6 +1,7 @@ + /* p12_key.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,157 +63,172 @@ + #include + + /* Uncomment out this line to get debugging info about key generation */ +-/*#define DEBUG_KEYGEN*/ ++/* ++ * #define DEBUG_KEYGEN ++ */ + #ifdef DEBUG_KEYGEN +-#include ++# include + extern BIO *bio_err; +-void h__dump (unsigned char *p, int len); ++void h__dump(unsigned char *p, int len); + #endif + + #ifdef OPENSSL_SYS_NETWARE + /* Rename these functions to avoid name clashes on NetWare OS */ +-#define uni2asc OPENSSL_uni2asc +-#define asc2uni OPENSSL_asc2uni ++# define uni2asc OPENSSL_uni2asc ++# define asc2uni OPENSSL_asc2uni + #endif + + /* PKCS12 compatible key/IV generation */ + #ifndef min +-#define min(a,b) ((a) < (b) ? (a) : (b)) ++# define min(a,b) ((a) < (b) ? (a) : (b)) + #endif + + int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, +- int saltlen, int id, int iter, int n, unsigned char *out, +- const EVP_MD *md_type) ++ int saltlen, int id, int iter, int n, ++ unsigned char *out, const EVP_MD *md_type) + { +- int ret; +- unsigned char *unipass; +- int uniplen; +- if(!pass) { +- unipass = NULL; +- uniplen = 0; +- } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { +- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, +- id, iter, n, out, md_type); +- if(unipass) { +- OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ +- OPENSSL_free(unipass); +- } +- return ret; ++ int ret; ++ unsigned char *unipass; ++ int uniplen; ++ if (!pass) { ++ unipass = NULL; ++ uniplen = 0; ++ } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { ++ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, ++ id, iter, n, out, md_type); ++ if (unipass) { ++ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ ++ OPENSSL_free(unipass); ++ } ++ return ret; + } + + int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, +- int saltlen, int id, int iter, int n, unsigned char *out, +- const EVP_MD *md_type) ++ int saltlen, int id, int iter, int n, ++ unsigned char *out, const EVP_MD *md_type) + { +- unsigned char *B, *D, *I, *p, *Ai; +- int Slen, Plen, Ilen, Ijlen; +- int i, j, u, v; +- int ret = 0; +- BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ +- EVP_MD_CTX ctx; ++ unsigned char *B, *D, *I, *p, *Ai; ++ int Slen, Plen, Ilen, Ijlen; ++ int i, j, u, v; ++ int ret = 0; ++ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ ++ EVP_MD_CTX ctx; + #ifdef DEBUG_KEYGEN +- unsigned char *tmpout = out; +- int tmpn = n; ++ unsigned char *tmpout = out; ++ int tmpn = n; + #endif + + #if 0 +- if (!pass) { +- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } ++ if (!pass) { ++ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } + #endif + +- EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_init(&ctx); + #ifdef DEBUG_KEYGEN +- fprintf(stderr, "KEYGEN DEBUG\n"); +- fprintf(stderr, "ID %d, ITER %d\n", id, iter); +- fprintf(stderr, "Password (length %d):\n", passlen); +- h__dump(pass, passlen); +- fprintf(stderr, "Salt (length %d):\n", saltlen); +- h__dump(salt, saltlen); ++ fprintf(stderr, "KEYGEN DEBUG\n"); ++ fprintf(stderr, "ID %d, ITER %d\n", id, iter); ++ fprintf(stderr, "Password (length %d):\n", passlen); ++ h__dump(pass, passlen); ++ fprintf(stderr, "Salt (length %d):\n", saltlen); ++ h__dump(salt, saltlen); + #endif +- v = EVP_MD_block_size (md_type); +- u = EVP_MD_size (md_type); +- D = OPENSSL_malloc (v); +- Ai = OPENSSL_malloc (u); +- B = OPENSSL_malloc (v + 1); +- Slen = v * ((saltlen+v-1)/v); +- if(passlen) Plen = v * ((passlen+v-1)/v); +- else Plen = 0; +- Ilen = Slen + Plen; +- I = OPENSSL_malloc (Ilen); +- Ij = BN_new(); +- Bpl1 = BN_new(); +- if (!D || !Ai || !B || !I || !Ij || !Bpl1) +- goto err; +- for (i = 0; i < v; i++) D[i] = id; +- p = I; +- for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; +- for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; +- for (;;) { +- EVP_DigestInit_ex(&ctx, md_type, NULL); +- EVP_DigestUpdate(&ctx, D, v); +- EVP_DigestUpdate(&ctx, I, Ilen); +- EVP_DigestFinal_ex(&ctx, Ai, NULL); +- for (j = 1; j < iter; j++) { +- EVP_DigestInit_ex(&ctx, md_type, NULL); +- EVP_DigestUpdate(&ctx, Ai, u); +- EVP_DigestFinal_ex(&ctx, Ai, NULL); +- } +- memcpy (out, Ai, min (n, u)); +- if (u >= n) { ++ v = EVP_MD_block_size(md_type); ++ u = EVP_MD_size(md_type); ++ D = OPENSSL_malloc(v); ++ Ai = OPENSSL_malloc(u); ++ B = OPENSSL_malloc(v + 1); ++ Slen = v * ((saltlen + v - 1) / v); ++ if (passlen) ++ Plen = v * ((passlen + v - 1) / v); ++ else ++ Plen = 0; ++ Ilen = Slen + Plen; ++ I = OPENSSL_malloc(Ilen); ++ Ij = BN_new(); ++ Bpl1 = BN_new(); ++ if (!D || !Ai || !B || !I || !Ij || !Bpl1) ++ goto err; ++ for (i = 0; i < v; i++) ++ D[i] = id; ++ p = I; ++ for (i = 0; i < Slen; i++) ++ *p++ = salt[i % saltlen]; ++ for (i = 0; i < Plen; i++) ++ *p++ = pass[i % passlen]; ++ for (;;) { ++ EVP_DigestInit_ex(&ctx, md_type, NULL); ++ EVP_DigestUpdate(&ctx, D, v); ++ EVP_DigestUpdate(&ctx, I, Ilen); ++ EVP_DigestFinal_ex(&ctx, Ai, NULL); ++ for (j = 1; j < iter; j++) { ++ EVP_DigestInit_ex(&ctx, md_type, NULL); ++ EVP_DigestUpdate(&ctx, Ai, u); ++ EVP_DigestFinal_ex(&ctx, Ai, NULL); ++ } ++ memcpy(out, Ai, min(n, u)); ++ if (u >= n) { + #ifdef DEBUG_KEYGEN +- fprintf(stderr, "Output KEY (length %d)\n", tmpn); +- h__dump(tmpout, tmpn); ++ fprintf(stderr, "Output KEY (length %d)\n", tmpn); ++ h__dump(tmpout, tmpn); + #endif +- ret = 1; +- goto end; +- } +- n -= u; +- out += u; +- for (j = 0; j < v; j++) B[j] = Ai[j % u]; +- /* Work out B + 1 first then can use B as tmp space */ +- if (!BN_bin2bn (B, v, Bpl1)) goto err; +- if (!BN_add_word (Bpl1, 1)) goto err; +- for (j = 0; j < Ilen ; j+=v) { +- if (!BN_bin2bn (I + j, v, Ij)) goto err; +- if (!BN_add (Ij, Ij, Bpl1)) goto err; +- BN_bn2bin (Ij, B); +- Ijlen = BN_num_bytes (Ij); +- /* If more than 2^(v*8) - 1 cut off MSB */ +- if (Ijlen > v) { +- BN_bn2bin (Ij, B); +- memcpy (I + j, B + 1, v); ++ ret = 1; ++ goto end; ++ } ++ n -= u; ++ out += u; ++ for (j = 0; j < v; j++) ++ B[j] = Ai[j % u]; ++ /* Work out B + 1 first then can use B as tmp space */ ++ if (!BN_bin2bn(B, v, Bpl1)) ++ goto err; ++ if (!BN_add_word(Bpl1, 1)) ++ goto err; ++ for (j = 0; j < Ilen; j += v) { ++ if (!BN_bin2bn(I + j, v, Ij)) ++ goto err; ++ if (!BN_add(Ij, Ij, Bpl1)) ++ goto err; ++ BN_bn2bin(Ij, B); ++ Ijlen = BN_num_bytes(Ij); ++ /* If more than 2^(v*8) - 1 cut off MSB */ ++ if (Ijlen > v) { ++ BN_bn2bin(Ij, B); ++ memcpy(I + j, B + 1, v); + #ifndef PKCS12_BROKEN_KEYGEN +- /* If less than v bytes pad with zeroes */ +- } else if (Ijlen < v) { +- memset(I + j, 0, v - Ijlen); +- BN_bn2bin(Ij, I + j + v - Ijlen); ++ /* If less than v bytes pad with zeroes */ ++ } else if (Ijlen < v) { ++ memset(I + j, 0, v - Ijlen); ++ BN_bn2bin(Ij, I + j + v - Ijlen); + #endif +- } else BN_bn2bin (Ij, I + j); +- } +- } ++ } else ++ BN_bn2bin(Ij, I + j); ++ } ++ } + +-err: +- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); ++ err: ++ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE); + +-end: +- OPENSSL_free (Ai); +- OPENSSL_free (B); +- OPENSSL_free (D); +- OPENSSL_free (I); +- BN_free (Ij); +- BN_free (Bpl1); +- EVP_MD_CTX_cleanup(&ctx); +- return ret; ++ end: ++ OPENSSL_free(Ai); ++ OPENSSL_free(B); ++ OPENSSL_free(D); ++ OPENSSL_free(I); ++ BN_free(Ij); ++ BN_free(Bpl1); ++ EVP_MD_CTX_cleanup(&ctx); ++ return ret; + } ++ + #ifdef DEBUG_KEYGEN +-void h__dump (unsigned char *p, int len) ++void h__dump(unsigned char *p, int len) + { +- for (; len --; p++) fprintf(stderr, "%02X", *p); +- fprintf(stderr, "\n"); ++ for (; len--; p++) ++ fprintf(stderr, "%02X", *p); ++ fprintf(stderr, "\n"); + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +index bdbbbec..819251c 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +@@ -1,6 +1,7 @@ + /* p12_kiss.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,134 +63,145 @@ + + /* Simplified PKCS#12 routines */ + +-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); +- +-static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +- int passlen, EVP_PKEY **pkey, X509 **cert, +- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, +- char *keymatch); ++static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, ++ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + +-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, +- ASN1_OCTET_STRING **keyid, char *keymatch); ++static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, ++ int passlen, EVP_PKEY **pkey, X509 **cert, ++ STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, ++ char *keymatch); + +-/* Parse and decrypt a PKCS#12 structure returning user key, user cert +- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, +- * or it should point to a valid STACK structure. pkey and cert can be +- * passed unitialised. ++static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, ++ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, ++ ASN1_OCTET_STRING **keyid, char *keymatch); ++ ++/* ++ * Parse and decrypt a PKCS#12 structure returning user key, user cert and ++ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it ++ * should point to a valid STACK structure. pkey and cert can be passed ++ * unitialised. + */ + + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +- STACK_OF(X509) **ca) ++ STACK_OF(X509) **ca) + { + +- /* Check for NULL PKCS12 structure */ +- +- if(!p12) { +- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); +- return 0; +- } +- +- /* Allocate stack for ca certificates if needed */ +- if ((ca != NULL) && (*ca == NULL)) { +- if (!(*ca = sk_X509_new_null())) { +- PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- +- if(pkey) *pkey = NULL; +- if(cert) *cert = NULL; +- +- /* Check the mac */ +- +- /* If password is zero length or NULL then try verifying both cases +- * to determine which password is correct. The reason for this is that +- * under PKCS#12 password based encryption no password and a zero length +- * password are two different things... +- */ +- +- if(!pass || !*pass) { +- if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; +- else if(PKCS12_verify_mac(p12, "", 0)) pass = ""; +- else { +- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); +- goto err; +- } +- } else if (!PKCS12_verify_mac(p12, pass, -1)) { +- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); +- goto err; +- } +- +- if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) +- { +- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); +- goto err; +- } +- +- return 1; ++ /* Check for NULL PKCS12 structure */ ++ ++ if (!p12) { ++ PKCS12err(PKCS12_F_PKCS12_PARSE, ++ PKCS12_R_INVALID_NULL_PKCS12_POINTER); ++ return 0; ++ } ++ ++ /* Allocate stack for ca certificates if needed */ ++ if ((ca != NULL) && (*ca == NULL)) { ++ if (!(*ca = sk_X509_new_null())) { ++ PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ ++ if (pkey) ++ *pkey = NULL; ++ if (cert) ++ *cert = NULL; ++ ++ /* Check the mac */ ++ ++ /* ++ * If password is zero length or NULL then try verifying both cases to ++ * determine which password is correct. The reason for this is that under ++ * PKCS#12 password based encryption no password and a zero length ++ * password are two different things... ++ */ ++ ++ if (!pass || !*pass) { ++ if (PKCS12_verify_mac(p12, NULL, 0)) ++ pass = NULL; ++ else if (PKCS12_verify_mac(p12, "", 0)) ++ pass = ""; ++ else { ++ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE); ++ goto err; ++ } ++ } else if (!PKCS12_verify_mac(p12, pass, -1)) { ++ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE); ++ goto err; ++ } ++ ++ if (!parse_pk12(p12, pass, -1, pkey, cert, ca)) { ++ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR); ++ goto err; ++ } ++ ++ return 1; + + err: + +- if (pkey && *pkey) EVP_PKEY_free(*pkey); +- if (cert && *cert) X509_free(*cert); +- if (ca) sk_X509_pop_free(*ca, X509_free); +- return 0; ++ if (pkey && *pkey) ++ EVP_PKEY_free(*pkey); ++ if (cert && *cert) ++ X509_free(*cert); ++ if (ca) ++ sk_X509_pop_free(*ca, X509_free); ++ return 0; + + } + + /* Parse the outer PKCS#12 structure */ + + static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) ++ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) + { +- STACK_OF(PKCS7) *asafes; +- STACK_OF(PKCS12_SAFEBAG) *bags; +- int i, bagnid; +- PKCS7 *p7; +- ASN1_OCTET_STRING *keyid = NULL; +- +- char keymatch = 0; +- if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; +- for (i = 0; i < sk_PKCS7_num (asafes); i++) { +- p7 = sk_PKCS7_value (asafes, i); +- bagnid = OBJ_obj2nid (p7->type); +- if (bagnid == NID_pkcs7_data) { +- bags = PKCS12_unpack_p7data(p7); +- } else if (bagnid == NID_pkcs7_encrypted) { +- bags = PKCS12_unpack_p7encdata(p7, pass, passlen); +- } else continue; +- if (!bags) { +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- return 0; +- } +- if (!parse_bags(bags, pass, passlen, pkey, cert, ca, +- &keyid, &keymatch)) { +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- return 0; +- } +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- } +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- if (keyid) M_ASN1_OCTET_STRING_free(keyid); +- return 1; ++ STACK_OF(PKCS7) *asafes; ++ STACK_OF(PKCS12_SAFEBAG) *bags; ++ int i, bagnid; ++ PKCS7 *p7; ++ ASN1_OCTET_STRING *keyid = NULL; ++ ++ char keymatch = 0; ++ if (!(asafes = PKCS12_unpack_authsafes(p12))) ++ return 0; ++ for (i = 0; i < sk_PKCS7_num(asafes); i++) { ++ p7 = sk_PKCS7_value(asafes, i); ++ bagnid = OBJ_obj2nid(p7->type); ++ if (bagnid == NID_pkcs7_data) { ++ bags = PKCS12_unpack_p7data(p7); ++ } else if (bagnid == NID_pkcs7_encrypted) { ++ bags = PKCS12_unpack_p7encdata(p7, pass, passlen); ++ } else ++ continue; ++ if (!bags) { ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ return 0; ++ } ++ if (!parse_bags(bags, pass, passlen, pkey, cert, ca, ++ &keyid, &keymatch)) { ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ return 0; ++ } ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ } ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ if (keyid) ++ M_ASN1_OCTET_STRING_free(keyid); ++ return 1; + } + +- + static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, +- int passlen, EVP_PKEY **pkey, X509 **cert, +- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, +- char *keymatch) ++ int passlen, EVP_PKEY **pkey, X509 **cert, ++ STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, ++ char *keymatch) + { +- int i; +- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { +- if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), +- pass, passlen, pkey, cert, ca, keyid, +- keymatch)) return 0; +- } +- return 1; ++ int i; ++ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { ++ if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), ++ pass, passlen, pkey, cert, ca, keyid, keymatch)) ++ return 0; ++ } ++ return 1; + } + + #define MATCH_KEY 0x1 +@@ -197,101 +209,104 @@ static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + #define MATCH_ALL 0x3 + + static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, +- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, +- ASN1_OCTET_STRING **keyid, +- char *keymatch) ++ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, ++ ASN1_OCTET_STRING **keyid, char *keymatch) + { +- PKCS8_PRIV_KEY_INFO *p8; +- X509 *x509; +- ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; +- ASN1_TYPE *attrib; +- ASN1_BMPSTRING *fname = NULL; +- +- if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) +- fname = attrib->value.bmpstring; +- +- if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { +- lkey = attrib->value.octet_string; +- ckid = lkey; +- } +- +- /* Check for any local key id matching (if needed) */ +- if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { +- if (*keyid) { +- if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; +- } else { +- if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { +- PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- } +- +- switch (M_PKCS12_bag_type(bag)) +- { +- case NID_keyBag: +- if (!lkey || !pkey) return 1; +- if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; +- *keymatch |= MATCH_KEY; +- break; +- +- case NID_pkcs8ShroudedKeyBag: +- if (!lkey || !pkey) return 1; +- if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) +- return 0; +- *pkey = EVP_PKCS82PKEY(p8); +- PKCS8_PRIV_KEY_INFO_free(p8); +- if (!(*pkey)) return 0; +- *keymatch |= MATCH_KEY; +- break; +- +- case NID_certBag: +- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) +- return 1; +- if (!(x509 = PKCS12_certbag2x509(bag))) return 0; +- if(ckid) +- { +- if (!X509_keyid_set1(x509, ckid->data, ckid->length)) +- { +- X509_free(x509); +- return 0; +- } +- } +- if(fname) { +- int len, r; +- unsigned char *data; +- len = ASN1_STRING_to_UTF8(&data, fname); +- if(len >= 0) { +- r = X509_alias_set1(x509, data, len); +- OPENSSL_free(data); +- if (!r) +- { +- X509_free(x509); +- return 0; +- } +- } +- } +- +- +- if (lkey) { +- *keymatch |= MATCH_CERT; +- if (cert) *cert = x509; +- else X509_free(x509); +- } else { +- if(ca) sk_X509_push (*ca, x509); +- else X509_free(x509); +- } +- break; +- +- case NID_safeContentsBag: +- return parse_bags(bag->value.safes, pass, passlen, +- pkey, cert, ca, keyid, keymatch); +- break; +- +- default: +- return 1; +- break; +- } +- return 1; ++ PKCS8_PRIV_KEY_INFO *p8; ++ X509 *x509; ++ ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; ++ ASN1_TYPE *attrib; ++ ASN1_BMPSTRING *fname = NULL; ++ ++ if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) ++ fname = attrib->value.bmpstring; ++ ++ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) { ++ lkey = attrib->value.octet_string; ++ ckid = lkey; ++ } ++ ++ /* Check for any local key id matching (if needed) */ ++ if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { ++ if (*keyid) { ++ if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) ++ lkey = NULL; ++ } else { ++ if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { ++ PKCS12err(PKCS12_F_PARSE_BAG, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ } ++ ++ switch (M_PKCS12_bag_type(bag)) { ++ case NID_keyBag: ++ if (!lkey || !pkey) ++ return 1; ++ if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) ++ return 0; ++ *keymatch |= MATCH_KEY; ++ break; ++ ++ case NID_pkcs8ShroudedKeyBag: ++ if (!lkey || !pkey) ++ return 1; ++ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) ++ return 0; ++ *pkey = EVP_PKCS82PKEY(p8); ++ PKCS8_PRIV_KEY_INFO_free(p8); ++ if (!(*pkey)) ++ return 0; ++ *keymatch |= MATCH_KEY; ++ break; ++ ++ case NID_certBag: ++ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) ++ return 1; ++ if (!(x509 = PKCS12_certbag2x509(bag))) ++ return 0; ++ if (ckid) { ++ if (!X509_keyid_set1(x509, ckid->data, ckid->length)) { ++ X509_free(x509); ++ return 0; ++ } ++ } ++ if (fname) { ++ int len, r; ++ unsigned char *data; ++ len = ASN1_STRING_to_UTF8(&data, fname); ++ if (len >= 0) { ++ r = X509_alias_set1(x509, data, len); ++ OPENSSL_free(data); ++ if (!r) { ++ X509_free(x509); ++ return 0; ++ } ++ } ++ } ++ ++ if (lkey) { ++ *keymatch |= MATCH_CERT; ++ if (cert) ++ *cert = x509; ++ else ++ X509_free(x509); ++ } else { ++ if (ca) ++ sk_X509_push(*ca, x509); ++ else ++ X509_free(x509); ++ } ++ break; ++ ++ case NID_safeContentsBag: ++ return parse_bags(bag->value.safes, pass, passlen, ++ pkey, cert, ca, keyid, keymatch); ++ break; ++ ++ default: ++ return 1; ++ break; ++ } ++ return 1; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +index 70bfef6..b50f1b6 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +@@ -1,6 +1,7 @@ + /* p12_mutl.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,126 +58,130 @@ + */ + + #ifndef OPENSSL_NO_HMAC +-#include +-#include "cryptlib.h" +-#include +-#include +-#include ++# include ++# include "cryptlib.h" ++# include ++# include ++# include + + /* Generate a MAC */ + int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, +- unsigned char *mac, unsigned int *maclen) ++ unsigned char *mac, unsigned int *maclen) + { +- const EVP_MD *md_type; +- HMAC_CTX hmac; +- unsigned char key[EVP_MAX_MD_SIZE], *salt; +- int saltlen, iter; ++ const EVP_MD *md_type; ++ HMAC_CTX hmac; ++ unsigned char key[EVP_MAX_MD_SIZE], *salt; ++ int saltlen, iter; + +- if (!PKCS7_type_is_data(p12->authsafes)) +- { +- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA); +- return 0; +- } ++ if (!PKCS7_type_is_data(p12->authsafes)) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); ++ return 0; ++ } + +- salt = p12->mac->salt->data; +- saltlen = p12->mac->salt->length; +- if (!p12->mac->iter) iter = 1; +- else iter = ASN1_INTEGER_get (p12->mac->iter); +- if(!(md_type = +- EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) { +- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); +- return 0; +- } +- if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, +- EVP_MD_size(md_type), key, md_type)) { +- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); +- return 0; +- } +- HMAC_CTX_init(&hmac); +- HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); +- HMAC_Update(&hmac, p12->authsafes->d.data->data, +- p12->authsafes->d.data->length); +- HMAC_Final(&hmac, mac, maclen); +- HMAC_CTX_cleanup(&hmac); +- return 1; ++ salt = p12->mac->salt->data; ++ saltlen = p12->mac->salt->length; ++ if (!p12->mac->iter) ++ iter = 1; ++ else ++ iter = ASN1_INTEGER_get(p12->mac->iter); ++ if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); ++ return 0; ++ } ++ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, ++ EVP_MD_size(md_type), key, md_type)) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); ++ return 0; ++ } ++ HMAC_CTX_init(&hmac); ++ HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL); ++ HMAC_Update(&hmac, p12->authsafes->d.data->data, ++ p12->authsafes->d.data->length); ++ HMAC_Final(&hmac, mac, maclen); ++ HMAC_CTX_cleanup(&hmac); ++ return 1; + } + + /* Verify the mac */ + int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) + { +- unsigned char mac[EVP_MAX_MD_SIZE]; +- unsigned int maclen; +- if(p12->mac == NULL) { +- PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT); +- return 0; +- } +- if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { +- PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); +- return 0; +- } +- if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) +- || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0; +- return 1; ++ unsigned char mac[EVP_MAX_MD_SIZE]; ++ unsigned int maclen; ++ if (p12->mac == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); ++ return 0; ++ } ++ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { ++ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); ++ return 0; ++ } ++ if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ++ || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) ++ return 0; ++ return 1; + } + + /* Set a mac */ + + int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, +- unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) ++ unsigned char *salt, int saltlen, int iter, ++ const EVP_MD *md_type) + { +- unsigned char mac[EVP_MAX_MD_SIZE]; +- unsigned int maclen; ++ unsigned char mac[EVP_MAX_MD_SIZE]; ++ unsigned int maclen; + +- if (!md_type) md_type = EVP_sha1(); +- if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) == +- PKCS12_ERROR) { +- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR); +- return 0; +- } +- if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { +- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); +- return 0; +- } +- if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { +- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); +- return 0; +- } +- return 1; ++ if (!md_type) ++ md_type = EVP_sha1(); ++ if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) { ++ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); ++ return 0; ++ } ++ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { ++ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); ++ return 0; ++ } ++ if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { ++ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); ++ return 0; ++ } ++ return 1; + } + + /* Set up a mac structure */ + int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, +- const EVP_MD *md_type) ++ const EVP_MD *md_type) + { +- if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; +- if (iter > 1) { +- if(!(p12->mac->iter = M_ASN1_INTEGER_new())) { +- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { +- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- if (!saltlen) saltlen = PKCS12_SALT_LEN; +- p12->mac->salt->length = saltlen; +- if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) { +- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (!salt) { +- if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) +- return 0; +- } +- else memcpy (p12->mac->salt->data, salt, saltlen); +- p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); +- if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { +- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; +- +- return 1; ++ if (!(p12->mac = PKCS12_MAC_DATA_new())) ++ return PKCS12_ERROR; ++ if (iter > 1) { ++ if (!(p12->mac->iter = M_ASN1_INTEGER_new())) { ++ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { ++ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ if (!saltlen) ++ saltlen = PKCS12_SALT_LEN; ++ p12->mac->salt->length = saltlen; ++ if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) { ++ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!salt) { ++ if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0) ++ return 0; ++ } else ++ memcpy(p12->mac->salt->data, salt, saltlen); ++ p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); ++ if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { ++ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; ++ ++ return 1; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +index 2f71355..a89b61a 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +@@ -1,6 +1,7 @@ + /* p12_npas.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,159 +68,168 @@ + + static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); + static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, +- char *newpass); ++ char *newpass); + static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); + static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); + +-/* ++/* + * Change the password on a PKCS#12 structure. + */ + + int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) + { +- /* Check for NULL PKCS12 structure */ +- +- if(!p12) { +- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); +- return 0; +- } +- +- /* Check the mac */ +- +- if (!PKCS12_verify_mac(p12, oldpass, -1)) { +- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); +- return 0; +- } +- +- if (!newpass_p12(p12, oldpass, newpass)) { +- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); +- return 0; +- } +- +- return 1; ++ /* Check for NULL PKCS12 structure */ ++ ++ if (!p12) { ++ PKCS12err(PKCS12_F_PKCS12_NEWPASS, ++ PKCS12_R_INVALID_NULL_PKCS12_POINTER); ++ return 0; ++ } ++ ++ /* Check the mac */ ++ ++ if (!PKCS12_verify_mac(p12, oldpass, -1)) { ++ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE); ++ return 0; ++ } ++ ++ if (!newpass_p12(p12, oldpass, newpass)) { ++ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR); ++ return 0; ++ } ++ ++ return 1; + } + + /* Parse the outer PKCS#12 structure */ + + static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) + { +- STACK_OF(PKCS7) *asafes, *newsafes; +- STACK_OF(PKCS12_SAFEBAG) *bags; +- int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; +- PKCS7 *p7, *p7new; +- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; +- unsigned char mac[EVP_MAX_MD_SIZE]; +- unsigned int maclen; +- +- if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0; +- if(!(newsafes = sk_PKCS7_new_null())) return 0; +- for (i = 0; i < sk_PKCS7_num (asafes); i++) { +- p7 = sk_PKCS7_value(asafes, i); +- bagnid = OBJ_obj2nid(p7->type); +- if (bagnid == NID_pkcs7_data) { +- bags = PKCS12_unpack_p7data(p7); +- } else if (bagnid == NID_pkcs7_encrypted) { +- bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); +- if (!alg_get(p7->d.encrypted->enc_data->algorithm, +- &pbe_nid, &pbe_iter, &pbe_saltlen)) +- { +- sk_PKCS12_SAFEBAG_pop_free(bags, +- PKCS12_SAFEBAG_free); +- bags = NULL; +- } +- } else continue; +- if (!bags) { +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- return 0; +- } +- if (!newpass_bags(bags, oldpass, newpass)) { +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- return 0; +- } +- /* Repack bag in same form with new password */ +- if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); +- else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, +- pbe_saltlen, pbe_iter, bags); +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); +- if(!p7new) { +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- return 0; +- } +- sk_PKCS7_push(newsafes, p7new); +- } +- sk_PKCS7_pop_free(asafes, PKCS7_free); +- +- /* Repack safe: save old safe in case of error */ +- +- p12_data_tmp = p12->authsafes->d.data; +- if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; +- if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr; +- +- if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; +- if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; +- if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; +- ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); +- p12->mac->dinfo->digest = macnew; +- ASN1_OCTET_STRING_free(p12_data_tmp); +- +- return 1; +- +- saferr: +- /* Restore old safe */ +- ASN1_OCTET_STRING_free(p12->authsafes->d.data); +- ASN1_OCTET_STRING_free(macnew); +- p12->authsafes->d.data = p12_data_tmp; +- return 0; ++ STACK_OF(PKCS7) *asafes, *newsafes; ++ STACK_OF(PKCS12_SAFEBAG) *bags; ++ int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; ++ PKCS7 *p7, *p7new; ++ ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; ++ unsigned char mac[EVP_MAX_MD_SIZE]; ++ unsigned int maclen; ++ ++ if (!(asafes = PKCS12_unpack_authsafes(p12))) ++ return 0; ++ if (!(newsafes = sk_PKCS7_new_null())) ++ return 0; ++ for (i = 0; i < sk_PKCS7_num(asafes); i++) { ++ p7 = sk_PKCS7_value(asafes, i); ++ bagnid = OBJ_obj2nid(p7->type); ++ if (bagnid == NID_pkcs7_data) { ++ bags = PKCS12_unpack_p7data(p7); ++ } else if (bagnid == NID_pkcs7_encrypted) { ++ bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); ++ if (!alg_get(p7->d.encrypted->enc_data->algorithm, ++ &pbe_nid, &pbe_iter, &pbe_saltlen)) { ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ bags = NULL; ++ } ++ } else ++ continue; ++ if (!bags) { ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ return 0; ++ } ++ if (!newpass_bags(bags, oldpass, newpass)) { ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ return 0; ++ } ++ /* Repack bag in same form with new password */ ++ if (bagnid == NID_pkcs7_data) ++ p7new = PKCS12_pack_p7data(bags); ++ else ++ p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, ++ pbe_saltlen, pbe_iter, bags); ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ if (!p7new) { ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ return 0; ++ } ++ sk_PKCS7_push(newsafes, p7new); ++ } ++ sk_PKCS7_pop_free(asafes, PKCS7_free); ++ ++ /* Repack safe: save old safe in case of error */ ++ ++ p12_data_tmp = p12->authsafes->d.data; ++ if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) ++ goto saferr; ++ if (!PKCS12_pack_authsafes(p12, newsafes)) ++ goto saferr; ++ ++ if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) ++ goto saferr; ++ if (!(macnew = ASN1_OCTET_STRING_new())) ++ goto saferr; ++ if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) ++ goto saferr; ++ ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); ++ p12->mac->dinfo->digest = macnew; ++ ASN1_OCTET_STRING_free(p12_data_tmp); ++ ++ return 1; ++ ++ saferr: ++ /* Restore old safe */ ++ ASN1_OCTET_STRING_free(p12->authsafes->d.data); ++ ASN1_OCTET_STRING_free(macnew); ++ p12->authsafes->d.data = p12_data_tmp; ++ return 0; + + } + +- + static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, +- char *newpass) ++ char *newpass) + { +- int i; +- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { +- if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), +- oldpass, newpass)) +- return 0; +- } +- return 1; ++ int i; ++ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { ++ if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass)) ++ return 0; ++ } ++ return 1; + } + + /* Change password of safebag: only needs handle shrouded keybags */ + + static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) + { +- PKCS8_PRIV_KEY_INFO *p8; +- X509_SIG *p8new; +- int p8_nid, p8_saltlen, p8_iter; +- +- if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; +- +- if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0; +- if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, +- &p8_saltlen)) +- return 0; +- if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, +- p8_iter, p8))) return 0; +- X509_SIG_free(bag->value.shkeybag); +- bag->value.shkeybag = p8new; +- return 1; ++ PKCS8_PRIV_KEY_INFO *p8; ++ X509_SIG *p8new; ++ int p8_nid, p8_saltlen, p8_iter; ++ ++ if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) ++ return 1; ++ ++ if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) ++ return 0; ++ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) ++ return 0; ++ if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, ++ p8_iter, p8))) ++ return 0; ++ X509_SIG_free(bag->value.shkeybag); ++ bag->value.shkeybag = p8new; ++ return 1; + } + + static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) + { +- PBEPARAM *pbe; +- const unsigned char *p; +- +- p = alg->parameter->value.sequence->data; +- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); +- if (!pbe) +- return 0; +- *pnid = OBJ_obj2nid(alg->algorithm); +- *piter = ASN1_INTEGER_get(pbe->iter); +- *psaltlen = pbe->salt->length; +- PBEPARAM_free(pbe); +- return 1; ++ PBEPARAM *pbe; ++ const unsigned char *p; ++ ++ p = alg->parameter->value.sequence->data; ++ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); ++ if (!pbe) ++ return 0; ++ *pnid = OBJ_obj2nid(alg->algorithm); ++ *piter = ASN1_INTEGER_get(pbe->iter); ++ *psaltlen = pbe->salt->length; ++ PBEPARAM_free(pbe); ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c +index deba81e..3cc7a9f 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c +@@ -1,6 +1,7 @@ + /* p12_p8d.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,9 +61,10 @@ + #include "cryptlib.h" + #include + +-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen) ++PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, ++ int passlen) + { +- return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, +- passlen, p8->digest, 1); ++ return PKCS12_item_decrypt_d2i(p8->algor, ++ ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, ++ passlen, p8->digest, 1); + } +- +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +index bf20a77..d970f05 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +@@ -1,6 +1,7 @@ + /* p12_p8e.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,37 +62,40 @@ + #include + + X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, +- const char *pass, int passlen, +- unsigned char *salt, int saltlen, int iter, +- PKCS8_PRIV_KEY_INFO *p8inf) ++ const char *pass, int passlen, ++ unsigned char *salt, int saltlen, int iter, ++ PKCS8_PRIV_KEY_INFO *p8inf) + { +- X509_SIG *p8 = NULL; +- X509_ALGOR *pbe; ++ X509_SIG *p8 = NULL; ++ X509_ALGOR *pbe; + +- if (!(p8 = X509_SIG_new())) { +- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ if (!(p8 = X509_SIG_new())) { ++ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); +- else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); +- if(!pbe) { +- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); +- goto err; +- } +- X509_ALGOR_free(p8->algor); +- p8->algor = pbe; +- M_ASN1_OCTET_STRING_free(p8->digest); +- p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), +- pass, passlen, p8inf, 1); +- if(!p8->digest) { +- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); +- goto err; +- } ++ if (pbe_nid == -1) ++ pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); ++ else ++ pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); ++ if (!pbe) { ++ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ X509_ALGOR_free(p8->algor); ++ p8->algor = pbe; ++ M_ASN1_OCTET_STRING_free(p8->digest); ++ p8->digest = ++ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), ++ pass, passlen, p8inf, 1); ++ if (!p8->digest) { ++ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); ++ goto err; ++ } + +- return p8; ++ return p8; + +- err: +- X509_SIG_free(p8); +- return NULL; ++ err: ++ X509_SIG_free(p8); ++ return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +index 2edbf90..fc53cf0 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +@@ -1,6 +1,7 @@ + /* p12_utl.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,91 +63,105 @@ + + #ifdef OPENSSL_SYS_NETWARE + /* Rename these functions to avoid name clashes on NetWare OS */ +-#define uni2asc OPENSSL_uni2asc +-#define asc2uni OPENSSL_asc2uni ++# define uni2asc OPENSSL_uni2asc ++# define asc2uni OPENSSL_asc2uni + #endif + + /* Cheap and nasty Unicode stuff */ + +-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) ++unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, ++ int *unilen) + { +- int ulen, i; +- unsigned char *unitmp; +- if (asclen == -1) asclen = strlen(asc); +- ulen = asclen*2 + 2; +- if (!(unitmp = OPENSSL_malloc(ulen))) return NULL; +- for (i = 0; i < ulen - 2; i+=2) { +- unitmp[i] = 0; +- unitmp[i + 1] = asc[i>>1]; +- } +- /* Make result double null terminated */ +- unitmp[ulen - 2] = 0; +- unitmp[ulen - 1] = 0; +- if (unilen) *unilen = ulen; +- if (uni) *uni = unitmp; +- return unitmp; ++ int ulen, i; ++ unsigned char *unitmp; ++ if (asclen == -1) ++ asclen = strlen(asc); ++ ulen = asclen * 2 + 2; ++ if (!(unitmp = OPENSSL_malloc(ulen))) ++ return NULL; ++ for (i = 0; i < ulen - 2; i += 2) { ++ unitmp[i] = 0; ++ unitmp[i + 1] = asc[i >> 1]; ++ } ++ /* Make result double null terminated */ ++ unitmp[ulen - 2] = 0; ++ unitmp[ulen - 1] = 0; ++ if (unilen) ++ *unilen = ulen; ++ if (uni) ++ *uni = unitmp; ++ return unitmp; + } + + char *uni2asc(unsigned char *uni, int unilen) + { +- int asclen, i; +- char *asctmp; +- asclen = unilen / 2; +- /* If no terminating zero allow for one */ +- if (!unilen || uni[unilen - 1]) asclen++; +- uni++; +- if (!(asctmp = OPENSSL_malloc(asclen))) return NULL; +- for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; +- asctmp[asclen - 1] = 0; +- return asctmp; ++ int asclen, i; ++ char *asctmp; ++ asclen = unilen / 2; ++ /* If no terminating zero allow for one */ ++ if (!unilen || uni[unilen - 1]) ++ asclen++; ++ uni++; ++ if (!(asctmp = OPENSSL_malloc(asclen))) ++ return NULL; ++ for (i = 0; i < unilen; i += 2) ++ asctmp[i >> 1] = uni[i]; ++ asctmp[asclen - 1] = 0; ++ return asctmp; + } + + int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) + { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); + } + + #ifndef OPENSSL_NO_FP_API + int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) + { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); + } + #endif + + PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) + { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); + } ++ + #ifndef OPENSSL_NO_FP_API + PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) + { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); + } + #endif + + PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509) + { +- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), +- NID_x509Certificate, NID_certBag); ++ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), ++ NID_x509Certificate, NID_certBag); + } + + PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl) + { +- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), +- NID_x509Crl, NID_crlBag); ++ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), ++ NID_x509Crl, NID_crlBag); + } + + X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) + { +- if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL; +- if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL; +- return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509)); ++ if (M_PKCS12_bag_type(bag) != NID_certBag) ++ return NULL; ++ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) ++ return NULL; ++ return ASN1_item_unpack(bag->value.bag->value.octet, ++ ASN1_ITEM_rptr(X509)); + } + + X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) + { +- if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL; +- if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL; +- return ASN1_item_unpack(bag->value.bag->value.octet, +- ASN1_ITEM_rptr(X509_CRL)); ++ if (M_PKCS12_bag_type(bag) != NID_crlBag) ++ return NULL; ++ if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl) ++ return NULL; ++ return ASN1_item_unpack(bag->value.bag->value.octet, ++ ASN1_ITEM_rptr(X509_CRL)); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +index 07a1fb6..799f838 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,80 +66,84 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) + +-static ERR_STRING_DATA PKCS12_str_functs[]= +- { +-{ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, +-{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, +-{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, +-{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, +-{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, +-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, +-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, +-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, +-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, +-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, +-{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, +-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, +-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, +-{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, +-{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, +-{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, +-{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, +-{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, +-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, +-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, +-{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, +-{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, +-{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA PKCS12_str_functs[] = { ++ {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, ++ {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), ++ "PKCS12_add_friendlyname_asc"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), ++ "PKCS12_add_friendlyname_uni"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, ++ {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, ++ {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA PKCS12_str_reasons[]= +- { +-{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"}, +-{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"}, +-{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"}, +-{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"}, +-{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"}, +-{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"}, +-{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, +-{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"}, +-{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"}, +-{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"}, +-{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"}, +-{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"}, +-{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"}, +-{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"}, +-{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"}, +-{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"}, +-{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"}, +-{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"}, +-{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"}, +-{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"}, +-{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"}, +-{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA PKCS12_str_reasons[] = { ++ {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"}, ++ {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"}, ++ {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"}, ++ {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"}, ++ {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"}, ++ {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), ++ "error setting encrypted data type"}, ++ {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, ++ {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), ++ "invalid null pkcs12 pointer"}, ++ {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"}, ++ {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"}, ++ {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"}, ++ {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"}, ++ {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, ++ {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"}, ++ {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"}, ++ {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"}, ++ {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"}, ++ {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), ++ "pkcs12 algor cipherinit error"}, ++ {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), ++ "pkcs12 cipherfinal error"}, ++ {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"}, ++ {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), ++ "unknown digest algorithm"}, ++ {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_PKCS12_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,PKCS12_str_functs); +- ERR_load_strings(0,PKCS12_str_reasons); +- } ++ if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, PKCS12_str_functs); ++ ERR_load_strings(0, PKCS12_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +index 1f70d31..0e4e69d 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +@@ -1,6 +1,7 @@ + /* pk7_asn.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -69,17 +70,17 @@ + ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); + + ASN1_ADB(PKCS7) = { +- ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), +- ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), +- ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), +- ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), +- ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), +- ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) ++ ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), ++ ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), ++ ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), ++ ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), ++ ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), ++ ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) + } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); + + ASN1_NDEF_SEQUENCE(PKCS7) = { +- ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), +- ASN1_ADB_OBJECT(PKCS7) ++ ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), ++ ASN1_ADB_OBJECT(PKCS7) + }ASN1_NDEF_SEQUENCE_END(PKCS7) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7) +@@ -87,12 +88,12 @@ IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) + IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) + + ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { +- ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), +- ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), +- ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), +- ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), +- ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), +- ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) ++ ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), ++ ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), ++ ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), ++ ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), ++ ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), ++ ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) + } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) +@@ -100,41 +101,41 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) + /* Minor tweak to operation: free up EVP_PKEY */ + static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_FREE_POST) { +- PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; +- EVP_PKEY_free(si->pkey); +- } +- return 1; ++ if (operation == ASN1_OP_FREE_POST) { ++ PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; ++ EVP_PKEY_free(si->pkey); ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { +- ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), +- ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), +- ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), +- /* NB this should be a SET OF but we use a SEQUENCE OF so the +- * original order * is retained when the structure is reencoded. +- * Since the attributes are implicitly tagged this will not affect +- * the encoding. +- */ +- ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), +- ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), +- ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), +- ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) ++ ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), ++ ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), ++ /* NB this should be a SET OF but we use a SEQUENCE OF so the ++ * original order * is retained when the structure is reencoded. ++ * Since the attributes are implicitly tagged this will not affect ++ * the encoding. ++ */ ++ ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), ++ ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), ++ ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), ++ ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) + } ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) + + ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { +- ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), +- ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) ++ ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), ++ ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) + } ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + + ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { +- ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), +- ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), +- ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) ++ ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), ++ ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), ++ ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) + } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +@@ -142,73 +143,75 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) + /* Minor tweak to operation: free up X509 */ + static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_FREE_POST) { +- PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; +- X509_free(ri->cert); +- } +- return 1; ++ if (operation == ASN1_OP_FREE_POST) { ++ PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; ++ X509_free(ri->cert); ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { +- ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), +- ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), +- ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), +- ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), ++ ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), ++ ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) + + ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { +- ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), +- ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), +- ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) ++ ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), ++ ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), ++ ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) + } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) + + ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { +- ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), +- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), +- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), +- ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), +- ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), +- ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), +- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) ++ ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), ++ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), ++ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), ++ ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), ++ ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), ++ ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), ++ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) + } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) + + ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { +- ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), +- ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) ++ ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), ++ ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) + } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) + + ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { +- ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), +- ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), +- ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), +- ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), ++ ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), ++ ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), ++ ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) + } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) + + IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) + + /* Specials for authenticated attributes */ + +-/* When signing attributes we want to reorder them to match the sorted ++/* ++ * When signing attributes we want to reorder them to match the sorted + * encoding. + */ + +-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ++ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) + ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) + +-/* When verifying attributes we need to use the received order. So +- * we use SEQUENCE OF and tag it to SET OF ++/* ++ * When verifying attributes we need to use the received order. So we use ++ * SEQUENCE OF and tag it to SET OF + */ + +-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, +- V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) ++ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, ++ V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) + ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +index d549717..1fd65b5 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +@@ -1,6 +1,7 @@ + /* pk7_attr.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,77 +66,78 @@ + #include + #include + +-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) ++int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, ++ STACK_OF(X509_ALGOR) *cap) + { +- ASN1_STRING *seq; +- unsigned char *p, *pp; +- int len; +- len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR, +- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, +- IS_SEQUENCE); +- if(!(pp=(unsigned char *)OPENSSL_malloc(len))) { +- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- p=pp; +- i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, +- V_ASN1_UNIVERSAL, IS_SEQUENCE); +- if(!(seq = ASN1_STRING_new())) { +- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if(!ASN1_STRING_set (seq, pp, len)) { +- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- OPENSSL_free (pp); +- return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, +- V_ASN1_SEQUENCE, seq); ++ ASN1_STRING *seq; ++ unsigned char *p, *pp; ++ int len; ++ len = i2d_ASN1_SET_OF_X509_ALGOR(cap, NULL, i2d_X509_ALGOR, ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, ++ IS_SEQUENCE); ++ if (!(pp = (unsigned char *)OPENSSL_malloc(len))) { ++ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ p = pp; ++ i2d_ASN1_SET_OF_X509_ALGOR(cap, &p, i2d_X509_ALGOR, V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, IS_SEQUENCE); ++ if (!(seq = ASN1_STRING_new())) { ++ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!ASN1_STRING_set(seq, pp, len)) { ++ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ OPENSSL_free(pp); ++ return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, ++ V_ASN1_SEQUENCE, seq); + } + + STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) +- { +- ASN1_TYPE *cap; +- const unsigned char *p; ++{ ++ ASN1_TYPE *cap; ++ const unsigned char *p; + +- cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); +- if (!cap || (cap->type != V_ASN1_SEQUENCE)) +- return NULL; +- p = cap->value.sequence->data; +- return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, +- cap->value.sequence->length, +- d2i_X509_ALGOR, X509_ALGOR_free, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +- } ++ cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); ++ if (!cap || (cap->type != V_ASN1_SEQUENCE)) ++ return NULL; ++ p = cap->value.sequence->data; ++ return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, ++ cap->value.sequence->length, ++ d2i_X509_ALGOR, X509_ALGOR_free, ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); ++} + + /* Basic smime-capabilities OID and optional integer arg */ + int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) + { +- X509_ALGOR *alg; ++ X509_ALGOR *alg; + +- if(!(alg = X509_ALGOR_new())) { +- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ASN1_OBJECT_free(alg->algorithm); +- alg->algorithm = OBJ_nid2obj (nid); +- if (arg > 0) { +- ASN1_INTEGER *nbit; +- if(!(alg->parameter = ASN1_TYPE_new())) { +- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if(!(nbit = ASN1_INTEGER_new())) { +- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if(!ASN1_INTEGER_set (nbit, arg)) { +- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- alg->parameter->value.integer = nbit; +- alg->parameter->type = V_ASN1_INTEGER; +- } +- sk_X509_ALGOR_push (sk, alg); +- return 1; ++ if (!(alg = X509_ALGOR_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ASN1_OBJECT_free(alg->algorithm); ++ alg->algorithm = OBJ_nid2obj(nid); ++ if (arg > 0) { ++ ASN1_INTEGER *nbit; ++ if (!(alg->parameter = ASN1_TYPE_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!(nbit = ASN1_INTEGER_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!ASN1_INTEGER_set(nbit, arg)) { ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ alg->parameter->value.integer = nbit; ++ alg->parameter->type = V_ASN1_INTEGER; ++ } ++ sk_X509_ALGOR_push(sk, alg); ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +index 8b3024e..db134dd 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,1113 +65,1104 @@ + #include + + static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, +- void *value); ++ void *value); + static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); + +-static int PKCS7_type_is_other(PKCS7* p7) +- { +- int isOther=1; +- +- int nid=OBJ_obj2nid(p7->type); +- +- switch( nid ) +- { +- case NID_pkcs7_data: +- case NID_pkcs7_signed: +- case NID_pkcs7_enveloped: +- case NID_pkcs7_signedAndEnveloped: +- case NID_pkcs7_digest: +- case NID_pkcs7_encrypted: +- isOther=0; +- break; +- default: +- isOther=1; +- } +- +- return isOther; +- +- } ++static int PKCS7_type_is_other(PKCS7 *p7) ++{ ++ int isOther = 1; ++ ++ int nid = OBJ_obj2nid(p7->type); ++ ++ switch (nid) { ++ case NID_pkcs7_data: ++ case NID_pkcs7_signed: ++ case NID_pkcs7_enveloped: ++ case NID_pkcs7_signedAndEnveloped: ++ case NID_pkcs7_digest: ++ case NID_pkcs7_encrypted: ++ isOther = 0; ++ break; ++ default: ++ isOther = 1; ++ } ++ ++ return isOther; ++ ++} + + static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) +- { +- if ( PKCS7_type_is_data(p7)) +- return p7->d.data; +- if ( PKCS7_type_is_other(p7) && p7->d.other +- && (p7->d.other->type == V_ASN1_OCTET_STRING)) +- return p7->d.other->value.octet_string; +- return NULL; +- } ++{ ++ if (PKCS7_type_is_data(p7)) ++ return p7->d.data; ++ if (PKCS7_type_is_other(p7) && p7->d.other ++ && (p7->d.other->type == V_ASN1_OCTET_STRING)) ++ return p7->d.other->value.octet_string; ++ return NULL; ++} + + static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) +- { +- BIO *btmp; +- const EVP_MD *md; +- if ((btmp=BIO_new(BIO_f_md())) == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); +- goto err; +- } +- +- md=EVP_get_digestbyobj(alg->algorithm); +- if (md == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); +- goto err; +- } +- +- BIO_set_md(btmp,md); +- if (*pbio == NULL) +- *pbio=btmp; +- else if (!BIO_push(*pbio,btmp)) +- { +- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); +- goto err; +- } +- btmp=NULL; +- +- return 1; +- +- err: +- if (btmp) +- BIO_free(btmp); +- return 0; +- +- } ++{ ++ BIO *btmp; ++ const EVP_MD *md; ++ if ((btmp = BIO_new(BIO_f_md())) == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); ++ goto err; ++ } ++ ++ md = EVP_get_digestbyobj(alg->algorithm); ++ if (md == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE); ++ goto err; ++ } ++ ++ BIO_set_md(btmp, md); ++ if (*pbio == NULL) ++ *pbio = btmp; ++ else if (!BIO_push(*pbio, btmp)) { ++ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB); ++ goto err; ++ } ++ btmp = NULL; ++ ++ return 1; ++ ++ err: ++ if (btmp) ++ BIO_free(btmp); ++ return 0; ++ ++} + + BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) +- { +- int i; +- BIO *out=NULL,*btmp=NULL; +- X509_ALGOR *xa = NULL; +- const EVP_CIPHER *evp_cipher=NULL; +- STACK_OF(X509_ALGOR) *md_sk=NULL; +- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; +- X509_ALGOR *xalg=NULL; +- PKCS7_RECIP_INFO *ri=NULL; +- EVP_PKEY *pkey; +- ASN1_OCTET_STRING *os=NULL; +- +- i=OBJ_obj2nid(p7->type); +- p7->state=PKCS7_S_HEADER; +- +- switch (i) +- { +- case NID_pkcs7_signed: +- md_sk=p7->d.sign->md_algs; +- os = PKCS7_get_octet_string(p7->d.sign->contents); +- break; +- case NID_pkcs7_signedAndEnveloped: +- rsk=p7->d.signed_and_enveloped->recipientinfo; +- md_sk=p7->d.signed_and_enveloped->md_algs; +- xalg=p7->d.signed_and_enveloped->enc_data->algorithm; +- evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; +- if (evp_cipher == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, +- PKCS7_R_CIPHER_NOT_INITIALIZED); +- goto err; +- } +- break; +- case NID_pkcs7_enveloped: +- rsk=p7->d.enveloped->recipientinfo; +- xalg=p7->d.enveloped->enc_data->algorithm; +- evp_cipher=p7->d.enveloped->enc_data->cipher; +- if (evp_cipher == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, +- PKCS7_R_CIPHER_NOT_INITIALIZED); +- goto err; +- } +- break; +- case NID_pkcs7_digest: +- xa = p7->d.digest->md; +- os = PKCS7_get_octet_string(p7->d.digest->contents); +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); +- goto err; +- } +- +- for (i=0; ialgorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); +- if (ivlen > 0) +- if (RAND_pseudo_bytes(iv,ivlen) <= 0) +- goto err; +- if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) +- goto err; +- if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) +- goto err; +- if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) +- goto err; +- +- if (ivlen > 0) { +- if (xalg->parameter == NULL) { +- xalg->parameter = ASN1_TYPE_new(); +- if (xalg->parameter == NULL) +- goto err; +- } +- if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) +- goto err; +- } +- +- /* Lets do the pub key stuff :-) */ +- max=0; +- for (i=0; icert == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); +- goto err; +- } +- if ((pkey=X509_get_pubkey(ri->cert)) == NULL) +- goto err; +- jj=EVP_PKEY_size(pkey); +- EVP_PKEY_free(pkey); +- if (max < jj) max=jj; +- } +- if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- for (i=0; icert)) == NULL) +- goto err; +- jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); +- EVP_PKEY_free(pkey); +- if (jj <= 0) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); +- OPENSSL_free(tmp); +- goto err; +- } +- if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj)) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAINIT, +- ERR_R_MALLOC_FAILURE); +- OPENSSL_free(tmp); +- goto err; +- } +- } +- OPENSSL_free(tmp); +- OPENSSL_cleanse(key, keylen); +- +- if (out == NULL) +- out=btmp; +- else +- BIO_push(out,btmp); +- btmp=NULL; +- } +- +- if (bio == NULL) +- { +- if (PKCS7_is_detached(p7)) +- bio=BIO_new(BIO_s_null()); +- else if (os && os->length > 0) +- bio = BIO_new_mem_buf(os->data, os->length); +- if(bio == NULL) +- { +- bio=BIO_new(BIO_s_mem()); +- if (bio == NULL) +- goto err; +- BIO_set_mem_eof_return(bio,0); +- } +- } +- BIO_push(out,bio); +- bio=NULL; +- if (0) +- { +-err: +- if (out != NULL) +- BIO_free_all(out); +- if (btmp != NULL) +- BIO_free_all(btmp); +- out=NULL; +- } +- return(out); +- } ++{ ++ int i; ++ BIO *out = NULL, *btmp = NULL; ++ X509_ALGOR *xa = NULL; ++ const EVP_CIPHER *evp_cipher = NULL; ++ STACK_OF(X509_ALGOR) *md_sk = NULL; ++ STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; ++ X509_ALGOR *xalg = NULL; ++ PKCS7_RECIP_INFO *ri = NULL; ++ EVP_PKEY *pkey; ++ ASN1_OCTET_STRING *os = NULL; ++ ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); ++ return NULL; ++ } ++ /* ++ * The content field in the PKCS7 ContentInfo is optional, but that really ++ * only applies to inner content (precisely, detached signatures). ++ * ++ * When reading content, missing outer content is therefore treated as an ++ * error. ++ * ++ * When creating content, PKCS7_content_new() must be called before ++ * calling this method, so a NULL p7->d is always an error. ++ */ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); ++ return NULL; ++ } ++ ++ i = OBJ_obj2nid(p7->type); ++ p7->state = PKCS7_S_HEADER; ++ ++ switch (i) { ++ case NID_pkcs7_signed: ++ md_sk = p7->d.sign->md_algs; ++ os = PKCS7_get_octet_string(p7->d.sign->contents); ++ break; ++ case NID_pkcs7_signedAndEnveloped: ++ rsk = p7->d.signed_and_enveloped->recipientinfo; ++ md_sk = p7->d.signed_and_enveloped->md_algs; ++ xalg = p7->d.signed_and_enveloped->enc_data->algorithm; ++ evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; ++ if (evp_cipher == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED); ++ goto err; ++ } ++ break; ++ case NID_pkcs7_enveloped: ++ rsk = p7->d.enveloped->recipientinfo; ++ xalg = p7->d.enveloped->enc_data->algorithm; ++ evp_cipher = p7->d.enveloped->enc_data->cipher; ++ if (evp_cipher == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED); ++ goto err; ++ } ++ break; ++ case NID_pkcs7_digest: ++ xa = p7->d.digest->md; ++ os = PKCS7_get_octet_string(p7->d.digest->contents); ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); ++ goto err; ++ } ++ ++ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) ++ if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) ++ goto err; ++ ++ if (xa && !PKCS7_bio_add_digest(&out, xa)) ++ goto err; ++ ++ if (evp_cipher != NULL) { ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ int keylen, ivlen; ++ int jj, max; ++ unsigned char *tmp; ++ EVP_CIPHER_CTX *ctx; ++ ++ if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB); ++ goto err; ++ } ++ BIO_get_cipher_ctx(btmp, &ctx); ++ keylen = EVP_CIPHER_key_length(evp_cipher); ++ ivlen = EVP_CIPHER_iv_length(evp_cipher); ++ xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); ++ if (ivlen > 0) ++ if (RAND_pseudo_bytes(iv, ivlen) <= 0) ++ goto err; ++ if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0) ++ goto err; ++ if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) ++ goto err; ++ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) ++ goto err; ++ ++ if (ivlen > 0) { ++ if (xalg->parameter == NULL) { ++ xalg->parameter = ASN1_TYPE_new(); ++ if (xalg->parameter == NULL) ++ goto err; ++ } ++ if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) ++ goto err; ++ } ++ ++ /* Lets do the pub key stuff :-) */ ++ max = 0; ++ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ++ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); ++ if (ri->cert == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ++ PKCS7_R_MISSING_CERIPEND_INFO); ++ goto err; ++ } ++ if ((pkey = X509_get_pubkey(ri->cert)) == NULL) ++ goto err; ++ jj = EVP_PKEY_size(pkey); ++ EVP_PKEY_free(pkey); ++ if (max < jj) ++ max = jj; ++ } ++ if ((tmp = (unsigned char *)OPENSSL_malloc(max)) == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ++ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); ++ if ((pkey = X509_get_pubkey(ri->cert)) == NULL) ++ goto err; ++ jj = EVP_PKEY_encrypt(tmp, key, keylen, pkey); ++ EVP_PKEY_free(pkey); ++ if (jj <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_EVP_LIB); ++ OPENSSL_free(tmp); ++ goto err; ++ } ++ if (!M_ASN1_OCTET_STRING_set(ri->enc_key, tmp, jj)) { ++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(tmp); ++ goto err; ++ } ++ } ++ OPENSSL_free(tmp); ++ OPENSSL_cleanse(key, keylen); ++ ++ if (out == NULL) ++ out = btmp; ++ else ++ BIO_push(out, btmp); ++ btmp = NULL; ++ } ++ ++ if (bio == NULL) { ++ if (PKCS7_is_detached(p7)) ++ bio = BIO_new(BIO_s_null()); ++ else if (os && os->length > 0) ++ bio = BIO_new_mem_buf(os->data, os->length); ++ if (bio == NULL) { ++ bio = BIO_new(BIO_s_mem()); ++ if (bio == NULL) ++ goto err; ++ BIO_set_mem_eof_return(bio, 0); ++ } ++ } ++ BIO_push(out, bio); ++ bio = NULL; ++ if (0) { ++ err: ++ if (out != NULL) ++ BIO_free_all(out); ++ if (btmp != NULL) ++ BIO_free_all(btmp); ++ out = NULL; ++ } ++ return (out); ++} + + static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) +- { +- int ret; +- ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, +- pcert->cert_info->issuer); +- if (ret) +- return ret; +- return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, +- ri->issuer_and_serial->serial); +- } ++{ ++ int ret; ++ ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, ++ pcert->cert_info->issuer); ++ if (ret) ++ return ret; ++ return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, ++ ri->issuer_and_serial->serial); ++} + + /* int */ + BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) +- { +- int i,j; +- BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; +- unsigned char *tmp=NULL; +- X509_ALGOR *xa; +- ASN1_OCTET_STRING *data_body=NULL; +- const EVP_MD *evp_md; +- const EVP_CIPHER *evp_cipher=NULL; +- EVP_CIPHER_CTX *evp_ctx=NULL; +- X509_ALGOR *enc_alg=NULL; +- STACK_OF(X509_ALGOR) *md_sk=NULL; +- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; +- PKCS7_RECIP_INFO *ri=NULL; +- +- i=OBJ_obj2nid(p7->type); +- p7->state=PKCS7_S_HEADER; +- +- switch (i) +- { +- case NID_pkcs7_signed: +- data_body=PKCS7_get_octet_string(p7->d.sign->contents); +- md_sk=p7->d.sign->md_algs; +- break; +- case NID_pkcs7_signedAndEnveloped: +- rsk=p7->d.signed_and_enveloped->recipientinfo; +- md_sk=p7->d.signed_and_enveloped->md_algs; +- data_body=p7->d.signed_and_enveloped->enc_data->enc_data; +- enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; +- evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); +- if (evp_cipher == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); +- goto err; +- } +- break; +- case NID_pkcs7_enveloped: +- rsk=p7->d.enveloped->recipientinfo; +- enc_alg=p7->d.enveloped->enc_data->algorithm; +- data_body=p7->d.enveloped->enc_data->enc_data; +- evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); +- if (evp_cipher == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); +- goto err; +- } +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); +- goto err; +- } +- +- /* We will be checking the signature */ +- if (md_sk != NULL) +- { +- for (i=0; ialgorithm); +- evp_md=EVP_get_digestbynid(j); +- if (evp_md == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); +- goto err; +- } +- +- BIO_set_md(btmp,evp_md); +- if (out == NULL) +- out=btmp; +- else +- BIO_push(out,btmp); +- btmp=NULL; +- } +- } +- +- if (evp_cipher != NULL) +- { ++{ ++ int i, j; ++ BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; ++ unsigned char *tmp = NULL; ++ X509_ALGOR *xa; ++ ASN1_OCTET_STRING *data_body = NULL; ++ const EVP_MD *evp_md; ++ const EVP_CIPHER *evp_cipher = NULL; ++ EVP_CIPHER_CTX *evp_ctx = NULL; ++ X509_ALGOR *enc_alg = NULL; ++ STACK_OF(X509_ALGOR) *md_sk = NULL; ++ STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; ++ PKCS7_RECIP_INFO *ri = NULL; ++ ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); ++ return NULL; ++ } ++ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); ++ return NULL; ++ } ++ ++ i = OBJ_obj2nid(p7->type); ++ p7->state = PKCS7_S_HEADER; ++ ++ switch (i) { ++ case NID_pkcs7_signed: ++ data_body = PKCS7_get_octet_string(p7->d.sign->contents); ++ md_sk = p7->d.sign->md_algs; ++ break; ++ case NID_pkcs7_signedAndEnveloped: ++ rsk = p7->d.signed_and_enveloped->recipientinfo; ++ md_sk = p7->d.signed_and_enveloped->md_algs; ++ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; ++ enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; ++ evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); ++ if (evp_cipher == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ++ PKCS7_R_UNSUPPORTED_CIPHER_TYPE); ++ goto err; ++ } ++ break; ++ case NID_pkcs7_enveloped: ++ rsk = p7->d.enveloped->recipientinfo; ++ enc_alg = p7->d.enveloped->enc_data->algorithm; ++ data_body = p7->d.enveloped->enc_data->enc_data; ++ evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); ++ if (evp_cipher == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ++ PKCS7_R_UNSUPPORTED_CIPHER_TYPE); ++ goto err; ++ } ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); ++ goto err; ++ } ++ ++ /* We will be checking the signature */ ++ if (md_sk != NULL) { ++ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { ++ xa = sk_X509_ALGOR_value(md_sk, i); ++ if ((btmp = BIO_new(BIO_f_md())) == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); ++ goto err; ++ } ++ ++ j = OBJ_obj2nid(xa->algorithm); ++ evp_md = EVP_get_digestbynid(j); ++ if (evp_md == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ++ PKCS7_R_UNKNOWN_DIGEST_TYPE); ++ goto err; ++ } ++ ++ BIO_set_md(btmp, evp_md); ++ if (out == NULL) ++ out = btmp; ++ else ++ BIO_push(out, btmp); ++ btmp = NULL; ++ } ++ } ++ ++ if (evp_cipher != NULL) { + #if 0 +- unsigned char key[EVP_MAX_KEY_LENGTH]; +- unsigned char iv[EVP_MAX_IV_LENGTH]; +- unsigned char *p; +- int keylen,ivlen; +- int max; +- X509_OBJECT ret; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ unsigned char *p; ++ int keylen, ivlen; ++ int max; ++ X509_OBJECT ret; + #endif +- unsigned char *tkey = NULL; +- int tkeylen; +- int jj; +- +- if ((etmp=BIO_new(BIO_f_cipher())) == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); +- goto err; +- } +- +- /* It was encrypted, we need to decrypt the secret key +- * with the private key */ +- +- /* Find the recipientInfo which matches the passed certificate +- * (if any) +- */ +- +- if (pcert) { +- for (i=0; ienc_key), +- M_ASN1_STRING_length(ri->enc_key), +- pkey); +- if (tret > 0) +- { +- memcpy(tmp, tmp2, tret); +- OPENSSL_cleanse(tmp2, tret); +- jj = tret; +- } +- ERR_clear_error(); +- } +- OPENSSL_free(tmp2); +- } +- else +- { +- jj=EVP_PKEY_decrypt(tmp, +- M_ASN1_STRING_data(ri->enc_key), +- M_ASN1_STRING_length(ri->enc_key), pkey); +- ERR_clear_error(); +- } +- +- evp_ctx=NULL; +- BIO_get_cipher_ctx(etmp,&evp_ctx); +- if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) +- goto err; +- if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) +- goto err; +- /* Generate random key to counter MMA */ +- tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); +- tkey = OPENSSL_malloc(tkeylen); +- if (!tkey) +- goto err; +- if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) +- goto err; +- /* If we have no key use random key */ +- if (jj <= 0) +- { +- OPENSSL_free(tmp); +- jj = tkeylen; +- tmp = tkey; +- tkey = NULL; +- } +- +- if (jj != tkeylen) { +- /* Some S/MIME clients don't use the same key +- * and effective key length. The key length is +- * determined by the size of the decrypted RSA key. +- */ +- if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) +- { +- /* As MMA defence use random key instead */ +- OPENSSL_cleanse(tmp, jj); +- OPENSSL_free(tmp); +- jj = tkeylen; +- tmp = tkey; +- tkey = NULL; +- } +- } +- ERR_clear_error(); +- if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) +- goto err; +- +- OPENSSL_cleanse(tmp,jj); +- +- if (tkey) +- { +- OPENSSL_cleanse(tkey, tkeylen); +- OPENSSL_free(tkey); +- } +- +- if (out == NULL) +- out=etmp; +- else +- BIO_push(out,etmp); +- etmp=NULL; +- } +- ++ unsigned char *tkey = NULL; ++ int tkeylen; ++ int jj; ++ ++ if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); ++ goto err; ++ } ++ ++ /* ++ * It was encrypted, we need to decrypt the secret key with the ++ * private key ++ */ ++ ++ /* ++ * Find the recipientInfo which matches the passed certificate (if ++ * any) ++ */ ++ ++ if (pcert) { ++ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ++ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); ++ if (!pkcs7_cmp_ri(ri, pcert)) ++ break; ++ ri = NULL; ++ } ++ if (ri == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ++ PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); ++ goto err; ++ } ++ } ++ ++ jj = EVP_PKEY_size(pkey); ++ tmp = (unsigned char *)OPENSSL_malloc(jj + 10); ++ if (tmp == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* If we haven't got a certificate try each ri in turn */ ++ ++ if (pcert == NULL) { ++ /* ++ * Temporary storage in case EVP_PKEY_decrypt overwrites output ++ * buffer on error. ++ */ ++ unsigned char *tmp2; ++ tmp2 = OPENSSL_malloc(jj); ++ if (!tmp2) ++ goto err; ++ jj = -1; ++ /* ++ * Always attempt to decrypt all cases to avoid leaking timing ++ * information about a successful decrypt. ++ */ ++ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { ++ int tret; ++ ri = sk_PKCS7_RECIP_INFO_value(rsk, i); ++ tret = EVP_PKEY_decrypt(tmp2, ++ M_ASN1_STRING_data(ri->enc_key), ++ M_ASN1_STRING_length(ri->enc_key), ++ pkey); ++ if (tret > 0) { ++ memcpy(tmp, tmp2, tret); ++ OPENSSL_cleanse(tmp2, tret); ++ jj = tret; ++ } ++ ERR_clear_error(); ++ } ++ OPENSSL_free(tmp2); ++ } else { ++ jj = EVP_PKEY_decrypt(tmp, ++ M_ASN1_STRING_data(ri->enc_key), ++ M_ASN1_STRING_length(ri->enc_key), pkey); ++ ERR_clear_error(); ++ } ++ ++ evp_ctx = NULL; ++ BIO_get_cipher_ctx(etmp, &evp_ctx); ++ if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0) ++ goto err; ++ if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) ++ goto err; ++ /* Generate random key to counter MMA */ ++ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); ++ tkey = OPENSSL_malloc(tkeylen); ++ if (!tkey) ++ goto err; ++ if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) ++ goto err; ++ /* If we have no key use random key */ ++ if (jj <= 0) { ++ OPENSSL_free(tmp); ++ jj = tkeylen; ++ tmp = tkey; ++ tkey = NULL; ++ } ++ ++ if (jj != tkeylen) { ++ /* ++ * Some S/MIME clients don't use the same key and effective key ++ * length. The key length is determined by the size of the ++ * decrypted RSA key. ++ */ ++ if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) { ++ /* As MMA defence use random key instead */ ++ OPENSSL_cleanse(tmp, jj); ++ OPENSSL_free(tmp); ++ jj = tkeylen; ++ tmp = tkey; ++ tkey = NULL; ++ } ++ } ++ ERR_clear_error(); ++ if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, tmp, NULL, 0) <= 0) ++ goto err; ++ ++ OPENSSL_cleanse(tmp, jj); ++ ++ if (tkey) { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ } ++ ++ if (out == NULL) ++ out = etmp; ++ else ++ BIO_push(out, etmp); ++ etmp = NULL; ++ } + #if 1 +- if (PKCS7_is_detached(p7) || (in_bio != NULL)) +- { +- bio=in_bio; +- } +- else +- { +-#if 0 +- bio=BIO_new(BIO_s_mem()); +- /* We need to set this so that when we have read all +- * the data, the encrypt BIO, if present, will read +- * EOF and encode the last few bytes */ +- BIO_set_mem_eof_return(bio,0); +- +- if (data_body->length > 0) +- BIO_write(bio,(char *)data_body->data,data_body->length); +-#else +- if (data_body->length > 0) +- bio = BIO_new_mem_buf(data_body->data,data_body->length); +- else { +- bio=BIO_new(BIO_s_mem()); +- BIO_set_mem_eof_return(bio,0); +- } +- if (bio == NULL) +- goto err; +-#endif +- } +- BIO_push(out,bio); +- bio=NULL; ++ if (PKCS7_is_detached(p7) || (in_bio != NULL)) { ++ bio = in_bio; ++ } else { ++# if 0 ++ bio = BIO_new(BIO_s_mem()); ++ /* ++ * We need to set this so that when we have read all the data, the ++ * encrypt BIO, if present, will read EOF and encode the last few ++ * bytes ++ */ ++ BIO_set_mem_eof_return(bio, 0); ++ ++ if (data_body->length > 0) ++ BIO_write(bio, (char *)data_body->data, data_body->length); ++# else ++ if (data_body->length > 0) ++ bio = BIO_new_mem_buf(data_body->data, data_body->length); ++ else { ++ bio = BIO_new(BIO_s_mem()); ++ BIO_set_mem_eof_return(bio, 0); ++ } ++ if (bio == NULL) ++ goto err; ++# endif ++ } ++ BIO_push(out, bio); ++ bio = NULL; + #endif +- if (0) +- { +-err: +- if (out != NULL) BIO_free_all(out); +- if (btmp != NULL) BIO_free_all(btmp); +- if (etmp != NULL) BIO_free_all(etmp); +- if (bio != NULL) BIO_free_all(bio); +- out=NULL; +- } +- if (tmp != NULL) +- OPENSSL_free(tmp); +- return(out); +- } ++ if (0) { ++ err: ++ if (out != NULL) ++ BIO_free_all(out); ++ if (btmp != NULL) ++ BIO_free_all(btmp); ++ if (etmp != NULL) ++ BIO_free_all(etmp); ++ if (bio != NULL) ++ BIO_free_all(bio); ++ out = NULL; ++ } ++ if (tmp != NULL) ++ OPENSSL_free(tmp); ++ return (out); ++} + + static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) +- { +- for (;;) +- { +- bio=BIO_find_type(bio,BIO_TYPE_MD); +- if (bio == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); +- return NULL; +- } +- BIO_get_md_ctx(bio,pmd); +- if (*pmd == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); +- return NULL; +- } +- if (EVP_MD_CTX_type(*pmd) == nid) +- return bio; +- bio=BIO_next(bio); +- } +- return NULL; +- } ++{ ++ for (;;) { ++ bio = BIO_find_type(bio, BIO_TYPE_MD); ++ if (bio == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ++ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); ++ return NULL; ++ } ++ BIO_get_md_ctx(bio, pmd); ++ if (*pmd == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR); ++ return NULL; ++ } ++ if (EVP_MD_CTX_type(*pmd) == nid) ++ return bio; ++ bio = BIO_next(bio); ++ } ++ return NULL; ++} + + int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) +- { +- int ret=0; +- int i,j; +- BIO *btmp; +- BUF_MEM *buf_mem=NULL; +- BUF_MEM *buf=NULL; +- PKCS7_SIGNER_INFO *si; +- EVP_MD_CTX *mdc,ctx_tmp; +- STACK_OF(X509_ATTRIBUTE) *sk; +- STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; +- ASN1_OCTET_STRING *os=NULL; +- +- EVP_MD_CTX_init(&ctx_tmp); +- i=OBJ_obj2nid(p7->type); +- p7->state=PKCS7_S_HEADER; +- +- switch (i) +- { +- case NID_pkcs7_signedAndEnveloped: +- /* XXXXXXXXXXXXXXXX */ +- si_sk=p7->d.signed_and_enveloped->signer_info; +- if (!(os=M_ASN1_OCTET_STRING_new())) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p7->d.signed_and_enveloped->enc_data->enc_data=os; +- break; +- case NID_pkcs7_enveloped: +- /* XXXXXXXXXXXXXXXX */ +- if (!(os=M_ASN1_OCTET_STRING_new())) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- p7->d.enveloped->enc_data->enc_data=os; +- break; +- case NID_pkcs7_signed: +- si_sk=p7->d.sign->signer_info; +- os=PKCS7_get_octet_string(p7->d.sign->contents); +- /* If detached data then the content is excluded */ +- if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { +- M_ASN1_OCTET_STRING_free(os); +- p7->d.sign->contents->d.data = NULL; +- } +- break; +- +- case NID_pkcs7_digest: +- os=PKCS7_get_octet_string(p7->d.digest->contents); +- /* If detached data then the content is excluded */ +- if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) +- { +- M_ASN1_OCTET_STRING_free(os); +- p7->d.digest->contents->d.data = NULL; +- } +- break; +- +- } +- +- if (si_sk != NULL) +- { +- if ((buf=BUF_MEM_new()) == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); +- goto err; +- } +- for (i=0; ipkey == NULL) continue; +- +- j=OBJ_obj2nid(si->digest_alg->algorithm); +- +- btmp=bio; +- +- btmp = PKCS7_find_digest(&mdc, btmp, j); +- +- if (btmp == NULL) +- goto err; +- +- /* We now have the EVP_MD_CTX, lets do the +- * signing. */ +- EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); +- if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey))) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB); +- goto err; +- } +- +- sk=si->auth_attr; +- +- /* If there are attributes, we add the digest +- * attribute and only sign the attributes */ +- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) +- { +- unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL; +- unsigned int md_len, alen; +- ASN1_OCTET_STRING *digest; +- ASN1_UTCTIME *sign_time; +- const EVP_MD *md_tmp; +- +- /* Add signing time if not already present */ +- if (!PKCS7_get_signed_attribute(si, +- NID_pkcs9_signingTime)) +- { +- if (!(sign_time=X509_gmtime_adj(NULL,0))) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!PKCS7_add_signed_attribute(si, +- NID_pkcs9_signingTime, +- V_ASN1_UTCTIME,sign_time)) +- { +- M_ASN1_UTCTIME_free(sign_time); +- goto err; +- } +- } +- +- /* Add digest */ +- md_tmp=EVP_MD_CTX_md(&ctx_tmp); +- EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); +- if (!(digest=M_ASN1_OCTET_STRING_new())) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!M_ASN1_OCTET_STRING_set(digest,md_data, +- md_len)) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, +- ERR_R_MALLOC_FAILURE); +- M_ASN1_OCTET_STRING_free(digest); +- goto err; +- } +- if (!PKCS7_add_signed_attribute(si, +- NID_pkcs9_messageDigest, +- V_ASN1_OCTET_STRING,digest)) +- { +- M_ASN1_OCTET_STRING_free(digest); +- goto err; +- } +- +- /* Now sign the attributes */ +- EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); +- alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf, +- ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); +- if(!abuf) goto err; +- EVP_SignUpdate(&ctx_tmp,abuf,alen); +- OPENSSL_free(abuf); +- } +- ++{ ++ int ret = 0; ++ int i, j; ++ BIO *btmp; ++ BUF_MEM *buf_mem = NULL; ++ BUF_MEM *buf = NULL; ++ PKCS7_SIGNER_INFO *si; ++ EVP_MD_CTX *mdc, ctx_tmp; ++ STACK_OF(X509_ATTRIBUTE) *sk; ++ STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; ++ ASN1_OCTET_STRING *os = NULL; ++ ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); ++ return 0; ++ } ++ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); ++ return 0; ++ } ++ ++ EVP_MD_CTX_init(&ctx_tmp); ++ i = OBJ_obj2nid(p7->type); ++ p7->state = PKCS7_S_HEADER; ++ ++ switch (i) { ++ case NID_pkcs7_signedAndEnveloped: ++ /* XXXXXXXXXXXXXXXX */ ++ si_sk = p7->d.signed_and_enveloped->signer_info; ++ if (!(os = M_ASN1_OCTET_STRING_new())) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p7->d.signed_and_enveloped->enc_data->enc_data = os; ++ break; ++ case NID_pkcs7_enveloped: ++ /* XXXXXXXXXXXXXXXX */ ++ if (!(os = M_ASN1_OCTET_STRING_new())) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ p7->d.enveloped->enc_data->enc_data = os; ++ break; ++ case NID_pkcs7_signed: ++ si_sk = p7->d.sign->signer_info; ++ os = PKCS7_get_octet_string(p7->d.sign->contents); ++ /* If detached data then the content is excluded */ ++ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { ++ M_ASN1_OCTET_STRING_free(os); ++ os = NULL; ++ p7->d.sign->contents->d.data = NULL; ++ } ++ break; ++ ++ case NID_pkcs7_digest: ++ os = PKCS7_get_octet_string(p7->d.digest->contents); ++ /* If detached data then the content is excluded */ ++ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { ++ M_ASN1_OCTET_STRING_free(os); ++ os = NULL; ++ p7->d.digest->contents->d.data = NULL; ++ } ++ break; ++ ++ } ++ ++ if (si_sk != NULL) { ++ if ((buf = BUF_MEM_new()) == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB); ++ goto err; ++ } ++ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { ++ si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); ++ if (si->pkey == NULL) ++ continue; ++ ++ j = OBJ_obj2nid(si->digest_alg->algorithm); ++ ++ btmp = bio; ++ ++ btmp = PKCS7_find_digest(&mdc, btmp, j); ++ ++ if (btmp == NULL) ++ goto err; ++ ++ /* ++ * We now have the EVP_MD_CTX, lets do the signing. ++ */ ++ EVP_MD_CTX_copy_ex(&ctx_tmp, mdc); ++ if (!BUF_MEM_grow_clean(buf, EVP_PKEY_size(si->pkey))) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB); ++ goto err; ++ } ++ ++ sk = si->auth_attr; ++ ++ /* ++ * If there are attributes, we add the digest attribute and only ++ * sign the attributes ++ */ ++ if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { ++ unsigned char md_data[EVP_MAX_MD_SIZE], *abuf = NULL; ++ unsigned int md_len, alen; ++ ASN1_OCTET_STRING *digest; ++ ASN1_UTCTIME *sign_time; ++ const EVP_MD *md_tmp; ++ ++ /* Add signing time if not already present */ ++ if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { ++ if (!(sign_time = X509_gmtime_adj(NULL, 0))) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!PKCS7_add_signed_attribute(si, ++ NID_pkcs9_signingTime, ++ V_ASN1_UTCTIME, ++ sign_time)) { ++ M_ASN1_UTCTIME_free(sign_time); ++ goto err; ++ } ++ } ++ ++ /* Add digest */ ++ md_tmp = EVP_MD_CTX_md(&ctx_tmp); ++ EVP_DigestFinal_ex(&ctx_tmp, md_data, &md_len); ++ if (!(digest = M_ASN1_OCTET_STRING_new())) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!M_ASN1_OCTET_STRING_set(digest, md_data, md_len)) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); ++ M_ASN1_OCTET_STRING_free(digest); ++ goto err; ++ } ++ if (!PKCS7_add_signed_attribute(si, ++ NID_pkcs9_messageDigest, ++ V_ASN1_OCTET_STRING, digest)) ++ { ++ M_ASN1_OCTET_STRING_free(digest); ++ goto err; ++ } ++ ++ /* Now sign the attributes */ ++ EVP_SignInit_ex(&ctx_tmp, md_tmp, NULL); ++ alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, ++ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); ++ if (!abuf) ++ goto err; ++ EVP_SignUpdate(&ctx_tmp, abuf, alen); ++ OPENSSL_free(abuf); ++ } + #ifndef OPENSSL_NO_DSA +- if (si->pkey->type == EVP_PKEY_DSA) +- ctx_tmp.digest=EVP_dss1(); ++ if (si->pkey->type == EVP_PKEY_DSA) ++ ctx_tmp.digest = EVP_dss1(); + #endif + #ifndef OPENSSL_NO_ECDSA +- if (si->pkey->type == EVP_PKEY_EC) +- ctx_tmp.digest=EVP_ecdsa(); ++ if (si->pkey->type == EVP_PKEY_EC) ++ ctx_tmp.digest = EVP_ecdsa(); + #endif + +- if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, +- (unsigned int *)&buf->length,si->pkey)) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB); +- goto err; +- } +- if (!ASN1_STRING_set(si->enc_digest, +- (unsigned char *)buf->data,buf->length)) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB); +- goto err; +- } +- } +- } +- else if (i == NID_pkcs7_digest) +- { +- unsigned char md_data[EVP_MAX_MD_SIZE]; +- unsigned int md_len; +- if (!PKCS7_find_digest(&mdc, bio, +- OBJ_obj2nid(p7->d.digest->md->algorithm))) +- goto err; +- EVP_DigestFinal_ex(mdc,md_data,&md_len); +- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); +- } +- +- if (!PKCS7_is_detached(p7)) +- { +- btmp=BIO_find_type(bio,BIO_TYPE_MEM); +- if (btmp == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); +- goto err; +- } +- BIO_get_mem_ptr(btmp,&buf_mem); +- /* Mark the BIO read only then we can use its copy of the data +- * instead of making an extra copy. +- */ +- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); +- BIO_set_mem_eof_return(btmp, 0); +- os->data = (unsigned char *)buf_mem->data; +- os->length = buf_mem->length; ++ if (!EVP_SignFinal(&ctx_tmp, (unsigned char *)buf->data, ++ (unsigned int *)&buf->length, si->pkey)) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); ++ goto err; ++ } ++ if (!ASN1_STRING_set(si->enc_digest, ++ (unsigned char *)buf->data, buf->length)) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ } ++ } else if (i == NID_pkcs7_digest) { ++ unsigned char md_data[EVP_MAX_MD_SIZE]; ++ unsigned int md_len; ++ if (!PKCS7_find_digest(&mdc, bio, ++ OBJ_obj2nid(p7->d.digest->md->algorithm))) ++ goto err; ++ EVP_DigestFinal_ex(mdc, md_data, &md_len); ++ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); ++ } ++ ++ if (!PKCS7_is_detached(p7)) { ++ /* ++ * NOTE(emilia): I think we only reach os == NULL here because detached ++ * digested data support is broken. ++ */ ++ if (os == NULL) ++ goto err; ++ btmp = BIO_find_type(bio, BIO_TYPE_MEM); ++ if (btmp == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); ++ goto err; ++ } ++ BIO_get_mem_ptr(btmp, &buf_mem); ++ /* ++ * Mark the BIO read only then we can use its copy of the data ++ * instead of making an extra copy. ++ */ ++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); ++ BIO_set_mem_eof_return(btmp, 0); ++ os->data = (unsigned char *)buf_mem->data; ++ os->length = buf_mem->length; + #if 0 +- M_ASN1_OCTET_STRING_set(os, +- (unsigned char *)buf_mem->data,buf_mem->length); ++ M_ASN1_OCTET_STRING_set(os, ++ (unsigned char *)buf_mem->data, ++ buf_mem->length); + #endif +- } +- ret=1; +-err: +- EVP_MD_CTX_cleanup(&ctx_tmp); +- if (buf != NULL) BUF_MEM_free(buf); +- return(ret); +- } ++ } ++ ret = 1; ++ err: ++ EVP_MD_CTX_cleanup(&ctx_tmp); ++ if (buf != NULL) ++ BUF_MEM_free(buf); ++ return (ret); ++} + + int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, +- PKCS7 *p7, PKCS7_SIGNER_INFO *si) +- { +- PKCS7_ISSUER_AND_SERIAL *ias; +- int ret=0,i; +- STACK_OF(X509) *cert; +- X509 *x509; +- +- if (PKCS7_type_is_signed(p7)) +- { +- cert=p7->d.sign->cert; +- } +- else if (PKCS7_type_is_signedAndEnveloped(p7)) +- { +- cert=p7->d.signed_and_enveloped->cert; +- } +- else +- { +- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); +- goto err; +- } +- /* XXXXXXXXXXXXXXXXXXXXXXX */ +- ias=si->issuer_and_serial; +- +- x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); +- +- /* were we able to find the cert in passed to us */ +- if (x509 == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); +- goto err; +- } +- +- /* Lets verify */ +- if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); +- goto err; +- } +- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); +- i=X509_verify_cert(ctx); +- if (i <= 0) +- { +- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); +- X509_STORE_CTX_cleanup(ctx); +- goto err; +- } +- X509_STORE_CTX_cleanup(ctx); +- +- return PKCS7_signatureVerify(bio, p7, si, x509); +- err: +- return ret; +- } ++ PKCS7 *p7, PKCS7_SIGNER_INFO *si) ++{ ++ PKCS7_ISSUER_AND_SERIAL *ias; ++ int ret = 0, i; ++ STACK_OF(X509) *cert; ++ X509 *x509; ++ ++ if (p7 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); ++ return 0; ++ } ++ ++ if (p7->d.ptr == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); ++ return 0; ++ } ++ ++ if (PKCS7_type_is_signed(p7)) { ++ cert = p7->d.sign->cert; ++ } else if (PKCS7_type_is_signedAndEnveloped(p7)) { ++ cert = p7->d.signed_and_enveloped->cert; ++ } else { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); ++ goto err; ++ } ++ /* XXXXXXXXXXXXXXXXXXXXXXX */ ++ ias = si->issuer_and_serial; ++ ++ x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial); ++ ++ /* were we able to find the cert in passed to us */ ++ if (x509 == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ++ PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); ++ goto err; ++ } ++ ++ /* Lets verify */ ++ if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); ++ goto err; ++ } ++ X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); ++ i = X509_verify_cert(ctx); ++ if (i <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB); ++ X509_STORE_CTX_cleanup(ctx); ++ goto err; ++ } ++ X509_STORE_CTX_cleanup(ctx); ++ ++ return PKCS7_signatureVerify(bio, p7, si, x509); ++ err: ++ return ret; ++} + + int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, +- X509 *x509) +- { +- ASN1_OCTET_STRING *os; +- EVP_MD_CTX mdc_tmp,*mdc; +- int ret=0,i; +- int md_type; +- STACK_OF(X509_ATTRIBUTE) *sk; +- BIO *btmp; +- EVP_PKEY *pkey; +- +- EVP_MD_CTX_init(&mdc_tmp); +- +- if (!PKCS7_type_is_signed(p7) && +- !PKCS7_type_is_signedAndEnveloped(p7)) { +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +- PKCS7_R_WRONG_PKCS7_TYPE); +- goto err; +- } +- +- md_type=OBJ_obj2nid(si->digest_alg->algorithm); +- +- btmp=bio; +- for (;;) +- { +- if ((btmp == NULL) || +- ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) +- { +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +- PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); +- goto err; +- } +- BIO_get_md_ctx(btmp,&mdc); +- if (mdc == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +- ERR_R_INTERNAL_ERROR); +- goto err; +- } +- if (EVP_MD_CTX_type(mdc) == md_type) +- break; +- /* Workaround for some broken clients that put the signature +- * OID instead of the digest OID in digest_alg->algorithm +- */ +- if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) +- break; +- btmp=BIO_next(btmp); +- } +- +- /* mdc is the digest ctx that we want, unless there are attributes, +- * in which case the digest is the signed attributes */ +- EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); +- +- sk=si->auth_attr; +- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) +- { +- unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; +- unsigned int md_len, alen; +- ASN1_OCTET_STRING *message_digest; +- +- EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); +- message_digest=PKCS7_digest_from_attributes(sk); +- if (!message_digest) +- { +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +- PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); +- goto err; +- } +- if ((message_digest->length != (int)md_len) || +- (memcmp(message_digest->data,md_dat,md_len))) +- { +-#if 0 ++ X509 *x509) + { +-int ii; +-for (ii=0; iilength; ii++) +- printf("%02X",message_digest->data[ii]); printf(" sent\n"); +-for (ii=0; iidigest_alg->algorithm); ++ ++ btmp = bio; ++ for (;;) { ++ if ((btmp == NULL) || ++ ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ++ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); ++ goto err; ++ } ++ BIO_get_md_ctx(btmp, &mdc); ++ if (mdc == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ if (EVP_MD_CTX_type(mdc) == md_type) ++ break; ++ /* ++ * Workaround for some broken clients that put the signature OID ++ * instead of the digest OID in digest_alg->algorithm ++ */ ++ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) ++ break; ++ btmp = BIO_next(btmp); ++ } ++ ++ /* ++ * mdc is the digest ctx that we want, unless there are attributes, in ++ * which case the digest is the signed attributes ++ */ ++ EVP_MD_CTX_copy_ex(&mdc_tmp, mdc); ++ ++ sk = si->auth_attr; ++ if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { ++ unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; ++ unsigned int md_len, alen; ++ ASN1_OCTET_STRING *message_digest; ++ ++ EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len); ++ message_digest = PKCS7_digest_from_attributes(sk); ++ if (!message_digest) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ++ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); ++ goto err; ++ } ++ if ((message_digest->length != (int)md_len) || ++ (memcmp(message_digest->data, md_dat, md_len))) { ++#if 0 ++ { ++ int ii; ++ for (ii = 0; ii < message_digest->length; ii++) ++ printf("%02X", message_digest->data[ii]); ++ printf(" sent\n"); ++ for (ii = 0; ii < md_len; ii++) ++ printf("%02X", md_dat[ii]); ++ printf(" calc\n"); ++ } + #endif +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +- PKCS7_R_DIGEST_FAILURE); +- ret= -1; +- goto err; +- } +- +- EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); +- +- alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, +- ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); +- EVP_VerifyUpdate(&mdc_tmp, abuf, alen); +- +- OPENSSL_free(abuf); +- } +- +- os=si->enc_digest; +- pkey = X509_get_pubkey(x509); +- if (!pkey) +- { +- ret = -1; +- goto err; +- } ++ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); ++ ret = -1; ++ goto err; ++ } ++ ++ EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL); ++ ++ alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, ++ ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); ++ EVP_VerifyUpdate(&mdc_tmp, abuf, alen); ++ ++ OPENSSL_free(abuf); ++ } ++ ++ os = si->enc_digest; ++ pkey = X509_get_pubkey(x509); ++ if (!pkey) { ++ ret = -1; ++ goto err; ++ } + #ifndef OPENSSL_NO_DSA +- if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); ++ if (pkey->type == EVP_PKEY_DSA) ++ mdc_tmp.digest = EVP_dss1(); + #endif + #ifndef OPENSSL_NO_ECDSA +- if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa(); ++ if (pkey->type == EVP_PKEY_EC) ++ mdc_tmp.digest = EVP_ecdsa(); + #endif + +- i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); +- EVP_PKEY_free(pkey); +- if (i <= 0) +- { +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, +- PKCS7_R_SIGNATURE_FAILURE); +- ret= -1; +- goto err; +- } +- else +- ret=1; +-err: +- EVP_MD_CTX_cleanup(&mdc_tmp); +- return(ret); +- } ++ i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); ++ EVP_PKEY_free(pkey); ++ if (i <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); ++ ret = -1; ++ goto err; ++ } else ++ ret = 1; ++ err: ++ EVP_MD_CTX_cleanup(&mdc_tmp); ++ return (ret); ++} + + PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) +- { +- STACK_OF(PKCS7_RECIP_INFO) *rsk; +- PKCS7_RECIP_INFO *ri; +- int i; +- +- i=OBJ_obj2nid(p7->type); +- if (i != NID_pkcs7_signedAndEnveloped) +- return NULL; +- if (p7->d.signed_and_enveloped == NULL) +- return NULL; +- rsk=p7->d.signed_and_enveloped->recipientinfo; +- if (rsk == NULL) +- return NULL; +- ri=sk_PKCS7_RECIP_INFO_value(rsk,0); +- if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); +- ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); +- return(ri->issuer_and_serial); +- } ++{ ++ STACK_OF(PKCS7_RECIP_INFO) *rsk; ++ PKCS7_RECIP_INFO *ri; ++ int i; ++ ++ i = OBJ_obj2nid(p7->type); ++ if (i != NID_pkcs7_signedAndEnveloped) ++ return NULL; ++ if (p7->d.signed_and_enveloped == NULL) ++ return NULL; ++ rsk = p7->d.signed_and_enveloped->recipientinfo; ++ if (rsk == NULL) ++ return NULL; ++ ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); ++ if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) ++ return (NULL); ++ ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); ++ return (ri->issuer_and_serial); ++} + + ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) +- { +- return(get_attribute(si->auth_attr,nid)); +- } ++{ ++ return (get_attribute(si->auth_attr, nid)); ++} + + ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) +- { +- return(get_attribute(si->unauth_attr,nid)); +- } ++{ ++ return (get_attribute(si->unauth_attr, nid)); ++} + + static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) +- { +- int i; +- X509_ATTRIBUTE *xa; +- ASN1_OBJECT *o; +- +- o=OBJ_nid2obj(nid); +- if (!o || !sk) return(NULL); +- for (i=0; iobject,o) == 0) +- { +- if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) +- return(sk_ASN1_TYPE_value(xa->value.set,0)); +- else +- return(NULL); +- } +- } +- return(NULL); +- } ++{ ++ int i; ++ X509_ATTRIBUTE *xa; ++ ASN1_OBJECT *o; ++ ++ o = OBJ_nid2obj(nid); ++ if (!o || !sk) ++ return (NULL); ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { ++ xa = sk_X509_ATTRIBUTE_value(sk, i); ++ if (OBJ_cmp(xa->object, o) == 0) { ++ if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) ++ return (sk_ASN1_TYPE_value(xa->value.set, 0)); ++ else ++ return (NULL); ++ } ++ } ++ return (NULL); ++} + + ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) + { +- ASN1_TYPE *astype; +- if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; +- return astype->value.octet_string; ++ ASN1_TYPE *astype; ++ if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) ++ return NULL; ++ return astype->value.octet_string; + } + + int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, +- STACK_OF(X509_ATTRIBUTE) *sk) +- { +- int i; +- +- if (p7si->auth_attr != NULL) +- sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); +- p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); +- if (p7si->auth_attr == NULL) +- return 0; +- for (i=0; iauth_attr,i, +- X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) +- == NULL) +- return(0); +- } +- return(1); +- } +- +-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) +- { +- int i; +- +- if (p7si->unauth_attr != NULL) +- sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, +- X509_ATTRIBUTE_free); +- p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); +- if (p7si->unauth_attr == NULL) +- return 0; +- for (i=0; iunauth_attr,i, +- X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) +- == NULL) +- return(0); +- } +- return(1); +- } ++ STACK_OF(X509_ATTRIBUTE) *sk) ++{ ++ int i; ++ ++ if (p7si->auth_attr != NULL) ++ sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); ++ p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); ++ if (p7si->auth_attr == NULL) ++ return 0; ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { ++ if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, ++ X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value ++ (sk, i)))) ++ == NULL) ++ return (0); ++ } ++ return (1); ++} ++ ++int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, ++ STACK_OF(X509_ATTRIBUTE) *sk) ++{ ++ int i; ++ ++ if (p7si->unauth_attr != NULL) ++ sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); ++ p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); ++ if (p7si->unauth_attr == NULL) ++ return 0; ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { ++ if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, ++ X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value ++ (sk, i)))) ++ == NULL) ++ return (0); ++ } ++ return (1); ++} + + int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, +- void *value) +- { +- return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); +- } ++ void *value) ++{ ++ return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); ++} + + int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, +- void *value) +- { +- return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); +- } ++ void *value) ++{ ++ return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); ++} + + static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, +- void *value) +- { +- X509_ATTRIBUTE *attr=NULL; +- +- if (*sk == NULL) +- { +- if (!(*sk = sk_X509_ATTRIBUTE_new_null())) +- return 0; +-new_attrib: +- if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) +- return 0; +- if (!sk_X509_ATTRIBUTE_push(*sk,attr)) +- { +- X509_ATTRIBUTE_free(attr); +- return 0; +- } +- } +- else +- { +- int i; +- +- for (i=0; iobject) == nid) +- { +- X509_ATTRIBUTE_free(attr); +- attr=X509_ATTRIBUTE_create(nid,atrtype,value); +- if (attr == NULL) +- return 0; +- if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) +- { +- X509_ATTRIBUTE_free(attr); +- return 0; +- } +- goto end; +- } +- } +- goto new_attrib; +- } +-end: +- return(1); +- } +- ++ void *value) ++{ ++ X509_ATTRIBUTE *attr = NULL; ++ ++ if (*sk == NULL) { ++ if (!(*sk = sk_X509_ATTRIBUTE_new_null())) ++ return 0; ++ new_attrib: ++ if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) ++ return 0; ++ if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { ++ X509_ATTRIBUTE_free(attr); ++ return 0; ++ } ++ } else { ++ int i; ++ ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { ++ attr = sk_X509_ATTRIBUTE_value(*sk, i); ++ if (OBJ_obj2nid(attr->object) == nid) { ++ X509_ATTRIBUTE_free(attr); ++ attr = X509_ATTRIBUTE_create(nid, atrtype, value); ++ if (attr == NULL) ++ return 0; ++ if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { ++ X509_ATTRIBUTE_free(attr); ++ return 0; ++ } ++ goto end; ++ } ++ } ++ goto new_attrib; ++ } ++ end: ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +index 898cdda..c2ad3ec 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,526 +62,519 @@ + #include + + long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) +- { +- int nid; +- long ret; +- +- nid=OBJ_obj2nid(p7->type); +- +- switch (cmd) +- { +- case PKCS7_OP_SET_DETACHED_SIGNATURE: +- if (nid == NID_pkcs7_signed) +- { +- ret=p7->detached=(int)larg; +- if (ret && PKCS7_type_is_data(p7->d.sign->contents)) +- { +- ASN1_OCTET_STRING *os; +- os=p7->d.sign->contents->d.data; +- ASN1_OCTET_STRING_free(os); +- p7->d.sign->contents->d.data = NULL; +- } +- } +- else +- { +- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); +- ret=0; +- } +- break; +- case PKCS7_OP_GET_DETACHED_SIGNATURE: +- if (nid == NID_pkcs7_signed) +- { +- if(!p7->d.sign || !p7->d.sign->contents->d.ptr) +- ret = 1; +- else ret = 0; +- +- p7->detached = ret; +- } +- else +- { +- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); +- ret=0; +- } +- +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); +- ret=0; +- } +- return(ret); +- } ++{ ++ int nid; ++ long ret; ++ ++ nid = OBJ_obj2nid(p7->type); ++ ++ switch (cmd) { ++ /* NOTE(emilia): does not support detached digested data. */ ++ case PKCS7_OP_SET_DETACHED_SIGNATURE: ++ if (nid == NID_pkcs7_signed) { ++ ret = p7->detached = (int)larg; ++ if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { ++ ASN1_OCTET_STRING *os; ++ os = p7->d.sign->contents->d.data; ++ ASN1_OCTET_STRING_free(os); ++ p7->d.sign->contents->d.data = NULL; ++ } ++ } else { ++ PKCS7err(PKCS7_F_PKCS7_CTRL, ++ PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); ++ ret = 0; ++ } ++ break; ++ case PKCS7_OP_GET_DETACHED_SIGNATURE: ++ if (nid == NID_pkcs7_signed) { ++ if (!p7->d.sign || !p7->d.sign->contents->d.ptr) ++ ret = 1; ++ else ++ ret = 0; ++ ++ p7->detached = ret; ++ } else { ++ PKCS7err(PKCS7_F_PKCS7_CTRL, ++ PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); ++ ret = 0; ++ } ++ ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION); ++ ret = 0; ++ } ++ return (ret); ++} + + int PKCS7_content_new(PKCS7 *p7, int type) +- { +- PKCS7 *ret=NULL; +- +- if ((ret=PKCS7_new()) == NULL) goto err; +- if (!PKCS7_set_type(ret,type)) goto err; +- if (!PKCS7_set_content(p7,ret)) goto err; +- +- return(1); +-err: +- if (ret != NULL) PKCS7_free(ret); +- return(0); +- } ++{ ++ PKCS7 *ret = NULL; ++ ++ if ((ret = PKCS7_new()) == NULL) ++ goto err; ++ if (!PKCS7_set_type(ret, type)) ++ goto err; ++ if (!PKCS7_set_content(p7, ret)) ++ goto err; ++ ++ return (1); ++ err: ++ if (ret != NULL) ++ PKCS7_free(ret); ++ return (0); ++} + + int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) +- { +- int i; +- +- i=OBJ_obj2nid(p7->type); +- switch (i) +- { +- case NID_pkcs7_signed: +- if (p7->d.sign->contents != NULL) +- PKCS7_free(p7->d.sign->contents); +- p7->d.sign->contents=p7_data; +- break; +- case NID_pkcs7_digest: +- if (p7->d.digest->contents != NULL) +- PKCS7_free(p7->d.digest->contents); +- p7->d.digest->contents=p7_data; +- break; +- case NID_pkcs7_data: +- case NID_pkcs7_enveloped: +- case NID_pkcs7_signedAndEnveloped: +- case NID_pkcs7_encrypted: +- default: +- PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); +- goto err; +- } +- return(1); +-err: +- return(0); +- } ++{ ++ int i; ++ ++ i = OBJ_obj2nid(p7->type); ++ switch (i) { ++ case NID_pkcs7_signed: ++ if (p7->d.sign->contents != NULL) ++ PKCS7_free(p7->d.sign->contents); ++ p7->d.sign->contents = p7_data; ++ break; ++ case NID_pkcs7_digest: ++ if (p7->d.digest->contents != NULL) ++ PKCS7_free(p7->d.digest->contents); ++ p7->d.digest->contents = p7_data; ++ break; ++ case NID_pkcs7_data: ++ case NID_pkcs7_enveloped: ++ case NID_pkcs7_signedAndEnveloped: ++ case NID_pkcs7_encrypted: ++ default: ++ PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); ++ goto err; ++ } ++ return (1); ++ err: ++ return (0); ++} + + int PKCS7_set_type(PKCS7 *p7, int type) +- { +- ASN1_OBJECT *obj; +- +- /*PKCS7_content_free(p7);*/ +- obj=OBJ_nid2obj(type); /* will not fail */ +- +- switch (type) +- { +- case NID_pkcs7_signed: +- p7->type=obj; +- if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) +- goto err; +- if (!ASN1_INTEGER_set(p7->d.sign->version,1)) +- { +- PKCS7_SIGNED_free(p7->d.sign); +- p7->d.sign=NULL; +- goto err; +- } +- break; +- case NID_pkcs7_data: +- p7->type=obj; +- if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) +- goto err; +- break; +- case NID_pkcs7_signedAndEnveloped: +- p7->type=obj; +- if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) +- == NULL) goto err; +- ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); +- if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1)) +- goto err; +- p7->d.signed_and_enveloped->enc_data->content_type +- = OBJ_nid2obj(NID_pkcs7_data); +- break; +- case NID_pkcs7_enveloped: +- p7->type=obj; +- if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) +- == NULL) goto err; +- if (!ASN1_INTEGER_set(p7->d.enveloped->version,0)) +- goto err; +- p7->d.enveloped->enc_data->content_type +- = OBJ_nid2obj(NID_pkcs7_data); +- break; +- case NID_pkcs7_encrypted: +- p7->type=obj; +- if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) +- == NULL) goto err; +- if (!ASN1_INTEGER_set(p7->d.encrypted->version,0)) +- goto err; +- p7->d.encrypted->enc_data->content_type +- = OBJ_nid2obj(NID_pkcs7_data); +- break; +- +- case NID_pkcs7_digest: +- p7->type=obj; +- if ((p7->d.digest=PKCS7_DIGEST_new()) +- == NULL) goto err; +- if (!ASN1_INTEGER_set(p7->d.digest->version,0)) +- goto err; +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); +- goto err; +- } +- return(1); +-err: +- return(0); +- } ++{ ++ ASN1_OBJECT *obj; ++ ++ /* ++ * PKCS7_content_free(p7); ++ */ ++ obj = OBJ_nid2obj(type); /* will not fail */ ++ ++ switch (type) { ++ case NID_pkcs7_signed: ++ p7->type = obj; ++ if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) ++ goto err; ++ if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { ++ PKCS7_SIGNED_free(p7->d.sign); ++ p7->d.sign = NULL; ++ goto err; ++ } ++ break; ++ case NID_pkcs7_data: ++ p7->type = obj; ++ if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) ++ goto err; ++ break; ++ case NID_pkcs7_signedAndEnveloped: ++ p7->type = obj; ++ if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new()) ++ == NULL) ++ goto err; ++ ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); ++ if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) ++ goto err; ++ p7->d.signed_and_enveloped->enc_data->content_type ++ = OBJ_nid2obj(NID_pkcs7_data); ++ break; ++ case NID_pkcs7_enveloped: ++ p7->type = obj; ++ if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) ++ == NULL) ++ goto err; ++ if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) ++ goto err; ++ p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); ++ break; ++ case NID_pkcs7_encrypted: ++ p7->type = obj; ++ if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) ++ == NULL) ++ goto err; ++ if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) ++ goto err; ++ p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); ++ break; ++ ++ case NID_pkcs7_digest: ++ p7->type = obj; ++ if ((p7->d.digest = PKCS7_DIGEST_new()) ++ == NULL) ++ goto err; ++ if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) ++ goto err; ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); ++ goto err; ++ } ++ return (1); ++ err: ++ return (0); ++} + + int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) +- { +- p7->type = OBJ_nid2obj(type); +- p7->d.other = other; +- return 1; +- } ++{ ++ p7->type = OBJ_nid2obj(type); ++ p7->d.other = other; ++ return 1; ++} + + int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) +- { +- int i,j,nid; +- X509_ALGOR *alg; +- STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; +- STACK_OF(X509_ALGOR) *md_sk; +- +- i=OBJ_obj2nid(p7->type); +- switch (i) +- { +- case NID_pkcs7_signed: +- signer_sk= p7->d.sign->signer_info; +- md_sk= p7->d.sign->md_algs; +- break; +- case NID_pkcs7_signedAndEnveloped: +- signer_sk= p7->d.signed_and_enveloped->signer_info; +- md_sk= p7->d.signed_and_enveloped->md_algs; +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); +- return(0); +- } +- +- nid=OBJ_obj2nid(psi->digest_alg->algorithm); +- +- /* If the digest is not currently listed, add it */ +- j=0; +- for (i=0; ialgorithm) == nid) +- { +- j=1; +- break; +- } +- } +- if (!j) /* we need to add another algorithm */ +- { +- if(!(alg=X509_ALGOR_new()) +- || !(alg->parameter = ASN1_TYPE_new())) +- { +- X509_ALGOR_free(alg); +- PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- alg->algorithm=OBJ_nid2obj(nid); +- alg->parameter->type = V_ASN1_NULL; +- if (!sk_X509_ALGOR_push(md_sk,alg)) +- { +- X509_ALGOR_free(alg); +- return 0; +- } +- } +- +- if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi)) +- return 0; +- return(1); +- } ++{ ++ int i, j, nid; ++ X509_ALGOR *alg; ++ STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; ++ STACK_OF(X509_ALGOR) *md_sk; ++ ++ i = OBJ_obj2nid(p7->type); ++ switch (i) { ++ case NID_pkcs7_signed: ++ signer_sk = p7->d.sign->signer_info; ++ md_sk = p7->d.sign->md_algs; ++ break; ++ case NID_pkcs7_signedAndEnveloped: ++ signer_sk = p7->d.signed_and_enveloped->signer_info; ++ md_sk = p7->d.signed_and_enveloped->md_algs; ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE); ++ return (0); ++ } ++ ++ nid = OBJ_obj2nid(psi->digest_alg->algorithm); ++ ++ /* If the digest is not currently listed, add it */ ++ j = 0; ++ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { ++ alg = sk_X509_ALGOR_value(md_sk, i); ++ if (OBJ_obj2nid(alg->algorithm) == nid) { ++ j = 1; ++ break; ++ } ++ } ++ if (!j) { /* we need to add another algorithm */ ++ if (!(alg = X509_ALGOR_new()) ++ || !(alg->parameter = ASN1_TYPE_new())) { ++ X509_ALGOR_free(alg); ++ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ alg->algorithm = OBJ_nid2obj(nid); ++ alg->parameter->type = V_ASN1_NULL; ++ if (!sk_X509_ALGOR_push(md_sk, alg)) { ++ X509_ALGOR_free(alg); ++ return 0; ++ } ++ } ++ ++ if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) ++ return 0; ++ return (1); ++} + + int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) +- { +- int i; +- STACK_OF(X509) **sk; +- +- i=OBJ_obj2nid(p7->type); +- switch (i) +- { +- case NID_pkcs7_signed: +- sk= &(p7->d.sign->cert); +- break; +- case NID_pkcs7_signedAndEnveloped: +- sk= &(p7->d.signed_and_enveloped->cert); +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); +- return(0); +- } +- +- if (*sk == NULL) +- *sk=sk_X509_new_null(); +- if (*sk == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); +- if (!sk_X509_push(*sk,x509)) +- { +- X509_free(x509); +- return 0; +- } +- return(1); +- } ++{ ++ int i; ++ STACK_OF(X509) **sk; ++ ++ i = OBJ_obj2nid(p7->type); ++ switch (i) { ++ case NID_pkcs7_signed: ++ sk = &(p7->d.sign->cert); ++ break; ++ case NID_pkcs7_signedAndEnveloped: ++ sk = &(p7->d.signed_and_enveloped->cert); ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE); ++ return (0); ++ } ++ ++ if (*sk == NULL) ++ *sk = sk_X509_new_null(); ++ if (*sk == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); ++ if (!sk_X509_push(*sk, x509)) { ++ X509_free(x509); ++ return 0; ++ } ++ return (1); ++} + + int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) +- { +- int i; +- STACK_OF(X509_CRL) **sk; +- +- i=OBJ_obj2nid(p7->type); +- switch (i) +- { +- case NID_pkcs7_signed: +- sk= &(p7->d.sign->crl); +- break; +- case NID_pkcs7_signedAndEnveloped: +- sk= &(p7->d.signed_and_enveloped->crl); +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); +- return(0); +- } +- +- if (*sk == NULL) +- *sk=sk_X509_CRL_new_null(); +- if (*sk == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); +- if (!sk_X509_CRL_push(*sk,crl)) +- { +- X509_CRL_free(crl); +- return 0; +- } +- return(1); +- } ++{ ++ int i; ++ STACK_OF(X509_CRL) **sk; ++ ++ i = OBJ_obj2nid(p7->type); ++ switch (i) { ++ case NID_pkcs7_signed: ++ sk = &(p7->d.sign->crl); ++ break; ++ case NID_pkcs7_signedAndEnveloped: ++ sk = &(p7->d.signed_and_enveloped->crl); ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE); ++ return (0); ++ } ++ ++ if (*sk == NULL) ++ *sk = sk_X509_CRL_new_null(); ++ if (*sk == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); ++ if (!sk_X509_CRL_push(*sk, crl)) { ++ X509_CRL_free(crl); ++ return 0; ++ } ++ return (1); ++} + + int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, +- const EVP_MD *dgst) +- { +- int nid; +- char is_dsa; +- +- if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) +- is_dsa = 1; +- else +- is_dsa = 0; +- /* We now need to add another PKCS7_SIGNER_INFO entry */ +- if (!ASN1_INTEGER_set(p7i->version,1)) +- goto err; +- if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, +- X509_get_issuer_name(x509))) +- goto err; +- +- /* because ASN1_INTEGER_set is used to set a 'long' we will do +- * things the ugly way. */ +- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); +- if (!(p7i->issuer_and_serial->serial= +- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) +- goto err; +- +- /* lets keep the pkey around for a while */ +- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); +- p7i->pkey=pkey; +- +- /* Set the algorithms */ +- if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); +- else +- p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); +- +- if (p7i->digest_alg->parameter != NULL) +- ASN1_TYPE_free(p7i->digest_alg->parameter); +- if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) +- goto err; +- p7i->digest_alg->parameter->type=V_ASN1_NULL; +- +- if (p7i->digest_enc_alg->parameter != NULL) +- ASN1_TYPE_free(p7i->digest_enc_alg->parameter); +- nid = EVP_PKEY_type(pkey->type); +- if (nid == EVP_PKEY_RSA) +- { +- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption); +- if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) +- goto err; +- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; +- } +- else if (nid == EVP_PKEY_DSA) +- { ++ const EVP_MD *dgst) ++{ ++ int nid; ++ char is_dsa; ++ ++ if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC) ++ is_dsa = 1; ++ else ++ is_dsa = 0; ++ /* We now need to add another PKCS7_SIGNER_INFO entry */ ++ if (!ASN1_INTEGER_set(p7i->version, 1)) ++ goto err; ++ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, ++ X509_get_issuer_name(x509))) ++ goto err; ++ ++ /* ++ * because ASN1_INTEGER_set is used to set a 'long' we will do things the ++ * ugly way. ++ */ ++ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); ++ if (!(p7i->issuer_and_serial->serial = ++ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) ++ goto err; ++ ++ /* lets keep the pkey around for a while */ ++ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ p7i->pkey = pkey; ++ ++ /* Set the algorithms */ ++ if (is_dsa) ++ p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1); ++ else ++ p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst)); ++ ++ if (p7i->digest_alg->parameter != NULL) ++ ASN1_TYPE_free(p7i->digest_alg->parameter); ++ if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ p7i->digest_alg->parameter->type = V_ASN1_NULL; ++ ++ if (p7i->digest_enc_alg->parameter != NULL) ++ ASN1_TYPE_free(p7i->digest_enc_alg->parameter); ++ nid = EVP_PKEY_type(pkey->type); ++ if (nid == EVP_PKEY_RSA) { ++ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption); ++ if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new())) ++ goto err; ++ p7i->digest_enc_alg->parameter->type = V_ASN1_NULL; ++ } else if (nid == EVP_PKEY_DSA) { + #if 1 +- /* use 'dsaEncryption' OID for compatibility with other software +- * (PKCS #7 v1.5 does specify how to handle DSA) ... */ +- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa); ++ /* ++ * use 'dsaEncryption' OID for compatibility with other software ++ * (PKCS #7 v1.5 does specify how to handle DSA) ... ++ */ ++ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa); + #else +- /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS) +- * would make more sense. */ +- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1); ++ /* ++ * ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for ++ * CMS) would make more sense. ++ */ ++ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1); + #endif +- p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */ +- } +- else if (nid == EVP_PKEY_EC) +- { +- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1); +- if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) +- goto err; +- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; +- } +- else +- return(0); +- +- return(1); +-err: +- return(0); +- } ++ p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit ++ * 'parameter'! */ ++ } else if (nid == EVP_PKEY_EC) { ++ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1); ++ if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new())) ++ goto err; ++ p7i->digest_enc_alg->parameter->type = V_ASN1_NULL; ++ } else ++ return (0); ++ ++ return (1); ++ err: ++ return (0); ++} + + PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, +- const EVP_MD *dgst) +- { +- PKCS7_SIGNER_INFO *si; +- +- if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; +- if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; +- if (!PKCS7_add_signer(p7,si)) goto err; +- return(si); +-err: +- PKCS7_SIGNER_INFO_free(si); +- return(NULL); +- } ++ const EVP_MD *dgst) ++{ ++ PKCS7_SIGNER_INFO *si; ++ ++ if ((si = PKCS7_SIGNER_INFO_new()) == NULL) ++ goto err; ++ if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) ++ goto err; ++ if (!PKCS7_add_signer(p7, si)) ++ goto err; ++ return (si); ++ err: ++ PKCS7_SIGNER_INFO_free(si); ++ return (NULL); ++} + + int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) +- { +- if (PKCS7_type_is_digest(p7)) +- { +- if(!(p7->d.digest->md->parameter = ASN1_TYPE_new())) +- { +- PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- p7->d.digest->md->parameter->type = V_ASN1_NULL; +- p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); +- return 1; +- } +- +- PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE); +- return 1; +- } ++{ ++ if (PKCS7_type_is_digest(p7)) { ++ if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ p7->d.digest->md->parameter->type = V_ASN1_NULL; ++ p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); ++ return 1; ++ } ++ ++ PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE); ++ return 1; ++} + + STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) +- { +- if (PKCS7_type_is_signed(p7)) +- { +- return(p7->d.sign->signer_info); +- } +- else if (PKCS7_type_is_signedAndEnveloped(p7)) +- { +- return(p7->d.signed_and_enveloped->signer_info); +- } +- else +- return(NULL); +- } ++{ ++ if (p7 == NULL || p7->d.ptr == NULL) ++ return NULL; ++ if (PKCS7_type_is_signed(p7)) { ++ return (p7->d.sign->signer_info); ++ } else if (PKCS7_type_is_signedAndEnveloped(p7)) { ++ return (p7->d.signed_and_enveloped->signer_info); ++ } else ++ return (NULL); ++} + + PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) +- { +- PKCS7_RECIP_INFO *ri; +- +- if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; +- if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; +- if (!PKCS7_add_recipient_info(p7,ri)) goto err; +- return(ri); +-err: +- PKCS7_RECIP_INFO_free(ri); +- return(NULL); +- } ++{ ++ PKCS7_RECIP_INFO *ri; ++ ++ if ((ri = PKCS7_RECIP_INFO_new()) == NULL) ++ goto err; ++ if (!PKCS7_RECIP_INFO_set(ri, x509)) ++ goto err; ++ if (!PKCS7_add_recipient_info(p7, ri)) ++ goto err; ++ return (ri); ++ err: ++ PKCS7_RECIP_INFO_free(ri); ++ return (NULL); ++} + + int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) +- { +- int i; +- STACK_OF(PKCS7_RECIP_INFO) *sk; +- +- i=OBJ_obj2nid(p7->type); +- switch (i) +- { +- case NID_pkcs7_signedAndEnveloped: +- sk= p7->d.signed_and_enveloped->recipientinfo; +- break; +- case NID_pkcs7_enveloped: +- sk= p7->d.enveloped->recipientinfo; +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); +- return(0); +- } +- +- if (!sk_PKCS7_RECIP_INFO_push(sk,ri)) +- return 0; +- return(1); +- } ++{ ++ int i; ++ STACK_OF(PKCS7_RECIP_INFO) *sk; ++ ++ i = OBJ_obj2nid(p7->type); ++ switch (i) { ++ case NID_pkcs7_signedAndEnveloped: ++ sk = p7->d.signed_and_enveloped->recipientinfo; ++ break; ++ case NID_pkcs7_enveloped: ++ sk = p7->d.enveloped->recipientinfo; ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, ++ PKCS7_R_WRONG_CONTENT_TYPE); ++ return (0); ++ } ++ ++ if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) ++ return 0; ++ return (1); ++} + + int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) +- { +- if (!ASN1_INTEGER_set(p7i->version,0)) +- return 0; +- if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, +- X509_get_issuer_name(x509))) +- return 0; ++{ ++ if (!ASN1_INTEGER_set(p7i->version, 0)) ++ return 0; ++ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, ++ X509_get_issuer_name(x509))) ++ return 0; + +- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); +- if (!(p7i->issuer_and_serial->serial= +- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) +- return 0; ++ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); ++ if (!(p7i->issuer_and_serial->serial = ++ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) ++ return 0; + +- X509_ALGOR_free(p7i->key_enc_algor); +- if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor))) +- return 0; ++ X509_ALGOR_free(p7i->key_enc_algor); ++ if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor))) ++ return 0; + +- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); +- p7i->cert=x509; ++ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); ++ p7i->cert = x509; + +- return(1); +- } ++ return (1); ++} + + X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) +- { +- if (PKCS7_type_is_signed(p7)) +- return(X509_find_by_issuer_and_serial(p7->d.sign->cert, +- si->issuer_and_serial->issuer, +- si->issuer_and_serial->serial)); +- else +- return(NULL); +- } ++{ ++ if (PKCS7_type_is_signed(p7)) ++ return (X509_find_by_issuer_and_serial(p7->d.sign->cert, ++ si->issuer_and_serial->issuer, ++ si-> ++ issuer_and_serial->serial)); ++ else ++ return (NULL); ++} + + int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) +- { +- int i; +- PKCS7_ENC_CONTENT *ec; +- +- i=OBJ_obj2nid(p7->type); +- switch (i) +- { +- case NID_pkcs7_signedAndEnveloped: +- ec=p7->d.signed_and_enveloped->enc_data; +- break; +- case NID_pkcs7_enveloped: +- ec=p7->d.enveloped->enc_data; +- break; +- default: +- PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); +- return(0); +- } +- +- /* Check cipher OID exists and has data in it*/ +- i = EVP_CIPHER_type(cipher); +- if(i == NID_undef) { +- PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); +- return(0); +- } +- +- ec->cipher = cipher; +- return 1; +- } +- ++{ ++ int i; ++ PKCS7_ENC_CONTENT *ec; ++ ++ i = OBJ_obj2nid(p7->type); ++ switch (i) { ++ case NID_pkcs7_signedAndEnveloped: ++ ec = p7->d.signed_and_enveloped->enc_data; ++ break; ++ case NID_pkcs7_enveloped: ++ ec = p7->d.enveloped->enc_data; ++ break; ++ default: ++ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE); ++ return (0); ++ } ++ ++ /* Check cipher OID exists and has data in it */ ++ i = EVP_CIPHER_type(cipher); ++ if (i == NID_undef) { ++ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, ++ PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); ++ return (0); ++ } ++ ++ ec->cipher = cipher; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +index 831b47d..2eca5ea 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +@@ -1,5 +1,6 @@ + /* pk7_mime.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,64 +63,61 @@ + /* PKCS#7 wrappers round generalised MIME routines */ + + PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) +- { +- return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); +- } ++{ ++ return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7)); ++} + + /* Callback for int_smime_write_ASN1 */ + + static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, +- const ASN1_ITEM *it) +- { +- PKCS7 *p7 = (PKCS7 *)val; +- BIO *tmpbio, *p7bio; ++ const ASN1_ITEM *it) ++{ ++ PKCS7 *p7 = (PKCS7 *)val; ++ BIO *tmpbio, *p7bio; + +- if (!(flags & SMIME_DETACHED)) +- { +- SMIME_crlf_copy(data, out, flags); +- return 1; +- } ++ if (!(flags & SMIME_DETACHED)) { ++ SMIME_crlf_copy(data, out, flags); ++ return 1; ++ } + +- /* Let PKCS7 code prepend any needed BIOs */ ++ /* Let PKCS7 code prepend any needed BIOs */ + +- p7bio = PKCS7_dataInit(p7, out); ++ p7bio = PKCS7_dataInit(p7, out); + +- if (!p7bio) +- return 0; ++ if (!p7bio) ++ return 0; + +- /* Copy data across, passing through filter BIOs for processing */ +- SMIME_crlf_copy(data, p7bio, flags); ++ /* Copy data across, passing through filter BIOs for processing */ ++ SMIME_crlf_copy(data, p7bio, flags); + +- /* Finalize structure */ +- if (PKCS7_dataFinal(p7, p7bio) <= 0) +- goto err; ++ /* Finalize structure */ ++ if (PKCS7_dataFinal(p7, p7bio) <= 0) ++ goto err; + +- err: ++ err: + +- /* Now remove any digests prepended to the BIO */ ++ /* Now remove any digests prepended to the BIO */ + +- while (p7bio != out) +- { +- tmpbio = BIO_pop(p7bio); +- BIO_free(p7bio); +- p7bio = tmpbio; +- } ++ while (p7bio != out) { ++ tmpbio = BIO_pop(p7bio); ++ BIO_free(p7bio); ++ p7bio = tmpbio; ++ } + +- return 1; ++ return 1; + +- } ++} + + int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +- { +- STACK_OF(X509_ALGOR) *mdalgs; +- int ctype_nid = OBJ_obj2nid(p7->type); +- if (ctype_nid == NID_pkcs7_signed) +- mdalgs = p7->d.sign->md_algs; +- else +- mdalgs = NULL; +- +- return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, +- ctype_nid, NID_undef, mdalgs, +- pk7_output_data, +- ASN1_ITEM_rptr(PKCS7)); +- } ++{ ++ STACK_OF(X509_ALGOR) *mdalgs; ++ int ctype_nid = OBJ_obj2nid(p7->type); ++ if (ctype_nid == NID_pkcs7_signed) ++ mdalgs = p7->d.sign->md_algs; ++ else ++ mdalgs = NULL; ++ ++ return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, ++ ctype_nid, NID_undef, mdalgs, ++ pk7_output_data, ASN1_ITEM_rptr(PKCS7)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +index 49b450d..cd22c85 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +@@ -1,5 +1,6 @@ + /* pk7_smime.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,470 +65,472 @@ + #include + + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +- BIO *data, int flags) ++ BIO *data, int flags) + { +- PKCS7 *p7 = NULL; +- PKCS7_SIGNER_INFO *si; +- BIO *p7bio = NULL; +- STACK_OF(X509_ALGOR) *smcap = NULL; +- int i; +- +- if(!X509_check_private_key(signcert, pkey)) { +- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); +- return NULL; +- } +- +- if(!(p7 = PKCS7_new())) { +- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if (!PKCS7_set_type(p7, NID_pkcs7_signed)) +- goto err; +- +- if (!PKCS7_content_new(p7, NID_pkcs7_data)) +- goto err; +- +- /* +- NOTE: Update to SHA-256 digest algorithm for UEFI version. +- */ +- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) { +- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); +- goto err; +- } +- +- if(!(flags & PKCS7_NOCERTS)) { +- if (!PKCS7_add_certificate(p7, signcert)) +- goto err; +- if(certs) for(i = 0; i < sk_X509_num(certs); i++) +- if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) +- goto err; +- } +- +- if(!(flags & PKCS7_NOATTR)) { +- if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, +- V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data))) +- goto err; +- /* Add SMIMECapabilities */ +- if(!(flags & PKCS7_NOSMIMECAP)) +- { +- if(!(smcap = sk_X509_ALGOR_new_null())) { +- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ PKCS7 *p7 = NULL; ++ PKCS7_SIGNER_INFO *si; ++ BIO *p7bio = NULL; ++ STACK_OF(X509_ALGOR) *smcap = NULL; ++ int i; ++ ++ if (!X509_check_private_key(signcert, pkey)) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN, ++ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); ++ return NULL; ++ } ++ ++ if (!(p7 = PKCS7_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (!PKCS7_set_type(p7, NID_pkcs7_signed)) ++ goto err; ++ ++ if (!PKCS7_content_new(p7, NID_pkcs7_data)) ++ goto err; ++ ++#if defined(OPENSSL_SYS_UEFI) ++ /* ++ * NOTE: Update to SHA-256 digest algorithm for UEFI version. ++ */ ++ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) { ++#else ++ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) { ++#endif ++ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); ++ goto err; ++ } ++ ++ if (!(flags & PKCS7_NOCERTS)) { ++ if (!PKCS7_add_certificate(p7, signcert)) ++ goto err; ++ if (certs) ++ for (i = 0; i < sk_X509_num(certs); i++) ++ if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) ++ goto err; ++ } ++ ++ if (!(flags & PKCS7_NOATTR)) { ++ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, ++ V_ASN1_OBJECT, ++ OBJ_nid2obj(NID_pkcs7_data))) ++ goto err; ++ /* Add SMIMECapabilities */ ++ if (!(flags & PKCS7_NOSMIMECAP)) { ++ if (!(smcap = sk_X509_ALGOR_new_null())) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + #ifndef OPENSSL_NO_DES +- if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1)) +- goto err; ++ if (!PKCS7_simple_smimecap(smcap, NID_des_ede3_cbc, -1)) ++ goto err; + #endif + #ifndef OPENSSL_NO_RC2 +- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128)) +- goto err; +- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64)) +- goto err; ++ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 128)) ++ goto err; ++ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 64)) ++ goto err; + #endif + #ifndef OPENSSL_NO_DES +- if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1)) +- goto err; ++ if (!PKCS7_simple_smimecap(smcap, NID_des_cbc, -1)) ++ goto err; + #endif + #ifndef OPENSSL_NO_RC2 +- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40)) +- goto err; ++ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 40)) ++ goto err; + #endif +- if (!PKCS7_add_attrib_smimecap (si, smcap)) +- goto err; +- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); +- smcap = NULL; +- } +- } +- +- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); +- +- if (flags & PKCS7_STREAM) +- return p7; +- +- +- if (!(p7bio = PKCS7_dataInit(p7, NULL))) { +- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- SMIME_crlf_copy(data, p7bio, flags); +- +- +- if (!PKCS7_dataFinal(p7,p7bio)) { +- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); +- goto err; +- } +- +- BIO_free_all(p7bio); +- return p7; +-err: +- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); +- BIO_free_all(p7bio); +- PKCS7_free(p7); +- return NULL; ++ if (!PKCS7_add_attrib_smimecap(si, smcap)) ++ goto err; ++ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); ++ smcap = NULL; ++ } ++ } ++ ++ if (flags & PKCS7_DETACHED) ++ PKCS7_set_detached(p7, 1); ++ ++ if (flags & PKCS7_STREAM) ++ return p7; ++ ++ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ SMIME_crlf_copy(data, p7bio, flags); ++ ++ if (!PKCS7_dataFinal(p7, p7bio)) { ++ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_DATASIGN); ++ goto err; ++ } ++ ++ BIO_free_all(p7bio); ++ return p7; ++ err: ++ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); ++ BIO_free_all(p7bio); ++ PKCS7_free(p7); ++ return NULL; + } + + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +- BIO *indata, BIO *out, int flags) ++ BIO *indata, BIO *out, int flags) + { +- STACK_OF(X509) *signers; +- X509 *signer; +- STACK_OF(PKCS7_SIGNER_INFO) *sinfos; +- PKCS7_SIGNER_INFO *si; +- X509_STORE_CTX cert_ctx; +- char *buf = NULL; +- int bufsiz; +- int i, j=0, k, ret = 0; +- BIO *p7bio; +- BIO *tmpin, *tmpout; +- +- if(!p7) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); +- return 0; +- } +- +- if(!PKCS7_type_is_signed(p7)) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); +- return 0; +- } +- +- /* Check for no data and no content: no data to verify signature */ +- if(PKCS7_get_detached(p7) && !indata) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); +- return 0; +- } ++ STACK_OF(X509) *signers; ++ X509 *signer; ++ STACK_OF(PKCS7_SIGNER_INFO) *sinfos; ++ PKCS7_SIGNER_INFO *si; ++ X509_STORE_CTX cert_ctx; ++ char *buf = NULL; ++ int bufsiz; ++ int i, j = 0, k, ret = 0; ++ BIO *p7bio; ++ BIO *tmpin, *tmpout; ++ ++ if (!p7) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER); ++ return 0; ++ } ++ ++ if (!PKCS7_type_is_signed(p7)) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE); ++ return 0; ++ } ++ ++ /* Check for no data and no content: no data to verify signature */ ++ if (PKCS7_get_detached(p7) && !indata) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); ++ return 0; ++ } + #if 0 +- /* NB: this test commented out because some versions of Netscape +- * illegally include zero length content when signing data. +- */ +- +- /* Check for data and content: two sets of data */ +- if(!PKCS7_get_detached(p7) && indata) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); +- return 0; +- } ++ /* ++ * NB: this test commented out because some versions of Netscape ++ * illegally include zero length content when signing data. ++ */ ++ ++ /* Check for data and content: two sets of data */ ++ if (!PKCS7_get_detached(p7) && indata) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); ++ return 0; ++ } + #endif + +- sinfos = PKCS7_get_signer_info(p7); +- +- if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); +- return 0; +- } +- +- +- signers = PKCS7_get0_signers(p7, certs, flags); +- +- if(!signers) return 0; +- +- /* Now verify the certificates */ +- +- if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { +- signer = sk_X509_value (signers, k); +- if (!(flags & PKCS7_NOCHAIN)) { +- if(!X509_STORE_CTX_init(&cert_ctx, store, signer, +- p7->d.sign->cert)) +- { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); +- sk_X509_free(signers); +- return 0; +- } +- X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); +- } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); +- sk_X509_free(signers); +- return 0; +- } +- if (!(flags & PKCS7_NOCRL)) +- X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); +- i = X509_verify_cert(&cert_ctx); +- if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); +- X509_STORE_CTX_cleanup(&cert_ctx); +- if (i <= 0) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); +- ERR_add_error_data(2, "Verify error:", +- X509_verify_cert_error_string(j)); +- sk_X509_free(signers); +- return 0; +- } +- /* Check for revocation status here */ +- } +- +- /* Performance optimization: if the content is a memory BIO then +- * store its contents in a temporary read only memory BIO. This +- * avoids potentially large numbers of slow copies of data which will +- * occur when reading from a read write memory BIO when signatures +- * are calculated. +- */ +- +- if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) +- { +- char *ptr; +- long len; +- len = BIO_get_mem_data(indata, &ptr); +- tmpin = BIO_new_mem_buf(ptr, len); +- if (tmpin == NULL) +- { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- else +- tmpin = indata; +- +- +- if (!(p7bio=PKCS7_dataInit(p7,tmpin))) +- goto err; +- +- if(flags & PKCS7_TEXT) { +- if(!(tmpout = BIO_new(BIO_s_mem()))) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- BIO_set_mem_eof_return(tmpout, 0); +- } else tmpout = out; +- +- bufsiz = 4096; +- buf = OPENSSL_malloc (bufsiz); +- if (buf == NULL) { +- goto err; +- } +- +- /* We now have to 'read' from p7bio to calculate digests etc. */ +- for (;;) +- { +- i=BIO_read(p7bio,buf,bufsiz); +- if (i <= 0) break; +- if (tmpout) BIO_write(tmpout, buf, i); +- } +- +- if(flags & PKCS7_TEXT) { +- if(!SMIME_text(tmpout, out)) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); +- BIO_free(tmpout); +- goto err; +- } +- BIO_free(tmpout); +- } +- +- /* Now Verify All Signatures */ +- if (!(flags & PKCS7_NOSIGS)) +- for (i=0; id.sign->cert)) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); ++ sk_X509_free(signers); ++ return 0; ++ } ++ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); ++ } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); ++ sk_X509_free(signers); ++ return 0; ++ } ++ if (!(flags & PKCS7_NOCRL)) ++ X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); ++ i = X509_verify_cert(&cert_ctx); ++ if (i <= 0) ++ j = X509_STORE_CTX_get_error(&cert_ctx); ++ X509_STORE_CTX_cleanup(&cert_ctx); ++ if (i <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, ++ PKCS7_R_CERTIFICATE_VERIFY_ERROR); ++ ERR_add_error_data(2, "Verify error:", ++ X509_verify_cert_error_string(j)); ++ sk_X509_free(signers); ++ return 0; ++ } ++ /* Check for revocation status here */ ++ } ++ ++ /* ++ * Performance optimization: if the content is a memory BIO then store ++ * its contents in a temporary read only memory BIO. This avoids ++ * potentially large numbers of slow copies of data which will occur when ++ * reading from a read write memory BIO when signatures are calculated. ++ */ ++ ++ if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { ++ char *ptr; ++ long len; ++ len = BIO_get_mem_data(indata, &ptr); ++ tmpin = BIO_new_mem_buf(ptr, len); ++ if (tmpin == NULL) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } else ++ tmpin = indata; ++ ++ if (!(p7bio = PKCS7_dataInit(p7, tmpin))) ++ goto err; ++ ++ if (flags & PKCS7_TEXT) { ++ if (!(tmpout = BIO_new(BIO_s_mem()))) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ BIO_set_mem_eof_return(tmpout, 0); ++ } else ++ tmpout = out; ++ ++ bufsiz = 4096; ++ buf = OPENSSL_malloc (bufsiz); ++ if (buf == NULL) { ++ goto err; ++ } ++ ++ /* We now have to 'read' from p7bio to calculate digests etc. */ ++ for (;;) { ++ i = BIO_read(p7bio, buf, sizeof(buf)); ++ if (i <= 0) ++ break; ++ if (tmpout) ++ BIO_write(tmpout, buf, i); ++ } ++ ++ if (flags & PKCS7_TEXT) { ++ if (!SMIME_text(tmpout, out)) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR); ++ BIO_free(tmpout); ++ goto err; ++ } ++ BIO_free(tmpout); ++ } ++ ++ /* Now Verify All Signatures */ ++ if (!(flags & PKCS7_NOSIGS)) ++ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { ++ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); ++ signer = sk_X509_value(signers, i); ++ j = PKCS7_signatureVerify(p7bio, p7, si, signer); ++ if (j <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE); ++ goto err; ++ } ++ } ++ ++ ret = 1; ++ ++ err: ++ ++ if (tmpin == indata) { ++ if (indata) ++ BIO_pop(p7bio); ++ } ++ BIO_free_all(p7bio); ++ ++ sk_X509_free(signers); ++ ++ if (buf != NULL) { ++ OPENSSL_free (buf); ++ } ++ ++ return ret; + } + +-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) ++STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, ++ int flags) + { +- STACK_OF(X509) *signers; +- STACK_OF(PKCS7_SIGNER_INFO) *sinfos; +- PKCS7_SIGNER_INFO *si; +- PKCS7_ISSUER_AND_SERIAL *ias; +- X509 *signer; +- int i; +- +- if(!p7) { +- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER); +- return NULL; +- } +- +- if(!PKCS7_type_is_signed(p7)) { +- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); +- return NULL; +- } +- +- /* Collect all the signers together */ +- +- sinfos = PKCS7_get_signer_info(p7); +- +- if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { +- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS); +- return NULL; +- } +- +- if(!(signers = sk_X509_new_null())) { +- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) +- { +- si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); +- ias = si->issuer_and_serial; +- signer = NULL; +- /* If any certificates passed they take priority */ +- if (certs) signer = X509_find_by_issuer_and_serial (certs, +- ias->issuer, ias->serial); +- if (!signer && !(flags & PKCS7_NOINTERN) +- && p7->d.sign->cert) signer = +- X509_find_by_issuer_and_serial (p7->d.sign->cert, +- ias->issuer, ias->serial); +- if (!signer) { +- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); +- sk_X509_free(signers); +- return NULL; +- } +- +- if (!sk_X509_push(signers, signer)) { +- sk_X509_free(signers); +- return NULL; +- } +- } +- return signers; ++ STACK_OF(X509) *signers; ++ STACK_OF(PKCS7_SIGNER_INFO) *sinfos; ++ PKCS7_SIGNER_INFO *si; ++ PKCS7_ISSUER_AND_SERIAL *ias; ++ X509 *signer; ++ int i; ++ ++ if (!p7) { ++ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER); ++ return NULL; ++ } ++ ++ if (!PKCS7_type_is_signed(p7)) { ++ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE); ++ return NULL; ++ } ++ ++ /* Collect all the signers together */ ++ ++ sinfos = PKCS7_get_signer_info(p7); ++ ++ if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { ++ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS); ++ return NULL; ++ } ++ ++ if (!(signers = sk_X509_new_null())) { ++ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { ++ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); ++ ias = si->issuer_and_serial; ++ signer = NULL; ++ /* If any certificates passed they take priority */ ++ if (certs) ++ signer = X509_find_by_issuer_and_serial(certs, ++ ias->issuer, ias->serial); ++ if (!signer && !(flags & PKCS7_NOINTERN) ++ && p7->d.sign->cert) ++ signer = ++ X509_find_by_issuer_and_serial(p7->d.sign->cert, ++ ias->issuer, ias->serial); ++ if (!signer) { ++ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ++ PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); ++ sk_X509_free(signers); ++ return NULL; ++ } ++ ++ if (!sk_X509_push(signers, signer)) { ++ sk_X509_free(signers); ++ return NULL; ++ } ++ } ++ return signers; + } + +- + /* Build a complete PKCS#7 enveloped data */ + + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +- int flags) ++ int flags) + { +- PKCS7 *p7; +- BIO *p7bio = NULL; +- int i; +- X509 *x509; +- if(!(p7 = PKCS7_new())) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) +- goto err; +- if(!PKCS7_set_cipher(p7, cipher)) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); +- goto err; +- } +- +- for(i = 0; i < sk_X509_num(certs); i++) { +- x509 = sk_X509_value(certs, i); +- if(!PKCS7_add_recipient(p7, x509)) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT, +- PKCS7_R_ERROR_ADDING_RECIPIENT); +- goto err; +- } +- } +- +- if(!(p7bio = PKCS7_dataInit(p7, NULL))) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- SMIME_crlf_copy(in, p7bio, flags); +- +- (void)BIO_flush(p7bio); +- +- if (!PKCS7_dataFinal(p7,p7bio)) { +- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); +- goto err; +- } +- BIO_free_all(p7bio); +- +- return p7; +- +- err: +- +- BIO_free_all(p7bio); +- PKCS7_free(p7); +- return NULL; ++ PKCS7 *p7; ++ BIO *p7bio = NULL; ++ int i; ++ X509 *x509; ++ if (!(p7 = PKCS7_new())) { ++ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) ++ goto err; ++ if (!PKCS7_set_cipher(p7, cipher)) { ++ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER); ++ goto err; ++ } ++ ++ for (i = 0; i < sk_X509_num(certs); i++) { ++ x509 = sk_X509_value(certs, i); ++ if (!PKCS7_add_recipient(p7, x509)) { ++ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT); ++ goto err; ++ } ++ } ++ ++ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { ++ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ SMIME_crlf_copy(in, p7bio, flags); ++ ++ (void)BIO_flush(p7bio); ++ ++ if (!PKCS7_dataFinal(p7, p7bio)) { ++ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_PKCS7_DATAFINAL_ERROR); ++ goto err; ++ } ++ BIO_free_all(p7bio); ++ ++ return p7; ++ ++ err: ++ ++ BIO_free_all(p7bio); ++ PKCS7_free(p7); ++ return NULL; + + } + + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) + { +- BIO *tmpmem; +- int ret, i; +- char buf[4096]; +- +- if(!p7) { +- PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); +- return 0; +- } +- +- if(!PKCS7_type_is_enveloped(p7)) { +- PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); +- return 0; +- } +- +- if(cert && !X509_check_private_key(cert, pkey)) { +- PKCS7err(PKCS7_F_PKCS7_DECRYPT, +- PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); +- return 0; +- } +- +- if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { +- PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); +- return 0; +- } +- +- if (flags & PKCS7_TEXT) { +- BIO *tmpbuf, *bread; +- /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ +- if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { +- PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); +- BIO_free_all(tmpmem); +- return 0; +- } +- if(!(bread = BIO_push(tmpbuf, tmpmem))) { +- PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); +- BIO_free_all(tmpbuf); +- BIO_free_all(tmpmem); +- return 0; +- } +- ret = SMIME_text(bread, data); +- if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) +- { +- if (!BIO_get_cipher_status(tmpmem)) +- ret = 0; +- } +- BIO_free_all(bread); +- return ret; +- } else { +- for(;;) { +- i = BIO_read(tmpmem, buf, sizeof(buf)); +- if(i <= 0) +- { +- ret = 1; +- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) +- { +- if (!BIO_get_cipher_status(tmpmem)) +- ret = 0; +- } +- +- break; +- } +- if (BIO_write(data, buf, i) != i) +- { +- ret = 0; +- break; +- } +- } +- BIO_free_all(tmpmem); +- return ret; +- } ++ BIO *tmpmem; ++ int ret, i; ++ char buf[4096]; ++ ++ if (!p7) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); ++ return 0; ++ } ++ ++ if (!PKCS7_type_is_enveloped(p7)) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE); ++ return 0; ++ } ++ ++ if (cert && !X509_check_private_key(cert, pkey)) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ++ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); ++ return 0; ++ } ++ ++ if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); ++ return 0; ++ } ++ ++ if (flags & PKCS7_TEXT) { ++ BIO *tmpbuf, *bread; ++ /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ ++ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); ++ BIO_free_all(tmpmem); ++ return 0; ++ } ++ if (!(bread = BIO_push(tmpbuf, tmpmem))) { ++ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); ++ BIO_free_all(tmpbuf); ++ BIO_free_all(tmpmem); ++ return 0; ++ } ++ ret = SMIME_text(bread, data); ++ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { ++ if (!BIO_get_cipher_status(tmpmem)) ++ ret = 0; ++ } ++ BIO_free_all(bread); ++ return ret; ++ } else { ++ for (;;) { ++ i = BIO_read(tmpmem, buf, sizeof(buf)); ++ if (i <= 0) { ++ ret = 1; ++ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { ++ if (!BIO_get_cipher_status(tmpmem)) ++ ret = 0; ++ } ++ ++ break; ++ } ++ if (BIO_write(data, buf, i) != i) { ++ ret = 0; ++ break; ++ } ++ } ++ BIO_free_all(tmpmem); ++ return ret; ++ } + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +index c0e3d4c..7dc5e29 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,103 +66,115 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) + +-static ERR_STRING_DATA PKCS7_str_functs[]= +- { +-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, +-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, +-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, +-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, +-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, +-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, +-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, +-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, +-{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, +-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, +-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, +-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, +-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, +-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, +-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, +-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, +-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, +-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, +-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, +-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, +-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, +-{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA PKCS7_str_functs[] = { ++ {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), ++ "PKCS7_add_attrib_smimecap"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, ++ {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA PKCS7_str_reasons[]= +- { +-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, +-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"}, +-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"}, +-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"}, +-{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"}, +-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"}, +-{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"}, +-{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"}, +-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"}, +-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"}, +-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"}, +-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"}, +-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"}, +-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"}, +-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"}, +-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"}, +-{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"}, +-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"}, +-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"}, +-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"}, +-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"}, +-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"}, +-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"}, +-{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"}, +-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"}, +-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"}, +-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"}, +-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"}, +-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"}, +-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"}, +-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"}, +-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"}, +-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, +-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"}, +-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, +-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"}, +-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"}, +-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"}, +-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"}, +-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"}, +-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"}, +-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"}, +-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"}, +-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"}, +-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"}, +-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA PKCS7_str_reasons[] = { ++ {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), ++ "certificate verify error"}, ++ {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), ++ "cipher has no object identifier"}, ++ {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, ++ {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), ++ "content and data present"}, ++ {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, ++ {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), ++ "decrypted key is wrong length"}, ++ {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, ++ {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, ++ {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, ++ {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, ++ {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, ++ {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, ++ {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, ++ {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, ++ {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, ++ {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, ++ {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, ++ {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"}, ++ {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), ++ "no multipart body failure"}, ++ {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, ++ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), ++ "no recipient matches certificate"}, ++ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), ++ "no recipient matches key"}, ++ {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, ++ {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, ++ {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, ++ {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), ++ "operation not supported on this type"}, ++ {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), ++ "pkcs7 add signature error"}, ++ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"}, ++ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, ++ {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, ++ {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"}, ++ {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, ++ {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), ++ "private key does not match certificate"}, ++ {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, ++ {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), ++ "signer certificate not found"}, ++ {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, ++ {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, ++ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), ++ "unable to find certificate"}, ++ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"}, ++ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), ++ "unable to find message digest"}, ++ {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"}, ++ {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"}, ++ {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, ++ {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), ++ "unsupported content type"}, ++ {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"}, ++ {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_PKCS7_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,PKCS7_str_functs); +- ERR_load_strings(0,PKCS7_str_reasons); +- } ++ if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, PKCS7_str_functs); ++ ERR_load_strings(0, PKCS7_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c +index 8ebba8a..69cfefd 100644 +--- a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c ++++ b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c +@@ -1,7 +1,7 @@ + /* crypto/pqueue/pqueue.c */ +-/* ++/* + * DTLS implementation written by Nagendra Modadugu +- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ + /* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. +@@ -11,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,182 +61,164 @@ + #include + #include "pqueue.h" + +-typedef struct _pqueue +- { +- pitem *items; +- int count; +- } pqueue_s; +- +-pitem * +-pitem_new(PQ_64BIT priority, void *data) +- { +- pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem)); +- if (item == NULL) return NULL; +- +- pq_64bit_init(&(item->priority)); +- pq_64bit_assign(&item->priority, &priority); +- +- item->data = data; +- item->next = NULL; +- +- return item; +- } +- +-void +-pitem_free(pitem *item) +- { +- if (item == NULL) return; +- +- pq_64bit_free(&(item->priority)); +- OPENSSL_free(item); +- } +- +-pqueue_s * +-pqueue_new() +- { +- pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s)); +- if (pq == NULL) return NULL; +- +- memset(pq, 0x00, sizeof(pqueue_s)); +- return pq; +- } +- +-void +-pqueue_free(pqueue_s *pq) +- { +- if (pq == NULL) return; +- +- OPENSSL_free(pq); +- } +- +-pitem * +-pqueue_insert(pqueue_s *pq, pitem *item) +- { +- pitem *curr, *next; +- +- if (pq->items == NULL) +- { +- pq->items = item; +- return item; +- } +- +- for(curr = NULL, next = pq->items; +- next != NULL; +- curr = next, next = next->next) +- { +- if (pq_64bit_gt(&(next->priority), &(item->priority))) +- { +- item->next = next; +- +- if (curr == NULL) +- pq->items = item; +- else +- curr->next = item; +- +- return item; +- } +- /* duplicates not allowed */ +- if (pq_64bit_eq(&(item->priority), &(next->priority))) +- return NULL; +- } +- +- item->next = NULL; +- curr->next = item; +- +- return item; +- } +- +-pitem * +-pqueue_peek(pqueue_s *pq) +- { +- return pq->items; +- } +- +-pitem * +-pqueue_pop(pqueue_s *pq) +- { +- pitem *item = pq->items; +- +- if (pq->items != NULL) +- pq->items = pq->items->next; +- +- return item; +- } +- +-pitem * +-pqueue_find(pqueue_s *pq, PQ_64BIT priority) +- { +- pitem *next; +- pitem *found = NULL; +- +- if ( pq->items == NULL) +- return NULL; +- +- for ( next = pq->items; next->next != NULL; next = next->next) +- { +- if ( pq_64bit_eq(&(next->priority), &priority)) +- { +- found = next; +- break; +- } +- } +- +- /* check the one last node */ +- if ( pq_64bit_eq(&(next->priority), &priority)) +- found = next; +- +- if ( ! found) +- return NULL; +- +- return found; +- } ++typedef struct _pqueue { ++ pitem *items; ++ int count; ++} pqueue_s; ++ ++pitem *pitem_new(PQ_64BIT priority, void *data) ++{ ++ pitem *item = (pitem *)OPENSSL_malloc(sizeof(pitem)); ++ if (item == NULL) ++ return NULL; ++ ++ pq_64bit_init(&(item->priority)); ++ pq_64bit_assign(&item->priority, &priority); ++ ++ item->data = data; ++ item->next = NULL; ++ ++ return item; ++} ++ ++void pitem_free(pitem *item) ++{ ++ if (item == NULL) ++ return; ++ ++ pq_64bit_free(&(item->priority)); ++ OPENSSL_free(item); ++} ++ ++pqueue_s *pqueue_new() ++{ ++ pqueue_s *pq = (pqueue_s *)OPENSSL_malloc(sizeof(pqueue_s)); ++ if (pq == NULL) ++ return NULL; ++ ++ memset(pq, 0x00, sizeof(pqueue_s)); ++ return pq; ++} ++ ++void pqueue_free(pqueue_s *pq) ++{ ++ if (pq == NULL) ++ return; ++ ++ OPENSSL_free(pq); ++} ++ ++pitem *pqueue_insert(pqueue_s *pq, pitem *item) ++{ ++ pitem *curr, *next; ++ ++ if (pq->items == NULL) { ++ pq->items = item; ++ return item; ++ } ++ ++ for (curr = NULL, next = pq->items; ++ next != NULL; curr = next, next = next->next) { ++ if (pq_64bit_gt(&(next->priority), &(item->priority))) { ++ item->next = next; ++ ++ if (curr == NULL) ++ pq->items = item; ++ else ++ curr->next = item; ++ ++ return item; ++ } ++ /* duplicates not allowed */ ++ if (pq_64bit_eq(&(item->priority), &(next->priority))) ++ return NULL; ++ } ++ ++ item->next = NULL; ++ curr->next = item; ++ ++ return item; ++} ++ ++pitem *pqueue_peek(pqueue_s *pq) ++{ ++ return pq->items; ++} ++ ++pitem *pqueue_pop(pqueue_s *pq) ++{ ++ pitem *item = pq->items; ++ ++ if (pq->items != NULL) ++ pq->items = pq->items->next; ++ ++ return item; ++} ++ ++pitem *pqueue_find(pqueue_s *pq, PQ_64BIT priority) ++{ ++ pitem *next; ++ pitem *found = NULL; ++ ++ if (pq->items == NULL) ++ return NULL; ++ ++ for (next = pq->items; next->next != NULL; next = next->next) { ++ if (pq_64bit_eq(&(next->priority), &priority)) { ++ found = next; ++ break; ++ } ++ } ++ ++ /* check the one last node */ ++ if (pq_64bit_eq(&(next->priority), &priority)) ++ found = next; ++ ++ if (!found) ++ return NULL; ++ ++ return found; ++} + + #if PQ_64BIT_IS_INTEGER +-void +-pqueue_print(pqueue_s *pq) +- { +- pitem *item = pq->items; +- +- while(item != NULL) +- { +- printf("item\t" PQ_64BIT_PRINT "\n", item->priority); +- item = item->next; +- } +- } +-#endif ++void pqueue_print(pqueue_s *pq) ++{ ++ pitem *item = pq->items; + +-pitem * +-pqueue_iterator(pqueue_s *pq) +- { +- return pqueue_peek(pq); +- } ++ while (item != NULL) { ++ printf("item\t" PQ_64BIT_PRINT "\n", item->priority); ++ item = item->next; ++ } ++} ++#endif + +-pitem * +-pqueue_next(pitem **item) +- { +- pitem *ret; ++pitem *pqueue_iterator(pqueue_s *pq) ++{ ++ return pqueue_peek(pq); ++} + +- if ( item == NULL || *item == NULL) +- return NULL; ++pitem *pqueue_next(pitem **item) ++{ ++ pitem *ret; + ++ if (item == NULL || *item == NULL) ++ return NULL; + +- /* *item != NULL */ +- ret = *item; +- *item = (*item)->next; ++ /* *item != NULL */ ++ ret = *item; ++ *item = (*item)->next; + +- return ret; +- } ++ return ret; ++} + +-int +-pqueue_size(pqueue_s *pq) ++int pqueue_size(pqueue_s *pq) + { +- pitem *item = pq->items; +- int count = 0; +- +- while(item != NULL) +- { +- count++; +- item = item->next; +- } +- return count; ++ pitem *item = pq->items; ++ int count = 0; ++ ++ while (item != NULL) { ++ count++; ++ item = item->next; ++ } ++ return count; + } +diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +index 0f8dd3e..6445c1b 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c ++++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -111,7 +111,7 @@ + + #ifdef MD_RAND_DEBUG + # ifndef NDEBUG +-# define NDEBUG ++# define NDEBUG + # endif + #endif + +@@ -127,36 +127,36 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +- + #ifdef BN_DEBUG + # define PREDICT + #endif + +-/* #define PREDICT 1 */ ++/* #define PREDICT 1 */ + +-#define STATE_SIZE 1023 +-static int state_num=0,state_index=0; +-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; ++#define STATE_SIZE 1023 ++static int state_num = 0, state_index = 0; ++static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH]; + static unsigned char md[MD_DIGEST_LENGTH]; +-static long md_count[2]={0,0}; +-static double entropy=0; +-static int initialized=0; ++static long md_count[2] = { 0, 0 }; ++ ++static double entropy = 0; ++static int initialized = 0; + + static unsigned int crypto_lock_rand = 0; /* may be set only when a thread +- * holds CRYPTO_LOCK_RAND +- * (to prevent double locking) */ ++ * holds CRYPTO_LOCK_RAND (to ++ * prevent double locking) */ + /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ +-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ +- ++/* valid iff crypto_lock_rand is set */ ++static unsigned long locking_thread = 0; + + #ifdef PREDICT +-int rand_predictable=0; ++int rand_predictable = 0; + #endif + +-const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; ++const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; + + static void ssleay_rand_cleanup(void); + static void ssleay_rand_seed(const void *buf, int num); +@@ -165,420 +165,411 @@ static int ssleay_rand_bytes(unsigned char *buf, int num); + static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); + static int ssleay_rand_status(void); + +-RAND_METHOD rand_ssleay_meth={ +- ssleay_rand_seed, +- ssleay_rand_bytes, +- ssleay_rand_cleanup, +- ssleay_rand_add, +- ssleay_rand_pseudo_bytes, +- ssleay_rand_status +- }; ++RAND_METHOD rand_ssleay_meth = { ++ ssleay_rand_seed, ++ ssleay_rand_bytes, ++ ssleay_rand_cleanup, ++ ssleay_rand_add, ++ ssleay_rand_pseudo_bytes, ++ ssleay_rand_status ++}; + + RAND_METHOD *RAND_SSLeay(void) +- { +- return(&rand_ssleay_meth); +- } ++{ ++ return (&rand_ssleay_meth); ++} + + static void ssleay_rand_cleanup(void) +- { +- OPENSSL_cleanse(state,sizeof(state)); +- state_num=0; +- state_index=0; +- OPENSSL_cleanse(md,MD_DIGEST_LENGTH); +- md_count[0]=0; +- md_count[1]=0; +- entropy=0; +- initialized=0; +- } ++{ ++ OPENSSL_cleanse(state, sizeof(state)); ++ state_num = 0; ++ state_index = 0; ++ OPENSSL_cleanse(md, MD_DIGEST_LENGTH); ++ md_count[0] = 0; ++ md_count[1] = 0; ++ entropy = 0; ++ initialized = 0; ++} + + static void ssleay_rand_add(const void *buf, int num, double add) +- { +- int i,j,k,st_idx; +- long md_c[2]; +- unsigned char local_md[MD_DIGEST_LENGTH]; +- EVP_MD_CTX m; +- int do_not_lock; +- +- /* +- * (Based on the rand(3) manpage) +- * +- * The input is chopped up into units of 20 bytes (or less for +- * the last block). Each of these blocks is run through the hash +- * function as follows: The data passed to the hash function +- * is the current 'md', the same number of bytes from the 'state' +- * (the location determined by in incremented looping index) as +- * the current 'block', the new key data 'block', and 'count' +- * (which is incremented after each use). +- * The result of this is kept in 'md' and also xored into the +- * 'state' at the same locations that were used as input into the +- * hash function. +- */ +- +- /* check if we already have the lock */ +- if (crypto_lock_rand) +- { +- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); +- do_not_lock = (locking_thread == CRYPTO_thread_id()); +- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); +- } +- else +- do_not_lock = 0; +- +- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); +- st_idx=state_index; +- +- /* use our own copies of the counters so that even +- * if a concurrent thread seeds with exactly the +- * same data and uses the same subarray there's _some_ +- * difference */ +- md_c[0] = md_count[0]; +- md_c[1] = md_count[1]; +- +- memcpy(local_md, md, sizeof md); +- +- /* state_index <= state_num <= STATE_SIZE */ +- state_index += num; +- if (state_index >= STATE_SIZE) +- { +- state_index%=STATE_SIZE; +- state_num=STATE_SIZE; +- } +- else if (state_num < STATE_SIZE) +- { +- if (state_index > state_num) +- state_num=state_index; +- } +- /* state_index <= state_num <= STATE_SIZE */ +- +- /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] +- * are what we will use now, but other threads may use them +- * as well */ +- +- md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); +- +- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +- +- EVP_MD_CTX_init(&m); +- for (i=0; i MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; +- +- MD_Init(&m); +- MD_Update(&m,local_md,MD_DIGEST_LENGTH); +- k=(st_idx+j)-STATE_SIZE; +- if (k > 0) +- { +- MD_Update(&m,&(state[st_idx]),j-k); +- MD_Update(&m,&(state[0]),k); +- } +- else +- MD_Update(&m,&(state[st_idx]),j); +- +- MD_Update(&m,buf,j); +- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); +- MD_Final(&m,local_md); +- md_c[1]++; +- +- buf=(const char *)buf + j; +- +- for (k=0; k= STATE_SIZE) +- st_idx=0; +- } +- } +- EVP_MD_CTX_cleanup(&m); +- +- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); +- /* Don't just copy back local_md into md -- this could mean that +- * other thread's seeding remains without effect (except for +- * the incremented counter). By XORing it we keep at least as +- * much entropy as fits into md. */ +- for (k = 0; k < (int)sizeof(md); k++) +- { +- md[k] ^= local_md[k]; +- } +- if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ +- entropy += add; +- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +- ++{ ++ int i, j, k, st_idx; ++ long md_c[2]; ++ unsigned char local_md[MD_DIGEST_LENGTH]; ++ EVP_MD_CTX m; ++ int do_not_lock; ++ ++ /* ++ * (Based on the rand(3) manpage) ++ * ++ * The input is chopped up into units of 20 bytes (or less for ++ * the last block). Each of these blocks is run through the hash ++ * function as follows: The data passed to the hash function ++ * is the current 'md', the same number of bytes from the 'state' ++ * (the location determined by in incremented looping index) as ++ * the current 'block', the new key data 'block', and 'count' ++ * (which is incremented after each use). ++ * The result of this is kept in 'md' and also xored into the ++ * 'state' at the same locations that were used as input into the ++ * hash function. ++ */ ++ ++ /* check if we already have the lock */ ++ if (crypto_lock_rand) { ++ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); ++ do_not_lock = (locking_thread == CRYPTO_thread_id()); ++ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); ++ } else ++ do_not_lock = 0; ++ ++ if (!do_not_lock) ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ st_idx = state_index; ++ ++ /* ++ * use our own copies of the counters so that even if a concurrent thread ++ * seeds with exactly the same data and uses the same subarray there's ++ * _some_ difference ++ */ ++ md_c[0] = md_count[0]; ++ md_c[1] = md_count[1]; ++ ++ memcpy(local_md, md, sizeof md); ++ ++ /* state_index <= state_num <= STATE_SIZE */ ++ state_index += num; ++ if (state_index >= STATE_SIZE) { ++ state_index %= STATE_SIZE; ++ state_num = STATE_SIZE; ++ } else if (state_num < STATE_SIZE) { ++ if (state_index > state_num) ++ state_num = state_index; ++ } ++ /* state_index <= state_num <= STATE_SIZE */ ++ ++ /* ++ * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we ++ * will use now, but other threads may use them as well ++ */ ++ ++ md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); ++ ++ if (!do_not_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ ++ EVP_MD_CTX_init(&m); ++ for (i = 0; i < num; i += MD_DIGEST_LENGTH) { ++ j = (num - i); ++ j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; ++ ++ MD_Init(&m); ++ MD_Update(&m, local_md, MD_DIGEST_LENGTH); ++ k = (st_idx + j) - STATE_SIZE; ++ if (k > 0) { ++ MD_Update(&m, &(state[st_idx]), j - k); ++ MD_Update(&m, &(state[0]), k); ++ } else ++ MD_Update(&m, &(state[st_idx]), j); ++ ++ MD_Update(&m, buf, j); ++ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); ++ MD_Final(&m, local_md); ++ md_c[1]++; ++ ++ buf = (const char *)buf + j; ++ ++ for (k = 0; k < j; k++) { ++ /* ++ * Parallel threads may interfere with this, but always each byte ++ * of the new state is the XOR of some previous value of its and ++ * local_md (itermediate values may be lost). Alway using locking ++ * could hurt performance more than necessary given that ++ * conflicts occur only when the total seeding is longer than the ++ * random state. ++ */ ++ state[st_idx++] ^= local_md[k]; ++ if (st_idx >= STATE_SIZE) ++ st_idx = 0; ++ } ++ } ++ EVP_MD_CTX_cleanup(&m); ++ ++ if (!do_not_lock) ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ /* ++ * Don't just copy back local_md into md -- this could mean that other ++ * thread's seeding remains without effect (except for the incremented ++ * counter). By XORing it we keep at least as much entropy as fits into ++ * md. ++ */ ++ for (k = 0; k < (int)sizeof(md); k++) { ++ md[k] ^= local_md[k]; ++ } ++ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ ++ entropy += add; ++ if (!do_not_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ + #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) +- assert(md_c[1] == md_count[1]); ++ assert(md_c[1] == md_count[1]); + #endif +- } ++} + + static void ssleay_rand_seed(const void *buf, int num) +- { +- ssleay_rand_add(buf, num, (double)num); +- } ++{ ++ ssleay_rand_add(buf, num, (double)num); ++} + + static int ssleay_rand_bytes(unsigned char *buf, int num) +- { +- static volatile int stirred_pool = 0; +- int i,j,k,st_num,st_idx; +- int num_ceil; +- int ok; +- long md_c[2]; +- unsigned char local_md[MD_DIGEST_LENGTH]; +- EVP_MD_CTX m; ++{ ++ static volatile int stirred_pool = 0; ++ int i, j, k, st_num, st_idx; ++ int num_ceil; ++ int ok; ++ long md_c[2]; ++ unsigned char local_md[MD_DIGEST_LENGTH]; ++ EVP_MD_CTX m; + #ifndef GETPID_IS_MEANINGLESS +- pid_t curr_pid = getpid(); ++ pid_t curr_pid = getpid(); + #endif +- int do_stir_pool = 0; ++ int do_stir_pool = 0; + + #ifdef OPENSSL_FIPS +- if(FIPS_mode()) +- { +- FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); +- return 0; +- } ++ if (FIPS_mode()) { ++ FIPSerr(FIPS_F_SSLEAY_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); ++ return 0; ++ } + #endif + + #ifdef PREDICT +- if (rand_predictable) +- { +- static unsigned char val=0; +- +- for (i=0; i= ENTROPY_NEEDED); +- if (!ok) +- { +- /* If the PRNG state is not yet unpredictable, then seeing +- * the PRNG output may help attackers to determine the new +- * state; thus we have to decrease the entropy estimate. +- * Once we've had enough initial seeding we don't bother to +- * adjust the entropy count, though, because we're not ambitious +- * to provide *information-theoretic* randomness. +- * +- * NOTE: This approach fails if the program forks before +- * we have enough entropy. Entropy should be collected +- * in a separate input pool and be transferred to the +- * output pool only when the entropy limit has been reached. +- */ +- entropy -= num; +- if (entropy < 0) +- entropy = 0; +- } +- +- if (do_stir_pool) +- { +- /* In the output function only half of 'md' remains secret, +- * so we better make sure that the required entropy gets +- * 'evenly distributed' through 'state', our randomness pool. +- * The input function (ssleay_rand_add) chains all of 'md', +- * which makes it more suitable for this purpose. +- */ +- +- int n = STATE_SIZE; /* so that the complete pool gets accessed */ +- while (n > 0) +- { ++ if (num <= 0) ++ return 1; ++ ++ EVP_MD_CTX_init(&m); ++ /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ ++ num_ceil = ++ (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); ++ ++ /* ++ * (Based on the rand(3) manpage:) ++ * ++ * For each group of 10 bytes (or less), we do the following: ++ * ++ * Input into the hash function the local 'md' (which is initialized from ++ * the global 'md' before any bytes are generated), the bytes that are to ++ * be overwritten by the random bytes, and bytes from the 'state' ++ * (incrementing looping index). From this digest output (which is kept ++ * in 'md'), the top (up to) 10 bytes are returned to the caller and the ++ * bottom 10 bytes are xored into the 'state'. ++ * ++ * Finally, after we have finished 'num' random bytes for the ++ * caller, 'count' (which is incremented) and the local and global 'md' ++ * are fed into the hash function and the results are kept in the ++ * global 'md'. ++ */ ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ ++ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); ++ locking_thread = CRYPTO_thread_id(); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); ++ crypto_lock_rand = 1; ++ ++ if (!initialized) { ++ RAND_poll(); ++ initialized = 1; ++ } ++ ++ if (!stirred_pool) ++ do_stir_pool = 1; ++ ++ ok = (entropy >= ENTROPY_NEEDED); ++ if (!ok) { ++ /* ++ * If the PRNG state is not yet unpredictable, then seeing the PRNG ++ * output may help attackers to determine the new state; thus we have ++ * to decrease the entropy estimate. Once we've had enough initial ++ * seeding we don't bother to adjust the entropy count, though, ++ * because we're not ambitious to provide *information-theoretic* ++ * randomness. NOTE: This approach fails if the program forks before ++ * we have enough entropy. Entropy should be collected in a separate ++ * input pool and be transferred to the output pool only when the ++ * entropy limit has been reached. ++ */ ++ entropy -= num; ++ if (entropy < 0) ++ entropy = 0; ++ } ++ ++ if (do_stir_pool) { ++ /* ++ * In the output function only half of 'md' remains secret, so we ++ * better make sure that the required entropy gets 'evenly ++ * distributed' through 'state', our randomness pool. The input ++ * function (ssleay_rand_add) chains all of 'md', which makes it more ++ * suitable for this purpose. ++ */ ++ ++ int n = STATE_SIZE; /* so that the complete pool gets accessed */ ++ while (n > 0) { + #if MD_DIGEST_LENGTH > 20 + # error "Please adjust DUMMY_SEED." + #endif + #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ +- /* Note that the seed does not matter, it's just that +- * ssleay_rand_add expects to have something to hash. */ +- ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); +- n -= MD_DIGEST_LENGTH; +- } +- if (ok) +- stirred_pool = 1; +- } +- +- st_idx=state_index; +- st_num=state_num; +- md_c[0] = md_count[0]; +- md_c[1] = md_count[1]; +- memcpy(local_md, md, sizeof md); +- +- state_index+=num_ceil; +- if (state_index > state_num) +- state_index %= state_num; +- +- /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] +- * are now ours (but other threads may use them too) */ +- +- md_count[0] += 1; +- +- /* before unlocking, we must clear 'crypto_lock_rand' */ +- crypto_lock_rand = 0; +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +- +- while (num > 0) +- { +- /* num_ceil -= MD_DIGEST_LENGTH/2 */ +- j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; +- num-=j; +- MD_Init(&m); ++ /* ++ * Note that the seed does not matter, it's just that ++ * ssleay_rand_add expects to have something to hash. ++ */ ++ ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); ++ n -= MD_DIGEST_LENGTH; ++ } ++ if (ok) ++ stirred_pool = 1; ++ } ++ ++ st_idx = state_index; ++ st_num = state_num; ++ md_c[0] = md_count[0]; ++ md_c[1] = md_count[1]; ++ memcpy(local_md, md, sizeof md); ++ ++ state_index += num_ceil; ++ if (state_index > state_num) ++ state_index %= state_num; ++ ++ /* ++ * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now ++ * ours (but other threads may use them too) ++ */ ++ ++ md_count[0] += 1; ++ ++ /* before unlocking, we must clear 'crypto_lock_rand' */ ++ crypto_lock_rand = 0; ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ ++ while (num > 0) { ++ /* num_ceil -= MD_DIGEST_LENGTH/2 */ ++ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; ++ num -= j; ++ MD_Init(&m); + #ifndef GETPID_IS_MEANINGLESS +- if (curr_pid) /* just in the first iteration to save time */ +- { +- MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid); +- curr_pid = 0; +- } ++ if (curr_pid) { /* just in the first iteration to save time */ ++ MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); ++ curr_pid = 0; ++ } + #endif +- MD_Update(&m,local_md,MD_DIGEST_LENGTH); +- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); ++ MD_Update(&m, local_md, MD_DIGEST_LENGTH); ++ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + #ifndef PURIFY +- MD_Update(&m,buf,j); /* purify complains */ ++ MD_Update(&m, buf, j); /* purify complains */ + #endif +- k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; +- if (k > 0) +- { +- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); +- MD_Update(&m,&(state[0]),k); +- } +- else +- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); +- MD_Final(&m,local_md); +- +- for (i=0; i= st_num) +- st_idx=0; +- if (i < j) +- *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; +- } +- } +- +- MD_Init(&m); +- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); +- MD_Update(&m,local_md,MD_DIGEST_LENGTH); +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); +- MD_Update(&m,md,MD_DIGEST_LENGTH); +- MD_Final(&m,md); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +- +- EVP_MD_CTX_cleanup(&m); +- if (ok) +- return(1); +- else +- { +- RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); +- ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " +- "http://www.openssl.org/support/faq.html"); +- return(0); +- } +- } +- +-/* pseudo-random bytes that are guaranteed to be unique but not +- unpredictable */ +-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) +- { +- int ret; +- unsigned long err; +- +- ret = RAND_bytes(buf, num); +- if (ret == 0) +- { +- err = ERR_peek_error(); +- if (ERR_GET_LIB(err) == ERR_LIB_RAND && +- ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) +- ERR_clear_error(); +- } +- return (ret); +- } ++ k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; ++ if (k > 0) { ++ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); ++ MD_Update(&m, &(state[0]), k); ++ } else ++ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); ++ MD_Final(&m, local_md); ++ ++ for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { ++ /* may compete with other threads */ ++ state[st_idx++] ^= local_md[i]; ++ if (st_idx >= st_num) ++ st_idx = 0; ++ if (i < j) ++ *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2]; ++ } ++ } ++ ++ MD_Init(&m); ++ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); ++ MD_Update(&m, local_md, MD_DIGEST_LENGTH); ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ MD_Update(&m, md, MD_DIGEST_LENGTH); ++ MD_Final(&m, md); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ ++ EVP_MD_CTX_cleanup(&m); ++ if (ok) ++ return (1); ++ else { ++ RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); ++ ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " ++ "http://www.openssl.org/support/faq.html"); ++ return (0); ++ } ++} ++ ++/* ++ * pseudo-random bytes that are guaranteed to be unique but not unpredictable ++ */ ++static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) ++{ ++ int ret; ++ unsigned long err; ++ ++ ret = RAND_bytes(buf, num); ++ if (ret == 0) { ++ err = ERR_peek_error(); ++ if (ERR_GET_LIB(err) == ERR_LIB_RAND && ++ ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) ++ ERR_clear_error(); ++ } ++ return (ret); ++} + + static int ssleay_rand_status(void) +- { +- int ret; +- int do_not_lock; +- +- /* check if we already have the lock +- * (could happen if a RAND_poll() implementation calls RAND_status()) */ +- if (crypto_lock_rand) +- { +- CRYPTO_r_lock(CRYPTO_LOCK_RAND2); +- do_not_lock = (locking_thread == CRYPTO_thread_id()); +- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); +- } +- else +- do_not_lock = 0; +- +- if (!do_not_lock) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_RAND); +- +- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ +- CRYPTO_w_lock(CRYPTO_LOCK_RAND2); +- locking_thread = CRYPTO_thread_id(); +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); +- crypto_lock_rand = 1; +- } +- +- if (!initialized) +- { +- RAND_poll(); +- initialized = 1; +- } +- +- ret = entropy >= ENTROPY_NEEDED; +- +- if (!do_not_lock) +- { +- /* before unlocking, we must clear 'crypto_lock_rand' */ +- crypto_lock_rand = 0; +- +- CRYPTO_w_unlock(CRYPTO_LOCK_RAND); +- } +- +- return ret; +- } ++{ ++ int ret; ++ int do_not_lock; ++ ++ /* ++ * check if we already have the lock (could happen if a RAND_poll() ++ * implementation calls RAND_status()) ++ */ ++ if (crypto_lock_rand) { ++ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); ++ do_not_lock = (locking_thread == CRYPTO_thread_id()); ++ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); ++ } else ++ do_not_lock = 0; ++ ++ if (!do_not_lock) { ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ ++ /* ++ * prevent ssleay_rand_bytes() from trying to obtain the lock again ++ */ ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); ++ locking_thread = CRYPTO_thread_id(); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); ++ crypto_lock_rand = 1; ++ } ++ ++ if (!initialized) { ++ RAND_poll(); ++ initialized = 1; ++ } ++ ++ ret = entropy >= ENTROPY_NEEDED; ++ ++ if (!do_not_lock) { ++ /* before unlocking, we must clear 'crypto_lock_rand' */ ++ crypto_lock_rand = 0; ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ } ++ ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c +index 813a69e..c0a9618 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c +@@ -8,7 +8,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,7 +58,7 @@ + #include + #include + +-/* ++/*- + * Query the EGD . + * + * This module supplies three routines: +@@ -97,207 +97,195 @@ + + #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +- { +- return(-1); +- } ++{ ++ return (-1); ++} ++ + int RAND_egd(const char *path) +- { +- return(-1); +- } ++{ ++ return (-1); ++} + +-int RAND_egd_bytes(const char *path,int bytes) +- { +- return(-1); +- } ++int RAND_egd_bytes(const char *path, int bytes) ++{ ++ return (-1); ++} + #else +-#include +-#include OPENSSL_UNISTD +-#include +-#include +-#ifndef NO_SYS_UN_H +-# ifdef OPENSSL_SYS_VXWORKS ++# include ++# include OPENSSL_UNISTD ++# include ++# include ++# ifndef NO_SYS_UN_H ++# ifdef OPENSSL_SYS_VXWORKS + # include +-# else ++# else + # include +-# endif +-#else +-struct sockaddr_un { +- short sun_family; /* AF_UNIX */ +- char sun_path[108]; /* path name (gag) */ ++# endif ++# else ++struct sockaddr_un { ++ short sun_family; /* AF_UNIX */ ++ char sun_path[108]; /* path name (gag) */ + }; +-#endif /* NO_SYS_UN_H */ +-#include +-#include ++# endif /* NO_SYS_UN_H */ ++# include ++# include + +-#ifndef offsetof ++# ifndef offsetof + # define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) +-#endif ++# endif + + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +- { +- int ret = 0; +- struct sockaddr_un addr; +- int len, num, numbytes; +- int fd = -1; +- int success; +- unsigned char egdbuf[2], tempbuf[255], *retrievebuf; ++{ ++ int ret = 0; ++ struct sockaddr_un addr; ++ int len, num, numbytes; ++ int fd = -1; ++ int success; ++ unsigned char egdbuf[2], tempbuf[255], *retrievebuf; + +- memset(&addr, 0, sizeof(addr)); +- addr.sun_family = AF_UNIX; +- if (strlen(path) >= sizeof(addr.sun_path)) +- return (-1); +- BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path); +- len = offsetof(struct sockaddr_un, sun_path) + strlen(path); +- fd = socket(AF_UNIX, SOCK_STREAM, 0); +- if (fd == -1) return (-1); +- success = 0; +- while (!success) +- { +- if (connect(fd, (struct sockaddr *)&addr, len) == 0) +- success = 1; +- else +- { +- switch (errno) +- { +-#ifdef EINTR +- case EINTR: +-#endif +-#ifdef EAGAIN +- case EAGAIN: +-#endif +-#ifdef EINPROGRESS +- case EINPROGRESS: +-#endif +-#ifdef EALREADY +- case EALREADY: +-#endif +- /* No error, try again */ +- break; +-#ifdef EISCONN +- case EISCONN: +- success = 1; +- break; +-#endif +- default: +- goto err; /* failure */ +- } +- } +- } ++ memset(&addr, 0, sizeof(addr)); ++ addr.sun_family = AF_UNIX; ++ if (strlen(path) >= sizeof(addr.sun_path)) ++ return (-1); ++ BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path); ++ len = offsetof(struct sockaddr_un, sun_path) + strlen(path); ++ fd = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (fd == -1) ++ return (-1); ++ success = 0; ++ while (!success) { ++ if (connect(fd, (struct sockaddr *)&addr, len) == 0) ++ success = 1; ++ else { ++ switch (errno) { ++# ifdef EINTR ++ case EINTR: ++# endif ++# ifdef EAGAIN ++ case EAGAIN: ++# endif ++# ifdef EINPROGRESS ++ case EINPROGRESS: ++# endif ++# ifdef EALREADY ++ case EALREADY: ++# endif ++ /* No error, try again */ ++ break; ++# ifdef EISCONN ++ case EISCONN: ++ success = 1; ++ break; ++# endif ++ default: ++ goto err; /* failure */ ++ } ++ } ++ } + +- while(bytes > 0) +- { +- egdbuf[0] = 1; +- egdbuf[1] = bytes < 255 ? bytes : 255; +- numbytes = 0; +- while (numbytes != 2) +- { +- num = write(fd, egdbuf + numbytes, 2 - numbytes); +- if (num >= 0) +- numbytes += num; +- else +- { +- switch (errno) +- { +-#ifdef EINTR +- case EINTR: +-#endif +-#ifdef EAGAIN +- case EAGAIN: +-#endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- numbytes = 0; +- while (numbytes != 1) +- { +- num = read(fd, egdbuf, 1); +- if (num == 0) +- goto err; /* descriptor closed */ +- else if (num > 0) +- numbytes += num; +- else +- { +- switch (errno) +- { +-#ifdef EINTR +- case EINTR: +-#endif +-#ifdef EAGAIN +- case EAGAIN: +-#endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- if(egdbuf[0] == 0) +- goto err; +- if (buf) +- retrievebuf = buf + ret; +- else +- retrievebuf = tempbuf; +- numbytes = 0; +- while (numbytes != egdbuf[0]) +- { +- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); +- if (num == 0) +- goto err; /* descriptor closed */ +- else if (num > 0) +- numbytes += num; +- else +- { +- switch (errno) +- { +-#ifdef EINTR +- case EINTR: +-#endif +-#ifdef EAGAIN +- case EAGAIN: +-#endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- ret += egdbuf[0]; +- bytes -= egdbuf[0]; +- if (!buf) +- RAND_seed(tempbuf, egdbuf[0]); +- } ++ while (bytes > 0) { ++ egdbuf[0] = 1; ++ egdbuf[1] = bytes < 255 ? bytes : 255; ++ numbytes = 0; ++ while (numbytes != 2) { ++ num = write(fd, egdbuf + numbytes, 2 - numbytes); ++ if (num >= 0) ++ numbytes += num; ++ else { ++ switch (errno) { ++# ifdef EINTR ++ case EINTR: ++# endif ++# ifdef EAGAIN ++ case EAGAIN: ++# endif ++ /* No error, try again */ ++ break; ++ default: ++ ret = -1; ++ goto err; /* failure */ ++ } ++ } ++ } ++ numbytes = 0; ++ while (numbytes != 1) { ++ num = read(fd, egdbuf, 1); ++ if (num == 0) ++ goto err; /* descriptor closed */ ++ else if (num > 0) ++ numbytes += num; ++ else { ++ switch (errno) { ++# ifdef EINTR ++ case EINTR: ++# endif ++# ifdef EAGAIN ++ case EAGAIN: ++# endif ++ /* No error, try again */ ++ break; ++ default: ++ ret = -1; ++ goto err; /* failure */ ++ } ++ } ++ } ++ if (egdbuf[0] == 0) ++ goto err; ++ if (buf) ++ retrievebuf = buf + ret; ++ else ++ retrievebuf = tempbuf; ++ numbytes = 0; ++ while (numbytes != egdbuf[0]) { ++ num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); ++ if (num == 0) ++ goto err; /* descriptor closed */ ++ else if (num > 0) ++ numbytes += num; ++ else { ++ switch (errno) { ++# ifdef EINTR ++ case EINTR: ++# endif ++# ifdef EAGAIN ++ case EAGAIN: ++# endif ++ /* No error, try again */ ++ break; ++ default: ++ ret = -1; ++ goto err; /* failure */ ++ } ++ } ++ } ++ ret += egdbuf[0]; ++ bytes -= egdbuf[0]; ++ if (!buf) ++ RAND_seed(tempbuf, egdbuf[0]); ++ } + err: +- if (fd != -1) close(fd); +- return(ret); +- } +- ++ if (fd != -1) ++ close(fd); ++ return (ret); ++} + + int RAND_egd_bytes(const char *path, int bytes) +- { +- int num, ret = 0; ++{ ++ int num, ret = 0; + +- num = RAND_query_egd_bytes(path, NULL, bytes); +- if (num < 1) goto err; +- if (RAND_status() == 1) +- ret = num; ++ num = RAND_query_egd_bytes(path, NULL, bytes); ++ if (num < 1) ++ goto err; ++ if (RAND_status() == 1) ++ ret = num; + err: +- return(ret); +- } +- ++ return (ret); ++} + + int RAND_egd(const char *path) +- { +- return (RAND_egd_bytes(path, 255)); +- } +- ++{ ++ return (RAND_egd_bytes(path, 255)); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c +index 1669cef..c7fe2f0 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,91 +62,84 @@ + #include "rand_lcl.h" + #include + #ifdef OPENSSL_FIPS +-#include +-#include ++# include ++# include + #endif + + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + + #if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE) + + /* non-NULL if default_RAND_meth is ENGINE-provided */ +-static ENGINE *funct_ref =NULL; ++static ENGINE *funct_ref = NULL; + +-int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth) +- { +- if(funct_ref) +- { +- ENGINE_finish(funct_ref); +- funct_ref = NULL; +- } +- *pmeth = meth; +- return 1; +- } ++int eng_RAND_set_rand_method(const RAND_METHOD *meth, ++ const RAND_METHOD **pmeth) ++{ ++ if (funct_ref) { ++ ENGINE_finish(funct_ref); ++ funct_ref = NULL; ++ } ++ *pmeth = meth; ++ return 1; ++} + + const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth) +- { +- if (!*pmeth) +- { +- ENGINE *e = ENGINE_get_default_RAND(); +- if(e) +- { +- *pmeth = ENGINE_get_RAND(e); +- if(!*pmeth) +- { +- ENGINE_finish(e); +- e = NULL; +- } +- } +- if(e) +- funct_ref = e; +- else +- if(FIPS_mode()) +- *pmeth=FIPS_rand_method(); +- else +- *pmeth = RAND_SSLeay(); +- } ++{ ++ if (!*pmeth) { ++ ENGINE *e = ENGINE_get_default_RAND(); ++ if (e) { ++ *pmeth = ENGINE_get_RAND(e); ++ if (!*pmeth) { ++ ENGINE_finish(e); ++ e = NULL; ++ } ++ } ++ if (e) ++ funct_ref = e; ++ else if (FIPS_mode()) ++ *pmeth = FIPS_rand_method(); ++ else ++ *pmeth = RAND_SSLeay(); ++ } + +- if(FIPS_mode() +- && *pmeth != FIPS_rand_check()) +- { +- RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); +- return 0; +- } ++ if (FIPS_mode() ++ && *pmeth != FIPS_rand_check()) { ++ RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD); ++ return 0; ++ } + +- return *pmeth; +- } ++ return *pmeth; ++} + + int RAND_set_rand_engine(ENGINE *engine) +- { +- const RAND_METHOD *tmp_meth = NULL; +- if(engine) +- { +- if(!ENGINE_init(engine)) +- return 0; +- tmp_meth = ENGINE_get_RAND(engine); +- if(!tmp_meth) +- { +- ENGINE_finish(engine); +- return 0; +- } +- } +- /* This function releases any prior ENGINE so call it first */ +- RAND_set_rand_method(tmp_meth); +- funct_ref = engine; +- return 1; +- } ++{ ++ const RAND_METHOD *tmp_meth = NULL; ++ if (engine) { ++ if (!ENGINE_init(engine)) ++ return 0; ++ tmp_meth = ENGINE_get_RAND(engine); ++ if (!tmp_meth) { ++ ENGINE_finish(engine); ++ return 0; ++ } ++ } ++ /* This function releases any prior ENGINE so call it first */ ++ RAND_set_rand_method(tmp_meth); ++ funct_ref = engine; ++ return 1; ++} + + void int_RAND_init_engine_callbacks(void) +- { +- static int done = 0; +- if (done) +- return; +- int_RAND_set_callbacks(eng_RAND_set_rand_method, +- eng_RAND_get_rand_method); +- done = 1; +- } ++{ ++ static int done = 0; ++ if (done) ++ return; ++ int_RAND_set_callbacks(eng_RAND_set_rand_method, ++ eng_RAND_get_rand_method); ++ done = 1; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +index 829fb44..8ed247f 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,50 +66,48 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) + +-static ERR_STRING_DATA RAND_str_functs[]= +- { +-{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, +-{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, +-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, +-{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, +-{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, +-{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, +-{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, +-{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, +-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, +-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA RAND_str_functs[] = { ++ {ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, ++ {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, ++ {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, ++ {ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, ++ {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, ++ {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, ++ {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, ++ {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, ++ {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, ++ {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA RAND_str_reasons[]= +- { +-{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, +-{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, +-{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, +-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, +-{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, +-{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, +-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, +-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, +-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, +-{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"}, +-{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA RAND_str_reasons[] = { ++ {ERR_REASON(RAND_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(RAND_R_NOT_IN_TEST_MODE), "not in test mode"}, ++ {ERR_REASON(RAND_R_NO_KEY_SET), "no key set"}, ++ {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH), "prng asking for too much"}, ++ {ERR_REASON(RAND_R_PRNG_ERROR), "prng error"}, ++ {ERR_REASON(RAND_R_PRNG_KEYED), "prng keyed"}, ++ {ERR_REASON(RAND_R_PRNG_NOT_REKEYED), "prng not rekeyed"}, ++ {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED), "prng not reseeded"}, ++ {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, ++ {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY), ++ "prng seed must not match key"}, ++ {ERR_REASON(RAND_R_PRNG_STUCK), "prng stuck"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_RAND_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,RAND_str_functs); +- ERR_load_strings(0,RAND_str_reasons); +- } ++ if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, RAND_str_functs); ++ ERR_load_strings(0, RAND_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +index da6b4e0..96997bd 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,12 +62,12 @@ + #include + #include "rand_lcl.h" + #ifdef OPENSSL_FIPS +-#include +-#include ++# include ++# include + #endif + + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + + static const RAND_METHOD *default_RAND_meth = NULL; +@@ -75,171 +75,162 @@ static const RAND_METHOD *default_RAND_meth = NULL; + #ifdef OPENSSL_FIPS + + static int fips_RAND_set_rand_method(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth) +- { +- *pmeth = meth; +- return 1; +- } ++ const RAND_METHOD **pmeth) ++{ ++ *pmeth = meth; ++ return 1; ++} + + static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) +- { +- if (!*pmeth) +- { +- if(FIPS_mode()) +- *pmeth=FIPS_rand_method(); +- else +- *pmeth = RAND_SSLeay(); +- } +- +- if(FIPS_mode() +- && *pmeth != FIPS_rand_check()) +- { +- RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); +- return 0; +- } +- +- return *pmeth; +- } +- +-static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth) +- = fips_RAND_set_rand_method; ++{ ++ if (!*pmeth) { ++ if (FIPS_mode()) ++ *pmeth = FIPS_rand_method(); ++ else ++ *pmeth = RAND_SSLeay(); ++ } ++ ++ if (FIPS_mode() ++ && *pmeth != FIPS_rand_check()) { ++ RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD); ++ return 0; ++ } ++ ++ return *pmeth; ++} ++ ++static int (*RAND_set_rand_method_func) (const RAND_METHOD *meth, ++ const RAND_METHOD **pmeth) ++ = fips_RAND_set_rand_method; + static const RAND_METHOD *(*RAND_get_rand_method_func) +- (const RAND_METHOD **pmeth) +- = fips_RAND_get_rand_method; +- +-#ifndef OPENSSL_NO_ENGINE +-void int_RAND_set_callbacks( +- int (*set_rand_func)(const RAND_METHOD *meth, +- const RAND_METHOD **pmeth), +- const RAND_METHOD *(*get_rand_func) +- (const RAND_METHOD **pmeth)) +- { +- RAND_set_rand_method_func = set_rand_func; +- RAND_get_rand_method_func = get_rand_func; +- } +-#endif ++ (const RAND_METHOD **pmeth) ++ = fips_RAND_get_rand_method; ++ ++# ifndef OPENSSL_NO_ENGINE ++void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth, ++ const RAND_METHOD **pmeth), ++ const RAND_METHOD *(*get_rand_func) ++ (const RAND_METHOD **pmeth)) ++{ ++ RAND_set_rand_method_func = set_rand_func; ++ RAND_get_rand_method_func = get_rand_func; ++} ++# endif + + int RAND_set_rand_method(const RAND_METHOD *meth) +- { +- return RAND_set_rand_method_func(meth, &default_RAND_meth); +- } ++{ ++ return RAND_set_rand_method_func(meth, &default_RAND_meth); ++} + + const RAND_METHOD *RAND_get_rand_method(void) +- { +- return RAND_get_rand_method_func(&default_RAND_meth); +- } ++{ ++ return RAND_get_rand_method_func(&default_RAND_meth); ++} + + #else + +-#ifndef OPENSSL_NO_ENGINE ++# ifndef OPENSSL_NO_ENGINE + /* non-NULL if default_RAND_meth is ENGINE-provided */ +-static ENGINE *funct_ref =NULL; +-#endif ++static ENGINE *funct_ref = NULL; ++# endif + + int RAND_set_rand_method(const RAND_METHOD *meth) +- { +-#ifndef OPENSSL_NO_ENGINE +- if(funct_ref) +- { +- ENGINE_finish(funct_ref); +- funct_ref = NULL; +- } +-#endif +- default_RAND_meth = meth; +- return 1; +- } ++{ ++# ifndef OPENSSL_NO_ENGINE ++ if (funct_ref) { ++ ENGINE_finish(funct_ref); ++ funct_ref = NULL; ++ } ++# endif ++ default_RAND_meth = meth; ++ return 1; ++} + + const RAND_METHOD *RAND_get_rand_method(void) +- { +- if (!default_RAND_meth) +- { +-#ifndef OPENSSL_NO_ENGINE +- ENGINE *e = ENGINE_get_default_RAND(); +- if(e) +- { +- default_RAND_meth = ENGINE_get_RAND(e); +- if(!default_RAND_meth) +- { +- ENGINE_finish(e); +- e = NULL; +- } +- } +- if(e) +- funct_ref = e; +- else +-#endif +- default_RAND_meth = RAND_SSLeay(); +- } +- return default_RAND_meth; +- } +- +-#ifndef OPENSSL_NO_ENGINE ++{ ++ if (!default_RAND_meth) { ++# ifndef OPENSSL_NO_ENGINE ++ ENGINE *e = ENGINE_get_default_RAND(); ++ if (e) { ++ default_RAND_meth = ENGINE_get_RAND(e); ++ if (!default_RAND_meth) { ++ ENGINE_finish(e); ++ e = NULL; ++ } ++ } ++ if (e) ++ funct_ref = e; ++ else ++# endif ++ default_RAND_meth = RAND_SSLeay(); ++ } ++ return default_RAND_meth; ++} ++ ++# ifndef OPENSSL_NO_ENGINE + int RAND_set_rand_engine(ENGINE *engine) +- { +- const RAND_METHOD *tmp_meth = NULL; +- if(engine) +- { +- if(!ENGINE_init(engine)) +- return 0; +- tmp_meth = ENGINE_get_RAND(engine); +- if(!tmp_meth) +- { +- ENGINE_finish(engine); +- return 0; +- } +- } +- /* This function releases any prior ENGINE so call it first */ +- RAND_set_rand_method(tmp_meth); +- funct_ref = engine; +- return 1; +- } +-#endif ++{ ++ const RAND_METHOD *tmp_meth = NULL; ++ if (engine) { ++ if (!ENGINE_init(engine)) ++ return 0; ++ tmp_meth = ENGINE_get_RAND(engine); ++ if (!tmp_meth) { ++ ENGINE_finish(engine); ++ return 0; ++ } ++ } ++ /* This function releases any prior ENGINE so call it first */ ++ RAND_set_rand_method(tmp_meth); ++ funct_ref = engine; ++ return 1; ++} ++# endif + + #endif + + void RAND_cleanup(void) +- { +- const RAND_METHOD *meth = RAND_get_rand_method(); +- if (meth && meth->cleanup) +- meth->cleanup(); +- RAND_set_rand_method(NULL); +- } ++{ ++ const RAND_METHOD *meth = RAND_get_rand_method(); ++ if (meth && meth->cleanup) ++ meth->cleanup(); ++ RAND_set_rand_method(NULL); ++} + + void RAND_seed(const void *buf, int num) +- { +- const RAND_METHOD *meth = RAND_get_rand_method(); +- if (meth && meth->seed) +- meth->seed(buf,num); +- } ++{ ++ const RAND_METHOD *meth = RAND_get_rand_method(); ++ if (meth && meth->seed) ++ meth->seed(buf, num); ++} + + void RAND_add(const void *buf, int num, double entropy) +- { +- const RAND_METHOD *meth = RAND_get_rand_method(); +- if (meth && meth->add) +- meth->add(buf,num,entropy); +- } ++{ ++ const RAND_METHOD *meth = RAND_get_rand_method(); ++ if (meth && meth->add) ++ meth->add(buf, num, entropy); ++} + + int RAND_bytes(unsigned char *buf, int num) +- { +- const RAND_METHOD *meth = RAND_get_rand_method(); +- if (meth && meth->bytes) +- return meth->bytes(buf,num); +- return(-1); +- } ++{ ++ const RAND_METHOD *meth = RAND_get_rand_method(); ++ if (meth && meth->bytes) ++ return meth->bytes(buf, num); ++ return (-1); ++} + + int RAND_pseudo_bytes(unsigned char *buf, int num) +- { +- const RAND_METHOD *meth = RAND_get_rand_method(); +- if (meth && meth->pseudorand) +- return meth->pseudorand(buf,num); +- return(-1); +- } ++{ ++ const RAND_METHOD *meth = RAND_get_rand_method(); ++ if (meth && meth->pseudorand) ++ return meth->pseudorand(buf, num); ++ return (-1); ++} + + int RAND_status(void) +- { +- const RAND_METHOD *meth = RAND_get_rand_method(); +- if (meth && meth->status) +- return meth->status(); +- return 0; +- } ++{ ++ const RAND_METHOD *meth = RAND_get_rand_method(); ++ if (meth && meth->status) ++ return meth->status(); ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c +index 8d5b8d2..55ffe9a 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -115,69 +115,65 @@ + + #if defined (OPENSSL_SYS_NETWARE) + +-#if defined(NETWARE_LIBC) +-#include +-#else +-#include +-#endif ++# if defined(NETWARE_LIBC) ++# include ++# else ++# include ++# endif + + extern int GetProcessSwitchCount(void); +-#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) +-extern void *RunningProcess; /* declare here same as found in newer NDKs */ ++# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000) ++extern void *RunningProcess; /* declare here same as found in newer NDKs */ + extern unsigned long GetSuperHighResolutionTimer(void); +-#endif ++# endif + +- /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed +- */ ++ /* ++ * the FAQ indicates we need to provide at least 20 bytes (160 bits) of ++ * seed ++ */ + int RAND_poll(void) + { +- unsigned long l; +- unsigned long tsc; +- int i; ++ unsigned long l; ++ unsigned long tsc; ++ int i; + +- /* There are several options to gather miscellaneous data +- * but for now we will loop checking the time stamp counter (rdtsc) and +- * the SuperHighResolutionTimer. Each iteration will collect 8 bytes +- * of data but it is treated as only 1 byte of entropy. The call to +- * ThreadSwitchWithDelay() will introduce additional variability into +- * the data returned by rdtsc. +- * +- * Applications can agument the seed material by adding additional +- * stuff with RAND_add() and should probably do so. +- */ +- l = GetProcessSwitchCount(); +- RAND_add(&l,sizeof(l),1); +- +- /* need to cast the void* to unsigned long here */ +- l = (unsigned long)RunningProcess; +- RAND_add(&l,sizeof(l),1); ++ /* ++ * There are several options to gather miscellaneous data but for now we ++ * will loop checking the time stamp counter (rdtsc) and the ++ * SuperHighResolutionTimer. Each iteration will collect 8 bytes of data ++ * but it is treated as only 1 byte of entropy. The call to ++ * ThreadSwitchWithDelay() will introduce additional variability into the ++ * data returned by rdtsc. Applications can agument the seed material by ++ * adding additional stuff with RAND_add() and should probably do so. ++ */ ++ l = GetProcessSwitchCount(); ++ RAND_add(&l, sizeof(l), 1); + +- for( i=2; i=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +- asm volatile("rdtsc":"=a"(tsc)::"edx"); +-#endif ++ /* need to cast the void* to unsigned long here */ ++ l = (unsigned long)RunningProcess; ++ RAND_add(&l, sizeof(l), 1); + +- RAND_add(&tsc, sizeof(tsc), 1); ++ for (i = 2; i < ENTROPY_NEEDED; i++) { ++# ifdef __MWERKS__ ++ asm { ++ rdtsc mov tsc, eax} ++# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++ asm volatile ("rdtsc":"=a" (tsc)::"edx"); ++# endif ++ ++ RAND_add(&tsc, sizeof(tsc), 1); + +- l = GetSuperHighResolutionTimer(); +- RAND_add(&l, sizeof(l), 0); ++ l = GetSuperHighResolutionTimer(); ++ RAND_add(&l, sizeof(l), 0); + + # if defined(NETWARE_LIBC) +- NXThreadYield(); +-# else /* NETWARE_CLIB */ +- ThreadSwitchWithDelay(); ++ NXThreadYield(); ++# else /* NETWARE_CLIB */ ++ ThreadSwitchWithDelay(); + # endif +- } ++ } + +- return 1; ++ return 1; + } + +-#endif +- ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c +index c3e36d4..4de2115 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -59,27 +59,30 @@ + + #ifdef OPENSSL_SYS_OS2 + +-#define INCL_DOSPROCESS +-#define INCL_DOSPROFILE +-#define INCL_DOSMISC +-#define INCL_DOSMODULEMGR +-#include ++# define INCL_DOSPROCESS ++# define INCL_DOSPROFILE ++# define INCL_DOSMISC ++# define INCL_DOSMODULEMGR ++# include + +-#define CMD_KI_RDCNT (0x63) ++# define CMD_KI_RDCNT (0x63) + + typedef struct _CPUUTIL { +- ULONG ulTimeLow; /* Low 32 bits of time stamp */ +- ULONG ulTimeHigh; /* High 32 bits of time stamp */ +- ULONG ulIdleLow; /* Low 32 bits of idle time */ +- ULONG ulIdleHigh; /* High 32 bits of idle time */ +- ULONG ulBusyLow; /* Low 32 bits of busy time */ +- ULONG ulBusyHigh; /* High 32 bits of busy time */ +- ULONG ulIntrLow; /* Low 32 bits of interrupt time */ ++ ULONG ulTimeLow; /* Low 32 bits of time stamp */ ++ ULONG ulTimeHigh; /* High 32 bits of time stamp */ ++ ULONG ulIdleLow; /* Low 32 bits of idle time */ ++ ULONG ulIdleHigh; /* High 32 bits of idle time */ ++ ULONG ulBusyLow; /* Low 32 bits of busy time */ ++ ULONG ulBusyHigh; /* High 32 bits of busy time */ ++ ULONG ulIntrLow; /* Low 32 bits of interrupt time */ + ULONG ulIntrHigh; /* High 32 bits of interrupt time */ + } CPUUTIL; + +-APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; +-APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; ++APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ++ ULONG ulParm2, ULONG ulParm3) = NULL; ++APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ++ ULONG _res_, PVOID buf, ULONG bufsz) = ++ NULL; + HMODULE hDoscalls = 0; + + int RAND_poll(void) +@@ -89,15 +92,19 @@ int RAND_poll(void) + ULONG SysVars[QSV_FOREGROUND_PROCESS]; + + if (hDoscalls == 0) { +- ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); ++ ULONG rc = ++ DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", ++ &hDoscalls); + + if (rc == 0) { +- rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); ++ rc = DosQueryProcAddr(hDoscalls, 976, NULL, ++ (PFN *) & DosPerfSysCall); + + if (rc) + DosPerfSysCall = NULL; + +- rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState); ++ rc = DosQueryProcAddr(hDoscalls, 368, NULL, ++ (PFN *) & DosQuerySysState); + + if (rc) + DosQuerySysState = NULL; +@@ -108,33 +115,40 @@ int RAND_poll(void) + DosTmrQueryTime(&qwTime); + RAND_add(&qwTime, sizeof(qwTime), 2); + +- /* Sample a bunch of system variables, includes various process & memory statistics */ ++ /* ++ * Sample a bunch of system variables, includes various process & memory ++ * statistics ++ */ + DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars)); + RAND_add(SysVars, sizeof(SysVars), 4); + +- /* If available, sample CPU registers that count at CPU MHz +- * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this ++ /* ++ * If available, sample CPU registers that count at CPU MHz Only fairly ++ * new CPUs (PPro & K6 onwards) & OS/2 versions support this + */ + if (DosPerfSysCall) { + CPUUTIL util; + +- if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) { ++ if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG) & util, 0, 0) == 0) { + RAND_add(&util, sizeof(util), 10); +- } +- else { ++ } else { + DosPerfSysCall = NULL; + } + } + +- /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */ ++ /* ++ * DosQuerySysState() gives us a huge quantity of process, thread, memory ++ * & handle stats ++ */ + if (DosQuerySysState) { + char *buffer = OPENSSL_malloc(256 * 1024); + + if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { +- /* First 4 bytes in buffer is a pointer to the thread count +- * there should be at least 1 byte of entropy per thread ++ /* ++ * First 4 bytes in buffer is a pointer to the thread count there ++ * should be at least 1 byte of entropy per thread + */ +- RAND_add(buffer, 256 * 1024, **(ULONG **)buffer); ++ RAND_add(buffer, 256 * 1024, **(ULONG **) buffer); + } + + OPENSSL_free(buffer); +@@ -144,4 +158,4 @@ int RAND_poll(void) + return 0; + } + +-#endif /* OPENSSL_SYS_OS2 */ ++#endif /* OPENSSL_SYS_OS2 */ +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +index 8e2c4ca..0a6893c 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -118,213 +118,223 @@ + + #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) + +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ +-# include +-#endif +-#include +-#ifndef FD_SETSIZE +-# define FD_SETSIZE (8*sizeof(fd_set)) +-#endif ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually ++ * everywhere */ ++# include ++# endif ++# include ++# ifndef FD_SETSIZE ++# define FD_SETSIZE (8*sizeof(fd_set)) ++# endif + +-#ifdef __OpenBSD__ ++# ifdef __OpenBSD__ + int RAND_poll(void) + { +- u_int32_t rnd = 0, i; +- unsigned char buf[ENTROPY_NEEDED]; ++ u_int32_t rnd = 0, i; ++ unsigned char buf[ENTROPY_NEEDED]; + +- for (i = 0; i < sizeof(buf); i++) { +- if (i % 4 == 0) +- rnd = arc4random(); +- buf[i] = rnd; +- rnd >>= 8; +- } +- RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); +- memset(buf, 0, sizeof(buf)); ++ for (i = 0; i < sizeof(buf); i++) { ++ if (i % 4 == 0) ++ rnd = arc4random(); ++ buf[i] = rnd; ++ rnd >>= 8; ++ } ++ RAND_add(buf, sizeof(buf), ENTROPY_NEEDED); ++ memset(buf, 0, sizeof(buf)); + +- return 1; ++ return 1; + } +-#else /* !defined(__OpenBSD__) */ ++# else /* !defined(__OpenBSD__) */ + int RAND_poll(void) + { +- unsigned long l; +- pid_t curr_pid = getpid(); +-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) +- unsigned char tmpbuf[ENTROPY_NEEDED]; +- int n = 0; +-#endif +-#ifdef DEVRANDOM +- static const char *randomfiles[] = { DEVRANDOM }; +- struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])]; +- int fd; +- size_t i; +-#endif +-#ifdef DEVRANDOM_EGD +- static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; +- const char **egdsocket = NULL; +-#endif ++ unsigned long l; ++ pid_t curr_pid = getpid(); ++# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) ++ unsigned char tmpbuf[ENTROPY_NEEDED]; ++ int n = 0; ++# endif ++# ifdef DEVRANDOM ++ static const char *randomfiles[] = { DEVRANDOM }; ++ struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; ++ int fd; ++ size_t i; ++# endif ++# ifdef DEVRANDOM_EGD ++ static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; ++ const char **egdsocket = NULL; ++# endif + +-#ifdef DEVRANDOM +- memset(randomstats,0,sizeof(randomstats)); +- /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD +- * have this. Use /dev/urandom if you can as /dev/random may block +- * if it runs out of random entries. */ ++# ifdef DEVRANDOM ++ memset(randomstats, 0, sizeof(randomstats)); ++ /* ++ * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have ++ * this. Use /dev/urandom if you can as /dev/random may block if it runs ++ * out of random entries. ++ */ + +- for (i=0; i= 0) +- { +- int usec = 10*1000; /* spend 10ms on each file */ +- int r; +- size_t j; +- struct stat *st=&randomstats[i]; ++ for (i = 0; i < sizeof(randomfiles) / sizeof(randomfiles[0]) ++ && n < ENTROPY_NEEDED; i++) { ++ if ((fd = open(randomfiles[i], O_RDONLY ++# ifdef O_NONBLOCK ++ | O_NONBLOCK ++# endif ++# ifdef O_BINARY ++ | O_BINARY ++# endif ++# ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do ++ * not make it our controlling tty */ ++ | O_NOCTTY ++# endif ++ )) >= 0) { ++ int usec = 10 * 1000; /* spend 10ms on each file */ ++ int r; ++ size_t j; ++ struct stat *st = &randomstats[i]; + +- /* Avoid using same input... Used to be O_NOFOLLOW +- * above, but it's not universally appropriate... */ +- if (fstat(fd,st) != 0) { close(fd); continue; } +- for (j=0;jst_ino && +- randomstats[j].st_dev==st->st_dev) +- break; +- } +- if (jst_ino && ++ randomstats[j].st_dev == st->st_dev) ++ break; ++ } ++ if (j < i) { ++ close(fd); ++ continue; ++ } + +- do +- { +- int try_read = 0; ++ do { ++ int try_read = 0; + +-#if defined(OPENSSL_SYS_LINUX) +- /* use poll() */ +- struct pollfd pset; +- +- pset.fd = fd; +- pset.events = POLLIN; +- pset.revents = 0; ++# if defined(OPENSSL_SYS_LINUX) ++ /* use poll() */ ++ struct pollfd pset; + +- if (poll(&pset, 1, usec / 1000) < 0) +- usec = 0; +- else +- try_read = (pset.revents & POLLIN) != 0; ++ pset.fd = fd; ++ pset.events = POLLIN; ++ pset.revents = 0; + +-#else +- /* use select() */ +- fd_set fset; +- struct timeval t; +- +- t.tv_sec = 0; +- t.tv_usec = usec; ++ if (poll(&pset, 1, usec / 1000) < 0) ++ usec = 0; ++ else ++ try_read = (pset.revents & POLLIN) != 0; + +- if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) +- { +- /* can't use select, so just try to read once anyway */ +- try_read = 1; +- } +- else +- { +- FD_ZERO(&fset); +- FD_SET(fd, &fset); +- +- if (select(fd+1,&fset,NULL,NULL,&t) >= 0) +- { +- usec = t.tv_usec; +- if (FD_ISSET(fd, &fset)) +- try_read = 1; +- } +- else +- usec = 0; +- } +-#endif +- +- if (try_read) +- { +- r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n); +- if (r > 0) +- n += r; +- } +- else +- r = -1; +- +- /* Some Unixen will update t in select(), some +- won't. For those who won't, or if we +- didn't use select() in the first place, +- give up here, otherwise, we will do +- this once again for the remaining +- time. */ +- if (usec == 10*1000) +- usec = 0; +- } +- while ((r > 0 || +- (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); ++# else ++ /* use select() */ ++ fd_set fset; ++ struct timeval t; + +- close(fd); +- } +- } +-#endif /* defined(DEVRANDOM) */ ++ t.tv_sec = 0; ++ t.tv_usec = usec; + +-#ifdef DEVRANDOM_EGD +- /* Use an EGD socket to read entropy from an EGD or PRNGD entropy +- * collecting daemon. */ ++ if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) { ++ /* ++ * can't use select, so just try to read once anyway ++ */ ++ try_read = 1; ++ } else { ++ FD_ZERO(&fset); ++ FD_SET(fd, &fset); + +- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++) +- { +- int r; ++ if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) { ++ usec = t.tv_usec; ++ if (FD_ISSET(fd, &fset)) ++ try_read = 1; ++ } else ++ usec = 0; ++ } ++# endif + +- r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n, +- ENTROPY_NEEDED-n); +- if (r > 0) +- n += r; +- } +-#endif /* defined(DEVRANDOM_EGD) */ ++ if (try_read) { ++ r = read(fd, (unsigned char *)tmpbuf + n, ++ ENTROPY_NEEDED - n); ++ if (r > 0) ++ n += r; ++ } else ++ r = -1; + +-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) +- if (n > 0) +- { +- RAND_add(tmpbuf,sizeof tmpbuf,(double)n); +- OPENSSL_cleanse(tmpbuf,n); +- } +-#endif ++ /* ++ * Some Unixen will update t in select(), some won't. For ++ * those who won't, or if we didn't use select() in the first ++ * place, give up here, otherwise, we will do this once again ++ * for the remaining time. ++ */ ++ if (usec == 10 * 1000) ++ usec = 0; ++ } ++ while ((r > 0 || ++ (errno == EINTR || errno == EAGAIN)) && usec != 0 ++ && n < ENTROPY_NEEDED); + +- /* put in some default random data, we need more than just this */ +- l=curr_pid; +- RAND_add(&l,sizeof(l),0.0); +- l=getuid(); +- RAND_add(&l,sizeof(l),0.0); ++ close(fd); ++ } ++ } ++# endif /* defined(DEVRANDOM) */ + +- l=time(NULL); +- RAND_add(&l,sizeof(l),0.0); ++# ifdef DEVRANDOM_EGD ++ /* ++ * Use an EGD socket to read entropy from an EGD or PRNGD entropy ++ * collecting daemon. ++ */ + +-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) +- return 1; +-#else +- return 0; +-#endif +-} ++ for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; ++ egdsocket++) { ++ int r; ++ ++ r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n, ++ ENTROPY_NEEDED - n); ++ if (r > 0) ++ n += r; ++ } ++# endif /* defined(DEVRANDOM_EGD) */ + +-#endif /* defined(__OpenBSD__) */ +-#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */ ++# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) ++ if (n > 0) { ++ RAND_add(tmpbuf, sizeof tmpbuf, (double)n); ++ OPENSSL_cleanse(tmpbuf, n); ++ } ++# endif + ++ /* put in some default random data, we need more than just this */ ++ l = curr_pid; ++ RAND_add(&l, sizeof(l), 0.0); ++ l = getuid(); ++ RAND_add(&l, sizeof(l), 0.0); ++ ++ l = time(NULL); ++ RAND_add(&l, sizeof(l), 0.0); ++ ++# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) ++ return 1; ++# else ++ return 0; ++# endif ++} ++ ++# endif /* defined(__OpenBSD__) */ ++#endif /* !(defined(OPENSSL_SYS_WINDOWS) || ++ * defined(OPENSSL_SYS_WIN32) || ++ * defined(OPENSSL_SYS_VMS) || ++ * defined(OPENSSL_SYS_OS2) || ++ * defined(OPENSSL_SYS_VXWORKS) || ++ * defined(OPENSSL_SYS_NETWARE)) */ + + #if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) + int RAND_poll(void) +- { +- return 0; +- } ++{ ++ return 0; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c +index 5d134e1..0c616c4 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_win.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,7 +63,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -114,607 +114,552 @@ + #include "rand_lcl.h" + + #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +-#include +-#ifndef _WIN32_WINNT +-# define _WIN32_WINNT 0x0400 +-#endif +-#include +-#include ++# include ++# ifndef _WIN32_WINNT ++# define _WIN32_WINNT 0x0400 ++# endif ++# include ++# include + +-/* Limit the time spent walking through the heap, processes, threads and modules to +- a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */ +-#define MAXDELAY 1000 ++/* ++ * Limit the time spent walking through the heap, processes, threads and ++ * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom ++ * failed ++ */ ++# define MAXDELAY 1000 + +-/* Intel hardware RNG CSP -- available from ++/* ++ * Intel hardware RNG CSP -- available from + * http://developer.intel.com/design/security/rng/redist_license.htm + */ +-#define PROV_INTEL_SEC 22 +-#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" ++# define PROV_INTEL_SEC 22 ++# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" + + static void readtimer(void); + static void readscreen(void); + +-/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined +- when WINVER is 0x0500 and up, which currently only happens on Win2000. +- Unfortunately, those are typedefs, so they're a little bit difficult to +- detect properly. On the other hand, the macro CURSOR_SHOWING is defined +- within the same conditional, so it can be use to detect the absence of said +- typedefs. */ ++/* ++ * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined ++ * when WINVER is 0x0500 and up, which currently only happens on Win2000. ++ * Unfortunately, those are typedefs, so they're a little bit difficult to ++ * detect properly. On the other hand, the macro CURSOR_SHOWING is defined ++ * within the same conditional, so it can be use to detect the absence of ++ * said typedefs. ++ */ + +-#ifndef CURSOR_SHOWING ++# ifndef CURSOR_SHOWING + /* + * Information about the global cursor. + */ +-typedef struct tagCURSORINFO +-{ +- DWORD cbSize; +- DWORD flags; ++typedef struct tagCURSORINFO { ++ DWORD cbSize; ++ DWORD flags; + HCURSOR hCursor; +- POINT ptScreenPos; ++ POINT ptScreenPos; + } CURSORINFO, *PCURSORINFO, *LPCURSORINFO; + +-#define CURSOR_SHOWING 0x00000001 +-#endif /* CURSOR_SHOWING */ +- +-#if !defined(OPENSSL_SYS_WINCE) +-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR, +- DWORD, DWORD); +-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); +-typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD); +- +-typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID); +-typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); +-typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); +- +-typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); +-typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE); +-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t); +-typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); +-typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); +-typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); +-typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); +-typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); +- +-#include +-#include +-#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE +- * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was +- * was added to the Platform SDK to allow the NET API to be used in +- * non-Unicode applications provided that Unicode strings were still +- * used for input. LMSTR is defined as LPWSTR. +- */ +-typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) +- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); +-typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); +-#endif /* 1 */ +-#endif /* !OPENSSL_SYS_WINCE */ ++# define CURSOR_SHOWING 0x00000001 ++# endif /* CURSOR_SHOWING */ ++ ++# if !defined(OPENSSL_SYS_WINCE) ++typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR, ++ DWORD, DWORD); ++typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *); ++typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD); ++ ++typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID); ++typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO); ++typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT); ++ ++typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); ++typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); ++typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t); ++typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32); ++typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32); ++typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32); ++typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32); ++typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32); ++ ++# include ++# include ++# if 1 ++/* ++ * The NET API is Unicode only. It requires the use of the UNICODE macro. ++ * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the ++ * Platform SDK to allow the NET API to be used in non-Unicode applications ++ * provided that Unicode strings were still used for input. LMSTR is defined ++ * as LPWSTR. ++ */ ++typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET) ++ (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *); ++typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE); ++# endif /* 1 */ ++# endif /* !OPENSSL_SYS_WINCE */ + + int RAND_poll(void) + { +- MEMORYSTATUS m; +- HCRYPTPROV hProvider = 0; +- DWORD w; +- int good = 0; +- +- /* Determine the OS version we are on so we can turn off things +- * that do not work properly. +- */ +- OSVERSIONINFO osverinfo ; +- osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; +- GetVersionEx( &osverinfo ) ; +- +-#if defined(OPENSSL_SYS_WINCE) +-# if defined(_WIN32_WCE) && _WIN32_WCE>=300 +-/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available +- * in commonly available implementations prior 300... */ +- { +- BYTE buf[64]; +- /* poll the CryptoAPI PRNG */ +- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ +- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, +- CRYPT_VERIFYCONTEXT)) +- { +- if (CryptGenRandom(hProvider, sizeof(buf), buf)) +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- CryptReleaseContext(hProvider, 0); +- } +- } +-# endif +-#else /* OPENSSL_SYS_WINCE */ +- /* +- * None of below libraries are present on Windows CE, which is +- * why we #ifndef the whole section. This also excuses us from +- * handling the GetProcAddress issue. The trouble is that in +- * real Win32 API GetProcAddress is available in ANSI flavor +- * only. In WinCE on the other hand GetProcAddress is a macro +- * most commonly defined as GetProcAddressW, which accepts +- * Unicode argument. If we were to call GetProcAddress under +- * WinCE, I'd recommend to either redefine GetProcAddress as +- * GetProcAddressA (there seem to be one in common CE spec) or +- * implement own shim routine, which would accept ANSI argument +- * and expand it to Unicode. +- */ +- { +- /* load functions dynamically - not available on all systems */ +- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); +- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); +- HMODULE user = NULL; +- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); +- CRYPTACQUIRECONTEXTW acquire = NULL; +- CRYPTGENRANDOM gen = NULL; +- CRYPTRELEASECONTEXT release = NULL; +- NETSTATGET netstatget = NULL; +- NETFREE netfree = NULL; +- BYTE buf[64]; +- +- if (netapi) +- { +- netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); +- netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); +- } +- +- if (netstatget && netfree) +- { +- LPBYTE outbuf; +- /* NetStatisticsGet() is a Unicode only function +- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 +- * contains 17 fields. We treat each field as a source of +- * one byte of entropy. +- */ +- +- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) +- { +- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); +- netfree(outbuf); +- } +- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) +- { +- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); +- netfree(outbuf); +- } +- } +- +- if (netapi) +- FreeLibrary(netapi); +- +- /* It appears like this can cause an exception deep within ADVAPI32.DLL +- * at random times on Windows 2000. Reported by Jeffrey Altman. +- * Only use it on NT. +- */ +- /* Wolfgang Marczy reports that +- * the RegQueryValueEx call below can hang on NT4.0 (SP6). +- * So we don't use this at all for now. */ +-#if 0 +- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && +- osverinfo.dwMajorVersion < 5) +- { +- /* Read Performance Statistics from NT/2000 registry +- * The size of the performance data can vary from call +- * to call so we must guess the size of the buffer to use +- * and increase its size if we get an ERROR_MORE_DATA +- * return instead of ERROR_SUCCESS. +- */ +- LONG rc=ERROR_MORE_DATA; +- char * buf=NULL; +- DWORD bufsz=0; +- DWORD length; +- +- while (rc == ERROR_MORE_DATA) +- { +- buf = realloc(buf,bufsz+8192); +- if (!buf) +- break; +- bufsz += 8192; +- +- length = bufsz; +- rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), +- NULL, NULL, buf, &length); +- } +- if (rc == ERROR_SUCCESS) +- { +- /* For entropy count assume only least significant +- * byte of each DWORD is random. +- */ +- RAND_add(&length, sizeof(length), 0); +- RAND_add(buf, length, length / 4.0); +- +- /* Close the Registry Key to allow Windows to cleanup/close +- * the open handle +- * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened +- * when the RegQueryValueEx above is done. However, if +- * it is not explicitly closed, it can cause disk +- * partition manipulation problems. +- */ +- RegCloseKey(HKEY_PERFORMANCE_DATA); +- } +- if (buf) +- free(buf); +- } +-#endif +- +- if (advapi) +- { +- /* +- * If it's available, then it's available in both ANSI +- * and UNICODE flavors even in Win9x, documentation says. +- * We favor Unicode... +- */ +- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, +- "CryptAcquireContextW"); +- gen = (CRYPTGENRANDOM) GetProcAddress(advapi, +- "CryptGenRandom"); +- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, +- "CryptReleaseContext"); +- } +- +- if (acquire && gen && release) +- { +- /* poll the CryptoAPI PRNG */ +- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ +- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, +- CRYPT_VERIFYCONTEXT)) +- { +- if (gen(hProvider, sizeof(buf), buf) != 0) +- { +- RAND_add(buf, sizeof(buf), 0); +- good = 1; +-#if 0 +- printf("randomness from PROV_RSA_FULL\n"); +-#endif +- } +- release(hProvider, 0); +- } +- +- /* poll the Pentium PRG with CryptoAPI */ +- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) +- { +- if (gen(hProvider, sizeof(buf), buf) != 0) +- { +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- good = 1; +-#if 0 +- printf("randomness from PROV_INTEL_SEC\n"); +-#endif +- } +- release(hProvider, 0); +- } +- } ++ MEMORYSTATUS m; ++ HCRYPTPROV hProvider = 0; ++ DWORD w; ++ int good = 0; ++ ++# if defined(OPENSSL_SYS_WINCE) ++# if defined(_WIN32_WCE) && _WIN32_WCE>=300 ++ /* ++ * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available ++ * in commonly available implementations prior 300... ++ */ ++ { ++ BYTE buf[64]; ++ /* poll the CryptoAPI PRNG */ ++ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ ++ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, ++ CRYPT_VERIFYCONTEXT)) { ++ if (CryptGenRandom(hProvider, sizeof(buf), buf)) ++ RAND_add(buf, sizeof(buf), sizeof(buf)); ++ CryptReleaseContext(hProvider, 0); ++ } ++ } ++# endif ++# else /* OPENSSL_SYS_WINCE */ ++ /* ++ * None of below libraries are present on Windows CE, which is ++ * why we #ifndef the whole section. This also excuses us from ++ * handling the GetProcAddress issue. The trouble is that in ++ * real Win32 API GetProcAddress is available in ANSI flavor ++ * only. In WinCE on the other hand GetProcAddress is a macro ++ * most commonly defined as GetProcAddressW, which accepts ++ * Unicode argument. If we were to call GetProcAddress under ++ * WinCE, I'd recommend to either redefine GetProcAddress as ++ * GetProcAddressA (there seem to be one in common CE spec) or ++ * implement own shim routine, which would accept ANSI argument ++ * and expand it to Unicode. ++ */ ++ { ++ /* load functions dynamically - not available on all systems */ ++ HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL")); ++ HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL")); ++ HMODULE user = NULL; ++ HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL")); ++ CRYPTACQUIRECONTEXTW acquire = NULL; ++ CRYPTGENRANDOM gen = NULL; ++ CRYPTRELEASECONTEXT release = NULL; ++ NETSTATGET netstatget = NULL; ++ NETFREE netfree = NULL; ++ BYTE buf[64]; ++ ++ if (netapi) { ++ netstatget = ++ (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet"); ++ netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree"); ++ } ++ ++ if (netstatget && netfree) { ++ LPBYTE outbuf; ++ /* ++ * NetStatisticsGet() is a Unicode only function ++ * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 ++ * contains 17 fields. We treat each field as a source of one ++ * byte of entropy. ++ */ ++ ++ if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) { ++ RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); ++ netfree(outbuf); ++ } ++ if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) { ++ RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); ++ netfree(outbuf); ++ } ++ } ++ ++ if (netapi) ++ FreeLibrary(netapi); ++ ++ /* ++ * It appears like this can cause an exception deep within ++ * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey ++ * Altman. Only use it on NT. ++ */ ++ ++ if (advapi) { ++ /* ++ * If it's available, then it's available in both ANSI ++ * and UNICODE flavors even in Win9x, documentation says. ++ * We favor Unicode... ++ */ ++ acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi, ++ "CryptAcquireContextW"); ++ gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom"); ++ release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, ++ "CryptReleaseContext"); ++ } ++ ++ if (acquire && gen && release) { ++ /* poll the CryptoAPI PRNG */ ++ /* The CryptoAPI returns sizeof(buf) bytes of randomness */ ++ if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL, ++ CRYPT_VERIFYCONTEXT)) { ++ if (gen(hProvider, sizeof(buf), buf) != 0) { ++ RAND_add(buf, sizeof(buf), 0); ++ good = 1; ++# if 0 ++ printf("randomness from PROV_RSA_FULL\n"); ++# endif ++ } ++ release(hProvider, 0); ++ } ++ ++ /* poll the Pentium PRG with CryptoAPI */ ++ if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) { ++ if (gen(hProvider, sizeof(buf), buf) != 0) { ++ RAND_add(buf, sizeof(buf), sizeof(buf)); ++ good = 1; ++# if 0 ++ printf("randomness from PROV_INTEL_SEC\n"); ++# endif ++ } ++ release(hProvider, 0); ++ } ++ } + + if (advapi) +- FreeLibrary(advapi); +- +- if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || +- !OPENSSL_isservice()) && +- (user = LoadLibrary(TEXT("USER32.DLL")))) +- { +- GETCURSORINFO cursor; +- GETFOREGROUNDWINDOW win; +- GETQUEUESTATUS queue; +- +- win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); +- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); +- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); +- +- if (win) +- { +- /* window handle */ +- HWND h = win(); +- RAND_add(&h, sizeof(h), 0); +- } +- if (cursor) +- { +- /* unfortunately, its not safe to call GetCursorInfo() +- * on NT4 even though it exists in SP3 (or SP6) and +- * higher. +- */ +- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && +- osverinfo.dwMajorVersion < 5) +- cursor = 0; +- } +- if (cursor) +- { +- /* cursor position */ +- /* assume 2 bytes of entropy */ +- CURSORINFO ci; +- ci.cbSize = sizeof(CURSORINFO); +- if (cursor(&ci)) +- RAND_add(&ci, ci.cbSize, 2); +- } +- +- if (queue) +- { +- /* message queue status */ +- /* assume 1 byte of entropy */ +- w = queue(QS_ALLEVENTS); +- RAND_add(&w, sizeof(w), 1); +- } +- +- FreeLibrary(user); +- } +- +- /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap +- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm +- * (Win 9x and 2000 only, not available on NT) +- * +- * This seeding method was proposed in Peter Gutmann, Software +- * Generation of Practically Strong Random Numbers, +- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html +- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf +- * (The assignment of entropy estimates below is arbitrary, but based +- * on Peter's analysis the full poll appears to be safe. Additional +- * interactive seeding is encouraged.) +- */ +- +- if (kernel) +- { +- CREATETOOLHELP32SNAPSHOT snap; +- CLOSETOOLHELP32SNAPSHOT close_snap; +- HANDLE handle; +- +- HEAP32FIRST heap_first; +- HEAP32NEXT heap_next; +- HEAP32LIST heaplist_first, heaplist_next; +- PROCESS32 process_first, process_next; +- THREAD32 thread_first, thread_next; +- MODULE32 module_first, module_next; +- +- HEAPLIST32 hlist; +- HEAPENTRY32 hentry; +- PROCESSENTRY32 p; +- THREADENTRY32 t; +- MODULEENTRY32 m; +- DWORD starttime = 0; +- +- snap = (CREATETOOLHELP32SNAPSHOT) +- GetProcAddress(kernel, "CreateToolhelp32Snapshot"); +- close_snap = (CLOSETOOLHELP32SNAPSHOT) +- GetProcAddress(kernel, "CloseToolhelp32Snapshot"); +- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); +- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); +- heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); +- heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); +- process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); +- process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); +- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); +- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); +- module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); +- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); +- +- if (snap && heap_first && heap_next && heaplist_first && +- heaplist_next && process_first && process_next && +- thread_first && thread_next && module_first && +- module_next && (handle = snap(TH32CS_SNAPALL,0)) +- != INVALID_HANDLE_VALUE) +- { +- /* heap list and heap walking */ +- /* HEAPLIST32 contains 3 fields that will change with +- * each entry. Consider each field a source of 1 byte +- * of entropy. +- * HEAPENTRY32 contains 5 fields that will change with +- * each entry. Consider each field a source of 1 byte +- * of entropy. +- */ +- ZeroMemory(&hlist, sizeof(HEAPLIST32)); +- hlist.dwSize = sizeof(HEAPLIST32); +- if (good) starttime = GetTickCount(); +-#ifdef _MSC_VER +- if (heaplist_first(handle, &hlist)) +- { +- /* +- following discussion on dev ML, exception on WinCE (or other Win +- platform) is theoretically of unknown origin; prevent infinite +- loop here when this theoretical case occurs; otherwise cope with +- the expected (MSDN documented) exception-throwing behaviour of +- Heap32Next() on WinCE. +- +- based on patch in original message by Tanguy Fautré (2009/03/02) +- Subject: RAND_poll() and CreateToolhelp32Snapshot() stability +- */ +- int ex_cnt_limit = 42; +- do +- { +- RAND_add(&hlist, hlist.dwSize, 3); +- __try +- { +- ZeroMemory(&hentry, sizeof(HEAPENTRY32)); +- hentry.dwSize = sizeof(HEAPENTRY32); +- if (heap_first(&hentry, +- hlist.th32ProcessID, +- hlist.th32HeapID)) +- { +- int entrycnt = 80; +- do +- RAND_add(&hentry, +- hentry.dwSize, 5); +- while (heap_next(&hentry) +- && (!good || (GetTickCount()-starttime) 0); +- } +- } +- __except (EXCEPTION_EXECUTE_HANDLER) +- { +- /* ignore access violations when walking the heap list */ +- ex_cnt_limit--; +- } +- } while (heaplist_next(handle, &hlist) +- && (!good || (GetTickCount()-starttime) 0); +- } +- +-#else +- if (heaplist_first(handle, &hlist)) +- { +- do +- { +- RAND_add(&hlist, hlist.dwSize, 3); +- hentry.dwSize = sizeof(HEAPENTRY32); +- if (heap_first(&hentry, +- hlist.th32ProcessID, +- hlist.th32HeapID)) +- { +- int entrycnt = 80; +- do +- RAND_add(&hentry, +- hentry.dwSize, 5); +- while (heap_next(&hentry) +- && --entrycnt > 0); +- } +- } while (heaplist_next(handle, &hlist) +- && (!good || (GetTickCount()-starttime) 0); ++ } + } +- break; +- case WM_MOUSEMOVE: +- { +- static int lastx,lasty,lastdx,lastdy; +- int x,y,dx,dy; +- +- x=LOWORD(lParam); +- y=HIWORD(lParam); +- dx=lastx-x; +- dy=lasty-y; +- if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) +- add_entropy=.2; +- lastx=x, lasty=y; +- lastdx=dx, lastdy=dy; ++ __except(EXCEPTION_EXECUTE_HANDLER) { ++ /* ++ * ignore access violations when walking the heap ++ * list ++ */ ++ ex_cnt_limit--; + } +- break; +- } +- +- readtimer(); +- RAND_add(&iMsg, sizeof(iMsg), add_entropy); +- RAND_add(&wParam, sizeof(wParam), 0); +- RAND_add(&lParam, sizeof(lParam), 0); +- +- return (RAND_status()); +- } ++ } while (heaplist_next(handle, &hlist) ++ && (!good ++ || (GetTickCount() - starttime) < MAXDELAY) ++ && ex_cnt_limit > 0); ++ } ++# else ++ if (heaplist_first(handle, &hlist)) { ++ do { ++ RAND_add(&hlist, hlist.dwSize, 3); ++ hentry.dwSize = sizeof(HEAPENTRY32); ++ if (heap_first(&hentry, ++ hlist.th32ProcessID, ++ hlist.th32HeapID)) { ++ int entrycnt = 80; ++ do ++ RAND_add(&hentry, hentry.dwSize, 5); ++ while (heap_next(&hentry) ++ && --entrycnt > 0); ++ } ++ } while (heaplist_next(handle, &hlist) ++ && (!good ++ || (GetTickCount() - starttime) < MAXDELAY)); ++ } ++# endif ++ ++ /* process walking */ ++ /* ++ * PROCESSENTRY32 contains 9 fields that will change with ++ * each entry. Consider each field a source of 1 byte of ++ * entropy. ++ */ ++ p.dwSize = sizeof(PROCESSENTRY32); ++ ++ if (good) ++ starttime = GetTickCount(); ++ if (process_first(handle, &p)) ++ do ++ RAND_add(&p, p.dwSize, 9); ++ while (process_next(handle, &p) ++ && (!good ++ || (GetTickCount() - starttime) < MAXDELAY)); ++ ++ /* thread walking */ ++ /* ++ * THREADENTRY32 contains 6 fields that will change with each ++ * entry. Consider each field a source of 1 byte of entropy. ++ */ ++ t.dwSize = sizeof(THREADENTRY32); ++ if (good) ++ starttime = GetTickCount(); ++ if (thread_first(handle, &t)) ++ do ++ RAND_add(&t, t.dwSize, 6); ++ while (thread_next(handle, &t) ++ && (!good ++ || (GetTickCount() - starttime) < MAXDELAY)); ++ ++ /* module walking */ ++ /* ++ * MODULEENTRY32 contains 9 fields that will change with each ++ * entry. Consider each field a source of 1 byte of entropy. ++ */ ++ m.dwSize = sizeof(MODULEENTRY32); ++ if (good) ++ starttime = GetTickCount(); ++ if (module_first(handle, &m)) ++ do ++ RAND_add(&m, m.dwSize, 9); ++ while (module_next(handle, &m) ++ && (!good ++ || (GetTickCount() - starttime) < MAXDELAY)); ++ if (close_snap) ++ close_snap(handle); ++ else ++ CloseHandle(handle); ++ ++ } ++ ++ FreeLibrary(kernel); ++ } ++ } ++# endif /* !OPENSSL_SYS_WINCE */ ++ ++ /* timer data */ ++ readtimer(); ++ ++ /* memory usage statistics */ ++ GlobalMemoryStatus(&m); ++ RAND_add(&m, sizeof(m), 1); ++ ++ /* process ID */ ++ w = GetCurrentProcessId(); ++ RAND_add(&w, sizeof(w), 1); ++ ++# if 0 ++ printf("Exiting RAND_poll\n"); ++# endif + ++ return (1); ++} + +-void RAND_screen(void) /* function available for backward compatibility */ ++int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) + { +- RAND_poll(); +- readscreen(); ++ double add_entropy = 0; ++ ++ switch (iMsg) { ++ case WM_KEYDOWN: ++ { ++ static WPARAM key; ++ if (key != wParam) ++ add_entropy = 0.05; ++ key = wParam; ++ } ++ break; ++ case WM_MOUSEMOVE: ++ { ++ static int lastx, lasty, lastdx, lastdy; ++ int x, y, dx, dy; ++ ++ x = LOWORD(lParam); ++ y = HIWORD(lParam); ++ dx = lastx - x; ++ dy = lasty - y; ++ if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0) ++ add_entropy = .2; ++ lastx = x, lasty = y; ++ lastdx = dx, lastdy = dy; ++ } ++ break; ++ } ++ ++ readtimer(); ++ RAND_add(&iMsg, sizeof(iMsg), add_entropy); ++ RAND_add(&wParam, sizeof(wParam), 0); ++ RAND_add(&lParam, sizeof(lParam), 0); ++ ++ return (RAND_status()); + } + ++void RAND_screen(void) ++{ /* function available for backward ++ * compatibility */ ++ RAND_poll(); ++ readscreen(); ++} + + /* feed timing information to the PRNG */ + static void readtimer(void) + { +- DWORD w; +- LARGE_INTEGER l; +- static int have_perfc = 1; +-#if defined(_MSC_VER) && defined(_M_X86) +- static int have_tsc = 1; +- DWORD cyclecount; +- +- if (have_tsc) { +- __try { +- __asm { +- _emit 0x0f +- _emit 0x31 +- mov cyclecount, eax +- } +- RAND_add(&cyclecount, sizeof(cyclecount), 1); +- } __except(EXCEPTION_EXECUTE_HANDLER) { +- have_tsc = 0; +- } +- } +-#else +-# define have_tsc 0 +-#endif ++ DWORD w; ++ LARGE_INTEGER l; ++ static int have_perfc = 1; ++# if defined(_MSC_VER) && defined(_M_X86) ++ static int have_tsc = 1; ++ DWORD cyclecount; ++ ++ if (have_tsc) { ++ __try { ++ __asm { ++ _emit 0x0f _emit 0x31 mov cyclecount, eax} ++ RAND_add(&cyclecount, sizeof(cyclecount), 1); ++ } ++ __except(EXCEPTION_EXECUTE_HANDLER) { ++ have_tsc = 0; ++ } ++ } ++# else ++# define have_tsc 0 ++# endif + +- if (have_perfc) { +- if (QueryPerformanceCounter(&l) == 0) +- have_perfc = 0; +- else +- RAND_add(&l, sizeof(l), 0); +- } +- +- if (!have_tsc && !have_perfc) { +- w = GetTickCount(); +- RAND_add(&w, sizeof(w), 0); +- } ++ if (have_perfc) { ++ if (QueryPerformanceCounter(&l) == 0) ++ have_perfc = 0; ++ else ++ RAND_add(&l, sizeof(l), 0); ++ } ++ ++ if (!have_tsc && !have_perfc) { ++ w = GetTickCount(); ++ RAND_add(&w, sizeof(w), 0); ++ } + } + + /* feed screen contents to PRNG */ +@@ -737,71 +682,70 @@ static void readtimer(void) + + static void readscreen(void) + { +-#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) +- HDC hScrDC; /* screen DC */ +- HDC hMemDC; /* memory DC */ +- HBITMAP hBitmap; /* handle for our bitmap */ +- HBITMAP hOldBitmap; /* handle for previous bitmap */ +- BITMAP bm; /* bitmap properties */ +- unsigned int size; /* size of bitmap */ +- char *bmbits; /* contents of bitmap */ +- int w; /* screen width */ +- int h; /* screen height */ +- int y; /* y-coordinate of screen lines to grab */ +- int n = 16; /* number of screen lines to grab at a time */ +- +- if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) +- return; +- +- /* Create a screen DC and a memory DC compatible to screen DC */ +- hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); +- hMemDC = CreateCompatibleDC(hScrDC); +- +- /* Get screen resolution */ +- w = GetDeviceCaps(hScrDC, HORZRES); +- h = GetDeviceCaps(hScrDC, VERTRES); +- +- /* Create a bitmap compatible with the screen DC */ +- hBitmap = CreateCompatibleBitmap(hScrDC, w, n); +- +- /* Select new bitmap into memory DC */ +- hOldBitmap = SelectObject(hMemDC, hBitmap); +- +- /* Get bitmap properties */ +- GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); +- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; +- +- bmbits = OPENSSL_malloc(size); +- if (bmbits) { +- /* Now go through the whole screen, repeatedly grabbing n lines */ +- for (y = 0; y < h-n; y += n) +- { +- unsigned char md[MD_DIGEST_LENGTH]; +- +- /* Bitblt screen DC to memory DC */ +- BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); +- +- /* Copy bitmap bits from memory DC to bmbits */ +- GetBitmapBits(hBitmap, size, bmbits); +- +- /* Get the hash of the bitmap */ +- MD(bmbits,size,md); +- +- /* Seed the random generator with the hash value */ +- RAND_add(md, MD_DIGEST_LENGTH, 0); +- } +- +- OPENSSL_free(bmbits); +- } +- +- /* Select old bitmap back into memory DC */ +- hBitmap = SelectObject(hMemDC, hOldBitmap); +- +- /* Clean up */ +- DeleteObject(hBitmap); +- DeleteDC(hMemDC); +- DeleteDC(hScrDC); +-#endif /* !OPENSSL_SYS_WINCE */ ++# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN) ++ HDC hScrDC; /* screen DC */ ++ HDC hMemDC; /* memory DC */ ++ HBITMAP hBitmap; /* handle for our bitmap */ ++ HBITMAP hOldBitmap; /* handle for previous bitmap */ ++ BITMAP bm; /* bitmap properties */ ++ unsigned int size; /* size of bitmap */ ++ char *bmbits; /* contents of bitmap */ ++ int w; /* screen width */ ++ int h; /* screen height */ ++ int y; /* y-coordinate of screen lines to grab */ ++ int n = 16; /* number of screen lines to grab at a time */ ++ ++ if (check_winnt() && OPENSSL_isservice() > 0) ++ return; ++ ++ /* Create a screen DC and a memory DC compatible to screen DC */ ++ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL); ++ hMemDC = CreateCompatibleDC(hScrDC); ++ ++ /* Get screen resolution */ ++ w = GetDeviceCaps(hScrDC, HORZRES); ++ h = GetDeviceCaps(hScrDC, VERTRES); ++ ++ /* Create a bitmap compatible with the screen DC */ ++ hBitmap = CreateCompatibleBitmap(hScrDC, w, n); ++ ++ /* Select new bitmap into memory DC */ ++ hOldBitmap = SelectObject(hMemDC, hBitmap); ++ ++ /* Get bitmap properties */ ++ GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm); ++ size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; ++ ++ bmbits = OPENSSL_malloc(size); ++ if (bmbits) { ++ /* Now go through the whole screen, repeatedly grabbing n lines */ ++ for (y = 0; y < h - n; y += n) { ++ unsigned char md[MD_DIGEST_LENGTH]; ++ ++ /* Bitblt screen DC to memory DC */ ++ BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); ++ ++ /* Copy bitmap bits from memory DC to bmbits */ ++ GetBitmapBits(hBitmap, size, bmbits); ++ ++ /* Get the hash of the bitmap */ ++ MD(bmbits, size, md); ++ ++ /* Seed the random generator with the hash value */ ++ RAND_add(md, MD_DIGEST_LENGTH, 0); ++ } ++ ++ OPENSSL_free(bmbits); ++ } ++ ++ /* Select old bitmap back into memory DC */ ++ hBitmap = SelectObject(hMemDC, hOldBitmap); ++ ++ /* Clean up */ ++ DeleteObject(hBitmap); ++ DeleteDC(hMemDC); ++ DeleteDC(hScrDC); ++# endif /* !OPENSSL_SYS_WINCE */ + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c +index 1810568..3feca3d 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/randfile.c ++++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -70,7 +70,7 @@ + #include + + #ifdef OPENSSL_SYS_VMS +-#include ++# include + #endif + #ifndef NO_SYS_TYPES_H + # include +@@ -82,243 +82,250 @@ + #endif + + #ifdef _WIN32 +-#define stat _stat +-#define chmod _chmod +-#define open _open +-#define fdopen _fdopen ++# define stat _stat ++# define chmod _chmod ++# define open _open ++# define fdopen _fdopen + #endif + + #undef BUFSIZE +-#define BUFSIZE 1024 ++#define BUFSIZE 1024 + #define RAND_DATA 1024 + + #ifdef OPENSSL_SYS_VMS +-/* This declaration is a nasty hack to get around vms' extension to fopen +- * for passing in sharing options being disabled by our /STANDARD=ANSI89 */ ++/* ++ * This declaration is a nasty hack to get around vms' extension to fopen for ++ * passing in sharing options being disabled by our /STANDARD=ANSI89 ++ */ + static FILE *(*const vms_fopen)(const char *, const char *, ...) = + (FILE *(*)(const char *, const char *, ...))fopen; +-#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" ++# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" + #endif + + /* #define RFILE ".rnd" - defined in ../../e_os.h */ + +-/* Note that these functions are intended for seed files only. +- * Entropy devices and EGD sockets are handled in rand_unix.c */ ++/* ++ * Note that these functions are intended for seed files only. Entropy ++ * devices and EGD sockets are handled in rand_unix.c ++ */ + + int RAND_load_file(const char *file, long bytes) +- { +- /* If bytes >= 0, read up to 'bytes' bytes. +- * if bytes == -1, read complete file. */ ++{ ++ /*- ++ * If bytes >= 0, read up to 'bytes' bytes. ++ * if bytes == -1, read complete file. ++ */ + +- MS_STATIC unsigned char buf[BUFSIZE]; +- struct stat sb; +- int i,ret=0,n; +- FILE *in; ++ MS_STATIC unsigned char buf[BUFSIZE]; ++ struct stat sb; ++ int i, ret = 0, n; ++ FILE *in; + +- if (file == NULL) return(0); ++ if (file == NULL) ++ return (0); + + #ifdef PURIFY +- /* struct stat can have padding and unused fields that may not be +- * initialized in the call to stat(). We need to clear the entire +- * structure before calling RAND_add() to avoid complaints from +- * applications such as Valgrind. +- */ +- memset(&sb, 0, sizeof(sb)); ++ /* ++ * struct stat can have padding and unused fields that may not be ++ * initialized in the call to stat(). We need to clear the entire ++ * structure before calling RAND_add() to avoid complaints from ++ * applications such as Valgrind. ++ */ ++ memset(&sb, 0, sizeof(sb)); + #endif + +- if (stat(file,&sb) < 0) return(0); +- RAND_add(&sb,sizeof(sb),0.0); +- if (bytes == 0) return(ret); ++ if (stat(file, &sb) < 0) ++ return (0); ++ RAND_add(&sb, sizeof(sb), 0.0); ++ if (bytes == 0) ++ return (ret); + + #ifdef OPENSSL_SYS_VMS +- in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); ++ in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); + #else +- in=fopen(file,"rb"); ++ in = fopen(file, "rb"); + #endif +- if (in == NULL) goto err; ++ if (in == NULL) ++ goto err; + #if defined(S_ISBLK) && defined(S_ISCHR) +- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { +- /* this file is a device. we don't want read an infinite number +- * of bytes from a random device, nor do we want to use buffered +- * I/O because we will waste system entropy. +- */ +- bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ +- setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ +- } ++ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { ++ /* ++ * this file is a device. we don't want read an infinite number of ++ * bytes from a random device, nor do we want to use buffered I/O ++ * because we will waste system entropy. ++ */ ++ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ ++ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ ++ } + #endif +- for (;;) +- { +- if (bytes > 0) +- n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE; +- else +- n = BUFSIZE; +- i=fread(buf,1,n,in); +- if (i <= 0) break; ++ for (;;) { ++ if (bytes > 0) ++ n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE; ++ else ++ n = BUFSIZE; ++ i = fread(buf, 1, n, in); ++ if (i <= 0) ++ break; + #ifdef PURIFY +- RAND_add(buf,i,(double)i); ++ RAND_add(buf, i, (double)i); + #else +- /* even if n != i, use the full array */ +- RAND_add(buf,n,(double)i); ++ /* even if n != i, use the full array */ ++ RAND_add(buf, n, (double)i); + #endif +- ret+=i; +- if (bytes > 0) +- { +- bytes-=n; +- if (bytes <= 0) break; +- } +- } +- fclose(in); +- OPENSSL_cleanse(buf,BUFSIZE); +-err: +- return(ret); +- } ++ ret += i; ++ if (bytes > 0) { ++ bytes -= n; ++ if (bytes <= 0) ++ break; ++ } ++ } ++ fclose(in); ++ OPENSSL_cleanse(buf, BUFSIZE); ++ err: ++ return (ret); ++} + + int RAND_write_file(const char *file) +- { +- unsigned char buf[BUFSIZE]; +- int i,ret=0,rand_err=0; +- FILE *out = NULL; +- int n; +- struct stat sb; +- +- i=stat(file,&sb); +- if (i != -1) { ++{ ++ unsigned char buf[BUFSIZE]; ++ int i, ret = 0, rand_err = 0; ++ FILE *out = NULL; ++ int n; ++ struct stat sb; ++ ++ i = stat(file, &sb); ++ if (i != -1) { + #if defined(S_ISBLK) && defined(S_ISCHR) +- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { +- /* this file is a device. we don't write back to it. +- * we "succeed" on the assumption this is some sort +- * of random device. Otherwise attempting to write to +- * and chmod the device causes problems. +- */ +- return(1); +- } ++ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { ++ /* ++ * this file is a device. we don't write back to it. we ++ * "succeed" on the assumption this is some sort of random ++ * device. Otherwise attempting to write to and chmod the device ++ * causes problems. ++ */ ++ return (1); ++ } + #endif +- } +- ++ } + #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) +- { +- /* For some reason Win32 can't write to files created this way */ +- +- /* chmod(..., 0600) is too late to protect the file, +- * permissions should be restrictive from the start */ +- int fd = open(file, O_CREAT, 0600); +- if (fd != -1) +- out = fdopen(fd, "wb"); +- } ++ { ++ /* For some reason Win32 can't write to files created this way */ ++ ++ /* ++ * chmod(..., 0600) is too late to protect the file, permissions ++ * should be restrictive from the start ++ */ ++ int fd = open(file, O_CREAT, 0600); ++ if (fd != -1) ++ out = fdopen(fd, "wb"); ++ } + #endif + + #ifdef OPENSSL_SYS_VMS +- /* VMS NOTE: Prior versions of this routine created a _new_ +- * version of the rand file for each call into this routine, then +- * deleted all existing versions named ;-1, and finally renamed +- * the current version as ';1'. Under concurrent usage, this +- * resulted in an RMS race condition in rename() which could +- * orphan files (see vms message help for RMS$_REENT). With the +- * fopen() calls below, openssl/VMS now shares the top-level +- * version of the rand file. Note that there may still be +- * conditions where the top-level rand file is locked. If so, this +- * code will then create a new version of the rand file. Without +- * the delete and rename code, this can result in ascending file +- * versions that stop at version 32767, and this routine will then +- * return an error. The remedy for this is to recode the calling +- * application to avoid concurrent use of the rand file, or +- * synchronize usage at the application level. Also consider +- * whether or not you NEED a persistent rand file in a concurrent +- * use situation. +- */ ++ /* ++ * VMS NOTE: Prior versions of this routine created a _new_ version of ++ * the rand file for each call into this routine, then deleted all ++ * existing versions named ;-1, and finally renamed the current version ++ * as ';1'. Under concurrent usage, this resulted in an RMS race ++ * condition in rename() which could orphan files (see vms message help ++ * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares ++ * the top-level version of the rand file. Note that there may still be ++ * conditions where the top-level rand file is locked. If so, this code ++ * will then create a new version of the rand file. Without the delete ++ * and rename code, this can result in ascending file versions that stop ++ * at version 32767, and this routine will then return an error. The ++ * remedy for this is to recode the calling application to avoid ++ * concurrent use of the rand file, or synchronize usage at the ++ * application level. Also consider whether or not you NEED a persistent ++ * rand file in a concurrent use situation. ++ */ + +- out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS); +- if (out == NULL) +- out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); ++ out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); ++ if (out == NULL) ++ out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); + #else +- if (out == NULL) +- out = fopen(file,"wb"); ++ if (out == NULL) ++ out = fopen(file, "wb"); + #endif +- if (out == NULL) goto err; ++ if (out == NULL) ++ goto err; + + #ifndef NO_CHMOD +- chmod(file,0600); ++ chmod(file, 0600); + #endif +- n=RAND_DATA; +- for (;;) +- { +- i=(n > BUFSIZE)?BUFSIZE:n; +- n-=BUFSIZE; +- if (RAND_bytes(buf,i) <= 0) +- rand_err=1; +- i=fwrite(buf,1,i,out); +- if (i <= 0) +- { +- ret=0; +- break; +- } +- ret+=i; +- if (n <= 0) break; +- } ++ n = RAND_DATA; ++ for (;;) { ++ i = (n > BUFSIZE) ? BUFSIZE : n; ++ n -= BUFSIZE; ++ if (RAND_bytes(buf, i) <= 0) ++ rand_err = 1; ++ i = fwrite(buf, 1, i, out); ++ if (i <= 0) { ++ ret = 0; ++ break; ++ } ++ ret += i; ++ if (n <= 0) ++ break; ++ } + +- fclose(out); +- OPENSSL_cleanse(buf,BUFSIZE); +-err: +- return (rand_err ? -1 : ret); +- } ++ fclose(out); ++ OPENSSL_cleanse(buf, BUFSIZE); ++ err: ++ return (rand_err ? -1 : ret); ++} + + const char *RAND_file_name(char *buf, size_t size) +- { +- char *s=NULL; ++{ ++ char *s = NULL; + #ifdef __OpenBSD__ +- int ok = 0; +- struct stat sb; ++ int ok = 0; ++ struct stat sb; + #endif + +- if (OPENSSL_issetugid() == 0) +- s=getenv("RANDFILE"); +- if (s != NULL && *s && strlen(s) + 1 < size) +- { +- if (BUF_strlcpy(buf,s,size) >= size) +- return NULL; +- } +- else +- { +- if (OPENSSL_issetugid() == 0) +- s=getenv("HOME"); ++ if (OPENSSL_issetugid() == 0) ++ s = getenv("RANDFILE"); ++ if (s != NULL && *s && strlen(s) + 1 < size) { ++ if (BUF_strlcpy(buf, s, size) >= size) ++ return NULL; ++ } else { ++ if (OPENSSL_issetugid() == 0) ++ s = getenv("HOME"); + #ifdef DEFAULT_HOME +- if (s == NULL) +- { +- s = DEFAULT_HOME; +- } ++ if (s == NULL) { ++ s = DEFAULT_HOME; ++ } + #endif +- if (s && *s && strlen(s)+strlen(RFILE)+2 < size) +- { +- BUF_strlcpy(buf,s,size); ++ if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { ++ BUF_strlcpy(buf, s, size); + #ifndef OPENSSL_SYS_VMS +- BUF_strlcat(buf,"/",size); ++ BUF_strlcat(buf, "/", size); + #endif +- BUF_strlcat(buf,RFILE,size); ++ BUF_strlcat(buf, RFILE, size); + #ifdef __OpenBSD__ +- ok = 1; ++ ok = 1; + #endif +- } +- else +- buf[0] = '\0'; /* no file name */ +- } ++ } else ++ buf[0] = '\0'; /* no file name */ ++ } + + #ifdef __OpenBSD__ +- /* given that all random loads just fail if the file can't be +- * seen on a stat, we stat the file we're returning, if it +- * fails, use /dev/arandom instead. this allows the user to +- * use their own source for good random data, but defaults +- * to something hopefully decent if that isn't available. +- */ +- +- if (!ok) +- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { +- return(NULL); +- } +- if (stat(buf,&sb) == -1) +- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { +- return(NULL); +- } ++ /* ++ * given that all random loads just fail if the file can't be seen on a ++ * stat, we stat the file we're returning, if it fails, use /dev/arandom ++ * instead. this allows the user to use their own source for good random ++ * data, but defaults to something hopefully decent if that isn't ++ * available. ++ */ + ++ if (!ok) ++ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { ++ return (NULL); ++ } ++ if (stat(buf, &sb) == -1) ++ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { ++ return (NULL); ++ } + #endif +- return(buf); +- } ++ return (buf); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c +index 74f48d3..5eaf01d 100644 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c ++++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,167 +60,169 @@ + #include "rc2_locl.h" + + void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, +- RC2_KEY *ks, unsigned char *iv, int encrypt) +- { +- register unsigned long tin0,tin1; +- register unsigned long tout0,tout1,xor0,xor1; +- register long l=length; +- unsigned long tin[2]; +- +- if (encrypt) +- { +- c2l(iv,tout0); +- c2l(iv,tout1); +- iv-=8; +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); +- c2l(in,tin1); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- RC2_encrypt(tin,ks); +- tout0=tin[0]; l2c(tout0,out); +- tout1=tin[1]; l2c(tout1,out); +- } +- if (l != -8) +- { +- c2ln(in,tin0,tin1,l+8); +- tin0^=tout0; +- tin1^=tout1; +- tin[0]=tin0; +- tin[1]=tin1; +- RC2_encrypt(tin,ks); +- tout0=tin[0]; l2c(tout0,out); +- tout1=tin[1]; l2c(tout1,out); +- } +- l2c(tout0,iv); +- l2c(tout1,iv); +- } +- else +- { +- c2l(iv,xor0); +- c2l(iv,xor1); +- iv-=8; +- for (l-=8; l>=0; l-=8) +- { +- c2l(in,tin0); tin[0]=tin0; +- c2l(in,tin1); tin[1]=tin1; +- RC2_decrypt(tin,ks); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2c(tout0,out); +- l2c(tout1,out); +- xor0=tin0; +- xor1=tin1; +- } +- if (l != -8) +- { +- c2l(in,tin0); tin[0]=tin0; +- c2l(in,tin1); tin[1]=tin1; +- RC2_decrypt(tin,ks); +- tout0=tin[0]^xor0; +- tout1=tin[1]^xor1; +- l2cn(tout0,tout1,out,l+8); +- xor0=tin0; +- xor1=tin1; +- } +- l2c(xor0,iv); +- l2c(xor1,iv); +- } +- tin0=tin1=tout0=tout1=xor0=xor1=0; +- tin[0]=tin[1]=0; +- } ++ RC2_KEY *ks, unsigned char *iv, int encrypt) ++{ ++ register unsigned long tin0, tin1; ++ register unsigned long tout0, tout1, xor0, xor1; ++ register long l = length; ++ unsigned long tin[2]; ++ ++ if (encrypt) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ iv -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ RC2_encrypt(tin, ks); ++ tout0 = tin[0]; ++ l2c(tout0, out); ++ tout1 = tin[1]; ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ tin[0] = tin0; ++ tin[1] = tin1; ++ RC2_encrypt(tin, ks); ++ tout0 = tin[0]; ++ l2c(tout0, out); ++ tout1 = tin[1]; ++ l2c(tout1, out); ++ } ++ l2c(tout0, iv); ++ l2c(tout1, iv); ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ iv -= 8; ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ tin[0] = tin0; ++ c2l(in, tin1); ++ tin[1] = tin1; ++ RC2_decrypt(tin, ks); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ tin[0] = tin0; ++ c2l(in, tin1); ++ tin[1] = tin1; ++ RC2_decrypt(tin, ks); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2cn(tout0, tout1, out, l + 8); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ l2c(xor0, iv); ++ l2c(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} + + void RC2_encrypt(unsigned long *d, RC2_KEY *key) +- { +- int i,n; +- register RC2_INT *p0,*p1; +- register RC2_INT x0,x1,x2,x3,t; +- unsigned long l; +- +- l=d[0]; +- x0=(RC2_INT)l&0xffff; +- x1=(RC2_INT)(l>>16L); +- l=d[1]; +- x2=(RC2_INT)l&0xffff; +- x3=(RC2_INT)(l>>16L); +- +- n=3; +- i=5; +- +- p0=p1= &(key->data[0]); +- for (;;) +- { +- t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; +- x0=(t<<1)|(t>>15); +- t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; +- x1=(t<<2)|(t>>14); +- t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; +- x2=(t<<3)|(t>>13); +- t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; +- x3=(t<<5)|(t>>11); +- +- if (--i == 0) +- { +- if (--n == 0) break; +- i=(n == 2)?6:5; +- +- x0+=p1[x3&0x3f]; +- x1+=p1[x0&0x3f]; +- x2+=p1[x1&0x3f]; +- x3+=p1[x2&0x3f]; +- } +- } +- +- d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); +- d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); +- } ++{ ++ int i, n; ++ register RC2_INT *p0, *p1; ++ register RC2_INT x0, x1, x2, x3, t; ++ unsigned long l; ++ ++ l = d[0]; ++ x0 = (RC2_INT) l & 0xffff; ++ x1 = (RC2_INT) (l >> 16L); ++ l = d[1]; ++ x2 = (RC2_INT) l & 0xffff; ++ x3 = (RC2_INT) (l >> 16L); ++ ++ n = 3; ++ i = 5; ++ ++ p0 = p1 = &(key->data[0]); ++ for (;;) { ++ t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; ++ x0 = (t << 1) | (t >> 15); ++ t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; ++ x1 = (t << 2) | (t >> 14); ++ t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; ++ x2 = (t << 3) | (t >> 13); ++ t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; ++ x3 = (t << 5) | (t >> 11); ++ ++ if (--i == 0) { ++ if (--n == 0) ++ break; ++ i = (n == 2) ? 6 : 5; ++ ++ x0 += p1[x3 & 0x3f]; ++ x1 += p1[x0 & 0x3f]; ++ x2 += p1[x1 & 0x3f]; ++ x3 += p1[x2 & 0x3f]; ++ } ++ } ++ ++ d[0] = ++ (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); ++ d[1] = ++ (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); ++} + + void RC2_decrypt(unsigned long *d, RC2_KEY *key) +- { +- int i,n; +- register RC2_INT *p0,*p1; +- register RC2_INT x0,x1,x2,x3,t; +- unsigned long l; +- +- l=d[0]; +- x0=(RC2_INT)l&0xffff; +- x1=(RC2_INT)(l>>16L); +- l=d[1]; +- x2=(RC2_INT)l&0xffff; +- x3=(RC2_INT)(l>>16L); +- +- n=3; +- i=5; +- +- p0= &(key->data[63]); +- p1= &(key->data[0]); +- for (;;) +- { +- t=((x3<<11)|(x3>>5))&0xffff; +- x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff; +- t=((x2<<13)|(x2>>3))&0xffff; +- x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff; +- t=((x1<<14)|(x1>>2))&0xffff; +- x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff; +- t=((x0<<15)|(x0>>1))&0xffff; +- x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff; +- +- if (--i == 0) +- { +- if (--n == 0) break; +- i=(n == 2)?6:5; +- +- x3=(x3-p1[x2&0x3f])&0xffff; +- x2=(x2-p1[x1&0x3f])&0xffff; +- x1=(x1-p1[x0&0x3f])&0xffff; +- x0=(x0-p1[x3&0x3f])&0xffff; +- } +- } +- +- d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L); +- d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); +- } +- ++{ ++ int i, n; ++ register RC2_INT *p0, *p1; ++ register RC2_INT x0, x1, x2, x3, t; ++ unsigned long l; ++ ++ l = d[0]; ++ x0 = (RC2_INT) l & 0xffff; ++ x1 = (RC2_INT) (l >> 16L); ++ l = d[1]; ++ x2 = (RC2_INT) l & 0xffff; ++ x3 = (RC2_INT) (l >> 16L); ++ ++ n = 3; ++ i = 5; ++ ++ p0 = &(key->data[63]); ++ p1 = &(key->data[0]); ++ for (;;) { ++ t = ((x3 << 11) | (x3 >> 5)) & 0xffff; ++ x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff; ++ t = ((x2 << 13) | (x2 >> 3)) & 0xffff; ++ x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff; ++ t = ((x1 << 14) | (x1 >> 2)) & 0xffff; ++ x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff; ++ t = ((x0 << 15) | (x0 >> 1)) & 0xffff; ++ x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff; ++ ++ if (--i == 0) { ++ if (--n == 0) ++ break; ++ i = (n == 2) ? 6 : 5; ++ ++ x3 = (x3 - p1[x2 & 0x3f]) & 0xffff; ++ x2 = (x2 - p1[x1 & 0x3f]) & 0xffff; ++ x1 = (x1 - p1[x0 & 0x3f]) & 0xffff; ++ x0 = (x0 - p1[x3 & 0x3f]) & 0xffff; ++ } ++ } ++ ++ d[0] = ++ (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); ++ d[1] = ++ (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c +index fff86c7..48442a3 100644 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c ++++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -60,9 +60,10 @@ + #include "rc2_locl.h" + #include + +-const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT; ++const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT; + +-/* RC2 as implemented frm a posting from ++/*- ++ * RC2 as implemented frm a posting from + * Newsgroups: sci.crypt + * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) + * Subject: Specification for Ron Rivests Cipher No.2 +@@ -71,18 +72,21 @@ const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT; + */ + + void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks, +- int encrypt) +- { +- unsigned long l,d[2]; +- +- c2l(in,l); d[0]=l; +- c2l(in,l); d[1]=l; +- if (encrypt) +- RC2_encrypt(d,ks); +- else +- RC2_decrypt(d,ks); +- l=d[0]; l2c(l,out); +- l=d[1]; l2c(l,out); +- l=d[0]=d[1]=0; +- } ++ int encrypt) ++{ ++ unsigned long l, d[2]; + ++ c2l(in, l); ++ d[0] = l; ++ c2l(in, l); ++ d[1] = l; ++ if (encrypt) ++ RC2_encrypt(d, ks); ++ else ++ RC2_decrypt(d, ks); ++ l = d[0]; ++ l2c(l, out); ++ l = d[1]; ++ l2c(l, out); ++ l = d[0] = d[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c +index 4e000e5..5363304 100644 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c ++++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,104 +59,107 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include "rc2_locl.h" + +-static unsigned char key_table[256]={ +- 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79, +- 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e, +- 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5, +- 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32, +- 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22, +- 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c, +- 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f, +- 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26, +- 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b, +- 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7, +- 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde, +- 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a, +- 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e, +- 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc, +- 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85, +- 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31, +- 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10, +- 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c, +- 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b, +- 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e, +- 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68, +- 0xfe,0x7f,0xc1,0xad, +- }; ++static unsigned char key_table[256] = { ++ 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, ++ 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, ++ 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, ++ 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, ++ 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, ++ 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, ++ 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f, ++ 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, ++ 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, ++ 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, ++ 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde, ++ 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, ++ 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, ++ 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, ++ 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85, ++ 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, ++ 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, ++ 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, ++ 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, ++ 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, ++ 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, ++ 0xfe, 0x7f, 0xc1, 0xad, ++}; + + #if defined(_MSC_VER) && defined(_ARM_) +-#pragma optimize("g",off) ++# pragma optimize("g",off) + #endif + +-/* It has come to my attention that there are 2 versions of the RC2 +- * key schedule. One which is normal, and anther which has a hook to +- * use a reduced key length. +- * BSAFE uses the 'retarded' version. What I previously shipped is +- * the same as specifying 1024 for the 'bits' parameter. Bsafe uses +- * a version where the bits parameter is the same as len*8 */ ++/* ++ * It has come to my attention that there are 2 versions of the RC2 key ++ * schedule. One which is normal, and anther which has a hook to use a ++ * reduced key length. BSAFE uses the 'retarded' version. What I previously ++ * shipped is the same as specifying 1024 for the 'bits' parameter. Bsafe ++ * uses a version where the bits parameter is the same as len*8 ++ */ + + #ifdef OPENSSL_FIPS + void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +- { +- if (FIPS_mode()) +- FIPS_BAD_ABORT(RC2) +- private_RC2_set_key(key, len, data, bits); +- } ++{ ++ if (FIPS_mode()) ++ FIPS_BAD_ABORT(RC2) ++ private_RC2_set_key(key, len, data, bits); ++} ++ + void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, +- int bits) ++ int bits) + #else + void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) + #endif +- { +- int i,j; +- unsigned char *k; +- RC2_INT *ki; +- unsigned int c,d; +- +- k= (unsigned char *)&(key->data[0]); +- *k=0; /* for if there is a zero length key */ +- +- if (len > 128) len=128; +- if (bits <= 0) bits=1024; +- if (bits > 1024) bits=1024; +- +- for (i=0; i>3; +- i=128-j; +- c= (0xff>>(-bits & 0x07)); +- +- d=key_table[k[i]&c]; +- k[i]=d; +- while (i--) +- { +- d=key_table[k[i+j]^d]; +- k[i]=d; +- } +- +- /* copy from bytes into RC2_INT's */ +- ki= &(key->data[63]); +- for (i=127; i>=0; i-=2) +- *(ki--)=((k[i]<<8)|k[i-1])&0xffff; +- } ++{ ++ int i, j; ++ unsigned char *k; ++ RC2_INT *ki; ++ unsigned int c, d; ++ ++ k = (unsigned char *)&(key->data[0]); ++ *k = 0; /* for if there is a zero length key */ ++ ++ if (len > 128) ++ len = 128; ++ if (bits <= 0) ++ bits = 1024; ++ if (bits > 1024) ++ bits = 1024; ++ ++ for (i = 0; i < len; i++) ++ k[i] = data[i]; ++ ++ /* expand table */ ++ d = k[len - 1]; ++ j = 0; ++ for (i = len; i < 128; i++, j++) { ++ d = key_table[(k[j] + d) & 0xff]; ++ k[i] = d; ++ } ++ ++ /* hmm.... key reduction to 'bits' bits */ ++ ++ j = (bits + 7) >> 3; ++ i = 128 - j; ++ c = (0xff >> (-bits & 0x07)); ++ ++ d = key_table[k[i] & c]; ++ k[i] = d; ++ while (i--) { ++ d = key_table[k[i + j] ^ d]; ++ k[i] = d; ++ } ++ ++ /* copy from bytes into RC2_INT's */ ++ ki = &(key->data[63]); ++ for (i = 127; i >= 0; i -= 2) ++ *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff; ++} + + #if defined(_MSC_VER) +-#pragma optimize("",on) ++# pragma optimize("",on) + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c +index b3a0158..8b5929f 100644 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c ++++ b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,64 +59,65 @@ + #include + #include "rc2_locl.h" + +-/* The input and output encrypted as though 64bit cfb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + + void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC2_KEY *schedule, unsigned char *ivec, +- int *num, int encrypt) +- { +- register unsigned long v0,v1,t; +- register int n= *num; +- register long l=length; +- unsigned long ti[2]; +- unsigned char *iv,c,cc; +- +- iv=(unsigned char *)ivec; +- if (encrypt) +- { +- while (l--) +- { +- if (n == 0) +- { +- c2l(iv,v0); ti[0]=v0; +- c2l(iv,v1); ti[1]=v1; +- RC2_encrypt((unsigned long *)ti,schedule); +- iv=(unsigned char *)ivec; +- t=ti[0]; l2c(t,iv); +- t=ti[1]; l2c(t,iv); +- iv=(unsigned char *)ivec; +- } +- c= *(in++)^iv[n]; +- *(out++)=c; +- iv[n]=c; +- n=(n+1)&0x07; +- } +- } +- else +- { +- while (l--) +- { +- if (n == 0) +- { +- c2l(iv,v0); ti[0]=v0; +- c2l(iv,v1); ti[1]=v1; +- RC2_encrypt((unsigned long *)ti,schedule); +- iv=(unsigned char *)ivec; +- t=ti[0]; l2c(t,iv); +- t=ti[1]; l2c(t,iv); +- iv=(unsigned char *)ivec; +- } +- cc= *(in++); +- c=iv[n]; +- iv[n]=cc; +- *(out++)=c^cc; +- n=(n+1)&0x07; +- } +- } +- v0=v1=ti[0]=ti[1]=t=c=cc=0; +- *num=n; +- } ++ long length, RC2_KEY *schedule, unsigned char *ivec, ++ int *num, int encrypt) ++{ ++ register unsigned long v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ unsigned long ti[2]; ++ unsigned char *iv, c, cc; + ++ iv = (unsigned char *)ivec; ++ if (encrypt) { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ ti[0] = v0; ++ c2l(iv, v1); ++ ti[1] = v1; ++ RC2_encrypt((unsigned long *)ti, schedule); ++ iv = (unsigned char *)ivec; ++ t = ti[0]; ++ l2c(t, iv); ++ t = ti[1]; ++ l2c(t, iv); ++ iv = (unsigned char *)ivec; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ ti[0] = v0; ++ c2l(iv, v1); ++ ti[1] = v1; ++ RC2_encrypt((unsigned long *)ti, schedule); ++ iv = (unsigned char *)ivec; ++ t = ti[0]; ++ l2c(t, iv); ++ t = ti[1]; ++ l2c(t, iv); ++ iv = (unsigned char *)ivec; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c +index 9e29786..b9f4d8c 100644 +--- a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c ++++ b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,53 +59,52 @@ + #include + #include "rc2_locl.h" + +-/* The input and output encrypted as though 64bit ofb mode is being +- * used. The extra state information to record how much of the +- * 64bit block we have used is contained in *num; ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; + */ + void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC2_KEY *schedule, unsigned char *ivec, +- int *num) +- { +- register unsigned long v0,v1,t; +- register int n= *num; +- register long l=length; +- unsigned char d[8]; +- register char *dp; +- unsigned long ti[2]; +- unsigned char *iv; +- int save=0; +- +- iv=(unsigned char *)ivec; +- c2l(iv,v0); +- c2l(iv,v1); +- ti[0]=v0; +- ti[1]=v1; +- dp=(char *)d; +- l2c(v0,dp); +- l2c(v1,dp); +- while (l--) +- { +- if (n == 0) +- { +- RC2_encrypt((unsigned long *)ti,schedule); +- dp=(char *)d; +- t=ti[0]; l2c(t,dp); +- t=ti[1]; l2c(t,dp); +- save++; +- } +- *(out++)= *(in++)^d[n]; +- n=(n+1)&0x07; +- } +- if (save) +- { +- v0=ti[0]; +- v1=ti[1]; +- iv=(unsigned char *)ivec; +- l2c(v0,iv); +- l2c(v1,iv); +- } +- t=v0=v1=ti[0]=ti[1]=0; +- *num=n; +- } ++ long length, RC2_KEY *schedule, unsigned char *ivec, ++ int *num) ++{ ++ register unsigned long v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ unsigned char d[8]; ++ register char *dp; ++ unsigned long ti[2]; ++ unsigned char *iv; ++ int save = 0; + ++ iv = (unsigned char *)ivec; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = (char *)d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ RC2_encrypt((unsigned long *)ti, schedule); ++ dp = (char *)d; ++ t = ti[0]; ++ l2c(t, dp); ++ t = ti[1]; ++ l2c(t, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++ v0 = ti[0]; ++ v1 = ti[1]; ++ iv = (unsigned char *)ivec; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ } ++ t = v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +index 0660ea6..72cc8f6 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,7 +59,8 @@ + #include + #include "rc4_locl.h" + +-/* RC4 as implemented from a posting from ++/*- ++ * RC4 as implemented from a posting from + * Newsgroups: sci.crypt + * From: sterndark@netcom.com (David Sterndark) + * Subject: RC4 Algorithm revealed. +@@ -68,248 +69,266 @@ + */ + + void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +- unsigned char *outdata) +- { +- register RC4_INT *d; +- register RC4_INT x,y,tx,ty; +- int i; +- +- x=key->x; +- y=key->y; +- d=key->data; ++ unsigned char *outdata) ++{ ++ register RC4_INT *d; ++ register RC4_INT x, y, tx, ty; ++ int i; ++ ++ x = key->x; ++ y = key->y; ++ d = key->data; + + #if defined(RC4_CHUNK) +- /* +- * The original reason for implementing this(*) was the fact that +- * pre-21164a Alpha CPUs don't have byte load/store instructions +- * and e.g. a byte store has to be done with 64-bit load, shift, +- * and, or and finally 64-bit store. Peaking data and operating +- * at natural word size made it possible to reduce amount of +- * instructions as well as to perform early read-ahead without +- * suffering from RAW (read-after-write) hazard. This resulted +- * in ~40%(**) performance improvement on 21064 box with gcc. +- * But it's not only Alpha users who win here:-) Thanks to the +- * early-n-wide read-ahead this implementation also exhibits +- * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending +- * on sizeof(RC4_INT)). +- * +- * (*) "this" means code which recognizes the case when input +- * and output pointers appear to be aligned at natural CPU +- * word boundary +- * (**) i.e. according to 'apps/openssl speed rc4' benchmark, +- * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... +- * +- * Cavets. +- * +- * - RC4_CHUNK="unsigned long long" should be a #1 choice for +- * UltraSPARC. Unfortunately gcc generates very slow code +- * (2.5-3 times slower than one generated by Sun's WorkShop +- * C) and therefore gcc (at least 2.95 and earlier) should +- * always be told that RC4_CHUNK="unsigned long". +- * +- * +- */ ++ /*- ++ * The original reason for implementing this(*) was the fact that ++ * pre-21164a Alpha CPUs don't have byte load/store instructions ++ * and e.g. a byte store has to be done with 64-bit load, shift, ++ * and, or and finally 64-bit store. Peaking data and operating ++ * at natural word size made it possible to reduce amount of ++ * instructions as well as to perform early read-ahead without ++ * suffering from RAW (read-after-write) hazard. This resulted ++ * in ~40%(**) performance improvement on 21064 box with gcc. ++ * But it's not only Alpha users who win here:-) Thanks to the ++ * early-n-wide read-ahead this implementation also exhibits ++ * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending ++ * on sizeof(RC4_INT)). ++ * ++ * (*) "this" means code which recognizes the case when input ++ * and output pointers appear to be aligned at natural CPU ++ * word boundary ++ * (**) i.e. according to 'apps/openssl speed rc4' benchmark, ++ * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... ++ * ++ * Cavets. ++ * ++ * - RC4_CHUNK="unsigned long long" should be a #1 choice for ++ * UltraSPARC. Unfortunately gcc generates very slow code ++ * (2.5-3 times slower than one generated by Sun's WorkShop ++ * C) and therefore gcc (at least 2.95 and earlier) should ++ * always be told that RC4_CHUNK="unsigned long". ++ * ++ * ++ */ + +-# define RC4_STEP ( \ +- x=(x+1) &0xff, \ +- tx=d[x], \ +- y=(tx+y)&0xff, \ +- ty=d[y], \ +- d[y]=tx, \ +- d[x]=ty, \ +- (RC4_CHUNK)d[(tx+ty)&0xff]\ +- ) ++# define RC4_STEP ( \ ++ x=(x+1) &0xff, \ ++ tx=d[x], \ ++ y=(tx+y)&0xff, \ ++ ty=d[y], \ ++ d[y]=tx, \ ++ d[x]=ty, \ ++ (RC4_CHUNK)d[(tx+ty)&0xff]\ ++ ) + +- if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | +- ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) +- { +- RC4_CHUNK ichunk,otp; +- const union { long one; char little; } is_endian = {1}; ++ if ((((unsigned long)indata & (sizeof(RC4_CHUNK) - 1)) | ++ ((unsigned long)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) { ++ RC4_CHUNK ichunk, otp; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; + +- /* +- * I reckon we can afford to implement both endian +- * cases and to decide which way to take at run-time +- * because the machine code appears to be very compact +- * and redundant 1-2KB is perfectly tolerable (i.e. +- * in case the compiler fails to eliminate it:-). By +- * suggestion from Terrel Larson +- * who also stands for the is_endian union:-) +- * +- * Special notes. +- * +- * - is_endian is declared automatic as doing otherwise +- * (declaring static) prevents gcc from eliminating +- * the redundant code; +- * - compilers (those I've tried) don't seem to have +- * problems eliminating either the operators guarded +- * by "if (sizeof(RC4_CHUNK)==8)" or the condition +- * expressions themselves so I've got 'em to replace +- * corresponding #ifdefs from the previous version; +- * - I chose to let the redundant switch cases when +- * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed +- * before); +- * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in +- * [LB]ESHFT guards against "shift is out of range" +- * warnings when sizeof(RC4_CHUNK)!=8 +- * +- * +- */ +- if (!is_endian.little) +- { /* BIG-ENDIAN CASE */ +-# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) +- for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) +- { +- ichunk = *(RC4_CHUNK *)indata; +- otp = RC4_STEP< ++ * who also stands for the is_endian union:-) ++ * ++ * Special notes. ++ * ++ * - is_endian is declared automatic as doing otherwise ++ * (declaring static) prevents gcc from eliminating ++ * the redundant code; ++ * - compilers (those I've tried) don't seem to have ++ * problems eliminating either the operators guarded ++ * by "if (sizeof(RC4_CHUNK)==8)" or the condition ++ * expressions themselves so I've got 'em to replace ++ * corresponding #ifdefs from the previous version; ++ * - I chose to let the redundant switch cases when ++ * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed ++ * before); ++ * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in ++ * [LB]ESHFT guards against "shift is out of range" ++ * warnings when sizeof(RC4_CHUNK)!=8 ++ * ++ * ++ */ ++ if (!is_endian.little) { /* BIG-ENDIAN CASE */ ++# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) ++ for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) { ++ ichunk = *(RC4_CHUNK *) indata; ++ otp = RC4_STEP << BESHFT(0); ++ otp |= RC4_STEP << BESHFT(1); ++ otp |= RC4_STEP << BESHFT(2); ++ otp |= RC4_STEP << BESHFT(3); ++ if (sizeof(RC4_CHUNK) == 8) { ++ otp |= RC4_STEP << BESHFT(4); ++ otp |= RC4_STEP << BESHFT(5); ++ otp |= RC4_STEP << BESHFT(6); ++ otp |= RC4_STEP << BESHFT(7); ++ } ++ *(RC4_CHUNK *) outdata = otp ^ ichunk; ++ indata += sizeof(RC4_CHUNK); ++ outdata += sizeof(RC4_CHUNK); ++ } ++ if (len) { ++ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; + +- ichunk = *(RC4_CHUNK *)indata; +- ochunk = *(RC4_CHUNK *)outdata; +- otp = 0; +- i = BESHFT(0); +- mask <<= (sizeof(RC4_CHUNK)-len)<<3; +- switch (len&(sizeof(RC4_CHUNK)-1)) +- { +- case 7: otp = RC4_STEP<x=x; +- key->y=y; +- return; +- } +- else +- { /* LITTLE-ENDIAN CASE */ +-# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) +- for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK)) +- { +- ichunk = *(RC4_CHUNK *)indata; +- otp = RC4_STEP; +- otp |= RC4_STEP<<8; +- otp |= RC4_STEP<<16; +- otp |= RC4_STEP<<24; +- if (sizeof(RC4_CHUNK)==8) +- { +- otp |= RC4_STEP<x = x; ++ key->y = y; ++ return; ++ } else { /* LITTLE-ENDIAN CASE */ ++# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) ++ for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) { ++ ichunk = *(RC4_CHUNK *) indata; ++ otp = RC4_STEP; ++ otp |= RC4_STEP << 8; ++ otp |= RC4_STEP << 16; ++ otp |= RC4_STEP << 24; ++ if (sizeof(RC4_CHUNK) == 8) { ++ otp |= RC4_STEP << LESHFT(4); ++ otp |= RC4_STEP << LESHFT(5); ++ otp |= RC4_STEP << LESHFT(6); ++ otp |= RC4_STEP << LESHFT(7); ++ } ++ *(RC4_CHUNK *) outdata = otp ^ ichunk; ++ indata += sizeof(RC4_CHUNK); ++ outdata += sizeof(RC4_CHUNK); ++ } ++ if (len) { ++ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; + +- ichunk = *(RC4_CHUNK *)indata; +- ochunk = *(RC4_CHUNK *)outdata; +- otp = 0; +- i = 0; +- mask >>= (sizeof(RC4_CHUNK)-len)<<3; +- switch (len&(sizeof(RC4_CHUNK)-1)) +- { +- case 7: otp = RC4_STEP, i+=8; +- case 6: otp |= RC4_STEP<x=x; +- key->y=y; +- return; +- } +- } ++ ichunk = *(RC4_CHUNK *) indata; ++ ochunk = *(RC4_CHUNK *) outdata; ++ otp = 0; ++ i = 0; ++ mask >>= (sizeof(RC4_CHUNK) - len) << 3; ++ switch (len & (sizeof(RC4_CHUNK) - 1)) { ++ case 7: ++ otp = RC4_STEP, i += 8; ++ case 6: ++ otp |= RC4_STEP << i, i += 8; ++ case 5: ++ otp |= RC4_STEP << i, i += 8; ++ case 4: ++ otp |= RC4_STEP << i, i += 8; ++ case 3: ++ otp |= RC4_STEP << i, i += 8; ++ case 2: ++ otp |= RC4_STEP << i, i += 8; ++ case 1: ++ otp |= RC4_STEP << i, i += 8; ++ case 0:; /* ++ * it's never the case, ++ * but it has to be here ++ * for ultrix? ++ */ ++ } ++ ochunk &= ~mask; ++ ochunk |= (otp ^ ichunk) & mask; ++ *(RC4_CHUNK *) outdata = ochunk; ++ } ++ key->x = x; ++ key->y = y; ++ return; ++ } ++ } + #endif + #define LOOP(in,out) \ +- x=((x+1)&0xff); \ +- tx=d[x]; \ +- y=(tx+y)&0xff; \ +- d[x]=ty=d[y]; \ +- d[y]=tx; \ +- (out) = d[(tx+ty)&0xff]^ (in); ++ x=((x+1)&0xff); \ ++ tx=d[x]; \ ++ y=(tx+y)&0xff; \ ++ d[x]=ty=d[y]; \ ++ d[y]=tx; \ ++ (out) = d[(tx+ty)&0xff]^ (in); + + #ifndef RC4_INDEX +-#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) ++# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) + #else +-#define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) ++# define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) + #endif + +- i=(int)(len>>3L); +- if (i) +- { +- for (;;) +- { +- RC4_LOOP(indata,outdata,0); +- RC4_LOOP(indata,outdata,1); +- RC4_LOOP(indata,outdata,2); +- RC4_LOOP(indata,outdata,3); +- RC4_LOOP(indata,outdata,4); +- RC4_LOOP(indata,outdata,5); +- RC4_LOOP(indata,outdata,6); +- RC4_LOOP(indata,outdata,7); ++ i = (int)(len >> 3L); ++ if (i) { ++ for (;;) { ++ RC4_LOOP(indata, outdata, 0); ++ RC4_LOOP(indata, outdata, 1); ++ RC4_LOOP(indata, outdata, 2); ++ RC4_LOOP(indata, outdata, 3); ++ RC4_LOOP(indata, outdata, 4); ++ RC4_LOOP(indata, outdata, 5); ++ RC4_LOOP(indata, outdata, 6); ++ RC4_LOOP(indata, outdata, 7); + #ifdef RC4_INDEX +- indata+=8; +- outdata+=8; ++ indata += 8; ++ outdata += 8; + #endif +- if (--i == 0) break; +- } +- } +- i=(int)len&0x07; +- if (i) +- { +- for (;;) +- { +- RC4_LOOP(indata,outdata,0); if (--i == 0) break; +- RC4_LOOP(indata,outdata,1); if (--i == 0) break; +- RC4_LOOP(indata,outdata,2); if (--i == 0) break; +- RC4_LOOP(indata,outdata,3); if (--i == 0) break; +- RC4_LOOP(indata,outdata,4); if (--i == 0) break; +- RC4_LOOP(indata,outdata,5); if (--i == 0) break; +- RC4_LOOP(indata,outdata,6); if (--i == 0) break; +- } +- } +- key->x=x; +- key->y=y; +- } ++ if (--i == 0) ++ break; ++ } ++ } ++ i = (int)len & 0x07; ++ if (i) { ++ for (;;) { ++ RC4_LOOP(indata, outdata, 0); ++ if (--i == 0) ++ break; ++ RC4_LOOP(indata, outdata, 1); ++ if (--i == 0) ++ break; ++ RC4_LOOP(indata, outdata, 2); ++ if (--i == 0) ++ break; ++ RC4_LOOP(indata, outdata, 3); ++ if (--i == 0) ++ break; ++ RC4_LOOP(indata, outdata, 4); ++ if (--i == 0) ++ break; ++ RC4_LOOP(indata, outdata, 5); ++ if (--i == 0) ++ break; ++ RC4_LOOP(indata, outdata, 6); ++ if (--i == 0) ++ break; ++ } ++ } ++ key->x = x; ++ key->y = y; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c +index 1b2a429..f236685 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c +@@ -1,5 +1,6 @@ + /* crypto/rc4/rc4_fblk.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -51,25 +52,24 @@ + * ==================================================================== + */ + +- + #include + #include "rc4_locl.h" + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +-/* FIPS mode blocking for RC4 has to be done separately since RC4_set_key +- * may be implemented in an assembly language file. ++/* ++ * FIPS mode blocking for RC4 has to be done separately since RC4_set_key may ++ * be implemented in an assembly language file. + */ + + #ifdef OPENSSL_FIPS + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +- { +- if (FIPS_mode()) +- FIPS_BAD_ABORT(RC4) +- private_RC4_set_key(key, len, data); +- } ++{ ++ if (FIPS_mode()) ++ FIPS_BAD_ABORT(RC4) ++ private_RC4_set_key(key, len, data); ++} + #endif +- +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +index d1dc912..62121d9 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,28 +61,28 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + +- +-const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; ++const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT; + + const char *RC4_options(void) +- { ++{ + #ifdef RC4_INDEX +- if (sizeof(RC4_INT) == 1) +- return("rc4(idx,char)"); +- else +- return("rc4(idx,int)"); ++ if (sizeof(RC4_INT) == 1) ++ return ("rc4(idx,char)"); ++ else ++ return ("rc4(idx,int)"); + #else +- if (sizeof(RC4_INT) == 1) +- return("rc4(ptr,char)"); +- else +- return("rc4(ptr,int)"); ++ if (sizeof(RC4_INT) == 1) ++ return ("rc4(ptr,char)"); ++ else ++ return ("rc4(ptr,int)"); + #endif +- } ++} + +-/* RC4 as implemented from a posting from ++/*- ++ * RC4 as implemented from a posting from + * Newsgroups: sci.crypt + * From: sterndark@netcom.com (David Sterndark) + * Subject: RC4 Algorithm revealed. +@@ -95,71 +95,72 @@ void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) + #else + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) + #endif +- { +- register RC4_INT tmp; +- register int id1,id2; +- register RC4_INT *d; +- unsigned int i; +- +- d= &(key->data[0]); +- key->x = 0; +- key->y = 0; +- id1=id2=0; ++{ ++ register RC4_INT tmp; ++ register int id1, id2; ++ register RC4_INT *d; ++ unsigned int i; ++ ++ d = &(key->data[0]); ++ key->x = 0; ++ key->y = 0; ++ id1 = id2 = 0; + + #define SK_LOOP(d,n) { \ +- tmp=d[(n)]; \ +- id2 = (data[id1] + tmp + id2) & 0xff; \ +- if (++id1 == len) id1=0; \ +- d[(n)]=d[id2]; \ +- d[id2]=tmp; } ++ tmp=d[(n)]; \ ++ id2 = (data[id1] + tmp + id2) & 0xff; \ ++ if (++id1 == len) id1=0; \ ++ d[(n)]=d[id2]; \ ++ d[id2]=tmp; } + + #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) +-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +- defined(__INTEL__) || \ +- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) +- if (sizeof(RC4_INT) > 1) { +- /* +- * Unlike all other x86 [and x86_64] implementations, +- * Intel P4 core [including EM64T] was found to perform +- * poorly with wider RC4_INT. Performance improvement +- * for IA-32 hand-coded assembler turned out to be 2.8x +- * if re-coded for RC4_CHAR! It's however inappropriate +- * to just switch to RC4_CHAR for x86[_64], as non-P4 +- * implementations suffer from significant performance +- * losses then, e.g. PIII exhibits >2x deterioration, +- * and so does Opteron. In order to assure optimal +- * all-round performance, we detect P4 at run-time by +- * checking upon reserved bit 20 in CPU capability +- * vector and set up compressed key schedule, which is +- * recognized by correspondingly updated assembler +- * module... Bit 20 is set up by OPENSSL_ia32_cpuid. +- * +- * +- */ +-#ifdef OPENSSL_FIPS +- unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); +- if (ia32cap_ptr && (*ia32cap_ptr & (1<<20))) { +-#else +- if (OPENSSL_ia32cap_P & (1<<20)) { +-#endif +- unsigned char *cp=(unsigned char *)d; ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++ defined(__INTEL__) || \ ++ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) ++ if (sizeof(RC4_INT) > 1) { ++ /* ++ * Unlike all other x86 [and x86_64] implementations, ++ * Intel P4 core [including EM64T] was found to perform ++ * poorly with wider RC4_INT. Performance improvement ++ * for IA-32 hand-coded assembler turned out to be 2.8x ++ * if re-coded for RC4_CHAR! It's however inappropriate ++ * to just switch to RC4_CHAR for x86[_64], as non-P4 ++ * implementations suffer from significant performance ++ * losses then, e.g. PIII exhibits >2x deterioration, ++ * and so does Opteron. In order to assure optimal ++ * all-round performance, we detect P4 at run-time by ++ * checking upon reserved bit 20 in CPU capability ++ * vector and set up compressed key schedule, which is ++ * recognized by correspondingly updated assembler ++ * module... Bit 20 is set up by OPENSSL_ia32_cpuid. ++ * ++ * ++ */ ++# ifdef OPENSSL_FIPS ++ unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); ++ if (ia32cap_ptr && (*ia32cap_ptr & (1 << 20))) { ++# else ++ if (OPENSSL_ia32cap_P & (1 << 20)) { ++# endif ++ unsigned char *cp = (unsigned char *)d; + +- for (i=0;i<256;i++) cp[i]=i; +- for (i=0;i<256;i++) SK_LOOP(cp,i); +- /* mark schedule as compressed! */ +- d[256/sizeof(RC4_INT)]=-1; +- return; +- } +- } ++ for (i = 0; i < 256; i++) ++ cp[i] = i; ++ for (i = 0; i < 256; i++) ++ SK_LOOP(cp, i); ++ /* mark schedule as compressed! */ ++ d[256 / sizeof(RC4_INT)] = -1; ++ return; ++ } ++ } + # endif + #endif +- for (i=0; i < 256; i++) d[i]=i; +- for (i=0; i < 256; i+=4) +- { +- SK_LOOP(d,i+0); +- SK_LOOP(d,i+1); +- SK_LOOP(d,i+2); +- SK_LOOP(d,i+3); +- } +- } +- ++ for (i = 0; i < 256; i++) ++ d[i] = i; ++ for (i = 0; i < 256; i += 4) { ++ SK_LOOP(d, i + 0); ++ SK_LOOP(d, i + 1); ++ SK_LOOP(d, i + 2); ++ SK_LOOP(d, i + 3); ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c +index ead11d0..236a5ed 100644 +--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,238 +61,279 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + ++const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT; + +-const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; +- +-# ifdef RMD160_ASM +- void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num); +-# define ripemd160_block ripemd160_block_x86 +-# else +- void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); +-# endif ++#ifdef RMD160_ASM ++void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num); ++# define ripemd160_block ripemd160_block_x86 ++#else ++void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); ++#endif + + FIPS_NON_FIPS_MD_Init(RIPEMD160) +- { +- c->A=RIPEMD160_A; +- c->B=RIPEMD160_B; +- c->C=RIPEMD160_C; +- c->D=RIPEMD160_D; +- c->E=RIPEMD160_E; +- c->Nl=0; +- c->Nh=0; +- c->num=0; +- return 1; +- } ++{ ++ c->A = RIPEMD160_A; ++ c->B = RIPEMD160_B; ++ c->C = RIPEMD160_C; ++ c->D = RIPEMD160_D; ++ c->E = RIPEMD160_E; ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ return 1; ++} + + #ifndef ripemd160_block_data_order +-#ifdef X +-#undef X +-#endif +-void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) +- { +- const unsigned char *data=p; +- register unsigned MD32_REG_T A,B,C,D,E; +- unsigned MD32_REG_T a,b,c,d,e,l; +-#ifndef MD32_XARRAY +- /* See comment in crypto/sha/sha_locl.h for details. */ +- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, +- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; +-# define X(i) XX##i +-#else +- RIPEMD160_LONG XX[16]; +-# define X(i) XX[i] +-#endif ++# ifdef X ++# undef X ++# endif ++void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) ++{ ++ const unsigned char *data = p; ++ register unsigned MD32_REG_T A, B, C, D, E; ++ unsigned MD32_REG_T a, b, c, d, e, l; ++# ifndef MD32_XARRAY ++ /* See comment in crypto/sha/sha_locl.h for details. */ ++ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, ++ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; ++# define X(i) XX##i ++# else ++ RIPEMD160_LONG XX[16]; ++# define X(i) XX[i] ++# endif + +- for (;num--;) +- { ++ for (; num--;) { + +- A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; ++ A = ctx->A; ++ B = ctx->B; ++ C = ctx->C; ++ D = ctx->D; ++ E = ctx->E; + +- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; +- RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; +- RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; +- RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; +- RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l; +- RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l; +- RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l; +- RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l; +- RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l; +- RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l; +- RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l; +- RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l; +- RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l; +- RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l; +- RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l; +- RIP1(B,C,D,E,A,WL14,SL14); +- RIP1(A,B,C,D,E,WL15,SL15); ++ HOST_c2l(data, l); ++ X(0) = l; ++ HOST_c2l(data, l); ++ X(1) = l; ++ RIP1(A, B, C, D, E, WL00, SL00); ++ HOST_c2l(data, l); ++ X(2) = l; ++ RIP1(E, A, B, C, D, WL01, SL01); ++ HOST_c2l(data, l); ++ X(3) = l; ++ RIP1(D, E, A, B, C, WL02, SL02); ++ HOST_c2l(data, l); ++ X(4) = l; ++ RIP1(C, D, E, A, B, WL03, SL03); ++ HOST_c2l(data, l); ++ X(5) = l; ++ RIP1(B, C, D, E, A, WL04, SL04); ++ HOST_c2l(data, l); ++ X(6) = l; ++ RIP1(A, B, C, D, E, WL05, SL05); ++ HOST_c2l(data, l); ++ X(7) = l; ++ RIP1(E, A, B, C, D, WL06, SL06); ++ HOST_c2l(data, l); ++ X(8) = l; ++ RIP1(D, E, A, B, C, WL07, SL07); ++ HOST_c2l(data, l); ++ X(9) = l; ++ RIP1(C, D, E, A, B, WL08, SL08); ++ HOST_c2l(data, l); ++ X(10) = l; ++ RIP1(B, C, D, E, A, WL09, SL09); ++ HOST_c2l(data, l); ++ X(11) = l; ++ RIP1(A, B, C, D, E, WL10, SL10); ++ HOST_c2l(data, l); ++ X(12) = l; ++ RIP1(E, A, B, C, D, WL11, SL11); ++ HOST_c2l(data, l); ++ X(13) = l; ++ RIP1(D, E, A, B, C, WL12, SL12); ++ HOST_c2l(data, l); ++ X(14) = l; ++ RIP1(C, D, E, A, B, WL13, SL13); ++ HOST_c2l(data, l); ++ X(15) = l; ++ RIP1(B, C, D, E, A, WL14, SL14); ++ RIP1(A, B, C, D, E, WL15, SL15); + +- RIP2(E,A,B,C,D,WL16,SL16,KL1); +- RIP2(D,E,A,B,C,WL17,SL17,KL1); +- RIP2(C,D,E,A,B,WL18,SL18,KL1); +- RIP2(B,C,D,E,A,WL19,SL19,KL1); +- RIP2(A,B,C,D,E,WL20,SL20,KL1); +- RIP2(E,A,B,C,D,WL21,SL21,KL1); +- RIP2(D,E,A,B,C,WL22,SL22,KL1); +- RIP2(C,D,E,A,B,WL23,SL23,KL1); +- RIP2(B,C,D,E,A,WL24,SL24,KL1); +- RIP2(A,B,C,D,E,WL25,SL25,KL1); +- RIP2(E,A,B,C,D,WL26,SL26,KL1); +- RIP2(D,E,A,B,C,WL27,SL27,KL1); +- RIP2(C,D,E,A,B,WL28,SL28,KL1); +- RIP2(B,C,D,E,A,WL29,SL29,KL1); +- RIP2(A,B,C,D,E,WL30,SL30,KL1); +- RIP2(E,A,B,C,D,WL31,SL31,KL1); ++ RIP2(E, A, B, C, D, WL16, SL16, KL1); ++ RIP2(D, E, A, B, C, WL17, SL17, KL1); ++ RIP2(C, D, E, A, B, WL18, SL18, KL1); ++ RIP2(B, C, D, E, A, WL19, SL19, KL1); ++ RIP2(A, B, C, D, E, WL20, SL20, KL1); ++ RIP2(E, A, B, C, D, WL21, SL21, KL1); ++ RIP2(D, E, A, B, C, WL22, SL22, KL1); ++ RIP2(C, D, E, A, B, WL23, SL23, KL1); ++ RIP2(B, C, D, E, A, WL24, SL24, KL1); ++ RIP2(A, B, C, D, E, WL25, SL25, KL1); ++ RIP2(E, A, B, C, D, WL26, SL26, KL1); ++ RIP2(D, E, A, B, C, WL27, SL27, KL1); ++ RIP2(C, D, E, A, B, WL28, SL28, KL1); ++ RIP2(B, C, D, E, A, WL29, SL29, KL1); ++ RIP2(A, B, C, D, E, WL30, SL30, KL1); ++ RIP2(E, A, B, C, D, WL31, SL31, KL1); + +- RIP3(D,E,A,B,C,WL32,SL32,KL2); +- RIP3(C,D,E,A,B,WL33,SL33,KL2); +- RIP3(B,C,D,E,A,WL34,SL34,KL2); +- RIP3(A,B,C,D,E,WL35,SL35,KL2); +- RIP3(E,A,B,C,D,WL36,SL36,KL2); +- RIP3(D,E,A,B,C,WL37,SL37,KL2); +- RIP3(C,D,E,A,B,WL38,SL38,KL2); +- RIP3(B,C,D,E,A,WL39,SL39,KL2); +- RIP3(A,B,C,D,E,WL40,SL40,KL2); +- RIP3(E,A,B,C,D,WL41,SL41,KL2); +- RIP3(D,E,A,B,C,WL42,SL42,KL2); +- RIP3(C,D,E,A,B,WL43,SL43,KL2); +- RIP3(B,C,D,E,A,WL44,SL44,KL2); +- RIP3(A,B,C,D,E,WL45,SL45,KL2); +- RIP3(E,A,B,C,D,WL46,SL46,KL2); +- RIP3(D,E,A,B,C,WL47,SL47,KL2); ++ RIP3(D, E, A, B, C, WL32, SL32, KL2); ++ RIP3(C, D, E, A, B, WL33, SL33, KL2); ++ RIP3(B, C, D, E, A, WL34, SL34, KL2); ++ RIP3(A, B, C, D, E, WL35, SL35, KL2); ++ RIP3(E, A, B, C, D, WL36, SL36, KL2); ++ RIP3(D, E, A, B, C, WL37, SL37, KL2); ++ RIP3(C, D, E, A, B, WL38, SL38, KL2); ++ RIP3(B, C, D, E, A, WL39, SL39, KL2); ++ RIP3(A, B, C, D, E, WL40, SL40, KL2); ++ RIP3(E, A, B, C, D, WL41, SL41, KL2); ++ RIP3(D, E, A, B, C, WL42, SL42, KL2); ++ RIP3(C, D, E, A, B, WL43, SL43, KL2); ++ RIP3(B, C, D, E, A, WL44, SL44, KL2); ++ RIP3(A, B, C, D, E, WL45, SL45, KL2); ++ RIP3(E, A, B, C, D, WL46, SL46, KL2); ++ RIP3(D, E, A, B, C, WL47, SL47, KL2); + +- RIP4(C,D,E,A,B,WL48,SL48,KL3); +- RIP4(B,C,D,E,A,WL49,SL49,KL3); +- RIP4(A,B,C,D,E,WL50,SL50,KL3); +- RIP4(E,A,B,C,D,WL51,SL51,KL3); +- RIP4(D,E,A,B,C,WL52,SL52,KL3); +- RIP4(C,D,E,A,B,WL53,SL53,KL3); +- RIP4(B,C,D,E,A,WL54,SL54,KL3); +- RIP4(A,B,C,D,E,WL55,SL55,KL3); +- RIP4(E,A,B,C,D,WL56,SL56,KL3); +- RIP4(D,E,A,B,C,WL57,SL57,KL3); +- RIP4(C,D,E,A,B,WL58,SL58,KL3); +- RIP4(B,C,D,E,A,WL59,SL59,KL3); +- RIP4(A,B,C,D,E,WL60,SL60,KL3); +- RIP4(E,A,B,C,D,WL61,SL61,KL3); +- RIP4(D,E,A,B,C,WL62,SL62,KL3); +- RIP4(C,D,E,A,B,WL63,SL63,KL3); ++ RIP4(C, D, E, A, B, WL48, SL48, KL3); ++ RIP4(B, C, D, E, A, WL49, SL49, KL3); ++ RIP4(A, B, C, D, E, WL50, SL50, KL3); ++ RIP4(E, A, B, C, D, WL51, SL51, KL3); ++ RIP4(D, E, A, B, C, WL52, SL52, KL3); ++ RIP4(C, D, E, A, B, WL53, SL53, KL3); ++ RIP4(B, C, D, E, A, WL54, SL54, KL3); ++ RIP4(A, B, C, D, E, WL55, SL55, KL3); ++ RIP4(E, A, B, C, D, WL56, SL56, KL3); ++ RIP4(D, E, A, B, C, WL57, SL57, KL3); ++ RIP4(C, D, E, A, B, WL58, SL58, KL3); ++ RIP4(B, C, D, E, A, WL59, SL59, KL3); ++ RIP4(A, B, C, D, E, WL60, SL60, KL3); ++ RIP4(E, A, B, C, D, WL61, SL61, KL3); ++ RIP4(D, E, A, B, C, WL62, SL62, KL3); ++ RIP4(C, D, E, A, B, WL63, SL63, KL3); + +- RIP5(B,C,D,E,A,WL64,SL64,KL4); +- RIP5(A,B,C,D,E,WL65,SL65,KL4); +- RIP5(E,A,B,C,D,WL66,SL66,KL4); +- RIP5(D,E,A,B,C,WL67,SL67,KL4); +- RIP5(C,D,E,A,B,WL68,SL68,KL4); +- RIP5(B,C,D,E,A,WL69,SL69,KL4); +- RIP5(A,B,C,D,E,WL70,SL70,KL4); +- RIP5(E,A,B,C,D,WL71,SL71,KL4); +- RIP5(D,E,A,B,C,WL72,SL72,KL4); +- RIP5(C,D,E,A,B,WL73,SL73,KL4); +- RIP5(B,C,D,E,A,WL74,SL74,KL4); +- RIP5(A,B,C,D,E,WL75,SL75,KL4); +- RIP5(E,A,B,C,D,WL76,SL76,KL4); +- RIP5(D,E,A,B,C,WL77,SL77,KL4); +- RIP5(C,D,E,A,B,WL78,SL78,KL4); +- RIP5(B,C,D,E,A,WL79,SL79,KL4); ++ RIP5(B, C, D, E, A, WL64, SL64, KL4); ++ RIP5(A, B, C, D, E, WL65, SL65, KL4); ++ RIP5(E, A, B, C, D, WL66, SL66, KL4); ++ RIP5(D, E, A, B, C, WL67, SL67, KL4); ++ RIP5(C, D, E, A, B, WL68, SL68, KL4); ++ RIP5(B, C, D, E, A, WL69, SL69, KL4); ++ RIP5(A, B, C, D, E, WL70, SL70, KL4); ++ RIP5(E, A, B, C, D, WL71, SL71, KL4); ++ RIP5(D, E, A, B, C, WL72, SL72, KL4); ++ RIP5(C, D, E, A, B, WL73, SL73, KL4); ++ RIP5(B, C, D, E, A, WL74, SL74, KL4); ++ RIP5(A, B, C, D, E, WL75, SL75, KL4); ++ RIP5(E, A, B, C, D, WL76, SL76, KL4); ++ RIP5(D, E, A, B, C, WL77, SL77, KL4); ++ RIP5(C, D, E, A, B, WL78, SL78, KL4); ++ RIP5(B, C, D, E, A, WL79, SL79, KL4); + +- a=A; b=B; c=C; d=D; e=E; +- /* Do other half */ +- A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; ++ a = A; ++ b = B; ++ c = C; ++ d = D; ++ e = E; ++ /* Do other half */ ++ A = ctx->A; ++ B = ctx->B; ++ C = ctx->C; ++ D = ctx->D; ++ E = ctx->E; + +- RIP5(A,B,C,D,E,WR00,SR00,KR0); +- RIP5(E,A,B,C,D,WR01,SR01,KR0); +- RIP5(D,E,A,B,C,WR02,SR02,KR0); +- RIP5(C,D,E,A,B,WR03,SR03,KR0); +- RIP5(B,C,D,E,A,WR04,SR04,KR0); +- RIP5(A,B,C,D,E,WR05,SR05,KR0); +- RIP5(E,A,B,C,D,WR06,SR06,KR0); +- RIP5(D,E,A,B,C,WR07,SR07,KR0); +- RIP5(C,D,E,A,B,WR08,SR08,KR0); +- RIP5(B,C,D,E,A,WR09,SR09,KR0); +- RIP5(A,B,C,D,E,WR10,SR10,KR0); +- RIP5(E,A,B,C,D,WR11,SR11,KR0); +- RIP5(D,E,A,B,C,WR12,SR12,KR0); +- RIP5(C,D,E,A,B,WR13,SR13,KR0); +- RIP5(B,C,D,E,A,WR14,SR14,KR0); +- RIP5(A,B,C,D,E,WR15,SR15,KR0); ++ RIP5(A, B, C, D, E, WR00, SR00, KR0); ++ RIP5(E, A, B, C, D, WR01, SR01, KR0); ++ RIP5(D, E, A, B, C, WR02, SR02, KR0); ++ RIP5(C, D, E, A, B, WR03, SR03, KR0); ++ RIP5(B, C, D, E, A, WR04, SR04, KR0); ++ RIP5(A, B, C, D, E, WR05, SR05, KR0); ++ RIP5(E, A, B, C, D, WR06, SR06, KR0); ++ RIP5(D, E, A, B, C, WR07, SR07, KR0); ++ RIP5(C, D, E, A, B, WR08, SR08, KR0); ++ RIP5(B, C, D, E, A, WR09, SR09, KR0); ++ RIP5(A, B, C, D, E, WR10, SR10, KR0); ++ RIP5(E, A, B, C, D, WR11, SR11, KR0); ++ RIP5(D, E, A, B, C, WR12, SR12, KR0); ++ RIP5(C, D, E, A, B, WR13, SR13, KR0); ++ RIP5(B, C, D, E, A, WR14, SR14, KR0); ++ RIP5(A, B, C, D, E, WR15, SR15, KR0); + +- RIP4(E,A,B,C,D,WR16,SR16,KR1); +- RIP4(D,E,A,B,C,WR17,SR17,KR1); +- RIP4(C,D,E,A,B,WR18,SR18,KR1); +- RIP4(B,C,D,E,A,WR19,SR19,KR1); +- RIP4(A,B,C,D,E,WR20,SR20,KR1); +- RIP4(E,A,B,C,D,WR21,SR21,KR1); +- RIP4(D,E,A,B,C,WR22,SR22,KR1); +- RIP4(C,D,E,A,B,WR23,SR23,KR1); +- RIP4(B,C,D,E,A,WR24,SR24,KR1); +- RIP4(A,B,C,D,E,WR25,SR25,KR1); +- RIP4(E,A,B,C,D,WR26,SR26,KR1); +- RIP4(D,E,A,B,C,WR27,SR27,KR1); +- RIP4(C,D,E,A,B,WR28,SR28,KR1); +- RIP4(B,C,D,E,A,WR29,SR29,KR1); +- RIP4(A,B,C,D,E,WR30,SR30,KR1); +- RIP4(E,A,B,C,D,WR31,SR31,KR1); ++ RIP4(E, A, B, C, D, WR16, SR16, KR1); ++ RIP4(D, E, A, B, C, WR17, SR17, KR1); ++ RIP4(C, D, E, A, B, WR18, SR18, KR1); ++ RIP4(B, C, D, E, A, WR19, SR19, KR1); ++ RIP4(A, B, C, D, E, WR20, SR20, KR1); ++ RIP4(E, A, B, C, D, WR21, SR21, KR1); ++ RIP4(D, E, A, B, C, WR22, SR22, KR1); ++ RIP4(C, D, E, A, B, WR23, SR23, KR1); ++ RIP4(B, C, D, E, A, WR24, SR24, KR1); ++ RIP4(A, B, C, D, E, WR25, SR25, KR1); ++ RIP4(E, A, B, C, D, WR26, SR26, KR1); ++ RIP4(D, E, A, B, C, WR27, SR27, KR1); ++ RIP4(C, D, E, A, B, WR28, SR28, KR1); ++ RIP4(B, C, D, E, A, WR29, SR29, KR1); ++ RIP4(A, B, C, D, E, WR30, SR30, KR1); ++ RIP4(E, A, B, C, D, WR31, SR31, KR1); + +- RIP3(D,E,A,B,C,WR32,SR32,KR2); +- RIP3(C,D,E,A,B,WR33,SR33,KR2); +- RIP3(B,C,D,E,A,WR34,SR34,KR2); +- RIP3(A,B,C,D,E,WR35,SR35,KR2); +- RIP3(E,A,B,C,D,WR36,SR36,KR2); +- RIP3(D,E,A,B,C,WR37,SR37,KR2); +- RIP3(C,D,E,A,B,WR38,SR38,KR2); +- RIP3(B,C,D,E,A,WR39,SR39,KR2); +- RIP3(A,B,C,D,E,WR40,SR40,KR2); +- RIP3(E,A,B,C,D,WR41,SR41,KR2); +- RIP3(D,E,A,B,C,WR42,SR42,KR2); +- RIP3(C,D,E,A,B,WR43,SR43,KR2); +- RIP3(B,C,D,E,A,WR44,SR44,KR2); +- RIP3(A,B,C,D,E,WR45,SR45,KR2); +- RIP3(E,A,B,C,D,WR46,SR46,KR2); +- RIP3(D,E,A,B,C,WR47,SR47,KR2); ++ RIP3(D, E, A, B, C, WR32, SR32, KR2); ++ RIP3(C, D, E, A, B, WR33, SR33, KR2); ++ RIP3(B, C, D, E, A, WR34, SR34, KR2); ++ RIP3(A, B, C, D, E, WR35, SR35, KR2); ++ RIP3(E, A, B, C, D, WR36, SR36, KR2); ++ RIP3(D, E, A, B, C, WR37, SR37, KR2); ++ RIP3(C, D, E, A, B, WR38, SR38, KR2); ++ RIP3(B, C, D, E, A, WR39, SR39, KR2); ++ RIP3(A, B, C, D, E, WR40, SR40, KR2); ++ RIP3(E, A, B, C, D, WR41, SR41, KR2); ++ RIP3(D, E, A, B, C, WR42, SR42, KR2); ++ RIP3(C, D, E, A, B, WR43, SR43, KR2); ++ RIP3(B, C, D, E, A, WR44, SR44, KR2); ++ RIP3(A, B, C, D, E, WR45, SR45, KR2); ++ RIP3(E, A, B, C, D, WR46, SR46, KR2); ++ RIP3(D, E, A, B, C, WR47, SR47, KR2); + +- RIP2(C,D,E,A,B,WR48,SR48,KR3); +- RIP2(B,C,D,E,A,WR49,SR49,KR3); +- RIP2(A,B,C,D,E,WR50,SR50,KR3); +- RIP2(E,A,B,C,D,WR51,SR51,KR3); +- RIP2(D,E,A,B,C,WR52,SR52,KR3); +- RIP2(C,D,E,A,B,WR53,SR53,KR3); +- RIP2(B,C,D,E,A,WR54,SR54,KR3); +- RIP2(A,B,C,D,E,WR55,SR55,KR3); +- RIP2(E,A,B,C,D,WR56,SR56,KR3); +- RIP2(D,E,A,B,C,WR57,SR57,KR3); +- RIP2(C,D,E,A,B,WR58,SR58,KR3); +- RIP2(B,C,D,E,A,WR59,SR59,KR3); +- RIP2(A,B,C,D,E,WR60,SR60,KR3); +- RIP2(E,A,B,C,D,WR61,SR61,KR3); +- RIP2(D,E,A,B,C,WR62,SR62,KR3); +- RIP2(C,D,E,A,B,WR63,SR63,KR3); ++ RIP2(C, D, E, A, B, WR48, SR48, KR3); ++ RIP2(B, C, D, E, A, WR49, SR49, KR3); ++ RIP2(A, B, C, D, E, WR50, SR50, KR3); ++ RIP2(E, A, B, C, D, WR51, SR51, KR3); ++ RIP2(D, E, A, B, C, WR52, SR52, KR3); ++ RIP2(C, D, E, A, B, WR53, SR53, KR3); ++ RIP2(B, C, D, E, A, WR54, SR54, KR3); ++ RIP2(A, B, C, D, E, WR55, SR55, KR3); ++ RIP2(E, A, B, C, D, WR56, SR56, KR3); ++ RIP2(D, E, A, B, C, WR57, SR57, KR3); ++ RIP2(C, D, E, A, B, WR58, SR58, KR3); ++ RIP2(B, C, D, E, A, WR59, SR59, KR3); ++ RIP2(A, B, C, D, E, WR60, SR60, KR3); ++ RIP2(E, A, B, C, D, WR61, SR61, KR3); ++ RIP2(D, E, A, B, C, WR62, SR62, KR3); ++ RIP2(C, D, E, A, B, WR63, SR63, KR3); + +- RIP1(B,C,D,E,A,WR64,SR64); +- RIP1(A,B,C,D,E,WR65,SR65); +- RIP1(E,A,B,C,D,WR66,SR66); +- RIP1(D,E,A,B,C,WR67,SR67); +- RIP1(C,D,E,A,B,WR68,SR68); +- RIP1(B,C,D,E,A,WR69,SR69); +- RIP1(A,B,C,D,E,WR70,SR70); +- RIP1(E,A,B,C,D,WR71,SR71); +- RIP1(D,E,A,B,C,WR72,SR72); +- RIP1(C,D,E,A,B,WR73,SR73); +- RIP1(B,C,D,E,A,WR74,SR74); +- RIP1(A,B,C,D,E,WR75,SR75); +- RIP1(E,A,B,C,D,WR76,SR76); +- RIP1(D,E,A,B,C,WR77,SR77); +- RIP1(C,D,E,A,B,WR78,SR78); +- RIP1(B,C,D,E,A,WR79,SR79); ++ RIP1(B, C, D, E, A, WR64, SR64); ++ RIP1(A, B, C, D, E, WR65, SR65); ++ RIP1(E, A, B, C, D, WR66, SR66); ++ RIP1(D, E, A, B, C, WR67, SR67); ++ RIP1(C, D, E, A, B, WR68, SR68); ++ RIP1(B, C, D, E, A, WR69, SR69); ++ RIP1(A, B, C, D, E, WR70, SR70); ++ RIP1(E, A, B, C, D, WR71, SR71); ++ RIP1(D, E, A, B, C, WR72, SR72); ++ RIP1(C, D, E, A, B, WR73, SR73); ++ RIP1(B, C, D, E, A, WR74, SR74); ++ RIP1(A, B, C, D, E, WR75, SR75); ++ RIP1(E, A, B, C, D, WR76, SR76); ++ RIP1(D, E, A, B, C, WR77, SR77); ++ RIP1(C, D, E, A, B, WR78, SR78); ++ RIP1(B, C, D, E, A, WR79, SR79); + +- D =ctx->B+c+D; +- ctx->B=ctx->C+d+E; +- ctx->C=ctx->D+e+A; +- ctx->D=ctx->E+a+B; +- ctx->E=ctx->A+b+C; +- ctx->A=D; ++ D = ctx->B + c + D; ++ ctx->B = ctx->C + d + E; ++ ctx->C = ctx->D + e + A; ++ ctx->D = ctx->E + a + B; ++ ctx->E = ctx->A + b + C; ++ ctx->A = D; + +- } +- } ++ } ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c +index 3efb137..666e01a 100644 +--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c ++++ b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -61,18 +61,17 @@ + #include + #include + +-unsigned char *RIPEMD160(const unsigned char *d, size_t n, +- unsigned char *md) +- { +- RIPEMD160_CTX c; +- static unsigned char m[RIPEMD160_DIGEST_LENGTH]; +- +- if (md == NULL) md=m; +- if (!RIPEMD160_Init(&c)) +- return NULL; +- RIPEMD160_Update(&c,d,n); +- RIPEMD160_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */ +- return(md); +- } ++unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) ++{ ++ RIPEMD160_CTX c; ++ static unsigned char m[RIPEMD160_DIGEST_LENGTH]; + ++ if (md == NULL) ++ md = m; ++ if (!RIPEMD160_Init(&c)) ++ return NULL; ++ RIPEMD160_Update(&c, d, n); ++ RIPEMD160_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ ++ return (md); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +index 6e8a803..5286321 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +@@ -1,6 +1,7 @@ + /* rsa_asn1.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. + */ + /* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,48 +63,50 @@ + #include + #include + +-static ASN1_METHOD method={ +- (I2D_OF(void)) i2d_RSAPrivateKey, +- (D2I_OF(void)) d2i_RSAPrivateKey, +- (void *(*)(void)) RSA_new, +- (void (*)(void *)) RSA_free}; ++static ASN1_METHOD method = { ++ (I2D_OF(void)) i2d_RSAPrivateKey, ++ (D2I_OF(void)) d2i_RSAPrivateKey, ++ (void *(*)(void))RSA_new, ++ (void (*)(void *))RSA_free ++}; + + ASN1_METHOD *RSAPrivateKey_asn1_meth(void) +- { +- return(&method); +- } ++{ ++ return (&method); ++} + + /* Override the default free and new methods */ + static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- if(operation == ASN1_OP_NEW_PRE) { +- *pval = (ASN1_VALUE *)RSA_new(); +- if(*pval) return 2; +- return 0; +- } else if(operation == ASN1_OP_FREE_PRE) { +- RSA_free((RSA *)*pval); +- *pval = NULL; +- return 2; +- } +- return 1; ++ if (operation == ASN1_OP_NEW_PRE) { ++ *pval = (ASN1_VALUE *)RSA_new(); ++ if (*pval) ++ return 2; ++ return 0; ++ } else if (operation == ASN1_OP_FREE_PRE) { ++ RSA_free((RSA *)*pval); ++ *pval = NULL; ++ return 2; ++ } ++ return 1; + } + + ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { +- ASN1_SIMPLE(RSA, version, LONG), +- ASN1_SIMPLE(RSA, n, BIGNUM), +- ASN1_SIMPLE(RSA, e, BIGNUM), +- ASN1_SIMPLE(RSA, d, BIGNUM), +- ASN1_SIMPLE(RSA, p, BIGNUM), +- ASN1_SIMPLE(RSA, q, BIGNUM), +- ASN1_SIMPLE(RSA, dmp1, BIGNUM), +- ASN1_SIMPLE(RSA, dmq1, BIGNUM), +- ASN1_SIMPLE(RSA, iqmp, BIGNUM) ++ ASN1_SIMPLE(RSA, version, LONG), ++ ASN1_SIMPLE(RSA, n, BIGNUM), ++ ASN1_SIMPLE(RSA, e, BIGNUM), ++ ASN1_SIMPLE(RSA, d, BIGNUM), ++ ASN1_SIMPLE(RSA, p, BIGNUM), ++ ASN1_SIMPLE(RSA, q, BIGNUM), ++ ASN1_SIMPLE(RSA, dmp1, BIGNUM), ++ ASN1_SIMPLE(RSA, dmq1, BIGNUM), ++ ASN1_SIMPLE(RSA, iqmp, BIGNUM) + } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) + + + ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { +- ASN1_SIMPLE(RSA, n, BIGNUM), +- ASN1_SIMPLE(RSA, e, BIGNUM), ++ ASN1_SIMPLE(RSA, n, BIGNUM), ++ ASN1_SIMPLE(RSA, e, BIGNUM), + } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) +@@ -111,11 +114,11 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) + + RSA *RSAPublicKey_dup(RSA *rsa) +- { +- return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); +- } ++{ ++ return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); ++} + + RSA *RSAPrivateKey_dup(RSA *rsa) +- { +- return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); +- } ++{ ++ return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +index 9d848db..67724f8 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -52,133 +52,158 @@ + #include + #include + +- + int RSA_check_key(const RSA *key) +- { +- BIGNUM *i, *j, *k, *l, *m; +- BN_CTX *ctx; +- int r; +- int ret=1; +- +- i = BN_new(); +- j = BN_new(); +- k = BN_new(); +- l = BN_new(); +- m = BN_new(); +- ctx = BN_CTX_new(); +- if (i == NULL || j == NULL || k == NULL || l == NULL || +- m == NULL || ctx == NULL) +- { +- ret = -1; +- RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* p prime? */ +- r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); +- if (r != 1) +- { +- ret = r; +- if (r != 0) +- goto err; +- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); +- } +- +- /* q prime? */ +- r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); +- if (r != 1) +- { +- ret = r; +- if (r != 0) +- goto err; +- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); +- } +- +- /* n = p*q? */ +- r = BN_mul(i, key->p, key->q, ctx); +- if (!r) { ret = -1; goto err; } +- +- if (BN_cmp(i, key->n) != 0) +- { +- ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); +- } +- +- /* d*e = 1 mod lcm(p-1,q-1)? */ +- +- r = BN_sub(i, key->p, BN_value_one()); +- if (!r) { ret = -1; goto err; } +- r = BN_sub(j, key->q, BN_value_one()); +- if (!r) { ret = -1; goto err; } +- +- /* now compute k = lcm(i,j) */ +- r = BN_mul(l, i, j, ctx); +- if (!r) { ret = -1; goto err; } +- r = BN_gcd(m, i, j, ctx); +- if (!r) { ret = -1; goto err; } +- r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ +- if (!r) { ret = -1; goto err; } +- +- r = BN_mod_mul(i, key->d, key->e, k, ctx); +- if (!r) { ret = -1; goto err; } +- +- if (!BN_is_one(i)) +- { +- ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); +- } +- +- if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) +- { +- /* dmp1 = d mod (p-1)? */ +- r = BN_sub(i, key->p, BN_value_one()); +- if (!r) { ret = -1; goto err; } +- +- r = BN_mod(j, key->d, i, ctx); +- if (!r) { ret = -1; goto err; } +- +- if (BN_cmp(j, key->dmp1) != 0) +- { +- ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY, +- RSA_R_DMP1_NOT_CONGRUENT_TO_D); +- } +- +- /* dmq1 = d mod (q-1)? */ +- r = BN_sub(i, key->q, BN_value_one()); +- if (!r) { ret = -1; goto err; } +- +- r = BN_mod(j, key->d, i, ctx); +- if (!r) { ret = -1; goto err; } +- +- if (BN_cmp(j, key->dmq1) != 0) +- { +- ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY, +- RSA_R_DMQ1_NOT_CONGRUENT_TO_D); +- } +- +- /* iqmp = q^-1 mod p? */ +- if(!BN_mod_inverse(i, key->q, key->p, ctx)) +- { +- ret = -1; +- goto err; +- } +- +- if (BN_cmp(i, key->iqmp) != 0) +- { +- ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY, +- RSA_R_IQMP_NOT_INVERSE_OF_Q); +- } +- } ++{ ++ BIGNUM *i, *j, *k, *l, *m; ++ BN_CTX *ctx; ++ int r; ++ int ret = 1; ++ ++ i = BN_new(); ++ j = BN_new(); ++ k = BN_new(); ++ l = BN_new(); ++ m = BN_new(); ++ ctx = BN_CTX_new(); ++ if (i == NULL || j == NULL || k == NULL || l == NULL || ++ m == NULL || ctx == NULL) { ++ ret = -1; ++ RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* p prime? */ ++ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); ++ if (r != 1) { ++ ret = r; ++ if (r != 0) ++ goto err; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); ++ } ++ ++ /* q prime? */ ++ r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); ++ if (r != 1) { ++ ret = r; ++ if (r != 0) ++ goto err; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); ++ } ++ ++ /* n = p*q? */ ++ r = BN_mul(i, key->p, key->q, ctx); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ if (BN_cmp(i, key->n) != 0) { ++ ret = 0; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); ++ } ++ ++ /* d*e = 1 mod lcm(p-1,q-1)? */ ++ ++ r = BN_sub(i, key->p, BN_value_one()); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ r = BN_sub(j, key->q, BN_value_one()); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ /* now compute k = lcm(i,j) */ ++ r = BN_mul(l, i, j, ctx); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ r = BN_gcd(m, i, j, ctx); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ r = BN_mod_mul(i, key->d, key->e, k, ctx); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ if (!BN_is_one(i)) { ++ ret = 0; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); ++ } ++ ++ if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { ++ /* dmp1 = d mod (p-1)? */ ++ r = BN_sub(i, key->p, BN_value_one()); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ r = BN_mod(j, key->d, i, ctx); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ if (BN_cmp(j, key->dmp1) != 0) { ++ ret = 0; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); ++ } ++ ++ /* dmq1 = d mod (q-1)? */ ++ r = BN_sub(i, key->q, BN_value_one()); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ r = BN_mod(j, key->d, i, ctx); ++ if (!r) { ++ ret = -1; ++ goto err; ++ } ++ ++ if (BN_cmp(j, key->dmq1) != 0) { ++ ret = 0; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); ++ } ++ ++ /* iqmp = q^-1 mod p? */ ++ if (!BN_mod_inverse(i, key->q, key->p, ctx)) { ++ ret = -1; ++ goto err; ++ } ++ ++ if (BN_cmp(i, key->iqmp) != 0) { ++ ret = 0; ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); ++ } ++ } + + err: +- if (i != NULL) BN_free(i); +- if (j != NULL) BN_free(j); +- if (k != NULL) BN_free(k); +- if (l != NULL) BN_free(l); +- if (m != NULL) BN_free(m); +- if (ctx != NULL) BN_CTX_free(ctx); +- return (ret); +- } ++ if (i != NULL) ++ BN_free(i); ++ if (j != NULL) ++ BN_free(j); ++ if (k != NULL) ++ BN_free(k); ++ if (l != NULL) ++ BN_free(l); ++ if (m != NULL) ++ BN_free(m); ++ if (ctx != NULL) ++ BN_CTX_free(ctx); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c +index a859ded..32f0c88 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,8 +53,10 @@ + * + */ + +-/* NB: This file contains deprecated functions (compatibility wrappers to the +- * "new" versions). */ ++/* ++ * NB: This file contains deprecated functions (compatibility wrappers to the ++ * "new" versions). ++ */ + + #include + #include +@@ -64,38 +66,42 @@ + + #ifdef OPENSSL_NO_DEPRECATED + +-static void *dummy=&dummy; ++static void *dummy = &dummy; + + #else + + RSA *RSA_generate_key(int bits, unsigned long e_value, +- void (*callback)(int,int,void *), void *cb_arg) +- { +- BN_GENCB cb; +- int i; +- RSA *rsa = RSA_new(); +- BIGNUM *e = BN_new(); ++ void (*callback) (int, int, void *), void *cb_arg) ++{ ++ BN_GENCB cb; ++ int i; ++ RSA *rsa = RSA_new(); ++ BIGNUM *e = BN_new(); + +- if(!rsa || !e) goto err; ++ if (!rsa || !e) ++ goto err; + +- /* The problem is when building with 8, 16, or 32 BN_ULONG, +- * unsigned long can be larger */ +- for (i=0; i<(int)sizeof(unsigned long)*8; i++) +- { +- if (e_value & (1UL<n) > OPENSSL_RSA_MAX_MODULUS_BITS) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); +- return -1; +- } +- +- if (BN_ucmp(rsa->n, rsa->e) <= 0) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- +- /* for large moduli, enforce exponent limit */ +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) +- { +- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- } +- +- if ((ctx=BN_CTX_new()) == NULL) goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num=BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if (!f || !ret || !buf) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- switch (padding) +- { +- case RSA_PKCS1_PADDING: +- i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); +- break; +-#ifndef OPENSSL_NO_SHA +- case RSA_PKCS1_OAEP_PADDING: +- i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); +- break; +-#endif +- case RSA_SSLV23_PADDING: +- i=RSA_padding_add_SSLv23(buf,num,from,flen); +- break; +- case RSA_NO_PADDING: +- i=RSA_padding_add_none(buf,num,from,flen); +- break; +- default: +- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (i <= 0) goto err; +- +- if (BN_bin2bn(buf,num,f) == NULL) goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) +- { +- /* usually the padding functions would catch this */ +- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) +- goto err; +- +- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, +- rsa->_method_mod_n)) goto err; +- +- /* put in leading 0 bytes if the number is less than the +- * length of the modulus */ +- j=BN_num_bytes(ret); +- i=BN_bn2bin(ret,&(to[num-j])); +- for (k=0; k<(num-i); k++) +- to[k]=0; +- +- r=num; +-err: +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (buf != NULL) +- { +- OPENSSL_cleanse(buf,num); +- OPENSSL_free(buf); +- } +- return(r); +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret; ++ int i, j, k, num = 0, r = -1; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); ++ return -1; ++ } ++ ++ if (BN_ucmp(rsa->n, rsa->e) <= 0) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ ++ /* for large moduli, enforce exponent limit */ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { ++ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); ++ break; ++# ifndef OPENSSL_NO_SHA ++ case RSA_PKCS1_OAEP_PADDING: ++ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); ++ break; ++# endif ++ case RSA_SSLV23_PADDING: ++ i = RSA_padding_add_SSLv23(buf, num, from, flen); ++ break; ++ case RSA_NO_PADDING: ++ i = RSA_padding_add_none(buf, num, from, flen); ++ break; ++ default: ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (i <= 0) ++ goto err; ++ ++ if (BN_bin2bn(buf, num, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ /* usually the padding functions would catch this */ ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ ++ /* ++ * put in leading 0 bytes if the number is less than the length of the ++ * modulus ++ */ ++ j = BN_num_bytes(ret); ++ i = BN_bn2bin(ret, &(to[num - j])); ++ for (k = 0; k < (num - i); k++) ++ to[k] = 0; ++ ++ r = num; ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} + + static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) + { +- BN_BLINDING *ret; +- int got_write_lock = 0; +- +- CRYPTO_r_lock(CRYPTO_LOCK_RSA); +- +- if (rsa->blinding == NULL) +- { +- CRYPTO_r_unlock(CRYPTO_LOCK_RSA); +- CRYPTO_w_lock(CRYPTO_LOCK_RSA); +- got_write_lock = 1; +- +- if (rsa->blinding == NULL) +- rsa->blinding = RSA_setup_blinding(rsa, ctx); +- } +- +- ret = rsa->blinding; +- if (ret == NULL) +- goto err; +- +- if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) +- { +- /* rsa->blinding is ours! */ +- +- *local = 1; +- } +- else +- { +- /* resort to rsa->mt_blinding instead */ +- +- *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() +- * that the BN_BLINDING is shared, meaning that accesses +- * require locks, and that the blinding factor must be +- * stored outside the BN_BLINDING +- */ +- +- if (rsa->mt_blinding == NULL) +- { +- if (!got_write_lock) +- { +- CRYPTO_r_unlock(CRYPTO_LOCK_RSA); +- CRYPTO_w_lock(CRYPTO_LOCK_RSA); +- got_write_lock = 1; +- } +- +- if (rsa->mt_blinding == NULL) +- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); +- } +- ret = rsa->mt_blinding; +- } ++ BN_BLINDING *ret; ++ int got_write_lock = 0; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_RSA); ++ ++ if (rsa->blinding == NULL) { ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ got_write_lock = 1; ++ ++ if (rsa->blinding == NULL) ++ rsa->blinding = RSA_setup_blinding(rsa, ctx); ++ } ++ ++ ret = rsa->blinding; ++ if (ret == NULL) ++ goto err; ++ ++ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) { ++ /* rsa->blinding is ours! */ ++ ++ *local = 1; ++ } else { ++ /* resort to rsa->mt_blinding instead */ ++ ++ /* ++ * instructs rsa_blinding_convert(), rsa_blinding_invert() that the ++ * BN_BLINDING is shared, meaning that accesses require locks, and ++ * that the blinding factor must be stored outside the BN_BLINDING ++ */ ++ *local = 0; ++ ++ if (rsa->mt_blinding == NULL) { ++ if (!got_write_lock) { ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ got_write_lock = 1; ++ } ++ ++ if (rsa->mt_blinding == NULL) ++ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); ++ } ++ ret = rsa->mt_blinding; ++ } + + err: +- if (got_write_lock) +- CRYPTO_w_unlock(CRYPTO_LOCK_RSA); +- else +- CRYPTO_r_unlock(CRYPTO_LOCK_RSA); +- return ret; ++ if (got_write_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); ++ else ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ return ret; + } + + static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, +- BN_CTX *ctx) +- { +- if (unblind == NULL) +- /* Local blinding: store the unblinding factor +- * in BN_BLINDING. */ +- return BN_BLINDING_convert_ex(f, NULL, b, ctx); +- else +- { +- /* Shared blinding: store the unblinding factor +- * outside BN_BLINDING. */ +- int ret; +- CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); +- ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); +- CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); +- return ret; +- } +- } ++ BN_CTX *ctx) ++{ ++ if (unblind == NULL) ++ /* ++ * Local blinding: store the unblinding factor in BN_BLINDING. ++ */ ++ return BN_BLINDING_convert_ex(f, NULL, b, ctx); ++ else { ++ /* ++ * Shared blinding: store the unblinding factor outside BN_BLINDING. ++ */ ++ int ret; ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); ++ ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); ++ return ret; ++ } ++} + + static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, +- BN_CTX *ctx) +- { +- /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex +- * will use the unblinding factor stored in BN_BLINDING. +- * If BN_BLINDING is shared between threads, unblind must be non-null: +- * BN_BLINDING_invert_ex will then use the local unblinding factor, +- * and will only read the modulus from BN_BLINDING. +- * In both cases it's safe to access the blinding without a lock. +- */ +- return BN_BLINDING_invert_ex(f, unblind, b, ctx); +- } ++ BN_CTX *ctx) ++{ ++ /* ++ * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex ++ * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING ++ * is shared between threads, unblind must be non-null: ++ * BN_BLINDING_invert_ex will then use the local unblinding factor, and ++ * will only read the modulus from BN_BLINDING. In both cases it's safe ++ * to access the blinding without a lock. ++ */ ++ return BN_BLINDING_invert_ex(f, unblind, b, ctx); ++} + + /* signing */ + static int RSA_eay_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- BIGNUM *f, *ret, *res; +- int i,j,k,num=0,r= -1; +- unsigned char *buf=NULL; +- BN_CTX *ctx=NULL; +- int local_blinding = 0; +- /* Used only if the blinding structure is shared. A non-NULL unblind +- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store +- * the unblinding factor outside the blinding structure. */ +- BIGNUM *unblind = NULL; +- BN_BLINDING *blinding = NULL; +- +- if ((ctx=BN_CTX_new()) == NULL) goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num = BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if(!f || !ret || !buf) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- switch (padding) +- { +- case RSA_PKCS1_PADDING: +- i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); +- break; +- case RSA_X931_PADDING: +- i=RSA_padding_add_X931(buf,num,from,flen); +- break; +- case RSA_NO_PADDING: +- i=RSA_padding_add_none(buf,num,from,flen); +- break; +- case RSA_SSLV23_PADDING: +- default: +- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (i <= 0) goto err; +- +- if (BN_bin2bn(buf,num,f) == NULL) goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) +- { +- /* usually the padding functions would catch this */ +- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) +- { +- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); +- if (blinding == NULL) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (blinding != NULL) +- { +- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) +- goto err; +- } +- +- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || +- ((rsa->p != NULL) && +- (rsa->q != NULL) && +- (rsa->dmp1 != NULL) && +- (rsa->dmq1 != NULL) && +- (rsa->iqmp != NULL)) ) +- { +- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; +- } +- else +- { +- BIGNUM local_d; +- BIGNUM *d = NULL; +- +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- BN_init(&local_d); +- d = &local_d; +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- } +- else +- d= rsa->d; +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) +- goto err; +- +- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, +- rsa->_method_mod_n)) goto err; +- } +- +- if (blinding) +- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) +- goto err; +- +- if (padding == RSA_X931_PADDING) +- { +- BN_sub(f, rsa->n, ret); +- if (BN_cmp(ret, f) > 0) +- res = f; +- else +- res = ret; +- } +- else +- res = ret; +- +- /* put in leading 0 bytes if the number is less than the +- * length of the modulus */ +- j=BN_num_bytes(res); +- i=BN_bn2bin(res,&(to[num-j])); +- for (k=0; k<(num-i); k++) +- to[k]=0; +- +- r=num; +-err: +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (buf != NULL) +- { +- OPENSSL_cleanse(buf,num); +- OPENSSL_free(buf); +- } +- return(r); +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret, *res; ++ int i, j, k, num = 0, r = -1; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ int local_blinding = 0; ++ /* ++ * Used only if the blinding structure is shared. A non-NULL unblind ++ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store ++ * the unblinding factor outside the blinding structure. ++ */ ++ BIGNUM *unblind = NULL; ++ BN_BLINDING *blinding = NULL; ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); ++ break; ++ case RSA_X931_PADDING: ++ i = RSA_padding_add_X931(buf, num, from, flen); ++ break; ++ case RSA_NO_PADDING: ++ i = RSA_padding_add_none(buf, num, from, flen); ++ break; ++ case RSA_SSLV23_PADDING: ++ default: ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (i <= 0) ++ goto err; ++ ++ if (BN_bin2bn(buf, num, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ /* usually the padding functions would catch this */ ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { ++ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); ++ if (blinding == NULL) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (blinding != NULL) { ++ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) ++ goto err; ++ } ++ ++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || ++ ((rsa->p != NULL) && ++ (rsa->q != NULL) && ++ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { ++ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) ++ goto err; ++ } else { ++ BIGNUM local_d; ++ BIGNUM *d = NULL; ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ BN_init(&local_d); ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ } ++ ++ if (blinding) ++ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) ++ goto err; ++ ++ if (padding == RSA_X931_PADDING) { ++ BN_sub(f, rsa->n, ret); ++ if (BN_cmp(ret, f) > 0) ++ res = f; ++ else ++ res = ret; ++ } else ++ res = ret; ++ ++ /* ++ * put in leading 0 bytes if the number is less than the length of the ++ * modulus ++ */ ++ j = BN_num_bytes(res); ++ i = BN_bn2bin(res, &(to[num - j])); ++ for (k = 0; k < (num - i); k++) ++ to[k] = 0; ++ ++ r = num; ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} + + static int RSA_eay_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- BIGNUM *f, *ret; +- int j,num=0,r= -1; +- unsigned char *p; +- unsigned char *buf=NULL; +- BN_CTX *ctx=NULL; +- int local_blinding = 0; +- /* Used only if the blinding structure is shared. A non-NULL unblind +- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store +- * the unblinding factor outside the blinding structure. */ +- BIGNUM *unblind = NULL; +- BN_BLINDING *blinding = NULL; +- +- if((ctx = BN_CTX_new()) == NULL) goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num = BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if(!f || !ret || !buf) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* This check was for equality but PGP does evil things +- * and chops off the top '0' bytes */ +- if (flen > num) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); +- goto err; +- } +- +- /* make data into a big number */ +- if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) +- { +- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); +- if (blinding == NULL) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (blinding != NULL) +- { +- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) +- { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) +- goto err; +- } +- +- /* do the decrypt */ +- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || +- ((rsa->p != NULL) && +- (rsa->q != NULL) && +- (rsa->dmp1 != NULL) && +- (rsa->dmq1 != NULL) && +- (rsa->iqmp != NULL)) ) +- { +- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; +- } +- else +- { +- BIGNUM local_d; +- BIGNUM *d = NULL; +- +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- d = &local_d; +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- } +- else +- d = rsa->d; +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) +- goto err; +- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, +- rsa->_method_mod_n)) +- goto err; +- } +- +- if (blinding) +- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) +- goto err; +- +- p=buf; +- j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ +- +- switch (padding) +- { +- case RSA_PKCS1_PADDING: +- r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); +- break; +-#ifndef OPENSSL_NO_SHA +- case RSA_PKCS1_OAEP_PADDING: +- r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); +- break; +-#endif +- case RSA_SSLV23_PADDING: +- r=RSA_padding_check_SSLv23(to,num,buf,j,num); +- break; +- case RSA_NO_PADDING: +- r=RSA_padding_check_none(to,num,buf,j,num); +- break; +- default: +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (r < 0) +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); +- +-err: +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (buf != NULL) +- { +- OPENSSL_cleanse(buf,num); +- OPENSSL_free(buf); +- } +- return(r); +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret; ++ int j, num = 0, r = -1; ++ unsigned char *p; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ int local_blinding = 0; ++ /* ++ * Used only if the blinding structure is shared. A non-NULL unblind ++ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store ++ * the unblinding factor outside the blinding structure. ++ */ ++ BIGNUM *unblind = NULL; ++ BN_BLINDING *blinding = NULL; ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* ++ * This check was for equality but PGP does evil things and chops off the ++ * top '0' bytes ++ */ ++ if (flen > num) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ++ RSA_R_DATA_GREATER_THAN_MOD_LEN); ++ goto err; ++ } ++ ++ /* make data into a big number */ ++ if (BN_bin2bn(from, (int)flen, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { ++ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); ++ if (blinding == NULL) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (blinding != NULL) { ++ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) ++ goto err; ++ } ++ ++ /* do the decrypt */ ++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || ++ ((rsa->p != NULL) && ++ (rsa->q != NULL) && ++ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { ++ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) ++ goto err; ++ } else { ++ BIGNUM local_d; ++ BIGNUM *d = NULL; ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ } ++ ++ if (blinding) ++ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) ++ goto err; ++ ++ p = buf; ++ j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); ++ break; ++# ifndef OPENSSL_NO_SHA ++ case RSA_PKCS1_OAEP_PADDING: ++ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); ++ break; ++# endif ++ case RSA_SSLV23_PADDING: ++ r = RSA_padding_check_SSLv23(to, num, buf, j, num); ++ break; ++ case RSA_NO_PADDING: ++ r = RSA_padding_check_none(to, num, buf, j, num); ++ break; ++ default: ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (r < 0) ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); ++ ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} + + /* signature verification */ + static int RSA_eay_public_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- BIGNUM *f,*ret; +- int i,num=0,r= -1; +- unsigned char *p; +- unsigned char *buf=NULL; +- BN_CTX *ctx=NULL; +- +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); +- return -1; +- } +- +- if (BN_ucmp(rsa->n, rsa->e) <= 0) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- +- /* for large moduli, enforce exponent limit */ +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) +- { +- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- } +- +- if((ctx = BN_CTX_new()) == NULL) goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num=BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if(!f || !ret || !buf) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* This check was for equality but PGP does evil things +- * and chops off the top '0' bytes */ +- if (flen > num) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); +- goto err; +- } +- +- if (BN_bin2bn(from,flen,f) == NULL) goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) +- { +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) +- goto err; +- +- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, +- rsa->_method_mod_n)) goto err; +- +- if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) +- if (!BN_sub(ret, rsa->n, ret)) goto err; +- +- p=buf; +- i=BN_bn2bin(ret,p); +- +- switch (padding) +- { +- case RSA_PKCS1_PADDING: +- r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); +- break; +- case RSA_X931_PADDING: +- r=RSA_padding_check_X931(to,num,buf,i,num); +- break; +- case RSA_NO_PADDING: +- r=RSA_padding_check_none(to,num,buf,i,num); +- break; +- default: +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (r < 0) +- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); +- +-err: +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (buf != NULL) +- { +- OPENSSL_cleanse(buf,num); +- OPENSSL_free(buf); +- } +- return(r); +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret; ++ int i, num = 0, r = -1; ++ unsigned char *p; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); ++ return -1; ++ } ++ ++ if (BN_ucmp(rsa->n, rsa->e) <= 0) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ ++ /* for large moduli, enforce exponent limit */ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { ++ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* ++ * This check was for equality but PGP does evil things and chops off the ++ * top '0' bytes ++ */ ++ if (flen > num) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN); ++ goto err; ++ } ++ ++ if (BN_bin2bn(from, flen, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ ++ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) ++ if (!BN_sub(ret, rsa->n, ret)) ++ goto err; ++ ++ p = buf; ++ i = BN_bn2bin(ret, p); ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); ++ break; ++ case RSA_X931_PADDING: ++ r = RSA_padding_check_X931(to, num, buf, i, num); ++ break; ++ case RSA_NO_PADDING: ++ r = RSA_padding_check_none(to, num, buf, i, num); ++ break; ++ default: ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (r < 0) ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); ++ ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} + + static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) +- { +- BIGNUM *r1,*m1,*vrfy; +- BIGNUM local_dmp1,local_dmq1,local_c,local_r1; +- BIGNUM *dmp1,*dmq1,*c,*pr1; +- int ret=0; +- +- BN_CTX_start(ctx); +- r1 = BN_CTX_get(ctx); +- m1 = BN_CTX_get(ctx); +- vrfy = BN_CTX_get(ctx); +- +- { +- BIGNUM local_p, local_q; +- BIGNUM *p = NULL, *q = NULL; +- +- /* Make sure BN_mod_inverse in Montgomery intialization uses the +- * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) +- */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- BN_init(&local_p); +- p = &local_p; +- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); +- +- BN_init(&local_q); +- q = &local_q; +- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); +- } +- else +- { +- p = rsa->p; +- q = rsa->q; +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) +- { +- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) +- goto err; +- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) +- goto err; +- } +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) +- goto err; +- +- /* compute I mod q */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- c = &local_c; +- BN_with_flags(c, I, BN_FLG_CONSTTIME); +- if (!BN_mod(r1,c,rsa->q,ctx)) goto err; +- } +- else +- { +- if (!BN_mod(r1,I,rsa->q,ctx)) goto err; +- } +- +- /* compute r1^dmq1 mod q */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- dmq1 = &local_dmq1; +- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); +- } +- else +- dmq1 = rsa->dmq1; +- if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, +- rsa->_method_mod_q)) goto err; +- +- /* compute I mod p */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- c = &local_c; +- BN_with_flags(c, I, BN_FLG_CONSTTIME); +- if (!BN_mod(r1,c,rsa->p,ctx)) goto err; +- } +- else +- { +- if (!BN_mod(r1,I,rsa->p,ctx)) goto err; +- } +- +- /* compute r1^dmp1 mod p */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- dmp1 = &local_dmp1; +- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); +- } +- else +- dmp1 = rsa->dmp1; +- if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx, +- rsa->_method_mod_p)) goto err; +- +- if (!BN_sub(r0,r0,m1)) goto err; +- /* This will help stop the size of r0 increasing, which does +- * affect the multiply if it optimised for a power of 2 size */ +- if (BN_is_negative(r0)) +- if (!BN_add(r0,r0,rsa->p)) goto err; +- +- if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; +- +- /* Turn BN_FLG_CONSTTIME flag on before division operation */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- pr1 = &local_r1; +- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); +- } +- else +- pr1 = r1; +- if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; +- +- /* If p < q it is occasionally possible for the correction of +- * adding 'p' if r0 is negative above to leave the result still +- * negative. This can break the private key operations: the following +- * second correction should *always* correct this rare occurrence. +- * This will *never* happen with OpenSSL generated keys because +- * they ensure p > q [steve] ++{ ++ BIGNUM *r1, *m1, *vrfy; ++ BIGNUM local_dmp1, local_dmq1, local_c, local_r1; ++ BIGNUM *dmp1, *dmq1, *c, *pr1; ++ int ret = 0; ++ ++ BN_CTX_start(ctx); ++ r1 = BN_CTX_get(ctx); ++ m1 = BN_CTX_get(ctx); ++ vrfy = BN_CTX_get(ctx); ++ ++ { ++ BIGNUM local_p, local_q; ++ BIGNUM *p = NULL, *q = NULL; ++ ++ /* ++ * Make sure BN_mod_inverse in Montgomery intialization uses the ++ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) ++ */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ BN_init(&local_p); ++ p = &local_p; ++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); ++ ++ BN_init(&local_q); ++ q = &local_q; ++ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); ++ } else { ++ p = rsa->p; ++ q = rsa->q; ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) ++ goto err; ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) ++ goto err; ++ } ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ /* compute I mod q */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ c = &local_c; ++ BN_with_flags(c, I, BN_FLG_CONSTTIME); ++ if (!BN_mod(r1, c, rsa->q, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod(r1, I, rsa->q, ctx)) ++ goto err; ++ } ++ ++ /* compute r1^dmq1 mod q */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ dmq1 = &local_dmq1; ++ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); ++ } else ++ dmq1 = rsa->dmq1; ++ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q)) ++ goto err; ++ ++ /* compute I mod p */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ c = &local_c; ++ BN_with_flags(c, I, BN_FLG_CONSTTIME); ++ if (!BN_mod(r1, c, rsa->p, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod(r1, I, rsa->p, ctx)) ++ goto err; ++ } ++ ++ /* compute r1^dmp1 mod p */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ dmp1 = &local_dmp1; ++ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); ++ } else ++ dmp1 = rsa->dmp1; ++ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p)) ++ goto err; ++ ++ if (!BN_sub(r0, r0, m1)) ++ goto err; ++ /* ++ * This will help stop the size of r0 increasing, which does affect the ++ * multiply if it optimised for a power of 2 size ++ */ ++ if (BN_is_negative(r0)) ++ if (!BN_add(r0, r0, rsa->p)) ++ goto err; ++ ++ if (!BN_mul(r1, r0, rsa->iqmp, ctx)) ++ goto err; ++ ++ /* Turn BN_FLG_CONSTTIME flag on before division operation */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ pr1 = &local_r1; ++ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); ++ } else ++ pr1 = r1; ++ if (!BN_mod(r0, pr1, rsa->p, ctx)) ++ goto err; ++ ++ /* ++ * If p < q it is occasionally possible for the correction of adding 'p' ++ * if r0 is negative above to leave the result still negative. This can ++ * break the private key operations: the following second correction ++ * should *always* correct this rare occurrence. This will *never* happen ++ * with OpenSSL generated keys because they ensure p > q [steve] ++ */ ++ if (BN_is_negative(r0)) ++ if (!BN_add(r0, r0, rsa->p)) ++ goto err; ++ if (!BN_mul(r1, r0, rsa->q, ctx)) ++ goto err; ++ if (!BN_add(r0, r1, m1)) ++ goto err; ++ ++ if (rsa->e && rsa->n) { ++ if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ /* ++ * If 'I' was greater than (or equal to) rsa->n, the operation will ++ * be equivalent to using 'I mod n'. However, the result of the ++ * verify will *always* be less than 'n' so we don't check for ++ * absolute equality, just congruency. + */ +- if (BN_is_negative(r0)) +- if (!BN_add(r0,r0,rsa->p)) goto err; +- if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; +- if (!BN_add(r0,r1,m1)) goto err; +- +- if (rsa->e && rsa->n) +- { +- if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; +- /* If 'I' was greater than (or equal to) rsa->n, the operation +- * will be equivalent to using 'I mod n'. However, the result of +- * the verify will *always* be less than 'n' so we don't check +- * for absolute equality, just congruency. */ +- if (!BN_sub(vrfy, vrfy, I)) goto err; +- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; +- if (BN_is_negative(vrfy)) +- if (!BN_add(vrfy, vrfy, rsa->n)) goto err; +- if (!BN_is_zero(vrfy)) +- { +- /* 'I' and 'vrfy' aren't congruent mod n. Don't leak +- * miscalculated CRT output, just do a raw (slower) +- * mod_exp and return that instead. */ +- +- BIGNUM local_d; +- BIGNUM *d = NULL; +- +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- d = &local_d; +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- } +- else +- d = rsa->d; +- if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, +- rsa->_method_mod_n)) goto err; +- } +- } +- ret=1; +-err: +- BN_CTX_end(ctx); +- return(ret); +- } ++ if (!BN_sub(vrfy, vrfy, I)) ++ goto err; ++ if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) ++ goto err; ++ if (BN_is_negative(vrfy)) ++ if (!BN_add(vrfy, vrfy, rsa->n)) ++ goto err; ++ if (!BN_is_zero(vrfy)) { ++ /* ++ * 'I' and 'vrfy' aren't congruent mod n. Don't leak ++ * miscalculated CRT output, just do a raw (slower) mod_exp and ++ * return that instead. ++ */ ++ ++ BIGNUM local_d; ++ BIGNUM *d = NULL; ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ } ++ } ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return (ret); ++} + + static int RSA_eay_init(RSA *rsa) +- { +- rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; +- return(1); +- } ++{ ++ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; ++ return (1); ++} + + static int RSA_eay_finish(RSA *rsa) +- { +- if (rsa->_method_mod_n != NULL) +- BN_MONT_CTX_free(rsa->_method_mod_n); +- if (rsa->_method_mod_p != NULL) +- BN_MONT_CTX_free(rsa->_method_mod_p); +- if (rsa->_method_mod_q != NULL) +- BN_MONT_CTX_free(rsa->_method_mod_q); +- return(1); +- } ++{ ++ if (rsa->_method_mod_n != NULL) ++ BN_MONT_CTX_free(rsa->_method_mod_n); ++ if (rsa->_method_mod_p != NULL) ++ BN_MONT_CTX_free(rsa->_method_mod_p); ++ if (rsa->_method_mod_q != NULL) ++ BN_MONT_CTX_free(rsa->_method_mod_q); ++ return (1); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c +index 2f21ddb..e1f8a52 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,294 +64,294 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + +-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; ++const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; + +-static const RSA_METHOD *default_RSA_meth=NULL; ++static const RSA_METHOD *default_RSA_meth = NULL; + + RSA *RSA_new(void) +- { +- RSA *r=RSA_new_method(NULL); ++{ ++ RSA *r = RSA_new_method(NULL); + +- return r; +- } ++ return r; ++} + + void RSA_set_default_method(const RSA_METHOD *meth) +- { ++{ + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) +- { +- RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); +- return; +- } ++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD); ++ return; ++ } + #endif +- default_RSA_meth = meth; +- } ++ default_RSA_meth = meth; ++} + + const RSA_METHOD *RSA_get_default_method(void) +- { +- if (default_RSA_meth == NULL) +- { ++{ ++ if (default_RSA_meth == NULL) { + #ifdef RSA_NULL +- default_RSA_meth=RSA_null_method(); +-#else +-#if 0 /* was: #ifdef RSAref */ +- default_RSA_meth=RSA_PKCS1_RSAref(); ++ default_RSA_meth = RSA_null_method(); + #else +- default_RSA_meth=RSA_PKCS1_SSLeay(); +-#endif ++# if 0 /* was: #ifdef RSAref */ ++ default_RSA_meth = RSA_PKCS1_RSAref(); ++# else ++ default_RSA_meth = RSA_PKCS1_SSLeay(); ++# endif + #endif +- } ++ } + +- return default_RSA_meth; +- } ++ return default_RSA_meth; ++} + + const RSA_METHOD *RSA_get_method(const RSA *rsa) +- { +- return rsa->meth; +- } ++{ ++ return rsa->meth; ++} + + int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) +- { +- /* NB: The caller is specifically setting a method, so it's not up to us +- * to deal with which ENGINE it comes from. */ +- const RSA_METHOD *mtmp; ++{ ++ /* ++ * NB: The caller is specifically setting a method, so it's not up to us ++ * to deal with which ENGINE it comes from. ++ */ ++ const RSA_METHOD *mtmp; + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) +- { +- RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); +- return 0; +- } ++ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD); ++ return 0; ++ } + #endif +- mtmp = rsa->meth; +- if (mtmp->finish) mtmp->finish(rsa); ++ mtmp = rsa->meth; ++ if (mtmp->finish) ++ mtmp->finish(rsa); + #ifndef OPENSSL_NO_ENGINE +- if (rsa->engine) +- { +- ENGINE_finish(rsa->engine); +- rsa->engine = NULL; +- } ++ if (rsa->engine) { ++ ENGINE_finish(rsa->engine); ++ rsa->engine = NULL; ++ } + #endif +- rsa->meth = meth; +- if (meth->init) meth->init(rsa); +- return 1; +- } ++ rsa->meth = meth; ++ if (meth->init) ++ meth->init(rsa); ++ return 1; ++} + + RSA *RSA_new_method(ENGINE *engine) +- { +- RSA *ret; ++{ ++ RSA *ret; + +- ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); +- if (ret == NULL) +- { +- RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- return NULL; +- } ++ ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); ++ if (ret == NULL) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } + +- ret->meth = RSA_get_default_method(); ++ ret->meth = RSA_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- if (engine) +- { +- if (!ENGINE_init(engine)) +- { +- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- OPENSSL_free(ret); +- return NULL; +- } +- ret->engine = engine; +- } +- else +- ret->engine = ENGINE_get_default_RSA(); +- if(ret->engine) +- { +- ret->meth = ENGINE_get_RSA(ret->engine); +- if(!ret->meth) +- { +- RSAerr(RSA_F_RSA_NEW_METHOD, +- ERR_R_ENGINE_LIB); +- ENGINE_finish(ret->engine); +- OPENSSL_free(ret); +- return NULL; +- } +- } ++ if (engine) { ++ if (!ENGINE_init(engine)) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ret->engine = engine; ++ } else ++ ret->engine = ENGINE_get_default_RSA(); ++ if (ret->engine) { ++ ret->meth = ENGINE_get_RSA(ret->engine); ++ if (!ret->meth) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } + #endif + #ifdef OPENSSL_FIPS +- if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) +- { +- RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); +-#ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); +-#endif +- OPENSSL_free(ret); +- return NULL; +- } ++ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) { ++ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD); ++# ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++# endif ++ OPENSSL_free(ret); ++ return NULL; ++ } + #endif + +- ret->pad=0; +- ret->version=0; +- ret->n=NULL; +- ret->e=NULL; +- ret->d=NULL; +- ret->p=NULL; +- ret->q=NULL; +- ret->dmp1=NULL; +- ret->dmq1=NULL; +- ret->iqmp=NULL; +- ret->references=1; +- ret->_method_mod_n=NULL; +- ret->_method_mod_p=NULL; +- ret->_method_mod_q=NULL; +- ret->blinding=NULL; +- ret->mt_blinding=NULL; +- ret->bignum_data=NULL; +- ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) +- { ++ ret->pad = 0; ++ ret->version = 0; ++ ret->n = NULL; ++ ret->e = NULL; ++ ret->d = NULL; ++ ret->p = NULL; ++ ret->q = NULL; ++ ret->dmp1 = NULL; ++ ret->dmq1 = NULL; ++ ret->iqmp = NULL; ++ ret->references = 1; ++ ret->_method_mod_n = NULL; ++ ret->_method_mod_p = NULL; ++ ret->_method_mod_q = NULL; ++ ret->blinding = NULL; ++ ret->mt_blinding = NULL; ++ ret->bignum_data = NULL; ++ ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { + #ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); ++ if (ret->engine) ++ ENGINE_finish(ret->engine); + #endif +- OPENSSL_free(ret); +- return(NULL); +- } ++ OPENSSL_free(ret); ++ return (NULL); ++ } + +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) +- { ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + #ifndef OPENSSL_NO_ENGINE +- if (ret->engine) +- ENGINE_finish(ret->engine); ++ if (ret->engine) ++ ENGINE_finish(ret->engine); + #endif +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); +- OPENSSL_free(ret); +- ret=NULL; +- } +- return(ret); +- } ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} + + void RSA_free(RSA *r) +- { +- int i; ++{ ++ int i; + +- if (r == NULL) return; ++ if (r == NULL) ++ return; + +- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); + #ifdef REF_PRINT +- REF_PRINT("RSA",r); ++ REF_PRINT("RSA", r); + #endif +- if (i > 0) return; ++ if (i > 0) ++ return; + #ifdef REF_CHECK +- if (i < 0) +- { +- fprintf(stderr,"RSA_free, bad reference count\n"); +- abort(); +- } ++ if (i < 0) { ++ fprintf(stderr, "RSA_free, bad reference count\n"); ++ abort(); ++ } + #endif + +- if (r->meth->finish) +- r->meth->finish(r); ++ if (r->meth->finish) ++ r->meth->finish(r); + #ifndef OPENSSL_NO_ENGINE +- if (r->engine) +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif + +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); + +- if (r->n != NULL) BN_clear_free(r->n); +- if (r->e != NULL) BN_clear_free(r->e); +- if (r->d != NULL) BN_clear_free(r->d); +- if (r->p != NULL) BN_clear_free(r->p); +- if (r->q != NULL) BN_clear_free(r->q); +- if (r->dmp1 != NULL) BN_clear_free(r->dmp1); +- if (r->dmq1 != NULL) BN_clear_free(r->dmq1); +- if (r->iqmp != NULL) BN_clear_free(r->iqmp); +- if (r->blinding != NULL) BN_BLINDING_free(r->blinding); +- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); +- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); +- OPENSSL_free(r); +- } ++ if (r->n != NULL) ++ BN_clear_free(r->n); ++ if (r->e != NULL) ++ BN_clear_free(r->e); ++ if (r->d != NULL) ++ BN_clear_free(r->d); ++ if (r->p != NULL) ++ BN_clear_free(r->p); ++ if (r->q != NULL) ++ BN_clear_free(r->q); ++ if (r->dmp1 != NULL) ++ BN_clear_free(r->dmp1); ++ if (r->dmq1 != NULL) ++ BN_clear_free(r->dmq1); ++ if (r->iqmp != NULL) ++ BN_clear_free(r->iqmp); ++ if (r->blinding != NULL) ++ BN_BLINDING_free(r->blinding); ++ if (r->mt_blinding != NULL) ++ BN_BLINDING_free(r->mt_blinding); ++ if (r->bignum_data != NULL) ++ OPENSSL_free_locked(r->bignum_data); ++ OPENSSL_free(r); ++} + + int RSA_up_ref(RSA *r) +- { +- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); ++{ ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); + #ifdef REF_PRINT +- REF_PRINT("RSA",r); ++ REF_PRINT("RSA", r); + #endif + #ifdef REF_CHECK +- if (i < 2) +- { +- fprintf(stderr, "RSA_up_ref, bad reference count\n"); +- abort(); +- } ++ if (i < 2) { ++ fprintf(stderr, "RSA_up_ref, bad reference count\n"); ++ abort(); ++ } + #endif +- return ((i > 1) ? 1 : 0); +- } ++ return ((i > 1) ? 1 : 0); ++} + + int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, ++ new_func, dup_func, free_func); ++} + + int RSA_set_ex_data(RSA *r, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} + + void *RSA_get_ex_data(const RSA *r, int idx) +- { +- return(CRYPTO_get_ex_data(&r->ex_data,idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); ++} + + int RSA_flags(const RSA *r) +- { +- return((r == NULL)?0:r->meth->flags); +- } ++{ ++ return ((r == NULL) ? 0 : r->meth->flags); ++} + + int RSA_memory_lock(RSA *r) +- { +- int i,j,k,off; +- char *p; +- BIGNUM *bn,**t[6],*b; +- BN_ULONG *ul; ++{ ++ int i, j, k, off; ++ char *p; ++ BIGNUM *bn, **t[6], *b; ++ BN_ULONG *ul; ++ ++ if (r->d == NULL) ++ return (1); ++ t[0] = &r->d; ++ t[1] = &r->p; ++ t[2] = &r->q; ++ t[3] = &r->dmp1; ++ t[4] = &r->dmq1; ++ t[5] = &r->iqmp; ++ k = sizeof(BIGNUM) * 6; ++ off = k / sizeof(BN_ULONG) + 1; ++ j = 1; ++ for (i = 0; i < 6; i++) ++ j += (*t[i])->top; ++ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { ++ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ bn = (BIGNUM *)p; ++ ul = (BN_ULONG *)&(p[off]); ++ for (i = 0; i < 6; i++) { ++ b = *(t[i]); ++ *(t[i]) = &(bn[i]); ++ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); ++ bn[i].flags = BN_FLG_STATIC_DATA; ++ bn[i].d = ul; ++ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); ++ ul += b->top; ++ BN_clear_free(b); ++ } + +- if (r->d == NULL) return(1); +- t[0]= &r->d; +- t[1]= &r->p; +- t[2]= &r->q; +- t[3]= &r->dmp1; +- t[4]= &r->dmq1; +- t[5]= &r->iqmp; +- k=sizeof(BIGNUM)*6; +- off=k/sizeof(BN_ULONG)+1; +- j=1; +- for (i=0; i<6; i++) +- j+= (*t[i])->top; +- if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) +- { +- RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- bn=(BIGNUM *)p; +- ul=(BN_ULONG *)&(p[off]); +- for (i=0; i<6; i++) +- { +- b= *(t[i]); +- *(t[i])= &(bn[i]); +- memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); +- bn[i].flags=BN_FLG_STATIC_DATA; +- bn[i].d=ul; +- memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); +- ul+=b->top; +- BN_clear_free(b); +- } +- +- /* I should fix this so it can still be done */ +- r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); ++ /* I should fix this so it can still be done */ ++ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); + +- r->bignum_data=p; +- return(1); +- } ++ r->bignum_data = p; ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +index 501f5ea..4457c42 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,115 +66,130 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) + +-static ERR_STRING_DATA RSA_str_functs[]= +- { +-{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, +-{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, +-{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, +-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, +-{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, +-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, +-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, +-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, +-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, +-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, +-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, +-{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, +-{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, +-{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, +-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, +-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, +-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, +-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, +-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, +-{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, +-{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, +-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, +-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, +-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, +-{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, +-{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, +-{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, +-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, +-{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, +-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"}, +-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA RSA_str_functs[] = { ++ {ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, ++ {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, ++ {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, ++ {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, ++ {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, ++ {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, ++ {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, ++ {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), ++ "RSA_padding_add_PKCS1_OAEP"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), ++ "RSA_padding_add_PKCS1_type_1"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), ++ "RSA_padding_add_PKCS1_type_2"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), ++ "RSA_padding_check_PKCS1_OAEP"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), ++ "RSA_padding_check_PKCS1_type_1"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), ++ "RSA_padding_check_PKCS1_type_2"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"}, ++ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, ++ {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, ++ {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, ++ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, ++ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, ++ {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, ++ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, ++ {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), ++ "RSA_sign_ASN1_OCTET_STRING"}, ++ {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, ++ {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), ++ "RSA_verify_ASN1_OCTET_STRING"}, ++ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA RSA_str_reasons[]= +- { +-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"}, +-{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"}, +-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"}, +-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"}, +-{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"}, +-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"}, +-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"}, +-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"}, +-{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"}, +-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"}, +-{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"}, +-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"}, +-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"}, +-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"}, +-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"}, +-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, +-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, +-{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, +-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, +-{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, +-{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, +-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, +-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +-{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, +-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +-{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"}, +-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, +-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, +-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, +-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, +-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, +-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +-{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, +-{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, +-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, +-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"}, +-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"}, +-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, +-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, +-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, +-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, +-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA RSA_str_reasons[] = { ++ {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, ++ {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"}, ++ {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"}, ++ {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"}, ++ {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"}, ++ {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"}, ++ {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"}, ++ {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), ++ "data greater than mod len"}, ++ {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"}, ++ {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), ++ "data too large for key size"}, ++ {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), ++ "data too large for modulus"}, ++ {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"}, ++ {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), ++ "data too small for key size"}, ++ {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), ++ "digest too big for rsa key"}, ++ {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"}, ++ {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"}, ++ {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"}, ++ {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"}, ++ {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"}, ++ {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, ++ {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"}, ++ {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"}, ++ {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"}, ++ {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, ++ {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, ++ {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, ++ {ERR_REASON(RSA_R_NON_FIPS_METHOD), "non fips method"}, ++ {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, ++ {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), ++ "null before block missing"}, ++ {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, ++ {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, ++ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), ++ "operation not allowed in fips mode"}, ++ {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, ++ {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"}, ++ {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"}, ++ {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"}, ++ {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), ++ "rsa operations not supported"}, ++ {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"}, ++ {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"}, ++ {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"}, ++ {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), ++ "the asn1 object identifier is not known for this md"}, ++ {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"}, ++ {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, ++ {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_RSA_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,RSA_str_functs); +- ERR_load_strings(0,RSA_str_reasons); +- } ++ if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, RSA_str_functs); ++ ERR_load_strings(0, RSA_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +index 41278f8..5522827 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,17 +49,17 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +- +-/* NB: these functions have been "upgraded", the deprecated versions (which are +- * compatibility wrappers using these functions) are in rsa_depr.c. +- * - Geoff ++/* ++ * NB: these functions have been "upgraded", the deprecated versions (which ++ * are compatibility wrappers using these functions) are in rsa_depr.c. - ++ * Geoff + */ + + #include +@@ -70,153 +70,169 @@ + + #ifndef OPENSSL_FIPS + +-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); ++static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ++ BN_GENCB *cb); + +-/* NB: this wrapper would normally be placed in rsa_lib.c and the static +- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so +- * that we don't introduce a new linker dependency. Eg. any application that +- * wasn't previously linking object code related to key-generation won't have to +- * now just because key-generation is part of RSA_METHOD. */ ++/* ++ * NB: this wrapper would normally be placed in rsa_lib.c and the static ++ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here ++ * so that we don't introduce a new linker dependency. Eg. any application ++ * that wasn't previously linking object code related to key-generation won't ++ * have to now just because key-generation is part of RSA_METHOD. ++ */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) +- { +- if(rsa->meth->rsa_keygen) +- return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); +- return rsa_builtin_keygen(rsa, bits, e_value, cb); +- } +- +-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) +- { +- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; +- BIGNUM local_r0,local_d,local_p; +- BIGNUM *pr0,*d,*p; +- int bitsp,bitsq,ok= -1,n=0; +- BN_CTX *ctx=NULL; +- +- ctx=BN_CTX_new(); +- if (ctx == NULL) goto err; +- BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- r3 = BN_CTX_get(ctx); +- if (r3 == NULL) goto err; +- +- bitsp=(bits+1)/2; +- bitsq=bits-bitsp; +- +- /* We need the RSA components non-NULL */ +- if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; +- if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; +- if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err; +- if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err; +- if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err; +- if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err; +- if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err; +- if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err; +- +- BN_copy(rsa->e, e_value); +- +- /* generate p and q */ +- for (;;) +- { +- if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) +- goto err; +- if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; +- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; +- if (BN_is_one(r1)) break; +- if(!BN_GENCB_call(cb, 2, n++)) +- goto err; +- } +- if(!BN_GENCB_call(cb, 3, 0)) +- goto err; +- for (;;) +- { +- /* When generating ridiculously small keys, we can get stuck +- * continually regenerating the same prime values. Check for +- * this and bail if it happens 3 times. */ +- unsigned int degenerate = 0; +- do +- { +- if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) +- goto err; +- } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); +- if(degenerate == 3) +- { +- ok = 0; /* we set our own err */ +- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL); +- goto err; +- } +- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; +- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; +- if (BN_is_one(r1)) +- break; +- if(!BN_GENCB_call(cb, 2, n++)) +- goto err; +- } +- if(!BN_GENCB_call(cb, 3, 1)) +- goto err; +- if (BN_cmp(rsa->p,rsa->q) < 0) +- { +- tmp=rsa->p; +- rsa->p=rsa->q; +- rsa->q=tmp; +- } +- +- /* calculate n */ +- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; +- +- /* calculate d */ +- if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ +- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ +- if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- pr0 = &local_r0; +- BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); +- } +- else +- pr0 = r0; +- if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */ +- +- /* set up d for correct BN_FLG_CONSTTIME flag */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- d = &local_d; +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- } +- else +- d = rsa->d; +- +- /* calculate d mod (p-1) */ +- if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; +- +- /* calculate d mod (q-1) */ +- if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; +- +- /* calculate inverse of q mod p */ +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- p = &local_p; +- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); +- } +- else +- p = rsa->p; +- if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; +- +- ok=1; +-err: +- if (ok == -1) +- { +- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); +- ok=0; +- } +- if (ctx != NULL) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- +- return ok; +- } ++{ ++ if (rsa->meth->rsa_keygen) ++ return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); ++ return rsa_builtin_keygen(rsa, bits, e_value, cb); ++} ++ ++static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ++ BN_GENCB *cb) ++{ ++ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; ++ BIGNUM local_r0, local_d, local_p; ++ BIGNUM *pr0, *d, *p; ++ int bitsp, bitsq, ok = -1, n = 0; ++ BN_CTX *ctx = NULL; ++ ++ ctx = BN_CTX_new(); ++ if (ctx == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ r0 = BN_CTX_get(ctx); ++ r1 = BN_CTX_get(ctx); ++ r2 = BN_CTX_get(ctx); ++ r3 = BN_CTX_get(ctx); ++ if (r3 == NULL) ++ goto err; ++ ++ bitsp = (bits + 1) / 2; ++ bitsq = bits - bitsp; ++ ++ /* We need the RSA components non-NULL */ ++ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->d && ((rsa->d = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->p && ((rsa->p = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->q && ((rsa->q = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) ++ goto err; ++ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) ++ goto err; ++ ++ BN_copy(rsa->e, e_value); ++ ++ /* generate p and q */ ++ for (;;) { ++ if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) ++ goto err; ++ if (!BN_sub(r2, rsa->p, BN_value_one())) ++ goto err; ++ if (!BN_gcd(r1, r2, rsa->e, ctx)) ++ goto err; ++ if (BN_is_one(r1)) ++ break; ++ if (!BN_GENCB_call(cb, 2, n++)) ++ goto err; ++ } ++ if (!BN_GENCB_call(cb, 3, 0)) ++ goto err; ++ for (;;) { ++ /* ++ * When generating ridiculously small keys, we can get stuck ++ * continually regenerating the same prime values. Check for this and ++ * bail if it happens 3 times. ++ */ ++ unsigned int degenerate = 0; ++ do { ++ if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb)) ++ goto err; ++ } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3)); ++ if (degenerate == 3) { ++ ok = 0; /* we set our own err */ ++ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL); ++ goto err; ++ } ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; ++ if (!BN_gcd(r1, r2, rsa->e, ctx)) ++ goto err; ++ if (BN_is_one(r1)) ++ break; ++ if (!BN_GENCB_call(cb, 2, n++)) ++ goto err; ++ } ++ if (!BN_GENCB_call(cb, 3, 1)) ++ goto err; ++ if (BN_cmp(rsa->p, rsa->q) < 0) { ++ tmp = rsa->p; ++ rsa->p = rsa->q; ++ rsa->q = tmp; ++ } ++ ++ /* calculate n */ ++ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) ++ goto err; ++ ++ /* calculate d */ ++ if (!BN_sub(r1, rsa->p, BN_value_one())) ++ goto err; /* p-1 */ ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; /* q-1 */ ++ if (!BN_mul(r0, r1, r2, ctx)) ++ goto err; /* (p-1)(q-1) */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ pr0 = &local_r0; ++ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); ++ } else ++ pr0 = r0; ++ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) ++ goto err; /* d */ ++ ++ /* set up d for correct BN_FLG_CONSTTIME flag */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ ++ /* calculate d mod (p-1) */ ++ if (!BN_mod(rsa->dmp1, d, r1, ctx)) ++ goto err; ++ ++ /* calculate d mod (q-1) */ ++ if (!BN_mod(rsa->dmq1, d, r2, ctx)) ++ goto err; ++ ++ /* calculate inverse of q mod p */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ p = &local_p; ++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); ++ } else ++ p = rsa->p; ++ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) ++ goto err; ++ ++ ok = 1; ++ err: ++ if (ok == -1) { ++ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); ++ ok = 0; ++ } ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ ++ return ok; ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +index 5714841..6638728 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,171 +64,165 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, +- RSA *rsa, int padding) +- { +- return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); +- } +- +-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, +- RSA *rsa, int padding) +- { ++ RSA *rsa, int padding) ++{ ++ return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); ++} ++ ++int RSA_private_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) +- { +- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, ++ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif +- return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); +- } ++ return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); ++} + +-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, +- RSA *rsa, int padding) +- { +- return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); +- } ++int RSA_private_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); ++} + + int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, +- RSA *rsa, int padding) +- { ++ RSA *rsa, int padding) ++{ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) +- { +- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, ++ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif +- return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); +- } ++ return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); ++} + + int RSA_size(const RSA *r) +- { +- return(BN_num_bytes(r->n)); +- } ++{ ++ return (BN_num_bytes(r->n)); ++} + + void RSA_blinding_off(RSA *rsa) +- { +- if (rsa->blinding != NULL) +- { +- BN_BLINDING_free(rsa->blinding); +- rsa->blinding=NULL; +- } +- rsa->flags &= ~RSA_FLAG_BLINDING; +- rsa->flags |= RSA_FLAG_NO_BLINDING; +- } ++{ ++ if (rsa->blinding != NULL) { ++ BN_BLINDING_free(rsa->blinding); ++ rsa->blinding = NULL; ++ } ++ rsa->flags &= ~RSA_FLAG_BLINDING; ++ rsa->flags |= RSA_FLAG_NO_BLINDING; ++} + + int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) +- { +- int ret=0; ++{ ++ int ret = 0; + +- if (rsa->blinding != NULL) +- RSA_blinding_off(rsa); ++ if (rsa->blinding != NULL) ++ RSA_blinding_off(rsa); + +- rsa->blinding = RSA_setup_blinding(rsa, ctx); +- if (rsa->blinding == NULL) +- goto err; ++ rsa->blinding = RSA_setup_blinding(rsa, ctx); ++ if (rsa->blinding == NULL) ++ goto err; + +- rsa->flags |= RSA_FLAG_BLINDING; +- rsa->flags &= ~RSA_FLAG_NO_BLINDING; +- ret=1; +-err: +- return(ret); +- } ++ rsa->flags |= RSA_FLAG_BLINDING; ++ rsa->flags &= ~RSA_FLAG_NO_BLINDING; ++ ret = 1; ++ err: ++ return (ret); ++} + + static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, +- const BIGNUM *q, BN_CTX *ctx) ++ const BIGNUM *q, BN_CTX *ctx) + { +- BIGNUM *ret = NULL, *r0, *r1, *r2; +- +- if (d == NULL || p == NULL || q == NULL) +- return NULL; +- +- BN_CTX_start(ctx); +- r0 = BN_CTX_get(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- if (r2 == NULL) +- goto err; +- +- if (!BN_sub(r1, p, BN_value_one())) goto err; +- if (!BN_sub(r2, q, BN_value_one())) goto err; +- if (!BN_mul(r0, r1, r2, ctx)) goto err; +- +- ret = BN_mod_inverse(NULL, d, r0, ctx); +-err: +- BN_CTX_end(ctx); +- return ret; ++ BIGNUM *ret = NULL, *r0, *r1, *r2; ++ ++ if (d == NULL || p == NULL || q == NULL) ++ return NULL; ++ ++ BN_CTX_start(ctx); ++ r0 = BN_CTX_get(ctx); ++ r1 = BN_CTX_get(ctx); ++ r2 = BN_CTX_get(ctx); ++ if (r2 == NULL) ++ goto err; ++ ++ if (!BN_sub(r1, p, BN_value_one())) ++ goto err; ++ if (!BN_sub(r2, q, BN_value_one())) ++ goto err; ++ if (!BN_mul(r0, r1, r2, ctx)) ++ goto err; ++ ++ ret = BN_mod_inverse(NULL, d, r0, ctx); ++ err: ++ BN_CTX_end(ctx); ++ return ret; + } + + BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) + { +- BIGNUM local_n; +- BIGNUM *e,*n; +- BN_CTX *ctx; +- BN_BLINDING *ret = NULL; +- +- if (in_ctx == NULL) +- { +- if ((ctx = BN_CTX_new()) == NULL) return 0; +- } +- else +- ctx = in_ctx; +- +- BN_CTX_start(ctx); +- e = BN_CTX_get(ctx); +- if (e == NULL) +- { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (rsa->e == NULL) +- { +- e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); +- if (e == NULL) +- { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); +- goto err; +- } +- } +- else +- e = rsa->e; +- +- +- if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) +- { +- /* if PRNG is not properly seeded, resort to secret +- * exponent as unpredictable seed */ +- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); +- } +- +- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) +- { +- /* Set BN_FLG_CONSTTIME flag */ +- n = &local_n; +- BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); +- } +- else +- n = rsa->n; +- +- ret = BN_BLINDING_create_param(NULL, e, n, ctx, +- rsa->meth->bn_mod_exp, rsa->_method_mod_n); +- if (ret == NULL) +- { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); +- goto err; +- } +- BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); +-err: +- BN_CTX_end(ctx); +- if (in_ctx == NULL) +- BN_CTX_free(ctx); +- if(rsa->e == NULL) +- BN_free(e); +- +- return ret; ++ BIGNUM local_n; ++ BIGNUM *e, *n; ++ BN_CTX *ctx; ++ BN_BLINDING *ret = NULL; ++ ++ if (in_ctx == NULL) { ++ if ((ctx = BN_CTX_new()) == NULL) ++ return 0; ++ } else ++ ctx = in_ctx; ++ ++ BN_CTX_start(ctx); ++ e = BN_CTX_get(ctx); ++ if (e == NULL) { ++ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (rsa->e == NULL) { ++ e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); ++ if (e == NULL) { ++ RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); ++ goto err; ++ } ++ } else ++ e = rsa->e; ++ ++ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { ++ /* ++ * if PRNG is not properly seeded, resort to secret exponent as ++ * unpredictable seed ++ */ ++ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ /* Set BN_FLG_CONSTTIME flag */ ++ n = &local_n; ++ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); ++ } else ++ n = rsa->n; ++ ++ ret = BN_BLINDING_create_param(NULL, e, n, ctx, ++ rsa->meth->bn_mod_exp, rsa->_method_mod_n); ++ if (ret == NULL) { ++ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); ++ goto err; ++ } ++ BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); ++ err: ++ BN_CTX_end(ctx); ++ if (in_ctx == NULL) ++ BN_CTX_free(ctx); ++ if (rsa->e == NULL) ++ BN_free(e); ++ ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c +index e6f3e62..982b31f 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,36 +63,32 @@ + #include + + int RSA_padding_add_none(unsigned char *to, int tlen, +- const unsigned char *from, int flen) +- { +- if (flen > tlen) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- return(0); +- } ++ const unsigned char *from, int flen) ++{ ++ if (flen > tlen) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ return (0); ++ } + +- if (flen < tlen) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); +- return(0); +- } +- +- memcpy(to,from,(unsigned int)flen); +- return(1); +- } ++ if (flen < tlen) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); ++ return (0); ++ } + +-int RSA_padding_check_none(unsigned char *to, int tlen, +- const unsigned char *from, int flen, int num) +- { ++ memcpy(to, from, (unsigned int)flen); ++ return (1); ++} + +- if (flen > tlen) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); +- return(-1); +- } ++int RSA_padding_check_none(unsigned char *to, int tlen, ++ const unsigned char *from, int flen, int num) ++{ + +- memset(to,0,tlen-flen); +- memcpy(to+tlen-flen,from,flen); +- return(tlen); +- } ++ if (flen > tlen) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE); ++ return (-1); ++ } + ++ memset(to, 0, tlen - flen); ++ memcpy(to + tlen - flen, from, flen); ++ return (tlen); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c +index 2f2202f..241b431 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c +@@ -1,6 +1,7 @@ + /* rsa_null.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,7 +63,8 @@ + #include + #include + +-/* This is a dummy RSA implementation that just returns errors when called. ++/* ++ * This is a dummy RSA implementation that just returns errors when called. + * It is designed to allow some RSA functions to work while stopping those + * covered by the RSA patent. That is RSA, encryption, decryption, signing + * and verify is not allowed but RSA key generation, key checking and other +@@ -70,82 +72,84 @@ + */ + + static int RSA_null_public_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); ++ unsigned char *to, RSA *rsa, int padding); + static int RSA_null_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); ++ unsigned char *to, RSA *rsa, int padding); + static int RSA_null_public_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); ++ unsigned char *to, RSA *rsa, int padding); + static int RSA_null_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa,int padding); +-#if 0 /* not currently used */ ++ unsigned char *to, RSA *rsa, int padding); ++#if 0 /* not currently used */ + static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); + #endif + static int RSA_null_init(RSA *rsa); + static int RSA_null_finish(RSA *rsa); +-static RSA_METHOD rsa_null_meth={ +- "Null RSA", +- RSA_null_public_encrypt, +- RSA_null_public_decrypt, +- RSA_null_private_encrypt, +- RSA_null_private_decrypt, +- NULL, +- NULL, +- RSA_null_init, +- RSA_null_finish, +- 0, +- NULL, +- NULL, +- NULL, +- NULL +- }; ++static RSA_METHOD rsa_null_meth = { ++ "Null RSA", ++ RSA_null_public_encrypt, ++ RSA_null_public_decrypt, ++ RSA_null_private_encrypt, ++ RSA_null_private_decrypt, ++ NULL, ++ NULL, ++ RSA_null_init, ++ RSA_null_finish, ++ 0, ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; + + const RSA_METHOD *RSA_null_method(void) +- { +- return(&rsa_null_meth); +- } ++{ ++ return (&rsa_null_meth); ++} + + static int RSA_null_public_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); +- return -1; +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); ++ return -1; ++} + + static int RSA_null_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); +- return -1; +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, ++ RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); ++ return -1; ++} + + static int RSA_null_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); +- return -1; +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, ++ RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); ++ return -1; ++} + + static int RSA_null_public_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +- { +- RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); +- return -1; +- } ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); ++ return -1; ++} + +-#if 0 /* not currently used */ ++#if 0 /* not currently used */ + static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) +- { +- ...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); +- return -1; +- } ++{ ++ ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); ++ return -1; ++} + #endif + + static int RSA_null_init(RSA *rsa) +- { +- return(1); +- } ++{ ++ return (1); ++} + + static int RSA_null_finish(RSA *rsa) +- { +- return(1); +- } ++{ ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +index b8e3edc..c2d4955 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +@@ -1,220 +1,243 @@ + /* crypto/rsa/rsa_oaep.c */ +-/* Written by Ulf Moeller. This software is distributed on an "AS IS" +- basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ ++/* ++ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis, ++ * WITHOUT WARRANTY OF ANY KIND, either express or implied. ++ */ + + /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ + +-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000, +- * +- * for problems with the security proof for the +- * original OAEP scheme, which EME-OAEP is based on. +- * +- * A new proof can be found in E. Fujisaki, T. Okamoto, +- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", +- * Dec. 2000, . +- * The new proof has stronger requirements for the +- * underlying permutation: "partial-one-wayness" instead +- * of one-wayness. For the RSA function, this is +- * an equivalent notion. ++/* ++ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, for problems with the security ++ * proof for the original OAEP scheme, which EME-OAEP is based on. A new ++ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, ++ * "RSA-OEAP is Still Alive!", Dec. 2000, . The new proof has stronger requirements ++ * for the underlying permutation: "partial-one-wayness" instead of ++ * one-wayness. For the RSA function, this is an equivalent notion. + */ + ++#include "constant_time_locl.h" + + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include +-#include ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++# include + + int MGF1(unsigned char *mask, long len, +- const unsigned char *seed, long seedlen); ++ const unsigned char *seed, long seedlen); + + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +- const unsigned char *from, int flen, +- const unsigned char *param, int plen) +- { +- int i, emlen = tlen - 1; +- unsigned char *db, *seed; +- unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; +- +- if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, +- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- return 0; +- } +- +- if (emlen < 2 * SHA_DIGEST_LENGTH + 1) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); +- return 0; +- } +- +- to[0] = 0; +- seed = to + 1; +- db = to + SHA_DIGEST_LENGTH + 1; +- +- EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); +- memset(db + SHA_DIGEST_LENGTH, 0, +- emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); +- db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; +- memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); +- if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) +- return 0; +-#ifdef PKCS_TESTVECT +- memcpy(seed, +- "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", +- 20); +-#endif +- +- dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); +- if (dbmask == NULL) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); +- for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) +- db[i] ^= dbmask[i]; +- +- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) +- seed[i] ^= seedmask[i]; +- +- OPENSSL_free(dbmask); +- return 1; +- } ++ const unsigned char *from, int flen, ++ const unsigned char *param, int plen) ++{ ++ int i, emlen = tlen - 1; ++ unsigned char *db, *seed; ++ unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; ++ ++ if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ++ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ return 0; ++ } ++ ++ if (emlen < 2 * SHA_DIGEST_LENGTH + 1) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); ++ return 0; ++ } ++ ++ to[0] = 0; ++ seed = to + 1; ++ db = to + SHA_DIGEST_LENGTH + 1; ++ ++ EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); ++ memset(db + SHA_DIGEST_LENGTH, 0, ++ emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); ++ db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; ++ memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int)flen); ++ if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) ++ return 0; ++# ifdef PKCS_TESTVECT ++ memcpy(seed, ++ "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", ++ 20); ++# endif ++ ++ dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); ++ if (dbmask == NULL) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); ++ for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) ++ db[i] ^= dbmask[i]; ++ ++ MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) ++ seed[i] ^= seedmask[i]; ++ ++ OPENSSL_free(dbmask); ++ return 1; ++} + + int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +- const unsigned char *from, int flen, int num, +- const unsigned char *param, int plen) +- { +- int i, dblen, mlen = -1; +- const unsigned char *maskeddb; +- int lzero; +- unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; +- unsigned char *padded_from; +- int bad = 0; +- +- if (--num < 2 * SHA_DIGEST_LENGTH + 1) +- /* 'num' is the length of the modulus, i.e. does not depend on the +- * particular ciphertext. */ +- goto decoding_err; +- +- lzero = num - flen; +- if (lzero < 0) +- { +- /* signalling this error immediately after detection might allow +- * for side-channel attacks (e.g. timing if 'plen' is huge +- * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal +- * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), +- * so we use a 'bad' flag */ +- bad = 1; +- lzero = 0; +- flen = num; /* don't overflow the memcpy to padded_from */ +- } +- +- dblen = num - SHA_DIGEST_LENGTH; +- db = OPENSSL_malloc(dblen + num); +- if (db == NULL) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); +- return -1; +- } +- +- /* Always do this zero-padding copy (even when lzero == 0) +- * to avoid leaking timing info about the value of lzero. */ +- padded_from = db + dblen; +- memset(padded_from, 0, lzero); +- memcpy(padded_from + lzero, from, flen); +- +- maskeddb = padded_from + SHA_DIGEST_LENGTH; +- +- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) +- seed[i] ^= padded_from[i]; +- +- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); +- for (i = 0; i < dblen; i++) +- db[i] ^= maskeddb[i]; +- +- EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); +- +- if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) +- goto decoding_err; +- else +- { +- for (i = SHA_DIGEST_LENGTH; i < dblen; i++) +- if (db[i] != 0x00) +- break; +- if (i == dblen || db[i] != 0x01) +- goto decoding_err; +- else +- { +- /* everything looks OK */ +- +- mlen = dblen - ++i; +- if (tlen < mlen) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); +- mlen = -1; +- } +- else +- memcpy(to, db + i, mlen); +- } +- } +- OPENSSL_free(db); +- return mlen; +- +-decoding_err: +- /* to avoid chosen ciphertext attacks, the error message should not reveal +- * which kind of decoding error happened */ +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); +- if (db != NULL) OPENSSL_free(db); +- return -1; +- } ++ const unsigned char *from, int flen, int num, ++ const unsigned char *param, int plen) ++{ ++ int i, dblen, mlen = -1, one_index = 0, msg_index; ++ unsigned int good, found_one_byte; ++ const unsigned char *maskedseed, *maskeddb; ++ /* ++ * |em| is the encoded message, zero-padded to exactly |num| bytes: em = ++ * Y || maskedSeed || maskedDB ++ */ ++ unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], ++ phash[EVP_MAX_MD_SIZE]; ++ ++ if (tlen <= 0 || flen <= 0) ++ return -1; ++ ++ /* ++ * |num| is the length of the modulus; |flen| is the length of the ++ * encoded message. Therefore, for any |from| that was obtained by ++ * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, ++ * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus ++ * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. ++ * This does not leak any side-channel information. ++ */ ++ if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) ++ goto decoding_err; ++ ++ dblen = num - SHA_DIGEST_LENGTH - 1; ++ db = OPENSSL_malloc(dblen); ++ em = OPENSSL_malloc(num); ++ if (db == NULL || em == NULL) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); ++ goto cleanup; ++ } ++ ++ /* ++ * Always do this zero-padding copy (even when num == flen) to avoid ++ * leaking that information. The copy still leaks some side-channel ++ * information, but it's impossible to have a fixed memory access ++ * pattern since we can't read out of the bounds of |from|. ++ * ++ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. ++ */ ++ memset(em, 0, num); ++ memcpy(em + num - flen, from, flen); ++ ++ /* ++ * The first byte must be zero, however we must not leak if this is ++ * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA ++ * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). ++ */ ++ good = constant_time_is_zero(em[0]); ++ ++ maskedseed = em + 1; ++ maskeddb = em + 1 + SHA_DIGEST_LENGTH; ++ ++ MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) ++ seed[i] ^= maskedseed[i]; ++ ++ MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); ++ for (i = 0; i < dblen; i++) ++ db[i] ^= maskeddb[i]; ++ ++ EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); ++ ++ good &= ++ constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); ++ ++ found_one_byte = 0; ++ for (i = SHA_DIGEST_LENGTH; i < dblen; i++) { ++ /* ++ * Padding consists of a number of 0-bytes, followed by a 1. ++ */ ++ unsigned int equals1 = constant_time_eq(db[i], 1); ++ unsigned int equals0 = constant_time_is_zero(db[i]); ++ one_index = constant_time_select_int(~found_one_byte & equals1, ++ i, one_index); ++ found_one_byte |= equals1; ++ good &= (found_one_byte | equals0); ++ } ++ ++ good &= found_one_byte; ++ ++ /* ++ * At this point |good| is zero unless the plaintext was valid, ++ * so plaintext-awareness ensures timing side-channels are no longer a ++ * concern. ++ */ ++ if (!good) ++ goto decoding_err; ++ ++ msg_index = one_index + 1; ++ mlen = dblen - msg_index; ++ ++ if (tlen < mlen) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); ++ mlen = -1; ++ } else { ++ memcpy(to, db + msg_index, mlen); ++ goto cleanup; ++ } ++ ++ decoding_err: ++ /* ++ * To avoid chosen ciphertext attacks, the error message should not ++ * reveal which kind of decoding error happened. ++ */ ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); ++ cleanup: ++ if (db != NULL) ++ OPENSSL_free(db); ++ if (em != NULL) ++ OPENSSL_free(em); ++ return mlen; ++} + + int PKCS1_MGF1(unsigned char *mask, long len, +- const unsigned char *seed, long seedlen, const EVP_MD *dgst) +- { +- long i, outlen = 0; +- unsigned char cnt[4]; +- EVP_MD_CTX c; +- unsigned char md[EVP_MAX_MD_SIZE]; +- int mdlen; +- +- EVP_MD_CTX_init(&c); +- mdlen = M_EVP_MD_size(dgst); +- for (i = 0; outlen < len; i++) +- { +- cnt[0] = (unsigned char)((i >> 24) & 255); +- cnt[1] = (unsigned char)((i >> 16) & 255); +- cnt[2] = (unsigned char)((i >> 8)) & 255; +- cnt[3] = (unsigned char)(i & 255); +- EVP_DigestInit_ex(&c,dgst, NULL); +- EVP_DigestUpdate(&c, seed, seedlen); +- EVP_DigestUpdate(&c, cnt, 4); +- if (outlen + mdlen <= len) +- { +- EVP_DigestFinal_ex(&c, mask + outlen, NULL); +- outlen += mdlen; +- } +- else +- { +- EVP_DigestFinal_ex(&c, md, NULL); +- memcpy(mask + outlen, md, len - outlen); +- outlen = len; +- } +- } +- EVP_MD_CTX_cleanup(&c); +- return 0; +- } +- +-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) +- { +- return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); +- } ++ const unsigned char *seed, long seedlen, const EVP_MD *dgst) ++{ ++ long i, outlen = 0; ++ unsigned char cnt[4]; ++ EVP_MD_CTX c; ++ unsigned char md[EVP_MAX_MD_SIZE]; ++ int mdlen; ++ ++ EVP_MD_CTX_init(&c); ++ mdlen = M_EVP_MD_size(dgst); ++ for (i = 0; outlen < len; i++) { ++ cnt[0] = (unsigned char)((i >> 24) & 255); ++ cnt[1] = (unsigned char)((i >> 16) & 255); ++ cnt[2] = (unsigned char)((i >> 8)) & 255; ++ cnt[3] = (unsigned char)(i & 255); ++ EVP_DigestInit_ex(&c, dgst, NULL); ++ EVP_DigestUpdate(&c, seed, seedlen); ++ EVP_DigestUpdate(&c, cnt, 4); ++ if (outlen + mdlen <= len) { ++ EVP_DigestFinal_ex(&c, mask + outlen, NULL); ++ outlen += mdlen; ++ } else { ++ EVP_DigestFinal_ex(&c, md, NULL); ++ memcpy(mask + outlen, md, len - outlen); ++ outlen = len; ++ } ++ } ++ EVP_MD_CTX_cleanup(&c); ++ return 0; ++} ++ ++int MGF1(unsigned char *mask, long len, const unsigned char *seed, ++ long seedlen) ++{ ++ return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c +index 8560755..efa1fd3 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,13 +49,15 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + ++#include "constant_time_locl.h" ++ + #include + #include "cryptlib.h" + #include +@@ -63,162 +65,211 @@ + #include + + int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +- const unsigned char *from, int flen) +- { +- int j; +- unsigned char *p; +- +- if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- return(0); +- } +- +- p=(unsigned char *)to; +- +- *(p++)=0; +- *(p++)=1; /* Private Key BT (Block Type) */ +- +- /* pad out with 0xff data */ +- j=tlen-3-flen; +- memset(p,0xff,j); +- p+=j; +- *(p++)='\0'; +- memcpy(p,from,(unsigned int)flen); +- return(1); +- } ++ const unsigned char *from, int flen) ++{ ++ int j; ++ unsigned char *p; ++ ++ if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, ++ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ return (0); ++ } ++ ++ p = (unsigned char *)to; ++ ++ *(p++) = 0; ++ *(p++) = 1; /* Private Key BT (Block Type) */ ++ ++ /* pad out with 0xff data */ ++ j = tlen - 3 - flen; ++ memset(p, 0xff, j); ++ p += j; ++ *(p++) = '\0'; ++ memcpy(p, from, (unsigned int)flen); ++ return (1); ++} + + int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +- const unsigned char *from, int flen, int num) +- { +- int i,j; +- const unsigned char *p; +- +- p=from; +- if ((num != (flen+1)) || (*(p++) != 01)) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); +- return(-1); +- } +- +- /* scan over padding data */ +- j=flen-1; /* one for type. */ +- for (i=0; i tlen) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE); +- return(-1); +- } +- memcpy(to,p,(unsigned int)j); +- +- return(j); +- } ++ const unsigned char *from, int flen, ++ int num) ++{ ++ int i, j; ++ const unsigned char *p; ++ ++ p = from; ++ if ((num != (flen + 1)) || (*(p++) != 01)) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, ++ RSA_R_BLOCK_TYPE_IS_NOT_01); ++ return (-1); ++ } ++ ++ /* scan over padding data */ ++ j = flen - 1; /* one for type. */ ++ for (i = 0; i < j; i++) { ++ if (*p != 0xff) { /* should decrypt to 0xff */ ++ if (*p == 0) { ++ p++; ++ break; ++ } else { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, ++ RSA_R_BAD_FIXED_HEADER_DECRYPT); ++ return (-1); ++ } ++ } ++ p++; ++ } ++ ++ if (i == j) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, ++ RSA_R_NULL_BEFORE_BLOCK_MISSING); ++ return (-1); ++ } ++ ++ if (i < 8) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, ++ RSA_R_BAD_PAD_BYTE_COUNT); ++ return (-1); ++ } ++ i++; /* Skip over the '\0' */ ++ j -= i; ++ if (j > tlen) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE); ++ return (-1); ++ } ++ memcpy(to, p, (unsigned int)j); ++ ++ return (j); ++} + + int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +- const unsigned char *from, int flen) +- { +- int i,j; +- unsigned char *p; +- +- if (flen > (tlen-11)) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- return(0); +- } +- +- p=(unsigned char *)to; +- +- *(p++)=0; +- *(p++)=2; /* Public Key BT (Block Type) */ +- +- /* pad out with non-zero random data */ +- j=tlen-3-flen; +- +- if (RAND_bytes(p,j) <= 0) +- return(0); +- for (i=0; i (tlen - 11)) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, ++ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ return (0); ++ } ++ ++ p = (unsigned char *)to; ++ ++ *(p++) = 0; ++ *(p++) = 2; /* Public Key BT (Block Type) */ ++ ++ /* pad out with non-zero random data */ ++ j = tlen - 3 - flen; ++ ++ if (RAND_bytes(p, j) <= 0) ++ return (0); ++ for (i = 0; i < j; i++) { ++ if (*p == '\0') ++ do { ++ if (RAND_bytes(p, 1) <= 0) ++ return (0); ++ } while (*p == '\0'); ++ p++; ++ } ++ ++ *(p++) = '\0'; ++ ++ memcpy(p, from, (unsigned int)flen); ++ return (1); ++} + + int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +- const unsigned char *from, int flen, int num) +- { +- int i,j; +- const unsigned char *p; +- +- p=from; +- if ((num != (flen+1)) || (*(p++) != 02)) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); +- return(-1); +- } +-#ifdef PKCS1_CHECK +- return(num-11); +-#endif +- +- /* scan over padding data */ +- j=flen-1; /* one for type. */ +- for (i=0; i tlen) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); +- return(-1); +- } +- memcpy(to,p,(unsigned int)j); +- +- return(j); +- } ++ const unsigned char *from, int flen, ++ int num) ++{ ++ int i; ++ /* |em| is the encoded message, zero-padded to exactly |num| bytes */ ++ unsigned char *em = NULL; ++ unsigned int good, found_zero_byte; ++ int zero_index = 0, msg_index, mlen = -1; ++ ++ if (tlen < 0 || flen < 0) ++ return -1; ++ ++ /* ++ * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard", ++ * section 7.2.2. ++ */ ++ ++ if (flen > num) ++ goto err; ++ ++ if (num < 11) ++ goto err; ++ ++ em = OPENSSL_malloc(num); ++ if (em == NULL) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ memset(em, 0, num); ++ /* ++ * Always do this zero-padding copy (even when num == flen) to avoid ++ * leaking that information. The copy still leaks some side-channel ++ * information, but it's impossible to have a fixed memory access ++ * pattern since we can't read out of the bounds of |from|. ++ * ++ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. ++ */ ++ memcpy(em + num - flen, from, flen); ++ ++ good = constant_time_is_zero(em[0]); ++ good &= constant_time_eq(em[1], 2); ++ ++ found_zero_byte = 0; ++ for (i = 2; i < num; i++) { ++ unsigned int equals0 = constant_time_is_zero(em[i]); ++ zero_index = ++ constant_time_select_int(~found_zero_byte & equals0, i, ++ zero_index); ++ found_zero_byte |= equals0; ++ } ++ ++ /* ++ * PS must be at least 8 bytes long, and it starts two bytes into |em|. ++ * If we never found a 0-byte, then |zero_index| is 0 and the check ++ * also fails. ++ */ ++ good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); ++ ++ /* ++ * Skip the zero byte. This is incorrect if we never found a zero-byte ++ * but in this case we also do not copy the message out. ++ */ ++ msg_index = zero_index + 1; ++ mlen = num - msg_index; ++ ++ /* ++ * For good measure, do this check in constant time as well; it could ++ * leak something if |tlen| was assuming valid padding. ++ */ ++ good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); ++ ++ /* ++ * We can't continue in constant-time because we need to copy the result ++ * and we cannot fake its length. This unavoidably leaks timing ++ * information at the API boundary. ++ * TODO(emilia): this could be addressed at the call site, ++ * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. ++ */ ++ if (!good) { ++ mlen = -1; ++ goto err; ++ } ++ ++ memcpy(to, em + msg_index, mlen); + ++ err: ++ if (em != NULL) ++ OPENSSL_free(em); ++ if (mlen == -1) ++ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ++ RSA_R_PKCS_DECODING_ERROR); ++ return mlen; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +index 2bda491..c405425 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +@@ -1,6 +1,7 @@ + /* rsa_pss.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2005. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. + */ + /* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,206 +65,192 @@ + #include + #include + +-static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; ++static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + + #if defined(_MSC_VER) && defined(_ARM_) +-#pragma optimize("g", off) ++# pragma optimize("g", off) + #endif + + int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, +- const EVP_MD *Hash, const unsigned char *EM, int sLen) +- { +- int i; +- int ret = 0; +- int hLen, maskedDBLen, MSBits, emLen; +- const unsigned char *H; +- unsigned char *DB = NULL; +- EVP_MD_CTX ctx; +- unsigned char H_[EVP_MAX_MD_SIZE]; ++ const EVP_MD *Hash, const unsigned char *EM, ++ int sLen) ++{ ++ int i; ++ int ret = 0; ++ int hLen, maskedDBLen, MSBits, emLen; ++ const unsigned char *H; ++ unsigned char *DB = NULL; ++ EVP_MD_CTX ctx; ++ unsigned char H_[EVP_MAX_MD_SIZE]; + +- hLen = M_EVP_MD_size(Hash); +- /* +- * Negative sLen has special meanings: +- * -1 sLen == hLen +- * -2 salt length is autorecovered from signature +- * -N reserved +- */ +- if (sLen == -1) sLen = hLen; +- else if (sLen == -2) sLen = -2; +- else if (sLen < -2) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); +- goto err; +- } ++ hLen = M_EVP_MD_size(Hash); ++ /*- ++ * Negative sLen has special meanings: ++ * -1 sLen == hLen ++ * -2 salt length is autorecovered from signature ++ * -N reserved ++ */ ++ if (sLen == -1) ++ sLen = hLen; ++ else if (sLen == -2) ++ sLen = -2; ++ else if (sLen < -2) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); ++ goto err; ++ } + +- MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; +- emLen = RSA_size(rsa); +- if (EM[0] & (0xFF << MSBits)) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); +- goto err; +- } +- if (MSBits == 0) +- { +- EM++; +- emLen--; +- } +- if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); +- goto err; +- } +- if (EM[emLen - 1] != 0xbc) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); +- goto err; +- } +- maskedDBLen = emLen - hLen - 1; +- H = EM + maskedDBLen; +- DB = OPENSSL_malloc(maskedDBLen); +- if (!DB) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); +- for (i = 0; i < maskedDBLen; i++) +- DB[i] ^= EM[i]; +- if (MSBits) +- DB[0] &= 0xFF >> (8 - MSBits); +- for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; +- if (DB[i++] != 0x1) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); +- goto err; +- } +- if (sLen >= 0 && (maskedDBLen - i) != sLen) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); +- goto err; +- } +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit_ex(&ctx, Hash, NULL); +- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); +- EVP_DigestUpdate(&ctx, mHash, hLen); +- if (maskedDBLen - i) +- EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); +- EVP_DigestFinal(&ctx, H_, NULL); +- EVP_MD_CTX_cleanup(&ctx); +- if (memcmp(H_, H, hLen)) +- { +- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); +- ret = 0; +- } +- else +- ret = 1; ++ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; ++ emLen = RSA_size(rsa); ++ if (EM[0] & (0xFF << MSBits)) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID); ++ goto err; ++ } ++ if (MSBits == 0) { ++ EM++; ++ emLen--; ++ } ++ if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */ ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE); ++ goto err; ++ } ++ if (EM[emLen - 1] != 0xbc) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID); ++ goto err; ++ } ++ maskedDBLen = emLen - hLen - 1; ++ H = EM + maskedDBLen; ++ DB = OPENSSL_malloc(maskedDBLen); ++ if (!DB) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); ++ for (i = 0; i < maskedDBLen; i++) ++ DB[i] ^= EM[i]; ++ if (MSBits) ++ DB[0] &= 0xFF >> (8 - MSBits); ++ for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ; ++ if (DB[i++] != 0x1) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED); ++ goto err; ++ } ++ if (sLen >= 0 && (maskedDBLen - i) != sLen) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); ++ goto err; ++ } ++ EVP_MD_CTX_init(&ctx); ++ EVP_DigestInit_ex(&ctx, Hash, NULL); ++ EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); ++ EVP_DigestUpdate(&ctx, mHash, hLen); ++ if (maskedDBLen - i) ++ EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i); ++ EVP_DigestFinal(&ctx, H_, NULL); ++ EVP_MD_CTX_cleanup(&ctx); ++ if (memcmp(H_, H, hLen)) { ++ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE); ++ ret = 0; ++ } else ++ ret = 1; + +- err: +- if (DB) +- OPENSSL_free(DB); ++ err: ++ if (DB) ++ OPENSSL_free(DB); + +- return ret; ++ return ret; + +- } ++} + + int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, +- const unsigned char *mHash, +- const EVP_MD *Hash, int sLen) +- { +- int i; +- int ret = 0; +- int hLen, maskedDBLen, MSBits, emLen; +- unsigned char *H, *salt = NULL, *p; +- EVP_MD_CTX ctx; ++ const unsigned char *mHash, ++ const EVP_MD *Hash, int sLen) ++{ ++ int i; ++ int ret = 0; ++ int hLen, maskedDBLen, MSBits, emLen; ++ unsigned char *H, *salt = NULL, *p; ++ EVP_MD_CTX ctx; + +- hLen = M_EVP_MD_size(Hash); +- /* +- * Negative sLen has special meanings: +- * -1 sLen == hLen +- * -2 salt length is maximized +- * -N reserved +- */ +- if (sLen == -1) sLen = hLen; +- else if (sLen == -2) sLen = -2; +- else if (sLen < -2) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); +- goto err; +- } ++ hLen = M_EVP_MD_size(Hash); ++ /*- ++ * Negative sLen has special meanings: ++ * -1 sLen == hLen ++ * -2 salt length is maximized ++ * -N reserved ++ */ ++ if (sLen == -1) ++ sLen = hLen; ++ else if (sLen == -2) ++ sLen = -2; ++ else if (sLen < -2) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED); ++ goto err; ++ } + +- MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; +- emLen = RSA_size(rsa); +- if (MSBits == 0) +- { +- *EM++ = 0; +- emLen--; +- } +- if (sLen == -2) +- { +- sLen = emLen - hLen - 2; +- } +- else if (emLen < (hLen + sLen + 2)) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, +- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- goto err; +- } +- if (sLen > 0) +- { +- salt = OPENSSL_malloc(sLen); +- if (!salt) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (RAND_bytes(salt, sLen) <= 0) +- goto err; +- } +- maskedDBLen = emLen - hLen - 1; +- H = EM + maskedDBLen; +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit_ex(&ctx, Hash, NULL); +- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); +- EVP_DigestUpdate(&ctx, mHash, hLen); +- if (sLen) +- EVP_DigestUpdate(&ctx, salt, sLen); +- EVP_DigestFinal(&ctx, H, NULL); +- EVP_MD_CTX_cleanup(&ctx); ++ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; ++ emLen = RSA_size(rsa); ++ if (MSBits == 0) { ++ *EM++ = 0; ++ emLen--; ++ } ++ if (sLen == -2) { ++ sLen = emLen - hLen - 2; ++ } else if (emLen < (hLen + sLen + 2)) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ++ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ goto err; ++ } ++ if (sLen > 0) { ++ salt = OPENSSL_malloc(sLen); ++ if (!salt) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (RAND_bytes(salt, sLen) <= 0) ++ goto err; ++ } ++ maskedDBLen = emLen - hLen - 1; ++ H = EM + maskedDBLen; ++ EVP_MD_CTX_init(&ctx); ++ EVP_DigestInit_ex(&ctx, Hash, NULL); ++ EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes); ++ EVP_DigestUpdate(&ctx, mHash, hLen); ++ if (sLen) ++ EVP_DigestUpdate(&ctx, salt, sLen); ++ EVP_DigestFinal(&ctx, H, NULL); ++ EVP_MD_CTX_cleanup(&ctx); + +- /* Generate dbMask in place then perform XOR on it */ +- PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); ++ /* Generate dbMask in place then perform XOR on it */ ++ PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); + +- p = EM; ++ p = EM; + +- /* Initial PS XORs with all zeroes which is a NOP so just update +- * pointer. Note from a test above this value is guaranteed to +- * be non-negative. +- */ +- p += emLen - sLen - hLen - 2; +- *p++ ^= 0x1; +- if (sLen > 0) +- { +- for (i = 0; i < sLen; i++) +- *p++ ^= salt[i]; +- } +- if (MSBits) +- EM[0] &= 0xFF >> (8 - MSBits); ++ /* ++ * Initial PS XORs with all zeroes which is a NOP so just update pointer. ++ * Note from a test above this value is guaranteed to be non-negative. ++ */ ++ p += emLen - sLen - hLen - 2; ++ *p++ ^= 0x1; ++ if (sLen > 0) { ++ for (i = 0; i < sLen; i++) ++ *p++ ^= salt[i]; ++ } ++ if (MSBits) ++ EM[0] &= 0xFF >> (8 - MSBits); + +- /* H is already in place so just set final 0xbc */ ++ /* H is already in place so just set final 0xbc */ + +- EM[emLen - 1] = 0xbc; ++ EM[emLen - 1] = 0xbc; + +- ret = 1; ++ ret = 1; + +- err: +- if (salt) +- OPENSSL_free(salt); ++ err: ++ if (salt) ++ OPENSSL_free(salt); + +- return ret; ++ return ret; + +- } ++} + + #if defined(_MSC_VER) +-#pragma optimize("",on) ++# pragma optimize("",on) + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c +index f98e0a8..e400236 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,87 +64,85 @@ + #include + + int RSA_sign_ASN1_OCTET_STRING(int type, +- const unsigned char *m, unsigned int m_len, +- unsigned char *sigret, unsigned int *siglen, RSA *rsa) +- { +- ASN1_OCTET_STRING sig; +- int i,j,ret=1; +- unsigned char *p,*s; ++ const unsigned char *m, unsigned int m_len, ++ unsigned char *sigret, unsigned int *siglen, ++ RSA *rsa) ++{ ++ ASN1_OCTET_STRING sig; ++ int i, j, ret = 1; ++ unsigned char *p, *s; + +- sig.type=V_ASN1_OCTET_STRING; +- sig.length=m_len; +- sig.data=(unsigned char *)m; ++ sig.type = V_ASN1_OCTET_STRING; ++ sig.length = m_len; ++ sig.data = (unsigned char *)m; + +- i=i2d_ASN1_OCTET_STRING(&sig,NULL); +- j=RSA_size(rsa); +- if (i > (j-RSA_PKCS1_PADDING_SIZE)) +- { +- RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); +- return(0); +- } +- s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); +- if (s == NULL) +- { +- RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- p=s; +- i2d_ASN1_OCTET_STRING(&sig,&p); +- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); +- if (i <= 0) +- ret=0; +- else +- *siglen=i; ++ i = i2d_ASN1_OCTET_STRING(&sig, NULL); ++ j = RSA_size(rsa); ++ if (i > (j - RSA_PKCS1_PADDING_SIZE)) { ++ RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ++ RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); ++ return (0); ++ } ++ s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); ++ if (s == NULL) { ++ RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ p = s; ++ i2d_ASN1_OCTET_STRING(&sig, &p); ++ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); ++ if (i <= 0) ++ ret = 0; ++ else ++ *siglen = i; + +- OPENSSL_cleanse(s,(unsigned int)j+1); +- OPENSSL_free(s); +- return(ret); +- } ++ OPENSSL_cleanse(s, (unsigned int)j + 1); ++ OPENSSL_free(s); ++ return (ret); ++} + + int RSA_verify_ASN1_OCTET_STRING(int dtype, +- const unsigned char *m, +- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, +- RSA *rsa) +- { +- int i,ret=0; +- unsigned char *s; +- const unsigned char *p; +- ASN1_OCTET_STRING *sig=NULL; +- +- if (siglen != (unsigned int)RSA_size(rsa)) +- { +- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH); +- return(0); +- } ++ const unsigned char *m, ++ unsigned int m_len, unsigned char *sigbuf, ++ unsigned int siglen, RSA *rsa) ++{ ++ int i, ret = 0; ++ unsigned char *s; ++ const unsigned char *p; ++ ASN1_OCTET_STRING *sig = NULL; + +- s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); +- if (s == NULL) +- { +- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); ++ if (siglen != (unsigned int)RSA_size(rsa)) { ++ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ++ RSA_R_WRONG_SIGNATURE_LENGTH); ++ return (0); ++ } + +- if (i <= 0) goto err; ++ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); ++ if (s == NULL) { ++ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); + +- p=s; +- sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i); +- if (sig == NULL) goto err; ++ if (i <= 0) ++ goto err; + +- if ( ((unsigned int)sig->length != m_len) || +- (memcmp(m,sig->data,m_len) != 0)) +- { +- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE); +- } +- else +- ret=1; +-err: +- if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); +- if (s != NULL) +- { +- OPENSSL_cleanse(s,(unsigned int)siglen); +- OPENSSL_free(s); +- } +- return(ret); +- } ++ p = s; ++ sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i); ++ if (sig == NULL) ++ goto err; + ++ if (((unsigned int)sig->length != m_len) || ++ (memcmp(m, sig->data, m_len) != 0)) { ++ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE); ++ } else ++ ret = 1; ++ err: ++ if (sig != NULL) ++ M_ASN1_OCTET_STRING_free(sig); ++ if (s != NULL) { ++ OPENSSL_cleanse(s, (unsigned int)siglen); ++ OPENSSL_free(s); ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +index 743dfd7..b58c0ec 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,214 +64,217 @@ + #include + + /* Size of an SSL signature: MD5+SHA1 */ +-#define SSL_SIG_LENGTH 36 ++#define SSL_SIG_LENGTH 36 + + int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +- unsigned char *sigret, unsigned int *siglen, RSA *rsa) +- { +- X509_SIG sig; +- ASN1_TYPE parameter; +- int i,j,ret=1; +- unsigned char *p, *tmps = NULL; +- const unsigned char *s = NULL; +- X509_ALGOR algor; +- ASN1_OCTET_STRING digest; +- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) +- { +- return rsa->meth->rsa_sign(type, m, m_len, +- sigret, siglen, rsa); +- } +- /* Special case: SSL signature, just check the length */ +- if(type == NID_md5_sha1) { +- if(m_len != SSL_SIG_LENGTH) { +- RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); +- return(0); +- } +- i = SSL_SIG_LENGTH; +- s = m; +- } else { +- /* NB: in FIPS mode block anything that isn't a TLS signature */ ++ unsigned char *sigret, unsigned int *siglen, RSA *rsa) ++{ ++ X509_SIG sig; ++ ASN1_TYPE parameter; ++ int i, j, ret = 1; ++ unsigned char *p, *tmps = NULL; ++ const unsigned char *s = NULL; ++ X509_ALGOR algor; ++ ASN1_OCTET_STRING digest; ++ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { ++ return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); ++ } ++ /* Special case: SSL signature, just check the length */ ++ if (type == NID_md5_sha1) { ++ if (m_len != SSL_SIG_LENGTH) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); ++ return (0); ++ } ++ i = SSL_SIG_LENGTH; ++ s = m; ++ } else { ++ /* NB: in FIPS mode block anything that isn't a TLS signature */ + #ifdef OPENSSL_FIPS +- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) +- { +- RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } ++ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } + #endif +- sig.algor= &algor; +- sig.algor->algorithm=OBJ_nid2obj(type); +- if (sig.algor->algorithm == NULL) +- { +- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); +- return(0); +- } +- if (sig.algor->algorithm->length == 0) +- { +- RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); +- return(0); +- } +- parameter.type=V_ASN1_NULL; +- parameter.value.ptr=NULL; +- sig.algor->parameter= ¶meter; ++ sig.algor = &algor; ++ sig.algor->algorithm = OBJ_nid2obj(type); ++ if (sig.algor->algorithm == NULL) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE); ++ return (0); ++ } ++ if (sig.algor->algorithm->length == 0) { ++ RSAerr(RSA_F_RSA_SIGN, ++ RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ++ return (0); ++ } ++ parameter.type = V_ASN1_NULL; ++ parameter.value.ptr = NULL; ++ sig.algor->parameter = ¶meter; + +- sig.digest= &digest; +- sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */ +- sig.digest->length=m_len; ++ sig.digest = &digest; ++ sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */ ++ sig.digest->length = m_len; + +- i=i2d_X509_SIG(&sig,NULL); +- } +- j=RSA_size(rsa); +- if (i > (j-RSA_PKCS1_PADDING_SIZE)) +- { +- RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); +- return(0); +- } +- if(type != NID_md5_sha1) { +- tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); +- if (tmps == NULL) +- { +- RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- p=tmps; +- i2d_X509_SIG(&sig,&p); +- s=tmps; +- } ++ i = i2d_X509_SIG(&sig, NULL); ++ } ++ j = RSA_size(rsa); ++ if (i > (j - RSA_PKCS1_PADDING_SIZE)) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); ++ return (0); ++ } ++ if (type != NID_md5_sha1) { ++ tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); ++ if (tmps == NULL) { ++ RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ p = tmps; ++ i2d_X509_SIG(&sig, &p); ++ s = tmps; ++ } + #ifdef OPENSSL_FIPS +- /* Bypass algorithm blocking: this is allowed if we get this far */ +- i=rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING); ++ /* Bypass algorithm blocking: this is allowed if we get this far */ ++ i = rsa->meth->rsa_priv_enc(i, s, sigret, rsa, RSA_PKCS1_PADDING); + #else +- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); ++ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); + #endif +- if (i <= 0) +- ret=0; +- else +- *siglen=i; ++ if (i <= 0) ++ ret = 0; ++ else ++ *siglen = i; + +- if(type != NID_md5_sha1) { +- OPENSSL_cleanse(tmps,(unsigned int)j+1); +- OPENSSL_free(tmps); +- } +- return(ret); +- } ++ if (type != NID_md5_sha1) { ++ OPENSSL_cleanse(tmps, (unsigned int)j + 1); ++ OPENSSL_free(tmps); ++ } ++ return (ret); ++} ++ ++/* ++ * Check DigestInfo structure does not contain extraneous data by reencoding ++ * using DER and checking encoding against original. ++ */ ++static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, ++ int dinfolen) ++{ ++ unsigned char *der = NULL; ++ int derlen; ++ int ret = 0; ++ derlen = i2d_X509_SIG(sig, &der); ++ if (derlen <= 0) ++ return 0; ++ if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) ++ ret = 1; ++ OPENSSL_cleanse(der, derlen); ++ OPENSSL_free(der); ++ return ret; ++} + + int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, +- unsigned char *sigbuf, unsigned int siglen, RSA *rsa) +- { +- int i,ret=0,sigtype; +- unsigned char *s; +- X509_SIG *sig=NULL; ++ unsigned char *sigbuf, unsigned int siglen, RSA *rsa) ++{ ++ int i, ret = 0, sigtype; ++ unsigned char *s; ++ X509_SIG *sig = NULL; + +- if (siglen != (unsigned int)RSA_size(rsa)) +- { +- RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); +- return(0); +- } ++ if (siglen != (unsigned int)RSA_size(rsa)) { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); ++ return (0); ++ } + +- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) +- { +- return rsa->meth->rsa_verify(dtype, m, m_len, +- sigbuf, siglen, rsa); +- } ++ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { ++ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); ++ } + +- s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); +- if (s == NULL) +- { +- RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if(dtype == NID_md5_sha1) +- { +- if (m_len != SSL_SIG_LENGTH) +- { +- RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); +- goto err; +- } +- } +- /* NB: in FIPS mode block anything that isn't a TLS signature */ ++ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); ++ if (s == NULL) { ++ RSAerr(RSA_F_RSA_VERIFY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (dtype == NID_md5_sha1) { ++ if (m_len != SSL_SIG_LENGTH) { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); ++ goto err; ++ } ++ } ++ /* NB: in FIPS mode block anything that isn't a TLS signature */ + #ifdef OPENSSL_FIPS +- else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) +- { +- RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); +- return 0; +- } +- /* Bypass algorithm blocking: this is allowed */ +- i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); ++ else if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return 0; ++ } ++ /* Bypass algorithm blocking: this is allowed */ ++ i = rsa->meth->rsa_pub_dec((int)siglen, sigbuf, s, rsa, ++ RSA_PKCS1_PADDING); + #else +- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); ++ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); + #endif + +- if (i <= 0) goto err; +- +- /* Special case: SSL signature */ +- if(dtype == NID_md5_sha1) { +- if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) +- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); +- else ret = 1; +- } else { +- const unsigned char *p=s; +- sig=d2i_X509_SIG(NULL,&p,(long)i); ++ if (i <= 0) ++ goto err; + +- if (sig == NULL) goto err; ++ /* Special case: SSL signature */ ++ if (dtype == NID_md5_sha1) { ++ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ else ++ ret = 1; ++ } else { ++ const unsigned char *p = s; ++ sig = d2i_X509_SIG(NULL, &p, (long)i); + +- /* Excess data can be used to create forgeries */ +- if(p != s+i) +- { +- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); +- goto err; +- } ++ if (sig == NULL) ++ goto err; + +- /* Parameters to the signature algorithm can also be used to +- create forgeries */ +- if(sig->algor->parameter +- && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) +- { +- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); +- goto err; +- } ++ /* Excess data can be used to create forgeries */ ++ if (p != s + i || !rsa_check_digestinfo(sig, s, i)) { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ goto err; ++ } + +- sigtype=OBJ_obj2nid(sig->algor->algorithm); ++ /* ++ * Parameters to the signature algorithm can also be used to create ++ * forgeries ++ */ ++ if (sig->algor->parameter ++ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ goto err; ++ } + ++ sigtype = OBJ_obj2nid(sig->algor->algorithm); + +- #ifdef RSA_DEBUG +- /* put a backward compatibility flag in EAY */ +- fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), +- OBJ_nid2ln(dtype)); +- #endif +- if (sigtype != dtype) +- { +- if (((dtype == NID_md5) && +- (sigtype == NID_md5WithRSAEncryption)) || +- ((dtype == NID_md2) && +- (sigtype == NID_md2WithRSAEncryption))) +- { +- /* ok, we will let it through */ ++#ifdef RSA_DEBUG ++ /* put a backward compatibility flag in EAY */ ++ fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype), ++ OBJ_nid2ln(dtype)); ++#endif ++ if (sigtype != dtype) { ++ if (((dtype == NID_md5) && ++ (sigtype == NID_md5WithRSAEncryption)) || ++ ((dtype == NID_md2) && ++ (sigtype == NID_md2WithRSAEncryption))) { ++ /* ok, we will let it through */ + #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +- fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); ++ fprintf(stderr, ++ "signature has problems, re-make with post SSLeay045\n"); + #endif +- } +- else +- { +- RSAerr(RSA_F_RSA_VERIFY, +- RSA_R_ALGORITHM_MISMATCH); +- goto err; +- } +- } +- if ( ((unsigned int)sig->digest->length != m_len) || +- (memcmp(m,sig->digest->data,m_len) != 0)) +- { +- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); +- } +- else +- ret=1; +- } +-err: +- if (sig != NULL) X509_SIG_free(sig); +- if (s != NULL) +- { +- OPENSSL_cleanse(s,(unsigned int)siglen); +- OPENSSL_free(s); +- } +- return(ret); +- } +- ++ } else { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); ++ goto err; ++ } ++ } ++ if (((unsigned int)sig->digest->length != m_len) || ++ (memcmp(m, sig->digest->data, m_len) != 0)) { ++ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ } else ++ ret = 1; ++ } ++ err: ++ if (sig != NULL) ++ X509_SIG_free(sig); ++ if (s != NULL) { ++ OPENSSL_cleanse(s, (unsigned int)siglen); ++ OPENSSL_free(s); ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c +index cfeff15..746e01f 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,92 +63,87 @@ + #include + + int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +- const unsigned char *from, int flen) +- { +- int i,j; +- unsigned char *p; +- +- if (flen > (tlen-11)) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- return(0); +- } +- +- p=(unsigned char *)to; ++ const unsigned char *from, int flen) ++{ ++ int i, j; ++ unsigned char *p; + +- *(p++)=0; +- *(p++)=2; /* Public Key BT (Block Type) */ ++ if (flen > (tlen - 11)) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, ++ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ return (0); ++ } + +- /* pad out with non-zero random data */ +- j=tlen-3-8-flen; ++ p = (unsigned char *)to; + +- if (RAND_bytes(p,j) <= 0) +- return(0); +- for (i=0; i tlen) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE); +- return(-1); +- } +- memcpy(to,p,(unsigned int)j); ++ if ((i == j) || (i < 8)) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ++ RSA_R_NULL_BEFORE_BLOCK_MISSING); ++ return (-1); ++ } ++ for (k = -9; k < -1; k++) { ++ if (p[k] != 0x03) ++ break; ++ } ++ if (k == -1) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK); ++ return (-1); ++ } + +- return(j); +- } ++ i++; /* Skip over the '\0' */ ++ j -= i; ++ if (j > tlen) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE); ++ return (-1); ++ } ++ memcpy(to, p, (unsigned int)j); + ++ return (j); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c +index 21548e3..725ead0 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c +@@ -1,6 +1,7 @@ + /* rsa_x931.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2005. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. + */ + /* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,114 +65,103 @@ + #include + + int RSA_padding_add_X931(unsigned char *to, int tlen, +- const unsigned char *from, int flen) +- { +- int j; +- unsigned char *p; +- +- /* Absolute minimum amount of padding is 1 header nibble, 1 padding +- * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. +- */ +- +- j = tlen - flen - 2; +- +- if (j < 0) +- { +- RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); +- return -1; +- } +- +- p=(unsigned char *)to; +- +- /* If no padding start and end nibbles are in one byte */ +- if (j == 0) +- *p++ = 0x6A; +- else +- { +- *p++ = 0x6B; +- if (j > 1) +- { +- memset(p, 0xBB, j - 1); +- p += j - 1; +- } +- *p++ = 0xBA; +- } +- memcpy(p,from,(unsigned int)flen); +- p += flen; +- *p = 0xCC; +- return(1); +- } ++ const unsigned char *from, int flen) ++{ ++ int j; ++ unsigned char *p; ++ ++ /* ++ * Absolute minimum amount of padding is 1 header nibble, 1 padding ++ * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. ++ */ ++ ++ j = tlen - flen - 2; ++ ++ if (j < 0) { ++ RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); ++ return -1; ++ } ++ ++ p = (unsigned char *)to; ++ ++ /* If no padding start and end nibbles are in one byte */ ++ if (j == 0) ++ *p++ = 0x6A; ++ else { ++ *p++ = 0x6B; ++ if (j > 1) { ++ memset(p, 0xBB, j - 1); ++ p += j - 1; ++ } ++ *p++ = 0xBA; ++ } ++ memcpy(p, from, (unsigned int)flen); ++ p += flen; ++ *p = 0xCC; ++ return (1); ++} + + int RSA_padding_check_X931(unsigned char *to, int tlen, +- const unsigned char *from, int flen, int num) +- { +- int i = 0,j; +- const unsigned char *p; +- +- p=from; +- if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER); +- return -1; +- } +- +- if (*p++ == 0x6B) +- { +- j=flen-3; +- for (i = 0; i < j; i++) +- { +- unsigned char c = *p++; +- if (c == 0xBA) +- break; +- if (c != 0xBB) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, +- RSA_R_INVALID_PADDING); +- return -1; +- } +- } +- +- j -= i; +- +- if (i == 0) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); +- return -1; +- } +- +- } +- else j = flen - 2; +- +- if (p[j] != 0xCC) +- { +- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); +- return -1; +- } +- +- memcpy(to,p,(unsigned int)j); +- +- return(j); +- } ++ const unsigned char *from, int flen, int num) ++{ ++ int i = 0, j; ++ const unsigned char *p; ++ ++ p = from; ++ if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER); ++ return -1; ++ } ++ ++ if (*p++ == 0x6B) { ++ j = flen - 3; ++ for (i = 0; i < j; i++) { ++ unsigned char c = *p++; ++ if (c == 0xBA) ++ break; ++ if (c != 0xBB) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); ++ return -1; ++ } ++ } ++ ++ j -= i; ++ ++ if (i == 0) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); ++ return -1; ++ } ++ ++ } else ++ j = flen - 2; ++ ++ if (p[j] != 0xCC) { ++ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); ++ return -1; ++ } ++ ++ memcpy(to, p, (unsigned int)j); ++ ++ return (j); ++} + + /* Translate between X931 hash ids and NIDs */ + + int RSA_X931_hash_id(int nid) +- { +- switch (nid) +- { +- case NID_sha1: +- return 0x33; ++{ ++ switch (nid) { ++ case NID_sha1: ++ return 0x33; + +- case NID_sha256: +- return 0x34; ++ case NID_sha256: ++ return 0x34; + +- case NID_sha384: +- return 0x36; ++ case NID_sha384: ++ return 0x36; + +- case NID_sha512: +- return 0x35; +- +- } +- return -1; +- } ++ case NID_sha512: ++ return 0x35; + ++ } ++ return -1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c +index bf94f8b..f29c501 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,189 +67,186 @@ + + /* X9.31 RSA key derivation and generation */ + +-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, +- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, +- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, +- const BIGNUM *e, BN_GENCB *cb) +- { +- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL; +- BN_CTX *ctx=NULL,*ctx2=NULL; +- +- if (!rsa) +- goto err; +- +- ctx = BN_CTX_new(); +- if (!ctx) +- goto err; +- BN_CTX_start(ctx); +- +- r0 = BN_CTX_get(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- r3 = BN_CTX_get(ctx); +- +- if (r3 == NULL) +- goto err; +- if (!rsa->e) +- { +- rsa->e = BN_dup(e); +- if (!rsa->e) +- goto err; +- } +- else +- e = rsa->e; +- +- /* If not all parameters present only calculate what we can. +- * This allows test programs to output selective parameters. +- */ +- +- if (Xp && !rsa->p) +- { +- rsa->p = BN_new(); +- if (!rsa->p) +- goto err; +- +- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, +- Xp, Xp1, Xp2, e, ctx, cb)) +- goto err; +- } +- +- if (Xq && !rsa->q) +- { +- rsa->q = BN_new(); +- if (!rsa->q) +- goto err; +- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, +- Xq, Xq1, Xq2, e, ctx, cb)) +- goto err; +- } +- +- if (!rsa->p || !rsa->q) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- return 2; +- } +- +- /* Since both primes are set we can now calculate all remaining +- * components. +- */ +- +- /* calculate n */ +- rsa->n=BN_new(); +- if (rsa->n == NULL) +- goto err; +- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) +- goto err; +- +- /* calculate d */ +- if (!BN_sub(r1,rsa->p,BN_value_one())) +- goto err; /* p-1 */ +- if (!BN_sub(r2,rsa->q,BN_value_one())) +- goto err; /* q-1 */ +- if (!BN_mul(r0,r1,r2,ctx)) +- goto err; /* (p-1)(q-1) */ +- +- if (!BN_gcd(r3, r1, r2, ctx)) +- goto err; +- +- if (!BN_div(r0, NULL, r0, r3, ctx)) +- goto err; /* LCM((p-1)(q-1)) */ +- +- ctx2 = BN_CTX_new(); +- if (!ctx2) +- goto err; +- +- rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ +- if (rsa->d == NULL) +- goto err; +- +- /* calculate d mod (p-1) */ +- rsa->dmp1=BN_new(); +- if (rsa->dmp1 == NULL) +- goto err; +- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) +- goto err; +- +- /* calculate d mod (q-1) */ +- rsa->dmq1=BN_new(); +- if (rsa->dmq1 == NULL) +- goto err; +- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) +- goto err; +- +- /* calculate inverse of q mod p */ +- rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); +- +- err: +- if (ctx) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- if (ctx2) +- BN_CTX_free(ctx2); +- /* If this is set all calls successful */ +- if (rsa && rsa->iqmp != NULL) +- return 1; +- +- return 0; +- +- } +- +-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) +- { +- int ok = 0; +- BIGNUM *Xp = NULL, *Xq = NULL; +- BN_CTX *ctx = NULL; +- +- ctx = BN_CTX_new(); +- if (!ctx) +- goto error; +- +- BN_CTX_start(ctx); +- Xp = BN_CTX_get(ctx); +- Xq = BN_CTX_get(ctx); +- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) +- goto error; +- +- rsa->p = BN_new(); +- rsa->q = BN_new(); +- if (!rsa->p || !rsa->q) +- goto error; +- +- /* Generate two primes from Xp, Xq */ +- +- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, +- e, ctx, cb)) +- goto error; +- +- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, +- e, ctx, cb)) +- goto error; +- +- /* Since rsa->p and rsa->q are valid this call will just derive +- * remaining RSA components. +- */ +- +- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) +- goto error; +- +- ok = 1; +- +- error: +- if (ctx) +- { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- +- if (ok) +- return 1; +- +- return 0; +- +- } ++int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, ++ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, ++ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, ++ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) ++{ ++ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; ++ BN_CTX *ctx = NULL, *ctx2 = NULL; ++ ++ if (!rsa) ++ goto err; ++ ++ ctx = BN_CTX_new(); ++ if (!ctx) ++ goto err; ++ BN_CTX_start(ctx); ++ ++ r0 = BN_CTX_get(ctx); ++ r1 = BN_CTX_get(ctx); ++ r2 = BN_CTX_get(ctx); ++ r3 = BN_CTX_get(ctx); ++ ++ if (r3 == NULL) ++ goto err; ++ if (!rsa->e) { ++ rsa->e = BN_dup(e); ++ if (!rsa->e) ++ goto err; ++ } else ++ e = rsa->e; ++ ++ /* ++ * If not all parameters present only calculate what we can. This allows ++ * test programs to output selective parameters. ++ */ ++ ++ if (Xp && !rsa->p) { ++ rsa->p = BN_new(); ++ if (!rsa->p) ++ goto err; ++ ++ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, ++ Xp, Xp1, Xp2, e, ctx, cb)) ++ goto err; ++ } ++ ++ if (Xq && !rsa->q) { ++ rsa->q = BN_new(); ++ if (!rsa->q) ++ goto err; ++ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, ++ Xq, Xq1, Xq2, e, ctx, cb)) ++ goto err; ++ } ++ ++ if (!rsa->p || !rsa->q) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ return 2; ++ } ++ ++ /* ++ * Since both primes are set we can now calculate all remaining ++ * components. ++ */ ++ ++ /* calculate n */ ++ rsa->n = BN_new(); ++ if (rsa->n == NULL) ++ goto err; ++ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) ++ goto err; ++ ++ /* calculate d */ ++ if (!BN_sub(r1, rsa->p, BN_value_one())) ++ goto err; /* p-1 */ ++ if (!BN_sub(r2, rsa->q, BN_value_one())) ++ goto err; /* q-1 */ ++ if (!BN_mul(r0, r1, r2, ctx)) ++ goto err; /* (p-1)(q-1) */ ++ ++ if (!BN_gcd(r3, r1, r2, ctx)) ++ goto err; ++ ++ if (!BN_div(r0, NULL, r0, r3, ctx)) ++ goto err; /* LCM((p-1)(q-1)) */ ++ ++ ctx2 = BN_CTX_new(); ++ if (!ctx2) ++ goto err; ++ ++ rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ ++ if (rsa->d == NULL) ++ goto err; ++ ++ /* calculate d mod (p-1) */ ++ rsa->dmp1 = BN_new(); ++ if (rsa->dmp1 == NULL) ++ goto err; ++ if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) ++ goto err; ++ ++ /* calculate d mod (q-1) */ ++ rsa->dmq1 = BN_new(); ++ if (rsa->dmq1 == NULL) ++ goto err; ++ if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) ++ goto err; ++ ++ /* calculate inverse of q mod p */ ++ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); ++ ++ err: ++ if (ctx) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (ctx2) ++ BN_CTX_free(ctx2); ++ /* If this is set all calls successful */ ++ if (rsa && rsa->iqmp != NULL) ++ return 1; ++ ++ return 0; ++ ++} ++ ++int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, ++ BN_GENCB *cb) ++{ ++ int ok = 0; ++ BIGNUM *Xp = NULL, *Xq = NULL; ++ BN_CTX *ctx = NULL; ++ ++ ctx = BN_CTX_new(); ++ if (!ctx) ++ goto error; ++ ++ BN_CTX_start(ctx); ++ Xp = BN_CTX_get(ctx); ++ Xq = BN_CTX_get(ctx); ++ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) ++ goto error; ++ ++ rsa->p = BN_new(); ++ rsa->q = BN_new(); ++ if (!rsa->p || !rsa->q) ++ goto error; ++ ++ /* Generate two primes from Xp, Xq */ ++ ++ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, ++ e, ctx, cb)) ++ goto error; ++ ++ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, ++ e, ctx, cb)) ++ goto error; ++ ++ /* ++ * Since rsa->p and rsa->q are valid this call will just derive remaining ++ * RSA components. ++ */ ++ ++ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) ++ goto error; ++ ++ ok = 1; ++ ++ error: ++ if (ctx) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ ++ if (ok) ++ return 1; ++ ++ return 0; ++ ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +index 4831174..cf68f10 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,16 +63,17 @@ + + #if !defined(OPENSSL_NO_SHA1) + unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) +- { +- SHA_CTX c; +- static unsigned char m[SHA_DIGEST_LENGTH]; ++{ ++ SHA_CTX c; ++ static unsigned char m[SHA_DIGEST_LENGTH]; + +- if (md == NULL) md=m; +- if (!SHA1_Init(&c)) +- return NULL; +- SHA1_Update(&c,d,n); +- SHA1_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); +- return(md); +- } ++ if (md == NULL) ++ md = m; ++ if (!SHA1_Init(&c)) ++ return NULL; ++ SHA1_Update(&c, d, n); ++ SHA1_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +index d31f078..16aa0ef 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,20 +59,18 @@ + #include + #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) + +-#undef SHA_0 +-#define SHA_1 +- +-#include +-#ifdef OPENSSL_FIPS +-#include +-#endif ++# undef SHA_0 ++# define SHA_1 + ++# include ++# ifdef OPENSSL_FIPS ++# include ++# endif + +-const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; ++const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; + + /* The implementation is in ../md32_common.h */ + +-#include "sha_locl.h" ++# include "sha_locl.h" + + #endif +- +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c +index 3256a83..980cc29 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha256.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha256.c +@@ -7,83 +7,102 @@ + #include + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + +-#include +-#include +- +-#include +-#include +-#ifdef OPENSSL_FIPS +-#include +-#endif +- +-#include +- +-const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT; +- +-int SHA224_Init (SHA256_CTX *c) +- { +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; +- c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; +- c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; +- c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; +- c->Nl=0; c->Nh=0; +- c->num=0; c->md_len=SHA224_DIGEST_LENGTH; +- return 1; +- } +- +-int SHA256_Init (SHA256_CTX *c) +- { +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; +- c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; +- c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; +- c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; +- c->Nl=0; c->Nh=0; +- c->num=0; c->md_len=SHA256_DIGEST_LENGTH; +- return 1; +- } ++# include ++# include ++ ++# include ++# include ++# ifdef OPENSSL_FIPS ++# include ++# endif ++ ++# include ++ ++const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; ++ ++int SHA224_Init(SHA256_CTX *c) ++{ ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif ++ c->h[0] = 0xc1059ed8UL; ++ c->h[1] = 0x367cd507UL; ++ c->h[2] = 0x3070dd17UL; ++ c->h[3] = 0xf70e5939UL; ++ c->h[4] = 0xffc00b31UL; ++ c->h[5] = 0x68581511UL; ++ c->h[6] = 0x64f98fa7UL; ++ c->h[7] = 0xbefa4fa4UL; ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ c->md_len = SHA224_DIGEST_LENGTH; ++ return 1; ++} ++ ++int SHA256_Init(SHA256_CTX *c) ++{ ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif ++ c->h[0] = 0x6a09e667UL; ++ c->h[1] = 0xbb67ae85UL; ++ c->h[2] = 0x3c6ef372UL; ++ c->h[3] = 0xa54ff53aUL; ++ c->h[4] = 0x510e527fUL; ++ c->h[5] = 0x9b05688cUL; ++ c->h[6] = 0x1f83d9abUL; ++ c->h[7] = 0x5be0cd19UL; ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ c->md_len = SHA256_DIGEST_LENGTH; ++ return 1; ++} + + unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) +- { +- SHA256_CTX c; +- static unsigned char m[SHA224_DIGEST_LENGTH]; +- +- if (md == NULL) md=m; +- SHA224_Init(&c); +- SHA256_Update(&c,d,n); +- SHA256_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); +- return(md); +- } ++{ ++ SHA256_CTX c; ++ static unsigned char m[SHA224_DIGEST_LENGTH]; ++ ++ if (md == NULL) ++ md = m; ++ SHA224_Init(&c); ++ SHA256_Update(&c, d, n); ++ SHA256_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} + + unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) +- { +- SHA256_CTX c; +- static unsigned char m[SHA256_DIGEST_LENGTH]; +- +- if (md == NULL) md=m; +- SHA256_Init(&c); +- SHA256_Update(&c,d,n); +- SHA256_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); +- return(md); +- } ++{ ++ SHA256_CTX c; ++ static unsigned char m[SHA256_DIGEST_LENGTH]; ++ ++ if (md == NULL) ++ md = m; ++ SHA256_Init(&c); ++ SHA256_Update(&c, d, n); ++ SHA256_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} + + int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) +-{ return SHA256_Update (c,data,len); } +-int SHA224_Final (unsigned char *md, SHA256_CTX *c) +-{ return SHA256_Final (md,c); } ++{ ++ return SHA256_Update(c, data, len); ++} + +-#define DATA_ORDER_IS_BIG_ENDIAN ++int SHA224_Final(unsigned char *md, SHA256_CTX *c) ++{ ++ return SHA256_Final(md, c); ++} ++ ++# define DATA_ORDER_IS_BIG_ENDIAN + +-#define HASH_LONG SHA_LONG +-#define HASH_CTX SHA256_CTX +-#define HASH_CBLOCK SHA_CBLOCK ++# define HASH_LONG SHA_LONG ++# define HASH_CTX SHA256_CTX ++# define HASH_CBLOCK SHA_CBLOCK + /* + * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." + * default: case below covers for it. It's not clear however if it's +@@ -92,201 +111,291 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c) + * Idea behind separate cases for pre-defined lenghts is to let the + * compiler decide if it's appropriate to unroll small loops. + */ +-#define HASH_MAKE_STRING(c,s) do { \ +- unsigned long ll; \ +- unsigned int xn; \ +- switch ((c)->md_len) \ +- { case SHA224_DIGEST_LENGTH: \ +- for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ +- break; \ +- case SHA256_DIGEST_LENGTH: \ +- for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ +- break; \ +- default: \ +- if ((c)->md_len > SHA256_DIGEST_LENGTH) \ +- return 0; \ +- for (xn=0;xn<(c)->md_len/4;xn++) \ +- { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ +- break; \ +- } \ +- } while (0) +- +-#define HASH_UPDATE SHA256_Update +-#define HASH_TRANSFORM SHA256_Transform +-#define HASH_FINAL SHA256_Final +-#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +-#ifndef SHA256_ASM ++# define HASH_MAKE_STRING(c,s) do { \ ++ unsigned long ll; \ ++ unsigned int xn; \ ++ switch ((c)->md_len) \ ++ { case SHA224_DIGEST_LENGTH: \ ++ for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ ++ break; \ ++ case SHA256_DIGEST_LENGTH: \ ++ for (xn=0;xnh[xn]; HOST_l2c(ll,(s)); } \ ++ break; \ ++ default: \ ++ if ((c)->md_len > SHA256_DIGEST_LENGTH) \ ++ return 0; \ ++ for (xn=0;xn<(c)->md_len/4;xn++) \ ++ { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \ ++ break; \ ++ } \ ++ } while (0) ++ ++# define HASH_UPDATE SHA256_Update ++# define HASH_TRANSFORM SHA256_Transform ++# define HASH_FINAL SHA256_Final ++# define HASH_BLOCK_DATA_ORDER sha256_block_data_order ++# ifndef SHA256_ASM + static +-#endif +-void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); ++# endif ++void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); + +-#include "md32_common.h" ++# include "md32_common.h" + +-#ifndef SHA256_ASM ++# ifndef SHA256_ASM + static const SHA_LONG K256[64] = { +- 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, +- 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, +- 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, +- 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, +- 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, +- 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, +- 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, +- 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, +- 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, +- 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, +- 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, +- 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, +- 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, +- 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, +- 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, +- 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; ++ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, ++ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, ++ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, ++ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, ++ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, ++ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, ++ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, ++ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, ++ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, ++ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, ++ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, ++ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, ++ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, ++ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, ++ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, ++ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL ++}; + + /* + * FIPS specification refers to right rotations, while our ROTATE macro + * is left one. This is why you might notice that rotation coefficients + * differ from those observed in FIPS document by 32-N... + */ +-#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +-#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +-#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +-#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) +- +-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +- +-#ifdef OPENSSL_SMALL_FOOTPRINT +- +-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) +- { +- unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; +- SHA_LONG X[16],l; +- int i; +- const unsigned char *data=in; +- +- while (num--) { +- +- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; +- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; +- +- for (i=0;i<16;i++) +- { +- HOST_c2l(data,l); T1 = X[i] = l; +- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; +- T2 = Sigma0(a) + Maj(a,b,c); +- h = g; g = f; f = e; e = d + T1; +- d = c; c = b; b = a; a = T1 + T2; +- } +- +- for (;i<64;i++) +- { +- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); +- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); +- +- T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; +- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; +- T2 = Sigma0(a) + Maj(a,b,c); +- h = g; g = f; f = e; e = d + T1; +- d = c; c = b; b = a; a = T1 + T2; +- } +- +- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; +- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; +- +- } ++# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) ++# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) ++# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) ++# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) ++ ++# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) ++# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) ++ ++# ifdef OPENSSL_SMALL_FOOTPRINT ++ ++static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, ++ size_t num) ++{ ++ unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2; ++ SHA_LONG X[16], l; ++ int i; ++ const unsigned char *data = in; ++ ++ while (num--) { ++ ++ a = ctx->h[0]; ++ b = ctx->h[1]; ++ c = ctx->h[2]; ++ d = ctx->h[3]; ++ e = ctx->h[4]; ++ f = ctx->h[5]; ++ g = ctx->h[6]; ++ h = ctx->h[7]; ++ ++ for (i = 0; i < 16; i++) { ++ HOST_c2l(data, l); ++ T1 = X[i] = l; ++ T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; ++ T2 = Sigma0(a) + Maj(a, b, c); ++ h = g; ++ g = f; ++ f = e; ++ e = d + T1; ++ d = c; ++ c = b; ++ b = a; ++ a = T1 + T2; ++ } ++ ++ for (; i < 64; i++) { ++ s0 = X[(i + 1) & 0x0f]; ++ s0 = sigma0(s0); ++ s1 = X[(i + 14) & 0x0f]; ++ s1 = sigma1(s1); ++ ++ T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; ++ T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; ++ T2 = Sigma0(a) + Maj(a, b, c); ++ h = g; ++ g = f; ++ f = e; ++ e = d + T1; ++ d = c; ++ c = b; ++ b = a; ++ a = T1 + T2; ++ } ++ ++ ctx->h[0] += a; ++ ctx->h[1] += b; ++ ctx->h[2] += c; ++ ctx->h[3] += d; ++ ctx->h[4] += e; ++ ctx->h[5] += f; ++ ctx->h[6] += g; ++ ctx->h[7] += h; ++ ++ } + } + +-#else +- +-#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ +- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ +- h = Sigma0(a) + Maj(a,b,c); \ +- d += T1; h += T1; } while (0) +- +-#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ +- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ +- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ +- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ +- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) +- +-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) +- { +- unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; +- SHA_LONG X[16]; +- int i; +- const unsigned char *data=in; +- const union { long one; char little; } is_endian = {1}; +- +- while (num--) { +- +- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; +- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; +- +- if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) +- { +- const SHA_LONG *W=(const SHA_LONG *)data; +- +- T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); +- T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); +- T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); +- T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); +- T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); +- T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); +- T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); +- T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); +- T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); +- T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); +- T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); +- T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); +- T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); +- T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); +- T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); +- T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); +- +- data += SHA256_CBLOCK; +- } +- else +- { +- SHA_LONG l; +- +- HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); +- HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); +- HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); +- HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); +- HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); +- HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); +- HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); +- HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); +- HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); +- HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); +- HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); +- HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); +- HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); +- HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); +- HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); +- HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); +- } +- +- for (i=16;i<64;i+=8) +- { +- ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); +- ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); +- ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); +- ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); +- ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); +- ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); +- ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); +- ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); +- } +- +- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; +- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; +- +- } +- } +- +-#endif +-#endif /* SHA256_ASM */ +- +-#endif /* OPENSSL_NO_SHA256 */ ++# else ++ ++# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ ++ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ ++ h = Sigma0(a) + Maj(a,b,c); \ ++ d += T1; h += T1; } while (0) ++ ++# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ ++ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ ++ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ ++ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ ++ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) ++ ++static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, ++ size_t num) ++{ ++ unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; ++ SHA_LONG X[16]; ++ int i; ++ const unsigned char *data = in; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ while (num--) { ++ ++ a = ctx->h[0]; ++ b = ctx->h[1]; ++ c = ctx->h[2]; ++ d = ctx->h[3]; ++ e = ctx->h[4]; ++ f = ctx->h[5]; ++ g = ctx->h[6]; ++ h = ctx->h[7]; ++ ++ if (!is_endian.little && sizeof(SHA_LONG) == 4 ++ && ((size_t)in % 4) == 0) { ++ const SHA_LONG *W = (const SHA_LONG *)data; ++ ++ T1 = X[0] = W[0]; ++ ROUND_00_15(0, a, b, c, d, e, f, g, h); ++ T1 = X[1] = W[1]; ++ ROUND_00_15(1, h, a, b, c, d, e, f, g); ++ T1 = X[2] = W[2]; ++ ROUND_00_15(2, g, h, a, b, c, d, e, f); ++ T1 = X[3] = W[3]; ++ ROUND_00_15(3, f, g, h, a, b, c, d, e); ++ T1 = X[4] = W[4]; ++ ROUND_00_15(4, e, f, g, h, a, b, c, d); ++ T1 = X[5] = W[5]; ++ ROUND_00_15(5, d, e, f, g, h, a, b, c); ++ T1 = X[6] = W[6]; ++ ROUND_00_15(6, c, d, e, f, g, h, a, b); ++ T1 = X[7] = W[7]; ++ ROUND_00_15(7, b, c, d, e, f, g, h, a); ++ T1 = X[8] = W[8]; ++ ROUND_00_15(8, a, b, c, d, e, f, g, h); ++ T1 = X[9] = W[9]; ++ ROUND_00_15(9, h, a, b, c, d, e, f, g); ++ T1 = X[10] = W[10]; ++ ROUND_00_15(10, g, h, a, b, c, d, e, f); ++ T1 = X[11] = W[11]; ++ ROUND_00_15(11, f, g, h, a, b, c, d, e); ++ T1 = X[12] = W[12]; ++ ROUND_00_15(12, e, f, g, h, a, b, c, d); ++ T1 = X[13] = W[13]; ++ ROUND_00_15(13, d, e, f, g, h, a, b, c); ++ T1 = X[14] = W[14]; ++ ROUND_00_15(14, c, d, e, f, g, h, a, b); ++ T1 = X[15] = W[15]; ++ ROUND_00_15(15, b, c, d, e, f, g, h, a); ++ ++ data += SHA256_CBLOCK; ++ } else { ++ SHA_LONG l; ++ ++ HOST_c2l(data, l); ++ T1 = X[0] = l; ++ ROUND_00_15(0, a, b, c, d, e, f, g, h); ++ HOST_c2l(data, l); ++ T1 = X[1] = l; ++ ROUND_00_15(1, h, a, b, c, d, e, f, g); ++ HOST_c2l(data, l); ++ T1 = X[2] = l; ++ ROUND_00_15(2, g, h, a, b, c, d, e, f); ++ HOST_c2l(data, l); ++ T1 = X[3] = l; ++ ROUND_00_15(3, f, g, h, a, b, c, d, e); ++ HOST_c2l(data, l); ++ T1 = X[4] = l; ++ ROUND_00_15(4, e, f, g, h, a, b, c, d); ++ HOST_c2l(data, l); ++ T1 = X[5] = l; ++ ROUND_00_15(5, d, e, f, g, h, a, b, c); ++ HOST_c2l(data, l); ++ T1 = X[6] = l; ++ ROUND_00_15(6, c, d, e, f, g, h, a, b); ++ HOST_c2l(data, l); ++ T1 = X[7] = l; ++ ROUND_00_15(7, b, c, d, e, f, g, h, a); ++ HOST_c2l(data, l); ++ T1 = X[8] = l; ++ ROUND_00_15(8, a, b, c, d, e, f, g, h); ++ HOST_c2l(data, l); ++ T1 = X[9] = l; ++ ROUND_00_15(9, h, a, b, c, d, e, f, g); ++ HOST_c2l(data, l); ++ T1 = X[10] = l; ++ ROUND_00_15(10, g, h, a, b, c, d, e, f); ++ HOST_c2l(data, l); ++ T1 = X[11] = l; ++ ROUND_00_15(11, f, g, h, a, b, c, d, e); ++ HOST_c2l(data, l); ++ T1 = X[12] = l; ++ ROUND_00_15(12, e, f, g, h, a, b, c, d); ++ HOST_c2l(data, l); ++ T1 = X[13] = l; ++ ROUND_00_15(13, d, e, f, g, h, a, b, c); ++ HOST_c2l(data, l); ++ T1 = X[14] = l; ++ ROUND_00_15(14, c, d, e, f, g, h, a, b); ++ HOST_c2l(data, l); ++ T1 = X[15] = l; ++ ROUND_00_15(15, b, c, d, e, f, g, h, a); ++ } ++ ++ for (i = 16; i < 64; i += 8) { ++ ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X); ++ ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X); ++ ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X); ++ ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X); ++ ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X); ++ ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X); ++ ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X); ++ ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X); ++ } ++ ++ ctx->h[0] += a; ++ ctx->h[1] += b; ++ ctx->h[2] += c; ++ ctx->h[3] += d; ++ ctx->h[4] += e; ++ ctx->h[5] += f; ++ ctx->h[6] += g; ++ ctx->h[7] += h; ++ ++ } ++} ++ ++# endif ++# endif /* SHA256_ASM */ ++ ++#endif /* OPENSSL_NO_SHA256 */ +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c +index 9e91bca..abcbe53 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha512.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha512.c +@@ -6,11 +6,11 @@ + */ + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) +-/* ++/*- + * IMPLEMENTATION NOTES. + * + * As you might have noticed 32-bit hash algorithms: +@@ -43,514 +43,579 @@ + * As this implementation relies on 64-bit integer type, it's totally + * inappropriate for platforms which don't support it, most notably + * 16-bit platforms. +- * ++ * + */ +-#include +-#include ++# include ++# include + +-#include +-#include +-#include ++# include ++# include ++# include + +-#include "cryptlib.h" ++# include "cryptlib.h" + +-const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; ++const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; + +-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(SHA512_ASM) +-#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +-#endif ++# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA ++# endif + +-int SHA384_Init (SHA512_CTX *c) +- { +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- c->h[0]=U64(0xcbbb9d5dc1059ed8); +- c->h[1]=U64(0x629a292a367cd507); +- c->h[2]=U64(0x9159015a3070dd17); +- c->h[3]=U64(0x152fecd8f70e5939); +- c->h[4]=U64(0x67332667ffc00b31); +- c->h[5]=U64(0x8eb44a8768581511); +- c->h[6]=U64(0xdb0c2e0d64f98fa7); +- c->h[7]=U64(0x47b5481dbefa4fa4); +- c->Nl=0; c->Nh=0; +- c->num=0; c->md_len=SHA384_DIGEST_LENGTH; +- return 1; +- } ++int SHA384_Init(SHA512_CTX *c) ++{ ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif ++ c->h[0] = U64(0xcbbb9d5dc1059ed8); ++ c->h[1] = U64(0x629a292a367cd507); ++ c->h[2] = U64(0x9159015a3070dd17); ++ c->h[3] = U64(0x152fecd8f70e5939); ++ c->h[4] = U64(0x67332667ffc00b31); ++ c->h[5] = U64(0x8eb44a8768581511); ++ c->h[6] = U64(0xdb0c2e0d64f98fa7); ++ c->h[7] = U64(0x47b5481dbefa4fa4); ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ c->md_len = SHA384_DIGEST_LENGTH; ++ return 1; ++} ++ ++int SHA512_Init(SHA512_CTX *c) ++{ ++# ifdef OPENSSL_FIPS ++ FIPS_selftest_check(); ++# endif ++ c->h[0] = U64(0x6a09e667f3bcc908); ++ c->h[1] = U64(0xbb67ae8584caa73b); ++ c->h[2] = U64(0x3c6ef372fe94f82b); ++ c->h[3] = U64(0xa54ff53a5f1d36f1); ++ c->h[4] = U64(0x510e527fade682d1); ++ c->h[5] = U64(0x9b05688c2b3e6c1f); ++ c->h[6] = U64(0x1f83d9abfb41bd6b); ++ c->h[7] = U64(0x5be0cd19137e2179); ++ c->Nl = 0; ++ c->Nh = 0; ++ c->num = 0; ++ c->md_len = SHA512_DIGEST_LENGTH; ++ return 1; ++} ++ ++# ifndef SHA512_ASM ++static ++# endif ++void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); ++ ++int SHA512_Final(unsigned char *md, SHA512_CTX *c) ++{ ++ unsigned char *p = (unsigned char *)c->u.p; ++ size_t n = c->num; ++ ++ p[n] = 0x80; /* There always is a room for one */ ++ n++; ++ if (n > (sizeof(c->u) - 16)) ++ memset(p + n, 0, sizeof(c->u) - n), n = 0, ++ sha512_block_data_order(c, p, 1); ++ ++ memset(p + n, 0, sizeof(c->u) - 16 - n); ++# ifdef B_ENDIAN ++ c->u.d[SHA_LBLOCK - 2] = c->Nh; ++ c->u.d[SHA_LBLOCK - 1] = c->Nl; ++# else ++ p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); ++ p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); ++ p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); ++ p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24); ++ p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32); ++ p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40); ++ p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48); ++ p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56); ++ p[sizeof(c->u) - 9] = (unsigned char)(c->Nh); ++ p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8); ++ p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16); ++ p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24); ++ p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32); ++ p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); ++ p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); ++ p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); ++# endif + +-int SHA512_Init (SHA512_CTX *c) +- { +-#ifdef OPENSSL_FIPS +- FIPS_selftest_check(); +-#endif +- c->h[0]=U64(0x6a09e667f3bcc908); +- c->h[1]=U64(0xbb67ae8584caa73b); +- c->h[2]=U64(0x3c6ef372fe94f82b); +- c->h[3]=U64(0xa54ff53a5f1d36f1); +- c->h[4]=U64(0x510e527fade682d1); +- c->h[5]=U64(0x9b05688c2b3e6c1f); +- c->h[6]=U64(0x1f83d9abfb41bd6b); +- c->h[7]=U64(0x5be0cd19137e2179); +- c->Nl=0; c->Nh=0; +- c->num=0; c->md_len=SHA512_DIGEST_LENGTH; ++ sha512_block_data_order(c, p, 1); ++ ++ if (md == 0) ++ return 0; ++ ++ switch (c->md_len) { ++ /* Let compiler decide if it's appropriate to unroll... */ ++ case SHA384_DIGEST_LENGTH: ++ for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { ++ SHA_LONG64 t = c->h[n]; ++ ++ *(md++) = (unsigned char)(t >> 56); ++ *(md++) = (unsigned char)(t >> 48); ++ *(md++) = (unsigned char)(t >> 40); ++ *(md++) = (unsigned char)(t >> 32); ++ *(md++) = (unsigned char)(t >> 24); ++ *(md++) = (unsigned char)(t >> 16); ++ *(md++) = (unsigned char)(t >> 8); ++ *(md++) = (unsigned char)(t); ++ } ++ break; ++ case SHA512_DIGEST_LENGTH: ++ for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { ++ SHA_LONG64 t = c->h[n]; ++ ++ *(md++) = (unsigned char)(t >> 56); ++ *(md++) = (unsigned char)(t >> 48); ++ *(md++) = (unsigned char)(t >> 40); ++ *(md++) = (unsigned char)(t >> 32); ++ *(md++) = (unsigned char)(t >> 24); ++ *(md++) = (unsigned char)(t >> 16); ++ *(md++) = (unsigned char)(t >> 8); ++ *(md++) = (unsigned char)(t); ++ } ++ break; ++ /* ... as well as make sure md_len is not abused. */ ++ default: ++ return 0; ++ } ++ ++ return 1; ++} ++ ++int SHA384_Final(unsigned char *md, SHA512_CTX *c) ++{ ++ return SHA512_Final(md, c); ++} ++ ++int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) ++{ ++ SHA_LONG64 l; ++ unsigned char *p = c->u.p; ++ const unsigned char *data = (const unsigned char *)_data; ++ ++ if (len == 0) + return 1; +- } + +-#ifndef SHA512_ASM +-static +-#endif +-void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); +- +-int SHA512_Final (unsigned char *md, SHA512_CTX *c) +- { +- unsigned char *p=(unsigned char *)c->u.p; +- size_t n=c->num; +- +- p[n]=0x80; /* There always is a room for one */ +- n++; +- if (n > (sizeof(c->u)-16)) +- memset (p+n,0,sizeof(c->u)-n), n=0, +- sha512_block_data_order (c,p,1); +- +- memset (p+n,0,sizeof(c->u)-16-n); +-#ifdef B_ENDIAN +- c->u.d[SHA_LBLOCK-2] = c->Nh; +- c->u.d[SHA_LBLOCK-1] = c->Nl; +-#else +- p[sizeof(c->u)-1] = (unsigned char)(c->Nl); +- p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); +- p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); +- p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); +- p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); +- p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); +- p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); +- p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); +- p[sizeof(c->u)-9] = (unsigned char)(c->Nh); +- p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); +- p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); +- p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); +- p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); +- p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); +- p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); +- p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); +-#endif ++ l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff); ++ if (l < c->Nl) ++ c->Nh++; ++ if (sizeof(len) >= 8) ++ c->Nh += (((SHA_LONG64) len) >> 61); ++ c->Nl = l; ++ ++ if (c->num != 0) { ++ size_t n = sizeof(c->u) - c->num; ++ ++ if (len < n) { ++ memcpy(p + c->num, data, len), c->num += len; ++ return 1; ++ } else { ++ memcpy(p + c->num, data, n), c->num = 0; ++ len -= n, data += n; ++ sha512_block_data_order(c, p, 1); ++ } ++ } + +- sha512_block_data_order (c,p,1); +- +- if (md==0) return 0; +- +- switch (c->md_len) +- { +- /* Let compiler decide if it's appropriate to unroll... */ +- case SHA384_DIGEST_LENGTH: +- for (n=0;nh[n]; +- +- *(md++) = (unsigned char)(t>>56); +- *(md++) = (unsigned char)(t>>48); +- *(md++) = (unsigned char)(t>>40); +- *(md++) = (unsigned char)(t>>32); +- *(md++) = (unsigned char)(t>>24); +- *(md++) = (unsigned char)(t>>16); +- *(md++) = (unsigned char)(t>>8); +- *(md++) = (unsigned char)(t); +- } +- break; +- case SHA512_DIGEST_LENGTH: +- for (n=0;nh[n]; +- +- *(md++) = (unsigned char)(t>>56); +- *(md++) = (unsigned char)(t>>48); +- *(md++) = (unsigned char)(t>>40); +- *(md++) = (unsigned char)(t>>32); +- *(md++) = (unsigned char)(t>>24); +- *(md++) = (unsigned char)(t>>16); +- *(md++) = (unsigned char)(t>>8); +- *(md++) = (unsigned char)(t); +- } +- break; +- /* ... as well as make sure md_len is not abused. */ +- default: return 0; +- } +- +- return 1; +- } +- +-int SHA384_Final (unsigned char *md,SHA512_CTX *c) +-{ return SHA512_Final (md,c); } +- +-int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) +- { +- SHA_LONG64 l; +- unsigned char *p=c->u.p; +- const unsigned char *data=(const unsigned char *)_data; +- +- if (len==0) return 1; +- +- l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); +- if (l < c->Nl) c->Nh++; +- if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); +- c->Nl=l; +- +- if (c->num != 0) +- { +- size_t n = sizeof(c->u) - c->num; +- +- if (len < n) +- { +- memcpy (p+c->num,data,len), c->num += len; +- return 1; +- } +- else { +- memcpy (p+c->num,data,n), c->num = 0; +- len-=n, data+=n; +- sha512_block_data_order (c,p,1); +- } +- } +- +- if (len >= sizeof(c->u)) +- { +-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +- if ((size_t)data%sizeof(c->u.d[0]) != 0) +- while (len >= sizeof(c->u)) +- memcpy (p,data,sizeof(c->u)), +- sha512_block_data_order (c,p,1), +- len -= sizeof(c->u), +- data += sizeof(c->u); +- else +-#endif +- sha512_block_data_order (c,data,len/sizeof(c->u)), +- data += len, +- len %= sizeof(c->u), +- data -= len; +- } ++ if (len >= sizeof(c->u)) { ++# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA ++ if ((size_t)data % sizeof(c->u.d[0]) != 0) ++ while (len >= sizeof(c->u)) ++ memcpy(p, data, sizeof(c->u)), ++ sha512_block_data_order(c, p, 1), ++ len -= sizeof(c->u), data += sizeof(c->u); ++ else ++# endif ++ sha512_block_data_order(c, data, len / sizeof(c->u)), ++ data += len, len %= sizeof(c->u), data -= len; ++ } + +- if (len != 0) memcpy (p,data,len), c->num = (int)len; ++ if (len != 0) ++ memcpy(p, data, len), c->num = (int)len; + +- return 1; +- } ++ return 1; ++} + +-int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) +-{ return SHA512_Update (c,data,len); } ++int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) ++{ ++ return SHA512_Update(c, data, len); ++} + +-void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) +-{ sha512_block_data_order (c,data,1); } ++void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) ++{ ++ sha512_block_data_order(c, data, 1); ++} + + unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) +- { +- SHA512_CTX c; +- static unsigned char m[SHA384_DIGEST_LENGTH]; +- +- if (md == NULL) md=m; +- SHA384_Init(&c); +- SHA512_Update(&c,d,n); +- SHA512_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); +- return(md); +- } ++{ ++ SHA512_CTX c; ++ static unsigned char m[SHA384_DIGEST_LENGTH]; ++ ++ if (md == NULL) ++ md = m; ++ SHA384_Init(&c); ++ SHA512_Update(&c, d, n); ++ SHA512_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} + + unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) +- { +- SHA512_CTX c; +- static unsigned char m[SHA512_DIGEST_LENGTH]; +- +- if (md == NULL) md=m; +- SHA512_Init(&c); +- SHA512_Update(&c,d,n); +- SHA512_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); +- return(md); +- } +- +-#ifndef SHA512_ASM ++{ ++ SHA512_CTX c; ++ static unsigned char m[SHA512_DIGEST_LENGTH]; ++ ++ if (md == NULL) ++ md = m; ++ SHA512_Init(&c); ++ SHA512_Update(&c, d, n); ++ SHA512_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} ++ ++# ifndef SHA512_ASM + static const SHA_LONG64 K512[80] = { +- U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), +- U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), +- U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), +- U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), +- U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), +- U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), +- U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), +- U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), +- U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), +- U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), +- U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), +- U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), +- U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), +- U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), +- U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), +- U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), +- U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), +- U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), +- U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), +- U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), +- U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), +- U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), +- U64(0xd192e819d6ef5218),U64(0xd69906245565a910), +- U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), +- U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), +- U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), +- U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), +- U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), +- U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), +- U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), +- U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), +- U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), +- U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), +- U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), +- U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), +- U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), +- U64(0x28db77f523047d84),U64(0x32caab7b40c72493), +- U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), +- U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), +- U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; +- +-#ifndef PEDANTIC +-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if defined(__x86_64) || defined(__x86_64__) +-# define ROTR(a,n) ({ unsigned long ret; \ +- asm ("rorq %1,%0" \ +- : "=r"(ret) \ +- : "J"(n),"0"(a) \ +- : "cc"); ret; }) +-# if !defined(B_ENDIAN) +-# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ +- asm ("bswapq %0" \ +- : "=r"(ret) \ +- : "0"(ret)); ret; }) +-# endif +-# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +-# if defined(I386_ONLY) +-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +- unsigned int hi=p[0],lo=p[1]; \ +- asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ +- "roll $16,%%eax; roll $16,%%edx; "\ +- "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ +- : "=a"(lo),"=d"(hi) \ +- : "0"(lo),"1"(hi) : "cc"); \ +- ((SHA_LONG64)hi)<<32|lo; }) +-# else +-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +- unsigned int hi=p[0],lo=p[1]; \ +- asm ("bswapl %0; bswapl %1;" \ +- : "=r"(lo),"=r"(hi) \ +- : "0"(lo),"1"(hi)); \ +- ((SHA_LONG64)hi)<<32|lo; }) ++ U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), ++ U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), ++ U64(0x3956c25bf348b538), U64(0x59f111f1b605d019), ++ U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118), ++ U64(0xd807aa98a3030242), U64(0x12835b0145706fbe), ++ U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2), ++ U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1), ++ U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694), ++ U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3), ++ U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65), ++ U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483), ++ U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5), ++ U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210), ++ U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4), ++ U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725), ++ U64(0x06ca6351e003826f), U64(0x142929670a0e6e70), ++ U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926), ++ U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df), ++ U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8), ++ U64(0x81c2c92e47edaee6), U64(0x92722c851482353b), ++ U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001), ++ U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30), ++ U64(0xd192e819d6ef5218), U64(0xd69906245565a910), ++ U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8), ++ U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53), ++ U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8), ++ U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb), ++ U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3), ++ U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60), ++ U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec), ++ U64(0x90befffa23631e28), U64(0xa4506cebde82bde9), ++ U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b), ++ U64(0xca273eceea26619c), U64(0xd186b8c721c0c207), ++ U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178), ++ U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6), ++ U64(0x113f9804bef90dae), U64(0x1b710b35131c471b), ++ U64(0x28db77f523047d84), U64(0x32caab7b40c72493), ++ U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c), ++ U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a), ++ U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) ++}; ++ ++# ifndef PEDANTIC ++# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(__x86_64) || defined(__x86_64__) ++# define ROTR(a,n) ({ unsigned long ret; \ ++ asm ("rorq %1,%0" \ ++ : "=r"(ret) \ ++ : "J"(n),"0"(a) \ ++ : "cc"); ret; }) ++# if !defined(B_ENDIAN) ++# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ ++ asm ("bswapq %0" \ ++ : "=r"(ret) \ ++ : "0"(ret)); ret; }) ++# endif ++# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) ++# if defined(I386_ONLY) ++# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ ++ unsigned int hi=p[0],lo=p[1]; \ ++ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ ++ "roll $16,%%eax; roll $16,%%edx; "\ ++ "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \ ++ : "=a"(lo),"=d"(hi) \ ++ : "0"(lo),"1"(hi) : "cc"); \ ++ ((SHA_LONG64)hi)<<32|lo; }) ++# else ++# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ ++ unsigned int hi=p[0],lo=p[1]; \ ++ asm ("bswapl %0; bswapl %1;" \ ++ : "=r"(lo),"=r"(hi) \ ++ : "0"(lo),"1"(hi)); \ ++ ((SHA_LONG64)hi)<<32|lo; }) ++# endif ++# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) ++# define ROTR(a,n) ({ unsigned long ret; \ ++ asm ("rotrdi %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a),"K"(n)); ret; }) ++# endif ++# elif defined(_MSC_VER) ++# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ ++# define ROTR(a,n) _rotr64((a),n) ++# endif ++# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(I386_ONLY) ++static SHA_LONG64 __fastcall __pull64be(const void *x) ++{ ++ _asm mov edx,[ecx + 0] ++ _asm mov eax,[ecx + 4] ++_asm xchg dh, dl ++ _asm xchg ah, al ++ _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} ++# else ++static SHA_LONG64 __fastcall __pull64be(const void *x) ++{ ++ _asm mov edx,[ecx + 0] ++ _asm mov eax,[ecx + 4] ++_asm bswap edx _asm bswap eax} ++# endif ++# define PULL64(x) __pull64be(&(x)) ++# if _MSC_VER<=1200 ++# pragma inline_depth(0) ++# endif ++# endif + # endif +-# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +-# define ROTR(a,n) ({ unsigned long ret; \ +- asm ("rotrdi %0,%1,%2" \ +- : "=r"(ret) \ +- : "r"(a),"K"(n)); ret; }) + # endif +-# elif defined(_MSC_VER) +-# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +-# define ROTR(a,n) _rotr64((a),n) ++# ifndef PULL64 ++# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) ++# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) + # endif +-# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if defined(I386_ONLY) +- static SHA_LONG64 __fastcall __pull64be(const void *x) +- { _asm mov edx, [ecx + 0] +- _asm mov eax, [ecx + 4] +- _asm xchg dh,dl +- _asm xchg ah,al +- _asm rol edx,16 +- _asm rol eax,16 +- _asm xchg dh,dl +- _asm xchg ah,al +- } +-# else +- static SHA_LONG64 __fastcall __pull64be(const void *x) +- { _asm mov edx, [ecx + 0] +- _asm mov eax, [ecx + 4] +- _asm bswap edx +- _asm bswap eax +- } +-# endif +-# define PULL64(x) __pull64be(&(x)) +-# if _MSC_VER<=1200 +-# pragma inline_depth(0) +-# endif ++# ifndef ROTR ++# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) + # endif +-# endif +-#endif +- +-#ifndef PULL64 +-#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +-#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +-#endif +- +-#ifndef ROTR +-#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +-#endif +- +-#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +-#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +-#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +-#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) +- +-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +- +-#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) +-#define GO_FOR_SSE2(ctx,in,num) do { \ +- void sha512_block_sse2(void *,const void *,size_t); \ +- if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ +- sha512_block_sse2(ctx->h,in,num); return; \ +- } while (0) +-#endif +- +-#ifdef OPENSSL_SMALL_FOOTPRINT +- +-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) +- { +- const SHA_LONG64 *W=in; +- SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; +- SHA_LONG64 X[16]; +- int i; +- +-#ifdef GO_FOR_SSE2 +- GO_FOR_SSE2(ctx,in,num); +-#endif ++# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) ++# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) ++# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) ++# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) ++# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) ++# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) ++# if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) ++# define GO_FOR_SSE2(ctx,in,num) do { \ ++ void sha512_block_sse2(void *,const void *,size_t); \ ++ if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ ++ sha512_block_sse2(ctx->h,in,num); return; \ ++ } while (0) ++# endif ++# ifdef OPENSSL_SMALL_FOOTPRINT ++static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ++ size_t num) ++{ ++ const SHA_LONG64 *W = in; ++ SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2; ++ SHA_LONG64 X[16]; ++ int i; ++ ++# ifdef GO_FOR_SSE2 ++ GO_FOR_SSE2(ctx, in, num); ++# endif + +- while (num--) { ++ while (num--) { + +- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; +- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; ++ a = ctx->h[0]; ++ b = ctx->h[1]; ++ c = ctx->h[2]; ++ d = ctx->h[3]; ++ e = ctx->h[4]; ++ f = ctx->h[5]; ++ g = ctx->h[6]; ++ h = ctx->h[7]; + +- for (i=0;i<16;i++) +- { +-#ifdef B_ENDIAN +- T1 = X[i] = W[i]; +-#else +- T1 = X[i] = PULL64(W[i]); +-#endif +- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; +- T2 = Sigma0(a) + Maj(a,b,c); +- h = g; g = f; f = e; e = d + T1; +- d = c; c = b; b = a; a = T1 + T2; +- } +- +- for (;i<80;i++) +- { +- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); +- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); +- +- T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; +- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; +- T2 = Sigma0(a) + Maj(a,b,c); +- h = g; g = f; f = e; e = d + T1; +- d = c; c = b; b = a; a = T1 + T2; +- } +- +- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; +- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; +- +- W+=SHA_LBLOCK; +- } +- } +- +-#else +- +-#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ +- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ +- h = Sigma0(a) + Maj(a,b,c); \ +- d += T1; h += T1; } while (0) +- +-#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ +- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ +- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ +- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ +- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) +- +-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) +- { +- const SHA_LONG64 *W=in; +- SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; +- SHA_LONG64 X[16]; +- int i; +- +-#ifdef GO_FOR_SSE2 +- GO_FOR_SSE2(ctx,in,num); +-#endif ++ for (i = 0; i < 16; i++) { ++# ifdef B_ENDIAN ++ T1 = X[i] = W[i]; ++# else ++ T1 = X[i] = PULL64(W[i]); ++# endif ++ T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; ++ T2 = Sigma0(a) + Maj(a, b, c); ++ h = g; ++ g = f; ++ f = e; ++ e = d + T1; ++ d = c; ++ c = b; ++ b = a; ++ a = T1 + T2; ++ } ++ ++ for (; i < 80; i++) { ++ s0 = X[(i + 1) & 0x0f]; ++ s0 = sigma0(s0); ++ s1 = X[(i + 14) & 0x0f]; ++ s1 = sigma1(s1); ++ ++ T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; ++ T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; ++ T2 = Sigma0(a) + Maj(a, b, c); ++ h = g; ++ g = f; ++ f = e; ++ e = d + T1; ++ d = c; ++ c = b; ++ b = a; ++ a = T1 + T2; ++ } ++ ++ ctx->h[0] += a; ++ ctx->h[1] += b; ++ ctx->h[2] += c; ++ ctx->h[3] += d; ++ ctx->h[4] += e; ++ ctx->h[5] += f; ++ ctx->h[6] += g; ++ ctx->h[7] += h; ++ ++ W += SHA_LBLOCK; ++ } ++} ++ ++# else ++# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ ++ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ ++ h = Sigma0(a) + Maj(a,b,c); \ ++ d += T1; h += T1; } while (0) ++# define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ ++ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ ++ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ ++ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ ++ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) ++static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ++ size_t num) ++{ ++ const SHA_LONG64 *W = in; ++ SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1; ++ SHA_LONG64 X[16]; ++ int i; ++ ++# ifdef GO_FOR_SSE2 ++ GO_FOR_SSE2(ctx, in, num); ++# endif + +- while (num--) { +- +- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; +- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; +- +-#ifdef B_ENDIAN +- T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); +- T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); +- T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); +- T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); +- T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); +- T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); +- T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); +- T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); +- T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); +- T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); +- T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); +- T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); +- T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); +- T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); +- T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); +- T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); +-#else +- T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); +- T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); +- T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); +- T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); +- T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); +- T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); +- T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); +- T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); +- T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); +- T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); +- T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); +- T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); +- T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); +- T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); +- T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); +- T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); +-#endif ++ while (num--) { ++ ++ a = ctx->h[0]; ++ b = ctx->h[1]; ++ c = ctx->h[2]; ++ d = ctx->h[3]; ++ e = ctx->h[4]; ++ f = ctx->h[5]; ++ g = ctx->h[6]; ++ h = ctx->h[7]; ++ ++# ifdef B_ENDIAN ++ T1 = X[0] = W[0]; ++ ROUND_00_15(0, a, b, c, d, e, f, g, h); ++ T1 = X[1] = W[1]; ++ ROUND_00_15(1, h, a, b, c, d, e, f, g); ++ T1 = X[2] = W[2]; ++ ROUND_00_15(2, g, h, a, b, c, d, e, f); ++ T1 = X[3] = W[3]; ++ ROUND_00_15(3, f, g, h, a, b, c, d, e); ++ T1 = X[4] = W[4]; ++ ROUND_00_15(4, e, f, g, h, a, b, c, d); ++ T1 = X[5] = W[5]; ++ ROUND_00_15(5, d, e, f, g, h, a, b, c); ++ T1 = X[6] = W[6]; ++ ROUND_00_15(6, c, d, e, f, g, h, a, b); ++ T1 = X[7] = W[7]; ++ ROUND_00_15(7, b, c, d, e, f, g, h, a); ++ T1 = X[8] = W[8]; ++ ROUND_00_15(8, a, b, c, d, e, f, g, h); ++ T1 = X[9] = W[9]; ++ ROUND_00_15(9, h, a, b, c, d, e, f, g); ++ T1 = X[10] = W[10]; ++ ROUND_00_15(10, g, h, a, b, c, d, e, f); ++ T1 = X[11] = W[11]; ++ ROUND_00_15(11, f, g, h, a, b, c, d, e); ++ T1 = X[12] = W[12]; ++ ROUND_00_15(12, e, f, g, h, a, b, c, d); ++ T1 = X[13] = W[13]; ++ ROUND_00_15(13, d, e, f, g, h, a, b, c); ++ T1 = X[14] = W[14]; ++ ROUND_00_15(14, c, d, e, f, g, h, a, b); ++ T1 = X[15] = W[15]; ++ ROUND_00_15(15, b, c, d, e, f, g, h, a); ++# else ++ T1 = X[0] = PULL64(W[0]); ++ ROUND_00_15(0, a, b, c, d, e, f, g, h); ++ T1 = X[1] = PULL64(W[1]); ++ ROUND_00_15(1, h, a, b, c, d, e, f, g); ++ T1 = X[2] = PULL64(W[2]); ++ ROUND_00_15(2, g, h, a, b, c, d, e, f); ++ T1 = X[3] = PULL64(W[3]); ++ ROUND_00_15(3, f, g, h, a, b, c, d, e); ++ T1 = X[4] = PULL64(W[4]); ++ ROUND_00_15(4, e, f, g, h, a, b, c, d); ++ T1 = X[5] = PULL64(W[5]); ++ ROUND_00_15(5, d, e, f, g, h, a, b, c); ++ T1 = X[6] = PULL64(W[6]); ++ ROUND_00_15(6, c, d, e, f, g, h, a, b); ++ T1 = X[7] = PULL64(W[7]); ++ ROUND_00_15(7, b, c, d, e, f, g, h, a); ++ T1 = X[8] = PULL64(W[8]); ++ ROUND_00_15(8, a, b, c, d, e, f, g, h); ++ T1 = X[9] = PULL64(W[9]); ++ ROUND_00_15(9, h, a, b, c, d, e, f, g); ++ T1 = X[10] = PULL64(W[10]); ++ ROUND_00_15(10, g, h, a, b, c, d, e, f); ++ T1 = X[11] = PULL64(W[11]); ++ ROUND_00_15(11, f, g, h, a, b, c, d, e); ++ T1 = X[12] = PULL64(W[12]); ++ ROUND_00_15(12, e, f, g, h, a, b, c, d); ++ T1 = X[13] = PULL64(W[13]); ++ ROUND_00_15(13, d, e, f, g, h, a, b, c); ++ T1 = X[14] = PULL64(W[14]); ++ ROUND_00_15(14, c, d, e, f, g, h, a, b); ++ T1 = X[15] = PULL64(W[15]); ++ ROUND_00_15(15, b, c, d, e, f, g, h, a); ++# endif + +- for (i=16;i<80;i+=8) +- { +- ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); +- ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); +- ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); +- ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); +- ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); +- ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); +- ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); +- ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); +- } +- +- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; +- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; +- +- W+=SHA_LBLOCK; +- } +- } ++ for (i = 16; i < 80; i += 8) { ++ ROUND_16_80(i + 0, a, b, c, d, e, f, g, h, X); ++ ROUND_16_80(i + 1, h, a, b, c, d, e, f, g, X); ++ ROUND_16_80(i + 2, g, h, a, b, c, d, e, f, X); ++ ROUND_16_80(i + 3, f, g, h, a, b, c, d, e, X); ++ ROUND_16_80(i + 4, e, f, g, h, a, b, c, d, X); ++ ROUND_16_80(i + 5, d, e, f, g, h, a, b, c, X); ++ ROUND_16_80(i + 6, c, d, e, f, g, h, a, b, X); ++ ROUND_16_80(i + 7, b, c, d, e, f, g, h, a, X); ++ } ++ ++ ctx->h[0] += a; ++ ctx->h[1] += b; ++ ctx->h[2] += c; ++ ctx->h[3] += d; ++ ctx->h[4] += e; ++ ctx->h[5] += f; ++ ctx->h[6] += g; ++ ctx->h[7] += h; ++ ++ W += SHA_LBLOCK; ++ } ++} + +-#endif ++# endif + +-#endif /* SHA512_ASM */ ++# endif /* SHA512_ASM */ + +-#else /* OPENSSL_NO_SHA512 */ ++#else /* OPENSSL_NO_SHA512 */ + +-/* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for +- * example) dislike a statement-free file, complaining: +- * "%CC-W-EMPTYFILE, Source file does not contain any declarations." ++/* ++ * Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for example) ++ * dislike a statement-free file, complaining: "%CC-W-EMPTYFILE, Source file ++ * does not contain any declarations." + */ + + int sha512_dummy(); + +-#endif /* OPENSSL_NO_SHA512 */ ++#endif /* OPENSSL_NO_SHA512 */ +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +index 598f4d7..41ed7e9 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -59,22 +59,21 @@ + #include + #include + #ifdef OPENSSL_FIPS +-#include ++# include + #endif + + #include + #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) + +-#undef SHA_1 +-#define SHA_0 ++# undef SHA_1 ++# define SHA_0 + +-#include ++# include + +-const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT; ++const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; + + /* The implementation is in ../md32_common.h */ + +-#include "sha_locl.h" ++# include "sha_locl.h" + + #endif +- +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c +index 3bae623..0930b98 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha_one.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_one.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,16 +63,17 @@ + + #ifndef OPENSSL_NO_SHA0 + unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) +- { +- SHA_CTX c; +- static unsigned char m[SHA_DIGEST_LENGTH]; ++{ ++ SHA_CTX c; ++ static unsigned char m[SHA_DIGEST_LENGTH]; + +- if (md == NULL) md=m; +- if (!SHA_Init(&c)) +- return NULL; +- SHA_Update(&c,d,n); +- SHA_Final(md,&c); +- OPENSSL_cleanse(&c,sizeof(c)); +- return(md); +- } ++ if (md == NULL) ++ md = m; ++ if (!SHA_Init(&c)) ++ return NULL; ++ SHA_Update(&c, d, n); ++ SHA_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c +index 378bd7c..c59f0bb 100644 +--- a/Cryptlib/OpenSSL/crypto/stack/stack.c ++++ b/Cryptlib/OpenSSL/crypto/stack/stack.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,17 +49,18 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +-/* Code for stacks ++/*- ++ * Code for stacks + * Author - Eric Young v 1.0 +- * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the +- * lowest index for the searched item. ++ * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the ++ * lowest index for the searched item. + * + * 1.1 eay - Take from netdb and added to SSLeay + * +@@ -71,271 +72,292 @@ + #include + + #undef MIN_NODES +-#define MIN_NODES 4 ++#define MIN_NODES 4 + +-const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT; ++const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT; + + #include + +-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *))) +- (const char * const *, const char * const *) +- { +- int (*old)(const char * const *,const char * const *)=sk->comp; +- +- if (sk->comp != c) +- sk->sorted=0; +- sk->comp=c; +- +- return old; +- } +- +-STACK *sk_dup(STACK *sk) +- { +- STACK *ret; +- char **s; +- +- if ((ret=sk_new(sk->comp)) == NULL) goto err; +- s=(char **)OPENSSL_realloc((char *)ret->data, +- (unsigned int)sizeof(char *)*sk->num_alloc); +- if (s == NULL) goto err; +- ret->data=s; +- +- ret->num=sk->num; +- memcpy(ret->data,sk->data,sizeof(char *)*sk->num); +- ret->sorted=sk->sorted; +- ret->num_alloc=sk->num_alloc; +- ret->comp=sk->comp; +- return(ret); +-err: +- if(ret) +- sk_free(ret); +- return(NULL); +- } ++int (*sk_set_cmp_func ++ (STACK * sk, int (*c) (const char *const *, const char *const *))) ++ (const char *const *, const char *const *) { ++ int (*old) (const char *const *, const char *const *) = sk->comp; ++ ++ if (sk->comp != c) ++ sk->sorted = 0; ++ sk->comp = c; ++ ++ return old; ++} ++ ++STACK *sk_dup(STACK * sk) ++{ ++ STACK *ret; ++ char **s; ++ ++ if ((ret = sk_new(sk->comp)) == NULL) ++ goto err; ++ s = (char **)OPENSSL_realloc((char *)ret->data, ++ (unsigned int)sizeof(char *) * ++ sk->num_alloc); ++ if (s == NULL) ++ goto err; ++ ret->data = s; ++ ++ ret->num = sk->num; ++ memcpy(ret->data, sk->data, sizeof(char *) * sk->num); ++ ret->sorted = sk->sorted; ++ ret->num_alloc = sk->num_alloc; ++ ret->comp = sk->comp; ++ return (ret); ++ err: ++ if (ret) ++ sk_free(ret); ++ return (NULL); ++} + + STACK *sk_new_null(void) +- { +- return sk_new((int (*)(const char * const *, const char * const *))0); +- } +- +-STACK *sk_new(int (*c)(const char * const *, const char * const *)) +- { +- STACK *ret; +- int i; +- +- if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL) +- goto err; +- if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL) +- goto err; +- for (i=0; idata[i]=NULL; +- ret->comp=c; +- ret->num_alloc=MIN_NODES; +- ret->num=0; +- ret->sorted=0; +- return(ret); +-err: +- if(ret) +- OPENSSL_free(ret); +- return(NULL); +- } +- +-int sk_insert(STACK *st, char *data, int loc) +- { +- char **s; +- +- if(st == NULL) return 0; +- if (st->num_alloc <= st->num+1) +- { +- s=(char **)OPENSSL_realloc((char *)st->data, +- (unsigned int)sizeof(char *)*st->num_alloc*2); +- if (s == NULL) +- return(0); +- st->data=s; +- st->num_alloc*=2; +- } +- if ((loc >= (int)st->num) || (loc < 0)) +- st->data[st->num]=data; +- else +- { +- int i; +- char **f,**t; +- +- f=(char **)st->data; +- t=(char **)&(st->data[1]); +- for (i=st->num; i>=loc; i--) +- t[i]=f[i]; +- +-#ifdef undef /* no memmove on sunos :-( */ +- memmove( (char *)&(st->data[loc+1]), +- (char *)&(st->data[loc]), +- sizeof(char *)*(st->num-loc)); ++{ ++ return sk_new((int (*)(const char *const *, const char *const *))0); ++} ++ ++STACK *sk_new(int (*c) (const char *const *, const char *const *)) ++{ ++ STACK *ret; ++ int i; ++ ++ if ((ret = (STACK *) OPENSSL_malloc(sizeof(STACK))) == NULL) ++ goto err; ++ if ((ret->data = ++ (char **)OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) ++ goto err; ++ for (i = 0; i < MIN_NODES; i++) ++ ret->data[i] = NULL; ++ ret->comp = c; ++ ret->num_alloc = MIN_NODES; ++ ret->num = 0; ++ ret->sorted = 0; ++ return (ret); ++ err: ++ if (ret) ++ OPENSSL_free(ret); ++ return (NULL); ++} ++ ++int sk_insert(STACK * st, char *data, int loc) ++{ ++ char **s; ++ ++ if (st == NULL) ++ return 0; ++ if (st->num_alloc <= st->num + 1) { ++ s = (char **)OPENSSL_realloc((char *)st->data, ++ (unsigned int)sizeof(char *) * ++ st->num_alloc * 2); ++ if (s == NULL) ++ return (0); ++ st->data = s; ++ st->num_alloc *= 2; ++ } ++ if ((loc >= (int)st->num) || (loc < 0)) ++ st->data[st->num] = data; ++ else { ++ int i; ++ char **f, **t; ++ ++ f = (char **)st->data; ++ t = (char **)&(st->data[1]); ++ for (i = st->num; i >= loc; i--) ++ t[i] = f[i]; ++ ++#ifdef undef /* no memmove on sunos :-( */ ++ memmove((char *)&(st->data[loc + 1]), ++ (char *)&(st->data[loc]), sizeof(char *) * (st->num - loc)); + #endif +- st->data[loc]=data; +- } +- st->num++; +- st->sorted=0; +- return(st->num); +- } +- +-char *sk_delete_ptr(STACK *st, char *p) +- { +- int i; +- +- for (i=0; inum; i++) +- if (st->data[i] == p) +- return(sk_delete(st,i)); +- return(NULL); +- } +- +-char *sk_delete(STACK *st, int loc) +- { +- char *ret; +- int i,j; +- +- if(!st || (loc < 0) || (loc >= st->num)) return NULL; +- +- ret=st->data[loc]; +- if (loc != st->num-1) +- { +- j=st->num-1; +- for (i=loc; idata[i]=st->data[i+1]; +- /* In theory memcpy is not safe for this +- * memcpy( &(st->data[loc]), +- * &(st->data[loc+1]), +- * sizeof(char *)*(st->num-loc-1)); +- */ +- } +- st->num--; +- return(ret); +- } +- +-static int internal_find(STACK *st, char *data, int ret_val_options) +- { +- char **r; +- int i; +- int (*comp_func)(const void *,const void *); +- if(st == NULL) return -1; +- +- if (st->comp == NULL) +- { +- for (i=0; inum; i++) +- if (st->data[i] == data) +- return(i); +- return(-1); +- } +- sk_sort(st); +- if (data == NULL) return(-1); +- /* This (and the "qsort" below) are the two places in OpenSSL +- * where we need to convert from our standard (type **,type **) +- * compare callback type to the (void *,void *) type required by +- * bsearch. However, the "data" it is being called(back) with are +- * not (type *) pointers, but the *pointers* to (type *) pointers, +- * so we get our extra level of pointer dereferencing that way. */ +- comp_func=(int (*)(const void *,const void *))(st->comp); +- r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data, +- st->num,sizeof(char *),comp_func,ret_val_options); +- if (r == NULL) return(-1); +- return((int)(r-st->data)); +- } +- +-int sk_find(STACK *st, char *data) +- { +- return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); +- } +-int sk_find_ex(STACK *st, char *data) +- { +- return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); +- } +- +-int sk_push(STACK *st, char *data) +- { +- return(sk_insert(st,data,st->num)); +- } +- +-int sk_unshift(STACK *st, char *data) +- { +- return(sk_insert(st,data,0)); +- } +- +-char *sk_shift(STACK *st) +- { +- if (st == NULL) return(NULL); +- if (st->num <= 0) return(NULL); +- return(sk_delete(st,0)); +- } +- +-char *sk_pop(STACK *st) +- { +- if (st == NULL) return(NULL); +- if (st->num <= 0) return(NULL); +- return(sk_delete(st,st->num-1)); +- } +- +-void sk_zero(STACK *st) +- { +- if (st == NULL) return; +- if (st->num <= 0) return; +- memset((char *)st->data,0,sizeof(st->data)*st->num); +- st->num=0; +- } +- +-void sk_pop_free(STACK *st, void (*func)(void *)) +- { +- int i; +- +- if (st == NULL) return; +- for (i=0; inum; i++) +- if (st->data[i] != NULL) +- func(st->data[i]); +- sk_free(st); +- } +- +-void sk_free(STACK *st) +- { +- if (st == NULL) return; +- if (st->data != NULL) OPENSSL_free(st->data); +- OPENSSL_free(st); +- } +- +-int sk_num(const STACK *st) ++ st->data[loc] = data; ++ } ++ st->num++; ++ st->sorted = 0; ++ return (st->num); ++} ++ ++char *sk_delete_ptr(STACK * st, char *p) ++{ ++ int i; ++ ++ for (i = 0; i < st->num; i++) ++ if (st->data[i] == p) ++ return (sk_delete(st, i)); ++ return (NULL); ++} ++ ++char *sk_delete(STACK * st, int loc) ++{ ++ char *ret; ++ int i, j; ++ ++ if (!st || (loc < 0) || (loc >= st->num)) ++ return NULL; ++ ++ ret = st->data[loc]; ++ if (loc != st->num - 1) { ++ j = st->num - 1; ++ for (i = loc; i < j; i++) ++ st->data[i] = st->data[i + 1]; ++ /* ++ * In theory memcpy is not safe for this memcpy( &(st->data[loc]), ++ * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1)); ++ */ ++ } ++ st->num--; ++ return (ret); ++} ++ ++static int internal_find(STACK * st, char *data, int ret_val_options) ++{ ++ char **r; ++ int i; ++ int (*comp_func) (const void *, const void *); ++ if (st == NULL) ++ return -1; ++ ++ if (st->comp == NULL) { ++ for (i = 0; i < st->num; i++) ++ if (st->data[i] == data) ++ return (i); ++ return (-1); ++ } ++ sk_sort(st); ++ if (data == NULL) ++ return (-1); ++ /* ++ * This (and the "qsort" below) are the two places in OpenSSL where we ++ * need to convert from our standard (type **,type **) compare callback ++ * type to the (void *,void *) type required by bsearch. However, the ++ * "data" it is being called(back) with are not (type *) pointers, but ++ * the *pointers* to (type *) pointers, so we get our extra level of ++ * pointer dereferencing that way. ++ */ ++ comp_func = (int (*)(const void *, const void *))(st->comp); ++ r = (char **)OBJ_bsearch_ex((char *)&data, (char *)st->data, ++ st->num, sizeof(char *), comp_func, ++ ret_val_options); ++ if (r == NULL) ++ return (-1); ++ return ((int)(r - st->data)); ++} ++ ++int sk_find(STACK * st, char *data) ++{ ++ return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); ++} ++ ++int sk_find_ex(STACK * st, char *data) ++{ ++ return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); ++} ++ ++int sk_push(STACK * st, char *data) ++{ ++ return (sk_insert(st, data, st->num)); ++} ++ ++int sk_unshift(STACK * st, char *data) + { +- if(st == NULL) return -1; +- return st->num; ++ return (sk_insert(st, data, 0)); + } + +-char *sk_value(const STACK *st, int i) ++char *sk_shift(STACK * st) + { +- if(!st || (i < 0) || (i >= st->num)) return NULL; +- return st->data[i]; ++ if (st == NULL) ++ return (NULL); ++ if (st->num <= 0) ++ return (NULL); ++ return (sk_delete(st, 0)); + } + +-char *sk_set(STACK *st, int i, char *value) ++char *sk_pop(STACK * st) + { +- if(!st || (i < 0) || (i >= st->num)) return NULL; +- return (st->data[i] = value); ++ if (st == NULL) ++ return (NULL); ++ if (st->num <= 0) ++ return (NULL); ++ return (sk_delete(st, st->num - 1)); + } + +-void sk_sort(STACK *st) +- { +- if (st && !st->sorted) +- { +- int (*comp_func)(const void *,const void *); +- +- /* same comment as in sk_find ... previously st->comp was declared +- * as a (void*,void*) callback type, but this made the population +- * of the callback pointer illogical - our callbacks compare +- * type** with type**, so we leave the casting until absolutely +- * necessary (ie. "now"). */ +- comp_func=(int (*)(const void *,const void *))(st->comp); +- qsort(st->data,st->num,sizeof(char *), comp_func); +- st->sorted=1; +- } +- } +- +-int sk_is_sorted(const STACK *st) +- { +- if (!st) +- return 1; +- return st->sorted; +- } ++void sk_zero(STACK * st) ++{ ++ if (st == NULL) ++ return; ++ if (st->num <= 0) ++ return; ++ memset((char *)st->data, 0, sizeof(st->data) * st->num); ++ st->num = 0; ++} ++ ++void sk_pop_free(STACK * st, void (*func) (void *)) ++{ ++ int i; ++ ++ if (st == NULL) ++ return; ++ for (i = 0; i < st->num; i++) ++ if (st->data[i] != NULL) ++ func(st->data[i]); ++ sk_free(st); ++} ++ ++void sk_free(STACK * st) ++{ ++ if (st == NULL) ++ return; ++ if (st->data != NULL) ++ OPENSSL_free(st->data); ++ OPENSSL_free(st); ++} ++ ++int sk_num(const STACK * st) ++{ ++ if (st == NULL) ++ return -1; ++ return st->num; ++} ++ ++char *sk_value(const STACK * st, int i) ++{ ++ if (!st || (i < 0) || (i >= st->num)) ++ return NULL; ++ return st->data[i]; ++} ++ ++char *sk_set(STACK * st, int i, char *value) ++{ ++ if (!st || (i < 0) || (i >= st->num)) ++ return NULL; ++ return (st->data[i] = value); ++} ++ ++void sk_sort(STACK * st) ++{ ++ if (st && !st->sorted) { ++ int (*comp_func) (const void *, const void *); ++ ++ /* ++ * same comment as in sk_find ... previously st->comp was declared as ++ * a (void*,void*) callback type, but this made the population of the ++ * callback pointer illogical - our callbacks compare type** with ++ * type**, so we leave the casting until absolutely necessary (ie. ++ * "now"). ++ */ ++ comp_func = (int (*)(const void *, const void *))(st->comp); ++ qsort(st->data, st->num, sizeof(char *), comp_func); ++ st->sorted = 1; ++ } ++} ++ ++int sk_is_sorted(const STACK * st) ++{ ++ if (!st) ++ return 1; ++ return st->sorted; ++} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c +index 6fee649..fb03c53 100644 +--- a/Cryptlib/OpenSSL/crypto/store/str_err.c ++++ b/Cryptlib/OpenSSL/crypto/store/str_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,147 +66,193 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason) + +-static ERR_STRING_DATA STORE_str_functs[]= +- { +-{ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, +-{ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, +-{ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, +-{ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, +-{ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, +-{ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, +-{ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), "STORE_ATTR_INFO_get0_cstr"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), "STORE_ATTR_INFO_get0_sha1str"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), "STORE_ATTR_INFO_modify_dn"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), "STORE_ATTR_INFO_modify_number"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), "STORE_ATTR_INFO_modify_sha1str"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), "STORE_ATTR_INFO_set_number"}, +-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"}, +-{ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, +-{ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, +-{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, +-{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, +-{ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"}, +-{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"}, +-{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"}, +-{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"}, +-{ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"}, +-{ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"}, +-{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"}, +-{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"}, +-{ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"}, +-{ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"}, +-{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"}, +-{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), "STORE_list_certificate_end"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), "STORE_list_certificate_start"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"}, +-{ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), "STORE_list_private_key_end"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), "STORE_list_private_key_start"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), "STORE_list_public_key_end"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), "STORE_list_public_key_endp"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), "STORE_list_public_key_next"}, +-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"}, +-{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"}, +-{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"}, +-{ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"}, +-{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"}, +-{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"}, +-{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"}, +-{ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"}, +-{ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"}, +-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"}, +-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"}, +-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"}, +-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"}, +-{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"}, +-{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"}, +-{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"}, +-{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"}, +-{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"}, +-{ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"}, +-{ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"}, +-{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"}, +-{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA STORE_str_functs[] = { ++ {ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"}, ++ {ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"}, ++ {ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"}, ++ {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"}, ++ {ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"}, ++ {ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"}, ++ {ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), ++ "STORE_ATTR_INFO_get0_cstr"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), ++ "STORE_ATTR_INFO_get0_number"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), ++ "STORE_ATTR_INFO_get0_sha1str"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), ++ "STORE_ATTR_INFO_modify_cstr"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), ++ "STORE_ATTR_INFO_modify_dn"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), ++ "STORE_ATTR_INFO_modify_number"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), ++ "STORE_ATTR_INFO_modify_sha1str"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), ++ "STORE_ATTR_INFO_set_number"}, ++ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), ++ "STORE_ATTR_INFO_set_sha1str"}, ++ {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"}, ++ {ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"}, ++ {ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"}, ++ {ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"}, ++ {ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"}, ++ {ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"}, ++ {ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"}, ++ {ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"}, ++ {ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"}, ++ {ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"}, ++ {ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"}, ++ {ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"}, ++ {ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"}, ++ {ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"}, ++ {ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"}, ++ {ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), ++ "STORE_list_certificate_end"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), ++ "STORE_list_certificate_endp"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), ++ "STORE_list_certificate_next"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), ++ "STORE_list_certificate_start"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), ++ "STORE_list_private_key_end"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), ++ "STORE_list_private_key_endp"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), ++ "STORE_list_private_key_next"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), ++ "STORE_list_private_key_start"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), ++ "STORE_list_public_key_end"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), ++ "STORE_list_public_key_endp"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), ++ "STORE_list_public_key_next"}, ++ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), ++ "STORE_list_public_key_start"}, ++ {ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"}, ++ {ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"}, ++ {ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"}, ++ {ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"}, ++ {ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"}, ++ {ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"}, ++ {ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"}, ++ {ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"}, ++ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"}, ++ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"}, ++ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"}, ++ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"}, ++ {ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"}, ++ {ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"}, ++ {ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"}, ++ {ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"}, ++ {ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"}, ++ {ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"}, ++ {ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"}, ++ {ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"}, ++ {ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA STORE_str_reasons[]= +- { +-{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"}, +-{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"}, +-{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"}, +-{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"}, +-{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"}, +-{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"}, +-{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"}, +-{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"}, +-{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"}, +-{ERR_REASON(STORE_R_FAILED_GETTING_KEY) ,"failed getting key"}, +-{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"}, +-{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"}, +-{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"}, +-{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"}, +-{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"}, +-{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"}, +-{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"}, +-{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"}, +-{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"}, +-{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"}, +-{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"}, +-{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"}, +-{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"}, +-{ERR_REASON(STORE_R_FAILED_STORING_KEY) ,"failed storing key"}, +-{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"}, +-{ERR_REASON(STORE_R_NOT_IMPLEMENTED) ,"not implemented"}, +-{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"}, +-{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"}, +-{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"}, +-{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"}, +-{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"}, +-{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"}, +-{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"}, +-{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"}, +-{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"}, +-{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"}, +-{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"}, +-{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"}, +-{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"}, +-{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"}, +-{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"}, +-{ERR_REASON(STORE_R_NO_STORE) ,"no store"}, +-{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"}, +-{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"}, +-{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"}, +-{ERR_REASON(STORE_R_NO_VALUE) ,"no value"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA STORE_str_reasons[] = { ++ {ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE), "already has a value"}, ++ {ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY), ++ "failed deleting arbitrary"}, ++ {ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE), ++ "failed deleting certificate"}, ++ {ERR_REASON(STORE_R_FAILED_DELETING_KEY), "failed deleting key"}, ++ {ERR_REASON(STORE_R_FAILED_DELETING_NUMBER), "failed deleting number"}, ++ {ERR_REASON(STORE_R_FAILED_GENERATING_CRL), "failed generating crl"}, ++ {ERR_REASON(STORE_R_FAILED_GENERATING_KEY), "failed generating key"}, ++ {ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY), ++ "failed getting arbitrary"}, ++ {ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE), ++ "failed getting certificate"}, ++ {ERR_REASON(STORE_R_FAILED_GETTING_KEY), "failed getting key"}, ++ {ERR_REASON(STORE_R_FAILED_GETTING_NUMBER), "failed getting number"}, ++ {ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES), ++ "failed listing certificates"}, ++ {ERR_REASON(STORE_R_FAILED_LISTING_KEYS), "failed listing keys"}, ++ {ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY), ++ "failed modifying arbitrary"}, ++ {ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE), ++ "failed modifying certificate"}, ++ {ERR_REASON(STORE_R_FAILED_MODIFYING_CRL), "failed modifying crl"}, ++ {ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER), "failed modifying number"}, ++ {ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY), ++ "failed modifying private key"}, ++ {ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY), ++ "failed modifying public key"}, ++ {ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE), ++ "failed revoking certificate"}, ++ {ERR_REASON(STORE_R_FAILED_REVOKING_KEY), "failed revoking key"}, ++ {ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY), ++ "failed storing arbitrary"}, ++ {ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE), ++ "failed storing certificate"}, ++ {ERR_REASON(STORE_R_FAILED_STORING_KEY), "failed storing key"}, ++ {ERR_REASON(STORE_R_FAILED_STORING_NUMBER), "failed storing number"}, ++ {ERR_REASON(STORE_R_NOT_IMPLEMENTED), "not implemented"}, ++ {ERR_REASON(STORE_R_NO_CONTROL_FUNCTION), "no control function"}, ++ {ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION), ++ "no delete arbitrary function"}, ++ {ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION), ++ "no delete number function"}, ++ {ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION), ++ "no delete object function"}, ++ {ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION), ++ "no generate crl function"}, ++ {ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION), ++ "no generate object function"}, ++ {ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION), ++ "no get object arbitrary function"}, ++ {ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION), "no get object function"}, ++ {ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION), ++ "no get object number function"}, ++ {ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION), ++ "no list object endp function"}, ++ {ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION), ++ "no list object end function"}, ++ {ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION), ++ "no list object next function"}, ++ {ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION), ++ "no list object start function"}, ++ {ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION), ++ "no modify object function"}, ++ {ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION), ++ "no revoke object function"}, ++ {ERR_REASON(STORE_R_NO_STORE), "no store"}, ++ {ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION), ++ "no store object arbitrary function"}, ++ {ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION), ++ "no store object function"}, ++ {ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION), ++ "no store object number function"}, ++ {ERR_REASON(STORE_R_NO_VALUE), "no value"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_STORE_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,STORE_str_functs); +- ERR_load_strings(0,STORE_str_reasons); +- } ++ if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, STORE_str_functs); ++ ERR_load_strings(0, STORE_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c +index 32ae5bd..c968319 100644 +--- a/Cryptlib/OpenSSL/crypto/store/str_lib.c ++++ b/Cryptlib/OpenSSL/crypto/store/str_lib.c +@@ -1,6 +1,7 @@ + /* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. + */ + /* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,1765 +61,1711 @@ + #include + #include + #ifndef OPENSSL_NO_ENGINE +-#include ++# include + #endif + #include + #include + #include "str_locl.h" + +-const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] = +- { +- 0, +- "X.509 Certificate", +- "X.509 CRL", +- "Private Key", +- "Public Key", +- "Number", +- "Arbitrary Data" +- }; +- +-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] = +- { +- 0, +- sizeof(int), /* EVP_TYPE */ +- sizeof(size_t), /* BITS */ +- -1, /* KEY_PARAMETERS */ +- 0 /* KEY_NO_PARAMETERS */ +- }; +- +-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] = +- { +- 0, +- -1, /* FRIENDLYNAME: C string */ +- SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ +- SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ +- SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ +- SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ +- sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ +- sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ +- sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ +- SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ +- -1, /* EMAIL: C string */ +- -1, /* FILENAME: C string */ +- }; ++const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = { ++ 0, ++ "X.509 Certificate", ++ "X.509 CRL", ++ "Private Key", ++ "Public Key", ++ "Number", ++ "Arbitrary Data" ++}; ++ ++const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = { ++ 0, ++ sizeof(int), /* EVP_TYPE */ ++ sizeof(size_t), /* BITS */ ++ -1, /* KEY_PARAMETERS */ ++ 0 /* KEY_NO_PARAMETERS */ ++}; ++ ++const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = { ++ 0, ++ -1, /* FRIENDLYNAME: C string */ ++ SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */ ++ SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */ ++ SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */ ++ SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */ ++ sizeof(X509_NAME *), /* ISSUER: X509_NAME * */ ++ sizeof(BIGNUM *), /* SERIAL: BIGNUM * */ ++ sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */ ++ SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */ ++ -1, /* EMAIL: C string */ ++ -1, /* FILENAME: C string */ ++}; + + STORE *STORE_new_method(const STORE_METHOD *method) +- { +- STORE *ret; +- +- if (method == NULL) +- { +- STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- +- ret=(STORE *)OPENSSL_malloc(sizeof(STORE)); +- if (ret == NULL) +- { +- STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->meth=method; +- +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); +- if (ret->meth->init && !ret->meth->init(ret)) +- { +- STORE_free(ret); +- ret = NULL; +- } +- return ret; +- } ++{ ++ STORE *ret; ++ ++ if (method == NULL) { ++ STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ ++ ret = (STORE *)OPENSSL_malloc(sizeof(STORE)); ++ if (ret == NULL) { ++ STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ ret->meth = method; ++ ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data); ++ if (ret->meth->init && !ret->meth->init(ret)) { ++ STORE_free(ret); ++ ret = NULL; ++ } ++ return ret; ++} + + STORE *STORE_new_engine(ENGINE *engine) +- { +- STORE *ret = NULL; +- ENGINE *e = engine; +- const STORE_METHOD *meth = 0; ++{ ++ STORE *ret = NULL; ++ ENGINE *e = engine; ++ const STORE_METHOD *meth = 0; + + #ifdef OPENSSL_NO_ENGINE +- e = NULL; ++ e = NULL; + #else +- if (engine) +- { +- if (!ENGINE_init(engine)) +- { +- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); +- return NULL; +- } +- e = engine; +- } +- else +- { +- STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if(e) +- { +- meth = ENGINE_get_STORE(e); +- if(!meth) +- { +- STOREerr(STORE_F_STORE_NEW_ENGINE, +- ERR_R_ENGINE_LIB); +- ENGINE_finish(e); +- return NULL; +- } +- } ++ if (engine) { ++ if (!ENGINE_init(engine)) { ++ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); ++ return NULL; ++ } ++ e = engine; ++ } else { ++ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (e) { ++ meth = ENGINE_get_STORE(e); ++ if (!meth) { ++ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB); ++ ENGINE_finish(e); ++ return NULL; ++ } ++ } + #endif + +- ret = STORE_new_method(meth); +- if (ret == NULL) +- { +- STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB); +- return NULL; +- } ++ ret = STORE_new_method(meth); ++ if (ret == NULL) { ++ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB); ++ return NULL; ++ } + +- ret->engine = e; ++ ret->engine = e; + +- return(ret); +- } ++ return (ret); ++} + + void STORE_free(STORE *store) +- { +- if (store == NULL) +- return; +- if (store->meth->clean) +- store->meth->clean(store); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); +- OPENSSL_free(store); +- } +- +-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void)) +- { +- if (store == NULL) +- { +- STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (store->meth->ctrl) +- return store->meth->ctrl(store, cmd, i, p, f); +- STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION); +- return 0; +- } +- ++{ ++ if (store == NULL) ++ return; ++ if (store->meth->clean) ++ store->meth->clean(store); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data); ++ OPENSSL_free(store); ++} ++ ++int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void)) ++{ ++ if (store == NULL) { ++ STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (store->meth->ctrl) ++ return store->meth->ctrl(store, cmd, i, p, f); ++ STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION); ++ return 0; ++} + + int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, +- new_func, dup_func, free_func); +- } ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp, ++ new_func, dup_func, free_func); ++} + + int STORE_set_ex_data(STORE *r, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} + + void *STORE_get_ex_data(STORE *r, int idx) +- { +- return(CRYPTO_get_ex_data(&r->ex_data,idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); ++} + + const STORE_METHOD *STORE_get_method(STORE *store) +- { +- return store->meth; +- } ++{ ++ return store->meth; ++} + + const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth) +- { +- store->meth=meth; +- return store->meth; +- } +- ++{ ++ store->meth = meth; ++ return store->meth; ++} + + /* API helpers */ + + #define check_store(s,fncode,fnname,fnerrcode) \ +- do \ +- { \ +- if ((s) == NULL || (s)->meth == NULL) \ +- { \ +- STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ +- return 0; \ +- } \ +- if ((s)->meth->fnname == NULL) \ +- { \ +- STOREerr((fncode), (fnerrcode)); \ +- return 0; \ +- } \ +- } \ +- while(0) ++ do \ ++ { \ ++ if ((s) == NULL || (s)->meth == NULL) \ ++ { \ ++ STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \ ++ return 0; \ ++ } \ ++ if ((s)->meth->fnname == NULL) \ ++ { \ ++ STOREerr((fncode), (fnerrcode)); \ ++ return 0; \ ++ } \ ++ } \ ++ while(0) + + /* API functions */ + + X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- X509 *x; +- +- check_store(s,STORE_F_STORE_GET_CERTIFICATE, +- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters); +- if (!object || !object->data.x509.certificate) +- { +- STOREerr(STORE_F_STORE_GET_CERTIFICATE, +- STORE_R_FAILED_GETTING_CERTIFICATE); +- return 0; +- } +- CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ X509 *x; ++ ++ check_store(s, STORE_F_STORE_GET_CERTIFICATE, ++ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); ++ ++ object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, ++ attributes, parameters); ++ if (!object || !object->data.x509.certificate) { ++ STOREerr(STORE_F_STORE_GET_CERTIFICATE, ++ STORE_R_FAILED_GETTING_CERTIFICATE); ++ return 0; ++ } ++ CRYPTO_add(&object->data.x509.certificate->references, 1, ++ CRYPTO_LOCK_X509); + #ifdef REF_PRINT +- REF_PRINT("X509",data); ++ REF_PRINT("X509", data); + #endif +- x = object->data.x509.certificate; +- STORE_OBJECT_free(object); +- return x; +- } ++ x = object->data.x509.certificate; ++ STORE_OBJECT_free(object); ++ return x; ++} + + int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- int i; +- +- check_store(s,STORE_F_STORE_CERTIFICATE, +- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) +- { +- STOREerr(STORE_F_STORE_STORE_CERTIFICATE, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ int i; ++ ++ check_store(s, STORE_F_STORE_CERTIFICATE, ++ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); ++ ++ object = STORE_OBJECT_new(); ++ if (!object) { ++ STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509); + #ifdef REF_PRINT +- REF_PRINT("X509",data); ++ REF_PRINT("X509", data); + #endif +- object->data.x509.certificate = data; ++ object->data.x509.certificate = data; + +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- object, attributes, parameters); ++ i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, ++ object, attributes, parameters); + +- STORE_OBJECT_free(object); ++ STORE_OBJECT_free(object); + +- if (!i) +- { +- STOREerr(STORE_F_STORE_STORE_CERTIFICATE, +- STORE_R_FAILED_STORING_CERTIFICATE); +- return 0; +- } +- return 1; +- } ++ if (!i) { ++ STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ++ STORE_R_FAILED_STORING_CERTIFICATE); ++ return 0; ++ } ++ return 1; ++} + + int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE, +- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- search_attributes, add_attributes, modify_attributes, +- delete_attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, +- STORE_R_FAILED_MODIFYING_CERTIFICATE); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE, ++ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); ++ ++ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, ++ search_attributes, add_attributes, ++ modify_attributes, delete_attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE, ++ STORE_R_FAILED_MODIFYING_CERTIFICATE); ++ return 0; ++ } ++ return 1; ++} + + int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE, +- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); +- +- if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, +- STORE_R_FAILED_REVOKING_CERTIFICATE); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE, ++ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); ++ ++ if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, ++ attributes, parameters)) { ++ STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE, ++ STORE_R_FAILED_REVOKING_CERTIFICATE); ++ return 0; ++ } ++ return 1; ++} + + int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_DELETE_CERTIFICATE, +- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, +- attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, +- STORE_R_FAILED_DELETING_CERTIFICATE); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_DELETE_CERTIFICATE, ++ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); ++ ++ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE, ++ attributes, parameters)) { ++ STOREerr(STORE_F_STORE_DELETE_CERTIFICATE, ++ STORE_R_FAILED_DELETING_CERTIFICATE); ++ return 0; ++ } ++ return 1; ++} + + void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- void *handle; +- +- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START, +- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, +- STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters); +- if (!handle) +- { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- return handle; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ void *handle; ++ ++ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START, ++ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); ++ ++ handle = s->meth->list_object_start(s, ++ STORE_OBJECT_TYPE_X509_CERTIFICATE, ++ attributes, parameters); ++ if (!handle) { ++ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START, ++ STORE_R_FAILED_LISTING_CERTIFICATES); ++ return 0; ++ } ++ return handle; ++} + + X509 *STORE_list_certificate_next(STORE *s, void *handle) +- { +- STORE_OBJECT *object; +- X509 *x; +- +- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT, +- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.x509.certificate) +- { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509); ++{ ++ STORE_OBJECT *object; ++ X509 *x; ++ ++ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT, ++ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); ++ ++ object = s->meth->list_object_next(s, handle); ++ if (!object || !object->data.x509.certificate) { ++ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT, ++ STORE_R_FAILED_LISTING_CERTIFICATES); ++ return 0; ++ } ++ CRYPTO_add(&object->data.x509.certificate->references, 1, ++ CRYPTO_LOCK_X509); + #ifdef REF_PRINT +- REF_PRINT("X509",data); ++ REF_PRINT("X509", data); + #endif +- x = object->data.x509.certificate; +- STORE_OBJECT_free(object); +- return x; +- } ++ x = object->data.x509.certificate; ++ STORE_OBJECT_free(object); ++ return x; ++} + + int STORE_list_certificate_end(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END, +- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END, ++ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); ++ ++ if (!s->meth->list_object_end(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END, ++ STORE_R_FAILED_LISTING_CERTIFICATES); ++ return 0; ++ } ++ return 1; ++} + + int STORE_list_certificate_endp(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP, +- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, +- STORE_R_FAILED_LISTING_CERTIFICATES); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP, ++ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); ++ ++ if (!s->meth->list_object_endp(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP, ++ STORE_R_FAILED_LISTING_CERTIFICATES); ++ return 0; ++ } ++ return 1; ++} + + EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s,STORE_F_STORE_GENERATE_KEY, +- generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION); +- +- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- if (!object || !object->data.key) +- { +- STOREerr(STORE_F_STORE_GENERATE_KEY, +- STORE_R_FAILED_GENERATING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ EVP_PKEY *pkey; ++ ++ check_store(s, STORE_F_STORE_GENERATE_KEY, ++ generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION); ++ ++ object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, ++ attributes, parameters); ++ if (!object || !object->data.key) { ++ STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY); ++ return 0; ++ } ++ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +- } ++ pkey = object->data.key; ++ STORE_OBJECT_free(object); ++ return pkey; ++} + + EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s,STORE_F_STORE_GET_PRIVATE_KEY, +- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- if (!object || !object->data.key || !object->data.key) +- { +- STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, +- STORE_R_FAILED_GETTING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ EVP_PKEY *pkey; ++ ++ check_store(s, STORE_F_STORE_GET_PRIVATE_KEY, ++ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); ++ ++ object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, ++ attributes, parameters); ++ if (!object || !object->data.key || !object->data.key) { ++ STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY); ++ return 0; ++ } ++ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +- } +- +-int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- int i; +- +- check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY, +- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) +- { +- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- object->data.key = EVP_PKEY_new(); +- if (!object->data.key) +- { +- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); ++ pkey = object->data.key; ++ STORE_OBJECT_free(object); ++ return pkey; ++} ++ ++int STORE_store_private_key(STORE *s, EVP_PKEY *data, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ int i; ++ ++ check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY, ++ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); ++ ++ object = STORE_OBJECT_new(); ++ if (!object) { ++ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ object->data.key = EVP_PKEY_new(); ++ if (!object->data.key) { ++ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- object->data.key = data; ++ object->data.key = data; + +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, +- attributes, parameters); ++ i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object, ++ attributes, parameters); + +- STORE_OBJECT_free(object); ++ STORE_OBJECT_free(object); + +- if (!i) +- { +- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, +- STORE_R_FAILED_STORING_KEY); +- return 0; +- } +- return i; +- } ++ if (!i) { ++ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY); ++ return 0; ++ } ++ return i; ++} + + int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY, +- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- search_attributes, add_attributes, modify_attributes, +- delete_attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, +- STORE_R_FAILED_MODIFYING_PRIVATE_KEY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY, ++ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); ++ ++ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, ++ search_attributes, add_attributes, ++ modify_attributes, delete_attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY, ++ STORE_R_FAILED_MODIFYING_PRIVATE_KEY); ++ return 0; ++ } ++ return 1; ++} + + int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- int i; ++ OPENSSL_ITEM parameters[]) ++{ ++ int i; + +- check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY, +- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); ++ check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY, ++ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); + +- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); ++ i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, ++ attributes, parameters); + +- if (!i) +- { +- STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, +- STORE_R_FAILED_REVOKING_KEY); +- return 0; +- } +- return i; +- } ++ if (!i) { ++ STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY, ++ STORE_R_FAILED_REVOKING_KEY); ++ return 0; ++ } ++ return i; ++} + + int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY, +- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, +- STORE_R_FAILED_DELETING_KEY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY, ++ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); ++ ++ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, ++ attributes, parameters)) { ++ STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY, ++ STORE_R_FAILED_DELETING_KEY); ++ return 0; ++ } ++ return 1; ++} + + void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- void *handle; +- +- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START, +- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, +- attributes, parameters); +- if (!handle) +- { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return handle; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ void *handle; ++ ++ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START, ++ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); ++ ++ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY, ++ attributes, parameters); ++ if (!handle) { ++ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return handle; ++} + + EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle) +- { +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, +- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.key || !object->data.key) +- { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); ++{ ++ STORE_OBJECT *object; ++ EVP_PKEY *pkey; ++ ++ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, ++ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); ++ ++ object = s->meth->list_object_next(s, handle); ++ if (!object || !object->data.key || !object->data.key) { ++ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +- } ++ pkey = object->data.key; ++ STORE_OBJECT_free(object); ++ return pkey; ++} + + int STORE_list_private_key_end(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END, +- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END, ++ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); ++ ++ if (!s->meth->list_object_end(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return 1; ++} + + int STORE_list_private_key_endp(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, +- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, ++ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); ++ ++ if (!s->meth->list_object_endp(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return 1; ++} + + EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s,STORE_F_STORE_GET_PUBLIC_KEY, +- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters); +- if (!object || !object->data.key || !object->data.key) +- { +- STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, +- STORE_R_FAILED_GETTING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ EVP_PKEY *pkey; ++ ++ check_store(s, STORE_F_STORE_GET_PUBLIC_KEY, ++ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); ++ ++ object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, ++ attributes, parameters); ++ if (!object || !object->data.key || !object->data.key) { ++ STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY); ++ return 0; ++ } ++ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +- } +- +-int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- int i; +- +- check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY, +- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) +- { +- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- object->data.key = EVP_PKEY_new(); +- if (!object->data.key) +- { +- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY); ++ pkey = object->data.key; ++ STORE_OBJECT_free(object); ++ return pkey; ++} ++ ++int STORE_store_public_key(STORE *s, EVP_PKEY *data, ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ int i; ++ ++ check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY, ++ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); ++ ++ object = STORE_OBJECT_new(); ++ if (!object) { ++ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ object->data.key = EVP_PKEY_new(); ++ if (!object->data.key) { ++ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- object->data.key = data; ++ object->data.key = data; + +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, +- attributes, parameters); ++ i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object, ++ attributes, parameters); + +- STORE_OBJECT_free(object); ++ STORE_OBJECT_free(object); + +- if (!i) +- { +- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, +- STORE_R_FAILED_STORING_KEY); +- return 0; +- } +- return i; +- } ++ if (!i) { ++ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY); ++ return 0; ++ } ++ return i; ++} + + int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY, +- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- search_attributes, add_attributes, modify_attributes, +- delete_attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, +- STORE_R_FAILED_MODIFYING_PUBLIC_KEY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY, ++ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); ++ ++ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, ++ search_attributes, add_attributes, ++ modify_attributes, delete_attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY, ++ STORE_R_FAILED_MODIFYING_PUBLIC_KEY); ++ return 0; ++ } ++ return 1; ++} + + int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- int i; ++ OPENSSL_ITEM parameters[]) ++{ ++ int i; + +- check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY, +- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION); ++ check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY, ++ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION); + +- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters); ++ i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, ++ attributes, parameters); + +- if (!i) +- { +- STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, +- STORE_R_FAILED_REVOKING_KEY); +- return 0; +- } +- return i; +- } ++ if (!i) { ++ STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY, ++ STORE_R_FAILED_REVOKING_KEY); ++ return 0; ++ } ++ return i; ++} + + int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY, +- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, +- STORE_R_FAILED_DELETING_KEY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY, ++ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); ++ ++ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, ++ attributes, parameters)) { ++ STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY, ++ STORE_R_FAILED_DELETING_KEY); ++ return 0; ++ } ++ return 1; ++} + + void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- void *handle; +- +- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START, +- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, +- attributes, parameters); +- if (!handle) +- { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return handle; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ void *handle; ++ ++ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START, ++ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); ++ ++ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY, ++ attributes, parameters); ++ if (!handle) { ++ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return handle; ++} + + EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle) +- { +- STORE_OBJECT *object; +- EVP_PKEY *pkey; +- +- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, +- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.key || !object->data.key) +- { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY); ++{ ++ STORE_OBJECT *object; ++ EVP_PKEY *pkey; ++ ++ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, ++ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); ++ ++ object = s->meth->list_object_next(s, handle); ++ if (!object || !object->data.key || !object->data.key) { ++ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY); + #ifdef REF_PRINT +- REF_PRINT("EVP_PKEY",data); ++ REF_PRINT("EVP_PKEY", data); + #endif +- pkey = object->data.key; +- STORE_OBJECT_free(object); +- return pkey; +- } ++ pkey = object->data.key; ++ STORE_OBJECT_free(object); ++ return pkey; ++} + + int STORE_list_public_key_end(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END, +- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END, ++ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); ++ ++ if (!s->meth->list_object_end(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return 1; ++} + + int STORE_list_public_key_endp(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, +- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, ++ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); ++ ++ if (!s->meth->list_object_endp(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP, ++ STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return 1; ++} + + X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- X509_CRL *crl; +- +- check_store(s,STORE_F_STORE_GENERATE_CRL, +- generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION); +- +- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters); +- if (!object || !object->data.crl) +- { +- STOREerr(STORE_F_STORE_GENERATE_CRL, +- STORE_R_FAILED_GENERATING_CRL); +- return 0; +- } +- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ X509_CRL *crl; ++ ++ check_store(s, STORE_F_STORE_GENERATE_CRL, ++ generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION); ++ ++ object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL, ++ attributes, parameters); ++ if (!object || !object->data.crl) { ++ STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL); ++ return 0; ++ } ++ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); + #ifdef REF_PRINT +- REF_PRINT("X509_CRL",data); ++ REF_PRINT("X509_CRL", data); + #endif +- crl = object->data.crl; +- STORE_OBJECT_free(object); +- return crl; +- } ++ crl = object->data.crl; ++ STORE_OBJECT_free(object); ++ return crl; ++} + + X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- X509_CRL *crl; +- +- check_store(s,STORE_F_STORE_GET_CRL, +- get_object,STORE_R_NO_GET_OBJECT_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters); +- if (!object || !object->data.crl) +- { +- STOREerr(STORE_F_STORE_GET_CRL, +- STORE_R_FAILED_GETTING_KEY); +- return 0; +- } +- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ X509_CRL *crl; ++ ++ check_store(s, STORE_F_STORE_GET_CRL, ++ get_object, STORE_R_NO_GET_OBJECT_FUNCTION); ++ ++ object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL, ++ attributes, parameters); ++ if (!object || !object->data.crl) { ++ STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY); ++ return 0; ++ } ++ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); + #ifdef REF_PRINT +- REF_PRINT("X509_CRL",data); ++ REF_PRINT("X509_CRL", data); + #endif +- crl = object->data.crl; +- STORE_OBJECT_free(object); +- return crl; +- } ++ crl = object->data.crl; ++ STORE_OBJECT_free(object); ++ return crl; ++} + + int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- int i; +- +- check_store(s,STORE_F_STORE_STORE_CRL, +- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) +- { +- STOREerr(STORE_F_STORE_STORE_CRL, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL); ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ int i; ++ ++ check_store(s, STORE_F_STORE_STORE_CRL, ++ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION); ++ ++ object = STORE_OBJECT_new(); ++ if (!object) { ++ STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL); + #ifdef REF_PRINT +- REF_PRINT("X509_CRL",data); ++ REF_PRINT("X509_CRL", data); + #endif +- object->data.crl = data; ++ object->data.crl = data; + +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, +- attributes, parameters); ++ i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object, ++ attributes, parameters); + +- STORE_OBJECT_free(object); ++ STORE_OBJECT_free(object); + +- if (!i) +- { +- STOREerr(STORE_F_STORE_STORE_CRL, +- STORE_R_FAILED_STORING_KEY); +- return 0; +- } +- return i; +- } ++ if (!i) { ++ STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY); ++ return 0; ++ } ++ return i; ++} + + int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_MODIFY_CRL, +- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, +- search_attributes, add_attributes, modify_attributes, +- delete_attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_MODIFY_CRL, +- STORE_R_FAILED_MODIFYING_CRL); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_MODIFY_CRL, ++ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); ++ ++ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL, ++ search_attributes, add_attributes, ++ modify_attributes, delete_attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL); ++ return 0; ++ } ++ return 1; ++} + + int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_DELETE_CRL, +- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_DELETE_CRL, +- STORE_R_FAILED_DELETING_KEY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_DELETE_CRL, ++ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION); ++ ++ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL, ++ attributes, parameters)) { ++ STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY); ++ return 0; ++ } ++ return 1; ++} + + void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- void *handle; +- +- check_store(s,STORE_F_STORE_LIST_CRL_START, +- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION); +- +- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, +- attributes, parameters); +- if (!handle) +- { +- STOREerr(STORE_F_STORE_LIST_CRL_START, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return handle; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ void *handle; ++ ++ check_store(s, STORE_F_STORE_LIST_CRL_START, ++ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION); ++ ++ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL, ++ attributes, parameters); ++ if (!handle) { ++ STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return handle; ++} + + X509_CRL *STORE_list_crl_next(STORE *s, void *handle) +- { +- STORE_OBJECT *object; +- X509_CRL *crl; +- +- check_store(s,STORE_F_STORE_LIST_CRL_NEXT, +- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); +- +- object = s->meth->list_object_next(s, handle); +- if (!object || !object->data.crl) +- { +- STOREerr(STORE_F_STORE_LIST_CRL_NEXT, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL); ++{ ++ STORE_OBJECT *object; ++ X509_CRL *crl; ++ ++ check_store(s, STORE_F_STORE_LIST_CRL_NEXT, ++ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION); ++ ++ object = s->meth->list_object_next(s, handle); ++ if (!object || !object->data.crl) { ++ STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); + #ifdef REF_PRINT +- REF_PRINT("X509_CRL",data); ++ REF_PRINT("X509_CRL", data); + #endif +- crl = object->data.crl; +- STORE_OBJECT_free(object); +- return crl; +- } ++ crl = object->data.crl; ++ STORE_OBJECT_free(object); ++ return crl; ++} + + int STORE_list_crl_end(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_CRL_END, +- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION); +- +- if (!s->meth->list_object_end(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_CRL_END, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_CRL_END, ++ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION); ++ ++ if (!s->meth->list_object_end(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return 1; ++} + + int STORE_list_crl_endp(STORE *s, void *handle) +- { +- check_store(s,STORE_F_STORE_LIST_CRL_ENDP, +- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); +- +- if (!s->meth->list_object_endp(s, handle)) +- { +- STOREerr(STORE_F_STORE_LIST_CRL_ENDP, +- STORE_R_FAILED_LISTING_KEYS); +- return 0; +- } +- return 1; +- } ++{ ++ check_store(s, STORE_F_STORE_LIST_CRL_ENDP, ++ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION); ++ ++ if (!s->meth->list_object_endp(s, handle)) { ++ STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS); ++ return 0; ++ } ++ return 1; ++} + + int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- int i; +- +- check_store(s,STORE_F_STORE_STORE_NUMBER, +- store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) +- { +- STOREerr(STORE_F_STORE_STORE_NUMBER, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- object->data.number = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) +- { +- STOREerr(STORE_F_STORE_STORE_NUMBER, +- STORE_R_FAILED_STORING_NUMBER); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ int i; ++ ++ check_store(s, STORE_F_STORE_STORE_NUMBER, ++ store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION); ++ ++ object = STORE_OBJECT_new(); ++ if (!object) { ++ STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ object->data.number = data; ++ ++ i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object, ++ attributes, parameters); ++ ++ STORE_OBJECT_free(object); ++ ++ if (!i) { ++ STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER); ++ return 0; ++ } ++ return 1; ++} + + int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_MODIFY_NUMBER, +- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, +- search_attributes, add_attributes, modify_attributes, +- delete_attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_MODIFY_NUMBER, +- STORE_R_FAILED_MODIFYING_NUMBER); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_MODIFY_NUMBER, ++ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); ++ ++ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER, ++ search_attributes, add_attributes, ++ modify_attributes, delete_attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_MODIFY_NUMBER, ++ STORE_R_FAILED_MODIFYING_NUMBER); ++ return 0; ++ } ++ return 1; ++} + + BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- BIGNUM *n; +- +- check_store(s,STORE_F_STORE_GET_NUMBER, +- get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, +- parameters); +- if (!object || !object->data.number) +- { +- STOREerr(STORE_F_STORE_GET_NUMBER, +- STORE_R_FAILED_GETTING_NUMBER); +- return 0; +- } +- n = object->data.number; +- object->data.number = NULL; +- STORE_OBJECT_free(object); +- return n; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ BIGNUM *n; ++ ++ check_store(s, STORE_F_STORE_GET_NUMBER, ++ get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION); ++ ++ object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, ++ parameters); ++ if (!object || !object->data.number) { ++ STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER); ++ return 0; ++ } ++ n = object->data.number; ++ object->data.number = NULL; ++ STORE_OBJECT_free(object); ++ return n; ++} + + int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_DELETE_NUMBER, +- delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, +- parameters)) +- { +- STOREerr(STORE_F_STORE_DELETE_NUMBER, +- STORE_R_FAILED_DELETING_NUMBER); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_DELETE_NUMBER, ++ delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION); ++ ++ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER); ++ return 0; ++ } ++ return 1; ++} + + int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- int i; +- +- check_store(s,STORE_F_STORE_STORE_ARBITRARY, +- store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); +- +- object = STORE_OBJECT_new(); +- if (!object) +- { +- STOREerr(STORE_F_STORE_STORE_ARBITRARY, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- object->data.arbitrary = data; +- +- i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, +- attributes, parameters); +- +- STORE_OBJECT_free(object); +- +- if (!i) +- { +- STOREerr(STORE_F_STORE_STORE_ARBITRARY, +- STORE_R_FAILED_STORING_ARBITRARY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ int i; ++ ++ check_store(s, STORE_F_STORE_STORE_ARBITRARY, ++ store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION); ++ ++ object = STORE_OBJECT_new(); ++ if (!object) { ++ STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ object->data.arbitrary = data; ++ ++ i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object, ++ attributes, parameters); ++ ++ STORE_OBJECT_free(object); ++ ++ if (!i) { ++ STOREerr(STORE_F_STORE_STORE_ARBITRARY, ++ STORE_R_FAILED_STORING_ARBITRARY); ++ return 0; ++ } ++ return 1; ++} + + int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[], +- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], +- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_MODIFY_ARBITRARY, +- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION); +- +- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, +- search_attributes, add_attributes, modify_attributes, +- delete_attributes, parameters)) +- { +- STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, +- STORE_R_FAILED_MODIFYING_ARBITRARY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_MODIFY_ARBITRARY, ++ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION); ++ ++ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY, ++ search_attributes, add_attributes, ++ modify_attributes, delete_attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_MODIFY_ARBITRARY, ++ STORE_R_FAILED_MODIFYING_ARBITRARY); ++ return 0; ++ } ++ return 1; ++} + + BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STORE_OBJECT *object; +- BUF_MEM *b; +- +- check_store(s,STORE_F_STORE_GET_ARBITRARY, +- get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); +- +- object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, +- attributes, parameters); +- if (!object || !object->data.arbitrary) +- { +- STOREerr(STORE_F_STORE_GET_ARBITRARY, +- STORE_R_FAILED_GETTING_ARBITRARY); +- return 0; +- } +- b = object->data.arbitrary; +- object->data.arbitrary = NULL; +- STORE_OBJECT_free(object); +- return b; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ STORE_OBJECT *object; ++ BUF_MEM *b; ++ ++ check_store(s, STORE_F_STORE_GET_ARBITRARY, ++ get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION); ++ ++ object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY, ++ attributes, parameters); ++ if (!object || !object->data.arbitrary) { ++ STOREerr(STORE_F_STORE_GET_ARBITRARY, ++ STORE_R_FAILED_GETTING_ARBITRARY); ++ return 0; ++ } ++ b = object->data.arbitrary; ++ object->data.arbitrary = NULL; ++ STORE_OBJECT_free(object); ++ return b; ++} + + int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- check_store(s,STORE_F_STORE_DELETE_ARBITRARY, +- delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION); +- +- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, +- parameters)) +- { +- STOREerr(STORE_F_STORE_DELETE_ARBITRARY, +- STORE_R_FAILED_DELETING_ARBITRARY); +- return 0; +- } +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ check_store(s, STORE_F_STORE_DELETE_ARBITRARY, ++ delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION); ++ ++ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes, ++ parameters)) { ++ STOREerr(STORE_F_STORE_DELETE_ARBITRARY, ++ STORE_R_FAILED_DELETING_ARBITRARY); ++ return 0; ++ } ++ return 1; ++} + + STORE_OBJECT *STORE_OBJECT_new(void) +- { +- STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); +- if (object) memset(object, 0, sizeof(STORE_OBJECT)); +- return object; +- } ++{ ++ STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); ++ if (object) ++ memset(object, 0, sizeof(STORE_OBJECT)); ++ return object; ++} ++ + void STORE_OBJECT_free(STORE_OBJECT *data) +- { +- if (!data) return; +- switch (data->type) +- { +- case STORE_OBJECT_TYPE_X509_CERTIFICATE: +- X509_free(data->data.x509.certificate); +- break; +- case STORE_OBJECT_TYPE_X509_CRL: +- X509_CRL_free(data->data.crl); +- break; +- case STORE_OBJECT_TYPE_PRIVATE_KEY: +- case STORE_OBJECT_TYPE_PUBLIC_KEY: +- EVP_PKEY_free(data->data.key); +- break; +- case STORE_OBJECT_TYPE_NUMBER: +- BN_free(data->data.number); +- break; +- case STORE_OBJECT_TYPE_ARBITRARY: +- BUF_MEM_free(data->data.arbitrary); +- break; +- } +- OPENSSL_free(data); +- } ++{ ++ if (!data) ++ return; ++ switch (data->type) { ++ case STORE_OBJECT_TYPE_X509_CERTIFICATE: ++ X509_free(data->data.x509.certificate); ++ break; ++ case STORE_OBJECT_TYPE_X509_CRL: ++ X509_CRL_free(data->data.crl); ++ break; ++ case STORE_OBJECT_TYPE_PRIVATE_KEY: ++ case STORE_OBJECT_TYPE_PUBLIC_KEY: ++ EVP_PKEY_free(data->data.key); ++ break; ++ case STORE_OBJECT_TYPE_NUMBER: ++ BN_free(data->data.number); ++ break; ++ case STORE_OBJECT_TYPE_ARBITRARY: ++ BUF_MEM_free(data->data.arbitrary); ++ break; ++ } ++ OPENSSL_free(data); ++} + + IMPLEMENT_STACK_OF(STORE_OBJECT*) + +- +-struct STORE_attr_info_st +- { +- unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; +- union +- { +- char *cstring; +- unsigned char *sha1string; +- X509_NAME *dn; +- BIGNUM *number; +- void *any; +- } values[STORE_ATTR_TYPE_NUM+1]; +- size_t value_sizes[STORE_ATTR_TYPE_NUM+1]; +- }; +- +-#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ +- && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) +-#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) +-#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) ++struct STORE_attr_info_st { ++ unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8]; ++ union { ++ char *cstring; ++ unsigned char *sha1string; ++ X509_NAME *dn; ++ BIGNUM *number; ++ void *any; ++ } values[STORE_ATTR_TYPE_NUM + 1]; ++ size_t value_sizes[STORE_ATTR_TYPE_NUM + 1]; ++}; ++ ++#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \ ++ && ((a)->set[(i) / 8] & (1 << ((i) % 8)))) ++#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8))) ++#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8))) + + STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) +- { +- return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); +- } ++{ ++ return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); ++} ++ + static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code) +- { +- if (ATTR_IS_SET(attrs,code)) +- { +- switch(code) +- { +- case STORE_ATTR_FRIENDLYNAME: +- case STORE_ATTR_EMAIL: +- case STORE_ATTR_FILENAME: +- STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); +- break; +- case STORE_ATTR_KEYID: +- case STORE_ATTR_ISSUERKEYID: +- case STORE_ATTR_SUBJECTKEYID: +- case STORE_ATTR_ISSUERSERIALHASH: +- case STORE_ATTR_CERTHASH: +- STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); +- break; +- case STORE_ATTR_ISSUER: +- case STORE_ATTR_SUBJECT: +- STORE_ATTR_INFO_modify_dn(attrs, code, NULL); +- break; +- case STORE_ATTR_SERIAL: +- STORE_ATTR_INFO_modify_number(attrs, code, NULL); +- break; +- default: +- break; +- } +- } +- } ++ STORE_ATTR_TYPES code) ++{ ++ if (ATTR_IS_SET(attrs, code)) { ++ switch (code) { ++ case STORE_ATTR_FRIENDLYNAME: ++ case STORE_ATTR_EMAIL: ++ case STORE_ATTR_FILENAME: ++ STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0); ++ break; ++ case STORE_ATTR_KEYID: ++ case STORE_ATTR_ISSUERKEYID: ++ case STORE_ATTR_SUBJECTKEYID: ++ case STORE_ATTR_ISSUERSERIALHASH: ++ case STORE_ATTR_CERTHASH: ++ STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0); ++ break; ++ case STORE_ATTR_ISSUER: ++ case STORE_ATTR_SUBJECT: ++ STORE_ATTR_INFO_modify_dn(attrs, code, NULL); ++ break; ++ case STORE_ATTR_SERIAL: ++ STORE_ATTR_INFO_modify_number(attrs, code, NULL); ++ break; ++ default: ++ break; ++ } ++ } ++} ++ + int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs) +- { +- if (attrs) +- { +- STORE_ATTR_TYPES i; +- for(i = 0; i++ < STORE_ATTR_TYPE_NUM;) +- STORE_ATTR_INFO_attr_free(attrs, i); +- OPENSSL_free(attrs); +- } +- return 1; +- } ++{ ++ if (attrs) { ++ STORE_ATTR_TYPES i; ++ for (i = 0; i++ < STORE_ATTR_TYPE_NUM;) ++ STORE_ATTR_INFO_attr_free(attrs, i); ++ OPENSSL_free(attrs); ++ } ++ return 1; ++} ++ + char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs,code)) +- return attrs->values[code].cstring; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, +- STORE_R_NO_VALUE); +- return NULL; +- } ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (ATTR_IS_SET(attrs, code)) ++ return attrs->values[code].cstring; ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE); ++ return NULL; ++} ++ + unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs, +- STORE_ATTR_TYPES code) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs,code)) +- return attrs->values[code].sha1string; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, +- STORE_R_NO_VALUE); +- return NULL; +- } +-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs,code)) +- return attrs->values[code].dn; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, +- STORE_R_NO_VALUE); +- return NULL; +- } +-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, +- ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (ATTR_IS_SET(attrs,code)) +- return attrs->values[code].number; +- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, +- STORE_R_NO_VALUE); +- return NULL; +- } ++ STORE_ATTR_TYPES code) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (ATTR_IS_SET(attrs, code)) ++ return attrs->values[code].sha1string; ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE); ++ return NULL; ++} ++ ++X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (ATTR_IS_SET(attrs, code)) ++ return attrs->values[code].dn; ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE); ++ return NULL; ++} ++ ++BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (ATTR_IS_SET(attrs, code)) ++ return attrs->values[code].number; ++ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE); ++ return NULL; ++} ++ + int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs,code)) +- { +- if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +- } ++ char *cstr, size_t cstr_size) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (!ATTR_IS_SET(attrs, code)) { ++ if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size))) ++ return 1; ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE); ++ return 0; ++} ++ + int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- unsigned char *sha1str, size_t sha1str_size) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs,code)) +- { +- if ((attrs->values[code].sha1string = +- (unsigned char *)BUF_memdup(sha1str, +- sha1str_size))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +- } ++ unsigned char *sha1str, size_t sha1str_size) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (!ATTR_IS_SET(attrs, code)) { ++ if ((attrs->values[code].sha1string = ++ (unsigned char *)BUF_memdup(sha1str, sha1str_size))) ++ return 1; ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ++ STORE_R_ALREADY_HAS_A_VALUE); ++ return 0; ++} ++ + int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs,code)) +- { +- if ((attrs->values[code].dn = X509_NAME_dup(dn))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +- } ++ X509_NAME *dn) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (!ATTR_IS_SET(attrs, code)) { ++ if ((attrs->values[code].dn = X509_NAME_dup(dn))) ++ return 1; ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE); ++ return 0; ++} ++ + int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- BIGNUM *number) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (!ATTR_IS_SET(attrs,code)) +- { +- if ((attrs->values[code].number = BN_dup(number))) +- return 1; +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, +- ERR_R_MALLOC_FAILURE); +- return 0; +- } +- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); +- return 0; +- } ++ BIGNUM *number) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (!ATTR_IS_SET(attrs, code)) { ++ if ((attrs->values[code].number = BN_dup(number))) ++ return 1; ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE); ++ return 0; ++} ++ + int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- char *cstr, size_t cstr_size) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs,code)) +- { +- OPENSSL_free(attrs->values[code].cstring); +- attrs->values[code].cstring = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); +- } +-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- unsigned char *sha1str, size_t sha1str_size) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs,code)) +- { +- OPENSSL_free(attrs->values[code].sha1string); +- attrs->values[code].sha1string = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); +- } ++ char *cstr, size_t cstr_size) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (ATTR_IS_SET(attrs, code)) { ++ OPENSSL_free(attrs->values[code].cstring); ++ attrs->values[code].cstring = NULL; ++ CLEAR_ATTRBIT(attrs, code); ++ } ++ return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size); ++} ++ ++int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code, ++ unsigned char *sha1str, ++ size_t sha1str_size) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (ATTR_IS_SET(attrs, code)) { ++ OPENSSL_free(attrs->values[code].sha1string); ++ attrs->values[code].sha1string = NULL; ++ CLEAR_ATTRBIT(attrs, code); ++ } ++ return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size); ++} ++ + int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- X509_NAME *dn) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs,code)) +- { +- OPENSSL_free(attrs->values[code].dn); +- attrs->values[code].dn = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_dn(attrs, code, dn); +- } +-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code, +- BIGNUM *number) +- { +- if (!attrs) +- { +- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, +- ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (ATTR_IS_SET(attrs,code)) +- { +- OPENSSL_free(attrs->values[code].number); +- attrs->values[code].number = NULL; +- CLEAR_ATTRBIT(attrs, code); +- } +- return STORE_ATTR_INFO_set_number(attrs, code, number); +- } +- +-struct attr_list_ctx_st +- { +- OPENSSL_ITEM *attributes; +- }; ++ X509_NAME *dn) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (ATTR_IS_SET(attrs, code)) { ++ OPENSSL_free(attrs->values[code].dn); ++ attrs->values[code].dn = NULL; ++ CLEAR_ATTRBIT(attrs, code); ++ } ++ return STORE_ATTR_INFO_set_dn(attrs, code, dn); ++} ++ ++int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, ++ STORE_ATTR_TYPES code, BIGNUM *number) ++{ ++ if (!attrs) { ++ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (ATTR_IS_SET(attrs, code)) { ++ OPENSSL_free(attrs->values[code].number); ++ attrs->values[code].number = NULL; ++ CLEAR_ATTRBIT(attrs, code); ++ } ++ return STORE_ATTR_INFO_set_number(attrs, code, number); ++} ++ ++struct attr_list_ctx_st { ++ OPENSSL_ITEM *attributes; ++}; + void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) +- { +- if (attributes) +- { +- struct attr_list_ctx_st *context = +- (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); +- if (context) +- context->attributes = attributes; +- else +- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, +- ERR_R_MALLOC_FAILURE); +- return context; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } ++{ ++ if (attributes) { ++ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *) ++ OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); ++ if (context) ++ context->attributes = attributes; ++ else ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE); ++ return context; ++ } ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++} ++ + STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle) +- { +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; +- +- if (context && context->attributes) +- { +- STORE_ATTR_INFO *attrs = NULL; +- +- while(context->attributes +- && context->attributes->code != STORE_ATTR_OR +- && context->attributes->code != STORE_ATTR_END) +- { +- switch(context->attributes->code) +- { +- case STORE_ATTR_FRIENDLYNAME: +- case STORE_ATTR_EMAIL: +- case STORE_ATTR_FILENAME: +- if (!attrs) attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) +- { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_set_cstr(attrs, +- context->attributes->code, +- context->attributes->value, +- context->attributes->value_size); +- break; +- case STORE_ATTR_KEYID: +- case STORE_ATTR_ISSUERKEYID: +- case STORE_ATTR_SUBJECTKEYID: +- case STORE_ATTR_ISSUERSERIALHASH: +- case STORE_ATTR_CERTHASH: +- if (!attrs) attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) +- { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_set_sha1str(attrs, +- context->attributes->code, +- context->attributes->value, +- context->attributes->value_size); +- break; +- case STORE_ATTR_ISSUER: +- case STORE_ATTR_SUBJECT: +- if (!attrs) attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) +- { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_modify_dn(attrs, +- context->attributes->code, +- context->attributes->value); +- break; +- case STORE_ATTR_SERIAL: +- if (!attrs) attrs = STORE_ATTR_INFO_new(); +- if (attrs == NULL) +- { +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- STORE_ATTR_INFO_modify_number(attrs, +- context->attributes->code, +- context->attributes->value); +- break; +- } +- context->attributes++; +- } +- if (context->attributes->code == STORE_ATTR_OR) +- context->attributes++; +- return attrs; +- err: +- while(context->attributes +- && context->attributes->code != STORE_ATTR_OR +- && context->attributes->code != STORE_ATTR_END) +- context->attributes++; +- if (context->attributes->code == STORE_ATTR_OR) +- context->attributes++; +- return NULL; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } ++{ ++ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; ++ ++ if (context && context->attributes) { ++ STORE_ATTR_INFO *attrs = NULL; ++ ++ while (context->attributes ++ && context->attributes->code != STORE_ATTR_OR ++ && context->attributes->code != STORE_ATTR_END) { ++ switch (context->attributes->code) { ++ case STORE_ATTR_FRIENDLYNAME: ++ case STORE_ATTR_EMAIL: ++ case STORE_ATTR_FILENAME: ++ if (!attrs) ++ attrs = STORE_ATTR_INFO_new(); ++ if (attrs == NULL) { ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ STORE_ATTR_INFO_set_cstr(attrs, ++ context->attributes->code, ++ context->attributes->value, ++ context->attributes->value_size); ++ break; ++ case STORE_ATTR_KEYID: ++ case STORE_ATTR_ISSUERKEYID: ++ case STORE_ATTR_SUBJECTKEYID: ++ case STORE_ATTR_ISSUERSERIALHASH: ++ case STORE_ATTR_CERTHASH: ++ if (!attrs) ++ attrs = STORE_ATTR_INFO_new(); ++ if (attrs == NULL) { ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ STORE_ATTR_INFO_set_sha1str(attrs, ++ context->attributes->code, ++ context->attributes->value, ++ context->attributes->value_size); ++ break; ++ case STORE_ATTR_ISSUER: ++ case STORE_ATTR_SUBJECT: ++ if (!attrs) ++ attrs = STORE_ATTR_INFO_new(); ++ if (attrs == NULL) { ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ STORE_ATTR_INFO_modify_dn(attrs, ++ context->attributes->code, ++ context->attributes->value); ++ break; ++ case STORE_ATTR_SERIAL: ++ if (!attrs) ++ attrs = STORE_ATTR_INFO_new(); ++ if (attrs == NULL) { ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ STORE_ATTR_INFO_modify_number(attrs, ++ context->attributes->code, ++ context->attributes->value); ++ break; ++ } ++ context->attributes++; ++ } ++ if (context->attributes->code == STORE_ATTR_OR) ++ context->attributes++; ++ return attrs; ++ err: ++ while (context->attributes ++ && context->attributes->code != STORE_ATTR_OR ++ && context->attributes->code != STORE_ATTR_END) ++ context->attributes++; ++ if (context->attributes->code == STORE_ATTR_OR) ++ context->attributes++; ++ return NULL; ++ } ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++} ++ + int STORE_parse_attrs_end(void *handle) +- { +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; ++{ ++ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; + +- if (context && context->attributes) +- { ++ if (context && context->attributes) { + #if 0 +- OPENSSL_ITEM *attributes = context->attributes; ++ OPENSSL_ITEM *attributes = context->attributes; + #endif +- OPENSSL_free(context); +- return 1; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } ++ OPENSSL_free(context); ++ return 1; ++ } ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++} + + int STORE_parse_attrs_endp(void *handle) +- { +- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; +- +- if (context && context->attributes) +- { +- return context->attributes->code == STORE_ATTR_END; +- } +- STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- +-static int attr_info_compare_compute_range( +- unsigned char *abits, unsigned char *bbits, +- unsigned int *alowp, unsigned int *ahighp, +- unsigned int *blowp, unsigned int *bhighp) +- { +- unsigned int alow = (unsigned int)-1, ahigh = 0; +- unsigned int blow = (unsigned int)-1, bhigh = 0; +- int i, res = 0; +- +- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) +- { +- if (res == 0) +- { +- if (*abits < *bbits) res = -1; +- if (*abits > *bbits) res = 1; +- } +- if (*abits) +- { +- if (alow == (unsigned int)-1) +- { +- alow = i * 8; +- if (!(*abits & 0x01)) alow++; +- if (!(*abits & 0x02)) alow++; +- if (!(*abits & 0x04)) alow++; +- if (!(*abits & 0x08)) alow++; +- if (!(*abits & 0x10)) alow++; +- if (!(*abits & 0x20)) alow++; +- if (!(*abits & 0x40)) alow++; +- } +- ahigh = i * 8 + 7; +- if (!(*abits & 0x80)) ahigh++; +- if (!(*abits & 0x40)) ahigh++; +- if (!(*abits & 0x20)) ahigh++; +- if (!(*abits & 0x10)) ahigh++; +- if (!(*abits & 0x08)) ahigh++; +- if (!(*abits & 0x04)) ahigh++; +- if (!(*abits & 0x02)) ahigh++; +- } +- if (*bbits) +- { +- if (blow == (unsigned int)-1) +- { +- blow = i * 8; +- if (!(*bbits & 0x01)) blow++; +- if (!(*bbits & 0x02)) blow++; +- if (!(*bbits & 0x04)) blow++; +- if (!(*bbits & 0x08)) blow++; +- if (!(*bbits & 0x10)) blow++; +- if (!(*bbits & 0x20)) blow++; +- if (!(*bbits & 0x40)) blow++; +- } +- bhigh = i * 8 + 7; +- if (!(*bbits & 0x80)) bhigh++; +- if (!(*bbits & 0x40)) bhigh++; +- if (!(*bbits & 0x20)) bhigh++; +- if (!(*bbits & 0x10)) bhigh++; +- if (!(*bbits & 0x08)) bhigh++; +- if (!(*bbits & 0x04)) bhigh++; +- if (!(*bbits & 0x02)) bhigh++; +- } +- } +- if (ahigh + alow < bhigh + blow) res = -1; +- if (ahigh + alow > bhigh + blow) res = 1; +- if (alowp) *alowp = alow; +- if (ahighp) *ahighp = ahigh; +- if (blowp) *blowp = blow; +- if (bhighp) *bhighp = bhigh; +- return res; +- } ++{ ++ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle; ++ ++ if (context && context->attributes) { ++ return context->attributes->code == STORE_ATTR_END; ++ } ++ STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++} ++ ++static int attr_info_compare_compute_range(unsigned char *abits, ++ unsigned char *bbits, ++ unsigned int *alowp, ++ unsigned int *ahighp, ++ unsigned int *blowp, ++ unsigned int *bhighp) ++{ ++ unsigned int alow = (unsigned int)-1, ahigh = 0; ++ unsigned int blow = (unsigned int)-1, bhigh = 0; ++ int i, res = 0; ++ ++ for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { ++ if (res == 0) { ++ if (*abits < *bbits) ++ res = -1; ++ if (*abits > *bbits) ++ res = 1; ++ } ++ if (*abits) { ++ if (alow == (unsigned int)-1) { ++ alow = i * 8; ++ if (!(*abits & 0x01)) ++ alow++; ++ if (!(*abits & 0x02)) ++ alow++; ++ if (!(*abits & 0x04)) ++ alow++; ++ if (!(*abits & 0x08)) ++ alow++; ++ if (!(*abits & 0x10)) ++ alow++; ++ if (!(*abits & 0x20)) ++ alow++; ++ if (!(*abits & 0x40)) ++ alow++; ++ } ++ ahigh = i * 8 + 7; ++ if (!(*abits & 0x80)) ++ ahigh++; ++ if (!(*abits & 0x40)) ++ ahigh++; ++ if (!(*abits & 0x20)) ++ ahigh++; ++ if (!(*abits & 0x10)) ++ ahigh++; ++ if (!(*abits & 0x08)) ++ ahigh++; ++ if (!(*abits & 0x04)) ++ ahigh++; ++ if (!(*abits & 0x02)) ++ ahigh++; ++ } ++ if (*bbits) { ++ if (blow == (unsigned int)-1) { ++ blow = i * 8; ++ if (!(*bbits & 0x01)) ++ blow++; ++ if (!(*bbits & 0x02)) ++ blow++; ++ if (!(*bbits & 0x04)) ++ blow++; ++ if (!(*bbits & 0x08)) ++ blow++; ++ if (!(*bbits & 0x10)) ++ blow++; ++ if (!(*bbits & 0x20)) ++ blow++; ++ if (!(*bbits & 0x40)) ++ blow++; ++ } ++ bhigh = i * 8 + 7; ++ if (!(*bbits & 0x80)) ++ bhigh++; ++ if (!(*bbits & 0x40)) ++ bhigh++; ++ if (!(*bbits & 0x20)) ++ bhigh++; ++ if (!(*bbits & 0x10)) ++ bhigh++; ++ if (!(*bbits & 0x08)) ++ bhigh++; ++ if (!(*bbits & 0x04)) ++ bhigh++; ++ if (!(*bbits & 0x02)) ++ bhigh++; ++ } ++ } ++ if (ahigh + alow < bhigh + blow) ++ res = -1; ++ if (ahigh + alow > bhigh + blow) ++ res = 1; ++ if (alowp) ++ *alowp = alow; ++ if (ahighp) ++ *ahighp = ahigh; ++ if (blowp) ++ *blowp = blow; ++ if (bhighp) ++ *bhighp = bhigh; ++ return res; ++} + + int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +- { +- if (a == b) return 0; +- if (!a) return -1; +- if (!b) return 1; +- return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); +- } ++{ ++ if (a == b) ++ return 0; ++ if (!a) ++ return -1; ++ if (!b) ++ return 1; ++ return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0); ++} ++ + int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +- { +- unsigned int alow, ahigh, blow, bhigh; +- +- if (a == b) return 1; +- if (!a) return 0; +- if (!b) return 0; +- attr_info_compare_compute_range(a->set, b->set, +- &alow, &ahigh, &blow, &bhigh); +- if (alow >= blow && ahigh <= bhigh) +- return 1; +- return 0; +- } ++{ ++ unsigned int alow, ahigh, blow, bhigh; ++ ++ if (a == b) ++ return 1; ++ if (!a) ++ return 0; ++ if (!b) ++ return 0; ++ attr_info_compare_compute_range(a->set, b->set, ++ &alow, &ahigh, &blow, &bhigh); ++ if (alow >= blow && ahigh <= bhigh) ++ return 1; ++ return 0; ++} ++ + int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +- { +- unsigned char *abits, *bbits; +- int i; +- +- if (a == b) return 1; +- if (!a) return 0; +- if (!b) return 0; +- abits = a->set; +- bbits = b->set; +- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) +- { +- if (*abits && (*bbits & *abits) != *abits) +- return 0; +- } +- return 1; +- } ++{ ++ unsigned char *abits, *bbits; ++ int i; ++ ++ if (a == b) ++ return 1; ++ if (!a) ++ return 0; ++ if (!b) ++ return 0; ++ abits = a->set; ++ bbits = b->set; ++ for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) { ++ if (*abits && (*bbits & *abits) != *abits) ++ return 0; ++ } ++ return 1; ++} ++ + int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b) +- { +- STORE_ATTR_TYPES i; +- +- if (a == b) return 1; +- if (!STORE_ATTR_INFO_in(a, b)) return 0; +- for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) +- if (ATTR_IS_SET(a, i)) +- { +- switch(i) +- { +- case STORE_ATTR_FRIENDLYNAME: +- case STORE_ATTR_EMAIL: +- case STORE_ATTR_FILENAME: +- if (strcmp(a->values[i].cstring, +- b->values[i].cstring)) +- return 0; +- break; +- case STORE_ATTR_KEYID: +- case STORE_ATTR_ISSUERKEYID: +- case STORE_ATTR_SUBJECTKEYID: +- case STORE_ATTR_ISSUERSERIALHASH: +- case STORE_ATTR_CERTHASH: +- if (memcmp(a->values[i].sha1string, +- b->values[i].sha1string, +- a->value_sizes[i])) +- return 0; +- break; +- case STORE_ATTR_ISSUER: +- case STORE_ATTR_SUBJECT: +- if (X509_NAME_cmp(a->values[i].dn, +- b->values[i].dn)) +- return 0; +- break; +- case STORE_ATTR_SERIAL: +- if (BN_cmp(a->values[i].number, +- b->values[i].number)) +- return 0; +- break; +- default: +- break; +- } +- } +- +- return 1; +- } ++{ ++ STORE_ATTR_TYPES i; ++ ++ if (a == b) ++ return 1; ++ if (!STORE_ATTR_INFO_in(a, b)) ++ return 0; ++ for (i = 1; i < STORE_ATTR_TYPE_NUM; i++) ++ if (ATTR_IS_SET(a, i)) { ++ switch (i) { ++ case STORE_ATTR_FRIENDLYNAME: ++ case STORE_ATTR_EMAIL: ++ case STORE_ATTR_FILENAME: ++ if (strcmp(a->values[i].cstring, b->values[i].cstring)) ++ return 0; ++ break; ++ case STORE_ATTR_KEYID: ++ case STORE_ATTR_ISSUERKEYID: ++ case STORE_ATTR_SUBJECTKEYID: ++ case STORE_ATTR_ISSUERSERIALHASH: ++ case STORE_ATTR_CERTHASH: ++ if (memcmp(a->values[i].sha1string, ++ b->values[i].sha1string, a->value_sizes[i])) ++ return 0; ++ break; ++ case STORE_ATTR_ISSUER: ++ case STORE_ATTR_SUBJECT: ++ if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn)) ++ return 0; ++ break; ++ case STORE_ATTR_SERIAL: ++ if (BN_cmp(a->values[i].number, b->values[i].number)) ++ return 0; ++ break; ++ default: ++ break; ++ } ++ } ++ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c +index 527757a..99e5a21 100644 +--- a/Cryptlib/OpenSSL/crypto/store/str_mem.c ++++ b/Cryptlib/OpenSSL/crypto/store/str_mem.c +@@ -1,6 +1,7 @@ + /* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. + */ + /* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,298 +61,317 @@ + #include + #include "str_locl.h" + +-/* The memory store is currently highly experimental. It's meant to become +- a base store used by other stores for internal caching (for full caching +- support, aging needs to be added). +- +- The database use is meant to support as much attribute association as +- possible, while providing for as small search ranges as possible. +- This is currently provided for by sorting the entries by numbers that +- are composed of bits set at the positions indicated by attribute type +- codes. This provides for ranges determined by the highest attribute +- type code value. A better idea might be to sort by values computed +- from the range of attributes associated with the object (basically, +- the difference between the highest and lowest attribute type code) +- and it's distance from a base (basically, the lowest associated +- attribute type code). +-*/ +- +-struct mem_object_data_st +- { +- STORE_OBJECT *object; +- STORE_ATTR_INFO *attr_info; +- int references; +- }; +- +-struct mem_data_st +- { +- STACK *data; /* A stack of mem_object_data_st, +- sorted with STORE_ATTR_INFO_compare(). */ +- unsigned int compute_components : 1; /* Currently unused, but can +- be used to add attributes +- from parts of the data. */ +- }; +- +-struct mem_ctx_st +- { +- int type; /* The type we're searching for */ +- STACK *search_attributes; /* Sets of attributes to search for. +- Each element is a STORE_ATTR_INFO. */ +- int search_index; /* which of the search attributes we found a match +- for, -1 when we still haven't found any */ +- int index; /* -1 as long as we're searching for the first */ +- }; ++/* ++ * The memory store is currently highly experimental. It's meant to become a ++ * base store used by other stores for internal caching (for full caching ++ * support, aging needs to be added). ++ * ++ * The database use is meant to support as much attribute association as ++ * possible, while providing for as small search ranges as possible. This is ++ * currently provided for by sorting the entries by numbers that are composed ++ * of bits set at the positions indicated by attribute type codes. This ++ * provides for ranges determined by the highest attribute type code value. ++ * A better idea might be to sort by values computed from the range of ++ * attributes associated with the object (basically, the difference between ++ * the highest and lowest attribute type code) and it's distance from a base ++ * (basically, the lowest associated attribute type code). ++ */ ++ ++struct mem_object_data_st { ++ STORE_OBJECT *object; ++ STORE_ATTR_INFO *attr_info; ++ int references; ++}; ++ ++struct mem_data_st { ++ /* ++ * A stack of mem_object_data_st, ++ * sorted with STORE_ATTR_INFO_compare(). ++ */ ++ STACK *data; ++ /* ++ * Currently unused, but can be used to add attributes from parts of the ++ * data. ++ */ ++ unsigned int compute_components:1; ++}; ++ ++struct mem_ctx_st { ++ /* The type we're searching for */ ++ int type; ++ /* ++ * Sets of attributes to search for. ++ * Each element is a STORE_ATTR_INFO. ++ */ ++ STACK *search_attributes; ++ /* ++ * which of the search attributes we found a match ++ * for, -1 when we still haven't found any ++ */ ++ int search_index; ++ /* -1 as long as we're searching for the first */ ++ int index; ++}; + + static int mem_init(STORE *s); + static void mem_clean(STORE *s); + static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); + static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); +-static int mem_store(STORE *s, STORE_OBJECT_TYPES type, +- STORE_OBJECT *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); ++static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data, ++ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); + static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM search_attributes[], ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]); + static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); + static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]); + static STORE_OBJECT *mem_list_next(STORE *s, void *handle); + static int mem_list_end(STORE *s, void *handle); + static int mem_list_endp(STORE *s, void *handle); + static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); ++ OPENSSL_ITEM parameters[]); + static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]); +-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)); +- +-static STORE_METHOD store_memory = +- { +- "OpenSSL memory store interface", +- mem_init, +- mem_clean, +- mem_generate, +- mem_get, +- mem_store, +- mem_modify, +- NULL, /* revoke */ +- mem_delete, +- mem_list_start, +- mem_list_next, +- mem_list_end, +- mem_list_endp, +- NULL, /* update */ +- mem_lock, +- mem_unlock, +- mem_ctrl +- }; ++ OPENSSL_ITEM parameters[]); ++static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void)); ++ ++static STORE_METHOD store_memory = { ++ "OpenSSL memory store interface", ++ mem_init, ++ mem_clean, ++ mem_generate, ++ mem_get, ++ mem_store, ++ mem_modify, ++ NULL, /* revoke */ ++ mem_delete, ++ mem_list_start, ++ mem_list_next, ++ mem_list_end, ++ mem_list_endp, ++ NULL, /* update */ ++ mem_lock, ++ mem_unlock, ++ mem_ctrl ++}; + + const STORE_METHOD *STORE_Memory(void) +- { +- return &store_memory; +- } ++{ ++ return &store_memory; ++} + + static int mem_init(STORE *s) +- { +- return 1; +- } ++{ ++ return 1; ++} + + static void mem_clean(STORE *s) +- { +- return; +- } ++{ ++ return; ++} + + static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) +- { +- STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); +- return 0; +- } ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED); ++ return 0; ++} ++ + static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) +- { +- void *context = mem_list_start(s, type, attributes, parameters); +- +- if (context) +- { +- STORE_OBJECT *object = mem_list_next(s, context); +- +- if (mem_list_end(s, context)) +- return object; +- } +- return NULL; +- } ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ void *context = mem_list_start(s, type, attributes, parameters); ++ ++ if (context) { ++ STORE_OBJECT *object = mem_list_next(s, context); ++ ++ if (mem_list_end(s, context)) ++ return object; ++ } ++ return NULL; ++} ++ + static int mem_store(STORE *s, STORE_OBJECT_TYPES type, +- STORE_OBJECT *data, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); +- return 0; +- } ++ STORE_OBJECT *data, OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED); ++ return 0; ++} ++ + static int mem_modify(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], +- OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], +- OPENSSL_ITEM parameters[]) +- { +- STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED); +- return 0; +- } ++ OPENSSL_ITEM search_attributes[], ++ OPENSSL_ITEM add_attributes[], ++ OPENSSL_ITEM modify_attributes[], ++ OPENSSL_ITEM delete_attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED); ++ return 0; ++} ++ + static int mem_delete(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) +- { +- STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); +- return 0; +- } +- +-/* The list functions may be the hardest to understand. Basically, +- mem_list_start compiles a stack of attribute info elements, and +- puts that stack into the context to be returned. mem_list_next +- will then find the first matching element in the store, and then +- walk all the way to the end of the store (since any combination +- of attribute bits above the starting point may match the searched +- for bit pattern...). */ ++ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) ++{ ++ STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED); ++ return 0; ++} ++ ++/* ++ * The list functions may be the hardest to understand. Basically, ++ * mem_list_start compiles a stack of attribute info elements, and puts that ++ * stack into the context to be returned. mem_list_next will then find the ++ * first matching element in the store, and then walk all the way to the end ++ * of the store (since any combination of attribute bits above the starting ++ * point may match the searched for bit pattern...). ++ */ + static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, +- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) +- { +- struct mem_ctx_st *context = +- (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); +- void *attribute_context = NULL; +- STORE_ATTR_INFO *attrs = NULL; +- +- if (!context) +- { +- STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- memset(context, 0, sizeof(struct mem_ctx_st)); +- +- attribute_context = STORE_parse_attrs_start(attributes); +- if (!attribute_context) +- { +- STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); +- goto err; +- } +- +- while((attrs = STORE_parse_attrs_next(attribute_context))) +- { +- if (context->search_attributes == NULL) +- { +- context->search_attributes = +- sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare); +- if (!context->search_attributes) +- { +- STOREerr(STORE_F_MEM_LIST_START, +- ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- sk_push(context->search_attributes,(char *)attrs); +- } +- if (!STORE_parse_attrs_endp(attribute_context)) +- goto err; +- STORE_parse_attrs_end(attribute_context); +- context->search_index = -1; +- context->index = -1; +- return context; ++ OPENSSL_ITEM attributes[], ++ OPENSSL_ITEM parameters[]) ++{ ++ struct mem_ctx_st *context = ++ (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st)); ++ void *attribute_context = NULL; ++ STORE_ATTR_INFO *attrs = NULL; ++ ++ if (!context) { ++ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ memset(context, 0, sizeof(struct mem_ctx_st)); ++ ++ attribute_context = STORE_parse_attrs_start(attributes); ++ if (!attribute_context) { ++ STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB); ++ goto err; ++ } ++ ++ while ((attrs = STORE_parse_attrs_next(attribute_context))) { ++ if (context->search_attributes == NULL) { ++ context->search_attributes = ++ sk_new((int (*)(const char *const *, const char *const *)) ++ STORE_ATTR_INFO_compare); ++ if (!context->search_attributes) { ++ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ sk_push(context->search_attributes, (char *)attrs); ++ } ++ if (!STORE_parse_attrs_endp(attribute_context)) ++ goto err; ++ STORE_parse_attrs_end(attribute_context); ++ context->search_index = -1; ++ context->index = -1; ++ return context; + err: +- if (attribute_context) STORE_parse_attrs_end(attribute_context); +- mem_list_end(s, context); +- return NULL; +- } ++ if (attribute_context) ++ STORE_parse_attrs_end(attribute_context); ++ mem_list_end(s, context); ++ return NULL; ++} ++ + static STORE_OBJECT *mem_list_next(STORE *s, void *handle) +- { +- int i; +- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; +- struct mem_object_data_st key = { 0, 0, 1 }; +- struct mem_data_st *store = +- (struct mem_data_st *)STORE_get_ex_data(s, 1); +- int srch; +- int cres = 0; +- +- if (!context) +- { +- STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); +- return NULL; +- } +- if (!store) +- { +- STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); +- return NULL; +- } +- +- if (context->search_index == -1) +- { +- for (i = 0; i < sk_num(context->search_attributes); i++) +- { +- key.attr_info = +- (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); +- srch = sk_find_ex(store->data, (char *)&key); +- +- if (srch >= 0) +- { +- context->search_index = srch; +- break; +- } +- } +- } +- if (context->search_index < 0) +- return NULL; +- +- key.attr_info = +- (STORE_ATTR_INFO *)sk_value(context->search_attributes, +- context->search_index); +- for(srch = context->search_index; +- srch < sk_num(store->data) +- && STORE_ATTR_INFO_in_range(key.attr_info, +- (STORE_ATTR_INFO *)sk_value(store->data, srch)) +- && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info, +- (STORE_ATTR_INFO *)sk_value(store->data, srch))); +- srch++) +- ; +- +- context->search_index = srch; +- if (cres) +- return ((struct mem_object_data_st *)sk_value(store->data, +- srch))->object; +- return NULL; +- } ++{ ++ int i; ++ struct mem_ctx_st *context = (struct mem_ctx_st *)handle; ++ struct mem_object_data_st key = { 0, 0, 1 }; ++ struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1); ++ int srch; ++ int cres = 0; ++ ++ if (!context) { ++ STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ if (!store) { ++ STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE); ++ return NULL; ++ } ++ ++ if (context->search_index == -1) { ++ for (i = 0; i < sk_num(context->search_attributes); i++) { ++ key.attr_info = ++ (STORE_ATTR_INFO *)sk_value(context->search_attributes, i); ++ srch = sk_find_ex(store->data, (char *)&key); ++ ++ if (srch >= 0) { ++ context->search_index = srch; ++ break; ++ } ++ } ++ } ++ if (context->search_index < 0) ++ return NULL; ++ ++ key.attr_info = ++ (STORE_ATTR_INFO *)sk_value(context->search_attributes, ++ context->search_index); ++ for (srch = context->search_index; srch < sk_num(store->data) ++ && STORE_ATTR_INFO_in_range(key.attr_info, ++ (STORE_ATTR_INFO *)sk_value(store->data, ++ srch)) ++ && !(cres = ++ STORE_ATTR_INFO_in_ex(key.attr_info, ++ (STORE_ATTR_INFO *)sk_value(store->data, ++ srch))); ++ srch++) ; ++ ++ context->search_index = srch; ++ if (cres) ++ return ((struct mem_object_data_st *)sk_value(store->data, ++ srch))->object; ++ return NULL; ++} ++ + static int mem_list_end(STORE *s, void *handle) +- { +- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; +- +- if (!context) +- { +- STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if (context && context->search_attributes) +- sk_free(context->search_attributes); +- if (context) OPENSSL_free(context); +- return 1; +- } ++{ ++ struct mem_ctx_st *context = (struct mem_ctx_st *)handle; ++ ++ if (!context) { ++ STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++ if (context && context->search_attributes) ++ sk_free(context->search_attributes); ++ if (context) ++ OPENSSL_free(context); ++ return 1; ++} ++ + static int mem_list_endp(STORE *s, void *handle) +- { +- struct mem_ctx_st *context = (struct mem_ctx_st *)handle; +- +- if (!context +- || context->search_index == sk_num(context->search_attributes)) +- return 1; +- return 0; +- } ++{ ++ struct mem_ctx_st *context = (struct mem_ctx_st *)handle; ++ ++ if (!context ++ || context->search_index == sk_num(context->search_attributes)) ++ return 1; ++ return 0; ++} ++ + static int mem_lock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ return 1; ++} ++ + static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[], +- OPENSSL_ITEM parameters[]) +- { +- return 1; +- } +-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void)) +- { +- return 1; +- } ++ OPENSSL_ITEM parameters[]) ++{ ++ return 1; ++} ++ ++static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void)) ++{ ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c +index a46de03..d83a6de 100644 +--- a/Cryptlib/OpenSSL/crypto/store/str_meth.c ++++ b/Cryptlib/OpenSSL/crypto/store/str_meth.c +@@ -1,6 +1,7 @@ + /* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2003. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. + */ + /* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,190 +62,219 @@ + #include "str_locl.h" + + STORE_METHOD *STORE_create_method(char *name) +- { +- STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); +- +- if (store_method) +- { +- memset(store_method, 0, sizeof(*store_method)); +- store_method->name = BUF_strdup(name); +- } +- return store_method; +- } +- +-/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method +- (that is, it hasn't been allocated using STORE_create_method(), you deserve +- anything Murphy can throw at you and more! You have been warned. */ ++{ ++ STORE_METHOD *store_method = ++ (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD)); ++ ++ if (store_method) { ++ memset(store_method, 0, sizeof(*store_method)); ++ store_method->name = BUF_strdup(name); ++ } ++ return store_method; ++} ++ ++/* ++ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method ++ * (that is, it hasn't been allocated using STORE_create_method(), you ++ * deserve anything Murphy can throw at you and more! You have been warned. ++ */ + void STORE_destroy_method(STORE_METHOD *store_method) +- { +- if (!store_method) return; +- OPENSSL_free(store_method->name); +- store_method->name = NULL; +- OPENSSL_free(store_method); +- } +- +-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f) +- { +- sm->init = init_f; +- return 1; +- } +- +-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f) +- { +- sm->clean = clean_f; +- return 1; +- } +- +-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f) +- { +- sm->generate_object = generate_f; +- return 1; +- } +- +-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f) +- { +- sm->get_object = get_f; +- return 1; +- } +- +-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f) +- { +- sm->store_object = store_f; +- return 1; +- } +- +-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f) +- { +- sm->modify_object = modify_f; +- return 1; +- } +- +-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) +- { +- sm->revoke_object = revoke_f; +- return 1; +- } +- +-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f) +- { +- sm->delete_object = delete_f; +- return 1; +- } +- +-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f) +- { +- sm->list_object_start = list_start_f; +- return 1; +- } +- +-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f) +- { +- sm->list_object_next = list_next_f; +- return 1; +- } +- +-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f) +- { +- sm->list_object_end = list_end_f; +- return 1; +- } +- +-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f) +- { +- sm->update_store = update_f; +- return 1; +- } +- +-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f) +- { +- sm->lock_store = lock_f; +- return 1; +- } +- +-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f) +- { +- sm->unlock_store = unlock_f; +- return 1; +- } +- +-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f) +- { +- sm->ctrl = ctrl_f; +- return 1; +- } +- +-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm) +- { +- return sm->init; +- } ++{ ++ if (!store_method) ++ return; ++ OPENSSL_free(store_method->name); ++ store_method->name = NULL; ++ OPENSSL_free(store_method); ++} ++ ++int STORE_method_set_initialise_function(STORE_METHOD *sm, ++ STORE_INITIALISE_FUNC_PTR init_f) ++{ ++ sm->init = init_f; ++ return 1; ++} ++ ++int STORE_method_set_cleanup_function(STORE_METHOD *sm, ++ STORE_CLEANUP_FUNC_PTR clean_f) ++{ ++ sm->clean = clean_f; ++ return 1; ++} ++ ++int STORE_method_set_generate_function(STORE_METHOD *sm, ++ STORE_GENERATE_OBJECT_FUNC_PTR ++ generate_f) ++{ ++ sm->generate_object = generate_f; ++ return 1; ++} ++ ++int STORE_method_set_get_function(STORE_METHOD *sm, ++ STORE_GET_OBJECT_FUNC_PTR get_f) ++{ ++ sm->get_object = get_f; ++ return 1; ++} ++ ++int STORE_method_set_store_function(STORE_METHOD *sm, ++ STORE_STORE_OBJECT_FUNC_PTR store_f) ++{ ++ sm->store_object = store_f; ++ return 1; ++} ++ ++int STORE_method_set_modify_function(STORE_METHOD *sm, ++ STORE_MODIFY_OBJECT_FUNC_PTR modify_f) ++{ ++ sm->modify_object = modify_f; ++ return 1; ++} ++ ++int STORE_method_set_revoke_function(STORE_METHOD *sm, ++ STORE_HANDLE_OBJECT_FUNC_PTR revoke_f) ++{ ++ sm->revoke_object = revoke_f; ++ return 1; ++} ++ ++int STORE_method_set_delete_function(STORE_METHOD *sm, ++ STORE_HANDLE_OBJECT_FUNC_PTR delete_f) ++{ ++ sm->delete_object = delete_f; ++ return 1; ++} ++ ++int STORE_method_set_list_start_function(STORE_METHOD *sm, ++ STORE_START_OBJECT_FUNC_PTR ++ list_start_f) ++{ ++ sm->list_object_start = list_start_f; ++ return 1; ++} ++ ++int STORE_method_set_list_next_function(STORE_METHOD *sm, ++ STORE_NEXT_OBJECT_FUNC_PTR ++ list_next_f) ++{ ++ sm->list_object_next = list_next_f; ++ return 1; ++} ++ ++int STORE_method_set_list_end_function(STORE_METHOD *sm, ++ STORE_END_OBJECT_FUNC_PTR list_end_f) ++{ ++ sm->list_object_end = list_end_f; ++ return 1; ++} ++ ++int STORE_method_set_update_store_function(STORE_METHOD *sm, ++ STORE_GENERIC_FUNC_PTR update_f) ++{ ++ sm->update_store = update_f; ++ return 1; ++} ++ ++int STORE_method_set_lock_store_function(STORE_METHOD *sm, ++ STORE_GENERIC_FUNC_PTR lock_f) ++{ ++ sm->lock_store = lock_f; ++ return 1; ++} ++ ++int STORE_method_set_unlock_store_function(STORE_METHOD *sm, ++ STORE_GENERIC_FUNC_PTR unlock_f) ++{ ++ sm->unlock_store = unlock_f; ++ return 1; ++} ++ ++int STORE_method_set_ctrl_function(STORE_METHOD *sm, ++ STORE_CTRL_FUNC_PTR ctrl_f) ++{ ++ sm->ctrl = ctrl_f; ++ return 1; ++} ++ ++STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD ++ *sm) ++{ ++ return sm->init; ++} + + STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm) +- { +- return sm->clean; +- } ++{ ++ return sm->clean; ++} + +-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm) +- { +- return sm->generate_object; +- } ++STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD ++ *sm) ++{ ++ return sm->generate_object; ++} + + STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm) +- { +- return sm->get_object; +- } ++{ ++ return sm->get_object; ++} + + STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm) +- { +- return sm->store_object; +- } +- +-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm) +- { +- return sm->modify_object; +- } +- +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm) +- { +- return sm->revoke_object; +- } +- +-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm) +- { +- return sm->delete_object; +- } +- +-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm) +- { +- return sm->list_object_start; +- } +- +-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm) +- { +- return sm->list_object_next; +- } ++{ ++ return sm->store_object; ++} ++ ++STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD ++ *sm) ++{ ++ return sm->modify_object; ++} ++ ++STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD ++ *sm) ++{ ++ return sm->revoke_object; ++} ++ ++STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD ++ *sm) ++{ ++ return sm->delete_object; ++} ++ ++STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD ++ *sm) ++{ ++ return sm->list_object_start; ++} ++ ++STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD ++ *sm) ++{ ++ return sm->list_object_next; ++} + + STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm) +- { +- return sm->list_object_end; +- } ++{ ++ return sm->list_object_end; ++} + +-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm) +- { +- return sm->update_store; +- } ++STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD ++ *sm) ++{ ++ return sm->update_store; ++} + + STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm) +- { +- return sm->lock_store; +- } ++{ ++ return sm->lock_store; ++} + +-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm) +- { +- return sm->unlock_store; +- } ++STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD ++ *sm) ++{ ++ return sm->unlock_store; ++} + + STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm) +- { +- return sm->ctrl; +- } +- ++{ ++ return sm->ctrl; ++} +diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +index 3ed5f72..a81eaae 100644 +--- a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c ++++ b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,323 +64,318 @@ + #include + + #undef BUFSIZE +-#define BUFSIZE 512 ++#define BUFSIZE 512 + +-const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT; ++const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT; + + TXT_DB *TXT_DB_read(BIO *in, int num) +- { +- TXT_DB *ret=NULL; +- int er=1; +- int esc=0; +- long ln=0; +- int i,add,n; +- int size=BUFSIZE; +- int offset=0; +- char *p,**pp,*f; +- BUF_MEM *buf=NULL; ++{ ++ TXT_DB *ret = NULL; ++ int er = 1; ++ int esc = 0; ++ long ln = 0; ++ int i, add, n; ++ int size = BUFSIZE; ++ int offset = 0; ++ char *p, **pp, *f; ++ BUF_MEM *buf = NULL; + +- if ((buf=BUF_MEM_new()) == NULL) goto err; +- if (!BUF_MEM_grow(buf,size)) goto err; ++ if ((buf = BUF_MEM_new()) == NULL) ++ goto err; ++ if (!BUF_MEM_grow(buf, size)) ++ goto err; + +- if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) +- goto err; +- ret->num_fields=num; +- ret->index=NULL; +- ret->qual=NULL; +- if ((ret->data=sk_new_null()) == NULL) +- goto err; +- if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) +- goto err; +- if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL) +- goto err; +- for (i=0; iindex[i]=NULL; +- ret->qual[i]=NULL; +- } ++ if ((ret = (TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) ++ goto err; ++ ret->num_fields = num; ++ ret->index = NULL; ++ ret->qual = NULL; ++ if ((ret->data = sk_new_null()) == NULL) ++ goto err; ++ if ((ret->index = ++ (LHASH **)OPENSSL_malloc(sizeof(LHASH *) * num)) == NULL) ++ goto err; ++ if ((ret->qual = ++ (int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **)) * ++ num)) == NULL) ++ goto err; ++ for (i = 0; i < num; i++) { ++ ret->index[i] = NULL; ++ ret->qual[i] = NULL; ++ } + +- add=(num+1)*sizeof(char *); +- buf->data[size-1]='\0'; +- offset=0; +- for (;;) +- { +- if (offset != 0) +- { +- size+=BUFSIZE; +- if (!BUF_MEM_grow_clean(buf,size)) goto err; +- } +- buf->data[offset]='\0'; +- BIO_gets(in,&(buf->data[offset]),size-offset); +- ln++; +- if (buf->data[offset] == '\0') break; +- if ((offset == 0) && (buf->data[0] == '#')) continue; +- i=strlen(&(buf->data[offset])); +- offset+=i; +- if (buf->data[offset-1] != '\n') +- continue; +- else +- { +- buf->data[offset-1]='\0'; /* blat the '\n' */ +- if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; +- offset=0; +- } +- pp=(char **)p; +- p+=add; +- n=0; +- pp[n++]=p; +- i=0; +- f=buf->data; ++ add = (num + 1) * sizeof(char *); ++ buf->data[size - 1] = '\0'; ++ offset = 0; ++ for (;;) { ++ if (offset != 0) { ++ size += BUFSIZE; ++ if (!BUF_MEM_grow_clean(buf, size)) ++ goto err; ++ } ++ buf->data[offset] = '\0'; ++ BIO_gets(in, &(buf->data[offset]), size - offset); ++ ln++; ++ if (buf->data[offset] == '\0') ++ break; ++ if ((offset == 0) && (buf->data[0] == '#')) ++ continue; ++ i = strlen(&(buf->data[offset])); ++ offset += i; ++ if (buf->data[offset - 1] != '\n') ++ continue; ++ else { ++ buf->data[offset - 1] = '\0'; /* blat the '\n' */ ++ if (!(p = (char *)OPENSSL_malloc(add + offset))) ++ goto err; ++ offset = 0; ++ } ++ pp = (char **)p; ++ p += add; ++ n = 0; ++ pp[n++] = p; ++ i = 0; ++ f = buf->data; + +- esc=0; +- for (;;) +- { +- if (*f == '\0') break; +- if (*f == '\t') +- { +- if (esc) +- p--; +- else +- { +- *(p++)='\0'; +- f++; +- if (n >= num) break; +- pp[n++]=p; +- continue; +- } +- } +- esc=(*f == '\\'); +- *(p++)= *(f++); +- } +- *(p++)='\0'; +- if ((n != num) || (*f != '\0')) +- { +-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ +- fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); ++ esc = 0; ++ for (;;) { ++ if (*f == '\0') ++ break; ++ if (*f == '\t') { ++ if (esc) ++ p--; ++ else { ++ *(p++) = '\0'; ++ f++; ++ if (n >= num) ++ break; ++ pp[n++] = p; ++ continue; ++ } ++ } ++ esc = (*f == '\\'); ++ *(p++) = *(f++); ++ } ++ *(p++) = '\0'; ++ if ((n != num) || (*f != '\0')) { ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty ++ * fix :-( */ ++ fprintf(stderr, ++ "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", ++ ln, num, n, f); + #endif +- er=2; +- goto err; +- } +- pp[n]=p; +- if (!sk_push(ret->data,(char *)pp)) +- { +-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ +- fprintf(stderr,"failure in sk_push\n"); ++ er = 2; ++ goto err; ++ } ++ pp[n] = p; ++ if (!sk_push(ret->data, (char *)pp)) { ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty ++ * fix :-( */ ++ fprintf(stderr, "failure in sk_push\n"); + #endif +- er=2; +- goto err; +- } +- } +- er=0; +-err: +- BUF_MEM_free(buf); +- if (er) +- { ++ er = 2; ++ goto err; ++ } ++ } ++ er = 0; ++ err: ++ BUF_MEM_free(buf); ++ if (er) { + #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +- if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); ++ if (er == 1) ++ fprintf(stderr, "OPENSSL_malloc failure\n"); + #endif +- if (ret != NULL) +- { +- if (ret->data != NULL) sk_free(ret->data); +- if (ret->index != NULL) OPENSSL_free(ret->index); +- if (ret->qual != NULL) OPENSSL_free(ret->qual); +- if (ret != NULL) OPENSSL_free(ret); +- } +- return(NULL); +- } +- else +- return(ret); +- } ++ if (ret != NULL) { ++ if (ret->data != NULL) ++ sk_free(ret->data); ++ if (ret->index != NULL) ++ OPENSSL_free(ret->index); ++ if (ret->qual != NULL) ++ OPENSSL_free(ret->qual); ++ if (ret != NULL) ++ OPENSSL_free(ret); ++ } ++ return (NULL); ++ } else ++ return (ret); ++} + + char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) +- { +- char **ret; +- LHASH *lh; ++{ ++ char **ret; ++ LHASH *lh; + +- if (idx >= db->num_fields) +- { +- db->error=DB_ERROR_INDEX_OUT_OF_RANGE; +- return(NULL); +- } +- lh=db->index[idx]; +- if (lh == NULL) +- { +- db->error=DB_ERROR_NO_INDEX; +- return(NULL); +- } +- ret=(char **)lh_retrieve(lh,value); +- db->error=DB_ERROR_OK; +- return(ret); +- } ++ if (idx >= db->num_fields) { ++ db->error = DB_ERROR_INDEX_OUT_OF_RANGE; ++ return (NULL); ++ } ++ lh = db->index[idx]; ++ if (lh == NULL) { ++ db->error = DB_ERROR_NO_INDEX; ++ return (NULL); ++ } ++ ret = (char **)lh_retrieve(lh, value); ++ db->error = DB_ERROR_OK; ++ return (ret); ++} + +-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **), +- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) +- { +- LHASH *idx; +- char **r; +- int i,n; ++int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **), ++ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) ++{ ++ LHASH *idx; ++ char **r; ++ int i, n; + +- if (field >= db->num_fields) +- { +- db->error=DB_ERROR_INDEX_OUT_OF_RANGE; +- return(0); +- } +- if ((idx=lh_new(hash,cmp)) == NULL) +- { +- db->error=DB_ERROR_MALLOC; +- return(0); +- } +- n=sk_num(db->data); +- for (i=0; idata,i); +- if ((qual != NULL) && (qual(r) == 0)) continue; +- if ((r=lh_insert(idx,r)) != NULL) +- { +- db->error=DB_ERROR_INDEX_CLASH; +- db->arg1=sk_find(db->data,(char *)r); +- db->arg2=i; +- lh_free(idx); +- return(0); +- } +- } +- if (db->index[field] != NULL) lh_free(db->index[field]); +- db->index[field]=idx; +- db->qual[field]=qual; +- return(1); +- } ++ if (field >= db->num_fields) { ++ db->error = DB_ERROR_INDEX_OUT_OF_RANGE; ++ return (0); ++ } ++ if ((idx = lh_new(hash, cmp)) == NULL) { ++ db->error = DB_ERROR_MALLOC; ++ return (0); ++ } ++ n = sk_num(db->data); ++ for (i = 0; i < n; i++) { ++ r = (char **)sk_value(db->data, i); ++ if ((qual != NULL) && (qual(r) == 0)) ++ continue; ++ if ((r = lh_insert(idx, r)) != NULL) { ++ db->error = DB_ERROR_INDEX_CLASH; ++ db->arg1 = sk_find(db->data, (char *)r); ++ db->arg2 = i; ++ lh_free(idx); ++ return (0); ++ } ++ } ++ if (db->index[field] != NULL) ++ lh_free(db->index[field]); ++ db->index[field] = idx; ++ db->qual[field] = qual; ++ return (1); ++} + + long TXT_DB_write(BIO *out, TXT_DB *db) +- { +- long i,j,n,nn,l,tot=0; +- char *p,**pp,*f; +- BUF_MEM *buf=NULL; +- long ret= -1; ++{ ++ long i, j, n, nn, l, tot = 0; ++ char *p, **pp, *f; ++ BUF_MEM *buf = NULL; ++ long ret = -1; + +- if ((buf=BUF_MEM_new()) == NULL) +- goto err; +- n=sk_num(db->data); +- nn=db->num_fields; +- for (i=0; idata,i); ++ if ((buf = BUF_MEM_new()) == NULL) ++ goto err; ++ n = sk_num(db->data); ++ nn = db->num_fields; ++ for (i = 0; i < n; i++) { ++ pp = (char **)sk_value(db->data, i); + +- l=0; +- for (j=0; jdata; +- for (j=0; jdata; +- if (BIO_write(out,buf->data,(int)j) != j) +- goto err; +- tot+=j; +- } +- ret=tot; +-err: +- if (buf != NULL) BUF_MEM_free(buf); +- return(ret); +- } ++ p = buf->data; ++ for (j = 0; j < nn; j++) { ++ f = pp[j]; ++ if (f != NULL) ++ for (;;) { ++ if (*f == '\0') ++ break; ++ if (*f == '\t') ++ *(p++) = '\\'; ++ *(p++) = *(f++); ++ } ++ *(p++) = '\t'; ++ } ++ p[-1] = '\n'; ++ j = p - buf->data; ++ if (BIO_write(out, buf->data, (int)j) != j) ++ goto err; ++ tot += j; ++ } ++ ret = tot; ++ err: ++ if (buf != NULL) ++ BUF_MEM_free(buf); ++ return (ret); ++} + + int TXT_DB_insert(TXT_DB *db, char **row) +- { +- int i; +- char **r; ++{ ++ int i; ++ char **r; + +- for (i=0; inum_fields; i++) +- { +- if (db->index[i] != NULL) +- { +- if ((db->qual[i] != NULL) && +- (db->qual[i](row) == 0)) continue; +- r=(char **)lh_retrieve(db->index[i],row); +- if (r != NULL) +- { +- db->error=DB_ERROR_INDEX_CLASH; +- db->arg1=i; +- db->arg_row=r; +- goto err; +- } +- } +- } +- /* We have passed the index checks, now just append and insert */ +- if (!sk_push(db->data,(char *)row)) +- { +- db->error=DB_ERROR_MALLOC; +- goto err; +- } ++ for (i = 0; i < db->num_fields; i++) { ++ if (db->index[i] != NULL) { ++ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) ++ continue; ++ r = (char **)lh_retrieve(db->index[i], row); ++ if (r != NULL) { ++ db->error = DB_ERROR_INDEX_CLASH; ++ db->arg1 = i; ++ db->arg_row = r; ++ goto err; ++ } ++ } ++ } ++ /* We have passed the index checks, now just append and insert */ ++ if (!sk_push(db->data, (char *)row)) { ++ db->error = DB_ERROR_MALLOC; ++ goto err; ++ } + +- for (i=0; inum_fields; i++) +- { +- if (db->index[i] != NULL) +- { +- if ((db->qual[i] != NULL) && +- (db->qual[i](row) == 0)) continue; +- lh_insert(db->index[i],row); +- } +- } +- return(1); +-err: +- return(0); +- } ++ for (i = 0; i < db->num_fields; i++) { ++ if (db->index[i] != NULL) { ++ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) ++ continue; ++ lh_insert(db->index[i], row); ++ } ++ } ++ return (1); ++ err: ++ return (0); ++} + + void TXT_DB_free(TXT_DB *db) +- { +- int i,n; +- char **p,*max; ++{ ++ int i, n; ++ char **p, *max; + +- if(db == NULL) +- return; ++ if (db == NULL) ++ return; + +- if (db->index != NULL) +- { +- for (i=db->num_fields-1; i>=0; i--) +- if (db->index[i] != NULL) lh_free(db->index[i]); +- OPENSSL_free(db->index); +- } +- if (db->qual != NULL) +- OPENSSL_free(db->qual); +- if (db->data != NULL) +- { +- for (i=sk_num(db->data)-1; i>=0; i--) +- { +- /* check if any 'fields' have been allocated +- * from outside of the initial block */ +- p=(char **)sk_value(db->data,i); +- max=p[db->num_fields]; /* last address */ +- if (max == NULL) /* new row */ +- { +- for (n=0; nnum_fields; n++) +- if (p[n] != NULL) OPENSSL_free(p[n]); +- } +- else +- { +- for (n=0; nnum_fields; n++) +- { +- if (((p[n] < (char *)p) || (p[n] > max)) +- && (p[n] != NULL)) +- OPENSSL_free(p[n]); +- } +- } +- OPENSSL_free(sk_value(db->data,i)); +- } +- sk_free(db->data); +- } +- OPENSSL_free(db); +- } ++ if (db->index != NULL) { ++ for (i = db->num_fields - 1; i >= 0; i--) ++ if (db->index[i] != NULL) ++ lh_free(db->index[i]); ++ OPENSSL_free(db->index); ++ } ++ if (db->qual != NULL) ++ OPENSSL_free(db->qual); ++ if (db->data != NULL) { ++ for (i = sk_num(db->data) - 1; i >= 0; i--) { ++ /* ++ * check if any 'fields' have been allocated from outside of the ++ * initial block ++ */ ++ p = (char **)sk_value(db->data, i); ++ max = p[db->num_fields]; /* last address */ ++ if (max == NULL) { /* new row */ ++ for (n = 0; n < db->num_fields; n++) ++ if (p[n] != NULL) ++ OPENSSL_free(p[n]); ++ } else { ++ for (n = 0; n < db->num_fields; n++) { ++ if (((p[n] < (char *)p) || (p[n] > max)) ++ && (p[n] != NULL)) ++ OPENSSL_free(p[n]); ++ } ++ } ++ OPENSSL_free(sk_value(db->data, i)); ++ } ++ sk_free(db->data); ++ } ++ OPENSSL_free(db); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c +index 13e0f70..0ca5284 100644 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,12 +56,14 @@ + #include + #include + +-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify) +- { +- return UI_UTIL_read_pw_string(buf, length, prompt, verify); +- } ++int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, ++ int verify) ++{ ++ return UI_UTIL_read_pw_string(buf, length, prompt, verify); ++} + +-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) +- { +- return UI_UTIL_read_pw(buf, buff, size, prompt, verify); +- } ++int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify) ++{ ++ return UI_UTIL_read_pw(buf, buff, size, prompt, verify); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c +index 786bd0d..ffeb003 100644 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_err.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,48 +66,46 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) + +-static ERR_STRING_DATA UI_str_functs[]= +- { +-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, +-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, +-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, +-{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, +-{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, +-{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, +-{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, +-{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, +-{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, +-{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, +-{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, +-{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA UI_str_functs[] = { ++ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"}, ++ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"}, ++ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"}, ++ {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"}, ++ {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"}, ++ {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"}, ++ {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"}, ++ {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"}, ++ {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"}, ++ {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"}, ++ {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"}, ++ {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA UI_str_reasons[]= +- { +-{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"}, +-{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"}, +-{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"}, +-{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"}, +-{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"}, +-{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"}, +-{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA UI_str_reasons[] = { ++ {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), ++ "common ok and cancel characters"}, ++ {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"}, ++ {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"}, ++ {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"}, ++ {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"}, ++ {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"}, ++ {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_UI_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(UI_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,UI_str_functs); +- ERR_load_strings(0,UI_str_reasons); +- } ++ if (ERR_func_error_string(UI_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, UI_str_functs); ++ ERR_load_strings(0, UI_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +index 67013f8..84d65cb 100644 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +@@ -1,6 +1,7 @@ + /* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,840 +67,781 @@ + + IMPLEMENT_STACK_OF(UI_STRING_ST) + +-static const UI_METHOD *default_UI_meth=NULL; ++static const UI_METHOD *default_UI_meth = NULL; + + UI *UI_new(void) +- { +- return(UI_new_method(NULL)); +- } ++{ ++ return (UI_new_method(NULL)); ++} + + UI *UI_new_method(const UI_METHOD *method) +- { +- UI *ret; +- +- ret=(UI *)OPENSSL_malloc(sizeof(UI)); +- if (ret == NULL) +- { +- UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- if (method == NULL) +- ret->meth=UI_get_default_method(); +- else +- ret->meth=method; +- +- ret->strings=NULL; +- ret->user_data=NULL; +- ret->flags=0; +- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); +- return ret; +- } ++{ ++ UI *ret; ++ ++ ret = (UI *)OPENSSL_malloc(sizeof(UI)); ++ if (ret == NULL) { ++ UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (method == NULL) ++ ret->meth = UI_get_default_method(); ++ else ++ ret->meth = method; ++ ++ ret->strings = NULL; ++ ret->user_data = NULL; ++ ret->flags = 0; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); ++ return ret; ++} + + static void free_string(UI_STRING *uis) +- { +- if (uis->flags & OUT_STRING_FREEABLE) +- { +- OPENSSL_free((char *)uis->out_string); +- switch(uis->type) +- { +- case UIT_BOOLEAN: +- OPENSSL_free((char *)uis->_.boolean_data.action_desc); +- OPENSSL_free((char *)uis->_.boolean_data.ok_chars); +- OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); +- break; +- default: +- break; +- } +- } +- OPENSSL_free(uis); +- } ++{ ++ if (uis->flags & OUT_STRING_FREEABLE) { ++ OPENSSL_free((char *)uis->out_string); ++ switch (uis->type) { ++ case UIT_BOOLEAN: ++ OPENSSL_free((char *)uis->_.boolean_data.action_desc); ++ OPENSSL_free((char *)uis->_.boolean_data.ok_chars); ++ OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); ++ break; ++ default: ++ break; ++ } ++ } ++ OPENSSL_free(uis); ++} + + void UI_free(UI *ui) +- { +- if (ui == NULL) +- return; +- sk_UI_STRING_pop_free(ui->strings,free_string); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); +- OPENSSL_free(ui); +- } ++{ ++ if (ui == NULL) ++ return; ++ sk_UI_STRING_pop_free(ui->strings, free_string); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); ++ OPENSSL_free(ui); ++} + + static int allocate_string_stack(UI *ui) +- { +- if (ui->strings == NULL) +- { +- ui->strings=sk_UI_STRING_new_null(); +- if (ui->strings == NULL) +- { +- return -1; +- } +- } +- return 0; +- } ++{ ++ if (ui->strings == NULL) { ++ ui->strings = sk_UI_STRING_new_null(); ++ if (ui->strings == NULL) { ++ return -1; ++ } ++ } ++ return 0; ++} + + static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, +- int prompt_freeable, enum UI_string_types type, int input_flags, +- char *result_buf) +- { +- UI_STRING *ret = NULL; +- +- if (prompt == NULL) +- { +- UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER); +- } +- else if ((type == UIT_PROMPT || type == UIT_VERIFY +- || type == UIT_BOOLEAN) && result_buf == NULL) +- { +- UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER); +- } +- else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) +- { +- ret->out_string=prompt; +- ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0; +- ret->input_flags=input_flags; +- ret->type=type; +- ret->result_buf=result_buf; +- } +- return ret; +- } ++ int prompt_freeable, ++ enum UI_string_types type, ++ int input_flags, char *result_buf) ++{ ++ UI_STRING *ret = NULL; ++ ++ if (prompt == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER); ++ } else if ((type == UIT_PROMPT || type == UIT_VERIFY ++ || type == UIT_BOOLEAN) && result_buf == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER); ++ } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) { ++ ret->out_string = prompt; ++ ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; ++ ret->input_flags = input_flags; ++ ret->type = type; ++ ret->result_buf = result_buf; ++ } ++ return ret; ++} + + static int general_allocate_string(UI *ui, const char *prompt, +- int prompt_freeable, enum UI_string_types type, int input_flags, +- char *result_buf, int minsize, int maxsize, const char *test_buf) +- { +- int ret = -1; +- UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, +- type, input_flags, result_buf); +- +- if (s) +- { +- if (allocate_string_stack(ui) >= 0) +- { +- s->_.string_data.result_minsize=minsize; +- s->_.string_data.result_maxsize=maxsize; +- s->_.string_data.test_buf=test_buf; +- ret=sk_UI_STRING_push(ui->strings, s); +- /* sk_push() returns 0 on error. Let's addapt that */ +- if (ret <= 0) ret--; +- } +- else +- free_string(s); +- } +- return ret; +- } ++ int prompt_freeable, ++ enum UI_string_types type, int input_flags, ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf) ++{ ++ int ret = -1; ++ UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, ++ type, input_flags, result_buf); ++ ++ if (s) { ++ if (allocate_string_stack(ui) >= 0) { ++ s->_.string_data.result_minsize = minsize; ++ s->_.string_data.result_maxsize = maxsize; ++ s->_.string_data.test_buf = test_buf; ++ ret = sk_UI_STRING_push(ui->strings, s); ++ /* sk_push() returns 0 on error. Let's addapt that */ ++ if (ret <= 0) ++ ret--; ++ } else ++ free_string(s); ++ } ++ return ret; ++} + + static int general_allocate_boolean(UI *ui, +- const char *prompt, const char *action_desc, +- const char *ok_chars, const char *cancel_chars, +- int prompt_freeable, enum UI_string_types type, int input_flags, +- char *result_buf) +- { +- int ret = -1; +- UI_STRING *s; +- const char *p; +- +- if (ok_chars == NULL) +- { +- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER); +- } +- else if (cancel_chars == NULL) +- { +- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER); +- } +- else +- { +- for(p = ok_chars; *p; p++) +- { +- if (strchr(cancel_chars, *p)) +- { +- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, +- UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); +- } +- } +- +- s = general_allocate_prompt(ui, prompt, prompt_freeable, +- type, input_flags, result_buf); +- +- if (s) +- { +- if (allocate_string_stack(ui) >= 0) +- { +- s->_.boolean_data.action_desc = action_desc; +- s->_.boolean_data.ok_chars = ok_chars; +- s->_.boolean_data.cancel_chars = cancel_chars; +- ret=sk_UI_STRING_push(ui->strings, s); +- /* sk_push() returns 0 on error. +- Let's addapt that */ +- if (ret <= 0) ret--; +- } +- else +- free_string(s); +- } +- } +- return ret; +- } +- +-/* Returns the index to the place in the stack or -1 for error. Uses a +- direct reference to the prompt. */ ++ const char *prompt, ++ const char *action_desc, ++ const char *ok_chars, ++ const char *cancel_chars, ++ int prompt_freeable, ++ enum UI_string_types type, ++ int input_flags, char *result_buf) ++{ ++ int ret = -1; ++ UI_STRING *s; ++ const char *p; ++ ++ if (ok_chars == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); ++ } else if (cancel_chars == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); ++ } else { ++ for (p = ok_chars; *p; p++) { ++ if (strchr(cancel_chars, *p)) { ++ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ++ UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); ++ } ++ } ++ ++ s = general_allocate_prompt(ui, prompt, prompt_freeable, ++ type, input_flags, result_buf); ++ ++ if (s) { ++ if (allocate_string_stack(ui) >= 0) { ++ s->_.boolean_data.action_desc = action_desc; ++ s->_.boolean_data.ok_chars = ok_chars; ++ s->_.boolean_data.cancel_chars = cancel_chars; ++ ret = sk_UI_STRING_push(ui->strings, s); ++ /* ++ * sk_push() returns 0 on error. Let's addapt that ++ */ ++ if (ret <= 0) ++ ret--; ++ } else ++ free_string(s); ++ } ++ } ++ return ret; ++} ++ ++/* ++ * Returns the index to the place in the stack or -1 for error. Uses a ++ * direct reference to the prompt. ++ */ + int UI_add_input_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize) +- { +- return general_allocate_string(ui, prompt, 0, +- UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL); +- } ++ char *result_buf, int minsize, int maxsize) ++{ ++ return general_allocate_string(ui, prompt, 0, ++ UIT_PROMPT, flags, result_buf, minsize, ++ maxsize, NULL); ++} + + /* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ + int UI_dup_input_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize) +- { +- char *prompt_copy=NULL; +- +- if (prompt) +- { +- prompt_copy=BUF_strdup(prompt); +- if (prompt_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- +- return general_allocate_string(ui, prompt_copy, 1, +- UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL); +- } ++ char *result_buf, int minsize, int maxsize) ++{ ++ char *prompt_copy = NULL; ++ ++ if (prompt) { ++ prompt_copy = BUF_strdup(prompt); ++ if (prompt_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ ++ return general_allocate_string(ui, prompt_copy, 1, ++ UIT_PROMPT, flags, result_buf, minsize, ++ maxsize, NULL); ++} + + int UI_add_verify_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize, const char *test_buf) +- { +- return general_allocate_string(ui, prompt, 0, +- UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf); +- } ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf) ++{ ++ return general_allocate_string(ui, prompt, 0, ++ UIT_VERIFY, flags, result_buf, minsize, ++ maxsize, test_buf); ++} + + int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +- char *result_buf, int minsize, int maxsize, const char *test_buf) +- { +- char *prompt_copy=NULL; +- +- if (prompt) +- { +- prompt_copy=BUF_strdup(prompt); +- if (prompt_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE); +- return -1; +- } +- } +- +- return general_allocate_string(ui, prompt_copy, 1, +- UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf); +- } ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf) ++{ ++ char *prompt_copy = NULL; ++ ++ if (prompt) { ++ prompt_copy = BUF_strdup(prompt); ++ if (prompt_copy == NULL) { ++ UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ } ++ ++ return general_allocate_string(ui, prompt_copy, 1, ++ UIT_VERIFY, flags, result_buf, minsize, ++ maxsize, test_buf); ++} + + int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +- const char *ok_chars, const char *cancel_chars, +- int flags, char *result_buf) +- { +- return general_allocate_boolean(ui, prompt, action_desc, +- ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf); +- } ++ const char *ok_chars, const char *cancel_chars, ++ int flags, char *result_buf) ++{ ++ return general_allocate_boolean(ui, prompt, action_desc, ++ ok_chars, cancel_chars, 0, UIT_BOOLEAN, ++ flags, result_buf); ++} + + int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +- const char *ok_chars, const char *cancel_chars, +- int flags, char *result_buf) +- { +- char *prompt_copy = NULL; +- char *action_desc_copy = NULL; +- char *ok_chars_copy = NULL; +- char *cancel_chars_copy = NULL; +- +- if (prompt) +- { +- prompt_copy=BUF_strdup(prompt); +- if (prompt_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (action_desc) +- { +- action_desc_copy=BUF_strdup(action_desc); +- if (action_desc_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (ok_chars) +- { +- ok_chars_copy=BUF_strdup(ok_chars); +- if (ok_chars_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- if (cancel_chars) +- { +- cancel_chars_copy=BUF_strdup(cancel_chars); +- if (cancel_chars_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- return general_allocate_boolean(ui, prompt_copy, action_desc_copy, +- ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags, +- result_buf); ++ const char *ok_chars, const char *cancel_chars, ++ int flags, char *result_buf) ++{ ++ char *prompt_copy = NULL; ++ char *action_desc_copy = NULL; ++ char *ok_chars_copy = NULL; ++ char *cancel_chars_copy = NULL; ++ ++ if (prompt) { ++ prompt_copy = BUF_strdup(prompt); ++ if (prompt_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (action_desc) { ++ action_desc_copy = BUF_strdup(action_desc); ++ if (action_desc_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (ok_chars) { ++ ok_chars_copy = BUF_strdup(ok_chars); ++ if (ok_chars_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (cancel_chars) { ++ cancel_chars_copy = BUF_strdup(cancel_chars); ++ if (cancel_chars_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ return general_allocate_boolean(ui, prompt_copy, action_desc_copy, ++ ok_chars_copy, cancel_chars_copy, 1, ++ UIT_BOOLEAN, flags, result_buf); + err: +- if (prompt_copy) OPENSSL_free(prompt_copy); +- if (action_desc_copy) OPENSSL_free(action_desc_copy); +- if (ok_chars_copy) OPENSSL_free(ok_chars_copy); +- if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy); +- return -1; +- } ++ if (prompt_copy) ++ OPENSSL_free(prompt_copy); ++ if (action_desc_copy) ++ OPENSSL_free(action_desc_copy); ++ if (ok_chars_copy) ++ OPENSSL_free(ok_chars_copy); ++ if (cancel_chars_copy) ++ OPENSSL_free(cancel_chars_copy); ++ return -1; ++} + + int UI_add_info_string(UI *ui, const char *text) +- { +- return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, +- NULL); +- } ++{ ++ return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, ++ NULL); ++} + + int UI_dup_info_string(UI *ui, const char *text) +- { +- char *text_copy=NULL; +- +- if (text) +- { +- text_copy=BUF_strdup(text); +- if (text_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE); +- return -1; +- } +- } +- +- return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, +- 0, 0, NULL); +- } ++{ ++ char *text_copy = NULL; ++ ++ if (text) { ++ text_copy = BUF_strdup(text); ++ if (text_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ } ++ ++ return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, ++ 0, 0, NULL); ++} + + int UI_add_error_string(UI *ui, const char *text) +- { +- return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, +- NULL); +- } ++{ ++ return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, ++ NULL); ++} + + int UI_dup_error_string(UI *ui, const char *text) +- { +- char *text_copy=NULL; +- +- if (text) +- { +- text_copy=BUF_strdup(text); +- if (text_copy == NULL) +- { +- UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE); +- return -1; +- } +- } +- return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, +- 0, 0, NULL); +- } ++{ ++ char *text_copy = NULL; ++ ++ if (text) { ++ text_copy = BUF_strdup(text); ++ if (text_copy == NULL) { ++ UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ } ++ return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, ++ 0, 0, NULL); ++} + + char *UI_construct_prompt(UI *ui, const char *object_desc, +- const char *object_name) +- { +- char *prompt = NULL; +- +- if (ui->meth->ui_construct_prompt) +- prompt = ui->meth->ui_construct_prompt(ui, +- object_desc, object_name); +- else +- { +- char prompt1[] = "Enter "; +- char prompt2[] = " for "; +- char prompt3[] = ":"; +- int len = 0; +- +- if (object_desc == NULL) +- return NULL; +- len = sizeof(prompt1) - 1 + strlen(object_desc); +- if (object_name) +- len += sizeof(prompt2) - 1 + strlen(object_name); +- len += sizeof(prompt3) - 1; +- +- prompt = (char *)OPENSSL_malloc(len + 1); +- BUF_strlcpy(prompt, prompt1, len + 1); +- BUF_strlcat(prompt, object_desc, len + 1); +- if (object_name) +- { +- BUF_strlcat(prompt, prompt2, len + 1); +- BUF_strlcat(prompt, object_name, len + 1); +- } +- BUF_strlcat(prompt, prompt3, len + 1); +- } +- return prompt; +- } ++ const char *object_name) ++{ ++ char *prompt = NULL; ++ ++ if (ui->meth->ui_construct_prompt) ++ prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name); ++ else { ++ char prompt1[] = "Enter "; ++ char prompt2[] = " for "; ++ char prompt3[] = ":"; ++ int len = 0; ++ ++ if (object_desc == NULL) ++ return NULL; ++ len = sizeof(prompt1) - 1 + strlen(object_desc); ++ if (object_name) ++ len += sizeof(prompt2) - 1 + strlen(object_name); ++ len += sizeof(prompt3) - 1; ++ ++ prompt = (char *)OPENSSL_malloc(len + 1); ++ BUF_strlcpy(prompt, prompt1, len + 1); ++ BUF_strlcat(prompt, object_desc, len + 1); ++ if (object_name) { ++ BUF_strlcat(prompt, prompt2, len + 1); ++ BUF_strlcat(prompt, object_name, len + 1); ++ } ++ BUF_strlcat(prompt, prompt3, len + 1); ++ } ++ return prompt; ++} + + void *UI_add_user_data(UI *ui, void *user_data) +- { +- void *old_data = ui->user_data; +- ui->user_data = user_data; +- return old_data; +- } ++{ ++ void *old_data = ui->user_data; ++ ui->user_data = user_data; ++ return old_data; ++} + + void *UI_get0_user_data(UI *ui) +- { +- return ui->user_data; +- } ++{ ++ return ui->user_data; ++} + + const char *UI_get0_result(UI *ui, int i) +- { +- if (i < 0) +- { +- UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL); +- return NULL; +- } +- if (i >= sk_UI_STRING_num(ui->strings)) +- { +- UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE); +- return NULL; +- } +- return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); +- } ++{ ++ if (i < 0) { ++ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL); ++ return NULL; ++ } ++ if (i >= sk_UI_STRING_num(ui->strings)) { ++ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE); ++ return NULL; ++ } ++ return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); ++} + + static int print_error(const char *str, size_t len, UI *ui) +- { +- UI_STRING uis; ++{ ++ UI_STRING uis; + +- memset(&uis, 0, sizeof(uis)); +- uis.type = UIT_ERROR; +- uis.out_string = str; ++ memset(&uis, 0, sizeof(uis)); ++ uis.type = UIT_ERROR; ++ uis.out_string = str; + +- if (ui->meth->ui_write_string +- && !ui->meth->ui_write_string(ui, &uis)) +- return -1; +- return 0; +- } ++ if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis)) ++ return -1; ++ return 0; ++} + + int UI_process(UI *ui) +- { +- int i, ok=0; +- +- if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui)) +- return -1; +- +- if (ui->flags & UI_FLAG_PRINT_ERRORS) +- ERR_print_errors_cb( +- (int (*)(const char *, size_t, void *))print_error, +- (void *)ui); +- +- for(i=0; istrings); i++) +- { +- if (ui->meth->ui_write_string +- && !ui->meth->ui_write_string(ui, +- sk_UI_STRING_value(ui->strings, i))) +- { +- ok=-1; +- goto err; +- } +- } +- +- if (ui->meth->ui_flush) +- switch(ui->meth->ui_flush(ui)) +- { +- case -1: /* Interrupt/Cancel/something... */ +- ok = -2; +- goto err; +- case 0: /* Errors */ +- ok = -1; +- goto err; +- default: /* Success */ +- ok = 0; +- break; +- } +- +- for(i=0; istrings); i++) +- { +- if (ui->meth->ui_read_string) +- { +- switch(ui->meth->ui_read_string(ui, +- sk_UI_STRING_value(ui->strings, i))) +- { +- case -1: /* Interrupt/Cancel/something... */ +- ok = -2; +- goto err; +- case 0: /* Errors */ +- ok = -1; +- goto err; +- default: /* Success */ +- ok = 0; +- break; +- } +- } +- } +- err: +- if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) +- return -1; +- return ok; +- } +- +-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)) +- { +- if (ui == NULL) +- { +- UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER); +- return -1; +- } +- switch(cmd) +- { +- case UI_CTRL_PRINT_ERRORS: +- { +- int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS); +- if (i) +- ui->flags |= UI_FLAG_PRINT_ERRORS; +- else +- ui->flags &= ~UI_FLAG_PRINT_ERRORS; +- return save_flag; +- } +- case UI_CTRL_IS_REDOABLE: +- return !!(ui->flags & UI_FLAG_REDOABLE); +- default: +- break; +- } +- UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND); +- return -1; +- } ++{ ++ int i, ok = 0; + +-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++ if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui)) ++ return -1; ++ ++ if (ui->flags & UI_FLAG_PRINT_ERRORS) ++ ERR_print_errors_cb((int (*)(const char *, size_t, void *)) ++ print_error, (void *)ui); ++ ++ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { ++ if (ui->meth->ui_write_string ++ && !ui->meth->ui_write_string(ui, ++ sk_UI_STRING_value(ui->strings, i))) ++ { ++ ok = -1; ++ goto err; ++ } ++ } ++ ++ if (ui->meth->ui_flush) ++ switch (ui->meth->ui_flush(ui)) { ++ case -1: /* Interrupt/Cancel/something... */ ++ ok = -2; ++ goto err; ++ case 0: /* Errors */ ++ ok = -1; ++ goto err; ++ default: /* Success */ ++ ok = 0; ++ break; ++ } ++ ++ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { ++ if (ui->meth->ui_read_string) { ++ switch (ui->meth->ui_read_string(ui, ++ sk_UI_STRING_value(ui->strings, ++ i))) { ++ case -1: /* Interrupt/Cancel/something... */ ++ ok = -2; ++ goto err; ++ case 0: /* Errors */ ++ ok = -1; ++ goto err; ++ default: /* Success */ ++ ok = 0; ++ break; ++ } ++ } ++ } ++ err: ++ if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) ++ return -1; ++ return ok; ++} ++ ++int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) ++{ ++ if (ui == NULL) { ++ UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ switch (cmd) { ++ case UI_CTRL_PRINT_ERRORS: + { +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, +- new_func, dup_func, free_func); ++ int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS); ++ if (i) ++ ui->flags |= UI_FLAG_PRINT_ERRORS; ++ else ++ ui->flags &= ~UI_FLAG_PRINT_ERRORS; ++ return save_flag; + } ++ case UI_CTRL_IS_REDOABLE: ++ return ! !(ui->flags & UI_FLAG_REDOABLE); ++ default: ++ break; ++ } ++ UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND); ++ return -1; ++} ++ ++int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, ++ new_func, dup_func, free_func); ++} + + int UI_set_ex_data(UI *r, int idx, void *arg) +- { +- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); +- } ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} + + void *UI_get_ex_data(UI *r, int idx) +- { +- return(CRYPTO_get_ex_data(&r->ex_data,idx)); +- } ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); ++} + + void UI_set_default_method(const UI_METHOD *meth) +- { +- default_UI_meth=meth; +- } ++{ ++ default_UI_meth = meth; ++} + + const UI_METHOD *UI_get_default_method(void) +- { +- if (default_UI_meth == NULL) +- { +- default_UI_meth=UI_OpenSSL(); +- } +- return default_UI_meth; +- } ++{ ++ if (default_UI_meth == NULL) { ++ default_UI_meth = UI_OpenSSL(); ++ } ++ return default_UI_meth; ++} + + const UI_METHOD *UI_get_method(UI *ui) +- { +- return ui->meth; +- } ++{ ++ return ui->meth; ++} + + const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) +- { +- ui->meth=meth; +- return ui->meth; +- } +- ++{ ++ ui->meth = meth; ++ return ui->meth; ++} + + UI_METHOD *UI_create_method(char *name) +- { +- UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); +- +- if (ui_method) +- { +- memset(ui_method, 0, sizeof(*ui_method)); +- ui_method->name = BUF_strdup(name); +- } +- return ui_method; +- } +- +-/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method +- (that is, it hasn't been allocated using UI_create_method(), you deserve +- anything Murphy can throw at you and more! You have been warned. */ ++{ ++ UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); ++ ++ if (ui_method) { ++ memset(ui_method, 0, sizeof(*ui_method)); ++ ui_method->name = BUF_strdup(name); ++ } ++ return ui_method; ++} ++ ++/* ++ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method ++ * (that is, it hasn't been allocated using UI_create_method(), you deserve ++ * anything Murphy can throw at you and more! You have been warned. ++ */ + void UI_destroy_method(UI_METHOD *ui_method) +- { +- OPENSSL_free(ui_method->name); +- ui_method->name = NULL; +- OPENSSL_free(ui_method); +- } +- +-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)) +- { +- if (method) +- { +- method->ui_open_session = opener; +- return 0; +- } +- else +- return -1; +- } +- +-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)) +- { +- if (method) +- { +- method->ui_write_string = writer; +- return 0; +- } +- else +- return -1; +- } +- +-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)) +- { +- if (method) +- { +- method->ui_flush = flusher; +- return 0; +- } +- else +- return -1; +- } +- +-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)) +- { +- if (method) +- { +- method->ui_read_string = reader; +- return 0; +- } +- else +- return -1; +- } +- +-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)) +- { +- if (method) +- { +- method->ui_close_session = closer; +- return 0; +- } +- else +- return -1; +- } +- +-int (*UI_method_get_opener(UI_METHOD *method))(UI*) +- { +- if (method) +- return method->ui_open_session; +- else +- return NULL; +- } +- +-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*) +- { +- if (method) +- return method->ui_write_string; +- else +- return NULL; +- } +- +-int (*UI_method_get_flusher(UI_METHOD *method))(UI*) +- { +- if (method) +- return method->ui_flush; +- else +- return NULL; +- } +- +-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*) +- { +- if (method) +- return method->ui_read_string; +- else +- return NULL; +- } +- +-int (*UI_method_get_closer(UI_METHOD *method))(UI*) +- { +- if (method) +- return method->ui_close_session; +- else +- return NULL; +- } ++{ ++ OPENSSL_free(ui_method->name); ++ ui_method->name = NULL; ++ OPENSSL_free(ui_method); ++} ++ ++int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)) ++{ ++ if (method) { ++ method->ui_open_session = opener; ++ return 0; ++ } else ++ return -1; ++} ++ ++int UI_method_set_writer(UI_METHOD *method, ++ int (*writer) (UI *ui, UI_STRING *uis)) ++{ ++ if (method) { ++ method->ui_write_string = writer; ++ return 0; ++ } else ++ return -1; ++} ++ ++int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)) ++{ ++ if (method) { ++ method->ui_flush = flusher; ++ return 0; ++ } else ++ return -1; ++} ++ ++int UI_method_set_reader(UI_METHOD *method, ++ int (*reader) (UI *ui, UI_STRING *uis)) ++{ ++ if (method) { ++ method->ui_read_string = reader; ++ return 0; ++ } else ++ return -1; ++} ++ ++int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) ++{ ++ if (method) { ++ method->ui_close_session = closer; ++ return 0; ++ } else ++ return -1; ++} ++ ++int (*UI_method_get_opener(UI_METHOD *method)) (UI *) { ++ if (method) ++ return method->ui_open_session; ++ else ++ return NULL; ++} ++ ++int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) { ++ if (method) ++ return method->ui_write_string; ++ else ++ return NULL; ++} ++ ++int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) { ++ if (method) ++ return method->ui_flush; ++ else ++ return NULL; ++} ++ ++int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) { ++ if (method) ++ return method->ui_read_string; ++ else ++ return NULL; ++} ++ ++int (*UI_method_get_closer(UI_METHOD *method)) (UI *) { ++ if (method) ++ return method->ui_close_session; ++ else ++ return NULL; ++} + + enum UI_string_types UI_get_string_type(UI_STRING *uis) +- { +- if (!uis) +- return UIT_NONE; +- return uis->type; +- } ++{ ++ if (!uis) ++ return UIT_NONE; ++ return uis->type; ++} + + int UI_get_input_flags(UI_STRING *uis) +- { +- if (!uis) +- return 0; +- return uis->input_flags; +- } ++{ ++ if (!uis) ++ return 0; ++ return uis->input_flags; ++} + + const char *UI_get0_output_string(UI_STRING *uis) +- { +- if (!uis) +- return NULL; +- return uis->out_string; +- } ++{ ++ if (!uis) ++ return NULL; ++ return uis->out_string; ++} + + const char *UI_get0_action_string(UI_STRING *uis) +- { +- if (!uis) +- return NULL; +- switch(uis->type) +- { +- case UIT_PROMPT: +- case UIT_BOOLEAN: +- return uis->_.boolean_data.action_desc; +- default: +- return NULL; +- } +- } ++{ ++ if (!uis) ++ return NULL; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_BOOLEAN: ++ return uis->_.boolean_data.action_desc; ++ default: ++ return NULL; ++ } ++} + + const char *UI_get0_result_string(UI_STRING *uis) +- { +- if (!uis) +- return NULL; +- switch(uis->type) +- { +- case UIT_PROMPT: +- case UIT_VERIFY: +- return uis->result_buf; +- default: +- return NULL; +- } +- } ++{ ++ if (!uis) ++ return NULL; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ return uis->result_buf; ++ default: ++ return NULL; ++ } ++} + + const char *UI_get0_test_string(UI_STRING *uis) +- { +- if (!uis) +- return NULL; +- switch(uis->type) +- { +- case UIT_VERIFY: +- return uis->_.string_data.test_buf; +- default: +- return NULL; +- } +- } ++{ ++ if (!uis) ++ return NULL; ++ switch (uis->type) { ++ case UIT_VERIFY: ++ return uis->_.string_data.test_buf; ++ default: ++ return NULL; ++ } ++} + + int UI_get_result_minsize(UI_STRING *uis) +- { +- if (!uis) +- return -1; +- switch(uis->type) +- { +- case UIT_PROMPT: +- case UIT_VERIFY: +- return uis->_.string_data.result_minsize; +- default: +- return -1; +- } +- } ++{ ++ if (!uis) ++ return -1; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ return uis->_.string_data.result_minsize; ++ default: ++ return -1; ++ } ++} + + int UI_get_result_maxsize(UI_STRING *uis) +- { +- if (!uis) +- return -1; +- switch(uis->type) +- { +- case UIT_PROMPT: +- case UIT_VERIFY: +- return uis->_.string_data.result_maxsize; +- default: +- return -1; +- } +- } ++{ ++ if (!uis) ++ return -1; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ return uis->_.string_data.result_maxsize; ++ default: ++ return -1; ++ } ++} + + int UI_set_result(UI *ui, UI_STRING *uis, const char *result) +- { +- int l = strlen(result); +- +- ui->flags &= ~UI_FLAG_REDOABLE; +- +- if (!uis) +- return -1; +- switch (uis->type) +- { +- case UIT_PROMPT: +- case UIT_VERIFY: +- { +- char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1]; +- char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1]; +- +- BIO_snprintf(number1, sizeof(number1), "%d", +- uis->_.string_data.result_minsize); +- BIO_snprintf(number2, sizeof(number2), "%d", +- uis->_.string_data.result_maxsize); +- +- if (l < uis->_.string_data.result_minsize) +- { +- ui->flags |= UI_FLAG_REDOABLE; +- UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL); +- ERR_add_error_data(5,"You must type in ", +- number1," to ",number2," characters"); +- return -1; +- } +- if (l > uis->_.string_data.result_maxsize) +- { +- ui->flags |= UI_FLAG_REDOABLE; +- UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE); +- ERR_add_error_data(5,"You must type in ", +- number1," to ",number2," characters"); +- return -1; +- } +- } +- +- if (!uis->result_buf) +- { +- UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER); +- return -1; +- } +- +- BUF_strlcpy(uis->result_buf, result, +- uis->_.string_data.result_maxsize + 1); +- break; +- case UIT_BOOLEAN: +- { +- const char *p; +- +- if (!uis->result_buf) +- { +- UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER); +- return -1; +- } +- +- uis->result_buf[0] = '\0'; +- for(p = result; *p; p++) +- { +- if (strchr(uis->_.boolean_data.ok_chars, *p)) +- { +- uis->result_buf[0] = +- uis->_.boolean_data.ok_chars[0]; +- break; +- } +- if (strchr(uis->_.boolean_data.cancel_chars, *p)) +- { +- uis->result_buf[0] = +- uis->_.boolean_data.cancel_chars[0]; +- break; +- } +- } +- } +- default: +- break; +- } +- return 0; +- } ++{ ++ int l = strlen(result); ++ ++ ui->flags &= ~UI_FLAG_REDOABLE; ++ ++ if (!uis) ++ return -1; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ { ++ char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1]; ++ char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1]; ++ ++ BIO_snprintf(number1, sizeof(number1), "%d", ++ uis->_.string_data.result_minsize); ++ BIO_snprintf(number2, sizeof(number2), "%d", ++ uis->_.string_data.result_maxsize); ++ ++ if (l < uis->_.string_data.result_minsize) { ++ ui->flags |= UI_FLAG_REDOABLE; ++ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL); ++ ERR_add_error_data(5, "You must type in ", ++ number1, " to ", number2, " characters"); ++ return -1; ++ } ++ if (l > uis->_.string_data.result_maxsize) { ++ ui->flags |= UI_FLAG_REDOABLE; ++ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE); ++ ERR_add_error_data(5, "You must type in ", ++ number1, " to ", number2, " characters"); ++ return -1; ++ } ++ } ++ ++ if (!uis->result_buf) { ++ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); ++ return -1; ++ } ++ ++ BUF_strlcpy(uis->result_buf, result, ++ uis->_.string_data.result_maxsize + 1); ++ break; ++ case UIT_BOOLEAN: ++ { ++ const char *p; ++ ++ if (!uis->result_buf) { ++ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); ++ return -1; ++ } ++ ++ uis->result_buf[0] = '\0'; ++ for (p = result; *p; p++) { ++ if (strchr(uis->_.boolean_data.ok_chars, *p)) { ++ uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; ++ break; ++ } ++ if (strchr(uis->_.boolean_data.cancel_chars, *p)) { ++ uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; ++ break; ++ } ++ } ++ } ++ default: ++ break; ++ } ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c +index 5d9760b..f65f80d 100644 +--- a/Cryptlib/OpenSSL/crypto/ui/ui_util.c ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_util.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,36 +56,38 @@ + #include + #include "ui_locl.h" + +-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) +- { +- char buff[BUFSIZ]; +- int ret; ++int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, ++ int verify) ++{ ++ char buff[BUFSIZ]; ++ int ret; + +- ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); +- OPENSSL_cleanse(buff,BUFSIZ); +- return(ret); +- } ++ ret = ++ UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, ++ prompt, verify); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return (ret); ++} + +-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) +- { +- int ok = 0; +- UI *ui; ++int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify) ++{ ++ int ok = 0; ++ UI *ui; + +- if (size < 1) +- return -1; ++ if (size < 1) ++ return -1; + +- ui = UI_new(); +- if (ui) +- { +- ok = UI_add_input_string(ui,prompt,0,buf,0,size-1); +- if (ok >= 0 && verify) +- ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1, +- buf); +- if (ok >= 0) +- ok=UI_process(ui); +- UI_free(ui); +- } +- if (ok > 0) +- ok = 0; +- return(ok); +- } ++ ui = UI_new(); ++ if (ui) { ++ ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); ++ if (ok >= 0 && verify) ++ ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); ++ if (ok >= 0) ++ ok = UI_process(ui); ++ UI_free(ui); ++ } ++ if (ok > 0) ++ ok = 0; ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c +index b1fd52b..90694c6 100644 +--- a/Cryptlib/OpenSSL/crypto/uid.c ++++ b/Cryptlib/OpenSSL/crypto/uid.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,32 +58,31 @@ + + #if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) + +-#include OPENSSL_UNISTD ++# include OPENSSL_UNISTD + + int OPENSSL_issetugid(void) +- { +- return issetugid(); +- } ++{ ++ return issetugid(); ++} + + #elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) + + int OPENSSL_issetugid(void) +- { +- return 0; +- } ++{ ++ return 0; ++} + + #else + +-#include OPENSSL_UNISTD +-#include ++# include OPENSSL_UNISTD ++# include + + int OPENSSL_issetugid(void) +- { +- if (getuid() != geteuid()) return 1; +- if (getgid() != getegid()) return 1; +- return 0; +- } ++{ ++ if (getuid() != geteuid()) ++ return 1; ++ if (getgid() != getegid()) ++ return 1; ++ return 0; ++} + #endif +- +- +- +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c +index b3acd80..5a12743 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c ++++ b/Cryptlib/OpenSSL/crypto/x509/by_dir.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -75,311 +75,294 @@ + #include + + #ifdef _WIN32 +-#define stat _stat ++# define stat _stat + #endif + +-typedef struct lookup_dir_st +- { +- BUF_MEM *buffer; +- int num_dirs; +- char **dirs; +- int *dirs_type; +- int num_dirs_alloced; +- } BY_DIR; ++typedef struct lookup_dir_st { ++ BUF_MEM *buffer; ++ int num_dirs; ++ char **dirs; ++ int *dirs_type; ++ int num_dirs_alloced; ++} BY_DIR; + + static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **ret); ++ char **ret); + static int new_dir(X509_LOOKUP *lu); + static void free_dir(X509_LOOKUP *lu); +-static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); +-static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, +- X509_OBJECT *ret); +-X509_LOOKUP_METHOD x509_dir_lookup= +- { +- "Load certs from files in a directory", +- new_dir, /* new */ +- free_dir, /* free */ +- NULL, /* init */ +- NULL, /* shutdown */ +- dir_ctrl, /* ctrl */ +- get_cert_by_subject, /* get_by_subject */ +- NULL, /* get_by_issuer_serial */ +- NULL, /* get_by_fingerprint */ +- NULL, /* get_by_alias */ +- }; ++static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); ++static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, ++ X509_OBJECT *ret); ++X509_LOOKUP_METHOD x509_dir_lookup = { ++ "Load certs from files in a directory", ++ new_dir, /* new */ ++ free_dir, /* free */ ++ NULL, /* init */ ++ NULL, /* shutdown */ ++ dir_ctrl, /* ctrl */ ++ get_cert_by_subject, /* get_by_subject */ ++ NULL, /* get_by_issuer_serial */ ++ NULL, /* get_by_fingerprint */ ++ NULL, /* get_by_alias */ ++}; + + X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) +- { +- return(&x509_dir_lookup); +- } ++{ ++ return (&x509_dir_lookup); ++} + + static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **retp) +- { +- int ret=0; +- BY_DIR *ld; +- char *dir = NULL; ++ char **retp) ++{ ++ int ret = 0; ++ BY_DIR *ld; ++ char *dir = NULL; + +- ld=(BY_DIR *)ctx->method_data; ++ ld = (BY_DIR *)ctx->method_data; + +- switch (cmd) +- { +- case X509_L_ADD_DIR: +- if (argl == X509_FILETYPE_DEFAULT) +- { +- dir=(char *)Getenv(X509_get_default_cert_dir_env()); +- if (dir) +- ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); +- else +- ret=add_cert_dir(ld,X509_get_default_cert_dir(), +- X509_FILETYPE_PEM); +- if (!ret) +- { +- X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); +- } +- } +- else +- ret=add_cert_dir(ld,argp,(int)argl); +- break; +- } +- return(ret); +- } ++ switch (cmd) { ++ case X509_L_ADD_DIR: ++ if (argl == X509_FILETYPE_DEFAULT) { ++ dir = (char *)Getenv(X509_get_default_cert_dir_env()); ++ if (dir) ++ ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); ++ else ++ ret = add_cert_dir(ld, X509_get_default_cert_dir(), ++ X509_FILETYPE_PEM); ++ if (!ret) { ++ X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR); ++ } ++ } else ++ ret = add_cert_dir(ld, argp, (int)argl); ++ break; ++ } ++ return (ret); ++} + + static int new_dir(X509_LOOKUP *lu) +- { +- BY_DIR *a; ++{ ++ BY_DIR *a; + +- if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) +- return(0); +- if ((a->buffer=BUF_MEM_new()) == NULL) +- { +- OPENSSL_free(a); +- return(0); +- } +- a->num_dirs=0; +- a->dirs=NULL; +- a->dirs_type=NULL; +- a->num_dirs_alloced=0; +- lu->method_data=(char *)a; +- return(1); +- } ++ if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) ++ return (0); ++ if ((a->buffer = BUF_MEM_new()) == NULL) { ++ OPENSSL_free(a); ++ return (0); ++ } ++ a->num_dirs = 0; ++ a->dirs = NULL; ++ a->dirs_type = NULL; ++ a->num_dirs_alloced = 0; ++ lu->method_data = (char *)a; ++ return (1); ++} + + static void free_dir(X509_LOOKUP *lu) +- { +- BY_DIR *a; +- int i; ++{ ++ BY_DIR *a; ++ int i; + +- a=(BY_DIR *)lu->method_data; +- for (i=0; inum_dirs; i++) +- if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); +- if (a->dirs != NULL) OPENSSL_free(a->dirs); +- if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); +- if (a->buffer != NULL) BUF_MEM_free(a->buffer); +- OPENSSL_free(a); +- } ++ a = (BY_DIR *)lu->method_data; ++ for (i = 0; i < a->num_dirs; i++) ++ if (a->dirs[i] != NULL) ++ OPENSSL_free(a->dirs[i]); ++ if (a->dirs != NULL) ++ OPENSSL_free(a->dirs); ++ if (a->dirs_type != NULL) ++ OPENSSL_free(a->dirs_type); ++ if (a->buffer != NULL) ++ BUF_MEM_free(a->buffer); ++ OPENSSL_free(a); ++} + + static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) +- { +- int j,len; +- int *ip; +- const char *s,*ss,*p; +- char **pp; ++{ ++ int j, len; ++ int *ip; ++ const char *s, *ss, *p; ++ char **pp; + +- if (dir == NULL || !*dir) +- { +- X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY); +- return 0; +- } ++ if (dir == NULL || !*dir) { ++ X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY); ++ return 0; ++ } + +- s=dir; +- p=s; +- for (;;p++) +- { +- if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) +- { +- ss=s; +- s=p+1; +- len=(int)(p-ss); +- if (len == 0) continue; +- for (j=0; jnum_dirs; j++) +- if (strlen(ctx->dirs[j]) == (size_t)len && +- strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) +- break; +- if (jnum_dirs) +- continue; +- if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) +- { +- ctx->num_dirs_alloced+=10; +- pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* +- sizeof(char *)); +- ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* +- sizeof(int)); +- if ((pp == NULL) || (ip == NULL)) +- { +- X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE); +- return(0); +- } +- memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)* +- sizeof(char *)); +- memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* +- sizeof(int)); +- if (ctx->dirs != NULL) +- OPENSSL_free(ctx->dirs); +- if (ctx->dirs_type != NULL) +- OPENSSL_free(ctx->dirs_type); +- ctx->dirs=pp; +- ctx->dirs_type=ip; +- } +- ctx->dirs_type[ctx->num_dirs]=type; +- ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); +- if (ctx->dirs[ctx->num_dirs] == NULL) return(0); +- strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); +- ctx->dirs[ctx->num_dirs][len]='\0'; +- ctx->num_dirs++; +- } +- if (*p == '\0') break; +- } +- return(1); +- } ++ s = dir; ++ p = s; ++ for (;; p++) { ++ if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { ++ ss = s; ++ s = p + 1; ++ len = (int)(p - ss); ++ if (len == 0) ++ continue; ++ for (j = 0; j < ctx->num_dirs; j++) ++ if (strlen(ctx->dirs[j]) == (size_t)len && ++ strncmp(ctx->dirs[j], ss, (unsigned int)len) == 0) ++ break; ++ if (j < ctx->num_dirs) ++ continue; ++ if (ctx->num_dirs_alloced < (ctx->num_dirs + 1)) { ++ ctx->num_dirs_alloced += 10; ++ pp = (char **)OPENSSL_malloc(ctx->num_dirs_alloced * ++ sizeof(char *)); ++ ip = (int *)OPENSSL_malloc(ctx->num_dirs_alloced * ++ sizeof(int)); ++ if ((pp == NULL) || (ip == NULL)) { ++ X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ memcpy(pp, ctx->dirs, (ctx->num_dirs_alloced - 10) * ++ sizeof(char *)); ++ memcpy(ip, ctx->dirs_type, (ctx->num_dirs_alloced - 10) * ++ sizeof(int)); ++ if (ctx->dirs != NULL) ++ OPENSSL_free(ctx->dirs); ++ if (ctx->dirs_type != NULL) ++ OPENSSL_free(ctx->dirs_type); ++ ctx->dirs = pp; ++ ctx->dirs_type = ip; ++ } ++ ctx->dirs_type[ctx->num_dirs] = type; ++ ctx->dirs[ctx->num_dirs] = ++ (char *)OPENSSL_malloc((unsigned int)len + 1); ++ if (ctx->dirs[ctx->num_dirs] == NULL) ++ return (0); ++ strncpy(ctx->dirs[ctx->num_dirs], ss, (unsigned int)len); ++ ctx->dirs[ctx->num_dirs][len] = '\0'; ++ ctx->num_dirs++; ++ } ++ if (*p == '\0') ++ break; ++ } ++ return (1); ++} + + static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, +- X509_OBJECT *ret) +- { +- BY_DIR *ctx; +- union { +- struct { +- X509 st_x509; +- X509_CINF st_x509_cinf; +- } x509; +- struct { +- X509_CRL st_crl; +- X509_CRL_INFO st_crl_info; +- } crl; +- } data; +- int ok=0; +- int i,j,k; +- unsigned long h; +- BUF_MEM *b=NULL; +- struct stat st; +- X509_OBJECT stmp,*tmp; +- const char *postfix=""; ++ X509_OBJECT *ret) ++{ ++ BY_DIR *ctx; ++ union { ++ struct { ++ X509 st_x509; ++ X509_CINF st_x509_cinf; ++ } x509; ++ struct { ++ X509_CRL st_crl; ++ X509_CRL_INFO st_crl_info; ++ } crl; ++ } data; ++ int ok = 0; ++ int i, j, k; ++ unsigned long h; ++ BUF_MEM *b = NULL; ++ struct stat st; ++ X509_OBJECT stmp, *tmp; ++ const char *postfix = ""; ++ ++ if (name == NULL) ++ return (0); + +- if (name == NULL) return(0); ++ stmp.type = type; ++ if (type == X509_LU_X509) { ++ data.x509.st_x509.cert_info = &data.x509.st_x509_cinf; ++ data.x509.st_x509_cinf.subject = name; ++ stmp.data.x509 = &data.x509.st_x509; ++ postfix = ""; ++ } else if (type == X509_LU_CRL) { ++ data.crl.st_crl.crl = &data.crl.st_crl_info; ++ data.crl.st_crl_info.issuer = name; ++ stmp.data.crl = &data.crl.st_crl; ++ postfix = "r"; ++ } else { ++ X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); ++ goto finish; ++ } + +- stmp.type=type; +- if (type == X509_LU_X509) +- { +- data.x509.st_x509.cert_info= &data.x509.st_x509_cinf; +- data.x509.st_x509_cinf.subject=name; +- stmp.data.x509= &data.x509.st_x509; +- postfix=""; +- } +- else if (type == X509_LU_CRL) +- { +- data.crl.st_crl.crl= &data.crl.st_crl_info; +- data.crl.st_crl_info.issuer=name; +- stmp.data.crl= &data.crl.st_crl; +- postfix="r"; +- } +- else +- { +- X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE); +- goto finish; +- } ++ if ((b = BUF_MEM_new()) == NULL) { ++ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB); ++ goto finish; ++ } + +- if ((b=BUF_MEM_new()) == NULL) +- { +- X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB); +- goto finish; +- } +- +- ctx=(BY_DIR *)xl->method_data; ++ ctx = (BY_DIR *)xl->method_data; + +- h=X509_NAME_hash(name); +- for (i=0; inum_dirs; i++) +- { +- j=strlen(ctx->dirs[i])+1+8+6+1+1; +- if (!BUF_MEM_grow(b,j)) +- { +- X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); +- goto finish; +- } +- k=0; +- for (;;) +- { +- char c = '/'; ++ h = X509_NAME_hash(name); ++ for (i = 0; i < ctx->num_dirs; i++) { ++ j = strlen(ctx->dirs[i]) + 1 + 8 + 6 + 1 + 1; ++ if (!BUF_MEM_grow(b, j)) { ++ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); ++ goto finish; ++ } ++ k = 0; ++ for (;;) { ++ char c = '/'; + #ifdef OPENSSL_SYS_VMS +- c = ctx->dirs[i][strlen(ctx->dirs[i])-1]; +- if (c != ':' && c != '>' && c != ']') +- { +- /* If no separator is present, we assume the +- directory specifier is a logical name, and +- add a colon. We really should use better +- VMS routines for merging things like this, +- but this will do for now... +- -- Richard Levitte */ +- c = ':'; +- } +- else +- { +- c = '\0'; +- } ++ c = ctx->dirs[i][strlen(ctx->dirs[i]) - 1]; ++ if (c != ':' && c != '>' && c != ']') { ++ /* ++ * If no separator is present, we assume the directory ++ * specifier is a logical name, and add a colon. We really ++ * should use better VMS routines for merging things like ++ * this, but this will do for now... -- Richard Levitte ++ */ ++ c = ':'; ++ } else { ++ c = '\0'; ++ } + #endif +- if (c == '\0') +- { +- /* This is special. When c == '\0', no +- directory separator should be added. */ +- BIO_snprintf(b->data,b->max, +- "%s%08lx.%s%d",ctx->dirs[i],h, +- postfix,k); +- } +- else +- { +- BIO_snprintf(b->data,b->max, +- "%s%c%08lx.%s%d",ctx->dirs[i],c,h, +- postfix,k); +- } +- k++; +- if (stat(b->data,&st) < 0) +- break; +- /* found one. */ +- if (type == X509_LU_X509) +- { +- if ((X509_load_cert_file(xl,b->data, +- ctx->dirs_type[i])) == 0) +- break; +- } +- else if (type == X509_LU_CRL) +- { +- if ((X509_load_crl_file(xl,b->data, +- ctx->dirs_type[i])) == 0) +- break; +- } +- /* else case will caught higher up */ +- } ++ if (c == '\0') { ++ /* ++ * This is special. When c == '\0', no directory separator ++ * should be added. ++ */ ++ BIO_snprintf(b->data, b->max, ++ "%s%08lx.%s%d", ctx->dirs[i], h, postfix, k); ++ } else { ++ BIO_snprintf(b->data, b->max, ++ "%s%c%08lx.%s%d", ctx->dirs[i], c, h, ++ postfix, k); ++ } ++ k++; ++ if (stat(b->data, &st) < 0) ++ break; ++ /* found one. */ ++ if (type == X509_LU_X509) { ++ if ((X509_load_cert_file(xl, b->data, ++ ctx->dirs_type[i])) == 0) ++ break; ++ } else if (type == X509_LU_CRL) { ++ if ((X509_load_crl_file(xl, b->data, ctx->dirs_type[i])) == 0) ++ break; ++ } ++ /* else case will caught higher up */ ++ } + +- /* we have added it to the cache so now pull +- * it out again */ +- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); +- j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); +- if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); +- else tmp = NULL; +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ /* ++ * we have added it to the cache so now pull it out again ++ */ ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); ++ if (j != -1) ++ tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); ++ else ++ tmp = NULL; ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + +- if (tmp != NULL) +- { +- ok=1; +- ret->type=tmp->type; +- memcpy(&ret->data,&tmp->data,sizeof(ret->data)); +- /* If we were going to up the reference count, +- * we would need to do it on a perl 'type' +- * basis */ +- /* CRYPTO_add(&tmp->data.x509->references,1, +- CRYPTO_LOCK_X509);*/ +- goto finish; +- } +- } +-finish: +- if (b != NULL) BUF_MEM_free(b); +- return(ok); +- } ++ if (tmp != NULL) { ++ ok = 1; ++ ret->type = tmp->type; ++ memcpy(&ret->data, &tmp->data, sizeof(ret->data)); ++ /* ++ * If we were going to up the reference count, we would need to ++ * do it on a perl 'type' basis ++ */ ++ /*- CRYPTO_add(&tmp->data.x509->references,1, ++ CRYPTO_LOCK_X509);*/ ++ goto finish; ++ } ++ } ++ finish: ++ if (b != NULL) ++ BUF_MEM_free(b); ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c +index a5e0d4a..737a825 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/by_file.c ++++ b/Cryptlib/OpenSSL/crypto/x509/by_file.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -69,232 +69,209 @@ + #ifndef OPENSSL_NO_STDIO + + static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +- long argl, char **ret); +-X509_LOOKUP_METHOD x509_file_lookup= +- { +- "Load file into cache", +- NULL, /* new */ +- NULL, /* free */ +- NULL, /* init */ +- NULL, /* shutdown */ +- by_file_ctrl, /* ctrl */ +- NULL, /* get_by_subject */ +- NULL, /* get_by_issuer_serial */ +- NULL, /* get_by_fingerprint */ +- NULL, /* get_by_alias */ +- }; ++ long argl, char **ret); ++X509_LOOKUP_METHOD x509_file_lookup = { ++ "Load file into cache", ++ NULL, /* new */ ++ NULL, /* free */ ++ NULL, /* init */ ++ NULL, /* shutdown */ ++ by_file_ctrl, /* ctrl */ ++ NULL, /* get_by_subject */ ++ NULL, /* get_by_issuer_serial */ ++ NULL, /* get_by_fingerprint */ ++ NULL, /* get_by_alias */ ++}; + + X509_LOOKUP_METHOD *X509_LOOKUP_file(void) +- { +- return(&x509_file_lookup); +- } ++{ ++ return (&x509_file_lookup); ++} + +-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **ret) +- { +- int ok=0; +- char *file; ++static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, ++ long argl, char **ret) ++{ ++ int ok = 0; ++ char *file; + +- switch (cmd) +- { +- case X509_L_FILE_LOAD: +- if (argl == X509_FILETYPE_DEFAULT) +- { +- file = (char *)Getenv(X509_get_default_cert_file_env()); +- if (file) +- ok = (X509_load_cert_crl_file(ctx,file, +- X509_FILETYPE_PEM) != 0); ++ switch (cmd) { ++ case X509_L_FILE_LOAD: ++ if (argl == X509_FILETYPE_DEFAULT) { ++ file = (char *)Getenv(X509_get_default_cert_file_env()); ++ if (file) ++ ok = (X509_load_cert_crl_file(ctx, file, ++ X509_FILETYPE_PEM) != 0); + +- else +- ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), +- X509_FILETYPE_PEM) != 0); ++ else ++ ok = (X509_load_cert_crl_file ++ (ctx, X509_get_default_cert_file(), ++ X509_FILETYPE_PEM) != 0); + +- if (!ok) +- { +- X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); +- } +- } +- else +- { +- if(argl == X509_FILETYPE_PEM) +- ok = (X509_load_cert_crl_file(ctx,argp, +- X509_FILETYPE_PEM) != 0); +- else +- ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0); +- } +- break; +- } +- return(ok); +- } ++ if (!ok) { ++ X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); ++ } ++ } else { ++ if (argl == X509_FILETYPE_PEM) ++ ok = (X509_load_cert_crl_file(ctx, argp, ++ X509_FILETYPE_PEM) != 0); ++ else ++ ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); ++ } ++ break; ++ } ++ return (ok); ++} + + int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) +- { +- int ret=0; +- BIO *in=NULL; +- int i,count=0; +- X509 *x=NULL; ++{ ++ int ret = 0; ++ BIO *in = NULL; ++ int i, count = 0; ++ X509 *x = NULL; + +- if (file == NULL) return(1); +- in=BIO_new(BIO_s_file_internal()); ++ if (file == NULL) ++ return (1); ++ in = BIO_new(BIO_s_file_internal()); + +- if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) +- { +- X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB); +- goto err; +- } ++ if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { ++ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); ++ goto err; ++ } + +- if (type == X509_FILETYPE_PEM) +- { +- for (;;) +- { +- x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); +- if (x == NULL) +- { +- if ((ERR_GET_REASON(ERR_peek_last_error()) == +- PEM_R_NO_START_LINE) && (count > 0)) +- { +- ERR_clear_error(); +- break; +- } +- else +- { +- X509err(X509_F_X509_LOAD_CERT_FILE, +- ERR_R_PEM_LIB); +- goto err; +- } +- } +- i=X509_STORE_add_cert(ctx->store_ctx,x); +- if (!i) goto err; +- count++; +- X509_free(x); +- x=NULL; +- } +- ret=count; +- } +- else if (type == X509_FILETYPE_ASN1) +- { +- x=d2i_X509_bio(in,NULL); +- if (x == NULL) +- { +- X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB); +- goto err; +- } +- i=X509_STORE_add_cert(ctx->store_ctx,x); +- if (!i) goto err; +- ret=i; +- } +- else +- { +- X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE); +- goto err; +- } +-err: +- if (x != NULL) X509_free(x); +- if (in != NULL) BIO_free(in); +- return(ret); +- } ++ if (type == X509_FILETYPE_PEM) { ++ for (;;) { ++ x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); ++ if (x == NULL) { ++ if ((ERR_GET_REASON(ERR_peek_last_error()) == ++ PEM_R_NO_START_LINE) && (count > 0)) { ++ ERR_clear_error(); ++ break; ++ } else { ++ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); ++ goto err; ++ } ++ } ++ i = X509_STORE_add_cert(ctx->store_ctx, x); ++ if (!i) ++ goto err; ++ count++; ++ X509_free(x); ++ x = NULL; ++ } ++ ret = count; ++ } else if (type == X509_FILETYPE_ASN1) { ++ x = d2i_X509_bio(in, NULL); ++ if (x == NULL) { ++ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ i = X509_STORE_add_cert(ctx->store_ctx, x); ++ if (!i) ++ goto err; ++ ret = i; ++ } else { ++ X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); ++ goto err; ++ } ++ err: ++ if (x != NULL) ++ X509_free(x); ++ if (in != NULL) ++ BIO_free(in); ++ return (ret); ++} + + int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) +- { +- int ret=0; +- BIO *in=NULL; +- int i,count=0; +- X509_CRL *x=NULL; ++{ ++ int ret = 0; ++ BIO *in = NULL; ++ int i, count = 0; ++ X509_CRL *x = NULL; + +- if (file == NULL) return(1); +- in=BIO_new(BIO_s_file_internal()); ++ if (file == NULL) ++ return (1); ++ in = BIO_new(BIO_s_file_internal()); + +- if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) +- { +- X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB); +- goto err; +- } ++ if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { ++ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB); ++ goto err; ++ } + +- if (type == X509_FILETYPE_PEM) +- { +- for (;;) +- { +- x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); +- if (x == NULL) +- { +- if ((ERR_GET_REASON(ERR_peek_last_error()) == +- PEM_R_NO_START_LINE) && (count > 0)) +- { +- ERR_clear_error(); +- break; +- } +- else +- { +- X509err(X509_F_X509_LOAD_CRL_FILE, +- ERR_R_PEM_LIB); +- goto err; +- } +- } +- i=X509_STORE_add_crl(ctx->store_ctx,x); +- if (!i) goto err; +- count++; +- X509_CRL_free(x); +- x=NULL; +- } +- ret=count; +- } +- else if (type == X509_FILETYPE_ASN1) +- { +- x=d2i_X509_CRL_bio(in,NULL); +- if (x == NULL) +- { +- X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB); +- goto err; +- } +- i=X509_STORE_add_crl(ctx->store_ctx,x); +- if (!i) goto err; +- ret=i; +- } +- else +- { +- X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE); +- goto err; +- } +-err: +- if (x != NULL) X509_CRL_free(x); +- if (in != NULL) BIO_free(in); +- return(ret); +- } ++ if (type == X509_FILETYPE_PEM) { ++ for (;;) { ++ x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); ++ if (x == NULL) { ++ if ((ERR_GET_REASON(ERR_peek_last_error()) == ++ PEM_R_NO_START_LINE) && (count > 0)) { ++ ERR_clear_error(); ++ break; ++ } else { ++ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB); ++ goto err; ++ } ++ } ++ i = X509_STORE_add_crl(ctx->store_ctx, x); ++ if (!i) ++ goto err; ++ count++; ++ X509_CRL_free(x); ++ x = NULL; ++ } ++ ret = count; ++ } else if (type == X509_FILETYPE_ASN1) { ++ x = d2i_X509_CRL_bio(in, NULL); ++ if (x == NULL) { ++ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB); ++ goto err; ++ } ++ i = X509_STORE_add_crl(ctx->store_ctx, x); ++ if (!i) ++ goto err; ++ ret = i; ++ } else { ++ X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE); ++ goto err; ++ } ++ err: ++ if (x != NULL) ++ X509_CRL_free(x); ++ if (in != NULL) ++ BIO_free(in); ++ return (ret); ++} + + int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) + { +- STACK_OF(X509_INFO) *inf; +- X509_INFO *itmp; +- BIO *in; +- int i, count = 0; +- if(type != X509_FILETYPE_PEM) +- return X509_load_cert_file(ctx, file, type); +- in = BIO_new_file(file, "r"); +- if(!in) { +- X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB); +- return 0; +- } +- inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); +- BIO_free(in); +- if(!inf) { +- X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB); +- return 0; +- } +- for(i = 0; i < sk_X509_INFO_num(inf); i++) { +- itmp = sk_X509_INFO_value(inf, i); +- if(itmp->x509) { +- X509_STORE_add_cert(ctx->store_ctx, itmp->x509); +- count++; +- } +- if(itmp->crl) { +- X509_STORE_add_crl(ctx->store_ctx, itmp->crl); +- count++; +- } +- } +- sk_X509_INFO_pop_free(inf, X509_INFO_free); +- return count; ++ STACK_OF(X509_INFO) *inf; ++ X509_INFO *itmp; ++ BIO *in; ++ int i, count = 0; ++ if (type != X509_FILETYPE_PEM) ++ return X509_load_cert_file(ctx, file, type); ++ in = BIO_new_file(file, "r"); ++ if (!in) { ++ X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); ++ return 0; ++ } ++ inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); ++ BIO_free(in); ++ if (!inf) { ++ X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); ++ return 0; ++ } ++ for (i = 0; i < sk_X509_INFO_num(inf); i++) { ++ itmp = sk_X509_INFO_value(inf, i); ++ if (itmp->x509) { ++ X509_STORE_add_cert(ctx->store_ctx, itmp->x509); ++ count++; ++ } ++ if (itmp->crl) { ++ X509_STORE_add_crl(ctx->store_ctx, itmp->crl); ++ count++; ++ } ++ } ++ sk_X509_INFO_pop_free(inf, X509_INFO_free); ++ return count; + } + +- +-#endif /* OPENSSL_NO_STDIO */ +- ++#endif /* OPENSSL_NO_STDIO */ +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c +index 98460e8..bd59281 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_att.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_att.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,293 +67,318 @@ + + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) + { +- return sk_X509_ATTRIBUTE_num(x); ++ return sk_X509_ATTRIBUTE_num(x); + } + + int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, +- int lastpos) ++ int lastpos) + { +- ASN1_OBJECT *obj; ++ ASN1_OBJECT *obj; + +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) return(-2); +- return(X509at_get_attr_by_OBJ(x,obj,lastpos)); ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) ++ return (-2); ++ return (X509at_get_attr_by_OBJ(x, obj, lastpos)); + } + +-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, +- int lastpos) ++int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ++ ASN1_OBJECT *obj, int lastpos) + { +- int n; +- X509_ATTRIBUTE *ex; ++ int n; ++ X509_ATTRIBUTE *ex; + +- if (sk == NULL) return(-1); +- lastpos++; +- if (lastpos < 0) +- lastpos=0; +- n=sk_X509_ATTRIBUTE_num(sk); +- for ( ; lastpos < n; lastpos++) +- { +- ex=sk_X509_ATTRIBUTE_value(sk,lastpos); +- if (OBJ_cmp(ex->object,obj) == 0) +- return(lastpos); +- } +- return(-1); ++ if (sk == NULL) ++ return (-1); ++ lastpos++; ++ if (lastpos < 0) ++ lastpos = 0; ++ n = sk_X509_ATTRIBUTE_num(sk); ++ for (; lastpos < n; lastpos++) { ++ ex = sk_X509_ATTRIBUTE_value(sk, lastpos); ++ if (OBJ_cmp(ex->object, obj) == 0) ++ return (lastpos); ++ } ++ return (-1); + } + + X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) + { +- if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) +- return NULL; +- else +- return sk_X509_ATTRIBUTE_value(x,loc); ++ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) ++ return NULL; ++ else ++ return sk_X509_ATTRIBUTE_value(x, loc); + } + + X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) + { +- X509_ATTRIBUTE *ret; ++ X509_ATTRIBUTE *ret; + +- if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) +- return(NULL); +- ret=sk_X509_ATTRIBUTE_delete(x,loc); +- return(ret); ++ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) ++ return (NULL); ++ ret = sk_X509_ATTRIBUTE_delete(x, loc); ++ return (ret); + } + + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, +- X509_ATTRIBUTE *attr) ++ X509_ATTRIBUTE *attr) + { +- X509_ATTRIBUTE *new_attr=NULL; +- STACK_OF(X509_ATTRIBUTE) *sk=NULL; ++ X509_ATTRIBUTE *new_attr = NULL; ++ STACK_OF(X509_ATTRIBUTE) *sk = NULL; + +- if (x == NULL) +- { +- X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); +- goto err2; +- } ++ if (x == NULL) { ++ X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER); ++ goto err2; ++ } + +- if (*x == NULL) +- { +- if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) +- goto err; +- } +- else +- sk= *x; ++ if (*x == NULL) { ++ if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) ++ goto err; ++ } else ++ sk = *x; + +- if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL) +- goto err2; +- if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) +- goto err; +- if (*x == NULL) +- *x=sk; +- return(sk); +-err: +- X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE); +-err2: +- if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); +- if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); +- return(NULL); ++ if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) ++ goto err2; ++ if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) ++ goto err; ++ if (*x == NULL) ++ *x = sk; ++ return (sk); ++ err: ++ X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); ++ err2: ++ if (new_attr != NULL) ++ X509_ATTRIBUTE_free(new_attr); ++ if (sk != NULL) ++ sk_X509_ATTRIBUTE_free(sk); ++ return (NULL); + } + +-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, +- const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len) ++STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) ++ **x, const ASN1_OBJECT *obj, ++ int type, ++ const unsigned char *bytes, ++ int len) + { +- X509_ATTRIBUTE *attr; +- STACK_OF(X509_ATTRIBUTE) *ret; +- attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); +- if(!attr) return 0; +- ret = X509at_add1_attr(x, attr); +- X509_ATTRIBUTE_free(attr); +- return ret; ++ X509_ATTRIBUTE *attr; ++ STACK_OF(X509_ATTRIBUTE) *ret; ++ attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); ++ if (!attr) ++ return 0; ++ ret = X509at_add1_attr(x, attr); ++ X509_ATTRIBUTE_free(attr); ++ return ret; + } + +-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, +- int nid, int type, +- const unsigned char *bytes, int len) ++STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) ++ **x, int nid, int type, ++ const unsigned char *bytes, ++ int len) + { +- X509_ATTRIBUTE *attr; +- STACK_OF(X509_ATTRIBUTE) *ret; +- attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); +- if(!attr) return 0; +- ret = X509at_add1_attr(x, attr); +- X509_ATTRIBUTE_free(attr); +- return ret; ++ X509_ATTRIBUTE *attr; ++ STACK_OF(X509_ATTRIBUTE) *ret; ++ attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); ++ if (!attr) ++ return 0; ++ ret = X509at_add1_attr(x, attr); ++ X509_ATTRIBUTE_free(attr); ++ return ret; + } + +-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, +- const char *attrname, int type, +- const unsigned char *bytes, int len) ++STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) ++ **x, const char *attrname, ++ int type, ++ const unsigned char *bytes, ++ int len) + { +- X509_ATTRIBUTE *attr; +- STACK_OF(X509_ATTRIBUTE) *ret; +- attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); +- if(!attr) return 0; +- ret = X509at_add1_attr(x, attr); +- X509_ATTRIBUTE_free(attr); +- return ret; ++ X509_ATTRIBUTE *attr; ++ STACK_OF(X509_ATTRIBUTE) *ret; ++ attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); ++ if (!attr) ++ return 0; ++ ret = X509at_add1_attr(x, attr); ++ X509_ATTRIBUTE_free(attr); ++ return ret; + } + + void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +- ASN1_OBJECT *obj, int lastpos, int type) ++ ASN1_OBJECT *obj, int lastpos, int type) + { +- int i; +- X509_ATTRIBUTE *at; +- i = X509at_get_attr_by_OBJ(x, obj, lastpos); +- if (i == -1) +- return NULL; +- if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) +- return NULL; +- at = X509at_get_attr(x, i); +- if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) +- return NULL; +- return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); ++ int i; ++ X509_ATTRIBUTE *at; ++ i = X509at_get_attr_by_OBJ(x, obj, lastpos); ++ if (i == -1) ++ return NULL; ++ if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) ++ return NULL; ++ at = X509at_get_attr(x, i); ++ if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) ++ return NULL; ++ return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); + } + + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, +- int atrtype, const void *data, int len) ++ int atrtype, const void *data, ++ int len) + { +- ASN1_OBJECT *obj; +- X509_ATTRIBUTE *ret; ++ ASN1_OBJECT *obj; ++ X509_ATTRIBUTE *ret; + +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) +- { +- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID); +- return(NULL); +- } +- ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); +- if (ret == NULL) ASN1_OBJECT_free(obj); +- return(ret); ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) { ++ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len); ++ if (ret == NULL) ++ ASN1_OBJECT_free(obj); ++ return (ret); + } + + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, +- const ASN1_OBJECT *obj, int atrtype, const void *data, int len) ++ const ASN1_OBJECT *obj, ++ int atrtype, const void *data, ++ int len) + { +- X509_ATTRIBUTE *ret; ++ X509_ATTRIBUTE *ret; + +- if ((attr == NULL) || (*attr == NULL)) +- { +- if ((ret=X509_ATTRIBUTE_new()) == NULL) +- { +- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- } +- else +- ret= *attr; ++ if ((attr == NULL) || (*attr == NULL)) { ++ if ((ret = X509_ATTRIBUTE_new()) == NULL) { ++ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, ++ ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ } else ++ ret = *attr; + +- if (!X509_ATTRIBUTE_set1_object(ret,obj)) +- goto err; +- if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) +- goto err; ++ if (!X509_ATTRIBUTE_set1_object(ret, obj)) ++ goto err; ++ if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len)) ++ goto err; + +- if ((attr != NULL) && (*attr == NULL)) *attr=ret; +- return(ret); +-err: +- if ((attr == NULL) || (ret != *attr)) +- X509_ATTRIBUTE_free(ret); +- return(NULL); ++ if ((attr != NULL) && (*attr == NULL)) ++ *attr = ret; ++ return (ret); ++ err: ++ if ((attr == NULL) || (ret != *attr)) ++ X509_ATTRIBUTE_free(ret); ++ return (NULL); + } + + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, +- const char *atrname, int type, const unsigned char *bytes, int len) +- { +- ASN1_OBJECT *obj; +- X509_ATTRIBUTE *nattr; ++ const char *atrname, int type, ++ const unsigned char *bytes, ++ int len) ++{ ++ ASN1_OBJECT *obj; ++ X509_ATTRIBUTE *nattr; + +- obj=OBJ_txt2obj(atrname, 0); +- if (obj == NULL) +- { +- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, +- X509_R_INVALID_FIELD_NAME); +- ERR_add_error_data(2, "name=", atrname); +- return(NULL); +- } +- nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len); +- ASN1_OBJECT_free(obj); +- return nattr; +- } ++ obj = OBJ_txt2obj(atrname, 0); ++ if (obj == NULL) { ++ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, ++ X509_R_INVALID_FIELD_NAME); ++ ERR_add_error_data(2, "name=", atrname); ++ return (NULL); ++ } ++ nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); ++ ASN1_OBJECT_free(obj); ++ return nattr; ++} + + int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) + { +- if ((attr == NULL) || (obj == NULL)) +- return(0); +- ASN1_OBJECT_free(attr->object); +- attr->object=OBJ_dup(obj); +- return(1); ++ if ((attr == NULL) || (obj == NULL)) ++ return (0); ++ ASN1_OBJECT_free(attr->object); ++ attr->object = OBJ_dup(obj); ++ return (1); + } + +-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) ++int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, ++ const void *data, int len) + { +- ASN1_TYPE *ttmp; +- ASN1_STRING *stmp = NULL; +- int atype = 0; +- if (!attr) return 0; +- if(attrtype & MBSTRING_FLAG) { +- stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, +- OBJ_obj2nid(attr->object)); +- if(!stmp) { +- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); +- return 0; +- } +- atype = stmp->type; +- } else if (len != -1){ +- if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; +- if(!ASN1_STRING_set(stmp, data, len)) goto err; +- atype = attrtype; +- } +- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; +- attr->single = 0; +- /* This is a bit naughty because the attribute should really have +- * at least one value but some types use and zero length SET and +- * require this. +- */ +- if (attrtype == 0) +- return 1; +- if(!(ttmp = ASN1_TYPE_new())) goto err; +- if ((len == -1) && !(attrtype & MBSTRING_FLAG)) +- { +- if (!ASN1_TYPE_set1(ttmp, attrtype, data)) +- goto err; +- } +- else +- ASN1_TYPE_set(ttmp, atype, stmp); +- if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; +- return 1; +- err: +- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); +- return 0; ++ ASN1_TYPE *ttmp; ++ ASN1_STRING *stmp = NULL; ++ int atype = 0; ++ if (!attr) ++ return 0; ++ if (attrtype & MBSTRING_FLAG) { ++ stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, ++ OBJ_obj2nid(attr->object)); ++ if (!stmp) { ++ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); ++ return 0; ++ } ++ atype = stmp->type; ++ } else if (len != -1) { ++ if (!(stmp = ASN1_STRING_type_new(attrtype))) ++ goto err; ++ if (!ASN1_STRING_set(stmp, data, len)) ++ goto err; ++ atype = attrtype; ++ } ++ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) ++ goto err; ++ attr->single = 0; ++ /* ++ * This is a bit naughty because the attribute should really have at ++ * least one value but some types use and zero length SET and require ++ * this. ++ */ ++ if (attrtype == 0) ++ return 1; ++ if (!(ttmp = ASN1_TYPE_new())) ++ goto err; ++ if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { ++ if (!ASN1_TYPE_set1(ttmp, attrtype, data)) ++ goto err; ++ } else ++ ASN1_TYPE_set(ttmp, atype, stmp); ++ if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) ++ goto err; ++ return 1; ++ err: ++ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); ++ return 0; + } + + int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) + { +- if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set); +- if(attr->value.single) return 1; +- return 0; ++ if (!attr->single) ++ return sk_ASN1_TYPE_num(attr->value.set); ++ if (attr->value.single) ++ return 1; ++ return 0; + } + + ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) + { +- if (attr == NULL) return(NULL); +- return(attr->object); ++ if (attr == NULL) ++ return (NULL); ++ return (attr->object); + } + + void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, +- int atrtype, void *data) ++ int atrtype, void *data) + { +- ASN1_TYPE *ttmp; +- ttmp = X509_ATTRIBUTE_get0_type(attr, idx); +- if(!ttmp) return NULL; +- if(atrtype != ASN1_TYPE_get(ttmp)){ +- X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); +- return NULL; +- } +- return ttmp->value.ptr; ++ ASN1_TYPE *ttmp; ++ ttmp = X509_ATTRIBUTE_get0_type(attr, idx); ++ if (!ttmp) ++ return NULL; ++ if (atrtype != ASN1_TYPE_get(ttmp)) { ++ X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); ++ return NULL; ++ } ++ return ttmp->value.ptr; + } + + ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) + { +- if (attr == NULL) return(NULL); +- if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; +- if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx); +- else return attr->value.single; ++ if (attr == NULL) ++ return (NULL); ++ if (idx >= X509_ATTRIBUTE_count(attr)) ++ return NULL; ++ if (!attr->single) ++ return sk_ASN1_TYPE_value(attr->value.set, idx); ++ else ++ return attr->value.single; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +index 2faf925..de66d37 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,368 +65,361 @@ + #include + + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) +- { +- int i; +- X509_CINF *ai,*bi; +- +- ai=a->cert_info; +- bi=b->cert_info; +- i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); +- if (i) return(i); +- return(X509_NAME_cmp(ai->issuer,bi->issuer)); +- } ++{ ++ int i; ++ X509_CINF *ai, *bi; ++ ++ ai = a->cert_info; ++ bi = b->cert_info; ++ i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); ++ if (i) ++ return (i); ++ return (X509_NAME_cmp(ai->issuer, bi->issuer)); ++} + + #ifndef OPENSSL_NO_MD5 + unsigned long X509_issuer_and_serial_hash(X509 *a) +- { +- unsigned long ret=0; +- EVP_MD_CTX ctx; +- unsigned char md[16]; +- char *f; +- +- EVP_MD_CTX_init(&ctx); +- f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); +- ret=strlen(f); +- EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); +- EVP_DigestUpdate(&ctx,(unsigned char *)f,ret); +- OPENSSL_free(f); +- EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, +- (unsigned long)a->cert_info->serialNumber->length); +- EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); +- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| +- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) +- )&0xffffffffL; +- EVP_MD_CTX_cleanup(&ctx); +- return(ret); +- } ++{ ++ unsigned long ret = 0; ++ EVP_MD_CTX ctx; ++ unsigned char md[16]; ++ char *f; ++ ++ EVP_MD_CTX_init(&ctx); ++ f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); ++ ret = strlen(f); ++ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); ++ EVP_DigestUpdate(&ctx, (unsigned char *)f, ret); ++ OPENSSL_free(f); ++ EVP_DigestUpdate(&ctx, (unsigned char *)a->cert_info->serialNumber->data, ++ (unsigned long)a->cert_info->serialNumber->length); ++ EVP_DigestFinal_ex(&ctx, &(md[0]), NULL); ++ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ++ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ++ ) & 0xffffffffL; ++ EVP_MD_CTX_cleanup(&ctx); ++ return (ret); ++} + #endif +- ++ + int X509_issuer_name_cmp(const X509 *a, const X509 *b) +- { +- return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); +- } ++{ ++ return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer)); ++} + + int X509_subject_name_cmp(const X509 *a, const X509 *b) +- { +- return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); +- } ++{ ++ return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject)); ++} + + int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) +- { +- return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); +- } ++{ ++ return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); ++} + + X509_NAME *X509_get_issuer_name(X509 *a) +- { +- return(a->cert_info->issuer); +- } ++{ ++ return (a->cert_info->issuer); ++} + + unsigned long X509_issuer_name_hash(X509 *x) +- { +- return(X509_NAME_hash(x->cert_info->issuer)); +- } ++{ ++ return (X509_NAME_hash(x->cert_info->issuer)); ++} + + X509_NAME *X509_get_subject_name(X509 *a) +- { +- return(a->cert_info->subject); +- } ++{ ++ return (a->cert_info->subject); ++} + + ASN1_INTEGER *X509_get_serialNumber(X509 *a) +- { +- return(a->cert_info->serialNumber); +- } ++{ ++ return (a->cert_info->serialNumber); ++} + + unsigned long X509_subject_name_hash(X509 *x) +- { +- return(X509_NAME_hash(x->cert_info->subject)); +- } ++{ ++ return (X509_NAME_hash(x->cert_info->subject)); ++} + + #ifndef OPENSSL_NO_SHA +-/* Compare two certificates: they must be identical for +- * this to work. NB: Although "cmp" operations are generally +- * prototyped to take "const" arguments (eg. for use in +- * STACKs), the way X509 handling is - these operations may +- * involve ensuring the hashes are up-to-date and ensuring +- * certain cert information is cached. So this is the point +- * where the "depth-first" constification tree has to halt +- * with an evil cast. ++/* ++ * Compare two certificates: they must be identical for this to work. NB: ++ * Although "cmp" operations are generally prototyped to take "const" ++ * arguments (eg. for use in STACKs), the way X509 handling is - these ++ * operations may involve ensuring the hashes are up-to-date and ensuring ++ * certain cert information is cached. So this is the point where the ++ * "depth-first" constification tree has to halt with an evil cast. + */ + int X509_cmp(const X509 *a, const X509 *b) + { +- /* ensure hash is valid */ +- X509_check_purpose((X509 *)a, -1, 0); +- X509_check_purpose((X509 *)b, -1, 0); ++ /* ensure hash is valid */ ++ X509_check_purpose((X509 *)a, -1, 0); ++ X509_check_purpose((X509 *)b, -1, 0); + +- return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); ++ return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); + } + #endif + +- + /* Case insensitive string comparision */ + static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b) + { +- int i; ++ int i; + +- if (a->length != b->length) +- return (a->length - b->length); ++ if (a->length != b->length) ++ return (a->length - b->length); + +- for (i=0; ilength; i++) +- { +- int ca, cb; ++ for (i = 0; i < a->length; i++) { ++ int ca, cb; + +- ca = tolower(a->data[i]); +- cb = tolower(b->data[i]); ++ ca = tolower(a->data[i]); ++ cb = tolower(b->data[i]); + +- if (ca != cb) +- return(ca-cb); +- } +- return 0; ++ if (ca != cb) ++ return (ca - cb); ++ } ++ return 0; + } + +-/* Case insensitive string comparision with space normalization +- * Space normalization - ignore leading, trailing spaces, +- * multiple spaces between characters are replaced by single space ++/* ++ * Case insensitive string comparision with space normalization Space ++ * normalization - ignore leading, trailing spaces, multiple spaces between ++ * characters are replaced by single space + */ + static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b) + { +- unsigned char *pa = NULL, *pb = NULL; +- int la, lb; +- +- la = a->length; +- lb = b->length; +- pa = a->data; +- pb = b->data; +- +- /* skip leading spaces */ +- while (la > 0 && isspace(*pa)) +- { +- la--; +- pa++; +- } +- while (lb > 0 && isspace(*pb)) +- { +- lb--; +- pb++; +- } +- +- /* skip trailing spaces */ +- while (la > 0 && isspace(pa[la-1])) +- la--; +- while (lb > 0 && isspace(pb[lb-1])) +- lb--; +- +- /* compare strings with space normalization */ +- while (la > 0 && lb > 0) +- { +- int ca, cb; +- +- /* compare character */ +- ca = tolower(*pa); +- cb = tolower(*pb); +- if (ca != cb) +- return (ca - cb); +- +- pa++; pb++; +- la--; lb--; +- +- if (la <= 0 || lb <= 0) +- break; +- +- /* is white space next character ? */ +- if (isspace(*pa) && isspace(*pb)) +- { +- /* skip remaining white spaces */ +- while (la > 0 && isspace(*pa)) +- { +- la--; +- pa++; +- } +- while (lb > 0 && isspace(*pb)) +- { +- lb--; +- pb++; +- } +- } +- } +- if (la > 0 || lb > 0) +- return la - lb; +- +- return 0; ++ unsigned char *pa = NULL, *pb = NULL; ++ int la, lb; ++ ++ la = a->length; ++ lb = b->length; ++ pa = a->data; ++ pb = b->data; ++ ++ /* skip leading spaces */ ++ while (la > 0 && isspace(*pa)) { ++ la--; ++ pa++; ++ } ++ while (lb > 0 && isspace(*pb)) { ++ lb--; ++ pb++; ++ } ++ ++ /* skip trailing spaces */ ++ while (la > 0 && isspace(pa[la - 1])) ++ la--; ++ while (lb > 0 && isspace(pb[lb - 1])) ++ lb--; ++ ++ /* compare strings with space normalization */ ++ while (la > 0 && lb > 0) { ++ int ca, cb; ++ ++ /* compare character */ ++ ca = tolower(*pa); ++ cb = tolower(*pb); ++ if (ca != cb) ++ return (ca - cb); ++ ++ pa++; ++ pb++; ++ la--; ++ lb--; ++ ++ if (la <= 0 || lb <= 0) ++ break; ++ ++ /* is white space next character ? */ ++ if (isspace(*pa) && isspace(*pb)) { ++ /* skip remaining white spaces */ ++ while (la > 0 && isspace(*pa)) { ++ la--; ++ pa++; ++ } ++ while (lb > 0 && isspace(*pb)) { ++ lb--; ++ pb++; ++ } ++ } ++ } ++ if (la > 0 || lb > 0) ++ return la - lb; ++ ++ return 0; + } + + static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b) +- { +- int j; +- j = a->length - b->length; +- if (j) +- return j; +- return memcmp(a->data, b->data, a->length); +- } ++{ ++ int j; ++ j = a->length - b->length; ++ if (j) ++ return j; ++ return memcmp(a->data, b->data, a->length); ++} + + #define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING) + + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) +- { +- int i,j; +- X509_NAME_ENTRY *na,*nb; +- +- unsigned long nabit, nbbit; +- +- j = sk_X509_NAME_ENTRY_num(a->entries) +- - sk_X509_NAME_ENTRY_num(b->entries); +- if (j) +- return j; +- for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) +- { +- na=sk_X509_NAME_ENTRY_value(a->entries,i); +- nb=sk_X509_NAME_ENTRY_value(b->entries,i); +- j=na->value->type-nb->value->type; +- if (j) +- { +- nabit = ASN1_tag2bit(na->value->type); +- nbbit = ASN1_tag2bit(nb->value->type); +- if (!(nabit & STR_TYPE_CMP) || +- !(nbbit & STR_TYPE_CMP)) +- return j; +- if (!asn1_string_memcmp(na->value, nb->value)) +- j = 0; +- } +- else if (na->value->type == V_ASN1_PRINTABLESTRING) +- j=nocase_spacenorm_cmp(na->value, nb->value); +- else if (na->value->type == V_ASN1_IA5STRING +- && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) +- j=nocase_cmp(na->value, nb->value); +- else +- j = asn1_string_memcmp(na->value, nb->value); +- if (j) return(j); +- j=na->set-nb->set; +- if (j) return(j); +- } +- +- /* We will check the object types after checking the values +- * since the values will more often be different than the object +- * types. */ +- for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) +- { +- na=sk_X509_NAME_ENTRY_value(a->entries,i); +- nb=sk_X509_NAME_ENTRY_value(b->entries,i); +- j=OBJ_cmp(na->object,nb->object); +- if (j) return(j); +- } +- return(0); +- } ++{ ++ int i, j; ++ X509_NAME_ENTRY *na, *nb; ++ ++ unsigned long nabit, nbbit; ++ ++ j = sk_X509_NAME_ENTRY_num(a->entries) ++ - sk_X509_NAME_ENTRY_num(b->entries); ++ if (j) ++ return j; ++ for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) { ++ na = sk_X509_NAME_ENTRY_value(a->entries, i); ++ nb = sk_X509_NAME_ENTRY_value(b->entries, i); ++ j = na->value->type - nb->value->type; ++ if (j) { ++ nabit = ASN1_tag2bit(na->value->type); ++ nbbit = ASN1_tag2bit(nb->value->type); ++ if (!(nabit & STR_TYPE_CMP) || !(nbbit & STR_TYPE_CMP)) ++ return j; ++ if (!asn1_string_memcmp(na->value, nb->value)) ++ j = 0; ++ } else if (na->value->type == V_ASN1_PRINTABLESTRING) ++ j = nocase_spacenorm_cmp(na->value, nb->value); ++ else if (na->value->type == V_ASN1_IA5STRING ++ && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress) ++ j = nocase_cmp(na->value, nb->value); ++ else ++ j = asn1_string_memcmp(na->value, nb->value); ++ if (j) ++ return (j); ++ j = na->set - nb->set; ++ if (j) ++ return (j); ++ } ++ ++ /* ++ * We will check the object types after checking the values since the ++ * values will more often be different than the object types. ++ */ ++ for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) { ++ na = sk_X509_NAME_ENTRY_value(a->entries, i); ++ nb = sk_X509_NAME_ENTRY_value(b->entries, i); ++ j = OBJ_cmp(na->object, nb->object); ++ if (j) ++ return (j); ++ } ++ return (0); ++} + + #ifndef OPENSSL_NO_MD5 +-/* I now DER encode the name and hash it. Since I cache the DER encoding, +- * this is reasonably efficient. */ ++/* ++ * I now DER encode the name and hash it. Since I cache the DER encoding, ++ * this is reasonably efficient. ++ */ + unsigned long X509_NAME_hash(X509_NAME *x) +- { +- unsigned long ret=0; +- unsigned char md[16]; +- EVP_MD_CTX md_ctx; +- +- /* Make sure X509_NAME structure contains valid cached encoding */ +- i2d_X509_NAME(x,NULL); +- EVP_MD_CTX_init(&md_ctx); +- EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +- EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); +- EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); +- EVP_DigestFinal_ex(&md_ctx,md,NULL); +- EVP_MD_CTX_cleanup(&md_ctx); +- +- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| +- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) +- )&0xffffffffL; +- return(ret); +- } ++{ ++ unsigned long ret = 0; ++ unsigned char md[16]; ++ EVP_MD_CTX md_ctx; ++ ++ /* Make sure X509_NAME structure contains valid cached encoding */ ++ i2d_X509_NAME(x, NULL); ++ EVP_MD_CTX_init(&md_ctx); ++ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); ++ EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); ++ EVP_DigestFinal_ex(&md_ctx, md, NULL); ++ EVP_MD_CTX_cleanup(&md_ctx); ++ ++ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | ++ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ++ ) & 0xffffffffL; ++ return (ret); ++} + #endif + + /* Search a stack of X509 for a match */ + X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, +- ASN1_INTEGER *serial) +- { +- int i; +- X509_CINF cinf; +- X509 x,*x509=NULL; +- +- if(!sk) return NULL; +- +- x.cert_info= &cinf; +- cinf.serialNumber=serial; +- cinf.issuer=name; +- +- for (i=0; icert_info == NULL)) +- return(NULL); +- return(X509_PUBKEY_get(x->cert_info->key)); +- } ++{ ++ if ((x == NULL) || (x->cert_info == NULL)) ++ return (NULL); ++ return (X509_PUBKEY_get(x->cert_info->key)); ++} + + ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) +- { +- if(!x) return NULL; +- return x->cert_info->key->public_key; +- } ++{ ++ if (!x) ++ return NULL; ++ return x->cert_info->key->public_key; ++} + + int X509_check_private_key(X509 *x, EVP_PKEY *k) +- { +- EVP_PKEY *xk=NULL; +- int ok=0; +- +- xk=X509_get_pubkey(x); +- switch (EVP_PKEY_cmp(xk, k)) +- { +- case 1: +- ok=1; +- break; +- case 0: +- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); +- break; +- case -1: +- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); +- break; +- case -2: ++{ ++ EVP_PKEY *xk = NULL; ++ int ok = 0; ++ ++ xk = X509_get_pubkey(x); ++ switch (EVP_PKEY_cmp(xk, k)) { ++ case 1: ++ ok = 1; ++ break; ++ case 0: ++ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH); ++ break; ++ case -1: ++ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH); ++ break; ++ case -2: + #ifndef OPENSSL_NO_EC +- if (k->type == EVP_PKEY_EC) +- { +- X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); +- break; +- } ++ if (k->type == EVP_PKEY_EC) { ++ X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); ++ break; ++ } + #endif + #ifndef OPENSSL_NO_DH +- if (k->type == EVP_PKEY_DH) +- { +- /* No idea */ +- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); +- break; +- } ++ if (k->type == EVP_PKEY_DH) { ++ /* No idea */ ++ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_CANT_CHECK_DH_KEY); ++ break; ++ } + #endif +- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); +- } ++ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); ++ } + +- EVP_PKEY_free(xk); +- return(ok); +- } ++ EVP_PKEY_free(xk); ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c +index 51410cf..50ca2a6 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,45 +63,47 @@ + + #ifndef OPENSSL_NO_STDIO + int X509_STORE_set_default_paths(X509_STORE *ctx) +- { +- X509_LOOKUP *lookup; ++{ ++ X509_LOOKUP *lookup; ++ ++ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); ++ if (lookup == NULL) ++ return (0); ++ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + +- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); +- if (lookup == NULL) return(0); +- X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); ++ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); ++ if (lookup == NULL) ++ return (0); ++ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); + +- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); +- if (lookup == NULL) return(0); +- X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); +- +- /* clear any errors */ +- ERR_clear_error(); ++ /* clear any errors */ ++ ERR_clear_error(); + +- return(1); +- } ++ return (1); ++} + + int X509_STORE_load_locations(X509_STORE *ctx, const char *file, +- const char *path) +- { +- X509_LOOKUP *lookup; ++ const char *path) ++{ ++ X509_LOOKUP *lookup; + +- if (file != NULL) +- { +- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); +- if (lookup == NULL) return(0); +- if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1) +- return(0); +- } +- if (path != NULL) +- { +- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); +- if (lookup == NULL) return(0); +- if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1) +- return(0); +- } +- if ((path == NULL) && (file == NULL)) +- return(0); +- return(1); +- } ++ if (file != NULL) { ++ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); ++ if (lookup == NULL) ++ return (0); ++ if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1) ++ return (0); ++ } ++ if (path != NULL) { ++ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); ++ if (lookup == NULL) ++ return (0); ++ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) ++ return (0); ++ } ++ if ((path == NULL) && (file == NULL)) ++ return (0); ++ return (1); ++} + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c +index e0ac151..25c5537 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_def.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_def.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -62,20 +62,31 @@ + #include + + const char *X509_get_default_private_dir(void) +- { return(X509_PRIVATE_DIR); } +- ++{ ++ return (X509_PRIVATE_DIR); ++} ++ + const char *X509_get_default_cert_area(void) +- { return(X509_CERT_AREA); } ++{ ++ return (X509_CERT_AREA); ++} + + const char *X509_get_default_cert_dir(void) +- { return(X509_CERT_DIR); } ++{ ++ return (X509_CERT_DIR); ++} + + const char *X509_get_default_cert_file(void) +- { return(X509_CERT_FILE); } ++{ ++ return (X509_CERT_FILE); ++} + + const char *X509_get_default_cert_dir_env(void) +- { return(X509_CERT_DIR_EVP); } ++{ ++ return (X509_CERT_DIR_EVP); ++} + + const char *X509_get_default_cert_file_env(void) +- { return(X509_CERT_FILE_EVP); } +- ++{ ++ return (X509_CERT_FILE_EVP); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +index fb37729..ea14920 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_err.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,97 +66,110 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) + +-static ERR_STRING_DATA X509_str_functs[]= +- { +-{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, +-{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, +-{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, +-{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, +-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, +-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, +-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, +-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, +-{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, +-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"}, +-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"}, +-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"}, +-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, +-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, +-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, +-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, +-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"}, +-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"}, +-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"}, +-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, +-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, +-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, +-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, +-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"}, +-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"}, +-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"}, +-{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, +-{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, +-{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, +-{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, +-{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, +-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"}, +-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, +-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, +-{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, +-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, +-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, +-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"}, +-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, +-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, +-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"}, +-{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, +-{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, +-{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, +-{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA X509_str_functs[] = { ++ {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, ++ {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, ++ {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, ++ {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, ++ {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, ++ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, ++ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, ++ {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, ++ {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"}, ++ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), ++ "X509_ATTRIBUTE_create_by_NID"}, ++ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), ++ "X509_ATTRIBUTE_create_by_OBJ"}, ++ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), ++ "X509_ATTRIBUTE_create_by_txt"}, ++ {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"}, ++ {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"}, ++ {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"}, ++ {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"}, ++ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), ++ "X509_EXTENSION_create_by_NID"}, ++ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), ++ "X509_EXTENSION_create_by_OBJ"}, ++ {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), ++ "X509_get_pubkey_parameters"}, ++ {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"}, ++ {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"}, ++ {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"}, ++ {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"}, ++ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), ++ "X509_NAME_ENTRY_create_by_NID"}, ++ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), ++ "X509_NAME_ENTRY_create_by_txt"}, ++ {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), ++ "X509_NAME_ENTRY_set_object"}, ++ {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, ++ {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, ++ {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, ++ {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, ++ {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, ++ {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), ++ "X509_REQ_check_private_key"}, ++ {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"}, ++ {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"}, ++ {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"}, ++ {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"}, ++ {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"}, ++ {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), ++ "X509_STORE_CTX_get1_issuer"}, ++ {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"}, ++ {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"}, ++ {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), ++ "X509_STORE_CTX_purpose_inherit"}, ++ {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"}, ++ {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"}, ++ {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"}, ++ {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA X509_str_reasons[]= +- { +-{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"}, +-{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"}, +-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"}, +-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"}, +-{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"}, +-{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"}, +-{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"}, +-{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"}, +-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"}, +-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"}, +-{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"}, +-{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"}, +-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"}, +-{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"}, +-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"}, +-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"}, +-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"}, +-{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"}, +-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"}, +-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"}, +-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"}, +-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"}, +-{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA X509_str_reasons[] = { ++ {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, ++ {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, ++ {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, ++ {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), ++ "cert already in hash table"}, ++ {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"}, ++ {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, ++ {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, ++ {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"}, ++ {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, ++ {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"}, ++ {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"}, ++ {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"}, ++ {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), ++ "no cert set for us to verify"}, ++ {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"}, ++ {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), ++ "unable to find parameters in chain"}, ++ {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), ++ "unable to get certs public key"}, ++ {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"}, ++ {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"}, ++ {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"}, ++ {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, ++ {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, ++ {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"}, ++ {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_X509_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(X509_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,X509_str_functs); +- ERR_load_strings(0,X509_str_reasons); +- } ++ if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, X509_str_functs); ++ ERR_load_strings(0, X509_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c +index e7fdacb..fb4e311 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,146 +65,147 @@ + #include + #include + +- + int X509_CRL_get_ext_count(X509_CRL *x) +- { +- return(X509v3_get_ext_count(x->crl->extensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->crl->extensions)); ++} + + int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); ++} + + int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); ++} + + int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); ++} + + X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) +- { +- return(X509v3_get_ext(x->crl->extensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->crl->extensions, loc)); ++} + + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) +- { +- return(X509v3_delete_ext(x->crl->extensions,loc)); +- } ++{ ++ return (X509v3_delete_ext(x->crl->extensions, loc)); ++} + + void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) + { +- return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); ++ return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); + } + + int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, +- unsigned long flags) ++ unsigned long flags) + { +- return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); ++ return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); + } + + int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); ++} + + int X509_get_ext_count(X509 *x) +- { +- return(X509v3_get_ext_count(x->cert_info->extensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->cert_info->extensions)); ++} + + int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); ++} + + int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); ++} + + int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_critical ++ (x->cert_info->extensions, crit, lastpos)); ++} + + X509_EXTENSION *X509_get_ext(X509 *x, int loc) +- { +- return(X509v3_get_ext(x->cert_info->extensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->cert_info->extensions, loc)); ++} + + X509_EXTENSION *X509_delete_ext(X509 *x, int loc) +- { +- return(X509v3_delete_ext(x->cert_info->extensions,loc)); +- } ++{ ++ return (X509v3_delete_ext(x->cert_info->extensions, loc)); ++} + + int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); ++} + + void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) + { +- return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); ++ return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); + } + + int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +- unsigned long flags) ++ unsigned long flags) + { +- return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, +- flags); ++ return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, ++ flags); + } + + int X509_REVOKED_get_ext_count(X509_REVOKED *x) +- { +- return(X509v3_get_ext_count(x->extensions)); +- } ++{ ++ return (X509v3_get_ext_count(x->extensions)); ++} + + int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) +- { +- return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); ++} + + int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, +- int lastpos) +- { +- return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); +- } ++ int lastpos) ++{ ++ return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); ++} + + int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) +- { +- return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); +- } ++{ ++ return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); ++} + + X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) +- { +- return(X509v3_get_ext(x->extensions,loc)); +- } ++{ ++ return (X509v3_get_ext(x->extensions, loc)); ++} + + X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) +- { +- return(X509v3_delete_ext(x->extensions,loc)); +- } ++{ ++ return (X509v3_delete_ext(x->extensions, loc)); ++} + + int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) +- { +- return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); +- } ++{ ++ return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); ++} + + void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) + { +- return X509V3_get_d2i(x->extensions, nid, crit, idx); ++ return X509V3_get_d2i(x->extensions, nid, crit, idx); + } + + int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, +- unsigned long flags) ++ unsigned long flags) + { +- return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); ++ return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); + } + + IMPLEMENT_STACK_OF(X509_EXTENSION) ++ + IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +index b486171..684ef5f 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,423 +63,413 @@ + #include + + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) +- { +- X509_LOOKUP *ret; +- +- ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); +- if (ret == NULL) return NULL; +- +- ret->init=0; +- ret->skip=0; +- ret->method=method; +- ret->method_data=NULL; +- ret->store_ctx=NULL; +- if ((method->new_item != NULL) && !method->new_item(ret)) +- { +- OPENSSL_free(ret); +- return NULL; +- } +- return ret; +- } ++{ ++ X509_LOOKUP *ret; ++ ++ ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); ++ if (ret == NULL) ++ return NULL; ++ ++ ret->init = 0; ++ ret->skip = 0; ++ ret->method = method; ++ ret->method_data = NULL; ++ ret->store_ctx = NULL; ++ if ((method->new_item != NULL) && !method->new_item(ret)) { ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + void X509_LOOKUP_free(X509_LOOKUP *ctx) +- { +- if (ctx == NULL) return; +- if ( (ctx->method != NULL) && +- (ctx->method->free != NULL)) +- ctx->method->free(ctx); +- OPENSSL_free(ctx); +- } ++{ ++ if (ctx == NULL) ++ return; ++ if ((ctx->method != NULL) && (ctx->method->free != NULL)) ++ ctx->method->free(ctx); ++ OPENSSL_free(ctx); ++} + + int X509_LOOKUP_init(X509_LOOKUP *ctx) +- { +- if (ctx->method == NULL) return 0; +- if (ctx->method->init != NULL) +- return ctx->method->init(ctx); +- else +- return 1; +- } ++{ ++ if (ctx->method == NULL) ++ return 0; ++ if (ctx->method->init != NULL) ++ return ctx->method->init(ctx); ++ else ++ return 1; ++} + + int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) +- { +- if (ctx->method == NULL) return 0; +- if (ctx->method->shutdown != NULL) +- return ctx->method->shutdown(ctx); +- else +- return 1; +- } ++{ ++ if (ctx->method == NULL) ++ return 0; ++ if (ctx->method->shutdown != NULL) ++ return ctx->method->shutdown(ctx); ++ else ++ return 1; ++} + + int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, +- char **ret) +- { +- if (ctx->method == NULL) return -1; +- if (ctx->method->ctrl != NULL) +- return ctx->method->ctrl(ctx,cmd,argc,argl,ret); +- else +- return 1; +- } ++ char **ret) ++{ ++ if (ctx->method == NULL) ++ return -1; ++ if (ctx->method->ctrl != NULL) ++ return ctx->method->ctrl(ctx, cmd, argc, argl, ret); ++ else ++ return 1; ++} + + int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, +- X509_OBJECT *ret) +- { +- if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) +- return X509_LU_FAIL; +- if (ctx->skip) return 0; +- return ctx->method->get_by_subject(ctx,type,name,ret); +- } ++ X509_OBJECT *ret) ++{ ++ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) ++ return X509_LU_FAIL; ++ if (ctx->skip) ++ return 0; ++ return ctx->method->get_by_subject(ctx, type, name, ret); ++} + + int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, +- ASN1_INTEGER *serial, X509_OBJECT *ret) +- { +- if ((ctx->method == NULL) || +- (ctx->method->get_by_issuer_serial == NULL)) +- return X509_LU_FAIL; +- return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); +- } ++ ASN1_INTEGER *serial, X509_OBJECT *ret) ++{ ++ if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) ++ return X509_LU_FAIL; ++ return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); ++} + + int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, +- unsigned char *bytes, int len, X509_OBJECT *ret) +- { +- if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) +- return X509_LU_FAIL; +- return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); +- } ++ unsigned char *bytes, int len, ++ X509_OBJECT *ret) ++{ ++ if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) ++ return X509_LU_FAIL; ++ return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); ++} + + int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, +- X509_OBJECT *ret) +- { +- if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) +- return X509_LU_FAIL; +- return ctx->method->get_by_alias(ctx,type,str,len,ret); +- } +- +- +-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) +- { +- int ret; +- +- ret=((*a)->type - (*b)->type); +- if (ret) return ret; +- switch ((*a)->type) +- { +- case X509_LU_X509: +- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); +- break; +- case X509_LU_CRL: +- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); +- break; +- default: +- /* abort(); */ +- return 0; +- } +- return ret; +- } ++ X509_OBJECT *ret) ++{ ++ if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) ++ return X509_LU_FAIL; ++ return ctx->method->get_by_alias(ctx, type, str, len, ret); ++} ++ ++static int x509_object_cmp(const X509_OBJECT *const *a, ++ const X509_OBJECT *const *b) ++{ ++ int ret; ++ ++ ret = ((*a)->type - (*b)->type); ++ if (ret) ++ return ret; ++ switch ((*a)->type) { ++ case X509_LU_X509: ++ ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); ++ break; ++ case X509_LU_CRL: ++ ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); ++ break; ++ default: ++ /* abort(); */ ++ return 0; ++ } ++ return ret; ++} + + X509_STORE *X509_STORE_new(void) +- { +- X509_STORE *ret; +- +- if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) +- return NULL; +- ret->objs = sk_X509_OBJECT_new(x509_object_cmp); +- ret->cache=1; +- ret->get_cert_methods=sk_X509_LOOKUP_new_null(); +- ret->verify=0; +- ret->verify_cb=0; +- +- if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) +- return NULL; +- +- ret->get_issuer = 0; +- ret->check_issued = 0; +- ret->check_revocation = 0; +- ret->get_crl = 0; +- ret->check_crl = 0; +- ret->cert_crl = 0; +- ret->cleanup = 0; +- +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) +- { +- sk_X509_OBJECT_free(ret->objs); +- OPENSSL_free(ret); +- return NULL; +- } +- +- ret->references=1; +- return ret; +- } ++{ ++ X509_STORE *ret; ++ ++ if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) ++ return NULL; ++ ret->objs = sk_X509_OBJECT_new(x509_object_cmp); ++ ret->cache = 1; ++ ret->get_cert_methods = sk_X509_LOOKUP_new_null(); ++ ret->verify = 0; ++ ret->verify_cb = 0; ++ ++ if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) ++ return NULL; ++ ++ ret->get_issuer = 0; ++ ret->check_issued = 0; ++ ret->check_revocation = 0; ++ ret->get_crl = 0; ++ ret->check_crl = 0; ++ ret->cert_crl = 0; ++ ret->cleanup = 0; ++ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { ++ sk_X509_OBJECT_free(ret->objs); ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ ++ ret->references = 1; ++ return ret; ++} + + static void cleanup(X509_OBJECT *a) +- { +- if (a->type == X509_LU_X509) +- { +- X509_free(a->data.x509); +- } +- else if (a->type == X509_LU_CRL) +- { +- X509_CRL_free(a->data.crl); +- } +- else +- { +- /* abort(); */ +- } +- +- OPENSSL_free(a); +- } ++{ ++ if (a->type == X509_LU_X509) { ++ X509_free(a->data.x509); ++ } else if (a->type == X509_LU_CRL) { ++ X509_CRL_free(a->data.crl); ++ } else { ++ /* abort(); */ ++ } ++ ++ OPENSSL_free(a); ++} + + void X509_STORE_free(X509_STORE *vfy) +- { +- int i; +- STACK_OF(X509_LOOKUP) *sk; +- X509_LOOKUP *lu; +- +- if (vfy == NULL) +- return; +- +- sk=vfy->get_cert_methods; +- for (i=0; iobjs, cleanup); +- +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); +- if (vfy->param) +- X509_VERIFY_PARAM_free(vfy->param); +- OPENSSL_free(vfy); +- } ++{ ++ int i; ++ STACK_OF(X509_LOOKUP) *sk; ++ X509_LOOKUP *lu; ++ ++ if (vfy == NULL) ++ return; ++ ++ sk = vfy->get_cert_methods; ++ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { ++ lu = sk_X509_LOOKUP_value(sk, i); ++ X509_LOOKUP_shutdown(lu); ++ X509_LOOKUP_free(lu); ++ } ++ sk_X509_LOOKUP_free(sk); ++ sk_X509_OBJECT_pop_free(vfy->objs, cleanup); ++ ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); ++ if (vfy->param) ++ X509_VERIFY_PARAM_free(vfy->param); ++ OPENSSL_free(vfy); ++} + + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) +- { +- int i; +- STACK_OF(X509_LOOKUP) *sk; +- X509_LOOKUP *lu; +- +- sk=v->get_cert_methods; +- for (i=0; imethod) +- { +- return lu; +- } +- } +- /* a new one */ +- lu=X509_LOOKUP_new(m); +- if (lu == NULL) +- return NULL; +- else +- { +- lu->store_ctx=v; +- if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) +- return lu; +- else +- { +- X509_LOOKUP_free(lu); +- return NULL; +- } +- } +- } ++{ ++ int i; ++ STACK_OF(X509_LOOKUP) *sk; ++ X509_LOOKUP *lu; ++ ++ sk = v->get_cert_methods; ++ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { ++ lu = sk_X509_LOOKUP_value(sk, i); ++ if (m == lu->method) { ++ return lu; ++ } ++ } ++ /* a new one */ ++ lu = X509_LOOKUP_new(m); ++ if (lu == NULL) ++ return NULL; ++ else { ++ lu->store_ctx = v; ++ if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) ++ return lu; ++ else { ++ X509_LOOKUP_free(lu); ++ return NULL; ++ } ++ } ++} + + int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, +- X509_OBJECT *ret) +- { +- X509_STORE *ctx=vs->ctx; +- X509_LOOKUP *lu; +- X509_OBJECT stmp,*tmp; +- int i,j; +- +- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); +- tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); +- +- if (tmp == NULL) +- { +- for (i=vs->current_method; iget_cert_methods); i++) +- { +- lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); +- j=X509_LOOKUP_by_subject(lu,type,name,&stmp); +- if (j < 0) +- { +- vs->current_method=j; +- return j; +- } +- else if (j) +- { +- tmp= &stmp; +- break; +- } +- } +- vs->current_method=0; +- if (tmp == NULL) +- return 0; +- } +- +-/* if (ret->data.ptr != NULL) +- X509_OBJECT_free_contents(ret); */ +- +- ret->type=tmp->type; +- ret->data.ptr=tmp->data.ptr; +- +- X509_OBJECT_up_ref_count(ret); +- +- return 1; +- } ++ X509_OBJECT *ret) ++{ ++ X509_STORE *ctx = vs->ctx; ++ X509_LOOKUP *lu; ++ X509_OBJECT stmp, *tmp; ++ int i, j; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ ++ if (tmp == NULL) { ++ for (i = vs->current_method; ++ i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { ++ lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); ++ j = X509_LOOKUP_by_subject(lu, type, name, &stmp); ++ if (j < 0) { ++ vs->current_method = j; ++ return j; ++ } else if (j) { ++ tmp = &stmp; ++ break; ++ } ++ } ++ vs->current_method = 0; ++ if (tmp == NULL) ++ return 0; ++ } ++ ++/*- if (ret->data.ptr != NULL) ++ X509_OBJECT_free_contents(ret); */ ++ ++ ret->type = tmp->type; ++ ret->data.ptr = tmp->data.ptr; ++ ++ X509_OBJECT_up_ref_count(ret); ++ ++ return 1; ++} + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +- { +- X509_OBJECT *obj; +- int ret=1; +- +- if (x == NULL) return 0; +- obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); +- if (obj == NULL) +- { +- X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- obj->type=X509_LU_X509; +- obj->data.x509=x; +- +- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); +- +- X509_OBJECT_up_ref_count(obj); +- +- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) +- { +- X509_OBJECT_free_contents(obj); +- OPENSSL_free(obj); +- X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); +- ret=0; +- } +- else sk_X509_OBJECT_push(ctx->objs, obj); +- +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); +- +- return ret; +- } ++{ ++ X509_OBJECT *obj; ++ int ret = 1; ++ ++ if (x == NULL) ++ return 0; ++ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); ++ if (obj == NULL) { ++ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ obj->type = X509_LU_X509; ++ obj->data.x509 = x; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ ++ X509_OBJECT_up_ref_count(obj); ++ ++ if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { ++ X509_OBJECT_free_contents(obj); ++ OPENSSL_free(obj); ++ X509err(X509_F_X509_STORE_ADD_CERT, ++ X509_R_CERT_ALREADY_IN_HASH_TABLE); ++ ret = 0; ++ } else ++ sk_X509_OBJECT_push(ctx->objs, obj); ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ ++ return ret; ++} + + int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +- { +- X509_OBJECT *obj; +- int ret=1; +- +- if (x == NULL) return 0; +- obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); +- if (obj == NULL) +- { +- X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- obj->type=X509_LU_CRL; +- obj->data.crl=x; +- +- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); +- +- X509_OBJECT_up_ref_count(obj); +- +- if (X509_OBJECT_retrieve_match(ctx->objs, obj)) +- { +- X509_OBJECT_free_contents(obj); +- OPENSSL_free(obj); +- X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); +- ret=0; +- } +- else sk_X509_OBJECT_push(ctx->objs, obj); +- +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); +- +- return ret; +- } ++{ ++ X509_OBJECT *obj; ++ int ret = 1; ++ ++ if (x == NULL) ++ return 0; ++ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); ++ if (obj == NULL) { ++ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ obj->type = X509_LU_CRL; ++ obj->data.crl = x; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ ++ X509_OBJECT_up_ref_count(obj); ++ ++ if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { ++ X509_OBJECT_free_contents(obj); ++ OPENSSL_free(obj); ++ X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); ++ ret = 0; ++ } else ++ sk_X509_OBJECT_push(ctx->objs, obj); ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ ++ return ret; ++} + + void X509_OBJECT_up_ref_count(X509_OBJECT *a) +- { +- switch (a->type) +- { +- case X509_LU_X509: +- CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); +- break; +- case X509_LU_CRL: +- CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); +- break; +- } +- } ++{ ++ switch (a->type) { ++ case X509_LU_X509: ++ CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); ++ break; ++ case X509_LU_CRL: ++ CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); ++ break; ++ } ++} + + void X509_OBJECT_free_contents(X509_OBJECT *a) +- { +- switch (a->type) +- { +- case X509_LU_X509: +- X509_free(a->data.x509); +- break; +- case X509_LU_CRL: +- X509_CRL_free(a->data.crl); +- break; +- } +- } ++{ ++ switch (a->type) { ++ case X509_LU_X509: ++ X509_free(a->data.x509); ++ break; ++ case X509_LU_CRL: ++ X509_CRL_free(a->data.crl); ++ break; ++ } ++} + + int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, +- X509_NAME *name) +- { +- X509_OBJECT stmp; +- X509 x509_s; +- X509_CINF cinf_s; +- X509_CRL crl_s; +- X509_CRL_INFO crl_info_s; +- +- stmp.type=type; +- switch (type) +- { +- case X509_LU_X509: +- stmp.data.x509= &x509_s; +- x509_s.cert_info= &cinf_s; +- cinf_s.subject=name; +- break; +- case X509_LU_CRL: +- stmp.data.crl= &crl_s; +- crl_s.crl= &crl_info_s; +- crl_info_s.issuer=name; +- break; +- default: +- /* abort(); */ +- return -1; +- } +- +- return sk_X509_OBJECT_find(h,&stmp); +- } +- +-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, +- X509_NAME *name) +- { +- int idx; +- idx = X509_OBJECT_idx_by_subject(h, type, name); +- if (idx==-1) return NULL; +- return sk_X509_OBJECT_value(h, idx); +- } +- +-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) +- { +- int idx, i; +- X509_OBJECT *obj; +- idx = sk_X509_OBJECT_find(h, x); +- if (idx == -1) return NULL; +- if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); +- for (i = idx; i < sk_X509_OBJECT_num(h); i++) +- { +- obj = sk_X509_OBJECT_value(h, i); +- if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) +- return NULL; +- if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) +- return obj; +- } +- return NULL; +- } +- +- +-/* Try to get issuer certificate from store. Due to limitations ++ X509_NAME *name) ++{ ++ X509_OBJECT stmp; ++ X509 x509_s; ++ X509_CINF cinf_s; ++ X509_CRL crl_s; ++ X509_CRL_INFO crl_info_s; ++ ++ stmp.type = type; ++ switch (type) { ++ case X509_LU_X509: ++ stmp.data.x509 = &x509_s; ++ x509_s.cert_info = &cinf_s; ++ cinf_s.subject = name; ++ break; ++ case X509_LU_CRL: ++ stmp.data.crl = &crl_s; ++ crl_s.crl = &crl_info_s; ++ crl_info_s.issuer = name; ++ break; ++ default: ++ /* abort(); */ ++ return -1; ++ } ++ ++ return sk_X509_OBJECT_find(h, &stmp); ++} ++ ++X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, ++ int type, X509_NAME *name) ++{ ++ int idx; ++ idx = X509_OBJECT_idx_by_subject(h, type, name); ++ if (idx == -1) ++ return NULL; ++ return sk_X509_OBJECT_value(h, idx); ++} ++ ++X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, ++ X509_OBJECT *x) ++{ ++ int idx, i; ++ X509_OBJECT *obj; ++ idx = sk_X509_OBJECT_find(h, x); ++ if (idx == -1) ++ return NULL; ++ if (x->type != X509_LU_X509) ++ return sk_X509_OBJECT_value(h, idx); ++ for (i = idx; i < sk_X509_OBJECT_num(h); i++) { ++ obj = sk_X509_OBJECT_value(h, i); ++ if (x509_object_cmp ++ ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) ++ return NULL; ++ if ((x->type != X509_LU_X509) ++ || !X509_cmp(obj->data.x509, x->data.x509)) ++ return obj; ++ } ++ return NULL; ++} ++ ++/*- ++ * Try to get issuer certificate from store. Due to limitations + * of the API this can only retrieve a single certificate matching + * a given subject name. However it will fill the cache with all + * matching certificates, so we can examine the cache for all +@@ -491,89 +481,83 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x + * -1 some other error. + */ + int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +- { +- X509_NAME *xn; +- X509_OBJECT obj, *pobj; +- int i, ok, idx, ret; +- xn=X509_get_issuer_name(x); +- ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); +- if (ok != X509_LU_X509) +- { +- if (ok == X509_LU_RETRY) +- { +- X509_OBJECT_free_contents(&obj); +- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY); +- return -1; +- } +- else if (ok != X509_LU_FAIL) +- { +- X509_OBJECT_free_contents(&obj); +- /* not good :-(, break anyway */ +- return -1; +- } +- return 0; +- } +- /* If certificate matches all OK */ +- if (ctx->check_issued(ctx, x, obj.data.x509)) +- { +- *issuer = obj.data.x509; +- return 1; +- } +- X509_OBJECT_free_contents(&obj); +- +- /* Else find index of first cert accepted by 'check_issued' */ +- ret = 0; +- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); +- idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); +- if (idx != -1) /* should be true as we've had at least one match */ +- { +- /* Look through all matching certs for suitable issuer */ +- for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) +- { +- pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); +- /* See if we've run past the matches */ +- if (pobj->type != X509_LU_X509) +- break; +- if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) +- break; +- if (ctx->check_issued(ctx, x, pobj->data.x509)) +- { +- *issuer = pobj->data.x509; +- X509_OBJECT_up_ref_count(pobj); +- ret = 1; +- break; +- } +- } +- } +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); +- return ret; +- } ++{ ++ X509_NAME *xn; ++ X509_OBJECT obj, *pobj; ++ int i, ok, idx, ret; ++ xn = X509_get_issuer_name(x); ++ ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); ++ if (ok != X509_LU_X509) { ++ if (ok == X509_LU_RETRY) { ++ X509_OBJECT_free_contents(&obj); ++ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY); ++ return -1; ++ } else if (ok != X509_LU_FAIL) { ++ X509_OBJECT_free_contents(&obj); ++ /* not good :-(, break anyway */ ++ return -1; ++ } ++ return 0; ++ } ++ /* If certificate matches all OK */ ++ if (ctx->check_issued(ctx, x, obj.data.x509)) { ++ *issuer = obj.data.x509; ++ return 1; ++ } ++ X509_OBJECT_free_contents(&obj); ++ ++ /* Else find index of first cert accepted by 'check_issued' */ ++ ret = 0; ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); ++ if (idx != -1) { /* should be true as we've had at least one ++ * match */ ++ /* Look through all matching certs for suitable issuer */ ++ for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { ++ pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); ++ /* See if we've run past the matches */ ++ if (pobj->type != X509_LU_X509) ++ break; ++ if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) ++ break; ++ if (ctx->check_issued(ctx, x, pobj->data.x509)) { ++ *issuer = pobj->data.x509; ++ X509_OBJECT_up_ref_count(pobj); ++ ret = 1; ++ break; ++ } ++ } ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ return ret; ++} + + int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) +- { +- return X509_VERIFY_PARAM_set_flags(ctx->param, flags); +- } ++{ ++ return X509_VERIFY_PARAM_set_flags(ctx->param, flags); ++} + + int X509_STORE_set_depth(X509_STORE *ctx, int depth) +- { +- X509_VERIFY_PARAM_set_depth(ctx->param, depth); +- return 1; +- } ++{ ++ X509_VERIFY_PARAM_set_depth(ctx->param, depth); ++ return 1; ++} + + int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) +- { +- return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); +- } ++{ ++ return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); ++} + + int X509_STORE_set_trust(X509_STORE *ctx, int trust) +- { +- return X509_VERIFY_PARAM_set_trust(ctx->param, trust); +- } ++{ ++ return X509_VERIFY_PARAM_set_trust(ctx->param, trust); ++} + + int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) +- { +- return X509_VERIFY_PARAM_set1(ctx->param, param); +- } ++{ ++ return X509_VERIFY_PARAM_set1(ctx->param, param); ++} + + IMPLEMENT_STACK_OF(X509_LOOKUP) ++ + IMPLEMENT_STACK_OF(X509_OBJECT) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +index 1e718f7..c334d3b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,163 +64,149 @@ + #include + + char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) +- { +- X509_NAME_ENTRY *ne; +-int i; +- int n,lold,l,l1,l2,num,j,type; +- const char *s; +- char *p; +- unsigned char *q; +- BUF_MEM *b=NULL; +- static char hex[17]="0123456789ABCDEF"; +- int gs_doit[4]; +- char tmp_buf[80]; ++{ ++ X509_NAME_ENTRY *ne; ++ int i; ++ int n, lold, l, l1, l2, num, j, type; ++ const char *s; ++ char *p; ++ unsigned char *q; ++ BUF_MEM *b = NULL; ++ static char hex[17] = "0123456789ABCDEF"; ++ int gs_doit[4]; ++ char tmp_buf[80]; + #ifdef CHARSET_EBCDIC +- char ebcdic_buf[1024]; ++ char ebcdic_buf[1024]; + #endif + +- if (buf == NULL) +- { +- if ((b=BUF_MEM_new()) == NULL) goto err; +- if (!BUF_MEM_grow(b,200)) goto err; +- b->data[0]='\0'; +- len=200; +- } +- if (a == NULL) +- { +- if(b) +- { +- buf=b->data; +- OPENSSL_free(b); +- } +- strncpy(buf,"NO X509_NAME",len); +- buf[len-1]='\0'; +- return buf; +- } ++ if (buf == NULL) { ++ if ((b = BUF_MEM_new()) == NULL) ++ goto err; ++ if (!BUF_MEM_grow(b, 200)) ++ goto err; ++ b->data[0] = '\0'; ++ len = 200; ++ } ++ if (a == NULL) { ++ if (b) { ++ buf = b->data; ++ OPENSSL_free(b); ++ } ++ strncpy(buf, "NO X509_NAME", len); ++ buf[len - 1] = '\0'; ++ return buf; ++ } + +- len--; /* space for '\0' */ +- l=0; +- for (i=0; ientries); i++) +- { +- ne=sk_X509_NAME_ENTRY_value(a->entries,i); +- n=OBJ_obj2nid(ne->object); +- if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) +- { +- i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); +- s=tmp_buf; +- } +- l1=strlen(s); ++ len--; /* space for '\0' */ ++ l = 0; ++ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { ++ ne = sk_X509_NAME_ENTRY_value(a->entries, i); ++ n = OBJ_obj2nid(ne->object); ++ if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) { ++ i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); ++ s = tmp_buf; ++ } ++ l1 = strlen(s); + +- type=ne->value->type; +- num=ne->value->length; +- q=ne->value->data; ++ type = ne->value->type; ++ num = ne->value->length; ++ q = ne->value->data; + #ifdef CHARSET_EBCDIC +- if (type == V_ASN1_GENERALSTRING || +- type == V_ASN1_VISIBLESTRING || +- type == V_ASN1_PRINTABLESTRING || +- type == V_ASN1_TELETEXSTRING || +- type == V_ASN1_VISIBLESTRING || +- type == V_ASN1_IA5STRING) { +- ascii2ebcdic(ebcdic_buf, q, +- (num > sizeof ebcdic_buf) +- ? sizeof ebcdic_buf : num); +- q=ebcdic_buf; +- } ++ if (type == V_ASN1_GENERALSTRING || ++ type == V_ASN1_VISIBLESTRING || ++ type == V_ASN1_PRINTABLESTRING || ++ type == V_ASN1_TELETEXSTRING || ++ type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) { ++ ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf) ++ ? sizeof ebcdic_buf : num); ++ q = ebcdic_buf; ++ } + #endif + +- if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) +- { +- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; +- for (j=0; j '~')) l2+=3; ++ if ((q[j] < ' ') || (q[j] > '~')) ++ l2 += 3; + #else +- if ((os_toascii[q[j]] < os_toascii[' ']) || +- (os_toascii[q[j]] > os_toascii['~'])) l2+=3; ++ if ((os_toascii[q[j]] < os_toascii[' ']) || ++ (os_toascii[q[j]] > os_toascii['~'])) ++ l2 += 3; + #endif +- } ++ } + +- lold=l; +- l+=1+l1+1+l2; +- if (b != NULL) +- { +- if (!BUF_MEM_grow(b,l+1)) goto err; +- p= &(b->data[lold]); +- } +- else if (l > len) +- { +- break; +- } +- else +- p= &(buf[lold]); +- *(p++)='/'; +- memcpy(p,s,(unsigned int)l1); p+=l1; +- *(p++)='='; ++ lold = l; ++ l += 1 + l1 + 1 + l2; ++ if (b != NULL) { ++ if (!BUF_MEM_grow(b, l + 1)) ++ goto err; ++ p = &(b->data[lold]); ++ } else if (l > len) { ++ break; ++ } else ++ p = &(buf[lold]); ++ *(p++) = '/'; ++ memcpy(p, s, (unsigned int)l1); ++ p += l1; ++ *(p++) = '='; + +-#ifndef CHARSET_EBCDIC /* q was assigned above already. */ +- q=ne->value->data; ++#ifndef CHARSET_EBCDIC /* q was assigned above already. */ ++ q = ne->value->data; + #endif + +- for (j=0; j '~')) +- { +- *(p++)='\\'; +- *(p++)='x'; +- *(p++)=hex[(n>>4)&0x0f]; +- *(p++)=hex[n&0x0f]; +- } +- else +- *(p++)=n; ++ n = q[j]; ++ if ((n < ' ') || (n > '~')) { ++ *(p++) = '\\'; ++ *(p++) = 'x'; ++ *(p++) = hex[(n >> 4) & 0x0f]; ++ *(p++) = hex[n & 0x0f]; ++ } else ++ *(p++) = n; + #else +- n=os_toascii[q[j]]; +- if ((n < os_toascii[' ']) || +- (n > os_toascii['~'])) +- { +- *(p++)='\\'; +- *(p++)='x'; +- *(p++)=hex[(n>>4)&0x0f]; +- *(p++)=hex[n&0x0f]; +- } +- else +- *(p++)=q[j]; ++ n = os_toascii[q[j]]; ++ if ((n < os_toascii[' ']) || (n > os_toascii['~'])) { ++ *(p++) = '\\'; ++ *(p++) = 'x'; ++ *(p++) = hex[(n >> 4) & 0x0f]; ++ *(p++) = hex[n & 0x0f]; ++ } else ++ *(p++) = q[j]; + #endif +- } +- *p='\0'; +- } +- if (b != NULL) +- { +- p=b->data; +- OPENSSL_free(b); +- } +- else +- p=buf; +- if (i == 0) +- *p = '\0'; +- return(p); +-err: +- X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); +- if (b != NULL) BUF_MEM_free(b); +- return(NULL); +- } +- ++ } ++ *p = '\0'; ++ } ++ if (b != NULL) { ++ p = b->data; ++ OPENSSL_free(b); ++ } else ++ p = buf; ++ if (i == 0) ++ *p = '\0'; ++ return (p); ++ err: ++ X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); ++ if (b != NULL) ++ BUF_MEM_free(b); ++ return (NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c +index 254a146..0ff439c 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -66,49 +66,48 @@ + #include + + X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) +- { +- X509 *ret=NULL; +- X509_CINF *xi=NULL; +- X509_NAME *xn; +- +- if ((ret=X509_new()) == NULL) +- { +- X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++{ ++ X509 *ret = NULL; ++ X509_CINF *xi = NULL; ++ X509_NAME *xn; + +- /* duplicate the request */ +- xi=ret->cert_info; ++ if ((ret = X509_new()) == NULL) { ++ X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) +- { +- if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; +- if (!ASN1_INTEGER_set(xi->version,2)) goto err; +-/* xi->extensions=ri->attributes; <- bad, should not ever be done +- ri->attributes=NULL; */ +- } ++ /* duplicate the request */ ++ xi = ret->cert_info; + +- xn=X509_REQ_get_subject_name(r); +- if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0) +- goto err; +- if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0) +- goto err; ++ if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { ++ if ((xi->version = M_ASN1_INTEGER_new()) == NULL) ++ goto err; ++ if (!ASN1_INTEGER_set(xi->version, 2)) ++ goto err; ++/*- xi->extensions=ri->attributes; <- bad, should not ever be done ++ ri->attributes=NULL; */ ++ } + +- if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL) +- goto err; +- if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL) +- goto err; ++ xn = X509_REQ_get_subject_name(r); ++ if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) ++ goto err; ++ if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) ++ goto err; + +- X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); ++ if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) ++ goto err; ++ if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) == ++ NULL) ++ goto err; + +- if (!X509_sign(ret,pkey,EVP_md5())) +- goto err; +- if (0) +- { +-err: +- X509_free(ret); +- ret=NULL; +- } +- return(ret); +- } ++ X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); + ++ if (!X509_sign(ret, pkey, EVP_md5())) ++ goto err; ++ if (0) { ++ err: ++ X509_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +index 3872e1f..31e59c4 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_req.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -67,258 +67,275 @@ + #include + + X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +- { +- X509_REQ *ret; +- X509_REQ_INFO *ri; +- int i; +- EVP_PKEY *pktmp; +- +- ret=X509_REQ_new(); +- if (ret == NULL) +- { +- X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- ri=ret->req_info; +- +- ri->version->length=1; +- ri->version->data=(unsigned char *)OPENSSL_malloc(1); +- if (ri->version->data == NULL) goto err; +- ri->version->data[0]=0; /* version == 0 */ +- +- if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) +- goto err; +- +- pktmp = X509_get_pubkey(x); +- i=X509_REQ_set_pubkey(ret,pktmp); +- EVP_PKEY_free(pktmp); +- if (!i) goto err; +- +- if (pkey != NULL) +- { +- if (!X509_REQ_sign(ret,pkey,md)) +- goto err; +- } +- return(ret); +-err: +- X509_REQ_free(ret); +- return(NULL); +- } ++{ ++ X509_REQ *ret; ++ X509_REQ_INFO *ri; ++ int i; ++ EVP_PKEY *pktmp; ++ ++ ret = X509_REQ_new(); ++ if (ret == NULL) { ++ X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ ri = ret->req_info; ++ ++ ri->version->length = 1; ++ ri->version->data = (unsigned char *)OPENSSL_malloc(1); ++ if (ri->version->data == NULL) ++ goto err; ++ ri->version->data[0] = 0; /* version == 0 */ ++ ++ if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) ++ goto err; ++ ++ pktmp = X509_get_pubkey(x); ++ if (pktmp == NULL) ++ goto err; ++ i = X509_REQ_set_pubkey(ret, pktmp); ++ EVP_PKEY_free(pktmp); ++ if (!i) ++ goto err; ++ ++ if (pkey != NULL) { ++ if (!X509_REQ_sign(ret, pkey, md)) ++ goto err; ++ } ++ return (ret); ++ err: ++ X509_REQ_free(ret); ++ return (NULL); ++} + + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) +- { +- if ((req == NULL) || (req->req_info == NULL)) +- return(NULL); +- return(X509_PUBKEY_get(req->req_info->pubkey)); +- } ++{ ++ if ((req == NULL) || (req->req_info == NULL)) ++ return (NULL); ++ return (X509_PUBKEY_get(req->req_info->pubkey)); ++} + + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +- { +- EVP_PKEY *xk=NULL; +- int ok=0; +- +- xk=X509_REQ_get_pubkey(x); +- switch (EVP_PKEY_cmp(xk, k)) +- { +- case 1: +- ok=1; +- break; +- case 0: +- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); +- break; +- case -1: +- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); +- break; +- case -2: ++{ ++ EVP_PKEY *xk = NULL; ++ int ok = 0; ++ ++ xk = X509_REQ_get_pubkey(x); ++ switch (EVP_PKEY_cmp(xk, k)) { ++ case 1: ++ ok = 1; ++ break; ++ case 0: ++ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ++ X509_R_KEY_VALUES_MISMATCH); ++ break; ++ case -1: ++ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH); ++ break; ++ case -2: + #ifndef OPENSSL_NO_EC +- if (k->type == EVP_PKEY_EC) +- { +- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); +- break; +- } ++ if (k->type == EVP_PKEY_EC) { ++ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); ++ break; ++ } + #endif + #ifndef OPENSSL_NO_DH +- if (k->type == EVP_PKEY_DH) +- { +- /* No idea */ +- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); +- break; +- } ++ if (k->type == EVP_PKEY_DH) { ++ /* No idea */ ++ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ++ X509_R_CANT_CHECK_DH_KEY); ++ break; ++ } + #endif +- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); +- } ++ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); ++ } + +- EVP_PKEY_free(xk); +- return(ok); +- } ++ EVP_PKEY_free(xk); ++ return (ok); ++} + +-/* It seems several organisations had the same idea of including a list of ++/* ++ * It seems several organisations had the same idea of including a list of + * extensions in a certificate request. There are at least two OIDs that are + * used and there may be more: so the list is configurable. + */ + +-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef}; ++static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef }; + + static int *ext_nids = ext_nid_list; + + int X509_REQ_extension_nid(int req_nid) + { +- int i, nid; +- for(i = 0; ; i++) { +- nid = ext_nids[i]; +- if(nid == NID_undef) return 0; +- else if (req_nid == nid) return 1; +- } ++ int i, nid; ++ for (i = 0;; i++) { ++ nid = ext_nids[i]; ++ if (nid == NID_undef) ++ return 0; ++ else if (req_nid == nid) ++ return 1; ++ } + } + + int *X509_REQ_get_extension_nids(void) + { +- return ext_nids; ++ return ext_nids; + } +- ++ + void X509_REQ_set_extension_nids(int *nids) + { +- ext_nids = nids; ++ ext_nids = nids; + } + + STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) +- { +- X509_ATTRIBUTE *attr; +- ASN1_TYPE *ext = NULL; +- int idx, *pnid; +- const unsigned char *p; +- +- if ((req == NULL) || (req->req_info == NULL) || !ext_nids) +- return(NULL); +- for (pnid = ext_nids; *pnid != NID_undef; pnid++) +- { +- idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); +- if (idx == -1) +- continue; +- attr = X509_REQ_get_attr(req, idx); +- if(attr->single) ext = attr->value.single; +- else if(sk_ASN1_TYPE_num(attr->value.set)) +- ext = sk_ASN1_TYPE_value(attr->value.set, 0); +- break; +- } +- if(!ext || (ext->type != V_ASN1_SEQUENCE)) +- return NULL; +- p = ext->value.sequence->data; +- return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, +- ext->value.sequence->length, +- d2i_X509_EXTENSION, X509_EXTENSION_free, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); ++{ ++ X509_ATTRIBUTE *attr; ++ ASN1_TYPE *ext = NULL; ++ int idx, *pnid; ++ const unsigned char *p; ++ ++ if ((req == NULL) || (req->req_info == NULL) || !ext_nids) ++ return (NULL); ++ for (pnid = ext_nids; *pnid != NID_undef; pnid++) { ++ idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); ++ if (idx == -1) ++ continue; ++ attr = X509_REQ_get_attr(req, idx); ++ if (attr->single) ++ ext = attr->value.single; ++ else if (sk_ASN1_TYPE_num(attr->value.set)) ++ ext = sk_ASN1_TYPE_value(attr->value.set, 0); ++ break; ++ } ++ if (!ext || (ext->type != V_ASN1_SEQUENCE)) ++ return NULL; ++ p = ext->value.sequence->data; ++ return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, ++ ext->value.sequence->length, ++ d2i_X509_EXTENSION, ++ X509_EXTENSION_free, ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + } + +-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs ++/* ++ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non standard one. + */ + + int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, +- int nid) ++ int nid) + { +- unsigned char *p = NULL, *q; +- long len; +- ASN1_TYPE *at = NULL; +- X509_ATTRIBUTE *attr = NULL; +- if(!(at = ASN1_TYPE_new()) || +- !(at->value.sequence = ASN1_STRING_new())) goto err; +- +- at->type = V_ASN1_SEQUENCE; +- /* Generate encoding of extensions */ +- len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); +- if(!(p = OPENSSL_malloc(len))) goto err; +- q = p; +- i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); +- at->value.sequence->data = p; +- p = NULL; +- at->value.sequence->length = len; +- if(!(attr = X509_ATTRIBUTE_new())) goto err; +- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; +- if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; +- at = NULL; +- attr->single = 0; +- attr->object = OBJ_nid2obj(nid); +- if (!req->req_info->attributes) +- { +- if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) +- goto err; +- } +- if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; +- return 1; +- err: +- if(p) OPENSSL_free(p); +- X509_ATTRIBUTE_free(attr); +- ASN1_TYPE_free(at); +- return 0; ++ unsigned char *p = NULL, *q; ++ long len; ++ ASN1_TYPE *at = NULL; ++ X509_ATTRIBUTE *attr = NULL; ++ if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) ++ goto err; ++ ++ at->type = V_ASN1_SEQUENCE; ++ /* Generate encoding of extensions */ ++ len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, ++ IS_SEQUENCE); ++ if (!(p = OPENSSL_malloc(len))) ++ goto err; ++ q = p; ++ i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, ++ IS_SEQUENCE); ++ at->value.sequence->data = p; ++ p = NULL; ++ at->value.sequence->length = len; ++ if (!(attr = X509_ATTRIBUTE_new())) ++ goto err; ++ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) ++ goto err; ++ if (!sk_ASN1_TYPE_push(attr->value.set, at)) ++ goto err; ++ at = NULL; ++ attr->single = 0; ++ attr->object = OBJ_nid2obj(nid); ++ if (!req->req_info->attributes) { ++ if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) ++ goto err; ++ } ++ if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) ++ goto err; ++ return 1; ++ err: ++ if (p) ++ OPENSSL_free(p); ++ X509_ATTRIBUTE_free(attr); ++ ASN1_TYPE_free(at); ++ return 0; + } ++ + /* This is the normal usage: use the "official" OID */ + int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) + { +- return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); ++ return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); + } + + /* Request attribute functions */ + + int X509_REQ_get_attr_count(const X509_REQ *req) + { +- return X509at_get_attr_count(req->req_info->attributes); ++ return X509at_get_attr_count(req->req_info->attributes); + } + +-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, +- int lastpos) ++int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) + { +- return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); ++ return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); + } + + int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, +- int lastpos) ++ int lastpos) + { +- return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); ++ return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); + } + + X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) + { +- return X509at_get_attr(req->req_info->attributes, loc); ++ return X509at_get_attr(req->req_info->attributes, loc); + } + + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) + { +- return X509at_delete_attr(req->req_info->attributes, loc); ++ return X509at_delete_attr(req->req_info->attributes, loc); + } + + int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) + { +- if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; +- return 0; ++ if (X509at_add1_attr(&req->req_info->attributes, attr)) ++ return 1; ++ return 0; + } + + int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, +- const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len) ++ const ASN1_OBJECT *obj, int type, ++ const unsigned char *bytes, int len) + { +- if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, +- type, bytes, len)) return 1; +- return 0; ++ if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, ++ type, bytes, len)) ++ return 1; ++ return 0; + } + + int X509_REQ_add1_attr_by_NID(X509_REQ *req, +- int nid, int type, +- const unsigned char *bytes, int len) ++ int nid, int type, ++ const unsigned char *bytes, int len) + { +- if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, +- type, bytes, len)) return 1; +- return 0; ++ if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, ++ type, bytes, len)) ++ return 1; ++ return 0; + } + + int X509_REQ_add1_attr_by_txt(X509_REQ *req, +- const char *attrname, int type, +- const unsigned char *bytes, int len) ++ const char *attrname, int type, ++ const unsigned char *bytes, int len) + { +- if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, +- type, bytes, len)) return 1; +- return 0; ++ if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, ++ type, bytes, len)) ++ return 1; ++ return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +index aaf61ca..4eec1da 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_set.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,87 +64,84 @@ + #include + + int X509_set_version(X509 *x, long version) +- { +- if (x == NULL) return(0); +- if (x->cert_info->version == NULL) +- { +- if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL) +- return(0); +- } +- return(ASN1_INTEGER_set(x->cert_info->version,version)); +- } ++{ ++ if (x == NULL) ++ return (0); ++ if (x->cert_info->version == NULL) { ++ if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL) ++ return (0); ++ } ++ return (ASN1_INTEGER_set(x->cert_info->version, version)); ++} + + int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) +- { +- ASN1_INTEGER *in; ++{ ++ ASN1_INTEGER *in; + +- if (x == NULL) return(0); +- in=x->cert_info->serialNumber; +- if (in != serial) +- { +- in=M_ASN1_INTEGER_dup(serial); +- if (in != NULL) +- { +- M_ASN1_INTEGER_free(x->cert_info->serialNumber); +- x->cert_info->serialNumber=in; +- } +- } +- return(in != NULL); +- } ++ if (x == NULL) ++ return (0); ++ in = x->cert_info->serialNumber; ++ if (in != serial) { ++ in = M_ASN1_INTEGER_dup(serial); ++ if (in != NULL) { ++ M_ASN1_INTEGER_free(x->cert_info->serialNumber); ++ x->cert_info->serialNumber = in; ++ } ++ } ++ return (in != NULL); ++} + + int X509_set_issuer_name(X509 *x, X509_NAME *name) +- { +- if ((x == NULL) || (x->cert_info == NULL)) return(0); +- return(X509_NAME_set(&x->cert_info->issuer,name)); +- } ++{ ++ if ((x == NULL) || (x->cert_info == NULL)) ++ return (0); ++ return (X509_NAME_set(&x->cert_info->issuer, name)); ++} + + int X509_set_subject_name(X509 *x, X509_NAME *name) +- { +- if ((x == NULL) || (x->cert_info == NULL)) return(0); +- return(X509_NAME_set(&x->cert_info->subject,name)); +- } ++{ ++ if ((x == NULL) || (x->cert_info == NULL)) ++ return (0); ++ return (X509_NAME_set(&x->cert_info->subject, name)); ++} + + int X509_set_notBefore(X509 *x, ASN1_TIME *tm) +- { +- ASN1_TIME *in; ++{ ++ ASN1_TIME *in; + +- if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); +- in=x->cert_info->validity->notBefore; +- if (in != tm) +- { +- in=M_ASN1_TIME_dup(tm); +- if (in != NULL) +- { +- M_ASN1_TIME_free(x->cert_info->validity->notBefore); +- x->cert_info->validity->notBefore=in; +- } +- } +- return(in != NULL); +- } ++ if ((x == NULL) || (x->cert_info->validity == NULL)) ++ return (0); ++ in = x->cert_info->validity->notBefore; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->cert_info->validity->notBefore); ++ x->cert_info->validity->notBefore = in; ++ } ++ } ++ return (in != NULL); ++} + + int X509_set_notAfter(X509 *x, ASN1_TIME *tm) +- { +- ASN1_TIME *in; ++{ ++ ASN1_TIME *in; + +- if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); +- in=x->cert_info->validity->notAfter; +- if (in != tm) +- { +- in=M_ASN1_TIME_dup(tm); +- if (in != NULL) +- { +- M_ASN1_TIME_free(x->cert_info->validity->notAfter); +- x->cert_info->validity->notAfter=in; +- } +- } +- return(in != NULL); +- } ++ if ((x == NULL) || (x->cert_info->validity == NULL)) ++ return (0); ++ in = x->cert_info->validity->notAfter; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->cert_info->validity->notAfter); ++ x->cert_info->validity->notAfter = in; ++ } ++ } ++ return (in != NULL); ++} + + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) +- { +- if ((x == NULL) || (x->cert_info == NULL)) return(0); +- return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); +- } +- +- +- ++{ ++ if ((x == NULL) || (x->cert_info == NULL)) ++ return (0); ++ return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +index ed18700..11f2532 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +@@ -1,6 +1,7 @@ + /* x509_trs.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,9 +61,7 @@ + #include "cryptlib.h" + #include + +- +-static int tr_cmp(const X509_TRUST * const *a, +- const X509_TRUST * const *b); ++static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); + static void trtable_free(X509_TRUST *p); + + static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); +@@ -70,218 +69,240 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); + static int trust_compat(X509_TRUST *trust, X509 *x, int flags); + + static int obj_trust(int id, X509 *x, int flags); +-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; ++static int (*default_trust) (int id, X509 *x, int flags) = obj_trust; + +-/* WARNING: the following table should be kept in order of trust +- * and without any gaps so we can just subtract the minimum trust +- * value to get an index into the table ++/* ++ * WARNING: the following table should be kept in order of trust and without ++ * any gaps so we can just subtract the minimum trust value to get an index ++ * into the table + */ + + static X509_TRUST trstandard[] = { +-{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, +-{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, +-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, +-{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, +-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, +-{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, +-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} ++ {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, ++ {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, ++ NULL}, ++ {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, ++ NULL}, ++ {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, ++ NULL}, ++ {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, ++ NULL}, ++ {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, ++ NULL}, ++ {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} + }; + +-#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) ++#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) + + IMPLEMENT_STACK_OF(X509_TRUST) + + static STACK_OF(X509_TRUST) *trtable = NULL; + +-static int tr_cmp(const X509_TRUST * const *a, +- const X509_TRUST * const *b) ++static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b) + { +- return (*a)->trust - (*b)->trust; ++ return (*a)->trust - (*b)->trust; + } + +-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) +-{ +- int (*oldtrust)(int , X509 *, int); +- oldtrust = default_trust; +- default_trust = trust; +- return oldtrust; ++int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, ++ int) { ++ int (*oldtrust) (int, X509 *, int); ++ oldtrust = default_trust; ++ default_trust = trust; ++ return oldtrust; + } + +- + int X509_check_trust(X509 *x, int id, int flags) + { +- X509_TRUST *pt; +- int idx; +- if(id == -1) return 1; +- idx = X509_TRUST_get_by_id(id); +- if(idx == -1) return default_trust(id, x, flags); +- pt = X509_TRUST_get0(idx); +- return pt->check_trust(pt, x, flags); ++ X509_TRUST *pt; ++ int idx; ++ if (id == -1) ++ return 1; ++ idx = X509_TRUST_get_by_id(id); ++ if (idx == -1) ++ return default_trust(id, x, flags); ++ pt = X509_TRUST_get0(idx); ++ return pt->check_trust(pt, x, flags); + } + + int X509_TRUST_get_count(void) + { +- if(!trtable) return X509_TRUST_COUNT; +- return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; ++ if (!trtable) ++ return X509_TRUST_COUNT; ++ return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; + } + +-X509_TRUST * X509_TRUST_get0(int idx) ++X509_TRUST *X509_TRUST_get0(int idx) + { +- if(idx < 0) return NULL; +- if(idx < (int)X509_TRUST_COUNT) return trstandard + idx; +- return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); ++ if (idx < 0) ++ return NULL; ++ if (idx < (int)X509_TRUST_COUNT) ++ return trstandard + idx; ++ return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); + } + + int X509_TRUST_get_by_id(int id) + { +- X509_TRUST tmp; +- int idx; +- if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) +- return id - X509_TRUST_MIN; +- tmp.trust = id; +- if(!trtable) return -1; +- idx = sk_X509_TRUST_find(trtable, &tmp); +- if(idx == -1) return -1; +- return idx + X509_TRUST_COUNT; ++ X509_TRUST tmp; ++ int idx; ++ if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) ++ return id - X509_TRUST_MIN; ++ tmp.trust = id; ++ if (!trtable) ++ return -1; ++ idx = sk_X509_TRUST_find(trtable, &tmp); ++ if (idx == -1) ++ return -1; ++ return idx + X509_TRUST_COUNT; + } + + int X509_TRUST_set(int *t, int trust) + { +- if(X509_TRUST_get_by_id(trust) == -1) { +- X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); +- return 0; +- } +- *t = trust; +- return 1; ++ if (X509_TRUST_get_by_id(trust) == -1) { ++ X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); ++ return 0; ++ } ++ *t = trust; ++ return 1; + } + +-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), +- char *name, int arg1, void *arg2) ++int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), ++ char *name, int arg1, void *arg2) + { +- int idx; +- X509_TRUST *trtmp; +- /* This is set according to what we change: application can't set it */ +- flags &= ~X509_TRUST_DYNAMIC; +- /* This will always be set for application modified trust entries */ +- flags |= X509_TRUST_DYNAMIC_NAME; +- /* Get existing entry if any */ +- idx = X509_TRUST_get_by_id(id); +- /* Need a new entry */ +- if(idx == -1) { +- if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { +- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- trtmp->flags = X509_TRUST_DYNAMIC; +- } else trtmp = X509_TRUST_get0(idx); +- +- /* OPENSSL_free existing name if dynamic */ +- if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); +- /* dup supplied name */ +- if(!(trtmp->name = BUF_strdup(name))) { +- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- /* Keep the dynamic flag of existing entry */ +- trtmp->flags &= X509_TRUST_DYNAMIC; +- /* Set all other flags */ +- trtmp->flags |= flags; +- +- trtmp->trust = id; +- trtmp->check_trust = ck; +- trtmp->arg1 = arg1; +- trtmp->arg2 = arg2; +- +- /* If its a new entry manage the dynamic table */ +- if(idx == -1) { +- if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { +- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (!sk_X509_TRUST_push(trtable, trtmp)) { +- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- return 1; ++ int idx; ++ X509_TRUST *trtmp; ++ /* ++ * This is set according to what we change: application can't set it ++ */ ++ flags &= ~X509_TRUST_DYNAMIC; ++ /* This will always be set for application modified trust entries */ ++ flags |= X509_TRUST_DYNAMIC_NAME; ++ /* Get existing entry if any */ ++ idx = X509_TRUST_get_by_id(id); ++ /* Need a new entry */ ++ if (idx == -1) { ++ if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { ++ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ trtmp->flags = X509_TRUST_DYNAMIC; ++ } else ++ trtmp = X509_TRUST_get0(idx); ++ ++ /* OPENSSL_free existing name if dynamic */ ++ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) ++ OPENSSL_free(trtmp->name); ++ /* dup supplied name */ ++ if (!(trtmp->name = BUF_strdup(name))) { ++ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ /* Keep the dynamic flag of existing entry */ ++ trtmp->flags &= X509_TRUST_DYNAMIC; ++ /* Set all other flags */ ++ trtmp->flags |= flags; ++ ++ trtmp->trust = id; ++ trtmp->check_trust = ck; ++ trtmp->arg1 = arg1; ++ trtmp->arg2 = arg2; ++ ++ /* If its a new entry manage the dynamic table */ ++ if (idx == -1) { ++ if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { ++ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!sk_X509_TRUST_push(trtable, trtmp)) { ++ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ return 1; + } + + static void trtable_free(X509_TRUST *p) +- { +- if(!p) return; +- if (p->flags & X509_TRUST_DYNAMIC) +- { +- if (p->flags & X509_TRUST_DYNAMIC_NAME) +- OPENSSL_free(p->name); +- OPENSSL_free(p); +- } +- } ++{ ++ if (!p) ++ return; ++ if (p->flags & X509_TRUST_DYNAMIC) { ++ if (p->flags & X509_TRUST_DYNAMIC_NAME) ++ OPENSSL_free(p->name); ++ OPENSSL_free(p); ++ } ++} + + void X509_TRUST_cleanup(void) + { +- unsigned int i; +- for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); +- sk_X509_TRUST_pop_free(trtable, trtable_free); +- trtable = NULL; ++ unsigned int i; ++ for (i = 0; i < X509_TRUST_COUNT; i++) ++ trtable_free(trstandard + i); ++ sk_X509_TRUST_pop_free(trtable, trtable_free); ++ trtable = NULL; + } + + int X509_TRUST_get_flags(X509_TRUST *xp) + { +- return xp->flags; ++ return xp->flags; + } + + char *X509_TRUST_get0_name(X509_TRUST *xp) + { +- return xp->name; ++ return xp->name; + } + + int X509_TRUST_get_trust(X509_TRUST *xp) + { +- return xp->trust; ++ return xp->trust; + } + + static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) + { +- if(x->aux && (x->aux->trust || x->aux->reject)) +- return obj_trust(trust->arg1, x, flags); +- /* we don't have any trust settings: for compatibility +- * we return trusted if it is self signed +- */ +- return trust_compat(trust, x, flags); ++ if (x->aux && (x->aux->trust || x->aux->reject)) ++ return obj_trust(trust->arg1, x, flags); ++ /* ++ * we don't have any trust settings: for compatibility we return trusted ++ * if it is self signed ++ */ ++ return trust_compat(trust, x, flags); + } + + static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) + { +- if(x->aux) return obj_trust(trust->arg1, x, flags); +- return X509_TRUST_UNTRUSTED; ++ if (x->aux) ++ return obj_trust(trust->arg1, x, flags); ++ return X509_TRUST_UNTRUSTED; + } + + static int trust_compat(X509_TRUST *trust, X509 *x, int flags) + { +- X509_check_purpose(x, -1, 0); +- if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; +- else return X509_TRUST_UNTRUSTED; ++ X509_check_purpose(x, -1, 0); ++ if (x->ex_flags & EXFLAG_SS) ++ return X509_TRUST_TRUSTED; ++ else ++ return X509_TRUST_UNTRUSTED; + } + + static int obj_trust(int id, X509 *x, int flags) + { +- ASN1_OBJECT *obj; +- int i; +- X509_CERT_AUX *ax; +- ax = x->aux; +- if(!ax) return X509_TRUST_UNTRUSTED; +- if(ax->reject) { +- for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { +- obj = sk_ASN1_OBJECT_value(ax->reject, i); +- if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED; +- } +- } +- if(ax->trust) { +- for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { +- obj = sk_ASN1_OBJECT_value(ax->trust, i); +- if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED; +- } +- } +- return X509_TRUST_UNTRUSTED; ++ ASN1_OBJECT *obj; ++ int i; ++ X509_CERT_AUX *ax; ++ ax = x->aux; ++ if (!ax) ++ return X509_TRUST_UNTRUSTED; ++ if (ax->reject) { ++ for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { ++ obj = sk_ASN1_OBJECT_value(ax->reject, i); ++ if (OBJ_obj2nid(obj) == id) ++ return X509_TRUST_REJECTED; ++ } ++ } ++ if (ax->trust) { ++ for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { ++ obj = sk_ASN1_OBJECT_value(ax->trust, i); ++ if (OBJ_obj2nid(obj) == id) ++ return X509_TRUST_TRUSTED; ++ } ++ } ++ return X509_TRUST_UNTRUSTED; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +index 73a8ec7..1cadbf9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -69,105 +69,103 @@ + #include + + const char *X509_verify_cert_error_string(long n) +- { +- static char buf[100]; +- +- switch ((int)n) +- { +- case X509_V_OK: +- return("ok"); +- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +- return("unable to get issuer certificate"); +- case X509_V_ERR_UNABLE_TO_GET_CRL: +- return("unable to get certificate CRL"); +- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: +- return("unable to decrypt certificate's signature"); +- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: +- return("unable to decrypt CRL's signature"); +- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: +- return("unable to decode issuer public key"); +- case X509_V_ERR_CERT_SIGNATURE_FAILURE: +- return("certificate signature failure"); +- case X509_V_ERR_CRL_SIGNATURE_FAILURE: +- return("CRL signature failure"); +- case X509_V_ERR_CERT_NOT_YET_VALID: +- return("certificate is not yet valid"); +- case X509_V_ERR_CRL_NOT_YET_VALID: +- return("CRL is not yet valid"); +- case X509_V_ERR_CERT_HAS_EXPIRED: +- return("certificate has expired"); +- case X509_V_ERR_CRL_HAS_EXPIRED: +- return("CRL has expired"); +- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +- return("format error in certificate's notBefore field"); +- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +- return("format error in certificate's notAfter field"); +- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: +- return("format error in CRL's lastUpdate field"); +- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: +- return("format error in CRL's nextUpdate field"); +- case X509_V_ERR_OUT_OF_MEM: +- return("out of memory"); +- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: +- return("self signed certificate"); +- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: +- return("self signed certificate in certificate chain"); +- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: +- return("unable to get local issuer certificate"); +- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: +- return("unable to verify the first certificate"); +- case X509_V_ERR_CERT_CHAIN_TOO_LONG: +- return("certificate chain too long"); +- case X509_V_ERR_CERT_REVOKED: +- return("certificate revoked"); +- case X509_V_ERR_INVALID_CA: +- return ("invalid CA certificate"); +- case X509_V_ERR_INVALID_NON_CA: +- return ("invalid non-CA certificate (has CA markings)"); +- case X509_V_ERR_PATH_LENGTH_EXCEEDED: +- return ("path length constraint exceeded"); +- case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: +- return("proxy path length constraint exceeded"); +- case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: +- return("proxy certificates not allowed, please set the appropriate flag"); +- case X509_V_ERR_INVALID_PURPOSE: +- return ("unsupported certificate purpose"); +- case X509_V_ERR_CERT_UNTRUSTED: +- return ("certificate not trusted"); +- case X509_V_ERR_CERT_REJECTED: +- return ("certificate rejected"); +- case X509_V_ERR_APPLICATION_VERIFICATION: +- return("application verification failure"); +- case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: +- return("subject issuer mismatch"); +- case X509_V_ERR_AKID_SKID_MISMATCH: +- return("authority and subject key identifier mismatch"); +- case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: +- return("authority and issuer serial number mismatch"); +- case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: +- return("key usage does not include certificate signing"); +- case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: +- return("unable to get CRL issuer certificate"); +- case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: +- return("unhandled critical extension"); +- case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: +- return("key usage does not include CRL signing"); +- case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: +- return("key usage does not include digital signature"); +- case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: +- return("unhandled critical CRL extension"); +- case X509_V_ERR_INVALID_EXTENSION: +- return("invalid or inconsistent certificate extension"); +- case X509_V_ERR_INVALID_POLICY_EXTENSION: +- return("invalid or inconsistent certificate policy extension"); +- case X509_V_ERR_NO_EXPLICIT_POLICY: +- return("no explicit policy"); +- case X509_V_ERR_UNNESTED_RESOURCE: +- return("RFC 3779 resource not subset of parent's resources"); +- default: +- BIO_snprintf(buf,sizeof buf,"error number %ld",n); +- return(buf); +- } +- } +- ++{ ++ static char buf[100]; + ++ switch ((int)n) { ++ case X509_V_OK: ++ return ("ok"); ++ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: ++ return ("unable to get issuer certificate"); ++ case X509_V_ERR_UNABLE_TO_GET_CRL: ++ return ("unable to get certificate CRL"); ++ case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: ++ return ("unable to decrypt certificate's signature"); ++ case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: ++ return ("unable to decrypt CRL's signature"); ++ case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: ++ return ("unable to decode issuer public key"); ++ case X509_V_ERR_CERT_SIGNATURE_FAILURE: ++ return ("certificate signature failure"); ++ case X509_V_ERR_CRL_SIGNATURE_FAILURE: ++ return ("CRL signature failure"); ++ case X509_V_ERR_CERT_NOT_YET_VALID: ++ return ("certificate is not yet valid"); ++ case X509_V_ERR_CRL_NOT_YET_VALID: ++ return ("CRL is not yet valid"); ++ case X509_V_ERR_CERT_HAS_EXPIRED: ++ return ("certificate has expired"); ++ case X509_V_ERR_CRL_HAS_EXPIRED: ++ return ("CRL has expired"); ++ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: ++ return ("format error in certificate's notBefore field"); ++ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: ++ return ("format error in certificate's notAfter field"); ++ case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: ++ return ("format error in CRL's lastUpdate field"); ++ case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: ++ return ("format error in CRL's nextUpdate field"); ++ case X509_V_ERR_OUT_OF_MEM: ++ return ("out of memory"); ++ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: ++ return ("self signed certificate"); ++ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: ++ return ("self signed certificate in certificate chain"); ++ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: ++ return ("unable to get local issuer certificate"); ++ case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: ++ return ("unable to verify the first certificate"); ++ case X509_V_ERR_CERT_CHAIN_TOO_LONG: ++ return ("certificate chain too long"); ++ case X509_V_ERR_CERT_REVOKED: ++ return ("certificate revoked"); ++ case X509_V_ERR_INVALID_CA: ++ return ("invalid CA certificate"); ++ case X509_V_ERR_INVALID_NON_CA: ++ return ("invalid non-CA certificate (has CA markings)"); ++ case X509_V_ERR_PATH_LENGTH_EXCEEDED: ++ return ("path length constraint exceeded"); ++ case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: ++ return ("proxy path length constraint exceeded"); ++ case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: ++ return ++ ("proxy certificates not allowed, please set the appropriate flag"); ++ case X509_V_ERR_INVALID_PURPOSE: ++ return ("unsupported certificate purpose"); ++ case X509_V_ERR_CERT_UNTRUSTED: ++ return ("certificate not trusted"); ++ case X509_V_ERR_CERT_REJECTED: ++ return ("certificate rejected"); ++ case X509_V_ERR_APPLICATION_VERIFICATION: ++ return ("application verification failure"); ++ case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: ++ return ("subject issuer mismatch"); ++ case X509_V_ERR_AKID_SKID_MISMATCH: ++ return ("authority and subject key identifier mismatch"); ++ case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: ++ return ("authority and issuer serial number mismatch"); ++ case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: ++ return ("key usage does not include certificate signing"); ++ case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: ++ return ("unable to get CRL issuer certificate"); ++ case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: ++ return ("unhandled critical extension"); ++ case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: ++ return ("key usage does not include CRL signing"); ++ case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: ++ return ("key usage does not include digital signature"); ++ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: ++ return ("unhandled critical CRL extension"); ++ case X509_V_ERR_INVALID_EXTENSION: ++ return ("invalid or inconsistent certificate extension"); ++ case X509_V_ERR_INVALID_POLICY_EXTENSION: ++ return ("invalid or inconsistent certificate policy extension"); ++ case X509_V_ERR_NO_EXPLICIT_POLICY: ++ return ("no explicit policy"); ++ case X509_V_ERR_UNNESTED_RESOURCE: ++ return ("RFC 3779 resource not subset of parent's resources"); ++ default: ++ BIO_snprintf(buf, sizeof buf, "error number %ld", n); ++ return (buf); ++ } ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c +index 42e6f0a..4a03445 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -66,209 +66,219 @@ + #include + + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) +- { +- if (x == NULL) return(0); +- return(sk_X509_EXTENSION_num(x)); +- } ++{ ++ if (x == NULL) ++ return (0); ++ return (sk_X509_EXTENSION_num(x)); ++} + + int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, +- int lastpos) +- { +- ASN1_OBJECT *obj; ++ int lastpos) ++{ ++ ASN1_OBJECT *obj; + +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) return(-2); +- return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); +- } ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) ++ return (-2); ++ return (X509v3_get_ext_by_OBJ(x, obj, lastpos)); ++} + +-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj, +- int lastpos) +- { +- int n; +- X509_EXTENSION *ex; ++int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ++ ASN1_OBJECT *obj, int lastpos) ++{ ++ int n; ++ X509_EXTENSION *ex; + +- if (sk == NULL) return(-1); +- lastpos++; +- if (lastpos < 0) +- lastpos=0; +- n=sk_X509_EXTENSION_num(sk); +- for ( ; lastpos < n; lastpos++) +- { +- ex=sk_X509_EXTENSION_value(sk,lastpos); +- if (OBJ_cmp(ex->object,obj) == 0) +- return(lastpos); +- } +- return(-1); +- } ++ if (sk == NULL) ++ return (-1); ++ lastpos++; ++ if (lastpos < 0) ++ lastpos = 0; ++ n = sk_X509_EXTENSION_num(sk); ++ for (; lastpos < n; lastpos++) { ++ ex = sk_X509_EXTENSION_value(sk, lastpos); ++ if (OBJ_cmp(ex->object, obj) == 0) ++ return (lastpos); ++ } ++ return (-1); ++} + + int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, +- int lastpos) +- { +- int n; +- X509_EXTENSION *ex; ++ int lastpos) ++{ ++ int n; ++ X509_EXTENSION *ex; + +- if (sk == NULL) return(-1); +- lastpos++; +- if (lastpos < 0) +- lastpos=0; +- n=sk_X509_EXTENSION_num(sk); +- for ( ; lastpos < n; lastpos++) +- { +- ex=sk_X509_EXTENSION_value(sk,lastpos); +- if ( ((ex->critical > 0) && crit) || +- ((ex->critical <= 0) && !crit)) +- return(lastpos); +- } +- return(-1); +- } ++ if (sk == NULL) ++ return (-1); ++ lastpos++; ++ if (lastpos < 0) ++ lastpos = 0; ++ n = sk_X509_EXTENSION_num(sk); ++ for (; lastpos < n; lastpos++) { ++ ex = sk_X509_EXTENSION_value(sk, lastpos); ++ if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit)) ++ return (lastpos); ++ } ++ return (-1); ++} + + X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) +- { +- if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) +- return NULL; +- else +- return sk_X509_EXTENSION_value(x,loc); +- } ++{ ++ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) ++ return NULL; ++ else ++ return sk_X509_EXTENSION_value(x, loc); ++} + + X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) +- { +- X509_EXTENSION *ret; ++{ ++ X509_EXTENSION *ret; + +- if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) +- return(NULL); +- ret=sk_X509_EXTENSION_delete(x,loc); +- return(ret); +- } ++ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) ++ return (NULL); ++ ret = sk_X509_EXTENSION_delete(x, loc); ++ return (ret); ++} + + STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +- X509_EXTENSION *ex, int loc) +- { +- X509_EXTENSION *new_ex=NULL; +- int n; +- STACK_OF(X509_EXTENSION) *sk=NULL; ++ X509_EXTENSION *ex, int loc) ++{ ++ X509_EXTENSION *new_ex = NULL; ++ int n; ++ STACK_OF(X509_EXTENSION) *sk = NULL; + +- if (x == NULL) +- { +- X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER); +- goto err2; +- } ++ if (x == NULL) { ++ X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER); ++ goto err2; ++ } + +- if (*x == NULL) +- { +- if ((sk=sk_X509_EXTENSION_new_null()) == NULL) +- goto err; +- } +- else +- sk= *x; ++ if (*x == NULL) { ++ if ((sk = sk_X509_EXTENSION_new_null()) == NULL) ++ goto err; ++ } else ++ sk = *x; + +- n=sk_X509_EXTENSION_num(sk); +- if (loc > n) loc=n; +- else if (loc < 0) loc=n; ++ n = sk_X509_EXTENSION_num(sk); ++ if (loc > n) ++ loc = n; ++ else if (loc < 0) ++ loc = n; + +- if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) +- goto err2; +- if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) +- goto err; +- if (*x == NULL) +- *x=sk; +- return(sk); +-err: +- X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); +-err2: +- if (new_ex != NULL) X509_EXTENSION_free(new_ex); +- if (sk != NULL) sk_X509_EXTENSION_free(sk); +- return(NULL); +- } ++ if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) ++ goto err2; ++ if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) ++ goto err; ++ if (*x == NULL) ++ *x = sk; ++ return (sk); ++ err: ++ X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); ++ err2: ++ if (new_ex != NULL) ++ X509_EXTENSION_free(new_ex); ++ if (sk != NULL) ++ sk_X509_EXTENSION_free(sk); ++ return (NULL); ++} + + X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, +- int crit, ASN1_OCTET_STRING *data) +- { +- ASN1_OBJECT *obj; +- X509_EXTENSION *ret; ++ int crit, ++ ASN1_OCTET_STRING *data) ++{ ++ ASN1_OBJECT *obj; ++ X509_EXTENSION *ret; + +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) +- { +- X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID); +- return(NULL); +- } +- ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); +- if (ret == NULL) ASN1_OBJECT_free(obj); +- return(ret); +- } ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) { ++ X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); ++ if (ret == NULL) ++ ASN1_OBJECT_free(obj); ++ return (ret); ++} + + X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +- ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data) +- { +- X509_EXTENSION *ret; ++ ASN1_OBJECT *obj, int crit, ++ ASN1_OCTET_STRING *data) ++{ ++ X509_EXTENSION *ret; ++ ++ if ((ex == NULL) || (*ex == NULL)) { ++ if ((ret = X509_EXTENSION_new()) == NULL) { ++ X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ, ++ ERR_R_MALLOC_FAILURE); ++ return (NULL); ++ } ++ } else ++ ret = *ex; + +- if ((ex == NULL) || (*ex == NULL)) +- { +- if ((ret=X509_EXTENSION_new()) == NULL) +- { +- X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); +- return(NULL); +- } +- } +- else +- ret= *ex; ++ if (!X509_EXTENSION_set_object(ret, obj)) ++ goto err; ++ if (!X509_EXTENSION_set_critical(ret, crit)) ++ goto err; ++ if (!X509_EXTENSION_set_data(ret, data)) ++ goto err; + +- if (!X509_EXTENSION_set_object(ret,obj)) +- goto err; +- if (!X509_EXTENSION_set_critical(ret,crit)) +- goto err; +- if (!X509_EXTENSION_set_data(ret,data)) +- goto err; +- +- if ((ex != NULL) && (*ex == NULL)) *ex=ret; +- return(ret); +-err: +- if ((ex == NULL) || (ret != *ex)) +- X509_EXTENSION_free(ret); +- return(NULL); +- } ++ if ((ex != NULL) && (*ex == NULL)) ++ *ex = ret; ++ return (ret); ++ err: ++ if ((ex == NULL) || (ret != *ex)) ++ X509_EXTENSION_free(ret); ++ return (NULL); ++} + + int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) +- { +- if ((ex == NULL) || (obj == NULL)) +- return(0); +- ASN1_OBJECT_free(ex->object); +- ex->object=OBJ_dup(obj); +- return(1); +- } ++{ ++ if ((ex == NULL) || (obj == NULL)) ++ return (0); ++ ASN1_OBJECT_free(ex->object); ++ ex->object = OBJ_dup(obj); ++ return (1); ++} + + int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) +- { +- if (ex == NULL) return(0); +- ex->critical=(crit)?0xFF:-1; +- return(1); +- } ++{ ++ if (ex == NULL) ++ return (0); ++ ex->critical = (crit) ? 0xFF : -1; ++ return (1); ++} + + int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) +- { +- int i; ++{ ++ int i; + +- if (ex == NULL) return(0); +- i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length); +- if (!i) return(0); +- return(1); +- } ++ if (ex == NULL) ++ return (0); ++ i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length); ++ if (!i) ++ return (0); ++ return (1); ++} + + ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) +- { +- if (ex == NULL) return(NULL); +- return(ex->object); +- } ++{ ++ if (ex == NULL) ++ return (NULL); ++ return (ex->object); ++} + + ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) +- { +- if (ex == NULL) return(NULL); +- return(ex->value); +- } ++{ ++ if (ex == NULL) ++ return (NULL); ++ return (ex->value); ++} + + int X509_EXTENSION_get_critical(X509_EXTENSION *ex) +- { +- if (ex == NULL) return(0); +- if(ex->critical > 0) return 1; +- return 0; +- } ++{ ++ if (ex == NULL) ++ return (0); ++ if (ex->critical > 0) ++ return 1; ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +index b87617a..3249ff8 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -70,7 +70,7 @@ + #include + #include + +-static int null_callback(int ok,X509_STORE_CTX *e); ++static int null_callback(int ok, X509_STORE_CTX *e); + static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); + static int check_chain_extensions(X509_STORE_CTX *ctx); +@@ -79,1472 +79,1438 @@ static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); + static int internal_verify(X509_STORE_CTX *ctx); +-const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT; +- ++const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; + + static int null_callback(int ok, X509_STORE_CTX *e) +- { +- return ok; +- } ++{ ++ return ok; ++} + + #if 0 + static int x509_subject_cmp(X509 **a, X509 **b) +- { +- return X509_subject_name_cmp(*a,*b); +- } ++{ ++ return X509_subject_name_cmp(*a, *b); ++} + #endif + + int X509_verify_cert(X509_STORE_CTX *ctx) +- { +- X509 *x,*xtmp,*chain_ss=NULL; +- int bad_chain = 0; +- X509_VERIFY_PARAM *param = ctx->param; +- int depth,i,ok=0; +- int num; +- int (*cb)(int xok,X509_STORE_CTX *xctx); +- STACK_OF(X509) *sktmp=NULL; +- if (ctx->cert == NULL) +- { +- X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); +- return -1; +- } +- +- cb=ctx->verify_cb; +- +- /* first we make sure the chain we are going to build is +- * present and that the first entry is in place */ +- if (ctx->chain == NULL) +- { +- if ( ((ctx->chain=sk_X509_new_null()) == NULL) || +- (!sk_X509_push(ctx->chain,ctx->cert))) +- { +- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); +- goto end; +- } +- CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); +- ctx->last_untrusted=1; +- } +- +- /* We use a temporary STACK so we can chop and hack at it */ +- if (ctx->untrusted != NULL +- && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) +- { +- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); +- goto end; +- } +- +- num=sk_X509_num(ctx->chain); +- x=sk_X509_value(ctx->chain,num-1); +- depth=param->depth; +- +- +- for (;;) +- { +- /* If we have enough, we break */ +- if (depth < num) break; /* FIXME: If this happens, we should take +- * note of it and, if appropriate, use the +- * X509_V_ERR_CERT_CHAIN_TOO_LONG error +- * code later. +- */ +- +- /* If we are self signed, we break */ +- if (ctx->check_issued(ctx, x,x)) break; +- +- /* If we were passed a cert chain, use it first */ +- if (ctx->untrusted != NULL) +- { +- xtmp=find_issuer(ctx, sktmp,x); +- if (xtmp != NULL) +- { +- if (!sk_X509_push(ctx->chain,xtmp)) +- { +- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); +- goto end; +- } +- CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); +- (void)sk_X509_delete_ptr(sktmp,xtmp); +- ctx->last_untrusted++; +- x=xtmp; +- num++; +- /* reparse the full chain for +- * the next one */ +- continue; +- } +- } +- break; +- } +- +- /* at this point, chain should contain a list of untrusted +- * certificates. We now need to add at least one trusted one, +- * if possible, otherwise we complain. */ +- +- /* Examine last certificate in chain and see if it +- * is self signed. +- */ +- +- i=sk_X509_num(ctx->chain); +- x=sk_X509_value(ctx->chain,i-1); +- if (ctx->check_issued(ctx, x, x)) +- { +- /* we have a self signed certificate */ +- if (sk_X509_num(ctx->chain) == 1) +- { +- /* We have a single self signed certificate: see if +- * we can find it in the store. We must have an exact +- * match to avoid possible impersonation. +- */ +- ok = ctx->get_issuer(&xtmp, ctx, x); +- if ((ok <= 0) || X509_cmp(x, xtmp)) +- { +- ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; +- ctx->current_cert=x; +- ctx->error_depth=i-1; +- if (ok == 1) X509_free(xtmp); +- bad_chain = 1; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- else +- { +- /* We have a match: replace certificate with store version +- * so we get any trust settings. +- */ +- X509_free(x); +- x = xtmp; +- (void)sk_X509_set(ctx->chain, i - 1, x); +- ctx->last_untrusted=0; +- } +- } +- else +- { +- /* extract and save self signed certificate for later use */ +- chain_ss=sk_X509_pop(ctx->chain); +- ctx->last_untrusted--; +- num--; +- x=sk_X509_value(ctx->chain,num-1); +- } +- } +- +- /* We now lookup certs from the certificate store */ +- for (;;) +- { +- /* If we have enough, we break */ +- if (depth < num) break; +- +- /* If we are self signed, we break */ +- if (ctx->check_issued(ctx,x,x)) break; +- +- ok = ctx->get_issuer(&xtmp, ctx, x); +- +- if (ok < 0) return ok; +- if (ok == 0) break; +- +- x = xtmp; +- if (!sk_X509_push(ctx->chain,x)) +- { +- X509_free(xtmp); +- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- num++; +- } +- +- /* we now have our chain, lets check it... */ +- +- /* Is last certificate looked up self signed? */ +- if (!ctx->check_issued(ctx,x,x)) +- { +- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) +- { +- if (ctx->last_untrusted >= num) +- ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; +- else +- ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; +- ctx->current_cert=x; +- } +- else +- { +- +- sk_X509_push(ctx->chain,chain_ss); +- num++; +- ctx->last_untrusted=num; +- ctx->current_cert=chain_ss; +- ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; +- chain_ss=NULL; +- } +- +- ctx->error_depth=num-1; +- bad_chain = 1; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- +- /* We have the chain complete: now we need to check its purpose */ +- ok = check_chain_extensions(ctx); +- +- if (!ok) goto end; +- +- /* The chain extensions are OK: check trust */ +- +- if (param->trust > 0) ok = check_trust(ctx); +- +- if (!ok) goto end; +- +- /* We may as well copy down any DSA parameters that are required */ +- X509_get_pubkey_parameters(NULL,ctx->chain); +- +- /* Check revocation status: we do this after copying parameters +- * because they may be needed for CRL signature verification. +- */ +- +- ok = ctx->check_revocation(ctx); +- if(!ok) goto end; +- +- /* At this point, we have a chain and need to verify it */ +- if (ctx->verify != NULL) +- ok=ctx->verify(ctx); +- else +- ok=internal_verify(ctx); +- if(!ok) goto end; ++{ ++ X509 *x, *xtmp, *chain_ss = NULL; ++ int bad_chain = 0; ++ X509_VERIFY_PARAM *param = ctx->param; ++ int depth, i, ok = 0; ++ int num; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); ++ STACK_OF(X509) *sktmp = NULL; ++ if (ctx->cert == NULL) { ++ X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); ++ return -1; ++ } ++ ++ cb = ctx->verify_cb; ++ ++ /* ++ * first we make sure the chain we are going to build is present and that ++ * the first entry is in place ++ */ ++ if (ctx->chain == NULL) { ++ if (((ctx->chain = sk_X509_new_null()) == NULL) || ++ (!sk_X509_push(ctx->chain, ctx->cert))) { ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); ++ ctx->last_untrusted = 1; ++ } ++ ++ /* We use a temporary STACK so we can chop and hack at it */ ++ if (ctx->untrusted != NULL ++ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ ++ num = sk_X509_num(ctx->chain); ++ x = sk_X509_value(ctx->chain, num - 1); ++ depth = param->depth; ++ ++ for (;;) { ++ /* If we have enough, we break */ ++ if (depth < num) ++ break; /* FIXME: If this happens, we should take ++ * note of it and, if appropriate, use the ++ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code ++ * later. */ ++ ++ /* If we are self signed, we break */ ++ if (ctx->check_issued(ctx, x, x)) ++ break; ++ ++ /* If we were passed a cert chain, use it first */ ++ if (ctx->untrusted != NULL) { ++ xtmp = find_issuer(ctx, sktmp, x); ++ if (xtmp != NULL) { ++ if (!sk_X509_push(ctx->chain, xtmp)) { ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); ++ (void)sk_X509_delete_ptr(sktmp, xtmp); ++ ctx->last_untrusted++; ++ x = xtmp; ++ num++; ++ /* ++ * reparse the full chain for the next one ++ */ ++ continue; ++ } ++ } ++ break; ++ } ++ ++ /* ++ * at this point, chain should contain a list of untrusted certificates. ++ * We now need to add at least one trusted one, if possible, otherwise we ++ * complain. ++ */ ++ ++ /* ++ * Examine last certificate in chain and see if it is self signed. ++ */ ++ ++ i = sk_X509_num(ctx->chain); ++ x = sk_X509_value(ctx->chain, i - 1); ++ if (ctx->check_issued(ctx, x, x)) { ++ /* we have a self signed certificate */ ++ if (sk_X509_num(ctx->chain) == 1) { ++ /* ++ * We have a single self signed certificate: see if we can find ++ * it in the store. We must have an exact match to avoid possible ++ * impersonation. ++ */ ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ if ((ok <= 0) || X509_cmp(x, xtmp)) { ++ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; ++ ctx->current_cert = x; ++ ctx->error_depth = i - 1; ++ if (ok == 1) ++ X509_free(xtmp); ++ bad_chain = 1; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } else { ++ /* ++ * We have a match: replace certificate with store version so ++ * we get any trust settings. ++ */ ++ X509_free(x); ++ x = xtmp; ++ (void)sk_X509_set(ctx->chain, i - 1, x); ++ ctx->last_untrusted = 0; ++ } ++ } else { ++ /* ++ * extract and save self signed certificate for later use ++ */ ++ chain_ss = sk_X509_pop(ctx->chain); ++ ctx->last_untrusted--; ++ num--; ++ x = sk_X509_value(ctx->chain, num - 1); ++ } ++ } ++ ++ /* We now lookup certs from the certificate store */ ++ for (;;) { ++ /* If we have enough, we break */ ++ if (depth < num) ++ break; ++ ++ /* If we are self signed, we break */ ++ if (ctx->check_issued(ctx, x, x)) ++ break; ++ ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ ++ if (ok < 0) ++ return ok; ++ if (ok == 0) ++ break; ++ ++ x = xtmp; ++ if (!sk_X509_push(ctx->chain, x)) { ++ X509_free(xtmp); ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ num++; ++ } ++ ++ /* we now have our chain, lets check it... */ ++ ++ /* Is last certificate looked up self signed? */ ++ if (!ctx->check_issued(ctx, x, x)) { ++ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { ++ if (ctx->last_untrusted >= num) ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; ++ else ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; ++ ctx->current_cert = x; ++ } else { ++ ++ sk_X509_push(ctx->chain, chain_ss); ++ num++; ++ ctx->last_untrusted = num; ++ ctx->current_cert = chain_ss; ++ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; ++ chain_ss = NULL; ++ } ++ ++ ctx->error_depth = num - 1; ++ bad_chain = 1; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ ++ /* We have the chain complete: now we need to check its purpose */ ++ ok = check_chain_extensions(ctx); ++ ++ if (!ok) ++ goto end; ++ ++ /* The chain extensions are OK: check trust */ ++ ++ if (param->trust > 0) ++ ok = check_trust(ctx); ++ ++ if (!ok) ++ goto end; ++ ++ /* We may as well copy down any DSA parameters that are required */ ++ X509_get_pubkey_parameters(NULL, ctx->chain); ++ ++ /* ++ * Check revocation status: we do this after copying parameters because ++ * they may be needed for CRL signature verification. ++ */ ++ ++ ok = ctx->check_revocation(ctx); ++ if (!ok) ++ goto end; ++ ++ /* At this point, we have a chain and need to verify it */ ++ if (ctx->verify != NULL) ++ ok = ctx->verify(ctx); ++ else ++ ok = internal_verify(ctx); ++ if (!ok) ++ goto end; + + #ifndef OPENSSL_NO_RFC3779 +- /* RFC 3779 path validation, now that CRL check has been done */ +- ok = v3_asid_validate_path(ctx); +- if (!ok) goto end; +- ok = v3_addr_validate_path(ctx); +- if (!ok) goto end; ++ /* RFC 3779 path validation, now that CRL check has been done */ ++ ok = v3_asid_validate_path(ctx); ++ if (!ok) ++ goto end; ++ ok = v3_addr_validate_path(ctx); ++ if (!ok) ++ goto end; + #endif + +- /* If we get this far evaluate policies */ +- if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) +- ok = ctx->check_policy(ctx); +- if(!ok) goto end; +- if (0) +- { +-end: +- X509_get_pubkey_parameters(NULL,ctx->chain); +- } +- if (sktmp != NULL) sk_X509_free(sktmp); +- if (chain_ss != NULL) X509_free(chain_ss); +- return ok; +- } +- +- +-/* Given a STACK_OF(X509) find the issuer of cert (if any) ++ /* If we get this far evaluate policies */ ++ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) ++ ok = ctx->check_policy(ctx); ++ if (!ok) ++ goto end; ++ if (0) { ++ end: ++ X509_get_pubkey_parameters(NULL, ctx->chain); ++ } ++ if (sktmp != NULL) ++ sk_X509_free(sktmp); ++ if (chain_ss != NULL) ++ X509_free(chain_ss); ++ return ok; ++} ++ ++/* ++ * Given a STACK_OF(X509) find the issuer of cert (if any) + */ + + static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) + { +- int i; +- X509 *issuer; +- for (i = 0; i < sk_X509_num(sk); i++) +- { +- issuer = sk_X509_value(sk, i); +- if (ctx->check_issued(ctx, x, issuer)) +- return issuer; +- } +- return NULL; ++ int i; ++ X509 *issuer; ++ for (i = 0; i < sk_X509_num(sk); i++) { ++ issuer = sk_X509_value(sk, i); ++ if (ctx->check_issued(ctx, x, issuer)) ++ return issuer; ++ } ++ return NULL; + } + + /* Given a possible certificate and issuer check them */ + + static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) + { +- int ret; +- ret = X509_check_issued(issuer, x); +- if (ret == X509_V_OK) +- return 1; +- /* If we haven't asked for issuer errors don't set ctx */ +- if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) +- return 0; +- +- ctx->error = ret; +- ctx->current_cert = x; +- ctx->current_issuer = issuer; +- return ctx->verify_cb(0, ctx); +- return 0; ++ int ret; ++ ret = X509_check_issued(issuer, x); ++ if (ret == X509_V_OK) ++ return 1; ++ /* If we haven't asked for issuer errors don't set ctx */ ++ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) ++ return 0; ++ ++ ctx->error = ret; ++ ctx->current_cert = x; ++ ctx->current_issuer = issuer; ++ return ctx->verify_cb(0, ctx); ++ return 0; + } + + /* Alternative lookup method: look from a STACK stored in other_ctx */ + + static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) + { +- *issuer = find_issuer(ctx, ctx->other_ctx, x); +- if (*issuer) +- { +- CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); +- return 1; +- } +- else +- return 0; ++ *issuer = find_issuer(ctx, ctx->other_ctx, x); ++ if (*issuer) { ++ CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); ++ return 1; ++ } else ++ return 0; + } +- + +-/* Check a certificate chains extensions for consistency +- * with the supplied purpose ++/* ++ * Check a certificate chains extensions for consistency with the supplied ++ * purpose + */ + + static int check_chain_extensions(X509_STORE_CTX *ctx) + { + #ifdef OPENSSL_NO_CHAIN_VERIFY +- return 1; ++ return 1; + #else +- int i, ok=0, must_be_ca, plen = 0; +- X509 *x; +- int (*cb)(int xok,X509_STORE_CTX *xctx); +- int proxy_path_length = 0; +- int allow_proxy_certs = +- !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); +- cb=ctx->verify_cb; +- +- /* must_be_ca can have 1 of 3 values: +- -1: we accept both CA and non-CA certificates, to allow direct +- use of self-signed certificates (which are marked as CA). +- 0: we only accept non-CA certificates. This is currently not +- used, but the possibility is present for future extensions. +- 1: we only accept CA certificates. This is currently used for +- all certificates in the chain except the leaf certificate. +- */ +- must_be_ca = -1; +- +- /* A hack to keep people who don't want to modify their software +- happy */ +- if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) +- allow_proxy_certs = 1; +- +- /* Check all untrusted certificates */ +- for (i = 0; i < ctx->last_untrusted; i++) +- { +- int ret; +- x = sk_X509_value(ctx->chain, i); +- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) +- && (x->ex_flags & EXFLAG_CRITICAL)) +- { +- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; +- ctx->error_depth = i; +- ctx->current_cert = x; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) +- { +- ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; +- ctx->error_depth = i; +- ctx->current_cert = x; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- ret = X509_check_ca(x); +- switch(must_be_ca) +- { +- case -1: +- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) +- && (ret != 1) && (ret != 0)) +- { +- ret = 0; +- ctx->error = X509_V_ERR_INVALID_CA; +- } +- else +- ret = 1; +- break; +- case 0: +- if (ret != 0) +- { +- ret = 0; +- ctx->error = X509_V_ERR_INVALID_NON_CA; +- } +- else +- ret = 1; +- break; +- default: +- if ((ret == 0) +- || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) +- && (ret != 1))) +- { +- ret = 0; +- ctx->error = X509_V_ERR_INVALID_CA; +- } +- else +- ret = 1; +- break; +- } +- if (ret == 0) +- { +- ctx->error_depth = i; +- ctx->current_cert = x; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- if (ctx->param->purpose > 0) +- { +- ret = X509_check_purpose(x, ctx->param->purpose, +- must_be_ca > 0); +- if ((ret == 0) +- || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) +- && (ret != 1))) +- { +- ctx->error = X509_V_ERR_INVALID_PURPOSE; +- ctx->error_depth = i; +- ctx->current_cert = x; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- } +- /* Check pathlen if not self issued */ +- if ((i > 1) && !(x->ex_flags & EXFLAG_SI) +- && (x->ex_pathlen != -1) +- && (plen > (x->ex_pathlen + proxy_path_length + 1))) +- { +- ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; +- ctx->error_depth = i; +- ctx->current_cert = x; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- /* Increment path length if not self issued */ +- if (!(x->ex_flags & EXFLAG_SI)) +- plen++; +- /* If this certificate is a proxy certificate, the next +- certificate must be another proxy certificate or a EE +- certificate. If not, the next certificate must be a +- CA certificate. */ +- if (x->ex_flags & EXFLAG_PROXY) +- { +- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) +- { +- ctx->error = +- X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; +- ctx->error_depth = i; +- ctx->current_cert = x; +- ok=cb(0,ctx); +- if (!ok) goto end; +- } +- proxy_path_length++; +- must_be_ca = 0; +- } +- else +- must_be_ca = 1; +- } +- ok = 1; ++ int i, ok = 0, must_be_ca, plen = 0; ++ X509 *x; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); ++ int proxy_path_length = 0; ++ int allow_proxy_certs = ++ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); ++ cb = ctx->verify_cb; ++ ++ /*- ++ * must_be_ca can have 1 of 3 values: ++ * -1: we accept both CA and non-CA certificates, to allow direct ++ * use of self-signed certificates (which are marked as CA). ++ * 0: we only accept non-CA certificates. This is currently not ++ * used, but the possibility is present for future extensions. ++ * 1: we only accept CA certificates. This is currently used for ++ * all certificates in the chain except the leaf certificate. ++ */ ++ must_be_ca = -1; ++ ++ /* ++ * A hack to keep people who don't want to modify their software happy ++ */ ++ if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) ++ allow_proxy_certs = 1; ++ ++ /* Check all untrusted certificates */ ++ for (i = 0; i < ctx->last_untrusted; i++) { ++ int ret; ++ x = sk_X509_value(ctx->chain, i); ++ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) ++ && (x->ex_flags & EXFLAG_CRITICAL)) { ++ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { ++ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ ret = X509_check_ca(x); ++ switch (must_be_ca) { ++ case -1: ++ if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) ++ && (ret != 1) && (ret != 0)) { ++ ret = 0; ++ ctx->error = X509_V_ERR_INVALID_CA; ++ } else ++ ret = 1; ++ break; ++ case 0: ++ if (ret != 0) { ++ ret = 0; ++ ctx->error = X509_V_ERR_INVALID_NON_CA; ++ } else ++ ret = 1; ++ break; ++ default: ++ if ((ret == 0) ++ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) ++ && (ret != 1))) { ++ ret = 0; ++ ctx->error = X509_V_ERR_INVALID_CA; ++ } else ++ ret = 1; ++ break; ++ } ++ if (ret == 0) { ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ if (ctx->param->purpose > 0) { ++ ret = X509_check_purpose(x, ctx->param->purpose, must_be_ca > 0); ++ if ((ret == 0) ++ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) ++ && (ret != 1))) { ++ ctx->error = X509_V_ERR_INVALID_PURPOSE; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ } ++ /* Check pathlen if not self issued */ ++ if ((i > 1) && !(x->ex_flags & EXFLAG_SI) ++ && (x->ex_pathlen != -1) ++ && (plen > (x->ex_pathlen + proxy_path_length + 1))) { ++ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ /* Increment path length if not self issued */ ++ if (!(x->ex_flags & EXFLAG_SI)) ++ plen++; ++ /* ++ * If this certificate is a proxy certificate, the next certificate ++ * must be another proxy certificate or a EE certificate. If not, ++ * the next certificate must be a CA certificate. ++ */ ++ if (x->ex_flags & EXFLAG_PROXY) { ++ if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { ++ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ proxy_path_length++; ++ must_be_ca = 0; ++ } else ++ must_be_ca = 1; ++ } ++ ok = 1; + end: +- return ok; ++ return ok; + #endif + } + + static int check_trust(X509_STORE_CTX *ctx) + { + #ifdef OPENSSL_NO_CHAIN_VERIFY +- return 1; ++ return 1; + #else +- int i, ok; +- X509 *x; +- int (*cb)(int xok,X509_STORE_CTX *xctx); +- cb=ctx->verify_cb; ++ int i, ok; ++ X509 *x; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); ++ cb = ctx->verify_cb; + /* For now just check the last certificate in the chain */ +- i = sk_X509_num(ctx->chain) - 1; +- x = sk_X509_value(ctx->chain, i); +- ok = X509_check_trust(x, ctx->param->trust, 0); +- if (ok == X509_TRUST_TRUSTED) +- return 1; +- ctx->error_depth = i; +- ctx->current_cert = x; +- if (ok == X509_TRUST_REJECTED) +- ctx->error = X509_V_ERR_CERT_REJECTED; +- else +- ctx->error = X509_V_ERR_CERT_UNTRUSTED; +- ok = cb(0, ctx); +- return ok; ++ i = sk_X509_num(ctx->chain) - 1; ++ x = sk_X509_value(ctx->chain, i); ++ ok = X509_check_trust(x, ctx->param->trust, 0); ++ if (ok == X509_TRUST_TRUSTED) ++ return 1; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (ok == X509_TRUST_REJECTED) ++ ctx->error = X509_V_ERR_CERT_REJECTED; ++ else ++ ctx->error = X509_V_ERR_CERT_UNTRUSTED; ++ ok = cb(0, ctx); ++ return ok; + #endif + } + + static int check_revocation(X509_STORE_CTX *ctx) +- { +- int i, last, ok; +- if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) +- return 1; +- if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) +- last = sk_X509_num(ctx->chain) - 1; +- else +- last = 0; +- for(i = 0; i <= last; i++) +- { +- ctx->error_depth = i; +- ok = check_cert(ctx); +- if (!ok) return ok; +- } +- return 1; +- } ++{ ++ int i, last, ok; ++ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) ++ return 1; ++ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) ++ last = sk_X509_num(ctx->chain) - 1; ++ else ++ last = 0; ++ for (i = 0; i <= last; i++) { ++ ctx->error_depth = i; ++ ok = check_cert(ctx); ++ if (!ok) ++ return ok; ++ } ++ return 1; ++} + + static int check_cert(X509_STORE_CTX *ctx) +- { +- X509_CRL *crl = NULL; +- X509 *x; +- int ok, cnum; +- cnum = ctx->error_depth; +- x = sk_X509_value(ctx->chain, cnum); +- ctx->current_cert = x; +- /* Try to retrieve relevant CRL */ +- ok = ctx->get_crl(ctx, &crl, x); +- /* If error looking up CRL, nothing we can do except +- * notify callback +- */ +- if(!ok) +- { +- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; +- ok = ctx->verify_cb(0, ctx); +- goto err; +- } +- ctx->current_crl = crl; +- ok = ctx->check_crl(ctx, crl); +- if (!ok) goto err; +- ok = ctx->cert_crl(ctx, crl, x); +- err: +- ctx->current_crl = NULL; +- X509_CRL_free(crl); +- return ok; +- +- } ++{ ++ X509_CRL *crl = NULL; ++ X509 *x; ++ int ok, cnum; ++ cnum = ctx->error_depth; ++ x = sk_X509_value(ctx->chain, cnum); ++ ctx->current_cert = x; ++ /* Try to retrieve relevant CRL */ ++ ok = ctx->get_crl(ctx, &crl, x); ++ /* ++ * If error looking up CRL, nothing we can do except notify callback ++ */ ++ if (!ok) { ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; ++ ok = ctx->verify_cb(0, ctx); ++ goto err; ++ } ++ ctx->current_crl = crl; ++ ok = ctx->check_crl(ctx, crl); ++ if (!ok) ++ goto err; ++ ok = ctx->cert_crl(ctx, crl, x); ++ err: ++ ctx->current_crl = NULL; ++ X509_CRL_free(crl); ++ return ok; ++ ++} + + /* Check CRL times against values in X509_STORE_CTX */ + + static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) +- { +- time_t *ptime; +- int i; +- ctx->current_crl = crl; +- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) +- ptime = &ctx->param->check_time; +- else +- ptime = NULL; +- +- i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); +- if (i == 0) +- { +- ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- if (i > 0) +- { +- ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- if(X509_CRL_get_nextUpdate(crl)) +- { +- i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); +- +- if (i == 0) +- { +- ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- if (i < 0) +- { +- ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; +- if (!notify || !ctx->verify_cb(0, ctx)) +- return 0; +- } +- } +- +- ctx->current_crl = NULL; +- +- return 1; +- } +- +-/* Lookup CRLs from the supplied list. Look for matching isser name +- * and validity. If we can't find a valid CRL return the last one +- * with matching name. This gives more meaningful error codes. Otherwise +- * we'd get a CRL not found error if a CRL existed with matching name but +- * was invalid. ++{ ++ time_t *ptime; ++ int i; ++ ctx->current_crl = crl; ++ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ++ ptime = &ctx->param->check_time; ++ else ++ ptime = NULL; ++ ++ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); ++ if (i == 0) { ++ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; ++ if (!notify || !ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i > 0) { ++ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; ++ if (!notify || !ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (X509_CRL_get_nextUpdate(crl)) { ++ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); ++ ++ if (i == 0) { ++ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; ++ if (!notify || !ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i < 0) { ++ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; ++ if (!notify || !ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ } ++ ++ ctx->current_crl = NULL; ++ ++ return 1; ++} ++ ++/* ++ * Lookup CRLs from the supplied list. Look for matching isser name and ++ * validity. If we can't find a valid CRL return the last one with matching ++ * name. This gives more meaningful error codes. Otherwise we'd get a CRL not ++ * found error if a CRL existed with matching name but was invalid. + */ + + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, +- X509_NAME *nm, STACK_OF(X509_CRL) *crls) +- { +- int i; +- X509_CRL *crl, *best_crl = NULL; +- for (i = 0; i < sk_X509_CRL_num(crls); i++) +- { +- crl = sk_X509_CRL_value(crls, i); +- if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) +- continue; +- if (check_crl_time(ctx, crl, 0)) +- { +- *pcrl = crl; +- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); +- return 1; +- } +- best_crl = crl; +- } +- if (best_crl) +- { +- *pcrl = best_crl; +- CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); +- } +- +- return 0; +- } +- +-/* Retrieve CRL corresponding to certificate: currently just a +- * subject lookup: maybe use AKID later... ++ X509_NAME *nm, STACK_OF(X509_CRL) *crls) ++{ ++ int i; ++ X509_CRL *crl, *best_crl = NULL; ++ for (i = 0; i < sk_X509_CRL_num(crls); i++) { ++ crl = sk_X509_CRL_value(crls, i); ++ if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) ++ continue; ++ if (check_crl_time(ctx, crl, 0)) { ++ *pcrl = crl; ++ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509); ++ return 1; ++ } ++ best_crl = crl; ++ } ++ if (best_crl) { ++ *pcrl = best_crl; ++ CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509); ++ } ++ ++ return 0; ++} ++ ++/* ++ * Retrieve CRL corresponding to certificate: currently just a subject ++ * lookup: maybe use AKID later... + */ + static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x) +- { +- int ok; +- X509_CRL *crl = NULL; +- X509_OBJECT xobj; +- X509_NAME *nm; +- nm = X509_get_issuer_name(x); +- ok = get_crl_sk(ctx, &crl, nm, ctx->crls); +- if (ok) +- { +- *pcrl = crl; +- return 1; +- } +- +- ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); +- +- if (!ok) +- { +- /* If we got a near match from get_crl_sk use that */ +- if (crl) +- { +- *pcrl = crl; +- return 1; +- } +- return 0; +- } +- +- *pcrl = xobj.data.crl; +- if (crl) +- X509_CRL_free(crl); +- return 1; +- } ++{ ++ int ok; ++ X509_CRL *crl = NULL; ++ X509_OBJECT xobj; ++ X509_NAME *nm; ++ nm = X509_get_issuer_name(x); ++ ok = get_crl_sk(ctx, &crl, nm, ctx->crls); ++ if (ok) { ++ *pcrl = crl; ++ return 1; ++ } ++ ++ ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj); ++ ++ if (!ok) { ++ /* If we got a near match from get_crl_sk use that */ ++ if (crl) { ++ *pcrl = crl; ++ return 1; ++ } ++ return 0; ++ } ++ ++ *pcrl = xobj.data.crl; ++ if (crl) ++ X509_CRL_free(crl); ++ return 1; ++} + + /* Check CRL validity */ + static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) +- { +- X509 *issuer = NULL; +- EVP_PKEY *ikey = NULL; +- int ok = 0, chnum, cnum; +- cnum = ctx->error_depth; +- chnum = sk_X509_num(ctx->chain) - 1; +- /* Find CRL issuer: if not last certificate then issuer +- * is next certificate in chain. +- */ +- if(cnum < chnum) +- issuer = sk_X509_value(ctx->chain, cnum + 1); +- else +- { +- issuer = sk_X509_value(ctx->chain, chnum); +- /* If not self signed, can't check signature */ +- if(!ctx->check_issued(ctx, issuer, issuer)) +- { +- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; +- ok = ctx->verify_cb(0, ctx); +- if(!ok) goto err; +- } +- } +- +- if(issuer) +- { +- /* Check for cRLSign bit if keyUsage present */ +- if ((issuer->ex_flags & EXFLAG_KUSAGE) && +- !(issuer->ex_kusage & KU_CRL_SIGN)) +- { +- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; +- ok = ctx->verify_cb(0, ctx); +- if(!ok) goto err; +- } +- +- /* Attempt to get issuer certificate public key */ +- ikey = X509_get_pubkey(issuer); +- +- if(!ikey) +- { +- ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; +- ok = ctx->verify_cb(0, ctx); +- if (!ok) goto err; +- } +- else +- { +- /* Verify CRL signature */ +- if(X509_CRL_verify(crl, ikey) <= 0) +- { +- ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; +- ok = ctx->verify_cb(0, ctx); +- if (!ok) goto err; +- } +- } +- } +- +- ok = check_crl_time(ctx, crl, 1); +- if (!ok) +- goto err; +- +- ok = 1; +- +- err: +- EVP_PKEY_free(ikey); +- return ok; +- } ++{ ++ X509 *issuer = NULL; ++ EVP_PKEY *ikey = NULL; ++ int ok = 0, chnum, cnum; ++ cnum = ctx->error_depth; ++ chnum = sk_X509_num(ctx->chain) - 1; ++ /* ++ * Find CRL issuer: if not last certificate then issuer is next ++ * certificate in chain. ++ */ ++ if (cnum < chnum) ++ issuer = sk_X509_value(ctx->chain, cnum + 1); ++ else { ++ issuer = sk_X509_value(ctx->chain, chnum); ++ /* If not self signed, can't check signature */ ++ if (!ctx->check_issued(ctx, issuer, issuer)) { ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ } ++ ++ if (issuer) { ++ /* Check for cRLSign bit if keyUsage present */ ++ if ((issuer->ex_flags & EXFLAG_KUSAGE) && ++ !(issuer->ex_kusage & KU_CRL_SIGN)) { ++ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ ++ /* Attempt to get issuer certificate public key */ ++ ikey = X509_get_pubkey(issuer); ++ ++ if (!ikey) { ++ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } else { ++ /* Verify CRL signature */ ++ if (X509_CRL_verify(crl, ikey) <= 0) { ++ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ } ++ } ++ ++ ok = check_crl_time(ctx, crl, 1); ++ if (!ok) ++ goto err; ++ ++ ok = 1; ++ ++ err: ++ EVP_PKEY_free(ikey); ++ return ok; ++} + + /* Check certificate against CRL */ + static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) +- { +- int idx, ok; +- X509_REVOKED rtmp; +- STACK_OF(X509_EXTENSION) *exts; +- X509_EXTENSION *ext; +- /* Look for serial number of certificate in CRL */ +- rtmp.serialNumber = X509_get_serialNumber(x); +- /* Sort revoked into serial number order if not already sorted. +- * Do this under a lock to avoid race condition. +- */ +- if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); +- sk_X509_REVOKED_sort(crl->crl->revoked); +- CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); +- } +- idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); +- /* If found assume revoked: want something cleverer than +- * this to handle entry extensions in V2 CRLs. +- */ +- if(idx >= 0) +- { +- ctx->error = X509_V_ERR_CERT_REVOKED; +- ok = ctx->verify_cb(0, ctx); +- if (!ok) return 0; +- } +- +- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) +- return 1; +- +- /* See if we have any critical CRL extensions: since we +- * currently don't handle any CRL extensions the CRL must be +- * rejected. +- * This code accesses the X509_CRL structure directly: applications +- * shouldn't do this. +- */ +- +- exts = crl->crl->extensions; +- +- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) +- { +- ext = sk_X509_EXTENSION_value(exts, idx); +- if (ext->critical > 0) +- { +- ctx->error = +- X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; +- ok = ctx->verify_cb(0, ctx); +- if(!ok) return 0; +- break; +- } +- } +- return 1; +- } ++{ ++ int idx, ok; ++ X509_REVOKED rtmp; ++ STACK_OF(X509_EXTENSION) *exts; ++ X509_EXTENSION *ext; ++ /* Look for serial number of certificate in CRL */ ++ rtmp.serialNumber = X509_get_serialNumber(x); ++ /* ++ * Sort revoked into serial number order if not already sorted. Do this ++ * under a lock to avoid race condition. ++ */ ++ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); ++ sk_X509_REVOKED_sort(crl->crl->revoked); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); ++ } ++ idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); ++ /* ++ * If found assume revoked: want something cleverer than this to handle ++ * entry extensions in V2 CRLs. ++ */ ++ if (idx >= 0) { ++ ctx->error = X509_V_ERR_CERT_REVOKED; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ return 0; ++ } ++ ++ if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) ++ return 1; ++ ++ /* ++ * See if we have any critical CRL extensions: since we currently don't ++ * handle any CRL extensions the CRL must be rejected. This code ++ * accesses the X509_CRL structure directly: applications shouldn't do ++ * this. ++ */ ++ ++ exts = crl->crl->extensions; ++ ++ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { ++ ext = sk_X509_EXTENSION_value(exts, idx); ++ if (ext->critical > 0) { ++ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ return 0; ++ break; ++ } ++ } ++ return 1; ++} + + static int check_policy(X509_STORE_CTX *ctx) +- { +- int ret; +- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, +- ctx->param->policies, ctx->param->flags); +- if (ret == 0) +- { +- X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- /* Invalid or inconsistent extensions */ +- if (ret == -1) +- { +- /* Locate certificates with bad extensions and notify +- * callback. +- */ +- X509 *x; +- int i; +- for (i = 1; i < sk_X509_num(ctx->chain); i++) +- { +- x = sk_X509_value(ctx->chain, i); +- if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) +- continue; +- ctx->current_cert = x; +- ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; +- ret = ctx->verify_cb(0, ctx); +- } +- return 1; +- } +- if (ret == -2) +- { +- ctx->current_cert = NULL; +- ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; +- return ctx->verify_cb(0, ctx); +- } +- +- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) +- { +- ctx->current_cert = NULL; +- ctx->error = X509_V_OK; +- if (!ctx->verify_cb(2, ctx)) +- return 0; +- } +- +- return 1; +- } ++{ ++ int ret; ++ ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, ++ ctx->param->policies, ctx->param->flags); ++ if (ret == 0) { ++ X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ /* Invalid or inconsistent extensions */ ++ if (ret == -1) { ++ /* ++ * Locate certificates with bad extensions and notify callback. ++ */ ++ X509 *x; ++ int i; ++ for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ x = sk_X509_value(ctx->chain, i); ++ if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) ++ continue; ++ ctx->current_cert = x; ++ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; ++ ret = ctx->verify_cb(0, ctx); ++ } ++ return 1; ++ } ++ if (ret == -2) { ++ ctx->current_cert = NULL; ++ ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; ++ return ctx->verify_cb(0, ctx); ++ } ++ ++ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { ++ ctx->current_cert = NULL; ++ ctx->error = X509_V_OK; ++ if (!ctx->verify_cb(2, ctx)) ++ return 0; ++ } ++ ++ return 1; ++} + + static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) +- { ++{ + #if defined(OPENSSL_SYS_UEFI) + /* Bypass Certificate Time Checking for UEFI version. */ + return 1; + #else +- time_t *ptime; +- int i; +- +- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) +- ptime = &ctx->param->check_time; +- else +- ptime = NULL; +- +- i=X509_cmp_time(X509_get_notBefore(x), ptime); +- if (i == 0) +- { +- ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; +- ctx->current_cert=x; +- if (!ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- if (i > 0) +- { +- ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; +- ctx->current_cert=x; +- if (!ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- i=X509_cmp_time(X509_get_notAfter(x), ptime); +- if (i == 0) +- { +- ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; +- ctx->current_cert=x; +- if (!ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- if (i < 0) +- { +- ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; +- ctx->current_cert=x; +- if (!ctx->verify_cb(0, ctx)) +- return 0; +- } +- +- return 1; +-#endif +- } ++ time_t *ptime; ++ int i; ++ ++ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) ++ ptime = &ctx->param->check_time; ++ else ++ ptime = NULL; ++ ++ i = X509_cmp_time(X509_get_notBefore(x), ptime); ++ if (i == 0) { ++ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i > 0) { ++ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ i = X509_cmp_time(X509_get_notAfter(x), ptime); ++ if (i == 0) { ++ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i < 0) { ++ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ return 1; ++#endif ++} + + static int internal_verify(X509_STORE_CTX *ctx) +- { +- int ok=0,n; +- X509 *xs,*xi; +- EVP_PKEY *pkey=NULL; +- int (*cb)(int xok,X509_STORE_CTX *xctx); +- +- cb=ctx->verify_cb; +- +- n=sk_X509_num(ctx->chain); +- ctx->error_depth=n-1; +- n--; +- xi=sk_X509_value(ctx->chain,n); +- +- if (ctx->check_issued(ctx, xi, xi)) +- xs=xi; +- else +- { +- if (n <= 0) +- { +- ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; +- ctx->current_cert=xi; +- ok=cb(0,ctx); +- goto end; +- } +- else +- { +- n--; +- ctx->error_depth=n; +- xs=sk_X509_value(ctx->chain,n); +- } +- } +- +-/* ctx->error=0; not needed */ +- while (n >= 0) +- { +- ctx->error_depth=n; +- +- /* Skip signature check for self signed certificates unless +- * explicitly asked for. It doesn't add any security and +- * just wastes time. +- */ +- if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) +- { +- if ((pkey=X509_get_pubkey(xi)) == NULL) +- { +- ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; +- ctx->current_cert=xi; +- ok=(*cb)(0,ctx); +- if (!ok) goto end; +- } +- else if (X509_verify(xs,pkey) <= 0) +- { +- ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; +- ctx->current_cert=xs; +- ok=(*cb)(0,ctx); +- if (!ok) +- { +- EVP_PKEY_free(pkey); +- goto end; +- } +- } +- EVP_PKEY_free(pkey); +- pkey=NULL; +- } +- +- xs->valid = 1; +- +- ok = check_cert_time(ctx, xs); +- if (!ok) +- goto end; +- +- /* The last error (if any) is still in the error value */ +- ctx->current_issuer=xi; +- ctx->current_cert=xs; +- ok=(*cb)(1,ctx); +- if (!ok) goto end; +- +- n--; +- if (n >= 0) +- { +- xi=xs; +- xs=sk_X509_value(ctx->chain,n); +- } +- } +- ok=1; +-end: +- return ok; +- } ++{ ++ int ok = 0, n; ++ X509 *xs, *xi; ++ EVP_PKEY *pkey = NULL; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); ++ ++ cb = ctx->verify_cb; ++ ++ n = sk_X509_num(ctx->chain); ++ ctx->error_depth = n - 1; ++ n--; ++ xi = sk_X509_value(ctx->chain, n); ++ ++ if (ctx->check_issued(ctx, xi, xi)) ++ xs = xi; ++ else { ++ if (n <= 0) { ++ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; ++ ctx->current_cert = xi; ++ ok = cb(0, ctx); ++ goto end; ++ } else { ++ n--; ++ ctx->error_depth = n; ++ xs = sk_X509_value(ctx->chain, n); ++ } ++ } ++ ++/* ctx->error=0; not needed */ ++ while (n >= 0) { ++ ctx->error_depth = n; ++ ++ /* ++ * Skip signature check for self signed certificates unless ++ * explicitly asked for. It doesn't add any security and just wastes ++ * time. ++ */ ++ if (!xs->valid ++ && (xs != xi ++ || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { ++ if ((pkey = X509_get_pubkey(xi)) == NULL) { ++ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ++ ctx->current_cert = xi; ++ ok = (*cb) (0, ctx); ++ if (!ok) ++ goto end; ++ } else if (X509_verify(xs, pkey) <= 0) { ++ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; ++ ctx->current_cert = xs; ++ ok = (*cb) (0, ctx); ++ if (!ok) { ++ EVP_PKEY_free(pkey); ++ goto end; ++ } ++ } ++ EVP_PKEY_free(pkey); ++ pkey = NULL; ++ } ++ ++ xs->valid = 1; ++ ++ ok = check_cert_time(ctx, xs); ++ if (!ok) ++ goto end; ++ ++ /* The last error (if any) is still in the error value */ ++ ctx->current_issuer = xi; ++ ctx->current_cert = xs; ++ ok = (*cb) (1, ctx); ++ if (!ok) ++ goto end; ++ ++ n--; ++ if (n >= 0) { ++ xi = xs; ++ xs = sk_X509_value(ctx->chain, n); ++ } ++ } ++ ok = 1; ++ end: ++ return ok; ++} + + int X509_cmp_current_time(ASN1_TIME *ctm) + { +- return X509_cmp_time(ctm, NULL); ++ return X509_cmp_time(ctm, NULL); + } + + int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) +- { +- char *str; +- ASN1_TIME atm; +- long offset; +- char buff1[24],buff2[24],*p; +- int i,j; +- +- p=buff1; +- i=ctm->length; +- str=(char *)ctm->data; +- if (ctm->type == V_ASN1_UTCTIME) +- { +- if ((i < 11) || (i > 17)) return 0; +- memcpy(p,str,10); +- p+=10; +- str+=10; +- } +- else +- { +- if (i < 13) return 0; +- memcpy(p,str,12); +- p+=12; +- str+=12; +- } +- +- if ((*str == 'Z') || (*str == '-') || (*str == '+')) +- { *(p++)='0'; *(p++)='0'; } +- else +- { +- *(p++)= *(str++); +- *(p++)= *(str++); +- /* Skip any fractional seconds... */ +- if (*str == '.') +- { +- str++; +- while ((*str >= '0') && (*str <= '9')) str++; +- } +- +- } +- *(p++)='Z'; +- *(p++)='\0'; +- +- if (*str == 'Z') +- offset=0; +- else +- { +- if ((*str != '+') && (*str != '-')) +- return 0; +- offset=((str[1]-'0')*10+(str[2]-'0'))*60; +- offset+=(str[3]-'0')*10+(str[4]-'0'); +- if (*str == '-') +- offset= -offset; +- } +- atm.type=ctm->type; +- atm.length=sizeof(buff2); +- atm.data=(unsigned char *)buff2; +- +- if (X509_time_adj(&atm, offset*60, cmp_time) == NULL) +- return 0; +- +- if (ctm->type == V_ASN1_UTCTIME) +- { +- i=(buff1[0]-'0')*10+(buff1[1]-'0'); +- if (i < 50) i+=100; /* cf. RFC 2459 */ +- j=(buff2[0]-'0')*10+(buff2[1]-'0'); +- if (j < 50) j+=100; +- +- if (i < j) return -1; +- if (i > j) return 1; +- } +- i=strcmp(buff1,buff2); +- if (i == 0) /* wait a second then return younger :-) */ +- return -1; +- else +- return i; +- } ++{ ++ char *str; ++ ASN1_TIME atm; ++ long offset; ++ char buff1[24], buff2[24], *p; ++ int i, j; ++ ++ p = buff1; ++ i = ctm->length; ++ str = (char *)ctm->data; ++ if (ctm->type == V_ASN1_UTCTIME) { ++ if ((i < 11) || (i > 17)) ++ return 0; ++ memcpy(p, str, 10); ++ p += 10; ++ str += 10; ++ } else { ++ if (i < 13) ++ return 0; ++ memcpy(p, str, 12); ++ p += 12; ++ str += 12; ++ } ++ ++ if ((*str == 'Z') || (*str == '-') || (*str == '+')) { ++ *(p++) = '0'; ++ *(p++) = '0'; ++ } else { ++ *(p++) = *(str++); ++ *(p++) = *(str++); ++ /* Skip any fractional seconds... */ ++ if (*str == '.') { ++ str++; ++ while ((*str >= '0') && (*str <= '9')) ++ str++; ++ } ++ ++ } ++ *(p++) = 'Z'; ++ *(p++) = '\0'; ++ ++ if (*str == 'Z') ++ offset = 0; ++ else { ++ if ((*str != '+') && (*str != '-')) ++ return 0; ++ offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; ++ offset += (str[3] - '0') * 10 + (str[4] - '0'); ++ if (*str == '-') ++ offset = -offset; ++ } ++ atm.type = ctm->type; ++ atm.length = sizeof(buff2); ++ atm.data = (unsigned char *)buff2; ++ ++ if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL) ++ return 0; ++ ++ if (ctm->type == V_ASN1_UTCTIME) { ++ i = (buff1[0] - '0') * 10 + (buff1[1] - '0'); ++ if (i < 50) ++ i += 100; /* cf. RFC 2459 */ ++ j = (buff2[0] - '0') * 10 + (buff2[1] - '0'); ++ if (j < 50) ++ j += 100; ++ ++ if (i < j) ++ return -1; ++ if (i > j) ++ return 1; ++ } ++ i = strcmp(buff1, buff2); ++ if (i == 0) /* wait a second then return younger :-) */ ++ return -1; ++ else ++ return i; ++} + + ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) + { +- return X509_time_adj(s, adj, NULL); ++ return X509_time_adj(s, adj, NULL); + } + + ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) +- { +- time_t t; +- int type = -1; +- +- if (in_tm) t = *in_tm; +- else time(&t); +- +- t+=adj; +- if (s) type = s->type; +- if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); +- if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); +- return ASN1_TIME_set(s, t); +- } ++{ ++ time_t t; ++ int type = -1; ++ ++ if (in_tm) ++ t = *in_tm; ++ else ++ time(&t); ++ ++ t += adj; ++ if (s) ++ type = s->type; ++ if (type == V_ASN1_UTCTIME) ++ return ASN1_UTCTIME_set(s, t); ++ if (type == V_ASN1_GENERALIZEDTIME) ++ return ASN1_GENERALIZEDTIME_set(s, t); ++ return ASN1_TIME_set(s, t); ++} + + int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) +- { +- EVP_PKEY *ktmp=NULL,*ktmp2; +- int i,j; +- +- if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; +- +- for (i=0; i= 0; j--) +- { +- ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); +- EVP_PKEY_copy_parameters(ktmp2,ktmp); +- EVP_PKEY_free(ktmp2); +- } +- +- if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); +- EVP_PKEY_free(ktmp); +- return 1; +- } +- +-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +- { +- /* This function is (usually) called only once, by +- * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ +- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, +- new_func, dup_func, free_func); +- } ++{ ++ EVP_PKEY *ktmp = NULL, *ktmp2; ++ int i, j; ++ ++ if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) ++ return 1; ++ ++ for (i = 0; i < sk_X509_num(chain); i++) { ++ ktmp = X509_get_pubkey(sk_X509_value(chain, i)); ++ if (ktmp == NULL) { ++ X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, ++ X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); ++ return 0; ++ } ++ if (!EVP_PKEY_missing_parameters(ktmp)) ++ break; ++ else { ++ EVP_PKEY_free(ktmp); ++ ktmp = NULL; ++ } ++ } ++ if (ktmp == NULL) { ++ X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, ++ X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); ++ return 0; ++ } ++ ++ /* first, populate the other certs */ ++ for (j = i - 1; j >= 0; j--) { ++ ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); ++ EVP_PKEY_copy_parameters(ktmp2, ktmp); ++ EVP_PKEY_free(ktmp2); ++ } ++ ++ if (pkey != NULL) ++ EVP_PKEY_copy_parameters(pkey, ktmp); ++ EVP_PKEY_free(ktmp); ++ return 1; ++} ++ ++int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, ++ CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ /* ++ * This function is (usually) called only once, by ++ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). ++ */ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, ++ new_func, dup_func, free_func); ++} + + int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) +- { +- return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); +- } ++{ ++ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); ++} + + void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) +- { +- return CRYPTO_get_ex_data(&ctx->ex_data,idx); +- } ++{ ++ return CRYPTO_get_ex_data(&ctx->ex_data, idx); ++} + + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) +- { +- return ctx->error; +- } ++{ ++ return ctx->error; ++} + + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) +- { +- ctx->error=err; +- } ++{ ++ ctx->error = err; ++} + + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) +- { +- return ctx->error_depth; +- } ++{ ++ return ctx->error_depth; ++} + + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) +- { +- return ctx->current_cert; +- } ++{ ++ return ctx->current_cert; ++} + + STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) +- { +- return ctx->chain; +- } ++{ ++ return ctx->chain; ++} + + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) +- { +- int i; +- X509 *x; +- STACK_OF(X509) *chain; +- if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; +- for (i = 0; i < sk_X509_num(chain); i++) +- { +- x = sk_X509_value(chain, i); +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); +- } +- return chain; +- } ++{ ++ int i; ++ X509 *x; ++ STACK_OF(X509) *chain; ++ if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) ++ return NULL; ++ for (i = 0; i < sk_X509_num(chain); i++) { ++ x = sk_X509_value(chain, i); ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ } ++ return chain; ++} + + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) +- { +- ctx->cert=x; +- } ++{ ++ ctx->cert = x; ++} + + void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +- { +- ctx->untrusted=sk; +- } ++{ ++ ctx->untrusted = sk; ++} + + void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) +- { +- ctx->crls=sk; +- } ++{ ++ ctx->crls = sk; ++} + + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) +- { +- return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); +- } ++{ ++ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); ++} + + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) +- { +- return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); +- } +- +-/* This function is used to set the X509_STORE_CTX purpose and trust +- * values. This is intended to be used when another structure has its +- * own trust and purpose values which (if set) will be inherited by +- * the ctx. If they aren't set then we will usually have a default +- * purpose in mind which should then be used to set the trust value. +- * An example of this is SSL use: an SSL structure will have its own +- * purpose and trust settings which the application can set: if they +- * aren't set then we use the default of SSL client/server. ++{ ++ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); ++} ++ ++/* ++ * This function is used to set the X509_STORE_CTX purpose and trust values. ++ * This is intended to be used when another structure has its own trust and ++ * purpose values which (if set) will be inherited by the ctx. If they aren't ++ * set then we will usually have a default purpose in mind which should then ++ * be used to set the trust value. An example of this is SSL use: an SSL ++ * structure will have its own purpose and trust settings which the ++ * application can set: if they aren't set then we use the default of SSL ++ * client/server. + */ + + int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, +- int purpose, int trust) ++ int purpose, int trust) + { +- int idx; +- /* If purpose not set use default */ +- if (!purpose) purpose = def_purpose; +- /* If we have a purpose then check it is valid */ +- if (purpose) +- { +- X509_PURPOSE *ptmp; +- idx = X509_PURPOSE_get_by_id(purpose); +- if (idx == -1) +- { +- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, +- X509_R_UNKNOWN_PURPOSE_ID); +- return 0; +- } +- ptmp = X509_PURPOSE_get0(idx); +- if (ptmp->trust == X509_TRUST_DEFAULT) +- { +- idx = X509_PURPOSE_get_by_id(def_purpose); +- if (idx == -1) +- { +- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, +- X509_R_UNKNOWN_PURPOSE_ID); +- return 0; +- } +- ptmp = X509_PURPOSE_get0(idx); +- } +- /* If trust not set then get from purpose default */ +- if (!trust) trust = ptmp->trust; +- } +- if (trust) +- { +- idx = X509_TRUST_get_by_id(trust); +- if (idx == -1) +- { +- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, +- X509_R_UNKNOWN_TRUST_ID); +- return 0; +- } +- } +- +- if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose; +- if (trust && !ctx->param->trust) ctx->param->trust = trust; +- return 1; ++ int idx; ++ /* If purpose not set use default */ ++ if (!purpose) ++ purpose = def_purpose; ++ /* If we have a purpose then check it is valid */ ++ if (purpose) { ++ X509_PURPOSE *ptmp; ++ idx = X509_PURPOSE_get_by_id(purpose); ++ if (idx == -1) { ++ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, ++ X509_R_UNKNOWN_PURPOSE_ID); ++ return 0; ++ } ++ ptmp = X509_PURPOSE_get0(idx); ++ if (ptmp->trust == X509_TRUST_DEFAULT) { ++ idx = X509_PURPOSE_get_by_id(def_purpose); ++ if (idx == -1) { ++ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, ++ X509_R_UNKNOWN_PURPOSE_ID); ++ return 0; ++ } ++ ptmp = X509_PURPOSE_get0(idx); ++ } ++ /* If trust not set then get from purpose default */ ++ if (!trust) ++ trust = ptmp->trust; ++ } ++ if (trust) { ++ idx = X509_TRUST_get_by_id(trust); ++ if (idx == -1) { ++ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, ++ X509_R_UNKNOWN_TRUST_ID); ++ return 0; ++ } ++ } ++ ++ if (purpose && !ctx->param->purpose) ++ ctx->param->purpose = purpose; ++ if (trust && !ctx->param->trust) ++ ctx->param->trust = trust; ++ return 1; + } + + X509_STORE_CTX *X509_STORE_CTX_new(void) + { +- X509_STORE_CTX *ctx; +- ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); +- if (!ctx) +- { +- X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- memset(ctx, 0, sizeof(X509_STORE_CTX)); +- return ctx; ++ X509_STORE_CTX *ctx; ++ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); ++ if (!ctx) { ++ X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ memset(ctx, 0, sizeof(X509_STORE_CTX)); ++ return ctx; + } + + void X509_STORE_CTX_free(X509_STORE_CTX *ctx) + { +- X509_STORE_CTX_cleanup(ctx); +- OPENSSL_free(ctx); ++ X509_STORE_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); + } + + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, +- STACK_OF(X509) *chain) +- { +- int ret = 1; +- ctx->ctx=store; +- ctx->current_method=0; +- ctx->cert=x509; +- ctx->untrusted=chain; +- ctx->crls = NULL; +- ctx->last_untrusted=0; +- ctx->other_ctx=NULL; +- ctx->valid=0; +- ctx->chain=NULL; +- ctx->error=0; +- ctx->explicit_policy=0; +- ctx->error_depth=0; +- ctx->current_cert=NULL; +- ctx->current_issuer=NULL; +- ctx->tree = NULL; +- +- ctx->param = X509_VERIFY_PARAM_new(); +- +- if (!ctx->param) +- { +- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- /* Inherit callbacks and flags from X509_STORE if not set +- * use defaults. +- */ +- +- +- if (store) +- ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); +- else +- ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; +- +- if (store) +- { +- ctx->verify_cb = store->verify_cb; +- ctx->cleanup = store->cleanup; +- } +- else +- ctx->cleanup = 0; +- +- if (ret) +- ret = X509_VERIFY_PARAM_inherit(ctx->param, +- X509_VERIFY_PARAM_lookup("default")); +- +- if (ret == 0) +- { +- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- if (store && store->check_issued) +- ctx->check_issued = store->check_issued; +- else +- ctx->check_issued = check_issued; +- +- if (store && store->get_issuer) +- ctx->get_issuer = store->get_issuer; +- else +- ctx->get_issuer = X509_STORE_CTX_get1_issuer; +- +- if (store && store->verify_cb) +- ctx->verify_cb = store->verify_cb; +- else +- ctx->verify_cb = null_callback; +- +- if (store && store->verify) +- ctx->verify = store->verify; +- else +- ctx->verify = internal_verify; +- +- if (store && store->check_revocation) +- ctx->check_revocation = store->check_revocation; +- else +- ctx->check_revocation = check_revocation; +- +- if (store && store->get_crl) +- ctx->get_crl = store->get_crl; +- else +- ctx->get_crl = get_crl; +- +- if (store && store->check_crl) +- ctx->check_crl = store->check_crl; +- else +- ctx->check_crl = check_crl; +- +- if (store && store->cert_crl) +- ctx->cert_crl = store->cert_crl; +- else +- ctx->cert_crl = cert_crl; +- +- ctx->check_policy = check_policy; +- +- +- /* This memset() can't make any sense anyway, so it's removed. As +- * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a +- * corresponding "new" here and remove this bogus initialisation. */ +- /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ +- if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, +- &(ctx->ex_data))) +- { +- OPENSSL_free(ctx); +- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- return 1; +- } +- +-/* Set alternative lookup method: just a STACK of trusted certificates. +- * This avoids X509_STORE nastiness where it isn't needed. ++ STACK_OF(X509) *chain) ++{ ++ int ret = 1; ++ ctx->ctx = store; ++ ctx->current_method = 0; ++ ctx->cert = x509; ++ ctx->untrusted = chain; ++ ctx->crls = NULL; ++ ctx->last_untrusted = 0; ++ ctx->other_ctx = NULL; ++ ctx->valid = 0; ++ ctx->chain = NULL; ++ ctx->error = 0; ++ ctx->explicit_policy = 0; ++ ctx->error_depth = 0; ++ ctx->current_cert = NULL; ++ ctx->current_issuer = NULL; ++ ctx->tree = NULL; ++ ++ ctx->param = X509_VERIFY_PARAM_new(); ++ ++ if (!ctx->param) { ++ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ /* ++ * Inherit callbacks and flags from X509_STORE if not set use defaults. ++ */ ++ ++ if (store) ++ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); ++ else ++ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; ++ ++ if (store) { ++ ctx->verify_cb = store->verify_cb; ++ ctx->cleanup = store->cleanup; ++ } else ++ ctx->cleanup = 0; ++ ++ if (ret) ++ ret = X509_VERIFY_PARAM_inherit(ctx->param, ++ X509_VERIFY_PARAM_lookup("default")); ++ ++ if (ret == 0) { ++ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ if (store && store->check_issued) ++ ctx->check_issued = store->check_issued; ++ else ++ ctx->check_issued = check_issued; ++ ++ if (store && store->get_issuer) ++ ctx->get_issuer = store->get_issuer; ++ else ++ ctx->get_issuer = X509_STORE_CTX_get1_issuer; ++ ++ if (store && store->verify_cb) ++ ctx->verify_cb = store->verify_cb; ++ else ++ ctx->verify_cb = null_callback; ++ ++ if (store && store->verify) ++ ctx->verify = store->verify; ++ else ++ ctx->verify = internal_verify; ++ ++ if (store && store->check_revocation) ++ ctx->check_revocation = store->check_revocation; ++ else ++ ctx->check_revocation = check_revocation; ++ ++ if (store && store->get_crl) ++ ctx->get_crl = store->get_crl; ++ else ++ ctx->get_crl = get_crl; ++ ++ if (store && store->check_crl) ++ ctx->check_crl = store->check_crl; ++ else ++ ctx->check_crl = check_crl; ++ ++ if (store && store->cert_crl) ++ ctx->cert_crl = store->cert_crl; ++ else ++ ctx->cert_crl = cert_crl; ++ ++ ctx->check_policy = check_policy; ++ ++ /* ++ * This memset() can't make any sense anyway, so it's removed. As ++ * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a ++ * corresponding "new" here and remove this bogus initialisation. ++ */ ++ /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, ++ &(ctx->ex_data))) { ++ OPENSSL_free(ctx); ++ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return 1; ++} ++ ++/* ++ * Set alternative lookup method: just a STACK of trusted certificates. This ++ * avoids X509_STORE nastiness where it isn't needed. + */ + + void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) + { +- ctx->other_ctx = sk; +- ctx->get_issuer = get_issuer_sk; ++ ctx->other_ctx = sk; ++ ctx->get_issuer = get_issuer_sk; + } + + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) +- { +- if (ctx->cleanup) ctx->cleanup(ctx); +- if (ctx->param != NULL) +- { +- X509_VERIFY_PARAM_free(ctx->param); +- ctx->param=NULL; +- } +- if (ctx->tree != NULL) +- { +- X509_policy_tree_free(ctx->tree); +- ctx->tree=NULL; +- } +- if (ctx->chain != NULL) +- { +- sk_X509_pop_free(ctx->chain,X509_free); +- ctx->chain=NULL; +- } +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); +- memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); +- } ++{ ++ if (ctx->cleanup) ++ ctx->cleanup(ctx); ++ if (ctx->param != NULL) { ++ X509_VERIFY_PARAM_free(ctx->param); ++ ctx->param = NULL; ++ } ++ if (ctx->tree != NULL) { ++ X509_policy_tree_free(ctx->tree); ++ ctx->tree = NULL; ++ } ++ if (ctx->chain != NULL) { ++ sk_X509_pop_free(ctx->chain, X509_free); ++ ctx->chain = NULL; ++ } ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); ++ memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); ++} + + void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) +- { +- X509_VERIFY_PARAM_set_depth(ctx->param, depth); +- } ++{ ++ X509_VERIFY_PARAM_set_depth(ctx->param, depth); ++} + + void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) +- { +- X509_VERIFY_PARAM_set_flags(ctx->param, flags); +- } ++{ ++ X509_VERIFY_PARAM_set_flags(ctx->param, flags); ++} + +-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) +- { +- X509_VERIFY_PARAM_set_time(ctx->param, t); +- } ++void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, ++ time_t t) ++{ ++ X509_VERIFY_PARAM_set_time(ctx->param, t); ++} + + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +- int (*verify_cb)(int, X509_STORE_CTX *)) +- { +- ctx->verify_cb=verify_cb; +- } ++ int (*verify_cb) (int, X509_STORE_CTX *)) ++{ ++ ctx->verify_cb = verify_cb; ++} + + X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) +- { +- return ctx->tree; +- } ++{ ++ return ctx->tree; ++} + + int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) +- { +- return ctx->explicit_policy; +- } ++{ ++ return ctx->explicit_policy; ++} + + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) +- { +- const X509_VERIFY_PARAM *param; +- param = X509_VERIFY_PARAM_lookup(name); +- if (!param) +- return 0; +- return X509_VERIFY_PARAM_inherit(ctx->param, param); +- } ++{ ++ const X509_VERIFY_PARAM *param; ++ param = X509_VERIFY_PARAM_lookup(name); ++ if (!param) ++ return 0; ++ return X509_VERIFY_PARAM_inherit(ctx->param, param); ++} + + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) +- { +- return ctx->param; +- } ++{ ++ return ctx->param; ++} + + void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) +- { +- if (ctx->param) +- X509_VERIFY_PARAM_free(ctx->param); +- ctx->param = param; +- } ++{ ++ if (ctx->param) ++ X509_VERIFY_PARAM_free(ctx->param); ++ ctx->param = param; ++} + + IMPLEMENT_STACK_OF(X509) ++ + IMPLEMENT_ASN1_SET_OF(X509) + + IMPLEMENT_STACK_OF(X509_NAME) + + IMPLEMENT_STACK_OF(X509_ATTRIBUTE) ++ + IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +index 01c5541..955ece2 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +@@ -1,6 +1,7 @@ + /* x509_vpm.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -68,38 +69,38 @@ + /* X509_VERIFY_PARAM functions */ + + static void x509_verify_param_zero(X509_VERIFY_PARAM *param) +- { +- if (!param) +- return; +- param->name = NULL; +- param->purpose = 0; +- param->trust = 0; +- param->inh_flags = 0; +- param->flags = 0; +- param->depth = -1; +- if (param->policies) +- { +- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); +- param->policies = NULL; +- } +- } ++{ ++ if (!param) ++ return; ++ param->name = NULL; ++ param->purpose = 0; ++ param->trust = 0; ++ param->inh_flags = 0; ++ param->flags = 0; ++ param->depth = -1; ++ if (param->policies) { ++ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); ++ param->policies = NULL; ++ } ++} + + X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) +- { +- X509_VERIFY_PARAM *param; +- param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); +- memset(param, 0, sizeof(X509_VERIFY_PARAM)); +- x509_verify_param_zero(param); +- return param; +- } ++{ ++ X509_VERIFY_PARAM *param; ++ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); ++ memset(param, 0, sizeof(X509_VERIFY_PARAM)); ++ x509_verify_param_zero(param); ++ return param; ++} + + void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) +- { +- x509_verify_param_zero(param); +- OPENSSL_free(param); +- } ++{ ++ x509_verify_param_zero(param); ++ OPENSSL_free(param); ++} + +-/* This function determines how parameters are "inherited" from one structure ++/*- ++ * This function determines how parameters are "inherited" from one structure + * to another. There are several different ways this can happen. + * + * 1. If a child structure needs to have its values initialized from a parent +@@ -109,7 +110,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + * for SSL servers or clients but only if the application has not set new + * ones. + * +- * The "inh_flags" field determines how this function behaves. ++ * The "inh_flags" field determines how this function behaves. + * + * Normally any values which are set in the default are not copied from the + * destination and verify flags are ORed together. +@@ -133,302 +134,293 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + /* Macro to test if a field should be copied from src to dest */ + + #define test_x509_verify_param_copy(field, def) \ +- (to_overwrite || \ +- ((src->field != def) && (to_default || (dest->field == def)))) ++ (to_overwrite || \ ++ ((src->field != def) && (to_default || (dest->field == def)))) + + /* Macro to test and copy a field if necessary */ + + #define x509_verify_param_copy(field, def) \ +- if (test_x509_verify_param_copy(field, def)) \ +- dest->field = src->field +- ++ if (test_x509_verify_param_copy(field, def)) \ ++ dest->field = src->field + + int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, +- const X509_VERIFY_PARAM *src) +- { +- unsigned long inh_flags; +- int to_default, to_overwrite; +- if (!src) +- return 1; +- inh_flags = dest->inh_flags | src->inh_flags; ++ const X509_VERIFY_PARAM *src) ++{ ++ unsigned long inh_flags; ++ int to_default, to_overwrite; ++ if (!src) ++ return 1; ++ inh_flags = dest->inh_flags | src->inh_flags; + +- if (inh_flags & X509_VP_FLAG_ONCE) +- dest->inh_flags = 0; ++ if (inh_flags & X509_VP_FLAG_ONCE) ++ dest->inh_flags = 0; + +- if (inh_flags & X509_VP_FLAG_LOCKED) +- return 1; ++ if (inh_flags & X509_VP_FLAG_LOCKED) ++ return 1; + +- if (inh_flags & X509_VP_FLAG_DEFAULT) +- to_default = 1; +- else +- to_default = 0; ++ if (inh_flags & X509_VP_FLAG_DEFAULT) ++ to_default = 1; ++ else ++ to_default = 0; + +- if (inh_flags & X509_VP_FLAG_OVERWRITE) +- to_overwrite = 1; +- else +- to_overwrite = 0; ++ if (inh_flags & X509_VP_FLAG_OVERWRITE) ++ to_overwrite = 1; ++ else ++ to_overwrite = 0; + +- x509_verify_param_copy(purpose, 0); +- x509_verify_param_copy(trust, 0); +- x509_verify_param_copy(depth, -1); ++ x509_verify_param_copy(purpose, 0); ++ x509_verify_param_copy(trust, 0); ++ x509_verify_param_copy(depth, -1); + +- /* If overwrite or check time not set, copy across */ ++ /* If overwrite or check time not set, copy across */ + +- if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) +- { +- dest->check_time = src->check_time; +- dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; +- /* Don't need to copy flag: that is done below */ +- } ++ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { ++ dest->check_time = src->check_time; ++ dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; ++ /* Don't need to copy flag: that is done below */ ++ } + +- if (inh_flags & X509_VP_FLAG_RESET_FLAGS) +- dest->flags = 0; ++ if (inh_flags & X509_VP_FLAG_RESET_FLAGS) ++ dest->flags = 0; + +- dest->flags |= src->flags; ++ dest->flags |= src->flags; + +- if (test_x509_verify_param_copy(policies, NULL)) +- { +- if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) +- return 0; +- } ++ if (test_x509_verify_param_copy(policies, NULL)) { ++ if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) ++ return 0; ++ } + +- return 1; +- } ++ return 1; ++} + + int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, +- const X509_VERIFY_PARAM *from) +- { +- unsigned long save_flags = to->inh_flags; +- int ret; +- to->inh_flags |= X509_VP_FLAG_DEFAULT; +- ret = X509_VERIFY_PARAM_inherit(to, from); +- to->inh_flags = save_flags; +- return ret; +- } ++ const X509_VERIFY_PARAM *from) ++{ ++ unsigned long save_flags = to->inh_flags; ++ int ret; ++ to->inh_flags |= X509_VP_FLAG_DEFAULT; ++ ret = X509_VERIFY_PARAM_inherit(to, from); ++ to->inh_flags = save_flags; ++ return ret; ++} + + int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) +- { +- if (param->name) +- OPENSSL_free(param->name); +- param->name = BUF_strdup(name); +- if (param->name) +- return 1; +- return 0; +- } ++{ ++ if (param->name) ++ OPENSSL_free(param->name); ++ param->name = BUF_strdup(name); ++ if (param->name) ++ return 1; ++ return 0; ++} + + int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) +- { +- param->flags |= flags; +- if (flags & X509_V_FLAG_POLICY_MASK) +- param->flags |= X509_V_FLAG_POLICY_CHECK; +- return 1; +- } +- +-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) +- { +- param->flags &= ~flags; +- return 1; +- } ++{ ++ param->flags |= flags; ++ if (flags & X509_V_FLAG_POLICY_MASK) ++ param->flags |= X509_V_FLAG_POLICY_CHECK; ++ return 1; ++} ++ ++int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, ++ unsigned long flags) ++{ ++ param->flags &= ~flags; ++ return 1; ++} + + unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) +- { +- return param->flags; +- } ++{ ++ return param->flags; ++} + + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) +- { +- return X509_PURPOSE_set(¶m->purpose, purpose); +- } ++{ ++ return X509_PURPOSE_set(¶m->purpose, purpose); ++} + + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) +- { +- return X509_TRUST_set(¶m->trust, trust); +- } ++{ ++ return X509_TRUST_set(¶m->trust, trust); ++} + + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) +- { +- param->depth = depth; +- } ++{ ++ param->depth = depth; ++} + + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) +- { +- param->check_time = t; +- param->flags |= X509_V_FLAG_USE_CHECK_TIME; +- } +- +-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) +- { +- if (!param->policies) +- { +- param->policies = sk_ASN1_OBJECT_new_null(); +- if (!param->policies) +- return 0; +- } +- if (!sk_ASN1_OBJECT_push(param->policies, policy)) +- return 0; +- return 1; +- } +- +-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +- STACK_OF(ASN1_OBJECT) *policies) +- { +- int i; +- ASN1_OBJECT *oid, *doid; +- if (!param) +- return 0; +- if (param->policies) +- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); +- +- if (!policies) +- { +- param->policies = NULL; +- return 1; +- } +- +- param->policies = sk_ASN1_OBJECT_new_null(); +- if (!param->policies) +- return 0; +- +- for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) +- { +- oid = sk_ASN1_OBJECT_value(policies, i); +- doid = OBJ_dup(oid); +- if (!doid) +- return 0; +- if (!sk_ASN1_OBJECT_push(param->policies, doid)) +- { +- ASN1_OBJECT_free(doid); +- return 0; +- } +- } +- param->flags |= X509_V_FLAG_POLICY_CHECK; +- return 1; +- } ++{ ++ param->check_time = t; ++ param->flags |= X509_V_FLAG_USE_CHECK_TIME; ++} ++ ++int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ++ ASN1_OBJECT *policy) ++{ ++ if (!param->policies) { ++ param->policies = sk_ASN1_OBJECT_new_null(); ++ if (!param->policies) ++ return 0; ++ } ++ if (!sk_ASN1_OBJECT_push(param->policies, policy)) ++ return 0; ++ return 1; ++} ++ ++int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, ++ STACK_OF(ASN1_OBJECT) *policies) ++{ ++ int i; ++ ASN1_OBJECT *oid, *doid; ++ if (!param) ++ return 0; ++ if (param->policies) ++ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); ++ ++ if (!policies) { ++ param->policies = NULL; ++ return 1; ++ } ++ ++ param->policies = sk_ASN1_OBJECT_new_null(); ++ if (!param->policies) ++ return 0; ++ ++ for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { ++ oid = sk_ASN1_OBJECT_value(policies, i); ++ doid = OBJ_dup(oid); ++ if (!doid) ++ return 0; ++ if (!sk_ASN1_OBJECT_push(param->policies, doid)) { ++ ASN1_OBJECT_free(doid); ++ return 0; ++ } ++ } ++ param->flags |= X509_V_FLAG_POLICY_CHECK; ++ return 1; ++} + + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) +- { +- return param->depth; +- } +- +-/* Default verify parameters: these are used for various +- * applications and can be overridden by the user specified table. +- * NB: the 'name' field *must* be in alphabetical order because it +- * will be searched using OBJ_search. ++{ ++ return param->depth; ++} ++ ++/* ++ * Default verify parameters: these are used for various applications and can ++ * be overridden by the user specified table. NB: the 'name' field *must* be ++ * in alphabetical order because it will be searched using OBJ_search. + */ + + static const X509_VERIFY_PARAM default_table[] = { +- { +- "default", /* X509 default parameters */ +- 0, /* Check time */ +- 0, /* internal flags */ +- 0, /* flags */ +- 0, /* purpose */ +- 0, /* trust */ +- 100, /* depth */ +- NULL /* policies */ +- }, +- { +- "pkcs7", /* S/MIME signing parameters */ +- 0, /* Check time */ +- 0, /* internal flags */ +- 0, /* flags */ +- X509_PURPOSE_SMIME_SIGN, /* purpose */ +- X509_TRUST_EMAIL, /* trust */ +- -1, /* depth */ +- NULL /* policies */ +- }, +- { +- "smime_sign", /* S/MIME signing parameters */ +- 0, /* Check time */ +- 0, /* internal flags */ +- 0, /* flags */ +- X509_PURPOSE_SMIME_SIGN, /* purpose */ +- X509_TRUST_EMAIL, /* trust */ +- -1, /* depth */ +- NULL /* policies */ +- }, +- { +- "ssl_client", /* SSL/TLS client parameters */ +- 0, /* Check time */ +- 0, /* internal flags */ +- 0, /* flags */ +- X509_PURPOSE_SSL_CLIENT, /* purpose */ +- X509_TRUST_SSL_CLIENT, /* trust */ +- -1, /* depth */ +- NULL /* policies */ +- }, +- { +- "ssl_server", /* SSL/TLS server parameters */ +- 0, /* Check time */ +- 0, /* internal flags */ +- 0, /* flags */ +- X509_PURPOSE_SSL_SERVER, /* purpose */ +- X509_TRUST_SSL_SERVER, /* trust */ +- -1, /* depth */ +- NULL /* policies */ +- }}; ++ { ++ "default", /* X509 default parameters */ ++ 0, /* Check time */ ++ 0, /* internal flags */ ++ 0, /* flags */ ++ 0, /* purpose */ ++ 0, /* trust */ ++ 100, /* depth */ ++ NULL /* policies */ ++ }, ++ { ++ "pkcs7", /* S/MIME signing parameters */ ++ 0, /* Check time */ ++ 0, /* internal flags */ ++ 0, /* flags */ ++ X509_PURPOSE_SMIME_SIGN, /* purpose */ ++ X509_TRUST_EMAIL, /* trust */ ++ -1, /* depth */ ++ NULL /* policies */ ++ }, ++ { ++ "smime_sign", /* S/MIME signing parameters */ ++ 0, /* Check time */ ++ 0, /* internal flags */ ++ 0, /* flags */ ++ X509_PURPOSE_SMIME_SIGN, /* purpose */ ++ X509_TRUST_EMAIL, /* trust */ ++ -1, /* depth */ ++ NULL /* policies */ ++ }, ++ { ++ "ssl_client", /* SSL/TLS client parameters */ ++ 0, /* Check time */ ++ 0, /* internal flags */ ++ 0, /* flags */ ++ X509_PURPOSE_SSL_CLIENT, /* purpose */ ++ X509_TRUST_SSL_CLIENT, /* trust */ ++ -1, /* depth */ ++ NULL /* policies */ ++ }, ++ { ++ "ssl_server", /* SSL/TLS server parameters */ ++ 0, /* Check time */ ++ 0, /* internal flags */ ++ 0, /* flags */ ++ X509_PURPOSE_SSL_SERVER, /* purpose */ ++ X509_TRUST_SSL_SERVER, /* trust */ ++ -1, /* depth */ ++ NULL /* policies */ ++ } ++}; + + static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; + + static int table_cmp(const void *pa, const void *pb) +- { +- const X509_VERIFY_PARAM *a = pa, *b = pb; +- return strcmp(a->name, b->name); +- } ++{ ++ const X509_VERIFY_PARAM *a = pa, *b = pb; ++ return strcmp(a->name, b->name); ++} + +-static int param_cmp(const X509_VERIFY_PARAM * const *a, +- const X509_VERIFY_PARAM * const *b) +- { +- return strcmp((*a)->name, (*b)->name); +- } ++static int param_cmp(const X509_VERIFY_PARAM *const *a, ++ const X509_VERIFY_PARAM *const *b) ++{ ++ return strcmp((*a)->name, (*b)->name); ++} + + int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) +- { +- int idx; +- X509_VERIFY_PARAM *ptmp; +- if (!param_table) +- { +- param_table = sk_X509_VERIFY_PARAM_new(param_cmp); +- if (!param_table) +- return 0; +- } +- else +- { +- idx = sk_X509_VERIFY_PARAM_find(param_table, param); +- if (idx != -1) +- { +- ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); +- X509_VERIFY_PARAM_free(ptmp); +- (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); +- } +- } +- if (!sk_X509_VERIFY_PARAM_push(param_table, param)) +- return 0; +- return 1; +- } ++{ ++ int idx; ++ X509_VERIFY_PARAM *ptmp; ++ if (!param_table) { ++ param_table = sk_X509_VERIFY_PARAM_new(param_cmp); ++ if (!param_table) ++ return 0; ++ } else { ++ idx = sk_X509_VERIFY_PARAM_find(param_table, param); ++ if (idx != -1) { ++ ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx); ++ X509_VERIFY_PARAM_free(ptmp); ++ (void)sk_X509_VERIFY_PARAM_delete(param_table, idx); ++ } ++ } ++ if (!sk_X509_VERIFY_PARAM_push(param_table, param)) ++ return 0; ++ return 1; ++} + + const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) +- { +- int idx; +- X509_VERIFY_PARAM pm; +- pm.name = (char *)name; +- if (param_table) +- { +- idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); +- if (idx != -1) +- return sk_X509_VERIFY_PARAM_value(param_table, idx); +- } +- return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm, +- (char *)&default_table, +- sizeof(default_table)/sizeof(X509_VERIFY_PARAM), +- sizeof(X509_VERIFY_PARAM), +- table_cmp); +- } ++{ ++ int idx; ++ X509_VERIFY_PARAM pm; ++ pm.name = (char *)name; ++ if (param_table) { ++ idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); ++ if (idx != -1) ++ return sk_X509_VERIFY_PARAM_value(param_table, idx); ++ } ++ return (const X509_VERIFY_PARAM *)OBJ_bsearch((char *)&pm, ++ (char *)&default_table, ++ sizeof(default_table) / ++ sizeof(X509_VERIFY_PARAM), ++ sizeof(X509_VERIFY_PARAM), ++ table_cmp); ++} + + void X509_VERIFY_PARAM_table_cleanup(void) +- { +- if (param_table) +- sk_X509_VERIFY_PARAM_pop_free(param_table, +- X509_VERIFY_PARAM_free); +- param_table = NULL; +- } ++{ ++ if (param_table) ++ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); ++ param_table = NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +index 7f4004b..4ef8808 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509cset.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +@@ -1,6 +1,7 @@ + /* crypto/x509/x509cset.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,107 +65,103 @@ + #include + + int X509_CRL_set_version(X509_CRL *x, long version) +- { +- if (x == NULL) return(0); +- if (x->crl->version == NULL) +- { +- if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL) +- return(0); +- } +- return(ASN1_INTEGER_set(x->crl->version,version)); +- } ++{ ++ if (x == NULL) ++ return (0); ++ if (x->crl->version == NULL) { ++ if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL) ++ return (0); ++ } ++ return (ASN1_INTEGER_set(x->crl->version, version)); ++} + + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) +- { +- if ((x == NULL) || (x->crl == NULL)) return(0); +- return(X509_NAME_set(&x->crl->issuer,name)); +- } +- ++{ ++ if ((x == NULL) || (x->crl == NULL)) ++ return (0); ++ return (X509_NAME_set(&x->crl->issuer, name)); ++} + + int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) +- { +- ASN1_TIME *in; ++{ ++ ASN1_TIME *in; + +- if (x == NULL) return(0); +- in=x->crl->lastUpdate; +- if (in != tm) +- { +- in=M_ASN1_TIME_dup(tm); +- if (in != NULL) +- { +- M_ASN1_TIME_free(x->crl->lastUpdate); +- x->crl->lastUpdate=in; +- } +- } +- return(in != NULL); +- } ++ if (x == NULL) ++ return (0); ++ in = x->crl->lastUpdate; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->crl->lastUpdate); ++ x->crl->lastUpdate = in; ++ } ++ } ++ return (in != NULL); ++} + + int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) +- { +- ASN1_TIME *in; ++{ ++ ASN1_TIME *in; + +- if (x == NULL) return(0); +- in=x->crl->nextUpdate; +- if (in != tm) +- { +- in=M_ASN1_TIME_dup(tm); +- if (in != NULL) +- { +- M_ASN1_TIME_free(x->crl->nextUpdate); +- x->crl->nextUpdate=in; +- } +- } +- return(in != NULL); +- } ++ if (x == NULL) ++ return (0); ++ in = x->crl->nextUpdate; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->crl->nextUpdate); ++ x->crl->nextUpdate = in; ++ } ++ } ++ return (in != NULL); ++} + + int X509_CRL_sort(X509_CRL *c) +- { +- int i; +- X509_REVOKED *r; +- /* sort the data so it will be written in serial +- * number order */ +- sk_X509_REVOKED_sort(c->crl->revoked); +- for (i=0; icrl->revoked); i++) +- { +- r=sk_X509_REVOKED_value(c->crl->revoked,i); +- r->sequence=i; +- } +- c->crl->enc.modified = 1; +- return 1; +- } ++{ ++ int i; ++ X509_REVOKED *r; ++ /* ++ * sort the data so it will be written in serial number order ++ */ ++ sk_X509_REVOKED_sort(c->crl->revoked); ++ for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { ++ r = sk_X509_REVOKED_value(c->crl->revoked, i); ++ r->sequence = i; ++ } ++ c->crl->enc.modified = 1; ++ return 1; ++} + + int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) +- { +- ASN1_TIME *in; ++{ ++ ASN1_TIME *in; + +- if (x == NULL) return(0); +- in=x->revocationDate; +- if (in != tm) +- { +- in=M_ASN1_TIME_dup(tm); +- if (in != NULL) +- { +- M_ASN1_TIME_free(x->revocationDate); +- x->revocationDate=in; +- } +- } +- return(in != NULL); +- } ++ if (x == NULL) ++ return (0); ++ in = x->revocationDate; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->revocationDate); ++ x->revocationDate = in; ++ } ++ } ++ return (in != NULL); ++} + + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) +- { +- ASN1_INTEGER *in; ++{ ++ ASN1_INTEGER *in; + +- if (x == NULL) return(0); +- in=x->serialNumber; +- if (in != serial) +- { +- in=M_ASN1_INTEGER_dup(serial); +- if (in != NULL) +- { +- M_ASN1_INTEGER_free(x->serialNumber); +- x->serialNumber=in; +- } +- } +- return(in != NULL); +- } ++ if (x == NULL) ++ return (0); ++ in = x->serialNumber; ++ if (in != serial) { ++ in = M_ASN1_INTEGER_dup(serial); ++ if (in != NULL) { ++ M_ASN1_INTEGER_free(x->serialNumber); ++ x->serialNumber = in; ++ } ++ } ++ return (in != NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c +index 068abfe..4e7b64f 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509name.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509name.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,319 +65,333 @@ + #include + + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) +- { +- ASN1_OBJECT *obj; ++{ ++ ASN1_OBJECT *obj; + +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) return(-1); +- return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); +- } ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) ++ return (-1); ++ return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); ++} + + int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, +- int len) +- { +- int i; +- ASN1_STRING *data; +- +- i=X509_NAME_get_index_by_OBJ(name,obj,-1); +- if (i < 0) return(-1); +- data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i)); +- i=(data->length > (len-1))?(len-1):data->length; +- if (buf == NULL) return(data->length); +- memcpy(buf,data->data,i); +- buf[i]='\0'; +- return(i); +- } ++ int len) ++{ ++ int i; ++ ASN1_STRING *data; ++ ++ i = X509_NAME_get_index_by_OBJ(name, obj, -1); ++ if (i < 0) ++ return (-1); ++ data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); ++ i = (data->length > (len - 1)) ? (len - 1) : data->length; ++ if (buf == NULL) ++ return (data->length); ++ memcpy(buf, data->data, i); ++ buf[i] = '\0'; ++ return (i); ++} + + int X509_NAME_entry_count(X509_NAME *name) +- { +- if (name == NULL) return(0); +- return(sk_X509_NAME_ENTRY_num(name->entries)); +- } ++{ ++ if (name == NULL) ++ return (0); ++ return (sk_X509_NAME_ENTRY_num(name->entries)); ++} + + int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) +- { +- ASN1_OBJECT *obj; ++{ ++ ASN1_OBJECT *obj; + +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) return(-2); +- return(X509_NAME_get_index_by_OBJ(name,obj,lastpos)); +- } ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) ++ return (-2); ++ return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); ++} + + /* NOTE: you should be passsing -1, not 0 as lastpos */ +-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, +- int lastpos) +- { +- int n; +- X509_NAME_ENTRY *ne; +- STACK_OF(X509_NAME_ENTRY) *sk; +- +- if (name == NULL) return(-1); +- if (lastpos < 0) +- lastpos= -1; +- sk=name->entries; +- n=sk_X509_NAME_ENTRY_num(sk); +- for (lastpos++; lastpos < n; lastpos++) +- { +- ne=sk_X509_NAME_ENTRY_value(sk,lastpos); +- if (OBJ_cmp(ne->object,obj) == 0) +- return(lastpos); +- } +- return(-1); +- } ++int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos) ++{ ++ int n; ++ X509_NAME_ENTRY *ne; ++ STACK_OF(X509_NAME_ENTRY) *sk; ++ ++ if (name == NULL) ++ return (-1); ++ if (lastpos < 0) ++ lastpos = -1; ++ sk = name->entries; ++ n = sk_X509_NAME_ENTRY_num(sk); ++ for (lastpos++; lastpos < n; lastpos++) { ++ ne = sk_X509_NAME_ENTRY_value(sk, lastpos); ++ if (OBJ_cmp(ne->object, obj) == 0) ++ return (lastpos); ++ } ++ return (-1); ++} + + X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) +- { +- if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc +- || loc < 0) +- return(NULL); +- else +- return(sk_X509_NAME_ENTRY_value(name->entries,loc)); +- } ++{ ++ if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc ++ || loc < 0) ++ return (NULL); ++ else ++ return (sk_X509_NAME_ENTRY_value(name->entries, loc)); ++} + + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) +- { +- X509_NAME_ENTRY *ret; +- int i,n,set_prev,set_next; +- STACK_OF(X509_NAME_ENTRY) *sk; +- +- if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc +- || loc < 0) +- return(NULL); +- sk=name->entries; +- ret=sk_X509_NAME_ENTRY_delete(sk,loc); +- n=sk_X509_NAME_ENTRY_num(sk); +- name->modified=1; +- if (loc == n) return(ret); +- +- /* else we need to fixup the set field */ +- if (loc != 0) +- set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set; +- else +- set_prev=ret->set-1; +- set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; +- +- /* set_prev is the previous set +- * set is the current set +- * set_next is the following +- * prev 1 1 1 1 1 1 1 1 +- * set 1 1 2 2 +- * next 1 1 2 2 2 2 3 2 +- * so basically only if prev and next differ by 2, then +- * re-number down by 1 */ +- if (set_prev+1 < set_next) +- for (i=loc; iset--; +- return(ret); +- } ++{ ++ X509_NAME_ENTRY *ret; ++ int i, n, set_prev, set_next; ++ STACK_OF(X509_NAME_ENTRY) *sk; ++ ++ if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc ++ || loc < 0) ++ return (NULL); ++ sk = name->entries; ++ ret = sk_X509_NAME_ENTRY_delete(sk, loc); ++ n = sk_X509_NAME_ENTRY_num(sk); ++ name->modified = 1; ++ if (loc == n) ++ return (ret); ++ ++ /* else we need to fixup the set field */ ++ if (loc != 0) ++ set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set; ++ else ++ set_prev = ret->set - 1; ++ set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; ++ ++ /*- ++ * set_prev is the previous set ++ * set is the current set ++ * set_next is the following ++ * prev 1 1 1 1 1 1 1 1 ++ * set 1 1 2 2 ++ * next 1 1 2 2 2 2 3 2 ++ * so basically only if prev and next differ by 2, then ++ * re-number down by 1 ++ */ ++ if (set_prev + 1 < set_next) ++ for (i = loc; i < n; i++) ++ sk_X509_NAME_ENTRY_value(sk, i)->set--; ++ return (ret); ++} + + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, +- unsigned char *bytes, int len, int loc, int set) ++ unsigned char *bytes, int len, int loc, ++ int set) + { +- X509_NAME_ENTRY *ne; +- int ret; +- ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); +- if(!ne) return 0; +- ret = X509_NAME_add_entry(name, ne, loc, set); +- X509_NAME_ENTRY_free(ne); +- return ret; ++ X509_NAME_ENTRY *ne; ++ int ret; ++ ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); ++ if (!ne) ++ return 0; ++ ret = X509_NAME_add_entry(name, ne, loc, set); ++ X509_NAME_ENTRY_free(ne); ++ return ret; + } + + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +- unsigned char *bytes, int len, int loc, int set) ++ unsigned char *bytes, int len, int loc, ++ int set) + { +- X509_NAME_ENTRY *ne; +- int ret; +- ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); +- if(!ne) return 0; +- ret = X509_NAME_add_entry(name, ne, loc, set); +- X509_NAME_ENTRY_free(ne); +- return ret; ++ X509_NAME_ENTRY *ne; ++ int ret; ++ ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); ++ if (!ne) ++ return 0; ++ ret = X509_NAME_add_entry(name, ne, loc, set); ++ X509_NAME_ENTRY_free(ne); ++ return ret; + } + + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +- const unsigned char *bytes, int len, int loc, int set) ++ const unsigned char *bytes, int len, int loc, ++ int set) + { +- X509_NAME_ENTRY *ne; +- int ret; +- ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); +- if(!ne) return 0; +- ret = X509_NAME_add_entry(name, ne, loc, set); +- X509_NAME_ENTRY_free(ne); +- return ret; ++ X509_NAME_ENTRY *ne; ++ int ret; ++ ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); ++ if (!ne) ++ return 0; ++ ret = X509_NAME_add_entry(name, ne, loc, set); ++ X509_NAME_ENTRY_free(ne); ++ return ret; + } + +-/* if set is -1, append to previous set, 0 'a new one', and 1, +- * prepend to the guy we are about to stomp on. */ ++/* ++ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the ++ * guy we are about to stomp on. ++ */ + int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, +- int set) +- { +- X509_NAME_ENTRY *new_name=NULL; +- int n,i,inc; +- STACK_OF(X509_NAME_ENTRY) *sk; +- +- if (name == NULL) return(0); +- sk=name->entries; +- n=sk_X509_NAME_ENTRY_num(sk); +- if (loc > n) loc=n; +- else if (loc < 0) loc=n; +- +- name->modified=1; +- +- if (set == -1) +- { +- if (loc == 0) +- { +- set=0; +- inc=1; +- } +- else +- { +- set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set; +- inc=0; +- } +- } +- else /* if (set >= 0) */ +- { +- if (loc >= n) +- { +- if (loc != 0) +- set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1; +- else +- set=0; +- } +- else +- set=sk_X509_NAME_ENTRY_value(sk,loc)->set; +- inc=(set == 0)?1:0; +- } +- +- if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) +- goto err; +- new_name->set=set; +- if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) +- { +- X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (inc) +- { +- n=sk_X509_NAME_ENTRY_num(sk); +- for (i=loc+1; iset+=1; +- } +- return(1); +-err: +- if (new_name != NULL) +- X509_NAME_ENTRY_free(new_name); +- return(0); +- } ++ int set) ++{ ++ X509_NAME_ENTRY *new_name = NULL; ++ int n, i, inc; ++ STACK_OF(X509_NAME_ENTRY) *sk; ++ ++ if (name == NULL) ++ return (0); ++ sk = name->entries; ++ n = sk_X509_NAME_ENTRY_num(sk); ++ if (loc > n) ++ loc = n; ++ else if (loc < 0) ++ loc = n; ++ ++ name->modified = 1; ++ ++ if (set == -1) { ++ if (loc == 0) { ++ set = 0; ++ inc = 1; ++ } else { ++ set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; ++ inc = 0; ++ } ++ } else { /* if (set >= 0) */ ++ ++ if (loc >= n) { ++ if (loc != 0) ++ set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1; ++ else ++ set = 0; ++ } else ++ set = sk_X509_NAME_ENTRY_value(sk, loc)->set; ++ inc = (set == 0) ? 1 : 0; ++ } ++ ++ if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) ++ goto err; ++ new_name->set = set; ++ if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { ++ X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (inc) { ++ n = sk_X509_NAME_ENTRY_num(sk); ++ for (i = loc + 1; i < n; i++) ++ sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1; ++ } ++ return (1); ++ err: ++ if (new_name != NULL) ++ X509_NAME_ENTRY_free(new_name); ++ return (0); ++} + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, +- const char *field, int type, const unsigned char *bytes, int len) +- { +- ASN1_OBJECT *obj; +- X509_NAME_ENTRY *nentry; +- +- obj=OBJ_txt2obj(field, 0); +- if (obj == NULL) +- { +- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, +- X509_R_INVALID_FIELD_NAME); +- ERR_add_error_data(2, "name=", field); +- return(NULL); +- } +- nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); +- ASN1_OBJECT_free(obj); +- return nentry; +- } ++ const char *field, int type, ++ const unsigned char *bytes, ++ int len) ++{ ++ ASN1_OBJECT *obj; ++ X509_NAME_ENTRY *nentry; ++ ++ obj = OBJ_txt2obj(field, 0); ++ if (obj == NULL) { ++ X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, ++ X509_R_INVALID_FIELD_NAME); ++ ERR_add_error_data(2, "name=", field); ++ return (NULL); ++ } ++ nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); ++ ASN1_OBJECT_free(obj); ++ return nentry; ++} + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +- int type, unsigned char *bytes, int len) +- { +- ASN1_OBJECT *obj; +- X509_NAME_ENTRY *nentry; +- +- obj=OBJ_nid2obj(nid); +- if (obj == NULL) +- { +- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); +- return(NULL); +- } +- nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); +- ASN1_OBJECT_free(obj); +- return nentry; +- } ++ int type, unsigned char *bytes, ++ int len) ++{ ++ ASN1_OBJECT *obj; ++ X509_NAME_ENTRY *nentry; ++ ++ obj = OBJ_nid2obj(nid); ++ if (obj == NULL) { ++ X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID); ++ return (NULL); ++ } ++ nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); ++ ASN1_OBJECT_free(obj); ++ return nentry; ++} + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +- ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) +- { +- X509_NAME_ENTRY *ret; +- +- if ((ne == NULL) || (*ne == NULL)) +- { +- if ((ret=X509_NAME_ENTRY_new()) == NULL) +- return(NULL); +- } +- else +- ret= *ne; +- +- if (!X509_NAME_ENTRY_set_object(ret,obj)) +- goto err; +- if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) +- goto err; +- +- if ((ne != NULL) && (*ne == NULL)) *ne=ret; +- return(ret); +-err: +- if ((ne == NULL) || (ret != *ne)) +- X509_NAME_ENTRY_free(ret); +- return(NULL); +- } ++ ASN1_OBJECT *obj, int type, ++ const unsigned char *bytes, ++ int len) ++{ ++ X509_NAME_ENTRY *ret; ++ ++ if ((ne == NULL) || (*ne == NULL)) { ++ if ((ret = X509_NAME_ENTRY_new()) == NULL) ++ return (NULL); ++ } else ++ ret = *ne; ++ ++ if (!X509_NAME_ENTRY_set_object(ret, obj)) ++ goto err; ++ if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len)) ++ goto err; ++ ++ if ((ne != NULL) && (*ne == NULL)) ++ *ne = ret; ++ return (ret); ++ err: ++ if ((ne == NULL) || (ret != *ne)) ++ X509_NAME_ENTRY_free(ret); ++ return (NULL); ++} + + int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) +- { +- if ((ne == NULL) || (obj == NULL)) +- { +- X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); +- return(0); +- } +- ASN1_OBJECT_free(ne->object); +- ne->object=OBJ_dup(obj); +- return((ne->object == NULL)?0:1); +- } ++{ ++ if ((ne == NULL) || (obj == NULL)) { ++ X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT, ++ ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ ASN1_OBJECT_free(ne->object); ++ ne->object = OBJ_dup(obj); ++ return ((ne->object == NULL) ? 0 : 1); ++} + + int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +- const unsigned char *bytes, int len) +- { +- int i; +- +- if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); +- if((type > 0) && (type & MBSTRING_FLAG)) +- return ASN1_STRING_set_by_NID(&ne->value, bytes, +- len, type, +- OBJ_obj2nid(ne->object)) ? 1 : 0; +- if (len < 0) len=strlen((char *)bytes); +- i=ASN1_STRING_set(ne->value,bytes,len); +- if (!i) return(0); +- if (type != V_ASN1_UNDEF) +- { +- if (type == V_ASN1_APP_CHOOSE) +- ne->value->type=ASN1_PRINTABLE_type(bytes,len); +- else +- ne->value->type=type; +- } +- return(1); +- } ++ const unsigned char *bytes, int len) ++{ ++ int i; ++ ++ if ((ne == NULL) || ((bytes == NULL) && (len != 0))) ++ return (0); ++ if ((type > 0) && (type & MBSTRING_FLAG)) ++ return ASN1_STRING_set_by_NID(&ne->value, bytes, ++ len, type, ++ OBJ_obj2nid(ne->object)) ? 1 : 0; ++ if (len < 0) ++ len = strlen((char *)bytes); ++ i = ASN1_STRING_set(ne->value, bytes, len); ++ if (!i) ++ return (0); ++ if (type != V_ASN1_UNDEF) { ++ if (type == V_ASN1_APP_CHOOSE) ++ ne->value->type = ASN1_PRINTABLE_type(bytes, len); ++ else ++ ne->value->type = type; ++ } ++ return (1); ++} + + ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) +- { +- if (ne == NULL) return(NULL); +- return(ne->object); +- } ++{ ++ if (ne == NULL) ++ return (NULL); ++ return (ne->object); ++} + + ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) +- { +- if (ne == NULL) return(NULL); +- return(ne->value); +- } +- ++{ ++ if (ne == NULL) ++ return (NULL); ++ return (ne->value); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c +index d9f6b57..80e273e 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509rset.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509rset.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -64,20 +64,22 @@ + #include + + int X509_REQ_set_version(X509_REQ *x, long version) +- { +- if (x == NULL) return(0); +- return(ASN1_INTEGER_set(x->req_info->version,version)); +- } ++{ ++ if (x == NULL) ++ return (0); ++ return (ASN1_INTEGER_set(x->req_info->version, version)); ++} + + int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) +- { +- if ((x == NULL) || (x->req_info == NULL)) return(0); +- return(X509_NAME_set(&x->req_info->subject,name)); +- } ++{ ++ if ((x == NULL) || (x->req_info == NULL)) ++ return (0); ++ return (X509_NAME_set(&x->req_info->subject, name)); ++} + + int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) +- { +- if ((x == NULL) || (x->req_info == NULL)) return(0); +- return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); +- } +- ++{ ++ if ((x == NULL) || (x->req_info == NULL)) ++ return (0); ++ return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c +index 02a203d..2df84ea 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509spki.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509spki.c +@@ -1,6 +1,7 @@ + /* x509spki.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,60 +63,61 @@ + + int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) + { +- if ((x == NULL) || (x->spkac == NULL)) return(0); +- return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey)); ++ if ((x == NULL) || (x->spkac == NULL)) ++ return (0); ++ return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey)); + } + + EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) + { +- if ((x == NULL) || (x->spkac == NULL)) +- return(NULL); +- return(X509_PUBKEY_get(x->spkac->pubkey)); ++ if ((x == NULL) || (x->spkac == NULL)) ++ return (NULL); ++ return (X509_PUBKEY_get(x->spkac->pubkey)); + } + + /* Load a Netscape SPKI from a base64 encoded string */ + +-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) ++NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) + { +- unsigned char *spki_der; +- const unsigned char *p; +- int spki_len; +- NETSCAPE_SPKI *spki; +- if(len <= 0) len = strlen(str); +- if (!(spki_der = OPENSSL_malloc(len + 1))) { +- X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); +- if(spki_len < 0) { +- X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, +- X509_R_BASE64_DECODE_ERROR); +- OPENSSL_free(spki_der); +- return NULL; +- } +- p = spki_der; +- spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); +- OPENSSL_free(spki_der); +- return spki; ++ unsigned char *spki_der; ++ const unsigned char *p; ++ int spki_len; ++ NETSCAPE_SPKI *spki; ++ if (len <= 0) ++ len = strlen(str); ++ if (!(spki_der = OPENSSL_malloc(len + 1))) { ++ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); ++ if (spki_len < 0) { ++ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR); ++ OPENSSL_free(spki_der); ++ return NULL; ++ } ++ p = spki_der; ++ spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); ++ OPENSSL_free(spki_der); ++ return spki; + } + + /* Generate a base64 encoded string from an SPKI */ + +-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) ++char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) + { +- unsigned char *der_spki, *p; +- char *b64_str; +- int der_len; +- der_len = i2d_NETSCAPE_SPKI(spki, NULL); +- der_spki = OPENSSL_malloc(der_len); +- b64_str = OPENSSL_malloc(der_len * 2); +- if(!der_spki || !b64_str) { +- X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- p = der_spki; +- i2d_NETSCAPE_SPKI(spki, &p); +- EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); +- OPENSSL_free(der_spki); +- return b64_str; ++ unsigned char *der_spki, *p; ++ char *b64_str; ++ int der_len; ++ der_len = i2d_NETSCAPE_SPKI(spki, NULL); ++ der_spki = OPENSSL_malloc(der_len); ++ b64_str = OPENSSL_malloc(der_len * 2); ++ if (!der_spki || !b64_str) { ++ X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ p = der_spki; ++ i2d_NETSCAPE_SPKI(spki, &p); ++ EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); ++ OPENSSL_free(der_spki); ++ return b64_str; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c +index 2cd994c..eb177fc 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509type.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509type.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -63,59 +63,59 @@ + #include + + int X509_certificate_type(X509 *x, EVP_PKEY *pkey) +- { +- EVP_PKEY *pk; +- int ret=0,i; +- +- if (x == NULL) return(0); ++{ ++ EVP_PKEY *pk; ++ int ret = 0, i; + +- if (pkey == NULL) +- pk=X509_get_pubkey(x); +- else +- pk=pkey; ++ if (x == NULL) ++ return (0); + +- if (pk == NULL) return(0); ++ if (pkey == NULL) ++ pk = X509_get_pubkey(x); ++ else ++ pk = pkey; + +- switch (pk->type) +- { +- case EVP_PKEY_RSA: +- ret=EVP_PK_RSA|EVP_PKT_SIGN; +-/* if (!sign only extension) */ +- ret|=EVP_PKT_ENC; +- break; +- case EVP_PKEY_DSA: +- ret=EVP_PK_DSA|EVP_PKT_SIGN; +- break; +- case EVP_PKEY_EC: +- ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; +- break; +- case EVP_PKEY_DH: +- ret=EVP_PK_DH|EVP_PKT_EXCH; +- break; +- default: +- break; +- } ++ if (pk == NULL) ++ return (0); + +- i=X509_get_signature_type(x); +- switch (i) +- { +- case EVP_PKEY_RSA: +- ret|=EVP_PKS_RSA; +- break; +- case EVP_PKEY_DSA: +- ret|=EVP_PKS_DSA; +- break; +- case EVP_PKEY_EC: +- ret|=EVP_PKS_EC; +- break; +- default: +- break; +- } ++ switch (pk->type) { ++ case EVP_PKEY_RSA: ++ ret = EVP_PK_RSA | EVP_PKT_SIGN; ++/* if (!sign only extension) */ ++ ret |= EVP_PKT_ENC; ++ break; ++ case EVP_PKEY_DSA: ++ ret = EVP_PK_DSA | EVP_PKT_SIGN; ++ break; ++ case EVP_PKEY_EC: ++ ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH; ++ break; ++ case EVP_PKEY_DH: ++ ret = EVP_PK_DH | EVP_PKT_EXCH; ++ break; ++ default: ++ break; ++ } + +- if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look +- for, not bytes */ +- ret|=EVP_PKT_EXP; +- if(pkey==NULL) EVP_PKEY_free(pk); +- return(ret); +- } ++ i = X509_get_signature_type(x); ++ switch (i) { ++ case EVP_PKEY_RSA: ++ ret |= EVP_PKS_RSA; ++ break; ++ case EVP_PKEY_DSA: ++ ret |= EVP_PKS_DSA; ++ break; ++ case EVP_PKEY_EC: ++ ret |= EVP_PKS_EC; ++ break; ++ default: ++ break; ++ } + ++ /* /8 because it's 1024 bits we look for, not bytes */ ++ if (EVP_PKEY_size(pk) <= 1024 / 8) ++ ret |= EVP_PKT_EXP; ++ if (pkey == NULL) ++ EVP_PKEY_free(pk); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c +index c7b07f7..3140cea 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x_all.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -65,459 +65,464 @@ + #include + #include + #ifndef OPENSSL_NO_RSA +-#include ++# include + #endif + #ifndef OPENSSL_NO_DSA +-#include ++# include + #endif + + int X509_verify(X509 *a, EVP_PKEY *r) +- { +- return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, +- a->signature,a->cert_info,r)); +- } ++{ ++ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) ++ return 0; ++ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, ++ a->signature, a->cert_info, r)); ++} + + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) +- { +- return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), +- a->sig_alg,a->signature,a->req_info,r)); +- } ++{ ++ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), ++ a->sig_alg, a->signature, a->req_info, r)); ++} + + int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) +- { +- return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), +- a->sig_alg, a->signature,a->crl,r)); +- } ++{ ++ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), ++ a->sig_alg, a->signature, a->crl, r)); ++} + + int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) +- { +- return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), +- a->sig_algor,a->signature,a->spkac,r)); +- } ++{ ++ return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), ++ a->sig_algor, a->signature, a->spkac, r)); ++} + + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +- { +- x->cert_info->enc.modified = 1; +- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, +- x->sig_alg, x->signature, x->cert_info,pkey,md)); +- } ++{ ++ x->cert_info->enc.modified = 1; ++ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, ++ x->sig_alg, x->signature, x->cert_info, pkey, md)); ++} + + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) +- { +- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, +- x->signature, x->req_info,pkey,md)); +- } ++{ ++ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, ++ x->signature, x->req_info, pkey, md)); ++} + + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) +- { +- x->crl->enc.modified = 1; +- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, +- x->sig_alg, x->signature, x->crl,pkey,md)); +- } ++{ ++ x->crl->enc.modified = 1; ++ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, ++ x->sig_alg, x->signature, x->crl, pkey, md)); ++} + + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) +- { +- return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, +- x->signature, x->spkac,pkey,md)); +- } ++{ ++ return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, ++ x->signature, x->spkac, pkey, md)); ++} + + #ifndef OPENSSL_NO_FP_API + X509 *d2i_X509_fp(FILE *fp, X509 **x509) +- { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); +- } ++{ ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); ++} + + int i2d_X509_fp(FILE *fp, X509 *x509) +- { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); +- } ++{ ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); ++} + #endif + + X509 *d2i_X509_bio(BIO *bp, X509 **x509) +- { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); +- } ++{ ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); ++} + + int i2d_X509_bio(BIO *bp, X509 *x509) +- { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); +- } ++{ ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); ++} + + #ifndef OPENSSL_NO_FP_API + X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) +- { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); +- } ++{ ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); ++} + + int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) +- { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); +- } ++{ ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); ++} + #endif + + X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) +- { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); +- } ++{ ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); ++} + + int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) +- { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); +- } ++{ ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); ++} + + #ifndef OPENSSL_NO_FP_API + PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) +- { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); +- } ++{ ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); ++} + + int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) +- { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); +- } ++{ ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); ++} + #endif + + PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) +- { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); +- } ++{ ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); ++} + + int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) +- { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); +- } ++{ ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); ++} + + #ifndef OPENSSL_NO_FP_API + X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) +- { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); +- } ++{ ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); ++} + + int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) +- { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); +- } ++{ ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); ++} + #endif + + X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) +- { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); +- } ++{ ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); ++} + + int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) +- { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); +- } ++{ ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); ++} + + #ifndef OPENSSL_NO_RSA + +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) +- { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); +- } ++{ ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); ++} + + int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) +- { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); +- } ++{ ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); ++} + + RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) +- { +- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); +- } +- ++{ ++ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); ++} + + RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) +- { +- return ASN1_d2i_fp((void *(*)(void)) +- RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp, +- (void **)rsa); +- } ++{ ++ return ASN1_d2i_fp((void *(*)(void)) ++ RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, ++ (void **)rsa); ++} + + int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) +- { +- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); +- } ++{ ++ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); ++} + + int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) +- { +- return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa); +- } +-#endif ++{ ++ return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); ++} ++# endif + + RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) +- { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); +- } ++{ ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); ++} + + int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) +- { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); +- } ++{ ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); ++} + + RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) +- { +- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); +- } +- ++{ ++ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); ++} + + RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) +- { +- return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa); +- } ++{ ++ return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); ++} + + int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) +- { +- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); +- } ++{ ++ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); ++} + + int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) +- { +- return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa); +- } ++{ ++ return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); ++} + #endif + + #ifndef OPENSSL_NO_DSA +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) +- { +- return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); +- } ++{ ++ return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); ++} + + int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) +- { +- return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa); +- } ++{ ++ return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa); ++} + + DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) +- { +- return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa); +- } ++{ ++ return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); ++} + + int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) +- { +- return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa); +- } +-#endif ++{ ++ return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); ++} ++# endif + + DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) +- { +- return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa +-); +- } ++{ ++ return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); ++} + + int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) +- { +- return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa); +- } ++{ ++ return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa); ++} + + DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) +- { +- return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa); +- } ++{ ++ return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); ++} + + int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) +- { +- return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa); +- } ++{ ++ return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); ++} + + #endif + + #ifndef OPENSSL_NO_EC +-#ifndef OPENSSL_NO_FP_API ++# ifndef OPENSSL_NO_FP_API + EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) +- { +- return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); +- } +- ++{ ++ return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); ++} ++ + int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) +- { +- return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey); +- } ++{ ++ return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); ++} + + EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) +- { +- return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey); +- } +- ++{ ++ return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); ++} ++ + int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) +- { +- return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey); +- } +-#endif ++{ ++ return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); ++} ++# endif + EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) +- { +- return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey); +- } +- ++{ ++ return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); ++} ++ + int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) +- { +- return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa); +- } ++{ ++ return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); ++} + + EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) +- { +- return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey); +- } +- ++{ ++ return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); ++} ++ + int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) +- { +- return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey); +- } ++{ ++ return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); ++} + #endif + +- +-int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +- unsigned int *len) +- { +- ASN1_BIT_STRING *key; +- key = X509_get0_pubkey_bitstr(data); +- if(!key) return 0; +- return EVP_Digest(key->data, key->length, md, len, type, NULL); +- } ++int X509_pubkey_digest(const X509 *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len) ++{ ++ ASN1_BIT_STRING *key; ++ key = X509_get0_pubkey_bitstr(data); ++ if (!key) ++ return 0; ++ return EVP_Digest(key->data, key->length, md, len, type, NULL); ++} + + int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +- unsigned int *len) +- { +- return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); +- } +- +-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, +- unsigned int *len) +- { +- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); +- } +- +-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, +- unsigned int *len) +- { +- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); +- } +- +-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, +- unsigned int *len) +- { +- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); +- } +- +-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, +- unsigned char *md, unsigned int *len) +- { +- return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, +- (char *)data,md,len)); +- } ++ unsigned int *len) ++{ ++ return (ASN1_item_digest ++ (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); ++} ++ ++int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len) ++{ ++ return (ASN1_item_digest ++ (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); ++} + ++int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len) ++{ ++ return (ASN1_item_digest ++ (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len)); ++} ++ ++int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, ++ unsigned char *md, unsigned int *len) ++{ ++ return (ASN1_item_digest ++ (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len)); ++} ++ ++int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, ++ const EVP_MD *type, unsigned char *md, ++ unsigned int *len) ++{ ++ return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, ++ (char *)data, md, len)); ++} + + #ifndef OPENSSL_NO_FP_API + X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) +- { +- return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); +- } ++{ ++ return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); ++} + + int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) +- { +- return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8); +- } ++{ ++ return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); ++} + #endif + + X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) +- { +- return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8); +- } ++{ ++ return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); ++} + + int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) +- { +- return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); +- } ++{ ++ return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); ++} + + #ifndef OPENSSL_NO_FP_API + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, +- PKCS8_PRIV_KEY_INFO **p8inf) +- { +- return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, +- d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf); +- } ++ PKCS8_PRIV_KEY_INFO **p8inf) ++{ ++ return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, ++ d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); ++} + + int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) +- { +- return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp, +- p8inf); +- } ++{ ++ return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, ++ p8inf); ++} + + int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) +- { +- PKCS8_PRIV_KEY_INFO *p8inf; +- int ret; +- p8inf = EVP_PKEY2PKCS8(key); +- if(!p8inf) return 0; +- ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- return ret; +- } ++{ ++ PKCS8_PRIV_KEY_INFO *p8inf; ++ int ret; ++ p8inf = EVP_PKEY2PKCS8(key); ++ if (!p8inf) ++ return 0; ++ ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ return ret; ++} + + int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) +- { +- return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey); +- } ++{ ++ return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); ++} + + EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) + { +- return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a); ++ return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); + } + + int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) +- { +- return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey); +- } ++{ ++ return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); ++} + + EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) + { +- return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a); ++ return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); + } + + #endif + + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, +- PKCS8_PRIV_KEY_INFO **p8inf) +- { +- return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new, +- d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf); +- } ++ PKCS8_PRIV_KEY_INFO **p8inf) ++{ ++ return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, ++ d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); ++} + + int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) +- { +- return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp, +- p8inf); +- } ++{ ++ return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, ++ p8inf); ++} + + int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) +- { +- PKCS8_PRIV_KEY_INFO *p8inf; +- int ret; +- p8inf = EVP_PKEY2PKCS8(key); +- if(!p8inf) return 0; +- ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); +- PKCS8_PRIV_KEY_INFO_free(p8inf); +- return ret; +- } ++{ ++ PKCS8_PRIV_KEY_INFO *p8inf; ++ int ret; ++ p8inf = EVP_PKEY2PKCS8(key); ++ if (!p8inf) ++ return 0; ++ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); ++ PKCS8_PRIV_KEY_INFO_free(p8inf); ++ return ret; ++} + + int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) +- { +- return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey); +- } ++{ ++ return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); ++} + + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) +- { +- return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a); +- } ++{ ++ return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); ++} + + int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) +- { +- return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey); +- } ++{ ++ return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); ++} + + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) +- { +- return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a); +- } ++{ ++ return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +index 1030931..1530cc8 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +@@ -1,6 +1,7 @@ + /* pcy_cache.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,226 +63,208 @@ + + #include "pcy_int.h" + +-static int policy_data_cmp(const X509_POLICY_DATA * const *a, +- const X509_POLICY_DATA * const *b); ++static int policy_data_cmp(const X509_POLICY_DATA *const *a, ++ const X509_POLICY_DATA *const *b); + static int policy_cache_set_int(long *out, ASN1_INTEGER *value); + +-/* Set cache entry according to CertificatePolicies extension. +- * Note: this destroys the passed CERTIFICATEPOLICIES structure. ++/* ++ * Set cache entry according to CertificatePolicies extension. Note: this ++ * destroys the passed CERTIFICATEPOLICIES structure. + */ + + static int policy_cache_create(X509 *x, +- CERTIFICATEPOLICIES *policies, int crit) +- { +- int i; +- int ret = 0; +- X509_POLICY_CACHE *cache = x->policy_cache; +- X509_POLICY_DATA *data = NULL; +- POLICYINFO *policy; +- if (sk_POLICYINFO_num(policies) == 0) +- goto bad_policy; +- cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); +- if (!cache->data) +- goto bad_policy; +- for (i = 0; i < sk_POLICYINFO_num(policies); i++) +- { +- policy = sk_POLICYINFO_value(policies, i); +- data = policy_data_new(policy, NULL, crit); +- if (!data) +- goto bad_policy; +- /* Duplicate policy OIDs are illegal: reject if matches +- * found. +- */ +- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) +- { +- if (cache->anyPolicy) +- { +- ret = -1; +- goto bad_policy; +- } +- cache->anyPolicy = data; +- } +- else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) +- { +- ret = -1; +- goto bad_policy; +- } +- else if (!sk_X509_POLICY_DATA_push(cache->data, data)) +- goto bad_policy; +- data = NULL; +- } +- ret = 1; +- bad_policy: +- if (ret == -1) +- x->ex_flags |= EXFLAG_INVALID_POLICY; +- if (data) +- policy_data_free(data); +- sk_POLICYINFO_pop_free(policies, POLICYINFO_free); +- if (ret <= 0) +- { +- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); +- cache->data = NULL; +- } +- return ret; +- } ++ CERTIFICATEPOLICIES *policies, int crit) ++{ ++ int i; ++ int ret = 0; ++ X509_POLICY_CACHE *cache = x->policy_cache; ++ X509_POLICY_DATA *data = NULL; ++ POLICYINFO *policy; ++ if (sk_POLICYINFO_num(policies) == 0) ++ goto bad_policy; ++ cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); ++ if (!cache->data) ++ goto bad_policy; ++ for (i = 0; i < sk_POLICYINFO_num(policies); i++) { ++ policy = sk_POLICYINFO_value(policies, i); ++ data = policy_data_new(policy, NULL, crit); ++ if (!data) ++ goto bad_policy; ++ /* ++ * Duplicate policy OIDs are illegal: reject if matches found. ++ */ ++ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { ++ if (cache->anyPolicy) { ++ ret = -1; ++ goto bad_policy; ++ } ++ cache->anyPolicy = data; ++ } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { ++ ret = -1; ++ goto bad_policy; ++ } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) ++ goto bad_policy; ++ data = NULL; ++ } ++ ret = 1; ++ bad_policy: ++ if (ret == -1) ++ x->ex_flags |= EXFLAG_INVALID_POLICY; ++ if (data) ++ policy_data_free(data); ++ sk_POLICYINFO_pop_free(policies, POLICYINFO_free); ++ if (ret <= 0) { ++ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); ++ cache->data = NULL; ++ } ++ return ret; ++} + +- + static int policy_cache_new(X509 *x) +- { +- X509_POLICY_CACHE *cache; +- ASN1_INTEGER *ext_any = NULL; +- POLICY_CONSTRAINTS *ext_pcons = NULL; +- CERTIFICATEPOLICIES *ext_cpols = NULL; +- POLICY_MAPPINGS *ext_pmaps = NULL; +- int i; +- cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); +- if (!cache) +- return 0; +- cache->anyPolicy = NULL; +- cache->data = NULL; +- cache->maps = NULL; +- cache->any_skip = -1; +- cache->explicit_skip = -1; +- cache->map_skip = -1; ++{ ++ X509_POLICY_CACHE *cache; ++ ASN1_INTEGER *ext_any = NULL; ++ POLICY_CONSTRAINTS *ext_pcons = NULL; ++ CERTIFICATEPOLICIES *ext_cpols = NULL; ++ POLICY_MAPPINGS *ext_pmaps = NULL; ++ int i; ++ cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); ++ if (!cache) ++ return 0; ++ cache->anyPolicy = NULL; ++ cache->data = NULL; ++ cache->maps = NULL; ++ cache->any_skip = -1; ++ cache->explicit_skip = -1; ++ cache->map_skip = -1; + +- x->policy_cache = cache; ++ x->policy_cache = cache; + +- /* Handle requireExplicitPolicy *first*. Need to process this +- * even if we don't have any policies. +- */ +- ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); ++ /* ++ * Handle requireExplicitPolicy *first*. Need to process this even if we ++ * don't have any policies. ++ */ ++ ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); + +- if (!ext_pcons) +- { +- if (i != -1) +- goto bad_cache; +- } +- else +- { +- if (!ext_pcons->requireExplicitPolicy +- && !ext_pcons->inhibitPolicyMapping) +- goto bad_cache; +- if (!policy_cache_set_int(&cache->explicit_skip, +- ext_pcons->requireExplicitPolicy)) +- goto bad_cache; +- if (!policy_cache_set_int(&cache->map_skip, +- ext_pcons->inhibitPolicyMapping)) +- goto bad_cache; +- } ++ if (!ext_pcons) { ++ if (i != -1) ++ goto bad_cache; ++ } else { ++ if (!ext_pcons->requireExplicitPolicy ++ && !ext_pcons->inhibitPolicyMapping) ++ goto bad_cache; ++ if (!policy_cache_set_int(&cache->explicit_skip, ++ ext_pcons->requireExplicitPolicy)) ++ goto bad_cache; ++ if (!policy_cache_set_int(&cache->map_skip, ++ ext_pcons->inhibitPolicyMapping)) ++ goto bad_cache; ++ } + +- /* Process CertificatePolicies */ ++ /* Process CertificatePolicies */ + +- ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); +- /* If no CertificatePolicies extension or problem decoding then +- * there is no point continuing because the valid policies will be +- * NULL. +- */ +- if (!ext_cpols) +- { +- /* If not absent some problem with extension */ +- if (i != -1) +- goto bad_cache; +- return 1; +- } ++ ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); ++ /* ++ * If no CertificatePolicies extension or problem decoding then there is ++ * no point continuing because the valid policies will be NULL. ++ */ ++ if (!ext_cpols) { ++ /* If not absent some problem with extension */ ++ if (i != -1) ++ goto bad_cache; ++ return 1; ++ } + +- i = policy_cache_create(x, ext_cpols, i); ++ i = policy_cache_create(x, ext_cpols, i); + +- /* NB: ext_cpols freed by policy_cache_set_policies */ ++ /* NB: ext_cpols freed by policy_cache_set_policies */ + +- if (i <= 0) +- return i; ++ if (i <= 0) ++ return i; + +- ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); ++ ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); + +- if (!ext_pmaps) +- { +- /* If not absent some problem with extension */ +- if (i != -1) +- goto bad_cache; +- } +- else +- { +- i = policy_cache_set_mapping(x, ext_pmaps); +- if (i <= 0) +- goto bad_cache; +- } ++ if (!ext_pmaps) { ++ /* If not absent some problem with extension */ ++ if (i != -1) ++ goto bad_cache; ++ } else { ++ i = policy_cache_set_mapping(x, ext_pmaps); ++ if (i <= 0) ++ goto bad_cache; ++ } + +- ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); ++ ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); + +- if (!ext_any) +- { +- if (i != -1) +- goto bad_cache; +- } +- else if (!policy_cache_set_int(&cache->any_skip, ext_any)) +- goto bad_cache; ++ if (!ext_any) { ++ if (i != -1) ++ goto bad_cache; ++ } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) ++ goto bad_cache; + +- if (0) +- { +- bad_cache: +- x->ex_flags |= EXFLAG_INVALID_POLICY; +- } ++ if (0) { ++ bad_cache: ++ x->ex_flags |= EXFLAG_INVALID_POLICY; ++ } + +- if(ext_pcons) +- POLICY_CONSTRAINTS_free(ext_pcons); ++ if (ext_pcons) ++ POLICY_CONSTRAINTS_free(ext_pcons); + +- if (ext_any) +- ASN1_INTEGER_free(ext_any); ++ if (ext_any) ++ ASN1_INTEGER_free(ext_any); + +- return 1; ++ return 1; + +- + } + + void policy_cache_free(X509_POLICY_CACHE *cache) +- { +- if (!cache) +- return; +- if (cache->anyPolicy) +- policy_data_free(cache->anyPolicy); +- if (cache->data) +- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); +- OPENSSL_free(cache); +- } ++{ ++ if (!cache) ++ return; ++ if (cache->anyPolicy) ++ policy_data_free(cache->anyPolicy); ++ if (cache->data) ++ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); ++ OPENSSL_free(cache); ++} + + const X509_POLICY_CACHE *policy_cache_set(X509 *x) +- { ++{ + +- if (x->policy_cache == NULL) +- { +- CRYPTO_w_lock(CRYPTO_LOCK_X509); +- policy_cache_new(x); +- CRYPTO_w_unlock(CRYPTO_LOCK_X509); +- } ++ if (x->policy_cache == NULL) { ++ CRYPTO_w_lock(CRYPTO_LOCK_X509); ++ policy_cache_new(x); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509); ++ } + +- return x->policy_cache; ++ return x->policy_cache; + +- } ++} + + X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, +- const ASN1_OBJECT *id) +- { +- int idx; +- X509_POLICY_DATA tmp; +- tmp.valid_policy = (ASN1_OBJECT *)id; +- idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); +- if (idx == -1) +- return NULL; +- return sk_X509_POLICY_DATA_value(cache->data, idx); +- } ++ const ASN1_OBJECT *id) ++{ ++ int idx; ++ X509_POLICY_DATA tmp; ++ tmp.valid_policy = (ASN1_OBJECT *)id; ++ idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); ++ if (idx == -1) ++ return NULL; ++ return sk_X509_POLICY_DATA_value(cache->data, idx); ++} + +-static int policy_data_cmp(const X509_POLICY_DATA * const *a, +- const X509_POLICY_DATA * const *b) +- { +- return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); +- } ++static int policy_data_cmp(const X509_POLICY_DATA *const *a, ++ const X509_POLICY_DATA *const *b) ++{ ++ return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); ++} + + static int policy_cache_set_int(long *out, ASN1_INTEGER *value) +- { +- if (value == NULL) +- return 1; +- if (value->type == V_ASN1_NEG_INTEGER) +- return 0; +- *out = ASN1_INTEGER_get(value); +- return 1; +- } ++{ ++ if (value == NULL) ++ return 1; ++ if (value->type == V_ASN1_NEG_INTEGER) ++ return 0; ++ *out = ASN1_INTEGER_get(value); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +index fb392b9..0a6b83b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +@@ -1,6 +1,7 @@ + /* pcy_data.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -65,67 +66,62 @@ + /* Policy Node routines */ + + void policy_data_free(X509_POLICY_DATA *data) +- { +- ASN1_OBJECT_free(data->valid_policy); +- /* Don't free qualifiers if shared */ +- if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) +- sk_POLICYQUALINFO_pop_free(data->qualifier_set, +- POLICYQUALINFO_free); +- sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); +- OPENSSL_free(data); +- } ++{ ++ ASN1_OBJECT_free(data->valid_policy); ++ /* Don't free qualifiers if shared */ ++ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) ++ sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free); ++ sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); ++ OPENSSL_free(data); ++} + +-/* Create a data based on an existing policy. If 'id' is NULL use the +- * oid in the policy, otherwise use 'id'. This behaviour covers the two +- * types of data in RFC3280: data with from a CertificatePolcies extension +- * and additional data with just the qualifiers of anyPolicy and ID from +- * another source. ++/* ++ * Create a data based on an existing policy. If 'id' is NULL use the oid in ++ * the policy, otherwise use 'id'. This behaviour covers the two types of ++ * data in RFC3280: data with from a CertificatePolcies extension and ++ * additional data with just the qualifiers of anyPolicy and ID from another ++ * source. + */ + +-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit) +- { +- X509_POLICY_DATA *ret; +- if (!policy && !id) +- return NULL; +- if (id) +- { +- id = OBJ_dup(id); +- if (!id) +- return NULL; +- } +- ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); +- if (!ret) +- return NULL; +- ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); +- if (!ret->expected_policy_set) +- { +- OPENSSL_free(ret); +- if (id) +- ASN1_OBJECT_free(id); +- return NULL; +- } ++X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, ++ int crit) ++{ ++ X509_POLICY_DATA *ret; ++ if (!policy && !id) ++ return NULL; ++ if (id) { ++ id = OBJ_dup(id); ++ if (!id) ++ return NULL; ++ } ++ ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); ++ if (!ret) ++ return NULL; ++ ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); ++ if (!ret->expected_policy_set) { ++ OPENSSL_free(ret); ++ if (id) ++ ASN1_OBJECT_free(id); ++ return NULL; ++ } + +- if (crit) +- ret->flags = POLICY_DATA_FLAG_CRITICAL; +- else +- ret->flags = 0; ++ if (crit) ++ ret->flags = POLICY_DATA_FLAG_CRITICAL; ++ else ++ ret->flags = 0; + +- if (id) +- ret->valid_policy = id; +- else +- { +- ret->valid_policy = policy->policyid; +- policy->policyid = NULL; +- } ++ if (id) ++ ret->valid_policy = id; ++ else { ++ ret->valid_policy = policy->policyid; ++ policy->policyid = NULL; ++ } + +- if (policy) +- { +- ret->qualifier_set = policy->qualifiers; +- policy->qualifiers = NULL; +- } +- else +- ret->qualifier_set = NULL; +- +- return ret; +- } ++ if (policy) { ++ ret->qualifier_set = policy->qualifiers; ++ policy->qualifiers = NULL; ++ } else ++ ret->qualifier_set = NULL; + ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +index 93bfd92..dbb2983 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +@@ -1,6 +1,7 @@ + /* pcy_lib.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include "cryptlib.h" + #include + #include +@@ -68,100 +68,100 @@ + /* X509_POLICY_TREE stuff */ + + int X509_policy_tree_level_count(const X509_POLICY_TREE *tree) +- { +- if (!tree) +- return 0; +- return tree->nlevel; +- } +- +-X509_POLICY_LEVEL * +- X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i) +- { +- if (!tree || (i < 0) || (i >= tree->nlevel)) +- return NULL; +- return tree->levels + i; +- } +- +-STACK_OF(X509_POLICY_NODE) * +- X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree) +- { +- if (!tree) +- return NULL; +- return tree->auth_policies; +- } +- +-STACK_OF(X509_POLICY_NODE) * +- X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree) +- { +- if (!tree) +- return NULL; +- if (tree->flags & POLICY_FLAG_ANY_POLICY) +- return tree->auth_policies; +- else +- return tree->user_policies; +- } ++{ ++ if (!tree) ++ return 0; ++ return tree->nlevel; ++} ++ ++X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, ++ int i) ++{ ++ if (!tree || (i < 0) || (i >= tree->nlevel)) ++ return NULL; ++ return tree->levels + i; ++} ++ ++STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const ++ X509_POLICY_TREE ++ *tree) ++{ ++ if (!tree) ++ return NULL; ++ return tree->auth_policies; ++} ++ ++STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const ++ X509_POLICY_TREE ++ *tree) ++{ ++ if (!tree) ++ return NULL; ++ if (tree->flags & POLICY_FLAG_ANY_POLICY) ++ return tree->auth_policies; ++ else ++ return tree->user_policies; ++} + + /* X509_POLICY_LEVEL stuff */ + + int X509_policy_level_node_count(X509_POLICY_LEVEL *level) +- { +- int n; +- if (!level) +- return 0; +- if (level->anyPolicy) +- n = 1; +- else +- n = 0; +- if (level->nodes) +- n += sk_X509_POLICY_NODE_num(level->nodes); +- return n; +- } ++{ ++ int n; ++ if (!level) ++ return 0; ++ if (level->anyPolicy) ++ n = 1; ++ else ++ n = 0; ++ if (level->nodes) ++ n += sk_X509_POLICY_NODE_num(level->nodes); ++ return n; ++} + + X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) +- { +- if (!level) +- return NULL; +- if (level->anyPolicy) +- { +- if (i == 0) +- return level->anyPolicy; +- i--; +- } +- return sk_X509_POLICY_NODE_value(level->nodes, i); +- } ++{ ++ if (!level) ++ return NULL; ++ if (level->anyPolicy) { ++ if (i == 0) ++ return level->anyPolicy; ++ i--; ++ } ++ return sk_X509_POLICY_NODE_value(level->nodes, i); ++} + + /* X509_POLICY_NODE stuff */ + + const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) +- { +- if (!node) +- return NULL; +- return node->data->valid_policy; +- } ++{ ++ if (!node) ++ return NULL; ++ return node->data->valid_policy; ++} + + #if 0 + int X509_policy_node_get_critical(const X509_POLICY_NODE *node) +- { +- if (node_critical(node)) +- return 1; +- return 0; +- } ++{ ++ if (node_critical(node)) ++ return 1; ++ return 0; ++} + #endif + +-STACK_OF(POLICYQUALINFO) * +- X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) +- { +- if (!node) +- return NULL; +- return node->data->qualifier_set; +- } +- +-const X509_POLICY_NODE * +- X509_policy_node_get0_parent(const X509_POLICY_NODE *node) +- { +- if (!node) +- return NULL; +- return node->parent; +- } +- +- ++STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const ++ X509_POLICY_NODE ++ *node) ++{ ++ if (!node) ++ return NULL; ++ return node->data->qualifier_set; ++} ++ ++const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE ++ *node) ++{ ++ if (!node) ++ return NULL; ++ return node->parent; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +index acd2ede..0067c3d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +@@ -1,6 +1,7 @@ + /* pcy_map.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -63,126 +64,122 @@ + #include "pcy_int.h" + + static int ref_cmp(const X509_POLICY_REF * const *a, +- const X509_POLICY_REF * const *b) +- { +- return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); +- } +- +-static void policy_map_free(X509_POLICY_REF *map) +- { +- OPENSSL_free(map); +- } +- +-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id) +- { +- X509_POLICY_REF tmp; +- int idx; +- tmp.subjectDomainPolicy = id; +- +- idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); +- if (idx == -1) +- return NULL; +- return sk_X509_POLICY_REF_value(cache->maps, idx); +- } +- +-/* Set policy mapping entries in cache. +- * Note: this modifies the passed POLICY_MAPPINGS structure ++ const X509_POLICY_REF * const *b) ++{ ++ return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy); ++} ++ ++static void policy_map_free(X509_POLICY_REF * map) ++{ ++ OPENSSL_free(map); ++} ++ ++static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ++ ASN1_OBJECT *id) ++{ ++ X509_POLICY_REF tmp; ++ int idx; ++ tmp.subjectDomainPolicy = id; ++ ++ idx = sk_X509_POLICY_REF_find(cache->maps, &tmp); ++ if (idx == -1) ++ return NULL; ++ return sk_X509_POLICY_REF_value(cache->maps, idx); ++} ++ ++/* ++ * Set policy mapping entries in cache. Note: this modifies the passed ++ * POLICY_MAPPINGS structure + */ + + int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) +- { +- POLICY_MAPPING *map; +- X509_POLICY_REF *ref = NULL; +- ASN1_OBJECT *subjectDomainPolicyRef; +- X509_POLICY_DATA *data; +- X509_POLICY_CACHE *cache = x->policy_cache; +- int i; +- int ret = 0; +- if (sk_POLICY_MAPPING_num(maps) == 0) +- { +- ret = -1; +- goto bad_mapping; +- } +- cache->maps = sk_X509_POLICY_REF_new(ref_cmp); +- for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) +- { +- map = sk_POLICY_MAPPING_value(maps, i); +- /* Reject if map to or from anyPolicy */ +- if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) +- || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) +- { +- ret = -1; +- goto bad_mapping; +- } +- +- /* If we've already mapped from this OID bad mapping */ +- if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) +- { +- ret = -1; +- goto bad_mapping; +- } +- +- /* Attempt to find matching policy data */ +- data = policy_cache_find_data(cache, map->issuerDomainPolicy); +- /* If we don't have anyPolicy can't map */ +- if (!data && !cache->anyPolicy) +- continue; +- +- /* Create a NODE from anyPolicy */ +- if (!data) +- { +- data = policy_data_new(NULL, map->issuerDomainPolicy, +- cache->anyPolicy->flags +- & POLICY_DATA_FLAG_CRITICAL); +- if (!data) +- goto bad_mapping; +- data->qualifier_set = cache->anyPolicy->qualifier_set; +- map->issuerDomainPolicy = NULL; +- data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; +- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (!sk_X509_POLICY_DATA_push(cache->data, data)) +- { +- policy_data_free(data); +- goto bad_mapping; +- } +- } +- else +- data->flags |= POLICY_DATA_FLAG_MAPPED; +- +- if (!sk_ASN1_OBJECT_push(data->expected_policy_set, +- map->subjectDomainPolicy)) +- goto bad_mapping; +- /* map->subjectDomainPolicy will be freed when +- * cache->data is freed. Set it to NULL to avoid double-free. */ +- subjectDomainPolicyRef = map->subjectDomainPolicy; +- map->subjectDomainPolicy = NULL; +- +- ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); +- if (!ref) +- goto bad_mapping; +- +- ref->subjectDomainPolicy = subjectDomainPolicyRef; +- ref->data = data; +- +- if (!sk_X509_POLICY_REF_push(cache->maps, ref)) +- goto bad_mapping; +- +- ref = NULL; +- +- } +- +- ret = 1; +- bad_mapping: +- if (ret == -1) +- x->ex_flags |= EXFLAG_INVALID_POLICY; +- if (ref) +- policy_map_free(ref); +- if (ret <= 0) +- { +- sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); +- cache->maps = NULL; +- } +- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); +- return ret; +- +- } ++{ ++ POLICY_MAPPING *map; ++ X509_POLICY_REF *ref = NULL; ++ ASN1_OBJECT *subjectDomainPolicyRef; ++ X509_POLICY_DATA *data; ++ X509_POLICY_CACHE *cache = x->policy_cache; ++ int i; ++ int ret = 0; ++ if (sk_POLICY_MAPPING_num(maps) == 0) { ++ ret = -1; ++ goto bad_mapping; ++ } ++ cache->maps = sk_X509_POLICY_REF_new(ref_cmp); ++ for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { ++ map = sk_POLICY_MAPPING_value(maps, i); ++ /* Reject if map to or from anyPolicy */ ++ if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) ++ || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) { ++ ret = -1; ++ goto bad_mapping; ++ } ++ ++ /* If we've already mapped from this OID bad mapping */ ++ if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) { ++ ret = -1; ++ goto bad_mapping; ++ } ++ ++ /* Attempt to find matching policy data */ ++ data = policy_cache_find_data(cache, map->issuerDomainPolicy); ++ /* If we don't have anyPolicy can't map */ ++ if (!data && !cache->anyPolicy) ++ continue; ++ ++ /* Create a NODE from anyPolicy */ ++ if (!data) { ++ data = policy_data_new(NULL, map->issuerDomainPolicy, ++ cache->anyPolicy->flags ++ & POLICY_DATA_FLAG_CRITICAL); ++ if (!data) ++ goto bad_mapping; ++ data->qualifier_set = cache->anyPolicy->qualifier_set; ++ map->issuerDomainPolicy = NULL; ++ data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; ++ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; ++ if (!sk_X509_POLICY_DATA_push(cache->data, data)) { ++ policy_data_free(data); ++ goto bad_mapping; ++ } ++ } else ++ data->flags |= POLICY_DATA_FLAG_MAPPED; ++ ++ if (!sk_ASN1_OBJECT_push(data->expected_policy_set, ++ map->subjectDomainPolicy)) ++ goto bad_mapping; ++ /* ++ * map->subjectDomainPolicy will be freed when cache->data is freed. ++ * Set it to NULL to avoid double-free. ++ */ ++ subjectDomainPolicyRef = map->subjectDomainPolicy; ++ map->subjectDomainPolicy = NULL; ++ ++ ref = OPENSSL_malloc(sizeof(X509_POLICY_REF)); ++ if (!ref) ++ goto bad_mapping; ++ ++ ref->subjectDomainPolicy = subjectDomainPolicyRef; ++ ref->data = data; ++ ++ if (!sk_X509_POLICY_REF_push(cache->maps, ref)) ++ goto bad_mapping; ++ ++ ref = NULL; ++ ++ } ++ ++ ret = 1; ++ bad_mapping: ++ if (ret == -1) ++ x->ex_flags |= EXFLAG_INVALID_POLICY; ++ if (ref) ++ policy_map_free(ref); ++ if (ret <= 0) { ++ sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free); ++ cache->maps = NULL; ++ } ++ sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); ++ return ret; ++ ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +index 6587cb0..438b49b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +@@ -1,6 +1,7 @@ + /* pcy_node.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,97 +63,90 @@ + + #include "pcy_int.h" + +-static int node_cmp(const X509_POLICY_NODE * const *a, +- const X509_POLICY_NODE * const *b) +- { +- return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); +- } ++static int node_cmp(const X509_POLICY_NODE *const *a, ++ const X509_POLICY_NODE *const *b) ++{ ++ return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); ++} + + STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void) +- { +- return sk_X509_POLICY_NODE_new(node_cmp); +- } ++{ ++ return sk_X509_POLICY_NODE_new(node_cmp); ++} + + X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, +- const ASN1_OBJECT *id) +- { +- X509_POLICY_DATA n; +- X509_POLICY_NODE l; +- int idx; ++ const ASN1_OBJECT *id) ++{ ++ X509_POLICY_DATA n; ++ X509_POLICY_NODE l; ++ int idx; + +- n.valid_policy = (ASN1_OBJECT *)id; +- l.data = &n; ++ n.valid_policy = (ASN1_OBJECT *)id; ++ l.data = &n; + +- idx = sk_X509_POLICY_NODE_find(nodes, &l); +- if (idx == -1) +- return NULL; ++ idx = sk_X509_POLICY_NODE_find(nodes, &l); ++ if (idx == -1) ++ return NULL; + +- return sk_X509_POLICY_NODE_value(nodes, idx); ++ return sk_X509_POLICY_NODE_value(nodes, idx); + +- } ++} + + X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, +- const ASN1_OBJECT *id) +- { +- return tree_find_sk(level->nodes, id); +- } ++ const ASN1_OBJECT *id) ++{ ++ return tree_find_sk(level->nodes, id); ++} + + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +- X509_POLICY_DATA *data, +- X509_POLICY_NODE *parent, +- X509_POLICY_TREE *tree) +- { +- X509_POLICY_NODE *node; +- node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); +- if (!node) +- return NULL; +- node->data = data; +- node->parent = parent; +- node->nchild = 0; +- if (level) +- { +- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) +- { +- if (level->anyPolicy) +- goto node_error; +- level->anyPolicy = node; +- } +- else +- { +- +- if (!level->nodes) +- level->nodes = policy_node_cmp_new(); +- if (!level->nodes) +- goto node_error; +- if (!sk_X509_POLICY_NODE_push(level->nodes, node)) +- goto node_error; +- } +- } +- +- if (tree) +- { +- if (!tree->extra_data) +- tree->extra_data = sk_X509_POLICY_DATA_new_null(); +- if (!tree->extra_data) +- goto node_error; +- if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) +- goto node_error; +- } +- +- if (parent) +- parent->nchild++; +- +- return node; +- +- node_error: +- policy_node_free(node); +- return 0; +- +- } ++ X509_POLICY_DATA *data, ++ X509_POLICY_NODE *parent, ++ X509_POLICY_TREE *tree) ++{ ++ X509_POLICY_NODE *node; ++ node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); ++ if (!node) ++ return NULL; ++ node->data = data; ++ node->parent = parent; ++ node->nchild = 0; ++ if (level) { ++ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { ++ if (level->anyPolicy) ++ goto node_error; ++ level->anyPolicy = node; ++ } else { ++ ++ if (!level->nodes) ++ level->nodes = policy_node_cmp_new(); ++ if (!level->nodes) ++ goto node_error; ++ if (!sk_X509_POLICY_NODE_push(level->nodes, node)) ++ goto node_error; ++ } ++ } ++ ++ if (tree) { ++ if (!tree->extra_data) ++ tree->extra_data = sk_X509_POLICY_DATA_new_null(); ++ if (!tree->extra_data) ++ goto node_error; ++ if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) ++ goto node_error; ++ } ++ ++ if (parent) ++ parent->nchild++; ++ ++ return node; ++ ++ node_error: ++ policy_node_free(node); ++ return 0; ++ ++} + + void policy_node_free(X509_POLICY_NODE *node) +- { +- OPENSSL_free(node); +- } +- +- ++{ ++ OPENSSL_free(node); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +index 92ad0a2..9e506e9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +@@ -1,6 +1,7 @@ + /* pcy_tree.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2004. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. + */ + /* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,7 +63,8 @@ + + #include "pcy_int.h" + +-/* Initialize policy tree. Return values: ++/*- ++ * Initialize policy tree. Return values: + * 0 Some internal error occured. + * -1 Inconsistent or invalid extensions in certificates. + * 1 Tree initialized OK. +@@ -72,626 +74,592 @@ + */ + + static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, +- unsigned int flags) +- { +- X509_POLICY_TREE *tree; +- X509_POLICY_LEVEL *level; +- const X509_POLICY_CACHE *cache; +- X509_POLICY_DATA *data = NULL; +- X509 *x; +- int ret = 1; +- int i, n; +- int explicit_policy; +- int any_skip; +- int map_skip; +- *ptree = NULL; +- n = sk_X509_num(certs); +- +- /* Disable policy mapping for now... */ +- flags |= X509_V_FLAG_INHIBIT_MAP; +- +- if (flags & X509_V_FLAG_EXPLICIT_POLICY) +- explicit_policy = 0; +- else +- explicit_policy = n + 1; +- +- if (flags & X509_V_FLAG_INHIBIT_ANY) +- any_skip = 0; +- else +- any_skip = n + 1; +- +- if (flags & X509_V_FLAG_INHIBIT_MAP) +- map_skip = 0; +- else +- map_skip = n + 1; +- +- /* Can't do anything with just a trust anchor */ +- if (n == 1) +- return 1; +- /* First setup policy cache in all certificates apart from the +- * trust anchor. Note any bad cache results on the way. Also can +- * calculate explicit_policy value at this point. +- */ +- for (i = n - 2; i >= 0; i--) +- { +- x = sk_X509_value(certs, i); +- X509_check_purpose(x, -1, -1); +- cache = policy_cache_set(x); +- /* If cache NULL something bad happened: return immediately */ +- if (cache == NULL) +- return 0; +- /* If inconsistent extensions keep a note of it but continue */ +- if (x->ex_flags & EXFLAG_INVALID_POLICY) +- ret = -1; +- /* Otherwise if we have no data (hence no CertificatePolicies) +- * and haven't already set an inconsistent code note it. +- */ +- else if ((ret == 1) && !cache->data) +- ret = 2; +- if (explicit_policy > 0) +- { +- if (!(x->ex_flags & EXFLAG_SI)) +- explicit_policy--; +- if ((cache->explicit_skip != -1) +- && (cache->explicit_skip < explicit_policy)) +- explicit_policy = cache->explicit_skip; +- } +- } +- +- if (ret != 1) +- { +- if (ret == 2 && !explicit_policy) +- return 6; +- return ret; +- } +- +- +- /* If we get this far initialize the tree */ +- +- tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); +- +- if (!tree) +- return 0; +- +- tree->flags = 0; +- tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); +- tree->nlevel = 0; +- tree->extra_data = NULL; +- tree->auth_policies = NULL; +- tree->user_policies = NULL; +- +- if (!tree->levels) +- { +- OPENSSL_free(tree); +- return 0; +- } +- +- memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); +- +- tree->nlevel = n; +- +- level = tree->levels; +- +- /* Root data: initialize to anyPolicy */ +- +- data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); +- +- if (!data || !level_add_node(level, data, NULL, tree)) +- goto bad_tree; +- +- for (i = n - 2; i >= 0; i--) +- { +- level++; +- x = sk_X509_value(certs, i); +- cache = policy_cache_set(x); +- +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); +- level->cert = x; +- +- if (!cache->anyPolicy) +- level->flags |= X509_V_FLAG_INHIBIT_ANY; +- +- /* Determine inhibit any and inhibit map flags */ +- if (any_skip == 0) +- { +- /* Any matching allowed if certificate is self +- * issued and not the last in the chain. +- */ +- if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) +- level->flags |= X509_V_FLAG_INHIBIT_ANY; +- } +- else +- { +- if (!(x->ex_flags & EXFLAG_SI)) +- any_skip--; +- if ((cache->any_skip >= 0) +- && (cache->any_skip < any_skip)) +- any_skip = cache->any_skip; +- } +- +- if (map_skip == 0) +- level->flags |= X509_V_FLAG_INHIBIT_MAP; +- else +- { +- map_skip--; +- if ((cache->map_skip >= 0) +- && (cache->map_skip < map_skip)) +- map_skip = cache->map_skip; +- } +- +- +- } +- +- *ptree = tree; +- +- if (explicit_policy) +- return 1; +- else +- return 5; +- +- bad_tree: +- +- X509_policy_tree_free(tree); +- +- return 0; +- +- } +- +-/* This corresponds to RFC3280 XXXX XXXXX: +- * link any data from CertificatePolicies onto matching parent +- * or anyPolicy if no match. ++ unsigned int flags) ++{ ++ X509_POLICY_TREE *tree; ++ X509_POLICY_LEVEL *level; ++ const X509_POLICY_CACHE *cache; ++ X509_POLICY_DATA *data = NULL; ++ X509 *x; ++ int ret = 1; ++ int i, n; ++ int explicit_policy; ++ int any_skip; ++ int map_skip; ++ *ptree = NULL; ++ n = sk_X509_num(certs); ++ ++ /* Disable policy mapping for now... */ ++ flags |= X509_V_FLAG_INHIBIT_MAP; ++ ++ if (flags & X509_V_FLAG_EXPLICIT_POLICY) ++ explicit_policy = 0; ++ else ++ explicit_policy = n + 1; ++ ++ if (flags & X509_V_FLAG_INHIBIT_ANY) ++ any_skip = 0; ++ else ++ any_skip = n + 1; ++ ++ if (flags & X509_V_FLAG_INHIBIT_MAP) ++ map_skip = 0; ++ else ++ map_skip = n + 1; ++ ++ /* Can't do anything with just a trust anchor */ ++ if (n == 1) ++ return 1; ++ /* ++ * First setup policy cache in all certificates apart from the trust ++ * anchor. Note any bad cache results on the way. Also can calculate ++ * explicit_policy value at this point. ++ */ ++ for (i = n - 2; i >= 0; i--) { ++ x = sk_X509_value(certs, i); ++ X509_check_purpose(x, -1, -1); ++ cache = policy_cache_set(x); ++ /* If cache NULL something bad happened: return immediately */ ++ if (cache == NULL) ++ return 0; ++ /* ++ * If inconsistent extensions keep a note of it but continue ++ */ ++ if (x->ex_flags & EXFLAG_INVALID_POLICY) ++ ret = -1; ++ /* ++ * Otherwise if we have no data (hence no CertificatePolicies) and ++ * haven't already set an inconsistent code note it. ++ */ ++ else if ((ret == 1) && !cache->data) ++ ret = 2; ++ if (explicit_policy > 0) { ++ if (!(x->ex_flags & EXFLAG_SI)) ++ explicit_policy--; ++ if ((cache->explicit_skip != -1) ++ && (cache->explicit_skip < explicit_policy)) ++ explicit_policy = cache->explicit_skip; ++ } ++ } ++ ++ if (ret != 1) { ++ if (ret == 2 && !explicit_policy) ++ return 6; ++ return ret; ++ } ++ ++ /* If we get this far initialize the tree */ ++ ++ tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); ++ ++ if (!tree) ++ return 0; ++ ++ tree->flags = 0; ++ tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); ++ tree->nlevel = 0; ++ tree->extra_data = NULL; ++ tree->auth_policies = NULL; ++ tree->user_policies = NULL; ++ ++ if (!tree->levels) { ++ OPENSSL_free(tree); ++ return 0; ++ } ++ ++ memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); ++ ++ tree->nlevel = n; ++ ++ level = tree->levels; ++ ++ /* Root data: initialize to anyPolicy */ ++ ++ data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); ++ ++ if (!data || !level_add_node(level, data, NULL, tree)) ++ goto bad_tree; ++ ++ for (i = n - 2; i >= 0; i--) { ++ level++; ++ x = sk_X509_value(certs, i); ++ cache = policy_cache_set(x); ++ ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ level->cert = x; ++ ++ if (!cache->anyPolicy) ++ level->flags |= X509_V_FLAG_INHIBIT_ANY; ++ ++ /* Determine inhibit any and inhibit map flags */ ++ if (any_skip == 0) { ++ /* ++ * Any matching allowed if certificate is self issued and not the ++ * last in the chain. ++ */ ++ if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) ++ level->flags |= X509_V_FLAG_INHIBIT_ANY; ++ } else { ++ if (!(x->ex_flags & EXFLAG_SI)) ++ any_skip--; ++ if ((cache->any_skip >= 0) ++ && (cache->any_skip < any_skip)) ++ any_skip = cache->any_skip; ++ } ++ ++ if (map_skip == 0) ++ level->flags |= X509_V_FLAG_INHIBIT_MAP; ++ else { ++ map_skip--; ++ if ((cache->map_skip >= 0) ++ && (cache->map_skip < map_skip)) ++ map_skip = cache->map_skip; ++ } ++ ++ } ++ ++ *ptree = tree; ++ ++ if (explicit_policy) ++ return 1; ++ else ++ return 5; ++ ++ bad_tree: ++ ++ X509_policy_tree_free(tree); ++ ++ return 0; ++ ++} ++ ++/* ++ * This corresponds to RFC3280 XXXX XXXXX: link any data from ++ * CertificatePolicies onto matching parent or anyPolicy if no match. + */ + + static int tree_link_nodes(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache) +- { +- int i; +- X509_POLICY_LEVEL *last; +- X509_POLICY_DATA *data; +- X509_POLICY_NODE *parent; +- last = curr - 1; +- for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) +- { +- data = sk_X509_POLICY_DATA_value(cache->data, i); +- /* If a node is mapped any it doesn't have a corresponding +- * CertificatePolicies entry. +- * However such an identical node would be created +- * if anyPolicy matching is enabled because there would be +- * no match with the parent valid_policy_set. So we create +- * link because then it will have the mapping flags +- * right and we can prune it later. +- */ +- if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) +- && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) +- continue; +- /* Look for matching node in parent */ +- parent = level_find_node(last, data->valid_policy); +- /* If no match link to anyPolicy */ +- if (!parent) +- parent = last->anyPolicy; +- if (parent && !level_add_node(curr, data, parent, NULL)) +- return 0; +- } +- return 1; +- } +- +-/* This corresponds to RFC3280 XXXX XXXXX: +- * Create new data for any unmatched policies in the parent and link +- * to anyPolicy. ++ const X509_POLICY_CACHE *cache) ++{ ++ int i; ++ X509_POLICY_LEVEL *last; ++ X509_POLICY_DATA *data; ++ X509_POLICY_NODE *parent; ++ last = curr - 1; ++ for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { ++ data = sk_X509_POLICY_DATA_value(cache->data, i); ++ /* ++ * If a node is mapped any it doesn't have a corresponding ++ * CertificatePolicies entry. However such an identical node would ++ * be created if anyPolicy matching is enabled because there would be ++ * no match with the parent valid_policy_set. So we create link ++ * because then it will have the mapping flags right and we can prune ++ * it later. ++ */ ++ if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) ++ && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) ++ continue; ++ /* Look for matching node in parent */ ++ parent = level_find_node(last, data->valid_policy); ++ /* If no match link to anyPolicy */ ++ if (!parent) ++ parent = last->anyPolicy; ++ if (parent && !level_add_node(curr, data, parent, NULL)) ++ return 0; ++ } ++ return 1; ++} ++ ++/* ++ * This corresponds to RFC3280 XXXX XXXXX: Create new data for any unmatched ++ * policies in the parent and link to anyPolicy. + */ + + static int tree_link_any(X509_POLICY_LEVEL *curr, +- const X509_POLICY_CACHE *cache, +- X509_POLICY_TREE *tree) +- { +- int i; +- X509_POLICY_DATA *data; +- X509_POLICY_NODE *node; +- X509_POLICY_LEVEL *last; +- +- last = curr - 1; +- +- for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) +- { +- node = sk_X509_POLICY_NODE_value(last->nodes, i); +- +- /* Skip any node with any children: we only want unmathced +- * nodes. +- * +- * Note: need something better for policy mapping +- * because each node may have multiple children +- */ +- if (node->nchild) +- continue; +- /* Create a new node with qualifiers from anyPolicy and +- * id from unmatched node. +- */ +- data = policy_data_new(NULL, node->data->valid_policy, +- node_critical(node)); +- +- if (data == NULL) +- return 0; +- /* Curr may not have anyPolicy */ +- data->qualifier_set = cache->anyPolicy->qualifier_set; +- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (!level_add_node(curr, data, node, tree)) +- { +- policy_data_free(data); +- return 0; +- } +- } +- /* Finally add link to anyPolicy */ +- if (last->anyPolicy) +- { +- if (!level_add_node(curr, cache->anyPolicy, +- last->anyPolicy, NULL)) +- return 0; +- } +- return 1; +- } +- +-/* Prune the tree: delete any child mapped child data on the current level ++ const X509_POLICY_CACHE *cache, ++ X509_POLICY_TREE *tree) ++{ ++ int i; ++ X509_POLICY_DATA *data; ++ X509_POLICY_NODE *node; ++ X509_POLICY_LEVEL *last; ++ ++ last = curr - 1; ++ ++ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { ++ node = sk_X509_POLICY_NODE_value(last->nodes, i); ++ ++ /* ++ * Skip any node with any children: we only want unmathced nodes. ++ * Note: need something better for policy mapping because each node ++ * may have multiple children ++ */ ++ if (node->nchild) ++ continue; ++ /* ++ * Create a new node with qualifiers from anyPolicy and id from ++ * unmatched node. ++ */ ++ data = policy_data_new(NULL, node->data->valid_policy, ++ node_critical(node)); ++ ++ if (data == NULL) ++ return 0; ++ /* Curr may not have anyPolicy */ ++ data->qualifier_set = cache->anyPolicy->qualifier_set; ++ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; ++ if (!level_add_node(curr, data, node, tree)) { ++ policy_data_free(data); ++ return 0; ++ } ++ } ++ /* Finally add link to anyPolicy */ ++ if (last->anyPolicy) { ++ if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) ++ return 0; ++ } ++ return 1; ++} ++ ++/* ++ * Prune the tree: delete any child mapped child data on the current level + * then proceed up the tree deleting any data with no children. If we ever + * have no data on a level we can halt because the tree will be empty. + */ + + static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) +- { +- X509_POLICY_NODE *node; +- int i; +- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) +- { +- node = sk_X509_POLICY_NODE_value(curr->nodes, i); +- /* Delete any mapped data: see RFC3280 XXXX */ +- if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) +- { +- node->parent->nchild--; +- OPENSSL_free(node); +- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); +- } +- } +- +- for(;;) { +- --curr; +- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) +- { +- node = sk_X509_POLICY_NODE_value(curr->nodes, i); +- if (node->nchild == 0) +- { +- node->parent->nchild--; +- OPENSSL_free(node); +- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); +- } +- } +- if (curr->anyPolicy && !curr->anyPolicy->nchild) +- { +- if (curr->anyPolicy->parent) +- curr->anyPolicy->parent->nchild--; +- OPENSSL_free(curr->anyPolicy); +- curr->anyPolicy = NULL; +- } +- if (curr == tree->levels) +- { +- /* If we zapped anyPolicy at top then tree is empty */ +- if (!curr->anyPolicy) +- return 2; +- return 1; +- } +- } +- +- return 1; +- +- } ++{ ++ X509_POLICY_NODE *node; ++ int i; ++ for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) { ++ node = sk_X509_POLICY_NODE_value(curr->nodes, i); ++ /* Delete any mapped data: see RFC3280 XXXX */ ++ if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) { ++ node->parent->nchild--; ++ OPENSSL_free(node); ++ (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); ++ } ++ } ++ ++ for (;;) { ++ --curr; ++ for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) { ++ node = sk_X509_POLICY_NODE_value(curr->nodes, i); ++ if (node->nchild == 0) { ++ node->parent->nchild--; ++ OPENSSL_free(node); ++ (void)sk_X509_POLICY_NODE_delete(curr->nodes, i); ++ } ++ } ++ if (curr->anyPolicy && !curr->anyPolicy->nchild) { ++ if (curr->anyPolicy->parent) ++ curr->anyPolicy->parent->nchild--; ++ OPENSSL_free(curr->anyPolicy); ++ curr->anyPolicy = NULL; ++ } ++ if (curr == tree->levels) { ++ /* If we zapped anyPolicy at top then tree is empty */ ++ if (!curr->anyPolicy) ++ return 2; ++ return 1; ++ } ++ } ++ ++ return 1; ++ ++} + + static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, +- X509_POLICY_NODE *pcy) +- { +- if (!*pnodes) +- { +- *pnodes = policy_node_cmp_new(); +- if (!*pnodes) +- return 0; +- } +- else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) +- return 1; +- +- if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) +- return 0; +- +- return 1; +- +- } +- +-/* Calculate the authority set based on policy tree. +- * The 'pnodes' parameter is used as a store for the set of policy nodes +- * used to calculate the user set. If the authority set is not anyPolicy +- * then pnodes will just point to the authority set. If however the authority +- * set is anyPolicy then the set of valid policies (other than anyPolicy) +- * is store in pnodes. The return value of '2' is used in this case to indicate +- * that pnodes should be freed. ++ X509_POLICY_NODE *pcy) ++{ ++ if (!*pnodes) { ++ *pnodes = policy_node_cmp_new(); ++ if (!*pnodes) ++ return 0; ++ } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) ++ return 1; ++ ++ if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) ++ return 0; ++ ++ return 1; ++ ++} ++ ++/* ++ * Calculate the authority set based on policy tree. The 'pnodes' parameter ++ * is used as a store for the set of policy nodes used to calculate the user ++ * set. If the authority set is not anyPolicy then pnodes will just point to ++ * the authority set. If however the authority set is anyPolicy then the set ++ * of valid policies (other than anyPolicy) is store in pnodes. The return ++ * value of '2' is used in this case to indicate that pnodes should be freed. + */ + + static int tree_calculate_authority_set(X509_POLICY_TREE *tree, +- STACK_OF(X509_POLICY_NODE) **pnodes) +- { +- X509_POLICY_LEVEL *curr; +- X509_POLICY_NODE *node, *anyptr; +- STACK_OF(X509_POLICY_NODE) **addnodes; +- int i, j; +- curr = tree->levels + tree->nlevel - 1; +- +- /* If last level contains anyPolicy set is anyPolicy */ +- if (curr->anyPolicy) +- { +- if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) +- return 0; +- addnodes = pnodes; +- } +- else +- /* Add policies to authority set */ +- addnodes = &tree->auth_policies; +- +- curr = tree->levels; +- for (i = 1; i < tree->nlevel; i++) +- { +- /* If no anyPolicy node on this this level it can't +- * appear on lower levels so end search. +- */ +- if (!(anyptr = curr->anyPolicy)) +- break; +- curr++; +- for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) +- { +- node = sk_X509_POLICY_NODE_value(curr->nodes, j); +- if ((node->parent == anyptr) +- && !tree_add_auth_node(addnodes, node)) +- return 0; +- } +- } +- +- if (addnodes == pnodes) +- return 2; +- +- *pnodes = tree->auth_policies; +- +- return 1; +- } ++ STACK_OF(X509_POLICY_NODE) **pnodes) ++{ ++ X509_POLICY_LEVEL *curr; ++ X509_POLICY_NODE *node, *anyptr; ++ STACK_OF(X509_POLICY_NODE) **addnodes; ++ int i, j; ++ curr = tree->levels + tree->nlevel - 1; ++ ++ /* If last level contains anyPolicy set is anyPolicy */ ++ if (curr->anyPolicy) { ++ if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) ++ return 0; ++ addnodes = pnodes; ++ } else ++ /* Add policies to authority set */ ++ addnodes = &tree->auth_policies; ++ ++ curr = tree->levels; ++ for (i = 1; i < tree->nlevel; i++) { ++ /* ++ * If no anyPolicy node on this this level it can't appear on lower ++ * levels so end search. ++ */ ++ if (!(anyptr = curr->anyPolicy)) ++ break; ++ curr++; ++ for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { ++ node = sk_X509_POLICY_NODE_value(curr->nodes, j); ++ if ((node->parent == anyptr) ++ && !tree_add_auth_node(addnodes, node)) ++ return 0; ++ } ++ } ++ ++ if (addnodes == pnodes) ++ return 2; ++ ++ *pnodes = tree->auth_policies; ++ ++ return 1; ++} + + static int tree_calculate_user_set(X509_POLICY_TREE *tree, +- STACK_OF(ASN1_OBJECT) *policy_oids, +- STACK_OF(X509_POLICY_NODE) *auth_nodes) +- { +- int i; +- X509_POLICY_NODE *node; +- ASN1_OBJECT *oid; +- +- X509_POLICY_NODE *anyPolicy; +- X509_POLICY_DATA *extra; +- +- /* Check if anyPolicy present in authority constrained policy set: +- * this will happen if it is a leaf node. +- */ +- +- if (sk_ASN1_OBJECT_num(policy_oids) <= 0) +- return 1; +- +- anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; +- +- for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) +- { +- oid = sk_ASN1_OBJECT_value(policy_oids, i); +- if (OBJ_obj2nid(oid) == NID_any_policy) +- { +- tree->flags |= POLICY_FLAG_ANY_POLICY; +- return 1; +- } +- } +- +- for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) +- { +- oid = sk_ASN1_OBJECT_value(policy_oids, i); +- node = tree_find_sk(auth_nodes, oid); +- if (!node) +- { +- if (!anyPolicy) +- continue; +- /* Create a new node with policy ID from user set +- * and qualifiers from anyPolicy. +- */ +- extra = policy_data_new(NULL, oid, +- node_critical(anyPolicy)); +- if (!extra) +- return 0; +- extra->qualifier_set = anyPolicy->data->qualifier_set; +- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS +- | POLICY_DATA_FLAG_EXTRA_NODE; +- node = level_add_node(NULL, extra, anyPolicy->parent, +- tree); +- } +- if (!tree->user_policies) +- { +- tree->user_policies = sk_X509_POLICY_NODE_new_null(); +- if (!tree->user_policies) +- return 1; +- } +- if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) +- return 0; +- } +- return 1; +- +- } ++ STACK_OF(ASN1_OBJECT) *policy_oids, ++ STACK_OF(X509_POLICY_NODE) *auth_nodes) ++{ ++ int i; ++ X509_POLICY_NODE *node; ++ ASN1_OBJECT *oid; ++ ++ X509_POLICY_NODE *anyPolicy; ++ X509_POLICY_DATA *extra; ++ ++ /* ++ * Check if anyPolicy present in authority constrained policy set: this ++ * will happen if it is a leaf node. ++ */ ++ ++ if (sk_ASN1_OBJECT_num(policy_oids) <= 0) ++ return 1; ++ ++ anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; ++ ++ for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) { ++ oid = sk_ASN1_OBJECT_value(policy_oids, i); ++ if (OBJ_obj2nid(oid) == NID_any_policy) { ++ tree->flags |= POLICY_FLAG_ANY_POLICY; ++ return 1; ++ } ++ } ++ ++ for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) { ++ oid = sk_ASN1_OBJECT_value(policy_oids, i); ++ node = tree_find_sk(auth_nodes, oid); ++ if (!node) { ++ if (!anyPolicy) ++ continue; ++ /* ++ * Create a new node with policy ID from user set and qualifiers ++ * from anyPolicy. ++ */ ++ extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); ++ if (!extra) ++ return 0; ++ extra->qualifier_set = anyPolicy->data->qualifier_set; ++ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS ++ | POLICY_DATA_FLAG_EXTRA_NODE; ++ node = level_add_node(NULL, extra, anyPolicy->parent, tree); ++ } ++ if (!tree->user_policies) { ++ tree->user_policies = sk_X509_POLICY_NODE_new_null(); ++ if (!tree->user_policies) ++ return 1; ++ } ++ if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) ++ return 0; ++ } ++ return 1; ++ ++} + + static int tree_evaluate(X509_POLICY_TREE *tree) +- { +- int ret, i; +- X509_POLICY_LEVEL *curr = tree->levels + 1; +- const X509_POLICY_CACHE *cache; ++{ ++ int ret, i; ++ X509_POLICY_LEVEL *curr = tree->levels + 1; ++ const X509_POLICY_CACHE *cache; + +- for(i = 1; i < tree->nlevel; i++, curr++) +- { +- cache = policy_cache_set(curr->cert); +- if (!tree_link_nodes(curr, cache)) +- return 0; ++ for (i = 1; i < tree->nlevel; i++, curr++) { ++ cache = policy_cache_set(curr->cert); ++ if (!tree_link_nodes(curr, cache)) ++ return 0; + +- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) +- && !tree_link_any(curr, cache, tree)) +- return 0; +- ret = tree_prune(tree, curr); +- if (ret != 1) +- return ret; +- } ++ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) ++ && !tree_link_any(curr, cache, tree)) ++ return 0; ++ ret = tree_prune(tree, curr); ++ if (ret != 1) ++ return ret; ++ } + +- return 1; ++ return 1; + +- } ++} + + static void exnode_free(X509_POLICY_NODE *node) +- { +- if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) +- OPENSSL_free(node); +- } +- ++{ ++ if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) ++ OPENSSL_free(node); ++} + + void X509_policy_tree_free(X509_POLICY_TREE *tree) +- { +- X509_POLICY_LEVEL *curr; +- int i; ++{ ++ X509_POLICY_LEVEL *curr; ++ int i; + +- if (!tree) +- return; ++ if (!tree) ++ return; + +- sk_X509_POLICY_NODE_free(tree->auth_policies); +- sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); ++ sk_X509_POLICY_NODE_free(tree->auth_policies); ++ sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); + +- for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) +- { +- if (curr->cert) +- X509_free(curr->cert); +- if (curr->nodes) +- sk_X509_POLICY_NODE_pop_free(curr->nodes, +- policy_node_free); +- if (curr->anyPolicy) +- policy_node_free(curr->anyPolicy); +- } ++ for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { ++ if (curr->cert) ++ X509_free(curr->cert); ++ if (curr->nodes) ++ sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); ++ if (curr->anyPolicy) ++ policy_node_free(curr->anyPolicy); ++ } + +- if (tree->extra_data) +- sk_X509_POLICY_DATA_pop_free(tree->extra_data, +- policy_data_free); ++ if (tree->extra_data) ++ sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); + +- OPENSSL_free(tree->levels); +- OPENSSL_free(tree); ++ OPENSSL_free(tree->levels); ++ OPENSSL_free(tree); + +- } ++} + +-/* Application policy checking function. ++/*- ++ * Application policy checking function. + * Return codes: +- * 0 Internal Error. ++ * 0 Internal Error. + * 1 Successful. + * -1 One or more certificates contain invalid or inconsistent extensions +- * -2 User constrained policy set empty and requireExplicit true. ++ * -2 User constrained policy set empty and requireExplicit true. + */ + + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, +- STACK_OF(X509) *certs, +- STACK_OF(ASN1_OBJECT) *policy_oids, +- unsigned int flags) +- { +- int ret; +- X509_POLICY_TREE *tree = NULL; +- STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; +- *ptree = NULL; ++ STACK_OF(X509) *certs, ++ STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) ++{ ++ int ret; ++ X509_POLICY_TREE *tree = NULL; ++ STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; ++ *ptree = NULL; + +- *pexplicit_policy = 0; +- ret = tree_init(&tree, certs, flags); ++ *pexplicit_policy = 0; ++ ret = tree_init(&tree, certs, flags); + ++ switch (ret) { + +- switch (ret) +- { ++ /* Tree empty requireExplicit False: OK */ ++ case 2: ++ return 1; + +- /* Tree empty requireExplicit False: OK */ +- case 2: +- return 1; ++ /* Some internal error */ ++ case -1: ++ return -1; + +- /* Some internal error */ +- case -1: +- return -1; ++ /* Some internal error */ ++ case 0: ++ return 0; + +- /* Some internal error */ +- case 0: +- return 0; ++ /* Tree empty requireExplicit True: Error */ + +- /* Tree empty requireExplicit True: Error */ ++ case 6: ++ *pexplicit_policy = 1; ++ return -2; + +- case 6: +- *pexplicit_policy = 1; +- return -2; ++ /* Tree OK requireExplicit True: OK and continue */ ++ case 5: ++ *pexplicit_policy = 1; ++ break; + +- /* Tree OK requireExplicit True: OK and continue */ +- case 5: +- *pexplicit_policy = 1; +- break; ++ /* Tree OK: continue */ + +- /* Tree OK: continue */ ++ case 1: ++ if (!tree) ++ /* ++ * tree_init() returns success and a null tree ++ * if it's just looking at a trust anchor. ++ * I'm not sure that returning success here is ++ * correct, but I'm sure that reporting this ++ * as an internal error which our caller ++ * interprets as a malloc failure is wrong. ++ */ ++ return 1; ++ break; ++ } + +- case 1: +- if (!tree) +- /* +- * tree_init() returns success and a null tree +- * if it's just looking at a trust anchor. +- * I'm not sure that returning success here is +- * correct, but I'm sure that reporting this +- * as an internal error which our caller +- * interprets as a malloc failure is wrong. +- */ +- return 1; +- break; +- } ++ if (!tree) ++ goto error; ++ ret = tree_evaluate(tree); + +- if (!tree) goto error; +- ret = tree_evaluate(tree); ++ if (ret <= 0) ++ goto error; + +- if (ret <= 0) +- goto error; ++ /* Return value 2 means tree empty */ ++ if (ret == 2) { ++ X509_policy_tree_free(tree); ++ if (*pexplicit_policy) ++ return -2; ++ else ++ return 1; ++ } + +- /* Return value 2 means tree empty */ +- if (ret == 2) +- { +- X509_policy_tree_free(tree); +- if (*pexplicit_policy) +- return -2; +- else +- return 1; +- } ++ /* Tree is not empty: continue */ + +- /* Tree is not empty: continue */ ++ ret = tree_calculate_authority_set(tree, &auth_nodes); + +- ret = tree_calculate_authority_set(tree, &auth_nodes); ++ if (!ret) ++ goto error; + +- if (!ret) +- goto error; ++ if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) ++ goto error; + +- if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) +- goto error; +- +- if (ret == 2) +- sk_X509_POLICY_NODE_free(auth_nodes); ++ if (ret == 2) ++ sk_X509_POLICY_NODE_free(auth_nodes); + +- if (tree) +- *ptree = tree; ++ if (tree) ++ *ptree = tree; + +- if (*pexplicit_policy) +- { +- nodes = X509_policy_tree_get0_user_policies(tree); +- if (sk_X509_POLICY_NODE_num(nodes) <= 0) +- return -2; +- } ++ if (*pexplicit_policy) { ++ nodes = X509_policy_tree_get0_user_policies(tree); ++ if (sk_X509_POLICY_NODE_num(nodes) <= 0) ++ return -2; ++ } + +- return 1; ++ return 1; + +- error: ++ error: + +- X509_policy_tree_free(tree); ++ X509_policy_tree_free(tree); + +- return 0; ++ return 0; + +- } ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +index c0e1d2d..e1911f2 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -95,9 +95,9 @@ ASN1_SEQUENCE(IPAddressFamily) = { + ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice) + } ASN1_SEQUENCE_END(IPAddressFamily) + +-ASN1_ITEM_TEMPLATE(IPAddrBlocks) = ++ASN1_ITEM_TEMPLATE(IPAddrBlocks) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, +- IPAddrBlocks, IPAddressFamily) ++ IPAddrBlocks, IPAddressFamily) + ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) + + IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) +@@ -108,21 +108,21 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) + /* + * How much buffer space do we need for a raw address? + */ +-#define ADDR_RAW_BUF_LEN 16 ++# define ADDR_RAW_BUF_LEN 16 + + /* + * What's the address length associated with this AFI? + */ + static int length_from_afi(const unsigned afi) + { +- switch (afi) { +- case IANA_AFI_IPV4: +- return 4; +- case IANA_AFI_IPV6: +- return 16; +- default: +- return 0; +- } ++ switch (afi) { ++ case IANA_AFI_IPV4: ++ return 4; ++ case IANA_AFI_IPV6: ++ return 16; ++ default: ++ return 0; ++ } + } + + /* +@@ -130,12 +130,10 @@ static int length_from_afi(const unsigned afi) + */ + unsigned int v3_addr_get_afi(const IPAddressFamily *f) + { +- return ((f != NULL && +- f->addressFamily != NULL && +- f->addressFamily->data != NULL) +- ? ((f->addressFamily->data[0] << 8) | +- (f->addressFamily->data[1])) +- : 0); ++ return ((f != NULL && ++ f->addressFamily != NULL && f->addressFamily->data != NULL) ++ ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])) ++ : 0); + } + + /* +@@ -143,173 +141,170 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f) + * At the moment this is coded for simplicity, not speed. + */ + static int addr_expand(unsigned char *addr, +- const ASN1_BIT_STRING *bs, +- const int length, +- const unsigned char fill) ++ const ASN1_BIT_STRING *bs, ++ const int length, const unsigned char fill) + { +- if (bs->length < 0 || bs->length > length) +- return 0; +- if (bs->length > 0) { +- memcpy(addr, bs->data, bs->length); +- if ((bs->flags & 7) != 0) { +- unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); +- if (fill == 0) +- addr[bs->length - 1] &= ~mask; +- else +- addr[bs->length - 1] |= mask; ++ if (bs->length < 0 || bs->length > length) ++ return 0; ++ if (bs->length > 0) { ++ memcpy(addr, bs->data, bs->length); ++ if ((bs->flags & 7) != 0) { ++ unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); ++ if (fill == 0) ++ addr[bs->length - 1] &= ~mask; ++ else ++ addr[bs->length - 1] |= mask; ++ } + } +- } +- memset(addr + bs->length, fill, length - bs->length); +- return 1; ++ memset(addr + bs->length, fill, length - bs->length); ++ return 1; + } + + /* + * Extract the prefix length from a bitstring. + */ +-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) ++# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) + + /* + * i2r handler for one address bitstring. + */ + static int i2r_address(BIO *out, +- const unsigned afi, +- const unsigned char fill, +- const ASN1_BIT_STRING *bs) ++ const unsigned afi, ++ const unsigned char fill, const ASN1_BIT_STRING *bs) + { +- unsigned char addr[ADDR_RAW_BUF_LEN]; +- int i, n; ++ unsigned char addr[ADDR_RAW_BUF_LEN]; ++ int i, n; + +- if (bs->length < 0) +- return 0; +- switch (afi) { +- case IANA_AFI_IPV4: +- if (!addr_expand(addr, bs, 4, fill)) +- return 0; +- BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); +- break; +- case IANA_AFI_IPV6: +- if (!addr_expand(addr, bs, 16, fill)) +- return 0; +- for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2) +- ; +- for (i = 0; i < n; i += 2) +- BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : "")); +- if (i < 16) +- BIO_puts(out, ":"); +- if (i == 0) +- BIO_puts(out, ":"); +- break; +- default: +- for (i = 0; i < bs->length; i++) +- BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]); +- BIO_printf(out, "[%d]", (int) (bs->flags & 7)); +- break; +- } +- return 1; ++ if (bs->length < 0) ++ return 0; ++ switch (afi) { ++ case IANA_AFI_IPV4: ++ if (!addr_expand(addr, bs, 4, fill)) ++ return 0; ++ BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); ++ break; ++ case IANA_AFI_IPV6: ++ if (!addr_expand(addr, bs, 16, fill)) ++ return 0; ++ for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00; ++ n -= 2) ; ++ for (i = 0; i < n; i += 2) ++ BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1], ++ (i < 14 ? ":" : "")); ++ if (i < 16) ++ BIO_puts(out, ":"); ++ if (i == 0) ++ BIO_puts(out, ":"); ++ break; ++ default: ++ for (i = 0; i < bs->length; i++) ++ BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]); ++ BIO_printf(out, "[%d]", (int)(bs->flags & 7)); ++ break; ++ } ++ return 1; + } + + /* + * i2r handler for a sequence of addresses and ranges. + */ + static int i2r_IPAddressOrRanges(BIO *out, +- const int indent, +- const IPAddressOrRanges *aors, +- const unsigned afi) ++ const int indent, ++ const IPAddressOrRanges *aors, ++ const unsigned afi) + { +- int i; +- for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { +- const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); +- BIO_printf(out, "%*s", indent, ""); +- switch (aor->type) { +- case IPAddressOrRange_addressPrefix: +- if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) +- return 0; +- BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix)); +- continue; +- case IPAddressOrRange_addressRange: +- if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min)) +- return 0; +- BIO_puts(out, "-"); +- if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max)) +- return 0; +- BIO_puts(out, "\n"); +- continue; ++ int i; ++ for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { ++ const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); ++ BIO_printf(out, "%*s", indent, ""); ++ switch (aor->type) { ++ case IPAddressOrRange_addressPrefix: ++ if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) ++ return 0; ++ BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix)); ++ continue; ++ case IPAddressOrRange_addressRange: ++ if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min)) ++ return 0; ++ BIO_puts(out, "-"); ++ if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max)) ++ return 0; ++ BIO_puts(out, "\n"); ++ continue; ++ } + } +- } +- return 1; ++ return 1; + } + + /* + * i2r handler for an IPAddrBlocks extension. + */ + static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, +- void *ext, +- BIO *out, +- int indent) ++ void *ext, BIO *out, int indent) + { +- const IPAddrBlocks *addr = ext; +- int i; +- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { +- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); +- const unsigned int afi = v3_addr_get_afi(f); +- switch (afi) { +- case IANA_AFI_IPV4: +- BIO_printf(out, "%*sIPv4", indent, ""); +- break; +- case IANA_AFI_IPV6: +- BIO_printf(out, "%*sIPv6", indent, ""); +- break; +- default: +- BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); +- break; ++ const IPAddrBlocks *addr = ext; ++ int i; ++ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { ++ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); ++ const unsigned int afi = v3_addr_get_afi(f); ++ switch (afi) { ++ case IANA_AFI_IPV4: ++ BIO_printf(out, "%*sIPv4", indent, ""); ++ break; ++ case IANA_AFI_IPV6: ++ BIO_printf(out, "%*sIPv6", indent, ""); ++ break; ++ default: ++ BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); ++ break; ++ } ++ if (f->addressFamily->length > 2) { ++ switch (f->addressFamily->data[2]) { ++ case 1: ++ BIO_puts(out, " (Unicast)"); ++ break; ++ case 2: ++ BIO_puts(out, " (Multicast)"); ++ break; ++ case 3: ++ BIO_puts(out, " (Unicast/Multicast)"); ++ break; ++ case 4: ++ BIO_puts(out, " (MPLS)"); ++ break; ++ case 64: ++ BIO_puts(out, " (Tunnel)"); ++ break; ++ case 65: ++ BIO_puts(out, " (VPLS)"); ++ break; ++ case 66: ++ BIO_puts(out, " (BGP MDT)"); ++ break; ++ case 128: ++ BIO_puts(out, " (MPLS-labeled VPN)"); ++ break; ++ default: ++ BIO_printf(out, " (Unknown SAFI %u)", ++ (unsigned)f->addressFamily->data[2]); ++ break; ++ } ++ } ++ switch (f->ipAddressChoice->type) { ++ case IPAddressChoice_inherit: ++ BIO_puts(out, ": inherit\n"); ++ break; ++ case IPAddressChoice_addressesOrRanges: ++ BIO_puts(out, ":\n"); ++ if (!i2r_IPAddressOrRanges(out, ++ indent + 2, ++ f->ipAddressChoice-> ++ u.addressesOrRanges, afi)) ++ return 0; ++ break; ++ } + } +- if (f->addressFamily->length > 2) { +- switch (f->addressFamily->data[2]) { +- case 1: +- BIO_puts(out, " (Unicast)"); +- break; +- case 2: +- BIO_puts(out, " (Multicast)"); +- break; +- case 3: +- BIO_puts(out, " (Unicast/Multicast)"); +- break; +- case 4: +- BIO_puts(out, " (MPLS)"); +- break; +- case 64: +- BIO_puts(out, " (Tunnel)"); +- break; +- case 65: +- BIO_puts(out, " (VPLS)"); +- break; +- case 66: +- BIO_puts(out, " (BGP MDT)"); +- break; +- case 128: +- BIO_puts(out, " (MPLS-labeled VPN)"); +- break; +- default: +- BIO_printf(out, " (Unknown SAFI %u)", +- (unsigned) f->addressFamily->data[2]); +- break; +- } +- } +- switch (f->ipAddressChoice->type) { +- case IPAddressChoice_inherit: +- BIO_puts(out, ": inherit\n"); +- break; +- case IPAddressChoice_addressesOrRanges: +- BIO_puts(out, ":\n"); +- if (!i2r_IPAddressOrRanges(out, +- indent + 2, +- f->ipAddressChoice->u.addressesOrRanges, +- afi)) +- return 0; +- break; +- } +- } +- return 1; ++ return 1; + } + + /* +@@ -323,64 +318,63 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method, + * for garbage input, tough noogies. + */ + static int IPAddressOrRange_cmp(const IPAddressOrRange *a, +- const IPAddressOrRange *b, +- const int length) ++ const IPAddressOrRange *b, const int length) + { +- unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; +- int prefixlen_a = 0; +- int prefixlen_b = 0; +- int r; +- +- switch (a->type) { +- case IPAddressOrRange_addressPrefix: +- if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) +- return -1; +- prefixlen_a = addr_prefixlen(a->u.addressPrefix); +- break; +- case IPAddressOrRange_addressRange: +- if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) +- return -1; +- prefixlen_a = length * 8; +- break; +- } +- +- switch (b->type) { +- case IPAddressOrRange_addressPrefix: +- if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) +- return -1; +- prefixlen_b = addr_prefixlen(b->u.addressPrefix); +- break; +- case IPAddressOrRange_addressRange: +- if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) +- return -1; +- prefixlen_b = length * 8; +- break; +- } +- +- if ((r = memcmp(addr_a, addr_b, length)) != 0) +- return r; +- else +- return prefixlen_a - prefixlen_b; ++ unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; ++ int prefixlen_a = 0; ++ int prefixlen_b = 0; ++ int r; ++ ++ switch (a->type) { ++ case IPAddressOrRange_addressPrefix: ++ if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) ++ return -1; ++ prefixlen_a = addr_prefixlen(a->u.addressPrefix); ++ break; ++ case IPAddressOrRange_addressRange: ++ if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) ++ return -1; ++ prefixlen_a = length * 8; ++ break; ++ } ++ ++ switch (b->type) { ++ case IPAddressOrRange_addressPrefix: ++ if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) ++ return -1; ++ prefixlen_b = addr_prefixlen(b->u.addressPrefix); ++ break; ++ case IPAddressOrRange_addressRange: ++ if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) ++ return -1; ++ prefixlen_b = length * 8; ++ break; ++ } ++ ++ if ((r = memcmp(addr_a, addr_b, length)) != 0) ++ return r; ++ else ++ return prefixlen_a - prefixlen_b; + } + + /* + * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() + * comparision routines are only allowed two arguments. + */ +-static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a, +- const IPAddressOrRange * const *b) ++static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, ++ const IPAddressOrRange *const *b) + { +- return IPAddressOrRange_cmp(*a, *b, 4); ++ return IPAddressOrRange_cmp(*a, *b, 4); + } + + /* + * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() + * comparision routines are only allowed two arguments. + */ +-static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a, +- const IPAddressOrRange * const *b) ++static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, ++ const IPAddressOrRange *const *b) + { +- return IPAddressOrRange_cmp(*a, *b, 16); ++ return IPAddressOrRange_cmp(*a, *b, 16); + } + + /* +@@ -388,69 +382,80 @@ static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a, + * See last paragraph of RFC 3779 2.2.3.7. + */ + static int range_should_be_prefix(const unsigned char *min, +- const unsigned char *max, +- const int length) ++ const unsigned char *max, const int length) + { +- unsigned char mask; +- int i, j; +- +- OPENSSL_assert(memcmp(min, max, length) <= 0); +- for (i = 0; i < length && min[i] == max[i]; i++) +- ; +- for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) +- ; +- if (i < j) +- return -1; +- if (i > j) +- return i * 8; +- mask = min[i] ^ max[i]; +- switch (mask) { +- case 0x01: j = 7; break; +- case 0x03: j = 6; break; +- case 0x07: j = 5; break; +- case 0x0F: j = 4; break; +- case 0x1F: j = 3; break; +- case 0x3F: j = 2; break; +- case 0x7F: j = 1; break; +- default: return -1; +- } +- if ((min[i] & mask) != 0 || (max[i] & mask) != mask) +- return -1; +- else +- return i * 8 + j; ++ unsigned char mask; ++ int i, j; ++ ++ OPENSSL_assert(memcmp(min, max, length) <= 0); ++ for (i = 0; i < length && min[i] == max[i]; i++) ; ++ for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; ++ if (i < j) ++ return -1; ++ if (i > j) ++ return i * 8; ++ mask = min[i] ^ max[i]; ++ switch (mask) { ++ case 0x01: ++ j = 7; ++ break; ++ case 0x03: ++ j = 6; ++ break; ++ case 0x07: ++ j = 5; ++ break; ++ case 0x0F: ++ j = 4; ++ break; ++ case 0x1F: ++ j = 3; ++ break; ++ case 0x3F: ++ j = 2; ++ break; ++ case 0x7F: ++ j = 1; ++ break; ++ default: ++ return -1; ++ } ++ if ((min[i] & mask) != 0 || (max[i] & mask) != mask) ++ return -1; ++ else ++ return i * 8 + j; + } + + /* + * Construct a prefix. + */ + static int make_addressPrefix(IPAddressOrRange **result, +- unsigned char *addr, +- const int prefixlen) ++ unsigned char *addr, const int prefixlen) + { +- int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; +- IPAddressOrRange *aor = IPAddressOrRange_new(); ++ int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; ++ IPAddressOrRange *aor = IPAddressOrRange_new(); ++ ++ if (aor == NULL) ++ return 0; ++ aor->type = IPAddressOrRange_addressPrefix; ++ if (aor->u.addressPrefix == NULL && ++ (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) ++ goto err; ++ if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) ++ goto err; ++ aor->u.addressPrefix->flags &= ~7; ++ aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ if (bitlen > 0) { ++ aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); ++ aor->u.addressPrefix->flags |= 8 - bitlen; ++ } + +- if (aor == NULL) +- return 0; +- aor->type = IPAddressOrRange_addressPrefix; +- if (aor->u.addressPrefix == NULL && +- (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) +- goto err; +- if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) +- goto err; +- aor->u.addressPrefix->flags &= ~7; +- aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (bitlen > 0) { +- aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); +- aor->u.addressPrefix->flags |= 8 - bitlen; +- } +- +- *result = aor; +- return 1; ++ *result = aor; ++ return 1; + + err: +- IPAddressOrRange_free(aor); +- return 0; ++ IPAddressOrRange_free(aor); ++ return 0; + } + + /* +@@ -459,251 +464,242 @@ static int make_addressPrefix(IPAddressOrRange **result, + * the rest of the code considerably. + */ + static int make_addressRange(IPAddressOrRange **result, +- unsigned char *min, +- unsigned char *max, +- const int length) ++ unsigned char *min, ++ unsigned char *max, const int length) + { +- IPAddressOrRange *aor; +- int i, prefixlen; ++ IPAddressOrRange *aor; ++ int i, prefixlen; ++ ++ if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) ++ return make_addressPrefix(result, min, prefixlen); ++ ++ if ((aor = IPAddressOrRange_new()) == NULL) ++ return 0; ++ aor->type = IPAddressOrRange_addressRange; ++ OPENSSL_assert(aor->u.addressRange == NULL); ++ if ((aor->u.addressRange = IPAddressRange_new()) == NULL) ++ goto err; ++ if (aor->u.addressRange->min == NULL && ++ (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) ++ goto err; ++ if (aor->u.addressRange->max == NULL && ++ (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) ++ goto err; ++ ++ for (i = length; i > 0 && min[i - 1] == 0x00; --i) ; ++ if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) ++ goto err; ++ aor->u.addressRange->min->flags &= ~7; ++ aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ if (i > 0) { ++ unsigned char b = min[i - 1]; ++ int j = 1; ++ while ((b & (0xFFU >> j)) != 0) ++ ++j; ++ aor->u.addressRange->min->flags |= 8 - j; ++ } + +- if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) +- return make_addressPrefix(result, min, prefixlen); ++ for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ; ++ if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) ++ goto err; ++ aor->u.addressRange->max->flags &= ~7; ++ aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ if (i > 0) { ++ unsigned char b = max[i - 1]; ++ int j = 1; ++ while ((b & (0xFFU >> j)) != (0xFFU >> j)) ++ ++j; ++ aor->u.addressRange->max->flags |= 8 - j; ++ } + +- if ((aor = IPAddressOrRange_new()) == NULL) +- return 0; +- aor->type = IPAddressOrRange_addressRange; +- OPENSSL_assert(aor->u.addressRange == NULL); +- if ((aor->u.addressRange = IPAddressRange_new()) == NULL) +- goto err; +- if (aor->u.addressRange->min == NULL && +- (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) +- goto err; +- if (aor->u.addressRange->max == NULL && +- (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) +- goto err; +- +- for (i = length; i > 0 && min[i - 1] == 0x00; --i) +- ; +- if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) +- goto err; +- aor->u.addressRange->min->flags &= ~7; +- aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (i > 0) { +- unsigned char b = min[i - 1]; +- int j = 1; +- while ((b & (0xFFU >> j)) != 0) +- ++j; +- aor->u.addressRange->min->flags |= 8 - j; +- } +- +- for (i = length; i > 0 && max[i - 1] == 0xFF; --i) +- ; +- if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) +- goto err; +- aor->u.addressRange->max->flags &= ~7; +- aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- if (i > 0) { +- unsigned char b = max[i - 1]; +- int j = 1; +- while ((b & (0xFFU >> j)) != (0xFFU >> j)) +- ++j; +- aor->u.addressRange->max->flags |= 8 - j; +- } +- +- *result = aor; +- return 1; ++ *result = aor; ++ return 1; + + err: +- IPAddressOrRange_free(aor); +- return 0; ++ IPAddressOrRange_free(aor); ++ return 0; + } + + /* + * Construct a new address family or find an existing one. + */ + static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi) ++ const unsigned afi, ++ const unsigned *safi) + { +- IPAddressFamily *f; +- unsigned char key[3]; +- unsigned keylen; +- int i; +- +- key[0] = (afi >> 8) & 0xFF; +- key[1] = afi & 0xFF; +- if (safi != NULL) { +- key[2] = *safi & 0xFF; +- keylen = 3; +- } else { +- keylen = 2; +- } +- +- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { +- f = sk_IPAddressFamily_value(addr, i); +- OPENSSL_assert(f->addressFamily->data != NULL); +- if (f->addressFamily->length == keylen && +- !memcmp(f->addressFamily->data, key, keylen)) +- return f; +- } +- +- if ((f = IPAddressFamily_new()) == NULL) +- goto err; +- if (f->ipAddressChoice == NULL && +- (f->ipAddressChoice = IPAddressChoice_new()) == NULL) +- goto err; +- if (f->addressFamily == NULL && +- (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) +- goto err; +- if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) +- goto err; +- if (!sk_IPAddressFamily_push(addr, f)) +- goto err; +- +- return f; ++ IPAddressFamily *f; ++ unsigned char key[3]; ++ unsigned keylen; ++ int i; ++ ++ key[0] = (afi >> 8) & 0xFF; ++ key[1] = afi & 0xFF; ++ if (safi != NULL) { ++ key[2] = *safi & 0xFF; ++ keylen = 3; ++ } else { ++ keylen = 2; ++ } ++ ++ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { ++ f = sk_IPAddressFamily_value(addr, i); ++ OPENSSL_assert(f->addressFamily->data != NULL); ++ if (f->addressFamily->length == keylen && ++ !memcmp(f->addressFamily->data, key, keylen)) ++ return f; ++ } ++ ++ if ((f = IPAddressFamily_new()) == NULL) ++ goto err; ++ if (f->ipAddressChoice == NULL && ++ (f->ipAddressChoice = IPAddressChoice_new()) == NULL) ++ goto err; ++ if (f->addressFamily == NULL && ++ (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) ++ goto err; ++ if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) ++ goto err; ++ if (!sk_IPAddressFamily_push(addr, f)) ++ goto err; ++ ++ return f; + + err: +- IPAddressFamily_free(f); +- return NULL; ++ IPAddressFamily_free(f); ++ return NULL; + } + + /* + * Add an inheritance element. + */ + int v3_addr_add_inherit(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi) ++ const unsigned afi, const unsigned *safi) + { +- IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); +- if (f == NULL || +- f->ipAddressChoice == NULL || +- (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && +- f->ipAddressChoice->u.addressesOrRanges != NULL)) +- return 0; +- if (f->ipAddressChoice->type == IPAddressChoice_inherit && +- f->ipAddressChoice->u.inherit != NULL) ++ IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); ++ if (f == NULL || ++ f->ipAddressChoice == NULL || ++ (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && ++ f->ipAddressChoice->u.addressesOrRanges != NULL)) ++ return 0; ++ if (f->ipAddressChoice->type == IPAddressChoice_inherit && ++ f->ipAddressChoice->u.inherit != NULL) ++ return 1; ++ if (f->ipAddressChoice->u.inherit == NULL && ++ (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) ++ return 0; ++ f->ipAddressChoice->type = IPAddressChoice_inherit; + return 1; +- if (f->ipAddressChoice->u.inherit == NULL && +- (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) +- return 0; +- f->ipAddressChoice->type = IPAddressChoice_inherit; +- return 1; + } + + /* + * Construct an IPAddressOrRange sequence, or return an existing one. + */ + static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi) ++ const unsigned afi, ++ const unsigned *safi) + { +- IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); +- IPAddressOrRanges *aors = NULL; +- +- if (f == NULL || +- f->ipAddressChoice == NULL || +- (f->ipAddressChoice->type == IPAddressChoice_inherit && +- f->ipAddressChoice->u.inherit != NULL)) +- return NULL; +- if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) +- aors = f->ipAddressChoice->u.addressesOrRanges; +- if (aors != NULL) ++ IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); ++ IPAddressOrRanges *aors = NULL; ++ ++ if (f == NULL || ++ f->ipAddressChoice == NULL || ++ (f->ipAddressChoice->type == IPAddressChoice_inherit && ++ f->ipAddressChoice->u.inherit != NULL)) ++ return NULL; ++ if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) ++ aors = f->ipAddressChoice->u.addressesOrRanges; ++ if (aors != NULL) ++ return aors; ++ if ((aors = sk_IPAddressOrRange_new_null()) == NULL) ++ return NULL; ++ switch (afi) { ++ case IANA_AFI_IPV4: ++ (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); ++ break; ++ case IANA_AFI_IPV6: ++ (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); ++ break; ++ } ++ f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; ++ f->ipAddressChoice->u.addressesOrRanges = aors; + return aors; +- if ((aors = sk_IPAddressOrRange_new_null()) == NULL) +- return NULL; +- switch (afi) { +- case IANA_AFI_IPV4: +- (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); +- break; +- case IANA_AFI_IPV6: +- (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); +- break; +- } +- f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; +- f->ipAddressChoice->u.addressesOrRanges = aors; +- return aors; + } + + /* + * Add a prefix. + */ + int v3_addr_add_prefix(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi, +- unsigned char *a, +- const int prefixlen) ++ const unsigned afi, ++ const unsigned *safi, ++ unsigned char *a, const int prefixlen) + { +- IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); +- IPAddressOrRange *aor; +- if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) ++ IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); ++ IPAddressOrRange *aor; ++ if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) ++ return 0; ++ if (sk_IPAddressOrRange_push(aors, aor)) ++ return 1; ++ IPAddressOrRange_free(aor); + return 0; +- if (sk_IPAddressOrRange_push(aors, aor)) +- return 1; +- IPAddressOrRange_free(aor); +- return 0; + } + + /* + * Add a range. + */ + int v3_addr_add_range(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi, +- unsigned char *min, +- unsigned char *max) ++ const unsigned afi, ++ const unsigned *safi, ++ unsigned char *min, unsigned char *max) + { +- IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); +- IPAddressOrRange *aor; +- int length = length_from_afi(afi); +- if (aors == NULL) +- return 0; +- if (!make_addressRange(&aor, min, max, length)) ++ IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); ++ IPAddressOrRange *aor; ++ int length = length_from_afi(afi); ++ if (aors == NULL) ++ return 0; ++ if (!make_addressRange(&aor, min, max, length)) ++ return 0; ++ if (sk_IPAddressOrRange_push(aors, aor)) ++ return 1; ++ IPAddressOrRange_free(aor); + return 0; +- if (sk_IPAddressOrRange_push(aors, aor)) +- return 1; +- IPAddressOrRange_free(aor); +- return 0; + } + + /* + * Extract min and max values from an IPAddressOrRange. + */ + static int extract_min_max(IPAddressOrRange *aor, +- unsigned char *min, +- unsigned char *max, +- int length) ++ unsigned char *min, unsigned char *max, int length) + { +- if (aor == NULL || min == NULL || max == NULL) ++ if (aor == NULL || min == NULL || max == NULL) ++ return 0; ++ switch (aor->type) { ++ case IPAddressOrRange_addressPrefix: ++ return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && ++ addr_expand(max, aor->u.addressPrefix, length, 0xFF)); ++ case IPAddressOrRange_addressRange: ++ return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && ++ addr_expand(max, aor->u.addressRange->max, length, 0xFF)); ++ } + return 0; +- switch (aor->type) { +- case IPAddressOrRange_addressPrefix: +- return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && +- addr_expand(max, aor->u.addressPrefix, length, 0xFF)); +- case IPAddressOrRange_addressRange: +- return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && +- addr_expand(max, aor->u.addressRange->max, length, 0xFF)); +- } +- return 0; + } + + /* + * Public wrapper for extract_min_max(). + */ + int v3_addr_get_range(IPAddressOrRange *aor, +- const unsigned afi, +- unsigned char *min, +- unsigned char *max, +- const int length) ++ const unsigned afi, ++ unsigned char *min, ++ unsigned char *max, const int length) + { +- int afi_length = length_from_afi(afi); +- if (aor == NULL || min == NULL || max == NULL || +- afi_length == 0 || length < afi_length || +- (aor->type != IPAddressOrRange_addressPrefix && +- aor->type != IPAddressOrRange_addressRange) || +- !extract_min_max(aor, min, max, afi_length)) +- return 0; +- +- return afi_length; ++ int afi_length = length_from_afi(afi); ++ if (aor == NULL || min == NULL || max == NULL || ++ afi_length == 0 || length < afi_length || ++ (aor->type != IPAddressOrRange_addressPrefix && ++ aor->type != IPAddressOrRange_addressRange) || ++ !extract_min_max(aor, min, max, afi_length)) ++ return 0; ++ ++ return afi_length; + } + + /* +@@ -716,14 +712,14 @@ int v3_addr_get_range(IPAddressOrRange *aor, + * null-SAFI rule to apply only within a single AFI, which is what I + * would have expected and is what the following code implements. + */ +-static int IPAddressFamily_cmp(const IPAddressFamily * const *a_, +- const IPAddressFamily * const *b_) ++static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, ++ const IPAddressFamily *const *b_) + { +- const ASN1_OCTET_STRING *a = (*a_)->addressFamily; +- const ASN1_OCTET_STRING *b = (*b_)->addressFamily; +- int len = ((a->length <= b->length) ? a->length : b->length); +- int cmp = memcmp(a->data, b->data, len); +- return cmp ? cmp : a->length - b->length; ++ const ASN1_OCTET_STRING *a = (*a_)->addressFamily; ++ const ASN1_OCTET_STRING *b = (*b_)->addressFamily; ++ int len = ((a->length <= b->length) ? a->length : b->length); ++ int cmp = memcmp(a->data, b->data, len); ++ return cmp ? cmp : a->length - b->length; + } + + /* +@@ -731,184 +727,182 @@ static int IPAddressFamily_cmp(const IPAddressFamily * const *a_, + */ + int v3_addr_is_canonical(IPAddrBlocks *addr) + { +- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; +- unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; +- IPAddressOrRanges *aors; +- int i, j, k; +- +- /* +- * Empty extension is cannonical. +- */ +- if (addr == NULL) +- return 1; +- +- /* +- * Check whether the top-level list is in order. +- */ +- for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { +- const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); +- const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); +- if (IPAddressFamily_cmp(&a, &b) >= 0) +- return 0; +- } +- +- /* +- * Top level's ok, now check each address family. +- */ +- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { +- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); +- int length = length_from_afi(v3_addr_get_afi(f)); ++ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; ++ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; ++ IPAddressOrRanges *aors; ++ int i, j, k; + + /* +- * Inheritance is canonical. Anything other than inheritance or +- * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something. ++ * Empty extension is cannonical. + */ +- if (f == NULL || f->ipAddressChoice == NULL) +- return 0; +- switch (f->ipAddressChoice->type) { +- case IPAddressChoice_inherit: +- continue; +- case IPAddressChoice_addressesOrRanges: +- break; +- default: +- return 0; +- } ++ if (addr == NULL) ++ return 1; + + /* +- * It's an IPAddressOrRanges sequence, check it. ++ * Check whether the top-level list is in order. + */ +- aors = f->ipAddressChoice->u.addressesOrRanges; +- if (sk_IPAddressOrRange_num(aors) == 0) +- return 0; +- for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { +- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); +- IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); +- +- if (!extract_min_max(a, a_min, a_max, length) || +- !extract_min_max(b, b_min, b_max, length)) +- return 0; +- +- /* +- * Punt misordered list, overlapping start, or inverted range. +- */ +- if (memcmp(a_min, b_min, length) >= 0 || +- memcmp(a_min, a_max, length) > 0 || +- memcmp(b_min, b_max, length) > 0) +- return 0; +- +- /* +- * Punt if adjacent or overlapping. Check for adjacency by +- * subtracting one from b_min first. +- */ +- for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) +- ; +- if (memcmp(a_max, b_min, length) >= 0) +- return 0; +- +- /* +- * Check for range that should be expressed as a prefix. +- */ +- if (a->type == IPAddressOrRange_addressRange && +- range_should_be_prefix(a_min, a_max, length) >= 0) +- return 0; ++ for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { ++ const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); ++ const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); ++ if (IPAddressFamily_cmp(&a, &b) >= 0) ++ return 0; + } + + /* +- * Check range to see if it's inverted or should be a +- * prefix. ++ * Top level's ok, now check each address family. + */ +- j = sk_IPAddressOrRange_num(aors) - 1; +- { +- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); +- if (a != NULL && a->type == IPAddressOrRange_addressRange) { +- if (!extract_min_max(a, a_min, a_max, length)) +- return 0; +- if (memcmp(a_min, a_max, length) > 0 || +- range_should_be_prefix(a_min, a_max, length) >= 0) +- return 0; +- } ++ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { ++ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); ++ int length = length_from_afi(v3_addr_get_afi(f)); ++ ++ /* ++ * Inheritance is canonical. Anything other than inheritance or ++ * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something. ++ */ ++ if (f == NULL || f->ipAddressChoice == NULL) ++ return 0; ++ switch (f->ipAddressChoice->type) { ++ case IPAddressChoice_inherit: ++ continue; ++ case IPAddressChoice_addressesOrRanges: ++ break; ++ default: ++ return 0; ++ } ++ ++ /* ++ * It's an IPAddressOrRanges sequence, check it. ++ */ ++ aors = f->ipAddressChoice->u.addressesOrRanges; ++ if (sk_IPAddressOrRange_num(aors) == 0) ++ return 0; ++ for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { ++ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); ++ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); ++ ++ if (!extract_min_max(a, a_min, a_max, length) || ++ !extract_min_max(b, b_min, b_max, length)) ++ return 0; ++ ++ /* ++ * Punt misordered list, overlapping start, or inverted range. ++ */ ++ if (memcmp(a_min, b_min, length) >= 0 || ++ memcmp(a_min, a_max, length) > 0 || ++ memcmp(b_min, b_max, length) > 0) ++ return 0; ++ ++ /* ++ * Punt if adjacent or overlapping. Check for adjacency by ++ * subtracting one from b_min first. ++ */ ++ for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ; ++ if (memcmp(a_max, b_min, length) >= 0) ++ return 0; ++ ++ /* ++ * Check for range that should be expressed as a prefix. ++ */ ++ if (a->type == IPAddressOrRange_addressRange && ++ range_should_be_prefix(a_min, a_max, length) >= 0) ++ return 0; ++ } ++ ++ /* ++ * Check range to see if it's inverted or should be a ++ * prefix. ++ */ ++ j = sk_IPAddressOrRange_num(aors) - 1; ++ { ++ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); ++ if (a != NULL && a->type == IPAddressOrRange_addressRange) { ++ if (!extract_min_max(a, a_min, a_max, length)) ++ return 0; ++ if (memcmp(a_min, a_max, length) > 0 || ++ range_should_be_prefix(a_min, a_max, length) >= 0) ++ return 0; ++ } ++ } + } +- } + +- /* +- * If we made it through all that, we're happy. +- */ +- return 1; ++ /* ++ * If we made it through all that, we're happy. ++ */ ++ return 1; + } + + /* + * Whack an IPAddressOrRanges into canonical form. + */ + static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, +- const unsigned afi) ++ const unsigned afi) + { +- int i, j, length = length_from_afi(afi); +- +- /* +- * Sort the IPAddressOrRanges sequence. +- */ +- sk_IPAddressOrRange_sort(aors); +- +- /* +- * Clean up representation issues, punt on duplicates or overlaps. +- */ +- for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { +- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); +- IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); +- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; +- unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; +- +- if (!extract_min_max(a, a_min, a_max, length) || +- !extract_min_max(b, b_min, b_max, length)) +- return 0; ++ int i, j, length = length_from_afi(afi); + + /* +- * Punt inverted ranges. ++ * Sort the IPAddressOrRanges sequence. + */ +- if (memcmp(a_min, a_max, length) > 0 || +- memcmp(b_min, b_max, length) > 0) +- return 0; ++ sk_IPAddressOrRange_sort(aors); + + /* +- * Punt overlaps. ++ * Clean up representation issues, punt on duplicates or overlaps. + */ +- if (memcmp(a_max, b_min, length) >= 0) +- return 0; ++ for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { ++ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); ++ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); ++ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; ++ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; ++ ++ if (!extract_min_max(a, a_min, a_max, length) || ++ !extract_min_max(b, b_min, b_max, length)) ++ return 0; ++ ++ /* ++ * Punt inverted ranges. ++ */ ++ if (memcmp(a_min, a_max, length) > 0 || ++ memcmp(b_min, b_max, length) > 0) ++ return 0; ++ ++ /* ++ * Punt overlaps. ++ */ ++ if (memcmp(a_max, b_min, length) >= 0) ++ return 0; ++ ++ /* ++ * Merge if a and b are adjacent. We check for ++ * adjacency by subtracting one from b_min first. ++ */ ++ for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ; ++ if (memcmp(a_max, b_min, length) == 0) { ++ IPAddressOrRange *merged; ++ if (!make_addressRange(&merged, a_min, b_max, length)) ++ return 0; ++ sk_IPAddressOrRange_set(aors, i, merged); ++ (void)sk_IPAddressOrRange_delete(aors, i + 1); ++ IPAddressOrRange_free(a); ++ IPAddressOrRange_free(b); ++ --i; ++ continue; ++ } ++ } + + /* +- * Merge if a and b are adjacent. We check for +- * adjacency by subtracting one from b_min first. ++ * Check for inverted final range. + */ +- for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) +- ; +- if (memcmp(a_max, b_min, length) == 0) { +- IPAddressOrRange *merged; +- if (!make_addressRange(&merged, a_min, b_max, length)) +- return 0; +- sk_IPAddressOrRange_set(aors, i, merged); +- (void)sk_IPAddressOrRange_delete(aors, i + 1); +- IPAddressOrRange_free(a); +- IPAddressOrRange_free(b); +- --i; +- continue; +- } +- } +- +- /* +- * Check for inverted final range. +- */ +- j = sk_IPAddressOrRange_num(aors) - 1; +- { +- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); +- if (a != NULL && a->type == IPAddressOrRange_addressRange) { +- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; +- extract_min_max(a, a_min, a_max, length); +- if (memcmp(a_min, a_max, length) > 0) +- return 0; ++ j = sk_IPAddressOrRange_num(aors) - 1; ++ { ++ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); ++ if (a != NULL && a->type == IPAddressOrRange_addressRange) { ++ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; ++ extract_min_max(a, a_min, a_max, length); ++ if (memcmp(a_min, a_max, length) > 0) ++ return 0; ++ } + } +- } + +- return 1; ++ return 1; + } + + /* +@@ -916,200 +910,208 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, + */ + int v3_addr_canonize(IPAddrBlocks *addr) + { +- int i; +- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { +- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); +- if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && +- !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges, +- v3_addr_get_afi(f))) +- return 0; +- } +- (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); +- sk_IPAddressFamily_sort(addr); +- OPENSSL_assert(v3_addr_is_canonical(addr)); +- return 1; ++ int i; ++ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { ++ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); ++ if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && ++ !IPAddressOrRanges_canonize(f->ipAddressChoice-> ++ u.addressesOrRanges, ++ v3_addr_get_afi(f))) ++ return 0; ++ } ++ (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); ++ sk_IPAddressFamily_sort(addr); ++ OPENSSL_assert(v3_addr_is_canonical(addr)); ++ return 1; + } + + /* + * v2i handler for the IPAddrBlocks extension. + */ + static void *v2i_IPAddrBlocks(struct v3_ext_method *method, +- struct v3_ext_ctx *ctx, +- STACK_OF(CONF_VALUE) *values) ++ struct v3_ext_ctx *ctx, ++ STACK_OF(CONF_VALUE) *values) + { +- static const char v4addr_chars[] = "0123456789."; +- static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; +- IPAddrBlocks *addr = NULL; +- char *s = NULL, *t; +- int i; +- +- if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- for (i = 0; i < sk_CONF_VALUE_num(values); i++) { +- CONF_VALUE *val = sk_CONF_VALUE_value(values, i); +- unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; +- unsigned afi, *safi = NULL, safi_; +- const char *addr_chars; +- int prefixlen, i1, i2, delim, length; +- +- if ( !name_cmp(val->name, "IPv4")) { +- afi = IANA_AFI_IPV4; +- } else if (!name_cmp(val->name, "IPv6")) { +- afi = IANA_AFI_IPV6; +- } else if (!name_cmp(val->name, "IPv4-SAFI")) { +- afi = IANA_AFI_IPV4; +- safi = &safi_; +- } else if (!name_cmp(val->name, "IPv6-SAFI")) { +- afi = IANA_AFI_IPV6; +- safi = &safi_; +- } else { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR); +- X509V3_conf_err(val); +- goto err; ++ static const char v4addr_chars[] = "0123456789."; ++ static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; ++ IPAddrBlocks *addr = NULL; ++ char *s = NULL, *t; ++ int i; ++ ++ if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); ++ return NULL; + } + +- switch (afi) { +- case IANA_AFI_IPV4: +- addr_chars = v4addr_chars; +- break; +- case IANA_AFI_IPV6: +- addr_chars = v6addr_chars; +- break; +- } +- +- length = length_from_afi(afi); +- +- /* +- * Handle SAFI, if any, and BUF_strdup() so we can null-terminate +- * the other input values. +- */ +- if (safi != NULL) { +- *safi = strtoul(val->value, &t, 0); +- t += strspn(t, " \t"); +- if (*safi > 0xFF || *t++ != ':') { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI); +- X509V3_conf_err(val); +- goto err; +- } +- t += strspn(t, " \t"); +- s = BUF_strdup(t); +- } else { +- s = BUF_strdup(val->value); +- } +- if (s == NULL) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); +- goto err; ++ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { ++ CONF_VALUE *val = sk_CONF_VALUE_value(values, i); ++ unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; ++ unsigned afi, *safi = NULL, safi_; ++ const char *addr_chars; ++ int prefixlen, i1, i2, delim, length; ++ ++ if (!name_cmp(val->name, "IPv4")) { ++ afi = IANA_AFI_IPV4; ++ } else if (!name_cmp(val->name, "IPv6")) { ++ afi = IANA_AFI_IPV6; ++ } else if (!name_cmp(val->name, "IPv4-SAFI")) { ++ afi = IANA_AFI_IPV4; ++ safi = &safi_; ++ } else if (!name_cmp(val->name, "IPv6-SAFI")) { ++ afi = IANA_AFI_IPV6; ++ safi = &safi_; ++ } else { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_EXTENSION_NAME_ERROR); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ ++ switch (afi) { ++ case IANA_AFI_IPV4: ++ addr_chars = v4addr_chars; ++ break; ++ case IANA_AFI_IPV6: ++ addr_chars = v6addr_chars; ++ break; ++ } ++ ++ length = length_from_afi(afi); ++ ++ /* ++ * Handle SAFI, if any, and BUF_strdup() so we can null-terminate ++ * the other input values. ++ */ ++ if (safi != NULL) { ++ *safi = strtoul(val->value, &t, 0); ++ t += strspn(t, " \t"); ++ if (*safi > 0xFF || *t++ != ':') { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ t += strspn(t, " \t"); ++ s = BUF_strdup(t); ++ } else { ++ s = BUF_strdup(val->value); ++ } ++ if (s == NULL) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* ++ * Check for inheritance. Not worth additional complexity to ++ * optimize this (seldom-used) case. ++ */ ++ if (!strcmp(s, "inherit")) { ++ if (!v3_addr_add_inherit(addr, afi, safi)) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_INVALID_INHERITANCE); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ OPENSSL_free(s); ++ s = NULL; ++ continue; ++ } ++ ++ i1 = strspn(s, addr_chars); ++ i2 = i1 + strspn(s + i1, " \t"); ++ delim = s[i2++]; ++ s[i1] = '\0'; ++ ++ if (a2i_ipadd(min, s) != length) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ ++ switch (delim) { ++ case '/': ++ prefixlen = (int)strtoul(s + i2, &t, 10); ++ if (t == s + i2 || *t != '\0') { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ break; ++ case '-': ++ i1 = i2 + strspn(s + i2, " \t"); ++ i2 = i1 + strspn(s + i1, addr_chars); ++ if (i1 == i2 || s[i2] != '\0') { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ if (a2i_ipadd(max, s + i1) != length) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_INVALID_IPADDRESS); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ if (memcmp(min, max, length_from_afi(afi)) > 0) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ if (!v3_addr_add_range(addr, afi, safi, min, max)) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ break; ++ case '\0': ++ if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ break; ++ default: ++ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ ++ OPENSSL_free(s); ++ s = NULL; + } + + /* +- * Check for inheritance. Not worth additional complexity to +- * optimize this (seldom-used) case. ++ * Canonize the result, then we're done. + */ +- if (!strcmp(s, "inherit")) { +- if (!v3_addr_add_inherit(addr, afi, safi)) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); +- X509V3_conf_err(val); +- goto err; +- } +- OPENSSL_free(s); +- s = NULL; +- continue; +- } +- +- i1 = strspn(s, addr_chars); +- i2 = i1 + strspn(s + i1, " \t"); +- delim = s[i2++]; +- s[i1] = '\0'; +- +- if (a2i_ipadd(min, s) != length) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); +- X509V3_conf_err(val); +- goto err; +- } +- +- switch (delim) { +- case '/': +- prefixlen = (int) strtoul(s + i2, &t, 10); +- if (t == s + i2 || *t != '\0') { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); +- X509V3_conf_err(val); +- goto err; +- } +- if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- break; +- case '-': +- i1 = i2 + strspn(s + i2, " \t"); +- i2 = i1 + strspn(s + i1, addr_chars); +- if (i1 == i2 || s[i2] != '\0') { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); +- X509V3_conf_err(val); +- goto err; +- } +- if (a2i_ipadd(max, s + i1) != length) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS); +- X509V3_conf_err(val); +- goto err; +- } +- if (memcmp(min, max, length_from_afi(afi)) > 0) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); +- X509V3_conf_err(val); +- goto err; +- } +- if (!v3_addr_add_range(addr, afi, safi, min, max)) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- break; +- case '\0': +- if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- break; +- default: +- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR); +- X509V3_conf_err(val); +- goto err; +- } +- +- OPENSSL_free(s); +- s = NULL; +- } +- +- /* +- * Canonize the result, then we're done. +- */ +- if (!v3_addr_canonize(addr)) +- goto err; +- return addr; ++ if (!v3_addr_canonize(addr)) ++ goto err; ++ return addr; + + err: +- OPENSSL_free(s); +- sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); +- return NULL; ++ OPENSSL_free(s); ++ sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); ++ return NULL; + } + + /* + * OpenSSL dispatch + */ + const X509V3_EXT_METHOD v3_addr = { +- NID_sbgp_ipAddrBlock, /* nid */ +- 0, /* flags */ +- ASN1_ITEM_ref(IPAddrBlocks), /* template */ +- 0, 0, 0, 0, /* old functions, ignored */ +- 0, /* i2s */ +- 0, /* s2i */ +- 0, /* i2v */ +- v2i_IPAddrBlocks, /* v2i */ +- i2r_IPAddrBlocks, /* i2r */ +- 0, /* r2i */ +- NULL /* extension-specific data */ ++ NID_sbgp_ipAddrBlock, /* nid */ ++ 0, /* flags */ ++ ASN1_ITEM_ref(IPAddrBlocks), /* template */ ++ 0, 0, 0, 0, /* old functions, ignored */ ++ 0, /* i2s */ ++ 0, /* s2i */ ++ 0, /* i2v */ ++ v2i_IPAddrBlocks, /* v2i */ ++ i2r_IPAddrBlocks, /* i2r */ ++ 0, /* r2i */ ++ NULL /* extension-specific data */ + }; + + /* +@@ -1117,53 +1119,52 @@ const X509V3_EXT_METHOD v3_addr = { + */ + int v3_addr_inherits(IPAddrBlocks *addr) + { +- int i; +- if (addr == NULL) ++ int i; ++ if (addr == NULL) ++ return 0; ++ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { ++ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); ++ if (f->ipAddressChoice->type == IPAddressChoice_inherit) ++ return 1; ++ } + return 0; +- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { +- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); +- if (f->ipAddressChoice->type == IPAddressChoice_inherit) +- return 1; +- } +- return 0; + } + + /* + * Figure out whether parent contains child. + */ + static int addr_contains(IPAddressOrRanges *parent, +- IPAddressOrRanges *child, +- int length) ++ IPAddressOrRanges *child, int length) + { +- unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; +- unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; +- int p, c; +- +- if (child == NULL || parent == child) +- return 1; +- if (parent == NULL) +- return 0; +- +- p = 0; +- for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { +- if (!extract_min_max(sk_IPAddressOrRange_value(child, c), +- c_min, c_max, length)) +- return -1; +- for (;; p++) { +- if (p >= sk_IPAddressOrRange_num(parent)) +- return 0; +- if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), +- p_min, p_max, length)) +- return 0; +- if (memcmp(p_max, c_max, length) < 0) +- continue; +- if (memcmp(p_min, c_min, length) > 0) +- return 0; +- break; ++ unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; ++ unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; ++ int p, c; ++ ++ if (child == NULL || parent == child) ++ return 1; ++ if (parent == NULL) ++ return 0; ++ ++ p = 0; ++ for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { ++ if (!extract_min_max(sk_IPAddressOrRange_value(child, c), ++ c_min, c_max, length)) ++ return -1; ++ for (;; p++) { ++ if (p >= sk_IPAddressOrRange_num(parent)) ++ return 0; ++ if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), ++ p_min, p_max, length)) ++ return 0; ++ if (memcmp(p_max, c_max, length) < 0) ++ continue; ++ if (memcmp(p_min, c_min, length) > 0) ++ return 0; ++ break; ++ } + } +- } + +- return 1; ++ return 1; + } + + /* +@@ -1171,150 +1172,156 @@ static int addr_contains(IPAddressOrRanges *parent, + */ + int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) + { +- int i; +- if (a == NULL || a == b) ++ int i; ++ if (a == NULL || a == b) ++ return 1; ++ if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) ++ return 0; ++ (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); ++ for (i = 0; i < sk_IPAddressFamily_num(a); i++) { ++ IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); ++ int j = sk_IPAddressFamily_find(b, fa); ++ IPAddressFamily *fb; ++ fb = sk_IPAddressFamily_value(b, j); ++ if (fb == NULL) ++ return 0; ++ if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, ++ fa->ipAddressChoice->u.addressesOrRanges, ++ length_from_afi(v3_addr_get_afi(fb)))) ++ return 0; ++ } + return 1; +- if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) +- return 0; +- (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); +- for (i = 0; i < sk_IPAddressFamily_num(a); i++) { +- IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); +- int j = sk_IPAddressFamily_find(b, fa); +- IPAddressFamily *fb; +- fb = sk_IPAddressFamily_value(b, j); +- if (fb == NULL) +- return 0; +- if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, +- fa->ipAddressChoice->u.addressesOrRanges, +- length_from_afi(v3_addr_get_afi(fb)))) +- return 0; +- } +- return 1; + } + + /* + * Validation error handling via callback. + */ +-#define validation_err(_err_) \ +- do { \ +- if (ctx != NULL) { \ +- ctx->error = _err_; \ +- ctx->error_depth = i; \ +- ctx->current_cert = x; \ +- ret = ctx->verify_cb(0, ctx); \ +- } else { \ +- ret = 0; \ +- } \ +- if (!ret) \ +- goto done; \ ++# define validation_err(_err_) \ ++ do { \ ++ if (ctx != NULL) { \ ++ ctx->error = _err_; \ ++ ctx->error_depth = i; \ ++ ctx->current_cert = x; \ ++ ret = ctx->verify_cb(0, ctx); \ ++ } else { \ ++ ret = 0; \ ++ } \ ++ if (!ret) \ ++ goto done; \ + } while (0) + + /* + * Core code for RFC 3779 2.3 path validation. + */ + static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, +- STACK_OF(X509) *chain, +- IPAddrBlocks *ext) ++ STACK_OF(X509) *chain, ++ IPAddrBlocks *ext) + { +- IPAddrBlocks *child = NULL; +- int i, j, ret = 1; +- X509 *x = NULL; +- +- OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); +- OPENSSL_assert(ctx != NULL || ext != NULL); +- OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); +- +- /* +- * Figure out where to start. If we don't have an extension to +- * check, we're done. Otherwise, check canonical form and +- * set up for walking up the chain. +- */ +- if (ext != NULL) { +- i = -1; +- } else { +- i = 0; +- x = sk_X509_value(chain, i); +- OPENSSL_assert(x != NULL); +- if ((ext = x->rfc3779_addr) == NULL) +- goto done; +- } +- if (!v3_addr_is_canonical(ext)) +- validation_err(X509_V_ERR_INVALID_EXTENSION); +- (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); +- if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { +- X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); +- ret = 0; +- goto done; +- } +- +- /* +- * Now walk up the chain. No cert may list resources that its +- * parent doesn't list. +- */ +- for (i++; i < sk_X509_num(chain); i++) { +- x = sk_X509_value(chain, i); +- OPENSSL_assert(x != NULL); +- if (!v3_addr_is_canonical(x->rfc3779_addr)) +- validation_err(X509_V_ERR_INVALID_EXTENSION); +- if (x->rfc3779_addr == NULL) { +- for (j = 0; j < sk_IPAddressFamily_num(child); j++) { +- IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); +- if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- break; +- } +- } +- continue; ++ IPAddrBlocks *child = NULL; ++ int i, j, ret = 1; ++ X509 *x = NULL; ++ ++ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); ++ OPENSSL_assert(ctx != NULL || ext != NULL); ++ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); ++ ++ /* ++ * Figure out where to start. If we don't have an extension to ++ * check, we're done. Otherwise, check canonical form and ++ * set up for walking up the chain. ++ */ ++ if (ext != NULL) { ++ i = -1; ++ } else { ++ i = 0; ++ x = sk_X509_value(chain, i); ++ OPENSSL_assert(x != NULL); ++ if ((ext = x->rfc3779_addr) == NULL) ++ goto done; + } +- (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); +- for (j = 0; j < sk_IPAddressFamily_num(child); j++) { +- IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); +- int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); +- IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k); +- if (fp == NULL) { +- if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- break; +- } +- continue; +- } +- if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { +- if (fc->ipAddressChoice->type == IPAddressChoice_inherit || +- addr_contains(fp->ipAddressChoice->u.addressesOrRanges, +- fc->ipAddressChoice->u.addressesOrRanges, +- length_from_afi(v3_addr_get_afi(fc)))) +- sk_IPAddressFamily_set(child, j, fp); +- else +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- } ++ if (!v3_addr_is_canonical(ext)) ++ validation_err(X509_V_ERR_INVALID_EXTENSION); ++ (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); ++ if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { ++ X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ++ ERR_R_MALLOC_FAILURE); ++ ret = 0; ++ goto done; + } +- } +- +- /* +- * Trust anchor can't inherit. +- */ +- if (x->rfc3779_addr != NULL) { +- for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { +- IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); +- if (fp->ipAddressChoice->type == IPAddressChoice_inherit && +- sk_IPAddressFamily_find(child, fp) >= 0) +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ ++ /* ++ * Now walk up the chain. No cert may list resources that its ++ * parent doesn't list. ++ */ ++ for (i++; i < sk_X509_num(chain); i++) { ++ x = sk_X509_value(chain, i); ++ OPENSSL_assert(x != NULL); ++ if (!v3_addr_is_canonical(x->rfc3779_addr)) ++ validation_err(X509_V_ERR_INVALID_EXTENSION); ++ if (x->rfc3779_addr == NULL) { ++ for (j = 0; j < sk_IPAddressFamily_num(child); j++) { ++ IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); ++ if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ break; ++ } ++ } ++ continue; ++ } ++ (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, ++ IPAddressFamily_cmp); ++ for (j = 0; j < sk_IPAddressFamily_num(child); j++) { ++ IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); ++ int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); ++ IPAddressFamily *fp = ++ sk_IPAddressFamily_value(x->rfc3779_addr, k); ++ if (fp == NULL) { ++ if (fc->ipAddressChoice->type == ++ IPAddressChoice_addressesOrRanges) { ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ break; ++ } ++ continue; ++ } ++ if (fp->ipAddressChoice->type == ++ IPAddressChoice_addressesOrRanges) { ++ if (fc->ipAddressChoice->type == IPAddressChoice_inherit ++ || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, ++ fc->ipAddressChoice->u.addressesOrRanges, ++ length_from_afi(v3_addr_get_afi(fc)))) ++ sk_IPAddressFamily_set(child, j, fp); ++ else ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ } ++ } ++ } ++ ++ /* ++ * Trust anchor can't inherit. ++ */ ++ if (x->rfc3779_addr != NULL) { ++ for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { ++ IPAddressFamily *fp = ++ sk_IPAddressFamily_value(x->rfc3779_addr, j); ++ if (fp->ipAddressChoice->type == IPAddressChoice_inherit ++ && sk_IPAddressFamily_find(child, fp) >= 0) ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ } + } +- } + + done: +- sk_IPAddressFamily_free(child); +- return ret; ++ sk_IPAddressFamily_free(child); ++ return ret; + } + +-#undef validation_err ++# undef validation_err + + /* + * RFC 3779 2.3 path validation -- called from X509_verify_cert(). + */ + int v3_addr_validate_path(X509_STORE_CTX *ctx) + { +- return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); ++ return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); + } + + /* +@@ -1322,16 +1329,15 @@ int v3_addr_validate_path(X509_STORE_CTX *ctx) + * Test whether chain covers extension. + */ + int v3_addr_validate_resource_set(STACK_OF(X509) *chain, +- IPAddrBlocks *ext, +- int allow_inheritance) ++ IPAddrBlocks *ext, int allow_inheritance) + { +- if (ext == NULL) +- return 1; +- if (chain == NULL || sk_X509_num(chain) == 0) +- return 0; +- if (!allow_inheritance && v3_addr_inherits(ext)) +- return 0; +- return v3_addr_validate_path_internal(NULL, chain, ext); ++ if (ext == NULL) ++ return 1; ++ if (chain == NULL || sk_X509_num(chain) == 0) ++ return 0; ++ if (!allow_inheritance && v3_addr_inherits(ext)) ++ return 0; ++ return v3_addr_validate_path_internal(NULL, chain, ext); + } + +-#endif /* OPENSSL_NO_RFC3779 */ ++#endif /* OPENSSL_NO_RFC3779 */ +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +index c6b68ee..e920270 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +@@ -1,6 +1,7 @@ + /* v3_akey.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,43 +65,47 @@ + #include + + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, +- AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); ++ AUTHORITY_KEYID *akeyid, ++ STACK_OF(CONF_VALUE) ++ *extlist); + static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +- +-const X509V3_EXT_METHOD v3_akey_id = +- { +- NID_authority_key_identifier, +- X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), +- 0,0,0,0, +- 0,0, +- (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, +- (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, +- 0,0, +- NULL +- }; ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *values); ++ ++const X509V3_EXT_METHOD v3_akey_id = { ++ NID_authority_key_identifier, ++ X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID, ++ (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, ++ 0, 0, ++ NULL ++}; + + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, +- AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) ++ AUTHORITY_KEYID *akeyid, ++ STACK_OF(CONF_VALUE) ++ *extlist) + { +- char *tmp; +- if(akeyid->keyid) { +- tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); +- X509V3_add_value("keyid", tmp, &extlist); +- OPENSSL_free(tmp); +- } +- if(akeyid->issuer) +- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); +- if(akeyid->serial) { +- tmp = hex_to_string(akeyid->serial->data, +- akeyid->serial->length); +- X509V3_add_value("serial", tmp, &extlist); +- OPENSSL_free(tmp); +- } +- return extlist; ++ char *tmp; ++ if (akeyid->keyid) { ++ tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); ++ X509V3_add_value("keyid", tmp, &extlist); ++ OPENSSL_free(tmp); ++ } ++ if (akeyid->issuer) ++ extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); ++ if (akeyid->serial) { ++ tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); ++ X509V3_add_value("serial", tmp, &extlist); ++ OPENSSL_free(tmp); ++ } ++ return extlist; + } + +-/* Currently two options: ++/*- ++ * Currently two options: + * keyid: use the issuers subject keyid, the value 'always' means its is + * an error if the issuer certificate doesn't have a key id. + * issuer: use the issuers cert issuer and serial number. The default is +@@ -109,100 +114,92 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + */ + + static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +- { +- char keyid=0, issuer=0; +- int i; +- CONF_VALUE *cnf; +- ASN1_OCTET_STRING *ikeyid = NULL; +- X509_NAME *isname = NULL; +- GENERAL_NAMES * gens = NULL; +- GENERAL_NAME *gen = NULL; +- ASN1_INTEGER *serial = NULL; +- X509_EXTENSION *ext; +- X509 *cert; +- AUTHORITY_KEYID *akeyid; +- +- for(i = 0; i < sk_CONF_VALUE_num(values); i++) +- { +- cnf = sk_CONF_VALUE_value(values, i); +- if(!strcmp(cnf->name, "keyid")) +- { +- keyid = 1; +- if(cnf->value && !strcmp(cnf->value, "always")) +- keyid = 2; +- } +- else if(!strcmp(cnf->name, "issuer")) +- { +- issuer = 1; +- if(cnf->value && !strcmp(cnf->value, "always")) +- issuer = 2; +- } +- else +- { +- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); +- ERR_add_error_data(2, "name=", cnf->name); +- return NULL; +- } +- } +- +- if(!ctx || !ctx->issuer_cert) +- { +- if(ctx && (ctx->flags==CTX_TEST)) +- return AUTHORITY_KEYID_new(); +- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); +- return NULL; +- } +- +- cert = ctx->issuer_cert; +- +- if(keyid) +- { +- i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); +- if((i >= 0) && (ext = X509_get_ext(cert, i))) +- ikeyid = X509V3_EXT_d2i(ext); +- if(keyid==2 && !ikeyid) +- { +- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); +- return NULL; +- } +- } +- +- if((issuer && !ikeyid) || (issuer == 2)) +- { +- isname = X509_NAME_dup(X509_get_issuer_name(cert)); +- serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); +- if(!isname || !serial) +- { +- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); +- goto err; +- } +- } +- +- if(!(akeyid = AUTHORITY_KEYID_new())) goto err; +- +- if(isname) +- { +- if(!(gens = sk_GENERAL_NAME_new_null()) +- || !(gen = GENERAL_NAME_new()) +- || !sk_GENERAL_NAME_push(gens, gen)) +- { +- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- gen->type = GEN_DIRNAME; +- gen->d.dirn = isname; +- } +- +- akeyid->issuer = gens; +- akeyid->serial = serial; +- akeyid->keyid = ikeyid; +- +- return akeyid; ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *values) ++{ ++ char keyid = 0, issuer = 0; ++ int i; ++ CONF_VALUE *cnf; ++ ASN1_OCTET_STRING *ikeyid = NULL; ++ X509_NAME *isname = NULL; ++ GENERAL_NAMES *gens = NULL; ++ GENERAL_NAME *gen = NULL; ++ ASN1_INTEGER *serial = NULL; ++ X509_EXTENSION *ext; ++ X509 *cert; ++ AUTHORITY_KEYID *akeyid; ++ ++ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { ++ cnf = sk_CONF_VALUE_value(values, i); ++ if (!strcmp(cnf->name, "keyid")) { ++ keyid = 1; ++ if (cnf->value && !strcmp(cnf->value, "always")) ++ keyid = 2; ++ } else if (!strcmp(cnf->name, "issuer")) { ++ issuer = 1; ++ if (cnf->value && !strcmp(cnf->value, "always")) ++ issuer = 2; ++ } else { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); ++ ERR_add_error_data(2, "name=", cnf->name); ++ return NULL; ++ } ++ } ++ ++ if (!ctx || !ctx->issuer_cert) { ++ if (ctx && (ctx->flags == CTX_TEST)) ++ return AUTHORITY_KEYID_new(); ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ++ X509V3_R_NO_ISSUER_CERTIFICATE); ++ return NULL; ++ } ++ ++ cert = ctx->issuer_cert; ++ ++ if (keyid) { ++ i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); ++ if ((i >= 0) && (ext = X509_get_ext(cert, i))) ++ ikeyid = X509V3_EXT_d2i(ext); ++ if (keyid == 2 && !ikeyid) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ++ X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); ++ return NULL; ++ } ++ } ++ ++ if ((issuer && !ikeyid) || (issuer == 2)) { ++ isname = X509_NAME_dup(X509_get_issuer_name(cert)); ++ serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); ++ if (!isname || !serial) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ++ X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); ++ goto err; ++ } ++ } ++ ++ if (!(akeyid = AUTHORITY_KEYID_new())) ++ goto err; ++ ++ if (isname) { ++ if (!(gens = sk_GENERAL_NAME_new_null()) ++ || !(gen = GENERAL_NAME_new()) ++ || !sk_GENERAL_NAME_push(gens, gen)) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ gen->type = GEN_DIRNAME; ++ gen->d.dirn = isname; ++ } ++ ++ akeyid->issuer = gens; ++ akeyid->serial = serial; ++ akeyid->keyid = ikeyid; ++ ++ return akeyid; + + err: +- X509_NAME_free(isname); +- M_ASN1_INTEGER_free(serial); +- M_ASN1_OCTET_STRING_free(ikeyid); +- return NULL; +- } ++ X509_NAME_free(isname); ++ M_ASN1_INTEGER_free(serial); ++ M_ASN1_OCTET_STRING_free(ikeyid); ++ return NULL; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +index 2c50f73..2cc85b7 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +@@ -1,6 +1,7 @@ + /* v3_akey_asn1.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,9 +65,9 @@ + #include + + ASN1_SEQUENCE(AUTHORITY_KEYID) = { +- ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), +- ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), +- ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) ++ ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), ++ ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), ++ ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) + } ASN1_SEQUENCE_END(AUTHORITY_KEYID) + + IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +index 69244e4..ea0e6be 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +@@ -1,5 +1,6 @@ + /* v3_alt.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,525 +62,504 @@ + #include + #include + +-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); ++static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); + static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); + static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); + static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); + static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); + + const X509V3_EXT_METHOD v3_alt[] = { +-{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), +-0,0,0,0, +-0,0, +-(X509V3_EXT_I2V)i2v_GENERAL_NAMES, +-(X509V3_EXT_V2I)v2i_subject_alt, +-NULL, NULL, NULL}, +- +-{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), +-0,0,0,0, +-0,0, +-(X509V3_EXT_I2V)i2v_GENERAL_NAMES, +-(X509V3_EXT_V2I)v2i_issuer_alt, +-NULL, NULL, NULL}, ++ {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_GENERAL_NAMES, ++ (X509V3_EXT_V2I)v2i_subject_alt, ++ NULL, NULL, NULL}, ++ ++ {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_GENERAL_NAMES, ++ (X509V3_EXT_V2I)v2i_issuer_alt, ++ NULL, NULL, NULL}, + }; + + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, +- GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) ++ GENERAL_NAMES *gens, ++ STACK_OF(CONF_VALUE) *ret) + { +- int i; +- GENERAL_NAME *gen; +- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { +- gen = sk_GENERAL_NAME_value(gens, i); +- ret = i2v_GENERAL_NAME(method, gen, ret); +- } +- if(!ret) return sk_CONF_VALUE_new_null(); +- return ret; ++ int i; ++ GENERAL_NAME *gen; ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ gen = sk_GENERAL_NAME_value(gens, i); ++ ret = i2v_GENERAL_NAME(method, gen, ret); ++ } ++ if (!ret) ++ return sk_CONF_VALUE_new_null(); ++ return ret; + } + + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, +- GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) ++ GENERAL_NAME *gen, ++ STACK_OF(CONF_VALUE) *ret) + { +- unsigned char *p; +- char oline[256], htmp[5]; +- int i; +- switch (gen->type) +- { +- case GEN_OTHERNAME: +- X509V3_add_value("othername","", &ret); +- break; +- +- case GEN_X400: +- X509V3_add_value("X400Name","", &ret); +- break; +- +- case GEN_EDIPARTY: +- X509V3_add_value("EdiPartyName","", &ret); +- break; +- +- case GEN_EMAIL: +- X509V3_add_value_uchar("email",gen->d.ia5->data, &ret); +- break; +- +- case GEN_DNS: +- X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret); +- break; +- +- case GEN_URI: +- X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret); +- break; +- +- case GEN_DIRNAME: +- X509_NAME_oneline(gen->d.dirn, oline, 256); +- X509V3_add_value("DirName",oline, &ret); +- break; +- +- case GEN_IPADD: +- p = gen->d.ip->data; +- if(gen->d.ip->length == 4) +- BIO_snprintf(oline, sizeof oline, +- "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); +- else if(gen->d.ip->length == 16) +- { +- oline[0] = 0; +- for (i = 0; i < 8; i++) +- { +- BIO_snprintf(htmp, sizeof htmp, +- "%X", p[0] << 8 | p[1]); +- p += 2; +- strcat(oline, htmp); +- if (i != 7) +- strcat(oline, ":"); +- } +- } +- else +- { +- X509V3_add_value("IP Address","", &ret); +- break; +- } +- X509V3_add_value("IP Address",oline, &ret); +- break; +- +- case GEN_RID: +- i2t_ASN1_OBJECT(oline, 256, gen->d.rid); +- X509V3_add_value("Registered ID",oline, &ret); +- break; +- } +- return ret; ++ unsigned char *p; ++ char oline[256], htmp[5]; ++ int i; ++ switch (gen->type) { ++ case GEN_OTHERNAME: ++ X509V3_add_value("othername", "", &ret); ++ break; ++ ++ case GEN_X400: ++ X509V3_add_value("X400Name", "", &ret); ++ break; ++ ++ case GEN_EDIPARTY: ++ X509V3_add_value("EdiPartyName", "", &ret); ++ break; ++ ++ case GEN_EMAIL: ++ X509V3_add_value_uchar("email", gen->d.ia5->data, &ret); ++ break; ++ ++ case GEN_DNS: ++ X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret); ++ break; ++ ++ case GEN_URI: ++ X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret); ++ break; ++ ++ case GEN_DIRNAME: ++ X509_NAME_oneline(gen->d.dirn, oline, 256); ++ X509V3_add_value("DirName", oline, &ret); ++ break; ++ ++ case GEN_IPADD: ++ p = gen->d.ip->data; ++ if (gen->d.ip->length == 4) ++ BIO_snprintf(oline, sizeof oline, ++ "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); ++ else if (gen->d.ip->length == 16) { ++ oline[0] = 0; ++ for (i = 0; i < 8; i++) { ++ BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); ++ p += 2; ++ strcat(oline, htmp); ++ if (i != 7) ++ strcat(oline, ":"); ++ } ++ } else { ++ X509V3_add_value("IP Address", "", &ret); ++ break; ++ } ++ X509V3_add_value("IP Address", oline, &ret); ++ break; ++ ++ case GEN_RID: ++ i2t_ASN1_OBJECT(oline, 256, gen->d.rid); ++ X509V3_add_value("Registered ID", oline, &ret); ++ break; ++ } ++ return ret; + } + + int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) + { +- unsigned char *p; +- int i; +- switch (gen->type) +- { +- case GEN_OTHERNAME: +- BIO_printf(out, "othername:"); +- break; +- +- case GEN_X400: +- BIO_printf(out, "X400Name:"); +- break; +- +- case GEN_EDIPARTY: +- /* Maybe fix this: it is supported now */ +- BIO_printf(out, "EdiPartyName:"); +- break; +- +- case GEN_EMAIL: +- BIO_printf(out, "email:%s",gen->d.ia5->data); +- break; +- +- case GEN_DNS: +- BIO_printf(out, "DNS:%s",gen->d.ia5->data); +- break; +- +- case GEN_URI: +- BIO_printf(out, "URI:%s",gen->d.ia5->data); +- break; +- +- case GEN_DIRNAME: +- BIO_printf(out, "DirName: "); +- X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); +- break; +- +- case GEN_IPADD: +- p = gen->d.ip->data; +- if(gen->d.ip->length == 4) +- BIO_printf(out, "IP Address:%d.%d.%d.%d", +- p[0], p[1], p[2], p[3]); +- else if(gen->d.ip->length == 16) +- { +- BIO_printf(out, "IP Address"); +- for (i = 0; i < 8; i++) +- { +- BIO_printf(out, ":%X", p[0] << 8 | p[1]); +- p += 2; +- } +- BIO_puts(out, "\n"); +- } +- else +- { +- BIO_printf(out,"IP Address:"); +- break; +- } +- break; +- +- case GEN_RID: +- BIO_printf(out, "Registered ID"); +- i2a_ASN1_OBJECT(out, gen->d.rid); +- break; +- } +- return 1; ++ unsigned char *p; ++ int i; ++ switch (gen->type) { ++ case GEN_OTHERNAME: ++ BIO_printf(out, "othername:"); ++ break; ++ ++ case GEN_X400: ++ BIO_printf(out, "X400Name:"); ++ break; ++ ++ case GEN_EDIPARTY: ++ /* Maybe fix this: it is supported now */ ++ BIO_printf(out, "EdiPartyName:"); ++ break; ++ ++ case GEN_EMAIL: ++ BIO_printf(out, "email:%s", gen->d.ia5->data); ++ break; ++ ++ case GEN_DNS: ++ BIO_printf(out, "DNS:%s", gen->d.ia5->data); ++ break; ++ ++ case GEN_URI: ++ BIO_printf(out, "URI:%s", gen->d.ia5->data); ++ break; ++ ++ case GEN_DIRNAME: ++ BIO_printf(out, "DirName: "); ++ X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); ++ break; ++ ++ case GEN_IPADD: ++ p = gen->d.ip->data; ++ if (gen->d.ip->length == 4) ++ BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); ++ else if (gen->d.ip->length == 16) { ++ BIO_printf(out, "IP Address"); ++ for (i = 0; i < 8; i++) { ++ BIO_printf(out, ":%X", p[0] << 8 | p[1]); ++ p += 2; ++ } ++ BIO_puts(out, "\n"); ++ } else { ++ BIO_printf(out, "IP Address:"); ++ break; ++ } ++ break; ++ ++ case GEN_RID: ++ BIO_printf(out, "Registered ID"); ++ i2a_ASN1_OBJECT(out, gen->d.rid); ++ break; ++ } ++ return 1; + } + + static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) + { +- GENERAL_NAMES *gens = NULL; +- CONF_VALUE *cnf; +- int i; +- if(!(gens = sk_GENERAL_NAME_new_null())) { +- X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- cnf = sk_CONF_VALUE_value(nval, i); +- if(!name_cmp(cnf->name, "issuer") && cnf->value && +- !strcmp(cnf->value, "copy")) { +- if(!copy_issuer(ctx, gens)) goto err; +- } else { +- GENERAL_NAME *gen; +- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) +- goto err; +- sk_GENERAL_NAME_push(gens, gen); +- } +- } +- return gens; +- err: +- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); +- return NULL; ++ GENERAL_NAMES *gens = NULL; ++ CONF_VALUE *cnf; ++ int i; ++ if (!(gens = sk_GENERAL_NAME_new_null())) { ++ X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ cnf = sk_CONF_VALUE_value(nval, i); ++ if (!name_cmp(cnf->name, "issuer") && cnf->value && ++ !strcmp(cnf->value, "copy")) { ++ if (!copy_issuer(ctx, gens)) ++ goto err; ++ } else { ++ GENERAL_NAME *gen; ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) ++ goto err; ++ sk_GENERAL_NAME_push(gens, gen); ++ } ++ } ++ return gens; ++ err: ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ return NULL; + } + + /* Append subject altname of issuer to issuer alt name of subject */ + + static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) + { +- GENERAL_NAMES *ialt; +- GENERAL_NAME *gen; +- X509_EXTENSION *ext; +- int i; +- if(ctx && (ctx->flags == CTX_TEST)) return 1; +- if(!ctx || !ctx->issuer_cert) { +- X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS); +- goto err; +- } +- i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); +- if(i < 0) return 1; +- if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || +- !(ialt = X509V3_EXT_d2i(ext)) ) { +- X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR); +- goto err; +- } +- +- for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { +- gen = sk_GENERAL_NAME_value(ialt, i); +- if(!sk_GENERAL_NAME_push(gens, gen)) { +- X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- sk_GENERAL_NAME_free(ialt); +- +- return 1; +- +- err: +- return 0; +- ++ GENERAL_NAMES *ialt; ++ GENERAL_NAME *gen; ++ X509_EXTENSION *ext; ++ int i; ++ if (ctx && (ctx->flags == CTX_TEST)) ++ return 1; ++ if (!ctx || !ctx->issuer_cert) { ++ X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS); ++ goto err; ++ } ++ i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); ++ if (i < 0) ++ return 1; ++ if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || ++ !(ialt = X509V3_EXT_d2i(ext))) { ++ X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); ++ goto err; ++ } ++ ++ for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { ++ gen = sk_GENERAL_NAME_value(ialt, i); ++ if (!sk_GENERAL_NAME_push(gens, gen)) { ++ X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ sk_GENERAL_NAME_free(ialt); ++ ++ return 1; ++ ++ err: ++ return 0; ++ + } + + static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) + { +- GENERAL_NAMES *gens = NULL; +- CONF_VALUE *cnf; +- int i; +- if(!(gens = sk_GENERAL_NAME_new_null())) { +- X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- cnf = sk_CONF_VALUE_value(nval, i); +- if(!name_cmp(cnf->name, "email") && cnf->value && +- !strcmp(cnf->value, "copy")) { +- if(!copy_email(ctx, gens, 0)) goto err; +- } else if(!name_cmp(cnf->name, "email") && cnf->value && +- !strcmp(cnf->value, "move")) { +- if(!copy_email(ctx, gens, 1)) goto err; +- } else { +- GENERAL_NAME *gen; +- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) +- goto err; +- sk_GENERAL_NAME_push(gens, gen); +- } +- } +- return gens; +- err: +- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); +- return NULL; ++ GENERAL_NAMES *gens = NULL; ++ CONF_VALUE *cnf; ++ int i; ++ if (!(gens = sk_GENERAL_NAME_new_null())) { ++ X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ cnf = sk_CONF_VALUE_value(nval, i); ++ if (!name_cmp(cnf->name, "email") && cnf->value && ++ !strcmp(cnf->value, "copy")) { ++ if (!copy_email(ctx, gens, 0)) ++ goto err; ++ } else if (!name_cmp(cnf->name, "email") && cnf->value && ++ !strcmp(cnf->value, "move")) { ++ if (!copy_email(ctx, gens, 1)) ++ goto err; ++ } else { ++ GENERAL_NAME *gen; ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) ++ goto err; ++ sk_GENERAL_NAME_push(gens, gen); ++ } ++ } ++ return gens; ++ err: ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ return NULL; + } + +-/* Copy any email addresses in a certificate or request to +- * GENERAL_NAMES ++/* ++ * Copy any email addresses in a certificate or request to GENERAL_NAMES + */ + + static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) + { +- X509_NAME *nm; +- ASN1_IA5STRING *email = NULL; +- X509_NAME_ENTRY *ne; +- GENERAL_NAME *gen = NULL; +- int i; +- if(ctx != NULL && ctx->flags == CTX_TEST) +- return 1; +- if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { +- X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); +- goto err; +- } +- /* Find the subject name */ +- if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert); +- else nm = X509_REQ_get_subject_name(ctx->subject_req); +- +- /* Now add any email address(es) to STACK */ +- i = -1; +- while((i = X509_NAME_get_index_by_NID(nm, +- NID_pkcs9_emailAddress, i)) >= 0) { +- ne = X509_NAME_get_entry(nm, i); +- email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); +- if (move_p) +- { +- X509_NAME_delete_entry(nm, i); +- X509_NAME_ENTRY_free(ne); +- i--; +- } +- if(!email || !(gen = GENERAL_NAME_new())) { +- X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- gen->d.ia5 = email; +- email = NULL; +- gen->type = GEN_EMAIL; +- if(!sk_GENERAL_NAME_push(gens, gen)) { +- X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- gen = NULL; +- } +- +- +- return 1; +- +- err: +- GENERAL_NAME_free(gen); +- M_ASN1_IA5STRING_free(email); +- return 0; +- ++ X509_NAME *nm; ++ ASN1_IA5STRING *email = NULL; ++ X509_NAME_ENTRY *ne; ++ GENERAL_NAME *gen = NULL; ++ int i; ++ if (ctx != NULL && ctx->flags == CTX_TEST) ++ return 1; ++ if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) { ++ X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS); ++ goto err; ++ } ++ /* Find the subject name */ ++ if (ctx->subject_cert) ++ nm = X509_get_subject_name(ctx->subject_cert); ++ else ++ nm = X509_REQ_get_subject_name(ctx->subject_req); ++ ++ /* Now add any email address(es) to STACK */ ++ i = -1; ++ while ((i = X509_NAME_get_index_by_NID(nm, ++ NID_pkcs9_emailAddress, i)) >= 0) { ++ ne = X509_NAME_get_entry(nm, i); ++ email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); ++ if (move_p) { ++ X509_NAME_delete_entry(nm, i); ++ X509_NAME_ENTRY_free(ne); ++ i--; ++ } ++ if (!email || !(gen = GENERAL_NAME_new())) { ++ X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ gen->d.ia5 = email; ++ email = NULL; ++ gen->type = GEN_EMAIL; ++ if (!sk_GENERAL_NAME_push(gens, gen)) { ++ X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ gen = NULL; ++ } ++ ++ return 1; ++ ++ err: ++ GENERAL_NAME_free(gen); ++ M_ASN1_IA5STRING_free(email); ++ return 0; ++ + } + + GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { +- GENERAL_NAME *gen; +- GENERAL_NAMES *gens = NULL; +- CONF_VALUE *cnf; +- int i; +- if(!(gens = sk_GENERAL_NAME_new_null())) { +- X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- cnf = sk_CONF_VALUE_value(nval, i); +- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; +- sk_GENERAL_NAME_push(gens, gen); +- } +- return gens; +- err: +- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); +- return NULL; ++ GENERAL_NAME *gen; ++ GENERAL_NAMES *gens = NULL; ++ CONF_VALUE *cnf; ++ int i; ++ if (!(gens = sk_GENERAL_NAME_new_null())) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ cnf = sk_CONF_VALUE_value(nval, i); ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) ++ goto err; ++ sk_GENERAL_NAME_push(gens, gen); ++ } ++ return gens; ++ err: ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ return NULL; + } + + GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf) +- { +- return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); +- } ++ CONF_VALUE *cnf) ++{ ++ return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); ++} + + GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, +- X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- CONF_VALUE *cnf, int is_nc) +- { +- char is_string = 0; +- int type; +- GENERAL_NAME *gen = NULL; +- +- char *name, *value; +- +- name = cnf->name; +- value = cnf->value; +- +- if(!value) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); +- return NULL; +- } +- +- if (out) +- gen = out; +- else +- { +- gen = GENERAL_NAME_new(); +- if(gen == NULL) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- } +- +- if(!name_cmp(name, "email")) +- { +- is_string = 1; +- type = GEN_EMAIL; +- } +- else if(!name_cmp(name, "URI")) +- { +- is_string = 1; +- type = GEN_URI; +- } +- else if(!name_cmp(name, "DNS")) +- { +- is_string = 1; +- type = GEN_DNS; +- } +- else if(!name_cmp(name, "RID")) +- { +- ASN1_OBJECT *obj; +- if(!(obj = OBJ_txt2obj(value,0))) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT); +- ERR_add_error_data(2, "value=", value); +- goto err; +- } +- gen->d.rid = obj; +- type = GEN_RID; +- } +- else if(!name_cmp(name, "IP")) +- { +- if (is_nc) +- gen->d.ip = a2i_IPADDRESS_NC(value); +- else +- gen->d.ip = a2i_IPADDRESS(value); +- if(gen->d.ip == NULL) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS); +- ERR_add_error_data(2, "value=", value); +- goto err; +- } +- type = GEN_IPADD; +- } +- else if(!name_cmp(name, "dirName")) +- { +- type = GEN_DIRNAME; +- if (!do_dirname(gen, value, ctx)) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR); +- goto err; +- } +- } +- else if(!name_cmp(name, "otherName")) +- { +- if (!do_othername(gen, value, ctx)) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR); +- goto err; +- } +- type = GEN_OTHERNAME; +- } +- else +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); +- ERR_add_error_data(2, "name=", name); +- goto err; +- } +- +- if(is_string) +- { +- if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || +- !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, +- strlen(value))) +- { +- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- gen->type = type; +- +- return gen; +- +- err: +- if (!out) +- GENERAL_NAME_free(gen); +- return NULL; +- } ++ X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ CONF_VALUE *cnf, int is_nc) ++{ ++ char is_string = 0; ++ int type; ++ GENERAL_NAME *gen = NULL; ++ ++ char *name, *value; ++ ++ name = cnf->name; ++ value = cnf->value; ++ ++ if (!value) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE); ++ return NULL; ++ } ++ ++ if (out) ++ gen = out; ++ else { ++ gen = GENERAL_NAME_new(); ++ if (gen == NULL) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ } ++ ++ if (!name_cmp(name, "email")) { ++ is_string = 1; ++ type = GEN_EMAIL; ++ } else if (!name_cmp(name, "URI")) { ++ is_string = 1; ++ type = GEN_URI; ++ } else if (!name_cmp(name, "DNS")) { ++ is_string = 1; ++ type = GEN_DNS; ++ } else if (!name_cmp(name, "RID")) { ++ ASN1_OBJECT *obj; ++ if (!(obj = OBJ_txt2obj(value, 0))) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_OBJECT); ++ ERR_add_error_data(2, "value=", value); ++ goto err; ++ } ++ gen->d.rid = obj; ++ type = GEN_RID; ++ } else if (!name_cmp(name, "IP")) { ++ if (is_nc) ++ gen->d.ip = a2i_IPADDRESS_NC(value); ++ else ++ gen->d.ip = a2i_IPADDRESS(value); ++ if (gen->d.ip == NULL) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_IP_ADDRESS); ++ ERR_add_error_data(2, "value=", value); ++ goto err; ++ } ++ type = GEN_IPADD; ++ } else if (!name_cmp(name, "dirName")) { ++ type = GEN_DIRNAME; ++ if (!do_dirname(gen, value, ctx)) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_DIRNAME_ERROR); ++ goto err; ++ } ++ } else if (!name_cmp(name, "otherName")) { ++ if (!do_othername(gen, value, ctx)) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_OTHERNAME_ERROR); ++ goto err; ++ } ++ type = GEN_OTHERNAME; ++ } else { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION); ++ ERR_add_error_data(2, "name=", name); ++ goto err; ++ } ++ ++ if (is_string) { ++ if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || ++ !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, ++ strlen(value))) { ++ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ gen->type = type; ++ ++ return gen; ++ ++ err: ++ if (!out) ++ GENERAL_NAME_free(gen); ++ return NULL; ++} + + static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +- { +- char *objtmp = NULL, *p; +- int objlen; +- if (!(p = strchr(value, ';'))) +- return 0; +- if (!(gen->d.otherName = OTHERNAME_new())) +- return 0; +- /* Free this up because we will overwrite it. +- * no need to free type_id because it is static +- */ +- ASN1_TYPE_free(gen->d.otherName->value); +- if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) +- return 0; +- objlen = p - value; +- objtmp = OPENSSL_malloc(objlen + 1); +- strncpy(objtmp, value, objlen); +- objtmp[objlen] = 0; +- gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); +- OPENSSL_free(objtmp); +- if (!gen->d.otherName->type_id) +- return 0; +- return 1; +- } ++{ ++ char *objtmp = NULL, *p; ++ int objlen; ++ if (!(p = strchr(value, ';'))) ++ return 0; ++ if (!(gen->d.otherName = OTHERNAME_new())) ++ return 0; ++ /* ++ * Free this up because we will overwrite it. no need to free type_id ++ * because it is static ++ */ ++ ASN1_TYPE_free(gen->d.otherName->value); ++ if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) ++ return 0; ++ objlen = p - value; ++ objtmp = OPENSSL_malloc(objlen + 1); ++ strncpy(objtmp, value, objlen); ++ objtmp[objlen] = 0; ++ gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); ++ OPENSSL_free(objtmp); ++ if (!gen->d.otherName->type_id) ++ return 0; ++ return 1; ++} + + static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) +- { +- int ret; +- STACK_OF(CONF_VALUE) *sk; +- X509_NAME *nm; +- if (!(nm = X509_NAME_new())) +- return 0; +- sk = X509V3_get_section(ctx, value); +- if (!sk) +- { +- X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); +- ERR_add_error_data(2, "section=", value); +- X509_NAME_free(nm); +- return 0; +- } +- /* FIXME: should allow other character types... */ +- ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); +- if (!ret) +- X509_NAME_free(nm); +- gen->d.dirn = nm; +- +- X509V3_section_free(ctx, sk); +- +- return ret; +- } ++{ ++ int ret; ++ STACK_OF(CONF_VALUE) *sk; ++ X509_NAME *nm; ++ if (!(nm = X509_NAME_new())) ++ return 0; ++ sk = X509V3_get_section(ctx, value); ++ if (!sk) { ++ X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND); ++ ERR_add_error_data(2, "section=", value); ++ X509_NAME_free(nm); ++ return 0; ++ } ++ /* FIXME: should allow other character types... */ ++ ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); ++ if (!ret) ++ X509_NAME_free(nm); ++ gen->d.dirn = nm; ++ ++ X509V3_section_free(ctx, sk); ++ ++ return ret; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +index 11aad0b..c2a8393 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +@@ -10,7 +10,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -104,93 +104,92 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers) + * i2r method for an ASIdentifierChoice. + */ + static int i2r_ASIdentifierChoice(BIO *out, +- ASIdentifierChoice *choice, +- int indent, +- const char *msg) ++ ASIdentifierChoice *choice, ++ int indent, const char *msg) + { +- int i; +- char *s; +- if (choice == NULL) +- return 1; +- BIO_printf(out, "%*s%s:\n", indent, "", msg); +- switch (choice->type) { +- case ASIdentifierChoice_inherit: +- BIO_printf(out, "%*sinherit\n", indent + 2, ""); +- break; +- case ASIdentifierChoice_asIdsOrRanges: +- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { +- ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); +- switch (aor->type) { +- case ASIdOrRange_id: +- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) +- return 0; +- BIO_printf(out, "%*s%s\n", indent + 2, "", s); +- OPENSSL_free(s); +- break; +- case ASIdOrRange_range: +- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL) +- return 0; +- BIO_printf(out, "%*s%s-", indent + 2, "", s); +- OPENSSL_free(s); +- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL) +- return 0; +- BIO_printf(out, "%s\n", s); +- OPENSSL_free(s); +- break; +- default: +- return 0; +- } ++ int i; ++ char *s; ++ if (choice == NULL) ++ return 1; ++ BIO_printf(out, "%*s%s:\n", indent, "", msg); ++ switch (choice->type) { ++ case ASIdentifierChoice_inherit: ++ BIO_printf(out, "%*sinherit\n", indent + 2, ""); ++ break; ++ case ASIdentifierChoice_asIdsOrRanges: ++ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { ++ ASIdOrRange *aor = ++ sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ++ switch (aor->type) { ++ case ASIdOrRange_id: ++ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) ++ return 0; ++ BIO_printf(out, "%*s%s\n", indent + 2, "", s); ++ OPENSSL_free(s); ++ break; ++ case ASIdOrRange_range: ++ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL) ++ return 0; ++ BIO_printf(out, "%*s%s-", indent + 2, "", s); ++ OPENSSL_free(s); ++ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL) ++ return 0; ++ BIO_printf(out, "%s\n", s); ++ OPENSSL_free(s); ++ break; ++ default: ++ return 0; ++ } ++ } ++ break; ++ default: ++ return 0; + } +- break; +- default: +- return 0; +- } +- return 1; ++ return 1; + } + + /* + * i2r method for an ASIdentifier extension. + */ + static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method, +- void *ext, +- BIO *out, +- int indent) ++ void *ext, BIO *out, int indent) + { +- ASIdentifiers *asid = ext; +- return (i2r_ASIdentifierChoice(out, asid->asnum, indent, +- "Autonomous System Numbers") && +- i2r_ASIdentifierChoice(out, asid->rdi, indent, +- "Routing Domain Identifiers")); ++ ASIdentifiers *asid = ext; ++ return (i2r_ASIdentifierChoice(out, asid->asnum, indent, ++ "Autonomous System Numbers") && ++ i2r_ASIdentifierChoice(out, asid->rdi, indent, ++ "Routing Domain Identifiers")); + } + + /* + * Sort comparision function for a sequence of ASIdOrRange elements. + */ +-static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, +- const ASIdOrRange * const *b_) ++static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, ++ const ASIdOrRange *const *b_) + { +- const ASIdOrRange *a = *a_, *b = *b_; ++ const ASIdOrRange *a = *a_, *b = *b_; + +- OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || +- (a->type == ASIdOrRange_range && a->u.range != NULL && +- a->u.range->min != NULL && a->u.range->max != NULL)); ++ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) || ++ (a->type == ASIdOrRange_range && a->u.range != NULL && ++ a->u.range->min != NULL && a->u.range->max != NULL)); + +- OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || +- (b->type == ASIdOrRange_range && b->u.range != NULL && +- b->u.range->min != NULL && b->u.range->max != NULL)); ++ OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) || ++ (b->type == ASIdOrRange_range && b->u.range != NULL && ++ b->u.range->min != NULL && b->u.range->max != NULL)); + +- if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) +- return ASN1_INTEGER_cmp(a->u.id, b->u.id); ++ if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) ++ return ASN1_INTEGER_cmp(a->u.id, b->u.id); + +- if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { +- int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); +- return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max); +- } ++ if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { ++ int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); ++ return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, ++ b->u.range->max); ++ } + +- if (a->type == ASIdOrRange_id) +- return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); +- else +- return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); ++ if (a->type == ASIdOrRange_id) ++ return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); ++ else ++ return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); + } + + /* +@@ -198,104 +197,101 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_, + */ + int v3_asid_add_inherit(ASIdentifiers *asid, int which) + { +- ASIdentifierChoice **choice; +- if (asid == NULL) +- return 0; +- switch (which) { +- case V3_ASID_ASNUM: +- choice = &asid->asnum; +- break; +- case V3_ASID_RDI: +- choice = &asid->rdi; +- break; +- default: +- return 0; +- } +- if (*choice == NULL) { +- if ((*choice = ASIdentifierChoice_new()) == NULL) +- return 0; +- OPENSSL_assert((*choice)->u.inherit == NULL); +- if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) +- return 0; +- (*choice)->type = ASIdentifierChoice_inherit; +- } +- return (*choice)->type == ASIdentifierChoice_inherit; ++ ASIdentifierChoice **choice; ++ if (asid == NULL) ++ return 0; ++ switch (which) { ++ case V3_ASID_ASNUM: ++ choice = &asid->asnum; ++ break; ++ case V3_ASID_RDI: ++ choice = &asid->rdi; ++ break; ++ default: ++ return 0; ++ } ++ if (*choice == NULL) { ++ if ((*choice = ASIdentifierChoice_new()) == NULL) ++ return 0; ++ OPENSSL_assert((*choice)->u.inherit == NULL); ++ if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) ++ return 0; ++ (*choice)->type = ASIdentifierChoice_inherit; ++ } ++ return (*choice)->type == ASIdentifierChoice_inherit; + } + + /* + * Add an ID or range to an ASIdentifierChoice. + */ + int v3_asid_add_id_or_range(ASIdentifiers *asid, +- int which, +- ASN1_INTEGER *min, +- ASN1_INTEGER *max) ++ int which, ASN1_INTEGER *min, ASN1_INTEGER *max) + { +- ASIdentifierChoice **choice; +- ASIdOrRange *aor; +- if (asid == NULL) +- return 0; +- switch (which) { +- case V3_ASID_ASNUM: +- choice = &asid->asnum; +- break; +- case V3_ASID_RDI: +- choice = &asid->rdi; +- break; +- default: +- return 0; +- } +- if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) +- return 0; +- if (*choice == NULL) { +- if ((*choice = ASIdentifierChoice_new()) == NULL) +- return 0; +- OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); +- (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); +- if ((*choice)->u.asIdsOrRanges == NULL) +- return 0; +- (*choice)->type = ASIdentifierChoice_asIdsOrRanges; +- } +- if ((aor = ASIdOrRange_new()) == NULL) +- return 0; +- if (max == NULL) { +- aor->type = ASIdOrRange_id; +- aor->u.id = min; +- } else { +- aor->type = ASIdOrRange_range; +- if ((aor->u.range = ASRange_new()) == NULL) +- goto err; +- ASN1_INTEGER_free(aor->u.range->min); +- aor->u.range->min = min; +- ASN1_INTEGER_free(aor->u.range->max); +- aor->u.range->max = max; +- } +- if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) +- goto err; +- return 1; ++ ASIdentifierChoice **choice; ++ ASIdOrRange *aor; ++ if (asid == NULL) ++ return 0; ++ switch (which) { ++ case V3_ASID_ASNUM: ++ choice = &asid->asnum; ++ break; ++ case V3_ASID_RDI: ++ choice = &asid->rdi; ++ break; ++ default: ++ return 0; ++ } ++ if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) ++ return 0; ++ if (*choice == NULL) { ++ if ((*choice = ASIdentifierChoice_new()) == NULL) ++ return 0; ++ OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL); ++ (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); ++ if ((*choice)->u.asIdsOrRanges == NULL) ++ return 0; ++ (*choice)->type = ASIdentifierChoice_asIdsOrRanges; ++ } ++ if ((aor = ASIdOrRange_new()) == NULL) ++ return 0; ++ if (max == NULL) { ++ aor->type = ASIdOrRange_id; ++ aor->u.id = min; ++ } else { ++ aor->type = ASIdOrRange_range; ++ if ((aor->u.range = ASRange_new()) == NULL) ++ goto err; ++ ASN1_INTEGER_free(aor->u.range->min); ++ aor->u.range->min = min; ++ ASN1_INTEGER_free(aor->u.range->max); ++ aor->u.range->max = max; ++ } ++ if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) ++ goto err; ++ return 1; + + err: +- ASIdOrRange_free(aor); +- return 0; ++ ASIdOrRange_free(aor); ++ return 0; + } + + /* + * Extract min and max values from an ASIdOrRange. + */ + static void extract_min_max(ASIdOrRange *aor, +- ASN1_INTEGER **min, +- ASN1_INTEGER **max) ++ ASN1_INTEGER **min, ASN1_INTEGER **max) + { +- OPENSSL_assert(aor != NULL && min != NULL && max != NULL); +- switch (aor->type) { +- case ASIdOrRange_id: +- *min = aor->u.id; +- *max = aor->u.id; +- return; +- case ASIdOrRange_range: +- *min = aor->u.range->min; +- *max = aor->u.range->max; +- return; +- } ++ OPENSSL_assert(aor != NULL && min != NULL && max != NULL); ++ switch (aor->type) { ++ case ASIdOrRange_id: ++ *min = aor->u.id; ++ *max = aor->u.id; ++ return; ++ case ASIdOrRange_range: ++ *min = aor->u.range->min; ++ *max = aor->u.range->max; ++ return; ++ } + } + + /* +@@ -303,81 +299,82 @@ static void extract_min_max(ASIdOrRange *aor, + */ + static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + { +- ASN1_INTEGER *a_max_plus_one = NULL; +- BIGNUM *bn = NULL; +- int i, ret = 0; +- +- /* +- * Empty element or inheritance is canonical. +- */ +- if (choice == NULL || choice->type == ASIdentifierChoice_inherit) +- return 1; +- +- /* +- * If not a list, or if empty list, it's broken. +- */ +- if (choice->type != ASIdentifierChoice_asIdsOrRanges || +- sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) +- return 0; ++ ASN1_INTEGER *a_max_plus_one = NULL; ++ BIGNUM *bn = NULL; ++ int i, ret = 0; + +- /* +- * It's a list, check it. +- */ +- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { +- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); +- ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); +- ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; +- +- extract_min_max(a, &a_min, &a_max); +- extract_min_max(b, &b_min, &b_max); ++ /* ++ * Empty element or inheritance is canonical. ++ */ ++ if (choice == NULL || choice->type == ASIdentifierChoice_inherit) ++ return 1; + + /* +- * Punt misordered list, overlapping start, or inverted range. ++ * If not a list, or if empty list, it's broken. + */ +- if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || +- ASN1_INTEGER_cmp(a_min, a_max) > 0 || +- ASN1_INTEGER_cmp(b_min, b_max) > 0) +- goto done; ++ if (choice->type != ASIdentifierChoice_asIdsOrRanges || ++ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) ++ return 0; + + /* +- * Calculate a_max + 1 to check for adjacency. ++ * It's a list, check it. + */ +- if ((bn == NULL && (bn = BN_new()) == NULL) || +- ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { +- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, +- ERR_R_MALLOC_FAILURE); +- goto done; ++ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ++ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ++ ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); ++ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; ++ ++ extract_min_max(a, &a_min, &a_max); ++ extract_min_max(b, &b_min, &b_max); ++ ++ /* ++ * Punt misordered list, overlapping start, or inverted range. ++ */ ++ if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || ++ ASN1_INTEGER_cmp(a_min, a_max) > 0 || ++ ASN1_INTEGER_cmp(b_min, b_max) > 0) ++ goto done; ++ ++ /* ++ * Calculate a_max + 1 to check for adjacency. ++ */ ++ if ((bn == NULL && (bn = BN_new()) == NULL) || ++ ASN1_INTEGER_to_BN(a_max, bn) == NULL || ++ !BN_add_word(bn, 1) || ++ (a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ /* ++ * Punt if adjacent or overlapping. ++ */ ++ if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) ++ goto done; + } +- ++ + /* +- * Punt if adjacent or overlapping. ++ * Check for inverted range. + */ +- if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) +- goto done; +- } +- +- /* +- * Check for inverted range. +- */ +- i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; +- { +- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); +- ASN1_INTEGER *a_min, *a_max; +- if (a != NULL && a->type == ASIdOrRange_range) { +- extract_min_max(a, &a_min, &a_max); +- if (ASN1_INTEGER_cmp(a_min, a_max) > 0) +- goto done; ++ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; ++ { ++ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ++ ASN1_INTEGER *a_min, *a_max; ++ if (a != NULL && a->type == ASIdOrRange_range) { ++ extract_min_max(a, &a_min, &a_max); ++ if (ASN1_INTEGER_cmp(a_min, a_max) > 0) ++ goto done; ++ } + } +- } + +- ret = 1; ++ ret = 1; + + done: +- ASN1_INTEGER_free(a_max_plus_one); +- BN_free(bn); +- return ret; ++ ASN1_INTEGER_free(a_max_plus_one); ++ BN_free(bn); ++ return ret; + } + + /* +@@ -385,9 +382,9 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + */ + int v3_asid_is_canonical(ASIdentifiers *asid) + { +- return (asid == NULL || +- (ASIdentifierChoice_is_canonical(asid->asnum) && +- ASIdentifierChoice_is_canonical(asid->rdi))); ++ return (asid == NULL || ++ (ASIdentifierChoice_is_canonical(asid->asnum) && ++ ASIdentifierChoice_is_canonical(asid->rdi))); + } + + /* +@@ -395,134 +392,136 @@ int v3_asid_is_canonical(ASIdentifiers *asid) + */ + static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + { +- ASN1_INTEGER *a_max_plus_one = NULL; +- BIGNUM *bn = NULL; +- int i, ret = 0; +- +- /* +- * Nothing to do for empty element or inheritance. +- */ +- if (choice == NULL || choice->type == ASIdentifierChoice_inherit) +- return 1; +- +- /* +- * If not a list, or if empty list, it's broken. +- */ +- if (choice->type != ASIdentifierChoice_asIdsOrRanges || +- sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { +- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, +- X509V3_R_EXTENSION_VALUE_ERROR); +- return 0; +- } +- +- /* +- * We have a non-empty list. Sort it. +- */ +- sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); +- +- /* +- * Now check for errors and suboptimal encoding, rejecting the +- * former and fixing the latter. +- */ +- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { +- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); +- ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); +- ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; +- +- extract_min_max(a, &a_min, &a_max); +- extract_min_max(b, &b_min, &b_max); ++ ASN1_INTEGER *a_max_plus_one = NULL; ++ BIGNUM *bn = NULL; ++ int i, ret = 0; + + /* +- * Make sure we're properly sorted (paranoia). ++ * Nothing to do for empty element or inheritance. + */ +- OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); ++ if (choice == NULL || choice->type == ASIdentifierChoice_inherit) ++ return 1; + + /* +- * Punt inverted ranges. ++ * If not a list, or if empty list, it's broken. + */ +- if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || +- ASN1_INTEGER_cmp(b_min, b_max) > 0) +- goto done; ++ if (choice->type != ASIdentifierChoice_asIdsOrRanges || ++ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ return 0; ++ } + + /* +- * Check for overlaps. ++ * We have a non-empty list. Sort it. + */ +- if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { +- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, +- X509V3_R_EXTENSION_VALUE_ERROR); +- goto done; +- } ++ sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); + + /* +- * Calculate a_max + 1 to check for adjacency. ++ * Now check for errors and suboptimal encoding, rejecting the ++ * former and fixing the latter. + */ +- if ((bn == NULL && (bn = BN_new()) == NULL) || +- ASN1_INTEGER_to_BN(a_max, bn) == NULL || +- !BN_add_word(bn, 1) || +- (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { +- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); +- goto done; ++ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { ++ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ++ ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); ++ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; ++ ++ extract_min_max(a, &a_min, &a_max); ++ extract_min_max(b, &b_min, &b_max); ++ ++ /* ++ * Make sure we're properly sorted (paranoia). ++ */ ++ OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0); ++ ++ /* ++ * Punt inverted ranges. ++ */ ++ if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || ++ ASN1_INTEGER_cmp(b_min, b_max) > 0) ++ goto done; ++ ++ /* ++ * Check for overlaps. ++ */ ++ if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ goto done; ++ } ++ ++ /* ++ * Calculate a_max + 1 to check for adjacency. ++ */ ++ if ((bn == NULL && (bn = BN_new()) == NULL) || ++ ASN1_INTEGER_to_BN(a_max, bn) == NULL || ++ !BN_add_word(bn, 1) || ++ (a_max_plus_one = ++ BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ ++ /* ++ * If a and b are adjacent, merge them. ++ */ ++ if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { ++ ASRange *r; ++ switch (a->type) { ++ case ASIdOrRange_id: ++ if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { ++ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ++ ERR_R_MALLOC_FAILURE); ++ goto done; ++ } ++ r->min = a_min; ++ r->max = b_max; ++ a->type = ASIdOrRange_range; ++ a->u.range = r; ++ break; ++ case ASIdOrRange_range: ++ ASN1_INTEGER_free(a->u.range->max); ++ a->u.range->max = b_max; ++ break; ++ } ++ switch (b->type) { ++ case ASIdOrRange_id: ++ b->u.id = NULL; ++ break; ++ case ASIdOrRange_range: ++ b->u.range->max = NULL; ++ break; ++ } ++ ASIdOrRange_free(b); ++ (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); ++ i--; ++ continue; ++ } + } +- ++ + /* +- * If a and b are adjacent, merge them. ++ * Check for final inverted range. + */ +- if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { +- ASRange *r; +- switch (a->type) { +- case ASIdOrRange_id: +- if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { +- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, +- ERR_R_MALLOC_FAILURE); +- goto done; +- } +- r->min = a_min; +- r->max = b_max; +- a->type = ASIdOrRange_range; +- a->u.range = r; +- break; +- case ASIdOrRange_range: +- ASN1_INTEGER_free(a->u.range->max); +- a->u.range->max = b_max; +- break; +- } +- switch (b->type) { +- case ASIdOrRange_id: +- b->u.id = NULL; +- break; +- case ASIdOrRange_range: +- b->u.range->max = NULL; +- break; +- } +- ASIdOrRange_free(b); +- (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); +- i--; +- continue; +- } +- } +- +- /* +- * Check for final inverted range. +- */ +- i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; +- { +- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); +- ASN1_INTEGER *a_min, *a_max; +- if (a != NULL && a->type == ASIdOrRange_range) { +- extract_min_max(a, &a_min, &a_max); +- if (ASN1_INTEGER_cmp(a_min, a_max) > 0) +- goto done; ++ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; ++ { ++ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); ++ ASN1_INTEGER *a_min, *a_max; ++ if (a != NULL && a->type == ASIdOrRange_range) { ++ extract_min_max(a, &a_min, &a_max); ++ if (ASN1_INTEGER_cmp(a_min, a_max) > 0) ++ goto done; ++ } + } +- } + +- OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ ++ OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */ + +- ret = 1; ++ ret = 1; + + done: +- ASN1_INTEGER_free(a_max_plus_one); +- BN_free(bn); +- return ret; ++ ASN1_INTEGER_free(a_max_plus_one); ++ BN_free(bn); ++ return ret; + } + + /* +@@ -530,142 +529,147 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + */ + int v3_asid_canonize(ASIdentifiers *asid) + { +- return (asid == NULL || +- (ASIdentifierChoice_canonize(asid->asnum) && +- ASIdentifierChoice_canonize(asid->rdi))); ++ return (asid == NULL || ++ (ASIdentifierChoice_canonize(asid->asnum) && ++ ASIdentifierChoice_canonize(asid->rdi))); + } + + /* + * v2i method for an ASIdentifier extension. + */ + static void *v2i_ASIdentifiers(struct v3_ext_method *method, +- struct v3_ext_ctx *ctx, +- STACK_OF(CONF_VALUE) *values) ++ struct v3_ext_ctx *ctx, ++ STACK_OF(CONF_VALUE) *values) + { +- ASN1_INTEGER *min = NULL, *max = NULL; +- ASIdentifiers *asid = NULL; +- int i; +- +- if ((asid = ASIdentifiers_new()) == NULL) { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- for (i = 0; i < sk_CONF_VALUE_num(values); i++) { +- CONF_VALUE *val = sk_CONF_VALUE_value(values, i); +- int i1, i2, i3, is_range, which; ++ ASN1_INTEGER *min = NULL, *max = NULL; ++ ASIdentifiers *asid = NULL; ++ int i; + +- /* +- * Figure out whether this is an AS or an RDI. +- */ +- if ( !name_cmp(val->name, "AS")) { +- which = V3_ASID_ASNUM; +- } else if (!name_cmp(val->name, "RDI")) { +- which = V3_ASID_RDI; +- } else { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR); +- X509V3_conf_err(val); +- goto err; +- } +- +- /* +- * Handle inheritance. +- */ +- if (!strcmp(val->value, "inherit")) { +- if (v3_asid_add_inherit(asid, which)) +- continue; +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE); +- X509V3_conf_err(val); +- goto err; ++ if ((asid = ASIdentifiers_new()) == NULL) { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); ++ return NULL; + } + +- /* +- * Number, range, or mistake, pick it apart and figure out which. +- */ +- i1 = strspn(val->value, "0123456789"); +- if (val->value[i1] == '\0') { +- is_range = 0; +- } else { +- is_range = 1; +- i2 = i1 + strspn(val->value + i1, " \t"); +- if (val->value[i2] != '-') { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER); +- X509V3_conf_err(val); +- goto err; +- } +- i2++; +- i2 = i2 + strspn(val->value + i2, " \t"); +- i3 = i2 + strspn(val->value + i2, "0123456789"); +- if (val->value[i3] != '\0') { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE); +- X509V3_conf_err(val); +- goto err; +- } ++ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { ++ CONF_VALUE *val = sk_CONF_VALUE_value(values, i); ++ int i1, i2, i3, is_range, which; ++ ++ /* ++ * Figure out whether this is an AS or an RDI. ++ */ ++ if (!name_cmp(val->name, "AS")) { ++ which = V3_ASID_ASNUM; ++ } else if (!name_cmp(val->name, "RDI")) { ++ which = V3_ASID_RDI; ++ } else { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ++ X509V3_R_EXTENSION_NAME_ERROR); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ ++ /* ++ * Handle inheritance. ++ */ ++ if (!strcmp(val->value, "inherit")) { ++ if (v3_asid_add_inherit(asid, which)) ++ continue; ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ++ X509V3_R_INVALID_INHERITANCE); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ ++ /* ++ * Number, range, or mistake, pick it apart and figure out which. ++ */ ++ i1 = strspn(val->value, "0123456789"); ++ if (val->value[i1] == '\0') { ++ is_range = 0; ++ } else { ++ is_range = 1; ++ i2 = i1 + strspn(val->value + i1, " \t"); ++ if (val->value[i2] != '-') { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ++ X509V3_R_INVALID_ASNUMBER); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ i2++; ++ i2 = i2 + strspn(val->value + i2, " \t"); ++ i3 = i2 + strspn(val->value + i2, "0123456789"); ++ if (val->value[i3] != '\0') { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ++ X509V3_R_INVALID_ASRANGE); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ } ++ ++ /* ++ * Syntax is ok, read and add it. ++ */ ++ if (!is_range) { ++ if (!X509V3_get_value_int(val, &min)) { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } else { ++ char *s = BUF_strdup(val->value); ++ if (s == NULL) { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ s[i1] = '\0'; ++ min = s2i_ASN1_INTEGER(NULL, s); ++ max = s2i_ASN1_INTEGER(NULL, s + i2); ++ OPENSSL_free(s); ++ if (min == NULL || max == NULL) { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (ASN1_INTEGER_cmp(min, max) > 0) { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ goto err; ++ } ++ } ++ if (!v3_asid_add_id_or_range(asid, which, min, max)) { ++ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ min = max = NULL; + } + + /* +- * Syntax is ok, read and add it. ++ * Canonize the result, then we're done. + */ +- if (!is_range) { +- if (!X509V3_get_value_int(val, &min)) { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } else { +- char *s = BUF_strdup(val->value); +- if (s == NULL) { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- s[i1] = '\0'; +- min = s2i_ASN1_INTEGER(NULL, s); +- max = s2i_ASN1_INTEGER(NULL, s + i2); +- OPENSSL_free(s); +- if (min == NULL || max == NULL) { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (ASN1_INTEGER_cmp(min, max) > 0) { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR); +- goto err; +- } +- } +- if (!v3_asid_add_id_or_range(asid, which, min, max)) { +- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- min = max = NULL; +- } +- +- /* +- * Canonize the result, then we're done. +- */ +- if (!v3_asid_canonize(asid)) +- goto err; +- return asid; ++ if (!v3_asid_canonize(asid)) ++ goto err; ++ return asid; + + err: +- ASIdentifiers_free(asid); +- ASN1_INTEGER_free(min); +- ASN1_INTEGER_free(max); +- return NULL; ++ ASIdentifiers_free(asid); ++ ASN1_INTEGER_free(min); ++ ASN1_INTEGER_free(max); ++ return NULL; + } + + /* + * OpenSSL dispatch. + */ + const X509V3_EXT_METHOD v3_asid = { +- NID_sbgp_autonomousSysNum, /* nid */ +- 0, /* flags */ +- ASN1_ITEM_ref(ASIdentifiers), /* template */ +- 0, 0, 0, 0, /* old functions, ignored */ +- 0, /* i2s */ +- 0, /* s2i */ +- 0, /* i2v */ +- v2i_ASIdentifiers, /* v2i */ +- i2r_ASIdentifiers, /* i2r */ +- 0, /* r2i */ +- NULL /* extension-specific data */ ++ NID_sbgp_autonomousSysNum, /* nid */ ++ 0, /* flags */ ++ ASN1_ITEM_ref(ASIdentifiers), /* template */ ++ 0, 0, 0, 0, /* old functions, ignored */ ++ 0, /* i2s */ ++ 0, /* s2i */ ++ 0, /* i2v */ ++ v2i_ASIdentifiers, /* v2i */ ++ i2r_ASIdentifiers, /* i2r */ ++ 0, /* r2i */ ++ NULL /* extension-specific data */ + }; + + /* +@@ -673,11 +677,11 @@ const X509V3_EXT_METHOD v3_asid = { + */ + int v3_asid_inherits(ASIdentifiers *asid) + { +- return (asid != NULL && +- ((asid->asnum != NULL && +- asid->asnum->type == ASIdentifierChoice_inherit) || +- (asid->rdi != NULL && +- asid->rdi->type == ASIdentifierChoice_inherit))); ++ return (asid != NULL && ++ ((asid->asnum != NULL && ++ asid->asnum->type == ASIdentifierChoice_inherit) || ++ (asid->rdi != NULL && ++ asid->rdi->type == ASIdentifierChoice_inherit))); + } + + /* +@@ -685,30 +689,30 @@ int v3_asid_inherits(ASIdentifiers *asid) + */ + static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) + { +- ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; +- int p, c; +- +- if (child == NULL || parent == child) +- return 1; +- if (parent == NULL) +- return 0; +- +- p = 0; +- for (c = 0; c < sk_ASIdOrRange_num(child); c++) { +- extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max); +- for (;; p++) { +- if (p >= sk_ASIdOrRange_num(parent)) +- return 0; +- extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max); +- if (ASN1_INTEGER_cmp(p_max, c_max) < 0) +- continue; +- if (ASN1_INTEGER_cmp(p_min, c_min) > 0) +- return 0; +- break; ++ ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; ++ int p, c; ++ ++ if (child == NULL || parent == child) ++ return 1; ++ if (parent == NULL) ++ return 0; ++ ++ p = 0; ++ for (c = 0; c < sk_ASIdOrRange_num(child); c++) { ++ extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max); ++ for (;; p++) { ++ if (p >= sk_ASIdOrRange_num(parent)) ++ return 0; ++ extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max); ++ if (ASN1_INTEGER_cmp(p_max, c_max) < 0) ++ continue; ++ if (ASN1_INTEGER_cmp(p_min, c_min) > 0) ++ return 0; ++ break; ++ } + } +- } + +- return 1; ++ return 1; + } + + /* +@@ -716,156 +720,159 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) + */ + int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) + { +- return (a == NULL || +- a == b || +- (b != NULL && +- !v3_asid_inherits(a) && +- !v3_asid_inherits(b) && +- asid_contains(b->asnum->u.asIdsOrRanges, +- a->asnum->u.asIdsOrRanges) && +- asid_contains(b->rdi->u.asIdsOrRanges, +- a->rdi->u.asIdsOrRanges))); ++ return (a == NULL || ++ a == b || ++ (b != NULL && ++ !v3_asid_inherits(a) && ++ !v3_asid_inherits(b) && ++ asid_contains(b->asnum->u.asIdsOrRanges, ++ a->asnum->u.asIdsOrRanges) && ++ asid_contains(b->rdi->u.asIdsOrRanges, ++ a->rdi->u.asIdsOrRanges))); + } + + /* + * Validation error handling via callback. + */ +-#define validation_err(_err_) \ +- do { \ +- if (ctx != NULL) { \ +- ctx->error = _err_; \ +- ctx->error_depth = i; \ +- ctx->current_cert = x; \ +- ret = ctx->verify_cb(0, ctx); \ +- } else { \ +- ret = 0; \ +- } \ +- if (!ret) \ +- goto done; \ ++# define validation_err(_err_) \ ++ do { \ ++ if (ctx != NULL) { \ ++ ctx->error = _err_; \ ++ ctx->error_depth = i; \ ++ ctx->current_cert = x; \ ++ ret = ctx->verify_cb(0, ctx); \ ++ } else { \ ++ ret = 0; \ ++ } \ ++ if (!ret) \ ++ goto done; \ + } while (0) + + /* + * Core code for RFC 3779 3.3 path validation. + */ + static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, +- STACK_OF(X509) *chain, +- ASIdentifiers *ext) ++ STACK_OF(X509) *chain, ++ ASIdentifiers *ext) + { +- ASIdOrRanges *child_as = NULL, *child_rdi = NULL; +- int i, ret = 1, inherit_as = 0, inherit_rdi = 0; +- X509 *x = NULL; +- +- OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); +- OPENSSL_assert(ctx != NULL || ext != NULL); +- OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); +- +- /* +- * Figure out where to start. If we don't have an extension to +- * check, we're done. Otherwise, check canonical form and +- * set up for walking up the chain. +- */ +- if (ext != NULL) { +- i = -1; +- } else { +- i = 0; +- x = sk_X509_value(chain, i); +- OPENSSL_assert(x != NULL); +- if ((ext = x->rfc3779_asid) == NULL) +- goto done; +- } +- if (!v3_asid_is_canonical(ext)) +- validation_err(X509_V_ERR_INVALID_EXTENSION); +- if (ext->asnum != NULL) { +- switch (ext->asnum->type) { +- case ASIdentifierChoice_inherit: +- inherit_as = 1; +- break; +- case ASIdentifierChoice_asIdsOrRanges: +- child_as = ext->asnum->u.asIdsOrRanges; +- break; +- } +- } +- if (ext->rdi != NULL) { +- switch (ext->rdi->type) { +- case ASIdentifierChoice_inherit: +- inherit_rdi = 1; +- break; +- case ASIdentifierChoice_asIdsOrRanges: +- child_rdi = ext->rdi->u.asIdsOrRanges; +- break; +- } +- } +- +- /* +- * Now walk up the chain. Extensions must be in canonical form, no +- * cert may list resources that its parent doesn't list. +- */ +- for (i++; i < sk_X509_num(chain); i++) { +- x = sk_X509_value(chain, i); +- OPENSSL_assert(x != NULL); +- if (x->rfc3779_asid == NULL) { +- if (child_as != NULL || child_rdi != NULL) +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- continue; ++ ASIdOrRanges *child_as = NULL, *child_rdi = NULL; ++ int i, ret = 1, inherit_as = 0, inherit_rdi = 0; ++ X509 *x = NULL; ++ ++ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0); ++ OPENSSL_assert(ctx != NULL || ext != NULL); ++ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL); ++ ++ /* ++ * Figure out where to start. If we don't have an extension to ++ * check, we're done. Otherwise, check canonical form and ++ * set up for walking up the chain. ++ */ ++ if (ext != NULL) { ++ i = -1; ++ } else { ++ i = 0; ++ x = sk_X509_value(chain, i); ++ OPENSSL_assert(x != NULL); ++ if ((ext = x->rfc3779_asid) == NULL) ++ goto done; + } +- if (!v3_asid_is_canonical(x->rfc3779_asid)) +- validation_err(X509_V_ERR_INVALID_EXTENSION); +- if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- child_as = NULL; +- inherit_as = 0; ++ if (!v3_asid_is_canonical(ext)) ++ validation_err(X509_V_ERR_INVALID_EXTENSION); ++ if (ext->asnum != NULL) { ++ switch (ext->asnum->type) { ++ case ASIdentifierChoice_inherit: ++ inherit_as = 1; ++ break; ++ case ASIdentifierChoice_asIdsOrRanges: ++ child_as = ext->asnum->u.asIdsOrRanges; ++ break; ++ } + } +- if (x->rfc3779_asid->asnum != NULL && +- x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) { +- if (inherit_as || +- asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) { +- child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; +- inherit_as = 0; +- } else { +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- } ++ if (ext->rdi != NULL) { ++ switch (ext->rdi->type) { ++ case ASIdentifierChoice_inherit: ++ inherit_rdi = 1; ++ break; ++ case ASIdentifierChoice_asIdsOrRanges: ++ child_rdi = ext->rdi->u.asIdsOrRanges; ++ break; ++ } + } +- if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- child_rdi = NULL; +- inherit_rdi = 0; ++ ++ /* ++ * Now walk up the chain. Extensions must be in canonical form, no ++ * cert may list resources that its parent doesn't list. ++ */ ++ for (i++; i < sk_X509_num(chain); i++) { ++ x = sk_X509_value(chain, i); ++ OPENSSL_assert(x != NULL); ++ if (x->rfc3779_asid == NULL) { ++ if (child_as != NULL || child_rdi != NULL) ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ continue; ++ } ++ if (!v3_asid_is_canonical(x->rfc3779_asid)) ++ validation_err(X509_V_ERR_INVALID_EXTENSION); ++ if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ child_as = NULL; ++ inherit_as = 0; ++ } ++ if (x->rfc3779_asid->asnum != NULL && ++ x->rfc3779_asid->asnum->type == ++ ASIdentifierChoice_asIdsOrRanges) { ++ if (inherit_as ++ || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, ++ child_as)) { ++ child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; ++ inherit_as = 0; ++ } else { ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ } ++ } ++ if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ child_rdi = NULL; ++ inherit_rdi = 0; ++ } ++ if (x->rfc3779_asid->rdi != NULL && ++ x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { ++ if (inherit_rdi || ++ asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, ++ child_rdi)) { ++ child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; ++ inherit_rdi = 0; ++ } else { ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ } ++ } + } +- if (x->rfc3779_asid->rdi != NULL && +- x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { +- if (inherit_rdi || +- asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) { +- child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; +- inherit_rdi = 0; +- } else { +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- } ++ ++ /* ++ * Trust anchor can't inherit. ++ */ ++ if (x->rfc3779_asid != NULL) { ++ if (x->rfc3779_asid->asnum != NULL && ++ x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); ++ if (x->rfc3779_asid->rdi != NULL && ++ x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) ++ validation_err(X509_V_ERR_UNNESTED_RESOURCE); + } +- } +- +- /* +- * Trust anchor can't inherit. +- */ +- if (x->rfc3779_asid != NULL) { +- if (x->rfc3779_asid->asnum != NULL && +- x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- if (x->rfc3779_asid->rdi != NULL && +- x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) +- validation_err(X509_V_ERR_UNNESTED_RESOURCE); +- } + + done: +- return ret; ++ return ret; + } + +-#undef validation_err ++# undef validation_err + + /* + * RFC 3779 3.3 path validation -- called from X509_verify_cert(). + */ + int v3_asid_validate_path(X509_STORE_CTX *ctx) + { +- return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); ++ return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); + } + + /* +@@ -873,16 +880,15 @@ int v3_asid_validate_path(X509_STORE_CTX *ctx) + * Test whether chain covers extension. + */ + int v3_asid_validate_resource_set(STACK_OF(X509) *chain, +- ASIdentifiers *ext, +- int allow_inheritance) ++ ASIdentifiers *ext, int allow_inheritance) + { +- if (ext == NULL) +- return 1; +- if (chain == NULL || sk_X509_num(chain) == 0) +- return 0; +- if (!allow_inheritance && v3_asid_inherits(ext)) +- return 0; +- return v3_asid_validate_path_internal(NULL, chain, ext); ++ if (ext == NULL) ++ return 1; ++ if (chain == NULL || sk_X509_num(chain) == 0) ++ return 0; ++ if (!allow_inheritance && v3_asid_inherits(ext)) ++ return 0; ++ return v3_asid_validate_path_internal(NULL, chain, ext); + } + +-#endif /* OPENSSL_NO_RFC3779 */ ++#endif /* OPENSSL_NO_RFC3779 */ +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +index 82aa488..dc00b9c 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +@@ -1,6 +1,7 @@ + /* v3_bcons.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include +@@ -64,61 +64,69 @@ + #include + #include + +-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); +-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); ++static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, ++ BASIC_CONSTRAINTS *bcons, ++ STACK_OF(CONF_VALUE) ++ *extlist); ++static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *values); + + const X509V3_EXT_METHOD v3_bcons = { +-NID_basic_constraints, 0, +-ASN1_ITEM_ref(BASIC_CONSTRAINTS), +-0,0,0,0, +-0,0, +-(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, +-(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, +-NULL,NULL, +-NULL ++ NID_basic_constraints, 0, ++ ASN1_ITEM_ref(BASIC_CONSTRAINTS), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS, ++ (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, ++ NULL, NULL, ++ NULL + }; + + ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { +- ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), +- ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) ++ ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), ++ ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) + } ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) + + IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + +- + static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, +- BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) ++ BASIC_CONSTRAINTS *bcons, ++ STACK_OF(CONF_VALUE) ++ *extlist) + { +- X509V3_add_value_bool("CA", bcons->ca, &extlist); +- X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); +- return extlist; ++ X509V3_add_value_bool("CA", bcons->ca, &extlist); ++ X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); ++ return extlist; + } + + static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *values) + { +- BASIC_CONSTRAINTS *bcons=NULL; +- CONF_VALUE *val; +- int i; +- if(!(bcons = BASIC_CONSTRAINTS_new())) { +- X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(values); i++) { +- val = sk_CONF_VALUE_value(values, i); +- if(!strcmp(val->name, "CA")) { +- if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; +- } else if(!strcmp(val->name, "pathlen")) { +- if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; +- } else { +- X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); +- X509V3_conf_err(val); +- goto err; +- } +- } +- return bcons; +- err: +- BASIC_CONSTRAINTS_free(bcons); +- return NULL; ++ BASIC_CONSTRAINTS *bcons = NULL; ++ CONF_VALUE *val; ++ int i; ++ if (!(bcons = BASIC_CONSTRAINTS_new())) { ++ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { ++ val = sk_CONF_VALUE_value(values, i); ++ if (!strcmp(val->name, "CA")) { ++ if (!X509V3_get_value_bool(val, &bcons->ca)) ++ goto err; ++ } else if (!strcmp(val->name, "pathlen")) { ++ if (!X509V3_get_value_int(val, &bcons->pathlen)) ++ goto err; ++ } else { ++ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ } ++ return bcons; ++ err: ++ BASIC_CONSTRAINTS_free(bcons); ++ return NULL; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +index 058d0d4..b7bb3b5 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +@@ -1,6 +1,7 @@ + /* v3_bitst.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,80 +63,80 @@ + #include + + static BIT_STRING_BITNAME ns_cert_type_table[] = { +-{0, "SSL Client", "client"}, +-{1, "SSL Server", "server"}, +-{2, "S/MIME", "email"}, +-{3, "Object Signing", "objsign"}, +-{4, "Unused", "reserved"}, +-{5, "SSL CA", "sslCA"}, +-{6, "S/MIME CA", "emailCA"}, +-{7, "Object Signing CA", "objCA"}, +-{-1, NULL, NULL} ++ {0, "SSL Client", "client"}, ++ {1, "SSL Server", "server"}, ++ {2, "S/MIME", "email"}, ++ {3, "Object Signing", "objsign"}, ++ {4, "Unused", "reserved"}, ++ {5, "SSL CA", "sslCA"}, ++ {6, "S/MIME CA", "emailCA"}, ++ {7, "Object Signing CA", "objCA"}, ++ {-1, NULL, NULL} + }; + + static BIT_STRING_BITNAME key_usage_type_table[] = { +-{0, "Digital Signature", "digitalSignature"}, +-{1, "Non Repudiation", "nonRepudiation"}, +-{2, "Key Encipherment", "keyEncipherment"}, +-{3, "Data Encipherment", "dataEncipherment"}, +-{4, "Key Agreement", "keyAgreement"}, +-{5, "Certificate Sign", "keyCertSign"}, +-{6, "CRL Sign", "cRLSign"}, +-{7, "Encipher Only", "encipherOnly"}, +-{8, "Decipher Only", "decipherOnly"}, +-{-1, NULL, NULL} ++ {0, "Digital Signature", "digitalSignature"}, ++ {1, "Non Repudiation", "nonRepudiation"}, ++ {2, "Key Encipherment", "keyEncipherment"}, ++ {3, "Data Encipherment", "dataEncipherment"}, ++ {4, "Key Agreement", "keyAgreement"}, ++ {5, "Certificate Sign", "keyCertSign"}, ++ {6, "CRL Sign", "cRLSign"}, ++ {7, "Encipher Only", "encipherOnly"}, ++ {8, "Decipher Only", "decipherOnly"}, ++ {-1, NULL, NULL} + }; + +- +- +-const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); +-const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); ++const X509V3_EXT_METHOD v3_nscert = ++EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); ++const X509V3_EXT_METHOD v3_key_usage = ++EXT_BITSTRING(NID_key_usage, key_usage_type_table); + + STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, +- ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) ++ ASN1_BIT_STRING *bits, ++ STACK_OF(CONF_VALUE) *ret) + { +- BIT_STRING_BITNAME *bnam; +- for(bnam =method->usr_data; bnam->lname; bnam++) { +- if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) +- X509V3_add_value(bnam->lname, NULL, &ret); +- } +- return ret; ++ BIT_STRING_BITNAME *bnam; ++ for (bnam = method->usr_data; bnam->lname; bnam++) { ++ if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) ++ X509V3_add_value(bnam->lname, NULL, &ret); ++ } ++ return ret; + } +- ++ + ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) + { +- CONF_VALUE *val; +- ASN1_BIT_STRING *bs; +- int i; +- BIT_STRING_BITNAME *bnam; +- if(!(bs = M_ASN1_BIT_STRING_new())) { +- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- val = sk_CONF_VALUE_value(nval, i); +- for(bnam = method->usr_data; bnam->lname; bnam++) { +- if(!strcmp(bnam->sname, val->name) || +- !strcmp(bnam->lname, val->name) ) { +- if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { +- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, +- ERR_R_MALLOC_FAILURE); +- M_ASN1_BIT_STRING_free(bs); +- return NULL; +- } +- break; +- } +- } +- if(!bnam->lname) { +- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, +- X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); +- X509V3_conf_err(val); +- M_ASN1_BIT_STRING_free(bs); +- return NULL; +- } +- } +- return bs; ++ CONF_VALUE *val; ++ ASN1_BIT_STRING *bs; ++ int i; ++ BIT_STRING_BITNAME *bnam; ++ if (!(bs = M_ASN1_BIT_STRING_new())) { ++ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ val = sk_CONF_VALUE_value(nval, i); ++ for (bnam = method->usr_data; bnam->lname; bnam++) { ++ if (!strcmp(bnam->sname, val->name) || ++ !strcmp(bnam->lname, val->name)) { ++ if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { ++ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ++ ERR_R_MALLOC_FAILURE); ++ M_ASN1_BIT_STRING_free(bs); ++ return NULL; ++ } ++ break; ++ } ++ } ++ if (!bnam->lname) { ++ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ++ X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); ++ X509V3_conf_err(val); ++ M_ASN1_BIT_STRING_free(bs); ++ return NULL; ++ } ++ } ++ return bs; + } +- +- +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +index 11eb6b7..b1c916f 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +@@ -1,6 +1,7 @@ + /* v3_conf.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,8 +58,6 @@ + */ + /* extension creation utilities */ + +- +- + #include + #include + #include "cryptlib.h" +@@ -68,457 +67,466 @@ + + static int v3_check_critical(char **value); + static int v3_check_generic(char **value); +-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); +-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx); ++static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, ++ int crit, char *value); ++static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, ++ int crit, int type, ++ X509V3_CTX *ctx); + static char *conf_lhash_get_string(void *db, char *section, char *value); + static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); + static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, +- int crit, void *ext_struc); +-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); ++ int crit, void *ext_struc); ++static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, ++ long *ext_len); + /* CONF *conf: Config file */ + /* char *name: Name */ + /* char *value: Value */ + X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, +- char *value) +- { +- int crit; +- int ext_type; +- X509_EXTENSION *ret; +- crit = v3_check_critical(&value); +- if ((ext_type = v3_check_generic(&value))) +- return v3_generic_extension(name, value, crit, ext_type, ctx); +- ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); +- if (!ret) +- { +- X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION); +- ERR_add_error_data(4,"name=", name, ", value=", value); +- } +- return ret; +- } ++ char *value) ++{ ++ int crit; ++ int ext_type; ++ X509_EXTENSION *ret; ++ crit = v3_check_critical(&value); ++ if ((ext_type = v3_check_generic(&value))) ++ return v3_generic_extension(name, value, crit, ext_type, ctx); ++ ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); ++ if (!ret) { ++ X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION); ++ ERR_add_error_data(4, "name=", name, ", value=", value); ++ } ++ return ret; ++} + + /* CONF *conf: Config file */ + /* char *value: Value */ + X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, +- char *value) +- { +- int crit; +- int ext_type; +- crit = v3_check_critical(&value); +- if ((ext_type = v3_check_generic(&value))) +- return v3_generic_extension(OBJ_nid2sn(ext_nid), +- value, crit, ext_type, ctx); +- return do_ext_nconf(conf, ctx, ext_nid, crit, value); +- } ++ char *value) ++{ ++ int crit; ++ int ext_type; ++ crit = v3_check_critical(&value); ++ if ((ext_type = v3_check_generic(&value))) ++ return v3_generic_extension(OBJ_nid2sn(ext_nid), ++ value, crit, ext_type, ctx); ++ return do_ext_nconf(conf, ctx, ext_nid, crit, value); ++} + + /* CONF *conf: Config file */ + /* char *value: Value */ + static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, +- int crit, char *value) +- { +- X509V3_EXT_METHOD *method; +- X509_EXTENSION *ext; +- STACK_OF(CONF_VALUE) *nval; +- void *ext_struc; +- if (ext_nid == NID_undef) +- { +- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME); +- return NULL; +- } +- if (!(method = X509V3_EXT_get_nid(ext_nid))) +- { +- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION); +- return NULL; +- } +- /* Now get internal extension representation based on type */ +- if (method->v2i) +- { +- if(*value == '@') nval = NCONF_get_section(conf, value + 1); +- else nval = X509V3_parse_list(value); +- if(sk_CONF_VALUE_num(nval) <= 0) +- { +- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING); +- ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); +- return NULL; +- } +- ext_struc = method->v2i(method, ctx, nval); +- if(*value != '@') sk_CONF_VALUE_pop_free(nval, +- X509V3_conf_free); +- if(!ext_struc) return NULL; +- } +- else if(method->s2i) +- { +- if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; +- } +- else if(method->r2i) +- { +- if(!ctx->db || !ctx->db_meth) +- { +- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE); +- return NULL; +- } +- if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; +- } +- else +- { +- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); +- ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); +- return NULL; +- } +- +- ext = do_ext_i2d(method, ext_nid, crit, ext_struc); +- if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); +- else method->ext_free(ext_struc); +- return ext; +- +- } ++ int crit, char *value) ++{ ++ X509V3_EXT_METHOD *method; ++ X509_EXTENSION *ext; ++ STACK_OF(CONF_VALUE) *nval; ++ void *ext_struc; ++ if (ext_nid == NID_undef) { ++ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); ++ return NULL; ++ } ++ if (!(method = X509V3_EXT_get_nid(ext_nid))) { ++ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); ++ return NULL; ++ } ++ /* Now get internal extension representation based on type */ ++ if (method->v2i) { ++ if (*value == '@') ++ nval = NCONF_get_section(conf, value + 1); ++ else ++ nval = X509V3_parse_list(value); ++ if (sk_CONF_VALUE_num(nval) <= 0) { ++ X509V3err(X509V3_F_DO_EXT_NCONF, ++ X509V3_R_INVALID_EXTENSION_STRING); ++ ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", ++ value); ++ return NULL; ++ } ++ ext_struc = method->v2i(method, ctx, nval); ++ if (*value != '@') ++ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); ++ if (!ext_struc) ++ return NULL; ++ } else if (method->s2i) { ++ if (!(ext_struc = method->s2i(method, ctx, value))) ++ return NULL; ++ } else if (method->r2i) { ++ if (!ctx->db || !ctx->db_meth) { ++ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); ++ return NULL; ++ } ++ if (!(ext_struc = method->r2i(method, ctx, value))) ++ return NULL; ++ } else { ++ X509V3err(X509V3_F_DO_EXT_NCONF, ++ X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); ++ ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); ++ return NULL; ++ } ++ ++ ext = do_ext_i2d(method, ext_nid, crit, ext_struc); ++ if (method->it) ++ ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); ++ else ++ method->ext_free(ext_struc); ++ return ext; ++ ++} + + static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, +- int crit, void *ext_struc) +- { +- unsigned char *ext_der; +- int ext_len; +- ASN1_OCTET_STRING *ext_oct; +- X509_EXTENSION *ext; +- /* Convert internal representation to DER */ +- if (method->it) +- { +- ext_der = NULL; +- ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); +- if (ext_len < 0) goto merr; +- } +- else +- { +- unsigned char *p; +- ext_len = method->i2d(ext_struc, NULL); +- if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; +- p = ext_der; +- method->i2d(ext_struc, &p); +- } +- if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; +- ext_oct->data = ext_der; +- ext_oct->length = ext_len; +- +- ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); +- if (!ext) goto merr; +- M_ASN1_OCTET_STRING_free(ext_oct); +- +- return ext; +- +- merr: +- X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); +- return NULL; +- +- } ++ int crit, void *ext_struc) ++{ ++ unsigned char *ext_der; ++ int ext_len; ++ ASN1_OCTET_STRING *ext_oct; ++ X509_EXTENSION *ext; ++ /* Convert internal representation to DER */ ++ if (method->it) { ++ ext_der = NULL; ++ ext_len = ++ ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); ++ if (ext_len < 0) ++ goto merr; ++ } else { ++ unsigned char *p; ++ ext_len = method->i2d(ext_struc, NULL); ++ if (!(ext_der = OPENSSL_malloc(ext_len))) ++ goto merr; ++ p = ext_der; ++ method->i2d(ext_struc, &p); ++ } ++ if (!(ext_oct = M_ASN1_OCTET_STRING_new())) ++ goto merr; ++ ext_oct->data = ext_der; ++ ext_oct->length = ext_len; ++ ++ ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); ++ if (!ext) ++ goto merr; ++ M_ASN1_OCTET_STRING_free(ext_oct); ++ ++ return ext; ++ ++ merr: ++ X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ ++} + + /* Given an internal structure, nid and critical flag create an extension */ + + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) +- { +- X509V3_EXT_METHOD *method; +- if (!(method = X509V3_EXT_get_nid(ext_nid))) { +- X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); +- return NULL; +- } +- return do_ext_i2d(method, ext_nid, crit, ext_struc); ++{ ++ X509V3_EXT_METHOD *method; ++ if (!(method = X509V3_EXT_get_nid(ext_nid))) { ++ X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); ++ return NULL; ++ } ++ return do_ext_i2d(method, ext_nid, crit, ext_struc); + } + + /* Check the extension string for critical flag */ + static int v3_check_critical(char **value) + { +- char *p = *value; +- if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; +- p+=9; +- while(isspace((unsigned char)*p)) p++; +- *value = p; +- return 1; ++ char *p = *value; ++ if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) ++ return 0; ++ p += 9; ++ while (isspace((unsigned char)*p)) ++ p++; ++ *value = p; ++ return 1; + } + + /* Check extension string for generic extension and return the type */ + static int v3_check_generic(char **value) + { +- int gen_type = 0; +- char *p = *value; +- if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) +- { +- p+=4; +- gen_type = 1; +- } +- else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) +- { +- p+=5; +- gen_type = 2; +- } +- else +- return 0; +- +- while (isspace((unsigned char)*p)) p++; +- *value = p; +- return gen_type; ++ int gen_type = 0; ++ char *p = *value; ++ if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { ++ p += 4; ++ gen_type = 1; ++ } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { ++ p += 5; ++ gen_type = 2; ++ } else ++ return 0; ++ ++ while (isspace((unsigned char)*p)) ++ p++; ++ *value = p; ++ return gen_type; + } + + /* Create a generic extension: for now just handle DER type */ + static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, +- int crit, int gen_type, X509V3_CTX *ctx) +- { +- unsigned char *ext_der=NULL; +- long ext_len; +- ASN1_OBJECT *obj=NULL; +- ASN1_OCTET_STRING *oct=NULL; +- X509_EXTENSION *extension=NULL; +- if (!(obj = OBJ_txt2obj(ext, 0))) +- { +- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); +- ERR_add_error_data(2, "name=", ext); +- goto err; +- } +- +- if (gen_type == 1) +- ext_der = string_to_hex(value, &ext_len); +- else if (gen_type == 2) +- ext_der = generic_asn1(value, ctx, &ext_len); +- +- if (ext_der == NULL) +- { +- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); +- ERR_add_error_data(2, "value=", value); +- goto err; +- } +- +- if (!(oct = M_ASN1_OCTET_STRING_new())) +- { +- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- oct->data = ext_der; +- oct->length = ext_len; +- ext_der = NULL; +- +- extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); +- +- err: +- ASN1_OBJECT_free(obj); +- M_ASN1_OCTET_STRING_free(oct); +- if(ext_der) OPENSSL_free(ext_der); +- return extension; +- +- } +- +-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) +- { +- ASN1_TYPE *typ; +- unsigned char *ext_der = NULL; +- typ = ASN1_generate_v3(value, ctx); +- if (typ == NULL) +- return NULL; +- *ext_len = i2d_ASN1_TYPE(typ, &ext_der); +- ASN1_TYPE_free(typ); +- return ext_der; +- } +- +-/* This is the main function: add a bunch of extensions based on a config file +- * section to an extension STACK. +- */ ++ int crit, int gen_type, ++ X509V3_CTX *ctx) ++{ ++ unsigned char *ext_der = NULL; ++ long ext_len; ++ ASN1_OBJECT *obj = NULL; ++ ASN1_OCTET_STRING *oct = NULL; ++ X509_EXTENSION *extension = NULL; ++ if (!(obj = OBJ_txt2obj(ext, 0))) { ++ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ++ X509V3_R_EXTENSION_NAME_ERROR); ++ ERR_add_error_data(2, "name=", ext); ++ goto err; ++ } ++ ++ if (gen_type == 1) ++ ext_der = string_to_hex(value, &ext_len); ++ else if (gen_type == 2) ++ ext_der = generic_asn1(value, ctx, &ext_len); ++ ++ if (ext_der == NULL) { ++ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ++ X509V3_R_EXTENSION_VALUE_ERROR); ++ ERR_add_error_data(2, "value=", value); ++ goto err; ++ } ++ ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { ++ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ oct->data = ext_der; ++ oct->length = ext_len; ++ ext_der = NULL; ++ ++ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); ++ ++ err: ++ ASN1_OBJECT_free(obj); ++ M_ASN1_OCTET_STRING_free(oct); ++ if (ext_der) ++ OPENSSL_free(ext_der); ++ return extension; + ++} ++ ++static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, ++ long *ext_len) ++{ ++ ASN1_TYPE *typ; ++ unsigned char *ext_der = NULL; ++ typ = ASN1_generate_v3(value, ctx); ++ if (typ == NULL) ++ return NULL; ++ *ext_len = i2d_ASN1_TYPE(typ, &ext_der); ++ ASN1_TYPE_free(typ); ++ return ext_der; ++} ++ ++/* ++ * This is the main function: add a bunch of extensions based on a config ++ * file section to an extension STACK. ++ */ + + int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, +- STACK_OF(X509_EXTENSION) **sk) +- { +- X509_EXTENSION *ext; +- STACK_OF(CONF_VALUE) *nval; +- CONF_VALUE *val; +- int i; +- if (!(nval = NCONF_get_section(conf, section))) return 0; +- for (i = 0; i < sk_CONF_VALUE_num(nval); i++) +- { +- val = sk_CONF_VALUE_value(nval, i); +- if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) +- return 0; +- if (sk) X509v3_add_ext(sk, ext, -1); +- X509_EXTENSION_free(ext); +- } +- return 1; +- } +- +-/* Convenience functions to add extensions to a certificate, CRL and request */ ++ STACK_OF(X509_EXTENSION) **sk) ++{ ++ X509_EXTENSION *ext; ++ STACK_OF(CONF_VALUE) *nval; ++ CONF_VALUE *val; ++ int i; ++ if (!(nval = NCONF_get_section(conf, section))) ++ return 0; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ val = sk_CONF_VALUE_value(nval, i); ++ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) ++ return 0; ++ if (sk) ++ X509v3_add_ext(sk, ext, -1); ++ X509_EXTENSION_free(ext); ++ } ++ return 1; ++} ++ ++/* ++ * Convenience functions to add extensions to a certificate, CRL and request ++ */ + + int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +- X509 *cert) +- { +- STACK_OF(X509_EXTENSION) **sk = NULL; +- if (cert) +- sk = &cert->cert_info->extensions; +- return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); +- } ++ X509 *cert) ++{ ++ STACK_OF(X509_EXTENSION) **sk = NULL; ++ if (cert) ++ sk = &cert->cert_info->extensions; ++ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); ++} + + /* Same as above but for a CRL */ + + int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +- X509_CRL *crl) +- { +- STACK_OF(X509_EXTENSION) **sk = NULL; +- if (crl) +- sk = &crl->crl->extensions; +- return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); +- } ++ X509_CRL *crl) ++{ ++ STACK_OF(X509_EXTENSION) **sk = NULL; ++ if (crl) ++ sk = &crl->crl->extensions; ++ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); ++} + + /* Add extensions to certificate request */ + + int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, +- X509_REQ *req) +- { +- STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; +- int i; +- if (req) +- sk = &extlist; +- i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); +- if (!i || !sk) +- return i; +- i = X509_REQ_add_extensions(req, extlist); +- sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); +- return i; +- } ++ X509_REQ *req) ++{ ++ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; ++ int i; ++ if (req) ++ sk = &extlist; ++ i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); ++ if (!i || !sk) ++ return i; ++ i = X509_REQ_add_extensions(req, extlist); ++ sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); ++ return i; ++} + + /* Config database functions */ + +-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) +- { +- if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) +- { +- X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED); +- return NULL; +- } +- if (ctx->db_meth->get_string) +- return ctx->db_meth->get_string(ctx->db, name, section); +- return NULL; +- } +- +-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) +- { +- if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) +- { +- X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED); +- return NULL; +- } +- if (ctx->db_meth->get_section) +- return ctx->db_meth->get_section(ctx->db, section); +- return NULL; +- } ++char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) ++{ ++ if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { ++ X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); ++ return NULL; ++ } ++ if (ctx->db_meth->get_string) ++ return ctx->db_meth->get_string(ctx->db, name, section); ++ return NULL; ++} ++ ++STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) ++{ ++ if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { ++ X509V3err(X509V3_F_X509V3_GET_SECTION, ++ X509V3_R_OPERATION_NOT_DEFINED); ++ return NULL; ++ } ++ if (ctx->db_meth->get_section) ++ return ctx->db_meth->get_section(ctx->db, section); ++ return NULL; ++} + + void X509V3_string_free(X509V3_CTX *ctx, char *str) +- { +- if (!str) return; +- if (ctx->db_meth->free_string) +- ctx->db_meth->free_string(ctx->db, str); +- } ++{ ++ if (!str) ++ return; ++ if (ctx->db_meth->free_string) ++ ctx->db_meth->free_string(ctx->db, str); ++} + + void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) +- { +- if (!section) return; +- if (ctx->db_meth->free_section) +- ctx->db_meth->free_section(ctx->db, section); +- } ++{ ++ if (!section) ++ return; ++ if (ctx->db_meth->free_section) ++ ctx->db_meth->free_section(ctx->db, section); ++} + + static char *nconf_get_string(void *db, char *section, char *value) +- { +- return NCONF_get_string(db, section, value); +- } ++{ ++ return NCONF_get_string(db, section, value); ++} + + static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) +- { +- return NCONF_get_section(db, section); +- } ++{ ++ return NCONF_get_section(db, section); ++} + + static X509V3_CONF_METHOD nconf_method = { +-nconf_get_string, +-nconf_get_section, +-NULL, +-NULL ++ nconf_get_string, ++ nconf_get_section, ++ NULL, ++ NULL + }; + + void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) +- { +- ctx->db_meth = &nconf_method; +- ctx->db = conf; +- } ++{ ++ ctx->db_meth = &nconf_method; ++ ctx->db = conf; ++} + + void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, +- X509_CRL *crl, int flags) +- { +- ctx->issuer_cert = issuer; +- ctx->subject_cert = subj; +- ctx->crl = crl; +- ctx->subject_req = req; +- ctx->flags = flags; +- } ++ X509_CRL *crl, int flags) ++{ ++ ctx->issuer_cert = issuer; ++ ctx->subject_cert = subj; ++ ctx->crl = crl; ++ ctx->subject_req = req; ++ ctx->flags = flags; ++} + + /* Old conf compatibility functions */ + + X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, +- char *value) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return X509V3_EXT_nconf(&ctmp, ctx, name, value); +- } ++ char *value) ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return X509V3_EXT_nconf(&ctmp, ctx, name, value); ++} + + /* LHASH *conf: Config file */ + /* char *value: Value */ + X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, +- char *value) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); +- } ++ char *value) ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); ++} + + static char *conf_lhash_get_string(void *db, char *section, char *value) +- { +- return CONF_get_string(db, section, value); +- } ++{ ++ return CONF_get_string(db, section, value); ++} + + static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) +- { +- return CONF_get_section(db, section); +- } ++{ ++ return CONF_get_section(db, section); ++} + + static X509V3_CONF_METHOD conf_lhash_method = { +-conf_lhash_get_string, +-conf_lhash_get_section, +-NULL, +-NULL ++ conf_lhash_get_string, ++ conf_lhash_get_section, ++ NULL, ++ NULL + }; + + void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) +- { +- ctx->db_meth = &conf_lhash_method; +- ctx->db = lhash; +- } ++{ ++ ctx->db_meth = &conf_lhash_method; ++ ctx->db = lhash; ++} + + int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509 *cert) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); +- } ++ X509 *cert) ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); ++} + + /* Same as above but for a CRL */ + + int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509_CRL *crl) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); +- } ++ X509_CRL *crl) ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); ++} + + /* Add extensions to certificate request */ + + int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, +- X509_REQ *req) +- { +- CONF ctmp; +- CONF_set_nconf(&ctmp, conf); +- return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); +- } ++ X509_REQ *req) ++{ ++ CONF ctmp; ++ CONF_set_nconf(&ctmp, conf); ++ return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +index ad0506d..3c26ac1 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +@@ -1,6 +1,7 @@ + /* v3_cpols.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,35 +68,38 @@ + + /* Certificate policies extension support: this one is a bit complex... */ + +-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); +-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); +-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); ++static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, ++ BIO *out, int indent); ++static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, char *value); ++static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, ++ int indent); + static void print_notice(BIO *out, USERNOTICE *notice, int indent); + static POLICYINFO *policy_section(X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *polstrs, int ia5org); ++ STACK_OF(CONF_VALUE) *polstrs, int ia5org); + static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *unot, int ia5org); ++ STACK_OF(CONF_VALUE) *unot, int ia5org); + static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); + + const X509V3_EXT_METHOD v3_cpols = { +-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), +-0,0,0,0, +-0,0, +-0,0, +-(X509V3_EXT_I2R)i2r_certpol, +-(X509V3_EXT_R2I)r2i_certpol, +-NULL ++ NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2R)i2r_certpol, ++ (X509V3_EXT_R2I)r2i_certpol, ++ NULL + }; + +-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) ++ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) + ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) + + IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) + + ASN1_SEQUENCE(POLICYINFO) = { +- ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), +- ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) ++ ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), ++ ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) + } ASN1_SEQUENCE_END(POLICYINFO) + + IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) +@@ -103,352 +107,370 @@ IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) + ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); + + ASN1_ADB(POLICYQUALINFO) = { +- ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), +- ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) ++ ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), ++ ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) + } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); + + ASN1_SEQUENCE(POLICYQUALINFO) = { +- ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), +- ASN1_ADB_OBJECT(POLICYQUALINFO) ++ ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), ++ ASN1_ADB_OBJECT(POLICYQUALINFO) + } ASN1_SEQUENCE_END(POLICYQUALINFO) + + IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) + + ASN1_SEQUENCE(USERNOTICE) = { +- ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), +- ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) ++ ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), ++ ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) + } ASN1_SEQUENCE_END(USERNOTICE) + + IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) + + ASN1_SEQUENCE(NOTICEREF) = { +- ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), +- ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) ++ ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), ++ ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) + } ASN1_SEQUENCE_END(NOTICEREF) + + IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) + + static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, char *value) ++ X509V3_CTX *ctx, char *value) + { +- STACK_OF(POLICYINFO) *pols = NULL; +- char *pstr; +- POLICYINFO *pol; +- ASN1_OBJECT *pobj; +- STACK_OF(CONF_VALUE) *vals; +- CONF_VALUE *cnf; +- int i, ia5org; +- pols = sk_POLICYINFO_new_null(); +- if (pols == NULL) { +- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- vals = X509V3_parse_list(value); +- if (vals == NULL) { +- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); +- goto err; +- } +- ia5org = 0; +- for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { +- cnf = sk_CONF_VALUE_value(vals, i); +- if(cnf->value || !cnf->name ) { +- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); +- X509V3_conf_err(cnf); +- goto err; +- } +- pstr = cnf->name; +- if(!strcmp(pstr,"ia5org")) { +- ia5org = 1; +- continue; +- } else if(*pstr == '@') { +- STACK_OF(CONF_VALUE) *polsect; +- polsect = X509V3_get_section(ctx, pstr + 1); +- if(!polsect) { +- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); +- +- X509V3_conf_err(cnf); +- goto err; +- } +- pol = policy_section(ctx, polsect, ia5org); +- X509V3_section_free(ctx, polsect); +- if(!pol) goto err; +- } else { +- if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { +- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); +- X509V3_conf_err(cnf); +- goto err; +- } +- pol = POLICYINFO_new(); +- pol->policyid = pobj; +- } +- if (!sk_POLICYINFO_push(pols, pol)){ +- POLICYINFO_free(pol); +- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); +- return pols; +- err: +- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); +- sk_POLICYINFO_pop_free(pols, POLICYINFO_free); +- return NULL; ++ STACK_OF(POLICYINFO) *pols = NULL; ++ char *pstr; ++ POLICYINFO *pol; ++ ASN1_OBJECT *pobj; ++ STACK_OF(CONF_VALUE) *vals; ++ CONF_VALUE *cnf; ++ int i, ia5org; ++ pols = sk_POLICYINFO_new_null(); ++ if (pols == NULL) { ++ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ vals = X509V3_parse_list(value); ++ if (vals == NULL) { ++ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB); ++ goto err; ++ } ++ ia5org = 0; ++ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { ++ cnf = sk_CONF_VALUE_value(vals, i); ++ if (cnf->value || !cnf->name) { ++ X509V3err(X509V3_F_R2I_CERTPOL, ++ X509V3_R_INVALID_POLICY_IDENTIFIER); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ pstr = cnf->name; ++ if (!strcmp(pstr, "ia5org")) { ++ ia5org = 1; ++ continue; ++ } else if (*pstr == '@') { ++ STACK_OF(CONF_VALUE) *polsect; ++ polsect = X509V3_get_section(ctx, pstr + 1); ++ if (!polsect) { ++ X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION); ++ ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ pol = policy_section(ctx, polsect, ia5org); ++ X509V3_section_free(ctx, polsect); ++ if (!pol) ++ goto err; ++ } else { ++ if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { ++ X509V3err(X509V3_F_R2I_CERTPOL, ++ X509V3_R_INVALID_OBJECT_IDENTIFIER); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ pol = POLICYINFO_new(); ++ pol->policyid = pobj; ++ } ++ if (!sk_POLICYINFO_push(pols, pol)) { ++ POLICYINFO_free(pol); ++ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); ++ return pols; ++ err: ++ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); ++ sk_POLICYINFO_pop_free(pols, POLICYINFO_free); ++ return NULL; + } + + static POLICYINFO *policy_section(X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *polstrs, int ia5org) ++ STACK_OF(CONF_VALUE) *polstrs, int ia5org) + { +- int i; +- CONF_VALUE *cnf; +- POLICYINFO *pol; +- POLICYQUALINFO *qual; +- if(!(pol = POLICYINFO_new())) goto merr; +- for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { +- cnf = sk_CONF_VALUE_value(polstrs, i); +- if(!strcmp(cnf->name, "policyIdentifier")) { +- ASN1_OBJECT *pobj; +- if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { +- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); +- X509V3_conf_err(cnf); +- goto err; +- } +- pol->policyid = pobj; +- +- } else if(!name_cmp(cnf->name, "CPS")) { +- if(!pol->qualifiers) pol->qualifiers = +- sk_POLICYQUALINFO_new_null(); +- if(!(qual = POLICYQUALINFO_new())) goto merr; +- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) +- goto merr; +- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); +- qual->d.cpsuri = M_ASN1_IA5STRING_new(); +- if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, +- strlen(cnf->value))) goto merr; +- } else if(!name_cmp(cnf->name, "userNotice")) { +- STACK_OF(CONF_VALUE) *unot; +- if(*cnf->value != '@') { +- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); +- X509V3_conf_err(cnf); +- goto err; +- } +- unot = X509V3_get_section(ctx, cnf->value + 1); +- if(!unot) { +- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); +- +- X509V3_conf_err(cnf); +- goto err; +- } +- qual = notice_section(ctx, unot, ia5org); +- X509V3_section_free(ctx, unot); +- if(!qual) goto err; +- if(!pol->qualifiers) pol->qualifiers = +- sk_POLICYQUALINFO_new_null(); +- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) +- goto merr; +- } else { +- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); +- +- X509V3_conf_err(cnf); +- goto err; +- } +- } +- if(!pol->policyid) { +- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); +- goto err; +- } +- +- return pol; +- +- merr: +- X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); +- +- err: +- POLICYINFO_free(pol); +- return NULL; +- +- ++ int i; ++ CONF_VALUE *cnf; ++ POLICYINFO *pol; ++ POLICYQUALINFO *qual; ++ if (!(pol = POLICYINFO_new())) ++ goto merr; ++ for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { ++ cnf = sk_CONF_VALUE_value(polstrs, i); ++ if (!strcmp(cnf->name, "policyIdentifier")) { ++ ASN1_OBJECT *pobj; ++ if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { ++ X509V3err(X509V3_F_POLICY_SECTION, ++ X509V3_R_INVALID_OBJECT_IDENTIFIER); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ pol->policyid = pobj; ++ ++ } else if (!name_cmp(cnf->name, "CPS")) { ++ if (!pol->qualifiers) ++ pol->qualifiers = sk_POLICYQUALINFO_new_null(); ++ if (!(qual = POLICYQUALINFO_new())) ++ goto merr; ++ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) ++ goto merr; ++ qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); ++ qual->d.cpsuri = M_ASN1_IA5STRING_new(); ++ if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, ++ strlen(cnf->value))) ++ goto merr; ++ } else if (!name_cmp(cnf->name, "userNotice")) { ++ STACK_OF(CONF_VALUE) *unot; ++ if (*cnf->value != '@') { ++ X509V3err(X509V3_F_POLICY_SECTION, ++ X509V3_R_EXPECTED_A_SECTION_NAME); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ unot = X509V3_get_section(ctx, cnf->value + 1); ++ if (!unot) { ++ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION); ++ ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ qual = notice_section(ctx, unot, ia5org); ++ X509V3_section_free(ctx, unot); ++ if (!qual) ++ goto err; ++ if (!pol->qualifiers) ++ pol->qualifiers = sk_POLICYQUALINFO_new_null(); ++ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) ++ goto merr; ++ } else { ++ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION); ++ ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ } ++ if (!pol->policyid) { ++ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER); ++ goto err; ++ } ++ ++ return pol; ++ ++ merr: ++ X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE); ++ ++ err: ++ POLICYINFO_free(pol); ++ return NULL; ++ + } + + static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *unot, int ia5org) ++ STACK_OF(CONF_VALUE) *unot, int ia5org) + { +- int i, ret; +- CONF_VALUE *cnf; +- USERNOTICE *not; +- POLICYQUALINFO *qual; +- if(!(qual = POLICYQUALINFO_new())) goto merr; +- qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); +- if(!(not = USERNOTICE_new())) goto merr; +- qual->d.usernotice = not; +- for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { +- cnf = sk_CONF_VALUE_value(unot, i); +- if(!strcmp(cnf->name, "explicitText")) { +- not->exptext = M_ASN1_VISIBLESTRING_new(); +- if(!ASN1_STRING_set(not->exptext, cnf->value, +- strlen(cnf->value))) goto merr; +- } else if(!strcmp(cnf->name, "organization")) { +- NOTICEREF *nref; +- if(!not->noticeref) { +- if(!(nref = NOTICEREF_new())) goto merr; +- not->noticeref = nref; +- } else nref = not->noticeref; +- if(ia5org) nref->organization->type = V_ASN1_IA5STRING; +- else nref->organization->type = V_ASN1_VISIBLESTRING; +- if(!ASN1_STRING_set(nref->organization, cnf->value, +- strlen(cnf->value))) goto merr; +- } else if(!strcmp(cnf->name, "noticeNumbers")) { +- NOTICEREF *nref; +- STACK_OF(CONF_VALUE) *nos; +- if(!not->noticeref) { +- if(!(nref = NOTICEREF_new())) goto merr; +- not->noticeref = nref; +- } else nref = not->noticeref; +- nos = X509V3_parse_list(cnf->value); +- if(!nos || !sk_CONF_VALUE_num(nos)) { +- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); +- X509V3_conf_err(cnf); +- goto err; +- } +- ret = nref_nos(nref->noticenos, nos); +- sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); +- if (!ret) +- goto err; +- } else { +- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); +- X509V3_conf_err(cnf); +- goto err; +- } +- } +- +- if(not->noticeref && +- (!not->noticeref->noticenos || !not->noticeref->organization)) { +- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); +- goto err; +- } +- +- return qual; +- +- merr: +- X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); +- +- err: +- POLICYQUALINFO_free(qual); +- return NULL; ++ int i, ret; ++ CONF_VALUE *cnf; ++ USERNOTICE *not; ++ POLICYQUALINFO *qual; ++ if (!(qual = POLICYQUALINFO_new())) ++ goto merr; ++ qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); ++ if (!(not = USERNOTICE_new())) ++ goto merr; ++ qual->d.usernotice = not; ++ for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { ++ cnf = sk_CONF_VALUE_value(unot, i); ++ if (!strcmp(cnf->name, "explicitText")) { ++ not->exptext = M_ASN1_VISIBLESTRING_new(); ++ if (!ASN1_STRING_set(not->exptext, cnf->value, ++ strlen(cnf->value))) ++ goto merr; ++ } else if (!strcmp(cnf->name, "organization")) { ++ NOTICEREF *nref; ++ if (!not->noticeref) { ++ if (!(nref = NOTICEREF_new())) ++ goto merr; ++ not->noticeref = nref; ++ } else ++ nref = not->noticeref; ++ if (ia5org) ++ nref->organization->type = V_ASN1_IA5STRING; ++ else ++ nref->organization->type = V_ASN1_VISIBLESTRING; ++ if (!ASN1_STRING_set(nref->organization, cnf->value, ++ strlen(cnf->value))) ++ goto merr; ++ } else if (!strcmp(cnf->name, "noticeNumbers")) { ++ NOTICEREF *nref; ++ STACK_OF(CONF_VALUE) *nos; ++ if (!not->noticeref) { ++ if (!(nref = NOTICEREF_new())) ++ goto merr; ++ not->noticeref = nref; ++ } else ++ nref = not->noticeref; ++ nos = X509V3_parse_list(cnf->value); ++ if (!nos || !sk_CONF_VALUE_num(nos)) { ++ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ ret = nref_nos(nref->noticenos, nos); ++ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); ++ if (!ret) ++ goto err; ++ } else { ++ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ } ++ ++ if (not->noticeref && ++ (!not->noticeref->noticenos || !not->noticeref->organization)) { ++ X509V3err(X509V3_F_NOTICE_SECTION, ++ X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); ++ goto err; ++ } ++ ++ return qual; ++ ++ merr: ++ X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE); ++ ++ err: ++ POLICYQUALINFO_free(qual); ++ return NULL; + } + + static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) + { +- CONF_VALUE *cnf; +- ASN1_INTEGER *aint; +- +- int i; +- +- for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { +- cnf = sk_CONF_VALUE_value(nos, i); +- if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { +- X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); +- goto err; +- } +- if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; +- } +- return 1; +- +- merr: +- X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE); +- +- err: +- sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); +- return 0; ++ CONF_VALUE *cnf; ++ ASN1_INTEGER *aint; ++ ++ int i; ++ ++ for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { ++ cnf = sk_CONF_VALUE_value(nos, i); ++ if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { ++ X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); ++ goto err; ++ } ++ if (!sk_ASN1_INTEGER_push(nnums, aint)) ++ goto merr; ++ } ++ return 1; ++ ++ merr: ++ X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); ++ ++ err: ++ sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); ++ return 0; + } + +- + static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, +- BIO *out, int indent) ++ BIO *out, int indent) + { +- int i; +- POLICYINFO *pinfo; +- /* First print out the policy OIDs */ +- for(i = 0; i < sk_POLICYINFO_num(pol); i++) { +- pinfo = sk_POLICYINFO_value(pol, i); +- BIO_printf(out, "%*sPolicy: ", indent, ""); +- i2a_ASN1_OBJECT(out, pinfo->policyid); +- BIO_puts(out, "\n"); +- if(pinfo->qualifiers) +- print_qualifiers(out, pinfo->qualifiers, indent + 2); +- } +- return 1; ++ int i; ++ POLICYINFO *pinfo; ++ /* First print out the policy OIDs */ ++ for (i = 0; i < sk_POLICYINFO_num(pol); i++) { ++ pinfo = sk_POLICYINFO_value(pol, i); ++ BIO_printf(out, "%*sPolicy: ", indent, ""); ++ i2a_ASN1_OBJECT(out, pinfo->policyid); ++ BIO_puts(out, "\n"); ++ if (pinfo->qualifiers) ++ print_qualifiers(out, pinfo->qualifiers, indent + 2); ++ } ++ return 1; + } + + static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, +- int indent) ++ int indent) + { +- POLICYQUALINFO *qualinfo; +- int i; +- for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { +- qualinfo = sk_POLICYQUALINFO_value(quals, i); +- switch(OBJ_obj2nid(qualinfo->pqualid)) +- { +- case NID_id_qt_cps: +- BIO_printf(out, "%*sCPS: %s\n", indent, "", +- qualinfo->d.cpsuri->data); +- break; +- +- case NID_id_qt_unotice: +- BIO_printf(out, "%*sUser Notice:\n", indent, ""); +- print_notice(out, qualinfo->d.usernotice, indent + 2); +- break; +- +- default: +- BIO_printf(out, "%*sUnknown Qualifier: ", +- indent + 2, ""); +- +- i2a_ASN1_OBJECT(out, qualinfo->pqualid); +- BIO_puts(out, "\n"); +- break; +- } +- } ++ POLICYQUALINFO *qualinfo; ++ int i; ++ for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { ++ qualinfo = sk_POLICYQUALINFO_value(quals, i); ++ switch (OBJ_obj2nid(qualinfo->pqualid)) { ++ case NID_id_qt_cps: ++ BIO_printf(out, "%*sCPS: %s\n", indent, "", ++ qualinfo->d.cpsuri->data); ++ break; ++ ++ case NID_id_qt_unotice: ++ BIO_printf(out, "%*sUser Notice:\n", indent, ""); ++ print_notice(out, qualinfo->d.usernotice, indent + 2); ++ break; ++ ++ default: ++ BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, ""); ++ ++ i2a_ASN1_OBJECT(out, qualinfo->pqualid); ++ BIO_puts(out, "\n"); ++ break; ++ } ++ } + } + + static void print_notice(BIO *out, USERNOTICE *notice, int indent) + { +- int i; +- if(notice->noticeref) { +- NOTICEREF *ref; +- ref = notice->noticeref; +- BIO_printf(out, "%*sOrganization: %s\n", indent, "", +- ref->organization->data); +- BIO_printf(out, "%*sNumber%s: ", indent, "", +- sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); +- for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { +- ASN1_INTEGER *num; +- char *tmp; +- num = sk_ASN1_INTEGER_value(ref->noticenos, i); +- if(i) BIO_puts(out, ", "); +- tmp = i2s_ASN1_INTEGER(NULL, num); +- BIO_puts(out, tmp); +- OPENSSL_free(tmp); +- } +- BIO_puts(out, "\n"); +- } +- if(notice->exptext) +- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", +- notice->exptext->data); ++ int i; ++ if (notice->noticeref) { ++ NOTICEREF *ref; ++ ref = notice->noticeref; ++ BIO_printf(out, "%*sOrganization: %s\n", indent, "", ++ ref->organization->data); ++ BIO_printf(out, "%*sNumber%s: ", indent, "", ++ sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); ++ for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { ++ ASN1_INTEGER *num; ++ char *tmp; ++ num = sk_ASN1_INTEGER_value(ref->noticenos, i); ++ if (i) ++ BIO_puts(out, ", "); ++ tmp = i2s_ASN1_INTEGER(NULL, num); ++ BIO_puts(out, tmp); ++ OPENSSL_free(tmp); ++ } ++ BIO_puts(out, "\n"); ++ } ++ if (notice->exptext) ++ BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", ++ notice->exptext->data); + } + + void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) +- { +- const X509_POLICY_DATA *dat = node->data; +- +- BIO_printf(out, "%*sPolicy: ", indent, ""); +- +- i2a_ASN1_OBJECT(out, dat->valid_policy); +- BIO_puts(out, "\n"); +- BIO_printf(out, "%*s%s\n", indent + 2, "", +- node_data_critical(dat) ? "Critical" : "Non Critical"); +- if (dat->qualifier_set) +- print_qualifiers(out, dat->qualifier_set, indent + 2); +- else +- BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); +- } +- ++{ ++ const X509_POLICY_DATA *dat = node->data; ++ ++ BIO_printf(out, "%*sPolicy: ", indent, ""); ++ ++ i2a_ASN1_OBJECT(out, dat->valid_policy); ++ BIO_puts(out, "\n"); ++ BIO_printf(out, "%*s%s\n", indent + 2, "", ++ node_data_critical(dat) ? "Critical" : "Non Critical"); ++ if (dat->qualifier_set) ++ print_qualifiers(out, dat->qualifier_set, indent + 2); ++ else ++ BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); ++} ++ + IMPLEMENT_STACK_OF(X509_POLICY_NODE) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +index 181a897..6c8ec98 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +@@ -1,6 +1,7 @@ + /* v3_crld.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,99 +65,113 @@ + #include + + static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, +- STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); ++ STACK_OF(DIST_POINT) *crld, ++ STACK_OF(CONF_VALUE) *extlist); + static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); + + const X509V3_EXT_METHOD v3_crld = { +-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), +-0,0,0,0, +-0,0, +-(X509V3_EXT_I2V)i2v_crld, +-(X509V3_EXT_V2I)v2i_crld, +-0,0, +-NULL ++ NID_crl_distribution_points, X509V3_EXT_MULTILINE, ++ ASN1_ITEM_ref(CRL_DIST_POINTS), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_crld, ++ (X509V3_EXT_V2I)v2i_crld, ++ 0, 0, ++ NULL + }; + + static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, +- STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts) ++ STACK_OF(DIST_POINT) *crld, ++ STACK_OF(CONF_VALUE) *exts) + { +- DIST_POINT *point; +- int i; +- for(i = 0; i < sk_DIST_POINT_num(crld); i++) { +- point = sk_DIST_POINT_value(crld, i); +- if(point->distpoint) { +- if(point->distpoint->type == 0) +- exts = i2v_GENERAL_NAMES(NULL, +- point->distpoint->name.fullname, exts); +- else X509V3_add_value("RelativeName","", &exts); +- } +- if(point->reasons) +- X509V3_add_value("reasons","", &exts); +- if(point->CRLissuer) +- X509V3_add_value("CRLissuer","", &exts); +- } +- return exts; ++ DIST_POINT *point; ++ int i; ++ for (i = 0; i < sk_DIST_POINT_num(crld); i++) { ++ point = sk_DIST_POINT_value(crld, i); ++ if (point->distpoint) { ++ if (point->distpoint->type == 0) ++ exts = i2v_GENERAL_NAMES(NULL, ++ point->distpoint->name.fullname, ++ exts); ++ else ++ X509V3_add_value("RelativeName", "", &exts); ++ } ++ if (point->reasons) ++ X509V3_add_value("reasons", "", &exts); ++ if (point->CRLissuer) ++ X509V3_add_value("CRLissuer", "", &exts); ++ } ++ return exts; + } + + static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) + { +- STACK_OF(DIST_POINT) *crld = NULL; +- GENERAL_NAMES *gens = NULL; +- GENERAL_NAME *gen = NULL; +- CONF_VALUE *cnf; +- int i; +- if(!(crld = sk_DIST_POINT_new_null())) goto merr; +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- DIST_POINT *point; +- cnf = sk_CONF_VALUE_value(nval, i); +- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; +- if(!(gens = GENERAL_NAMES_new())) goto merr; +- if(!sk_GENERAL_NAME_push(gens, gen)) goto merr; +- gen = NULL; +- if(!(point = DIST_POINT_new())) goto merr; +- if(!sk_DIST_POINT_push(crld, point)) { +- DIST_POINT_free(point); +- goto merr; +- } +- if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; +- point->distpoint->name.fullname = gens; +- point->distpoint->type = 0; +- gens = NULL; +- } +- return crld; ++ STACK_OF(DIST_POINT) *crld = NULL; ++ GENERAL_NAMES *gens = NULL; ++ GENERAL_NAME *gen = NULL; ++ CONF_VALUE *cnf; ++ int i; ++ if (!(crld = sk_DIST_POINT_new_null())) ++ goto merr; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ DIST_POINT *point; ++ cnf = sk_CONF_VALUE_value(nval, i); ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) ++ goto err; ++ if (!(gens = GENERAL_NAMES_new())) ++ goto merr; ++ if (!sk_GENERAL_NAME_push(gens, gen)) ++ goto merr; ++ gen = NULL; ++ if (!(point = DIST_POINT_new())) ++ goto merr; ++ if (!sk_DIST_POINT_push(crld, point)) { ++ DIST_POINT_free(point); ++ goto merr; ++ } ++ if (!(point->distpoint = DIST_POINT_NAME_new())) ++ goto merr; ++ point->distpoint->name.fullname = gens; ++ point->distpoint->type = 0; ++ gens = NULL; ++ } ++ return crld; + +- merr: +- X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); +- err: +- GENERAL_NAME_free(gen); +- GENERAL_NAMES_free(gens); +- sk_DIST_POINT_pop_free(crld, DIST_POINT_free); +- return NULL; ++ merr: ++ X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE); ++ err: ++ GENERAL_NAME_free(gen); ++ GENERAL_NAMES_free(gens); ++ sk_DIST_POINT_pop_free(crld, DIST_POINT_free); ++ return NULL; + } + + IMPLEMENT_STACK_OF(DIST_POINT) ++ + IMPLEMENT_ASN1_SET_OF(DIST_POINT) + + + ASN1_CHOICE(DIST_POINT_NAME) = { +- ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), +- ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) ++ ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), ++ ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) + } ASN1_CHOICE_END(DIST_POINT_NAME) + + IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) + + ASN1_SEQUENCE(DIST_POINT) = { +- ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), +- ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), +- ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) ++ ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), ++ ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), ++ ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) + } ASN1_SEQUENCE_END(DIST_POINT) + + IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) + +-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) ++ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) + ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) + + IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +index 36576ea..aa91c5d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +@@ -1,6 +1,7 @@ + /* v3_enum.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -61,34 +62,34 @@ + #include + + static ENUMERATED_NAMES crl_reasons[] = { +-{0, "Unspecified", "unspecified"}, +-{1, "Key Compromise", "keyCompromise"}, +-{2, "CA Compromise", "CACompromise"}, +-{3, "Affiliation Changed", "affiliationChanged"}, +-{4, "Superseded", "superseded"}, +-{5, "Cessation Of Operation", "cessationOfOperation"}, +-{6, "Certificate Hold", "certificateHold"}, +-{8, "Remove From CRL", "removeFromCRL"}, +-{-1, NULL, NULL} ++ {0, "Unspecified", "unspecified"}, ++ {1, "Key Compromise", "keyCompromise"}, ++ {2, "CA Compromise", "CACompromise"}, ++ {3, "Affiliation Changed", "affiliationChanged"}, ++ {4, "Superseded", "superseded"}, ++ {5, "Cessation Of Operation", "cessationOfOperation"}, ++ {6, "Certificate Hold", "certificateHold"}, ++ {8, "Remove From CRL", "removeFromCRL"}, ++ {-1, NULL, NULL} + }; + +-const X509V3_EXT_METHOD v3_crl_reason = { +-NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), +-0,0,0,0, +-(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, +-0, +-0,0,0,0, +-crl_reasons}; +- ++const X509V3_EXT_METHOD v3_crl_reason = { ++ NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), ++ 0, 0, 0, 0, ++ (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, ++ 0, ++ 0, 0, 0, 0, ++ crl_reasons ++}; + +-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +- ASN1_ENUMERATED *e) ++char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) + { +- ENUMERATED_NAMES *enam; +- long strval; +- strval = ASN1_ENUMERATED_get(e); +- for(enam = method->usr_data; enam->lname; enam++) { +- if(strval == enam->bitnum) return BUF_strdup(enam->lname); +- } +- return i2s_ASN1_ENUMERATED(method, e); ++ ENUMERATED_NAMES *enam; ++ long strval; ++ strval = ASN1_ENUMERATED_get(e); ++ for (enam = method->usr_data; enam->lname; enam++) { ++ if (strval == enam->bitnum) ++ return BUF_strdup(enam->lname); ++ } ++ return i2s_ASN1_ENUMERATED(method, e); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +index c0d1450..0220174 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +@@ -1,6 +1,7 @@ + /* v3_extku.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include +@@ -64,79 +64,88 @@ + #include + + static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); + static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +- void *eku, STACK_OF(CONF_VALUE) *extlist); ++ void *eku, ++ STACK_OF(CONF_VALUE) ++ *extlist); + + const X509V3_EXT_METHOD v3_ext_ku = { +- NID_ext_key_usage, 0, +- ASN1_ITEM_ref(EXTENDED_KEY_USAGE), +- 0,0,0,0, +- 0,0, +- i2v_EXTENDED_KEY_USAGE, +- v2i_EXTENDED_KEY_USAGE, +- 0,0, +- NULL ++ NID_ext_key_usage, 0, ++ ASN1_ITEM_ref(EXTENDED_KEY_USAGE), ++ 0, 0, 0, 0, ++ 0, 0, ++ i2v_EXTENDED_KEY_USAGE, ++ v2i_EXTENDED_KEY_USAGE, ++ 0, 0, ++ NULL + }; + + /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ + const X509V3_EXT_METHOD v3_ocsp_accresp = { +- NID_id_pkix_OCSP_acceptableResponses, 0, +- ASN1_ITEM_ref(EXTENDED_KEY_USAGE), +- 0,0,0,0, +- 0,0, +- i2v_EXTENDED_KEY_USAGE, +- v2i_EXTENDED_KEY_USAGE, +- 0,0, +- NULL ++ NID_id_pkix_OCSP_acceptableResponses, 0, ++ ASN1_ITEM_ref(EXTENDED_KEY_USAGE), ++ 0, 0, 0, 0, ++ 0, 0, ++ i2v_EXTENDED_KEY_USAGE, ++ v2i_EXTENDED_KEY_USAGE, ++ 0, 0, ++ NULL + }; + +-ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) ++ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) + ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) + + IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) + + static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +- void *a, STACK_OF(CONF_VALUE) *ext_list) ++ void *a, ++ STACK_OF(CONF_VALUE) ++ *ext_list) + { +- EXTENDED_KEY_USAGE *eku = a; +- int i; +- ASN1_OBJECT *obj; +- char obj_tmp[80]; +- for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { +- obj = sk_ASN1_OBJECT_value(eku, i); +- i2t_ASN1_OBJECT(obj_tmp, 80, obj); +- X509V3_add_value(NULL, obj_tmp, &ext_list); +- } +- return ext_list; ++ EXTENDED_KEY_USAGE *eku = a; ++ int i; ++ ASN1_OBJECT *obj; ++ char obj_tmp[80]; ++ for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { ++ obj = sk_ASN1_OBJECT_value(eku, i); ++ i2t_ASN1_OBJECT(obj_tmp, 80, obj); ++ X509V3_add_value(NULL, obj_tmp, &ext_list); ++ } ++ return ext_list; + } + + static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) + { +- EXTENDED_KEY_USAGE *extku; +- char *extval; +- ASN1_OBJECT *objtmp; +- CONF_VALUE *val; +- int i; ++ EXTENDED_KEY_USAGE *extku; ++ char *extval; ++ ASN1_OBJECT *objtmp; ++ CONF_VALUE *val; ++ int i; + +- if(!(extku = sk_ASN1_OBJECT_new_null())) { +- X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE); +- return NULL; +- } ++ if (!(extku = sk_ASN1_OBJECT_new_null())) { ++ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } + +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- val = sk_CONF_VALUE_value(nval, i); +- if(val->value) extval = val->value; +- else extval = val->name; +- if(!(objtmp = OBJ_txt2obj(extval, 0))) { +- sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); +- X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER); +- X509V3_conf_err(val); +- return NULL; +- } +- sk_ASN1_OBJECT_push(extku, objtmp); +- } +- return extku; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ val = sk_CONF_VALUE_value(nval, i); ++ if (val->value) ++ extval = val->value; ++ else ++ extval = val->name; ++ if (!(objtmp = OBJ_txt2obj(extval, 0))) { ++ sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); ++ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ++ X509V3_R_INVALID_OBJECT_IDENTIFIER); ++ X509V3_conf_err(val); ++ return NULL; ++ } ++ sk_ASN1_OBJECT_push(extku, objtmp); ++ } ++ return extku; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +index 84b4b1c..760b304 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +@@ -1,6 +1,7 @@ + /* v3_genn.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include +@@ -64,38 +64,38 @@ + #include + + ASN1_SEQUENCE(OTHERNAME) = { +- ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), +- /* Maybe have a true ANY DEFINED BY later */ +- ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) ++ ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), ++ /* Maybe have a true ANY DEFINED BY later */ ++ ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) + } ASN1_SEQUENCE_END(OTHERNAME) + + IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) + + ASN1_SEQUENCE(EDIPARTYNAME) = { +- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), +- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) ++ ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), ++ ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + } ASN1_SEQUENCE_END(EDIPARTYNAME) + + IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) + + ASN1_CHOICE(GENERAL_NAME) = { +- ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), +- ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), +- ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), +- /* Don't decode this */ +- ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), +- /* X509_NAME is a CHOICE type so use EXPLICIT */ +- ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), +- ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), +- ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), +- ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), +- ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) ++ ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), ++ ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), ++ ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), ++ /* Don't decode this */ ++ ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), ++ /* X509_NAME is a CHOICE type so use EXPLICIT */ ++ ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), ++ ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), ++ ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), ++ ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), ++ ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) + } ASN1_CHOICE_END(GENERAL_NAME) + + IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME) + +-ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) ++ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) + ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) + + IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +index 4ff12b5..c170a55 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +@@ -1,6 +1,7 @@ + /* v3_ia5.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,61 +57,63 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include + #include + #include + +-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); +-const X509V3_EXT_METHOD v3_ns_ia5_list[] = { +-EXT_IA5STRING(NID_netscape_base_url), +-EXT_IA5STRING(NID_netscape_revocation_url), +-EXT_IA5STRING(NID_netscape_ca_revocation_url), +-EXT_IA5STRING(NID_netscape_renewal_url), +-EXT_IA5STRING(NID_netscape_ca_policy_url), +-EXT_IA5STRING(NID_netscape_ssl_server_name), +-EXT_IA5STRING(NID_netscape_comment), +-EXT_END ++static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ++ ASN1_IA5STRING *ia5); ++static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, char *str); ++const X509V3_EXT_METHOD v3_ns_ia5_list[] = { ++ EXT_IA5STRING(NID_netscape_base_url), ++ EXT_IA5STRING(NID_netscape_revocation_url), ++ EXT_IA5STRING(NID_netscape_ca_revocation_url), ++ EXT_IA5STRING(NID_netscape_renewal_url), ++ EXT_IA5STRING(NID_netscape_ca_policy_url), ++ EXT_IA5STRING(NID_netscape_ssl_server_name), ++ EXT_IA5STRING(NID_netscape_comment), ++ EXT_END + }; + +- + static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +- ASN1_IA5STRING *ia5) ++ ASN1_IA5STRING *ia5) + { +- char *tmp; +- if(!ia5 || !ia5->length) return NULL; +- if(!(tmp = OPENSSL_malloc(ia5->length + 1))) { +- X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- memcpy(tmp, ia5->data, ia5->length); +- tmp[ia5->length] = 0; +- return tmp; ++ char *tmp; ++ if (!ia5 || !ia5->length) ++ return NULL; ++ if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { ++ X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ memcpy(tmp, ia5->data, ia5->length); ++ tmp[ia5->length] = 0; ++ return tmp; + } + + static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, char *str) ++ X509V3_CTX *ctx, char *str) + { +- ASN1_IA5STRING *ia5; +- if(!str) { +- X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); +- return NULL; +- } +- if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; +- if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, +- strlen(str))) { +- M_ASN1_IA5STRING_free(ia5); +- goto err; +- } ++ ASN1_IA5STRING *ia5; ++ if (!str) { ++ X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ++ X509V3_R_INVALID_NULL_ARGUMENT); ++ return NULL; ++ } ++ if (!(ia5 = M_ASN1_IA5STRING_new())) ++ goto err; ++ if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, ++ strlen(str))) { ++ M_ASN1_IA5STRING_free(ia5); ++ goto err; ++ } + #ifdef CHARSET_EBCDIC +- ebcdic2ascii(ia5->data, ia5->data, ia5->length); +-#endif /*CHARSET_EBCDIC*/ +- return ia5; +- err: +- X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); +- return NULL; ++ ebcdic2ascii(ia5->data, ia5->data, ia5->length); ++#endif /* CHARSET_EBCDIC */ ++ return ia5; ++ err: ++ X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +index e1b8699..e052a34 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +@@ -1,6 +1,7 @@ + /* v3_info.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -63,131 +64,147 @@ + #include + #include + +-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, +- AUTHORITY_INFO_ACCESS *ainfo, +- STACK_OF(CONF_VALUE) *ret); +-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ++ *method, AUTHORITY_INFO_ACCESS ++ *ainfo, STACK_OF(CONF_VALUE) ++ *ret); ++static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ++ *method, ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) ++ *nval); + +-const X509V3_EXT_METHOD v3_info = +-{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), +-0,0,0,0, +-0,0, +-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, +-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, +-0,0, +-NULL}; ++const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE, ++ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, ++ (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, ++ 0, 0, ++ NULL ++}; + +-const X509V3_EXT_METHOD v3_sinfo = +-{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), +-0,0,0,0, +-0,0, +-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, +-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, +-0,0, +-NULL}; ++const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE, ++ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), ++ 0, 0, 0, 0, ++ 0, 0, ++ (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, ++ (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, ++ 0, 0, ++ NULL ++}; + + ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { +- ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), +- ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) ++ ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), ++ ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) + } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) + + IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) + +-ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) ++ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) + ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) + + IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) + +-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, +- AUTHORITY_INFO_ACCESS *ainfo, +- STACK_OF(CONF_VALUE) *ret) ++static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ++ *method, AUTHORITY_INFO_ACCESS ++ *ainfo, STACK_OF(CONF_VALUE) ++ *ret) + { +- ACCESS_DESCRIPTION *desc; +- int i,nlen; +- char objtmp[80], *ntmp; +- CONF_VALUE *vtmp; +- for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { +- desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); +- ret = i2v_GENERAL_NAME(method, desc->location, ret); +- if(!ret) break; +- vtmp = sk_CONF_VALUE_value(ret, i); +- i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); +- nlen = strlen(objtmp) + strlen(vtmp->name) + 5; +- ntmp = OPENSSL_malloc(nlen); +- if(!ntmp) { +- X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, +- ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- BUF_strlcpy(ntmp, objtmp, nlen); +- BUF_strlcat(ntmp, " - ", nlen); +- BUF_strlcat(ntmp, vtmp->name, nlen); +- OPENSSL_free(vtmp->name); +- vtmp->name = ntmp; +- +- } +- if(!ret) return sk_CONF_VALUE_new_null(); +- return ret; ++ ACCESS_DESCRIPTION *desc; ++ int i, nlen; ++ char objtmp[80], *ntmp; ++ CONF_VALUE *vtmp; ++ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { ++ desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); ++ ret = i2v_GENERAL_NAME(method, desc->location, ret); ++ if (!ret) ++ break; ++ vtmp = sk_CONF_VALUE_value(ret, i); ++ i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); ++ nlen = strlen(objtmp) + strlen(vtmp->name) + 5; ++ ntmp = OPENSSL_malloc(nlen); ++ if (!ntmp) { ++ X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ++ ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ BUF_strlcpy(ntmp, objtmp, nlen); ++ BUF_strlcat(ntmp, " - ", nlen); ++ BUF_strlcat(ntmp, vtmp->name, nlen); ++ OPENSSL_free(vtmp->name); ++ vtmp->name = ntmp; ++ ++ } ++ if (!ret) ++ return sk_CONF_VALUE_new_null(); ++ return ret; + } + +-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ++ *method, ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) ++ *nval) + { +- AUTHORITY_INFO_ACCESS *ainfo = NULL; +- CONF_VALUE *cnf, ctmp; +- ACCESS_DESCRIPTION *acc; +- int i, objlen; +- char *objtmp, *ptmp; +- if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { +- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- cnf = sk_CONF_VALUE_value(nval, i); +- if(!(acc = ACCESS_DESCRIPTION_new()) +- || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { +- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ptmp = strchr(cnf->name, ';'); +- if(!ptmp) { +- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX); +- goto err; +- } +- objlen = ptmp - cnf->name; +- ctmp.name = ptmp + 1; +- ctmp.value = cnf->value; +- if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) +- goto err; +- if(!(objtmp = OPENSSL_malloc(objlen + 1))) { +- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- strncpy(objtmp, cnf->name, objlen); +- objtmp[objlen] = 0; +- acc->method = OBJ_txt2obj(objtmp, 0); +- if(!acc->method) { +- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT); +- ERR_add_error_data(2, "value=", objtmp); +- OPENSSL_free(objtmp); +- goto err; +- } +- OPENSSL_free(objtmp); ++ AUTHORITY_INFO_ACCESS *ainfo = NULL; ++ CONF_VALUE *cnf, ctmp; ++ ACCESS_DESCRIPTION *acc; ++ int i, objlen; ++ char *objtmp, *ptmp; ++ if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ cnf = sk_CONF_VALUE_value(nval, i); ++ if (!(acc = ACCESS_DESCRIPTION_new()) ++ || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ptmp = strchr(cnf->name, ';'); ++ if (!ptmp) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ++ X509V3_R_INVALID_SYNTAX); ++ goto err; ++ } ++ objlen = ptmp - cnf->name; ++ ctmp.name = ptmp + 1; ++ ctmp.value = cnf->value; ++ if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) ++ goto err; ++ if (!(objtmp = OPENSSL_malloc(objlen + 1))) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ++ ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ strncpy(objtmp, cnf->name, objlen); ++ objtmp[objlen] = 0; ++ acc->method = OBJ_txt2obj(objtmp, 0); ++ if (!acc->method) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ++ X509V3_R_BAD_OBJECT); ++ ERR_add_error_data(2, "value=", objtmp); ++ OPENSSL_free(objtmp); ++ goto err; ++ } ++ OPENSSL_free(objtmp); + +- } +- return ainfo; +- err: +- sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); +- return NULL; ++ } ++ return ainfo; ++ err: ++ sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); ++ return NULL; + } + +-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) +- { +- i2a_ASN1_OBJECT(bp, a->method); ++int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) ++{ ++ i2a_ASN1_OBJECT(bp, a->method); + #ifdef UNDEF +- i2a_GENERAL_NAME(bp, a->location); ++ i2a_GENERAL_NAME(bp, a->location); + #endif +- return 2; +- } ++ return 2; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +index 4bfd14c..8bfdb37 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +@@ -1,6 +1,7 @@ + /* v3_int.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -60,30 +61,32 @@ + #include "cryptlib.h" + #include + +-const X509V3_EXT_METHOD v3_crl_num = { +- NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), +- 0,0,0,0, +- (X509V3_EXT_I2S)i2s_ASN1_INTEGER, +- 0, +- 0,0,0,0, NULL}; ++const X509V3_EXT_METHOD v3_crl_num = { ++ NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), ++ 0, 0, 0, 0, ++ (X509V3_EXT_I2S)i2s_ASN1_INTEGER, ++ 0, ++ 0, 0, 0, 0, NULL ++}; + +-const X509V3_EXT_METHOD v3_delta_crl = { +- NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), +- 0,0,0,0, +- (X509V3_EXT_I2S)i2s_ASN1_INTEGER, +- 0, +- 0,0,0,0, NULL}; +- +-static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) +- { +- return s2i_ASN1_INTEGER(meth, value); +- } +- +-const X509V3_EXT_METHOD v3_inhibit_anyp = { +- NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), +- 0,0,0,0, +- (X509V3_EXT_I2S)i2s_ASN1_INTEGER, +- (X509V3_EXT_S2I)s2i_asn1_int, +- 0,0,0,0, NULL}; ++const X509V3_EXT_METHOD v3_delta_crl = { ++ NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), ++ 0, 0, 0, 0, ++ (X509V3_EXT_I2S)i2s_ASN1_INTEGER, ++ 0, ++ 0, 0, 0, 0, NULL ++}; + ++static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, ++ char *value) ++{ ++ return s2i_ASN1_INTEGER(meth, value); ++} + ++const X509V3_EXT_METHOD v3_inhibit_anyp = { ++ NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), ++ 0, 0, 0, 0, ++ (X509V3_EXT_I2S)i2s_ASN1_INTEGER, ++ (X509V3_EXT_S2I)s2i_asn1_int, ++ 0, 0, 0, 0, NULL ++}; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +index df3a48f..e0c0b04 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +@@ -1,6 +1,7 @@ + /* v3_lib.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -66,111 +67,129 @@ + + static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; + +-static int ext_cmp(const X509V3_EXT_METHOD * const *a, +- const X509V3_EXT_METHOD * const *b); ++static int ext_cmp(const X509V3_EXT_METHOD *const *a, ++ const X509V3_EXT_METHOD *const *b); + static void ext_list_free(X509V3_EXT_METHOD *ext); + + int X509V3_EXT_add(X509V3_EXT_METHOD *ext) + { +- if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { +- X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { +- X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- return 1; ++ if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { ++ X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { ++ X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return 1; + } + +-static int ext_cmp(const X509V3_EXT_METHOD * const *a, +- const X509V3_EXT_METHOD * const *b) ++static int ext_cmp(const X509V3_EXT_METHOD *const *a, ++ const X509V3_EXT_METHOD *const *b) + { +- return ((*a)->ext_nid - (*b)->ext_nid); ++ return ((*a)->ext_nid - (*b)->ext_nid); + } + + X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) + { +- X509V3_EXT_METHOD tmp, *t = &tmp, **ret; +- int idx; +- if(nid < 0) return NULL; +- tmp.ext_nid = nid; +- ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, +- (char *)standard_exts, STANDARD_EXTENSION_COUNT, +- sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); +- if(ret) return *ret; +- if(!ext_list) return NULL; +- idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); +- if(idx == -1) return NULL; +- return sk_X509V3_EXT_METHOD_value(ext_list, idx); ++ X509V3_EXT_METHOD tmp, *t = &tmp, **ret; ++ int idx; ++ if (nid < 0) ++ return NULL; ++ tmp.ext_nid = nid; ++ ret = (X509V3_EXT_METHOD **)OBJ_bsearch((char *)&t, ++ (char *)standard_exts, ++ STANDARD_EXTENSION_COUNT, ++ sizeof(X509V3_EXT_METHOD *), ++ (int (*) ++ (const void *, ++ const void *))ext_cmp); ++ if (ret) ++ return *ret; ++ if (!ext_list) ++ return NULL; ++ idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); ++ if (idx == -1) ++ return NULL; ++ return sk_X509V3_EXT_METHOD_value(ext_list, idx); + } + + X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) + { +- int nid; +- if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; +- return X509V3_EXT_get_nid(nid); ++ int nid; ++ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) ++ return NULL; ++ return X509V3_EXT_get_nid(nid); + } + +- + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) + { +- for(;extlist->ext_nid!=-1;extlist++) +- if(!X509V3_EXT_add(extlist)) return 0; +- return 1; ++ for (; extlist->ext_nid != -1; extlist++) ++ if (!X509V3_EXT_add(extlist)) ++ return 0; ++ return 1; + } + + int X509V3_EXT_add_alias(int nid_to, int nid_from) + { +- X509V3_EXT_METHOD *ext, *tmpext; +- if(!(ext = X509V3_EXT_get_nid(nid_from))) { +- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); +- return 0; +- } +- if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { +- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- *tmpext = *ext; +- tmpext->ext_nid = nid_to; +- tmpext->ext_flags |= X509V3_EXT_DYNAMIC; +- return X509V3_EXT_add(tmpext); ++ X509V3_EXT_METHOD *ext, *tmpext; ++ if (!(ext = X509V3_EXT_get_nid(nid_from))) { ++ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ++ X509V3_R_EXTENSION_NOT_FOUND); ++ return 0; ++ } ++ if (! ++ (tmpext = ++ (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { ++ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ *tmpext = *ext; ++ tmpext->ext_nid = nid_to; ++ tmpext->ext_flags |= X509V3_EXT_DYNAMIC; ++ return X509V3_EXT_add(tmpext); + } + + void X509V3_EXT_cleanup(void) + { +- sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); +- ext_list = NULL; ++ sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); ++ ext_list = NULL; + } + + static void ext_list_free(X509V3_EXT_METHOD *ext) + { +- if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext); ++ if (ext->ext_flags & X509V3_EXT_DYNAMIC) ++ OPENSSL_free(ext); + } + +-/* Legacy function: we don't need to add standard extensions +- * any more because they are now kept in ext_dat.h. ++/* ++ * Legacy function: we don't need to add standard extensions any more because ++ * they are now kept in ext_dat.h. + */ + + int X509V3_add_standard_extensions(void) + { +- return 1; ++ return 1; + } + + /* Return an extension internal structure */ + + void *X509V3_EXT_d2i(X509_EXTENSION *ext) + { +- X509V3_EXT_METHOD *method; +- const unsigned char *p; +- +- if(!(method = X509V3_EXT_get(ext))) return NULL; +- p = ext->value->data; +- if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); +- return method->d2i(NULL, &p, ext->value->length); ++ X509V3_EXT_METHOD *method; ++ const unsigned char *p; ++ ++ if (!(method = X509V3_EXT_get(ext))) ++ return NULL; ++ p = ext->value->data; ++ if (method->it) ++ return ASN1_item_d2i(NULL, &p, ext->value->length, ++ ASN1_ITEM_ptr(method->it)); ++ return method->d2i(NULL, &p, ext->value->length); + } + +-/* Get critical flag and decoded version of extension from a NID. ++/*- ++ * Get critical flag and decoded version of extension from a NID. + * The "idx" variable returns the last found extension and can + * be used to retrieve multiple extensions of the same NID. + * However multiple extensions with the same NID is usually +@@ -185,119 +204,136 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) + * -2 extension occurs more than once. + */ + +-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) ++void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, ++ int *idx) + { +- int lastpos, i; +- X509_EXTENSION *ex, *found_ex = NULL; +- if(!x) { +- if(idx) *idx = -1; +- if(crit) *crit = -1; +- return NULL; +- } +- if(idx) lastpos = *idx + 1; +- else lastpos = 0; +- if(lastpos < 0) lastpos = 0; +- for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) +- { +- ex = sk_X509_EXTENSION_value(x, i); +- if(OBJ_obj2nid(ex->object) == nid) { +- if(idx) { +- *idx = i; +- found_ex = ex; +- break; +- } else if(found_ex) { +- /* Found more than one */ +- if(crit) *crit = -2; +- return NULL; +- } +- found_ex = ex; +- } +- } +- if(found_ex) { +- /* Found it */ +- if(crit) *crit = X509_EXTENSION_get_critical(found_ex); +- return X509V3_EXT_d2i(found_ex); +- } +- +- /* Extension not found */ +- if(idx) *idx = -1; +- if(crit) *crit = -1; +- return NULL; ++ int lastpos, i; ++ X509_EXTENSION *ex, *found_ex = NULL; ++ if (!x) { ++ if (idx) ++ *idx = -1; ++ if (crit) ++ *crit = -1; ++ return NULL; ++ } ++ if (idx) ++ lastpos = *idx + 1; ++ else ++ lastpos = 0; ++ if (lastpos < 0) ++ lastpos = 0; ++ for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { ++ ex = sk_X509_EXTENSION_value(x, i); ++ if (OBJ_obj2nid(ex->object) == nid) { ++ if (idx) { ++ *idx = i; ++ found_ex = ex; ++ break; ++ } else if (found_ex) { ++ /* Found more than one */ ++ if (crit) ++ *crit = -2; ++ return NULL; ++ } ++ found_ex = ex; ++ } ++ } ++ if (found_ex) { ++ /* Found it */ ++ if (crit) ++ *crit = X509_EXTENSION_get_critical(found_ex); ++ return X509V3_EXT_d2i(found_ex); ++ } ++ ++ /* Extension not found */ ++ if (idx) ++ *idx = -1; ++ if (crit) ++ *crit = -1; ++ return NULL; + } + +-/* This function is a general extension append, replace and delete utility. ++/* ++ * This function is a general extension append, replace and delete utility. + * The precise operation is governed by the 'flags' value. The 'crit' and + * 'value' arguments (if relevant) are the extensions internal structure. + */ + + int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +- int crit, unsigned long flags) ++ int crit, unsigned long flags) + { +- int extidx = -1; +- int errcode; +- X509_EXTENSION *ext, *extmp; +- unsigned long ext_op = flags & X509V3_ADD_OP_MASK; +- +- /* If appending we don't care if it exists, otherwise +- * look for existing extension. +- */ +- if(ext_op != X509V3_ADD_APPEND) +- extidx = X509v3_get_ext_by_NID(*x, nid, -1); +- +- /* See if extension exists */ +- if(extidx >= 0) { +- /* If keep existing, nothing to do */ +- if(ext_op == X509V3_ADD_KEEP_EXISTING) +- return 1; +- /* If default then its an error */ +- if(ext_op == X509V3_ADD_DEFAULT) { +- errcode = X509V3_R_EXTENSION_EXISTS; +- goto err; +- } +- /* If delete, just delete it */ +- if(ext_op == X509V3_ADD_DELETE) { +- if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1; +- return 1; +- } +- } else { +- /* If replace existing or delete, error since +- * extension must exist +- */ +- if((ext_op == X509V3_ADD_REPLACE_EXISTING) || +- (ext_op == X509V3_ADD_DELETE)) { +- errcode = X509V3_R_EXTENSION_NOT_FOUND; +- goto err; +- } +- } +- +- /* If we get this far then we have to create an extension: +- * could have some flags for alternative encoding schemes... +- */ +- +- ext = X509V3_EXT_i2d(nid, crit, value); +- +- if(!ext) { +- X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION); +- return 0; +- } +- +- /* If extension exists replace it.. */ +- if(extidx >= 0) { +- extmp = sk_X509_EXTENSION_value(*x, extidx); +- X509_EXTENSION_free(extmp); +- if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1; +- return 1; +- } +- +- if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; +- if(!sk_X509_EXTENSION_push(*x, ext)) return -1; +- +- return 1; +- +- err: +- if(!(flags & X509V3_ADD_SILENT)) +- X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); +- return 0; ++ int extidx = -1; ++ int errcode; ++ X509_EXTENSION *ext, *extmp; ++ unsigned long ext_op = flags & X509V3_ADD_OP_MASK; ++ ++ /* ++ * If appending we don't care if it exists, otherwise look for existing ++ * extension. ++ */ ++ if (ext_op != X509V3_ADD_APPEND) ++ extidx = X509v3_get_ext_by_NID(*x, nid, -1); ++ ++ /* See if extension exists */ ++ if (extidx >= 0) { ++ /* If keep existing, nothing to do */ ++ if (ext_op == X509V3_ADD_KEEP_EXISTING) ++ return 1; ++ /* If default then its an error */ ++ if (ext_op == X509V3_ADD_DEFAULT) { ++ errcode = X509V3_R_EXTENSION_EXISTS; ++ goto err; ++ } ++ /* If delete, just delete it */ ++ if (ext_op == X509V3_ADD_DELETE) { ++ if (!sk_X509_EXTENSION_delete(*x, extidx)) ++ return -1; ++ return 1; ++ } ++ } else { ++ /* ++ * If replace existing or delete, error since extension must exist ++ */ ++ if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || ++ (ext_op == X509V3_ADD_DELETE)) { ++ errcode = X509V3_R_EXTENSION_NOT_FOUND; ++ goto err; ++ } ++ } ++ ++ /* ++ * If we get this far then we have to create an extension: could have ++ * some flags for alternative encoding schemes... ++ */ ++ ++ ext = X509V3_EXT_i2d(nid, crit, value); ++ ++ if (!ext) { ++ X509V3err(X509V3_F_X509V3_ADD1_I2D, ++ X509V3_R_ERROR_CREATING_EXTENSION); ++ return 0; ++ } ++ ++ /* If extension exists replace it.. */ ++ if (extidx >= 0) { ++ extmp = sk_X509_EXTENSION_value(*x, extidx); ++ X509_EXTENSION_free(extmp); ++ if (!sk_X509_EXTENSION_set(*x, extidx, ext)) ++ return -1; ++ return 1; ++ } ++ ++ if (!*x && !(*x = sk_X509_EXTENSION_new_null())) ++ return -1; ++ if (!sk_X509_EXTENSION_push(*x, ext)) ++ return -1; ++ ++ return 1; ++ ++ err: ++ if (!(flags & X509V3_ADD_SILENT)) ++ X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); ++ return 0; + } + + IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +index 624fe7e..24c1b66 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +@@ -1,5 +1,6 @@ + /* v3_ncons.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include +@@ -64,156 +64,140 @@ + #include + + static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *a, BIO *bp, int ind); ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); ++static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, void *a, BIO *bp, ++ int ind); + static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, +- STACK_OF(GENERAL_SUBTREE) *trees, +- BIO *bp, int ind, char *name); ++ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, ++ int ind, char *name); + static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + + const X509V3_EXT_METHOD v3_name_constraints = { +- NID_name_constraints, 0, +- ASN1_ITEM_ref(NAME_CONSTRAINTS), +- 0,0,0,0, +- 0,0, +- 0, v2i_NAME_CONSTRAINTS, +- i2r_NAME_CONSTRAINTS,0, +- NULL ++ NID_name_constraints, 0, ++ ASN1_ITEM_ref(NAME_CONSTRAINTS), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, v2i_NAME_CONSTRAINTS, ++ i2r_NAME_CONSTRAINTS, 0, ++ NULL + }; + + ASN1_SEQUENCE(GENERAL_SUBTREE) = { +- ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), +- ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), +- ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) ++ ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME), ++ ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0), ++ ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1) + } ASN1_SEQUENCE_END(GENERAL_SUBTREE) + + ASN1_SEQUENCE(NAME_CONSTRAINTS) = { +- ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, +- GENERAL_SUBTREE, 0), +- ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, +- GENERAL_SUBTREE, 1), ++ ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees, ++ GENERAL_SUBTREE, 0), ++ ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees, ++ GENERAL_SUBTREE, 1), + } ASN1_SEQUENCE_END(NAME_CONSTRAINTS) +- ++ + + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + + static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +- { +- int i; +- CONF_VALUE tval, *val; +- STACK_OF(GENERAL_SUBTREE) **ptree = NULL; +- NAME_CONSTRAINTS *ncons = NULL; +- GENERAL_SUBTREE *sub = NULL; +- ncons = NAME_CONSTRAINTS_new(); +- if (!ncons) +- goto memerr; +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) +- { +- val = sk_CONF_VALUE_value(nval, i); +- if (!strncmp(val->name, "permitted", 9) && val->name[9]) +- { +- ptree = &ncons->permittedSubtrees; +- tval.name = val->name + 10; +- } +- else if (!strncmp(val->name, "excluded", 8) && val->name[8]) +- { +- ptree = &ncons->excludedSubtrees; +- tval.name = val->name + 9; +- } +- else +- { +- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); +- goto err; +- } +- tval.value = val->value; +- sub = GENERAL_SUBTREE_new(); +- if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) +- goto err; +- if (!*ptree) +- *ptree = sk_GENERAL_SUBTREE_new_null(); +- if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) +- goto memerr; +- sub = NULL; +- } +- +- return ncons; +- +- memerr: +- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); +- err: +- if (ncons) +- NAME_CONSTRAINTS_free(ncons); +- if (sub) +- GENERAL_SUBTREE_free(sub); +- +- return NULL; +- } +- +- +- ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++{ ++ int i; ++ CONF_VALUE tval, *val; ++ STACK_OF(GENERAL_SUBTREE) **ptree = NULL; ++ NAME_CONSTRAINTS *ncons = NULL; ++ GENERAL_SUBTREE *sub = NULL; ++ ncons = NAME_CONSTRAINTS_new(); ++ if (!ncons) ++ goto memerr; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ val = sk_CONF_VALUE_value(nval, i); ++ if (!strncmp(val->name, "permitted", 9) && val->name[9]) { ++ ptree = &ncons->permittedSubtrees; ++ tval.name = val->name + 10; ++ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { ++ ptree = &ncons->excludedSubtrees; ++ tval.name = val->name + 9; ++ } else { ++ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX); ++ goto err; ++ } ++ tval.value = val->value; ++ sub = GENERAL_SUBTREE_new(); ++ if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) ++ goto err; ++ if (!*ptree) ++ *ptree = sk_GENERAL_SUBTREE_new_null(); ++ if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) ++ goto memerr; ++ sub = NULL; ++ } ++ ++ return ncons; ++ ++ memerr: ++ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); ++ err: ++ if (ncons) ++ NAME_CONSTRAINTS_free(ncons); ++ if (sub) ++ GENERAL_SUBTREE_free(sub); ++ ++ return NULL; ++} + + static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *a, BIO *bp, int ind) +- { +- NAME_CONSTRAINTS *ncons = a; +- do_i2r_name_constraints(method, ncons->permittedSubtrees, +- bp, ind, "Permitted"); +- do_i2r_name_constraints(method, ncons->excludedSubtrees, +- bp, ind, "Excluded"); +- return 1; +- } ++ void *a, BIO *bp, int ind) ++{ ++ NAME_CONSTRAINTS *ncons = a; ++ do_i2r_name_constraints(method, ncons->permittedSubtrees, ++ bp, ind, "Permitted"); ++ do_i2r_name_constraints(method, ncons->excludedSubtrees, ++ bp, ind, "Excluded"); ++ return 1; ++} + + static int do_i2r_name_constraints(X509V3_EXT_METHOD *method, +- STACK_OF(GENERAL_SUBTREE) *trees, +- BIO *bp, int ind, char *name) +- { +- GENERAL_SUBTREE *tree; +- int i; +- if (sk_GENERAL_SUBTREE_num(trees) > 0) +- BIO_printf(bp, "%*s%s:\n", ind, "", name); +- for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) +- { +- tree = sk_GENERAL_SUBTREE_value(trees, i); +- BIO_printf(bp, "%*s", ind + 2, ""); +- if (tree->base->type == GEN_IPADD) +- print_nc_ipadd(bp, tree->base->d.ip); +- else +- GENERAL_NAME_print(bp, tree->base); +- BIO_puts(bp, "\n"); +- } +- return 1; +- } ++ STACK_OF(GENERAL_SUBTREE) *trees, ++ BIO *bp, int ind, char *name) ++{ ++ GENERAL_SUBTREE *tree; ++ int i; ++ if (sk_GENERAL_SUBTREE_num(trees) > 0) ++ BIO_printf(bp, "%*s%s:\n", ind, "", name); ++ for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) { ++ tree = sk_GENERAL_SUBTREE_value(trees, i); ++ BIO_printf(bp, "%*s", ind + 2, ""); ++ if (tree->base->type == GEN_IPADD) ++ print_nc_ipadd(bp, tree->base->d.ip); ++ else ++ GENERAL_NAME_print(bp, tree->base); ++ BIO_puts(bp, "\n"); ++ } ++ return 1; ++} + + static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) +- { +- int i, len; +- unsigned char *p; +- p = ip->data; +- len = ip->length; +- BIO_puts(bp, "IP:"); +- if(len == 8) +- { +- BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", +- p[0], p[1], p[2], p[3], +- p[4], p[5], p[6], p[7]); +- } +- else if(len == 32) +- { +- for (i = 0; i < 16; i++) +- { +- BIO_printf(bp, "%X", p[0] << 8 | p[1]); +- p += 2; +- if (i == 7) +- BIO_puts(bp, "/"); +- else if (i != 15) +- BIO_puts(bp, ":"); +- } +- } +- else +- BIO_printf(bp, "IP Address:"); +- return 1; +- } +- ++{ ++ int i, len; ++ unsigned char *p; ++ p = ip->data; ++ len = ip->length; ++ BIO_puts(bp, "IP:"); ++ if (len == 8) { ++ BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", ++ p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); ++ } else if (len == 32) { ++ for (i = 0; i < 16; i++) { ++ BIO_printf(bp, "%X", p[0] << 8 | p[1]); ++ p += 2; ++ if (i == 7) ++ BIO_puts(bp, "/"); ++ else if (i != 15) ++ BIO_puts(bp, ":"); ++ } ++ } else ++ BIO_printf(bp, "IP Address:"); ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +index 5c19cf4..e1b72f5 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +@@ -1,6 +1,7 @@ + /* v3_ocsp.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -58,218 +59,253 @@ + + #ifndef OPENSSL_NO_OCSP + +-#include +-#include "cryptlib.h" +-#include +-#include +-#include +-#include ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include + +-/* OCSP extensions and a couple of CRL entry extensions ++/* ++ * OCSP extensions and a couple of CRL entry extensions + */ + +-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); +-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); +-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent); ++static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, ++ int indent); ++static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, ++ int indent); ++static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, ++ int indent); + + static void *ocsp_nonce_new(void); + static int i2d_ocsp_nonce(void *a, unsigned char **pp); + static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); + static void ocsp_nonce_free(void *a); +-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); ++static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, ++ int indent); + +-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); +-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str); +-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); ++static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, ++ BIO *out, int indent); ++static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ const char *str); ++static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, ++ int ind); + + const X509V3_EXT_METHOD v3_ocsp_crlid = { +- NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), +- 0,0,0,0, +- 0,0, +- 0,0, +- i2r_ocsp_crlid,0, +- NULL ++ NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_crlid, 0, ++ NULL + }; + + const X509V3_EXT_METHOD v3_ocsp_acutoff = { +- NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), +- 0,0,0,0, +- 0,0, +- 0,0, +- i2r_ocsp_acutoff,0, +- NULL ++ NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_acutoff, 0, ++ NULL + }; + + const X509V3_EXT_METHOD v3_crl_invdate = { +- NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), +- 0,0,0,0, +- 0,0, +- 0,0, +- i2r_ocsp_acutoff,0, +- NULL ++ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_acutoff, 0, ++ NULL + }; + + const X509V3_EXT_METHOD v3_crl_hold = { +- NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), +- 0,0,0,0, +- 0,0, +- 0,0, +- i2r_object,0, +- NULL ++ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_object, 0, ++ NULL + }; + + const X509V3_EXT_METHOD v3_ocsp_nonce = { +- NID_id_pkix_OCSP_Nonce, 0, NULL, +- ocsp_nonce_new, +- ocsp_nonce_free, +- d2i_ocsp_nonce, +- i2d_ocsp_nonce, +- 0,0, +- 0,0, +- i2r_ocsp_nonce,0, +- NULL ++ NID_id_pkix_OCSP_Nonce, 0, NULL, ++ ocsp_nonce_new, ++ ocsp_nonce_free, ++ d2i_ocsp_nonce, ++ i2d_ocsp_nonce, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_nonce, 0, ++ NULL + }; + + const X509V3_EXT_METHOD v3_ocsp_nocheck = { +- NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), +- 0,0,0,0, +- 0,s2i_ocsp_nocheck, +- 0,0, +- i2r_ocsp_nocheck,0, +- NULL ++ NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), ++ 0, 0, 0, 0, ++ 0, s2i_ocsp_nocheck, ++ 0, 0, ++ i2r_ocsp_nocheck, 0, ++ NULL + }; + + const X509V3_EXT_METHOD v3_ocsp_serviceloc = { +- NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), +- 0,0,0,0, +- 0,0, +- 0,0, +- i2r_ocsp_serviceloc,0, +- NULL ++ NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_serviceloc, 0, ++ NULL + }; + +-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) ++static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, ++ int ind) + { +- OCSP_CRLID *a = in; +- if (a->crlUrl) +- { +- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err; +- if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; +- if (BIO_write(bp, "\n", 1) <= 0) goto err; +- } +- if (a->crlNum) +- { +- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err; +- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err; +- if (BIO_write(bp, "\n", 1) <= 0) goto err; +- } +- if (a->crlTime) +- { +- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err; +- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; +- if (BIO_write(bp, "\n", 1) <= 0) goto err; +- } +- return 1; +- err: +- return 0; ++ OCSP_CRLID *a = in; ++ if (a->crlUrl) { ++ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) ++ goto err; ++ if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (a->crlNum) { ++ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) ++ goto err; ++ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (a->crlTime) { ++ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ return 1; ++ err: ++ return 0; + } + +-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) ++static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, ++ int ind) + { +- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; +- if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; +- return 1; ++ if (BIO_printf(bp, "%*s", ind, "") <= 0) ++ return 0; ++ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) ++ return 0; ++ return 1; + } + +- + static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) + { +- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0; +- if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0; +- return 1; ++ if (BIO_printf(bp, "%*s", ind, "") <= 0) ++ return 0; ++ if (i2a_ASN1_OBJECT(bp, oid) <= 0) ++ return 0; ++ return 1; + } + +-/* OCSP nonce. This is needs special treatment because it doesn't have +- * an ASN1 encoding at all: it just contains arbitrary data. ++/* ++ * OCSP nonce. This is needs special treatment because it doesn't have an ++ * ASN1 encoding at all: it just contains arbitrary data. + */ + + static void *ocsp_nonce_new(void) + { +- return ASN1_OCTET_STRING_new(); ++ return ASN1_OCTET_STRING_new(); + } + + static int i2d_ocsp_nonce(void *a, unsigned char **pp) + { +- ASN1_OCTET_STRING *os = a; +- if(pp) { +- memcpy(*pp, os->data, os->length); +- *pp += os->length; +- } +- return os->length; ++ ASN1_OCTET_STRING *os = a; ++ if (pp) { ++ memcpy(*pp, os->data, os->length); ++ *pp += os->length; ++ } ++ return os->length; + } + + static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) + { +- ASN1_OCTET_STRING *os, **pos; +- pos = a; +- if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); +- else os = *pos; +- if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; ++ ASN1_OCTET_STRING *os, **pos; ++ pos = a; ++ if (!pos || !*pos) ++ os = ASN1_OCTET_STRING_new(); ++ else ++ os = *pos; ++ if (!ASN1_OCTET_STRING_set(os, *pp, length)) ++ goto err; + +- *pp += length; ++ *pp += length; + +- if(pos) *pos = os; +- return os; ++ if (pos) ++ *pos = os; ++ return os; + +- err: +- if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); +- OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); +- return NULL; ++ err: ++ if (os && (!pos || (*pos != os))) ++ M_ASN1_OCTET_STRING_free(os); ++ OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); ++ return NULL; + } + + static void ocsp_nonce_free(void *a) + { +- M_ASN1_OCTET_STRING_free(a); ++ M_ASN1_OCTET_STRING_free(a); + } + +-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) ++static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, ++ int indent) + { +- if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; +- if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; +- return 1; ++ if (BIO_printf(out, "%*s", indent, "") <= 0) ++ return 0; ++ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) ++ return 0; ++ return 1; + } + + /* Nocheck is just a single NULL. Don't print anything and always set it */ + +-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) ++static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, ++ BIO *out, int indent) + { +- return 1; ++ return 1; + } + +-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) ++static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ const char *str) + { +- return ASN1_NULL_new(); ++ return ASN1_NULL_new(); + } + +-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +- { +- int i; +- OCSP_SERVICELOC *a = in; +- ACCESS_DESCRIPTION *ad; ++static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, ++ int ind) ++{ ++ int i; ++ OCSP_SERVICELOC *a = in; ++ ACCESS_DESCRIPTION *ad; + +- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; +- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; +- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) +- { +- ad = sk_ACCESS_DESCRIPTION_value(a->locator,i); +- if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) +- goto err; +- if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; +- if(BIO_puts(bp, " - ") <= 0) goto err; +- if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err; +- } +- return 1; +-err: +- return 0; +- } ++ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) ++ goto err; ++ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) ++ goto err; ++ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { ++ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); ++ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) ++ goto err; ++ if (BIO_puts(bp, " - ") <= 0) ++ goto err; ++ if (GENERAL_NAME_print(bp, ad->location) <= 0) ++ goto err; ++ } ++ return 1; ++ err: ++ return 0; ++} + #endif +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +index 823e9af..cd6b4b2 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +@@ -1,6 +1,7 @@ + /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Contributed to the OpenSSL Project 2004 +- * by Richard Levitte (richard@levitte.org) ++/* ++ * Contributed to the OpenSSL Project 2004 by Richard Levitte ++ * (richard@levitte.org) + */ + /* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). +@@ -40,289 +41,277 @@ + #include + + static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, +- BIO *out, int indent); ++ BIO *out, int indent); + static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, char *str); ++ X509V3_CTX *ctx, char *str); + + const X509V3_EXT_METHOD v3_pci = +- { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), +- 0,0,0,0, +- 0,0, +- NULL, NULL, +- (X509V3_EXT_I2R)i2r_pci, +- (X509V3_EXT_R2I)r2i_pci, +- NULL, +- }; ++ { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), ++ 0, 0, 0, 0, ++ 0, 0, ++ NULL, NULL, ++ (X509V3_EXT_I2R)i2r_pci, ++ (X509V3_EXT_R2I)r2i_pci, ++ NULL, ++}; + + static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, +- BIO *out, int indent) +- { +- BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); +- if (pci->pcPathLengthConstraint) +- i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); +- else +- BIO_printf(out, "infinite"); +- BIO_puts(out, "\n"); +- BIO_printf(out, "%*sPolicy Language: ", indent, ""); +- i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); +- BIO_puts(out, "\n"); +- if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) +- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", +- pci->proxyPolicy->policy->data); +- return 1; +- } ++ BIO *out, int indent) ++{ ++ BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); ++ if (pci->pcPathLengthConstraint) ++ i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); ++ else ++ BIO_printf(out, "infinite"); ++ BIO_puts(out, "\n"); ++ BIO_printf(out, "%*sPolicy Language: ", indent, ""); ++ i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); ++ BIO_puts(out, "\n"); ++ if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) ++ BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", ++ pci->proxyPolicy->policy->data); ++ return 1; ++} + + static int process_pci_value(CONF_VALUE *val, +- ASN1_OBJECT **language, ASN1_INTEGER **pathlen, +- ASN1_OCTET_STRING **policy) +- { +- int free_policy = 0; ++ ASN1_OBJECT **language, ASN1_INTEGER **pathlen, ++ ASN1_OCTET_STRING **policy) ++{ ++ int free_policy = 0; + +- if (strcmp(val->name, "language") == 0) +- { +- if (*language) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); +- X509V3_conf_err(val); +- return 0; +- } +- if (!(*language = OBJ_txt2obj(val->value, 0))) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER); +- X509V3_conf_err(val); +- return 0; +- } +- } +- else if (strcmp(val->name, "pathlen") == 0) +- { +- if (*pathlen) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); +- X509V3_conf_err(val); +- return 0; +- } +- if (!X509V3_get_value_int(val, pathlen)) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH); +- X509V3_conf_err(val); +- return 0; +- } +- } +- else if (strcmp(val->name, "policy") == 0) +- { +- unsigned char *tmp_data = NULL; +- long val_len; +- if (!*policy) +- { +- *policy = ASN1_OCTET_STRING_new(); +- if (!*policy) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); +- X509V3_conf_err(val); +- return 0; +- } +- free_policy = 1; +- } +- if (strncmp(val->value, "hex:", 4) == 0) +- { +- unsigned char *tmp_data2 = +- string_to_hex(val->value + 4, &val_len); ++ if (strcmp(val->name, "language") == 0) { ++ if (*language) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED); ++ X509V3_conf_err(val); ++ return 0; ++ } ++ if (!(*language = OBJ_txt2obj(val->value, 0))) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_INVALID_OBJECT_IDENTIFIER); ++ X509V3_conf_err(val); ++ return 0; ++ } ++ } else if (strcmp(val->name, "pathlen") == 0) { ++ if (*pathlen) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED); ++ X509V3_conf_err(val); ++ return 0; ++ } ++ if (!X509V3_get_value_int(val, pathlen)) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_POLICY_PATH_LENGTH); ++ X509V3_conf_err(val); ++ return 0; ++ } ++ } else if (strcmp(val->name, "policy") == 0) { ++ unsigned char *tmp_data = NULL; ++ long val_len; ++ if (!*policy) { ++ *policy = ASN1_OCTET_STRING_new(); ++ if (!*policy) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); ++ X509V3_conf_err(val); ++ return 0; ++ } ++ free_policy = 1; ++ } ++ if (strncmp(val->value, "hex:", 4) == 0) { ++ unsigned char *tmp_data2 = ++ string_to_hex(val->value + 4, &val_len); + +- if (!tmp_data2) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT); +- X509V3_conf_err(val); +- goto err; +- } ++ if (!tmp_data2) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_ILLEGAL_HEX_DIGIT); ++ X509V3_conf_err(val); ++ goto err; ++ } + +- tmp_data = OPENSSL_realloc((*policy)->data, +- (*policy)->length + val_len + 1); +- if (tmp_data) +- { +- (*policy)->data = tmp_data; +- memcpy(&(*policy)->data[(*policy)->length], +- tmp_data2, val_len); +- (*policy)->length += val_len; +- (*policy)->data[(*policy)->length] = '\0'; +- } +- else +- { +- OPENSSL_free(tmp_data2); +- /* realloc failure implies the original data space is b0rked too! */ +- (*policy)->data = NULL; +- (*policy)->length = 0; +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); +- X509V3_conf_err(val); +- goto err; +- } +- OPENSSL_free(tmp_data2); +- } +- else if (strncmp(val->value, "file:", 5) == 0) +- { +- unsigned char buf[2048]; +- int n; +- BIO *b = BIO_new_file(val->value + 5, "r"); +- if (!b) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); +- X509V3_conf_err(val); +- goto err; +- } +- while((n = BIO_read(b, buf, sizeof(buf))) > 0 +- || (n == 0 && BIO_should_retry(b))) +- { +- if (!n) continue; ++ tmp_data = OPENSSL_realloc((*policy)->data, ++ (*policy)->length + val_len + 1); ++ if (tmp_data) { ++ (*policy)->data = tmp_data; ++ memcpy(&(*policy)->data[(*policy)->length], ++ tmp_data2, val_len); ++ (*policy)->length += val_len; ++ (*policy)->data[(*policy)->length] = '\0'; ++ } else { ++ OPENSSL_free(tmp_data2); ++ /* ++ * realloc failure implies the original data space is b0rked ++ * too! ++ */ ++ (*policy)->data = NULL; ++ (*policy)->length = 0; ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ OPENSSL_free(tmp_data2); ++ } else if (strncmp(val->value, "file:", 5) == 0) { ++ unsigned char buf[2048]; ++ int n; ++ BIO *b = BIO_new_file(val->value + 5, "r"); ++ if (!b) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ while ((n = BIO_read(b, buf, sizeof(buf))) > 0 ++ || (n == 0 && BIO_should_retry(b))) { ++ if (!n) ++ continue; + +- tmp_data = OPENSSL_realloc((*policy)->data, +- (*policy)->length + n + 1); ++ tmp_data = OPENSSL_realloc((*policy)->data, ++ (*policy)->length + n + 1); + +- if (!tmp_data) +- break; ++ if (!tmp_data) ++ break; + +- (*policy)->data = tmp_data; +- memcpy(&(*policy)->data[(*policy)->length], +- buf, n); +- (*policy)->length += n; +- (*policy)->data[(*policy)->length] = '\0'; +- } +- BIO_free_all(b); ++ (*policy)->data = tmp_data; ++ memcpy(&(*policy)->data[(*policy)->length], buf, n); ++ (*policy)->length += n; ++ (*policy)->data[(*policy)->length] = '\0'; ++ } ++ BIO_free_all(b); + +- if (n < 0) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB); +- X509V3_conf_err(val); +- goto err; +- } +- } +- else if (strncmp(val->value, "text:", 5) == 0) +- { +- val_len = strlen(val->value + 5); +- tmp_data = OPENSSL_realloc((*policy)->data, +- (*policy)->length + val_len + 1); +- if (tmp_data) +- { +- (*policy)->data = tmp_data; +- memcpy(&(*policy)->data[(*policy)->length], +- val->value + 5, val_len); +- (*policy)->length += val_len; +- (*policy)->data[(*policy)->length] = '\0'; +- } +- else +- { +- /* realloc failure implies the original data space is b0rked too! */ +- (*policy)->data = NULL; +- (*policy)->length = 0; +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); +- X509V3_conf_err(val); +- goto err; +- } +- } +- else +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); +- X509V3_conf_err(val); +- goto err; +- } +- if (!tmp_data) +- { +- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE); +- X509V3_conf_err(val); +- goto err; +- } +- } +- return 1; +-err: +- if (free_policy) +- { +- ASN1_OCTET_STRING_free(*policy); +- *policy = NULL; +- } +- return 0; +- } ++ if (n < 0) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ } else if (strncmp(val->value, "text:", 5) == 0) { ++ val_len = strlen(val->value + 5); ++ tmp_data = OPENSSL_realloc((*policy)->data, ++ (*policy)->length + val_len + 1); ++ if (tmp_data) { ++ (*policy)->data = tmp_data; ++ memcpy(&(*policy)->data[(*policy)->length], ++ val->value + 5, val_len); ++ (*policy)->length += val_len; ++ (*policy)->data[(*policy)->length] = '\0'; ++ } else { ++ /* ++ * realloc failure implies the original data space is b0rked ++ * too! ++ */ ++ (*policy)->data = NULL; ++ (*policy)->length = 0; ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ } else { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ if (!tmp_data) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ } ++ return 1; ++ err: ++ if (free_policy) { ++ ASN1_OCTET_STRING_free(*policy); ++ *policy = NULL; ++ } ++ return 0; ++} + + static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, char *value) +- { +- PROXY_CERT_INFO_EXTENSION *pci = NULL; +- STACK_OF(CONF_VALUE) *vals; +- ASN1_OBJECT *language = NULL; +- ASN1_INTEGER *pathlen = NULL; +- ASN1_OCTET_STRING *policy = NULL; +- int i, j; ++ X509V3_CTX *ctx, char *value) ++{ ++ PROXY_CERT_INFO_EXTENSION *pci = NULL; ++ STACK_OF(CONF_VALUE) *vals; ++ ASN1_OBJECT *language = NULL; ++ ASN1_INTEGER *pathlen = NULL; ++ ASN1_OCTET_STRING *policy = NULL; ++ int i, j; + +- vals = X509V3_parse_list(value); +- for (i = 0; i < sk_CONF_VALUE_num(vals); i++) +- { +- CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); +- if (!cnf->name || (*cnf->name != '@' && !cnf->value)) +- { +- X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING); +- X509V3_conf_err(cnf); +- goto err; +- } +- if (*cnf->name == '@') +- { +- STACK_OF(CONF_VALUE) *sect; +- int success_p = 1; ++ vals = X509V3_parse_list(value); ++ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { ++ CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); ++ if (!cnf->name || (*cnf->name != '@' && !cnf->value)) { ++ X509V3err(X509V3_F_R2I_PCI, ++ X509V3_R_INVALID_PROXY_POLICY_SETTING); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ if (*cnf->name == '@') { ++ STACK_OF(CONF_VALUE) *sect; ++ int success_p = 1; + +- sect = X509V3_get_section(ctx, cnf->name + 1); +- if (!sect) +- { +- X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION); +- X509V3_conf_err(cnf); +- goto err; +- } +- for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) +- { +- success_p = +- process_pci_value(sk_CONF_VALUE_value(sect, j), +- &language, &pathlen, &policy); +- } +- X509V3_section_free(ctx, sect); +- if (!success_p) +- goto err; +- } +- else +- { +- if (!process_pci_value(cnf, +- &language, &pathlen, &policy)) +- { +- X509V3_conf_err(cnf); +- goto err; +- } +- } +- } ++ sect = X509V3_get_section(ctx, cnf->name + 1); ++ if (!sect) { ++ X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION); ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) { ++ success_p = ++ process_pci_value(sk_CONF_VALUE_value(sect, j), ++ &language, &pathlen, &policy); ++ } ++ X509V3_section_free(ctx, sect); ++ if (!success_p) ++ goto err; ++ } else { ++ if (!process_pci_value(cnf, &language, &pathlen, &policy)) { ++ X509V3_conf_err(cnf); ++ goto err; ++ } ++ } ++ } + +- /* Language is mandatory */ +- if (!language) +- { +- X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); +- goto err; +- } +- i = OBJ_obj2nid(language); +- if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) +- { +- X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); +- goto err; +- } ++ /* Language is mandatory */ ++ if (!language) { ++ X509V3err(X509V3_F_R2I_PCI, ++ X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); ++ goto err; ++ } ++ i = OBJ_obj2nid(language); ++ if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) { ++ X509V3err(X509V3_F_R2I_PCI, ++ X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); ++ goto err; ++ } + +- pci = PROXY_CERT_INFO_EXTENSION_new(); +- if (!pci) +- { +- X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ pci = PROXY_CERT_INFO_EXTENSION_new(); ++ if (!pci) { ++ X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + +- pci->proxyPolicy->policyLanguage = language; language = NULL; +- pci->proxyPolicy->policy = policy; policy = NULL; +- pci->pcPathLengthConstraint = pathlen; pathlen = NULL; +- goto end; +-err: +- if (language) { ASN1_OBJECT_free(language); language = NULL; } +- if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; } +- if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; } +- if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; } +-end: +- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); +- return pci; +- } ++ pci->proxyPolicy->policyLanguage = language; ++ language = NULL; ++ pci->proxyPolicy->policy = policy; ++ policy = NULL; ++ pci->pcPathLengthConstraint = pathlen; ++ pathlen = NULL; ++ goto end; ++ err: ++ if (language) { ++ ASN1_OBJECT_free(language); ++ language = NULL; ++ } ++ if (pathlen) { ++ ASN1_INTEGER_free(pathlen); ++ pathlen = NULL; ++ } ++ if (policy) { ++ ASN1_OCTET_STRING_free(policy); ++ policy = NULL; ++ } ++ if (pci) { ++ PROXY_CERT_INFO_EXTENSION_free(pci); ++ pci = NULL; ++ } ++ end: ++ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); ++ return pci; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +index bb362e0..350b398 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +@@ -1,6 +1,7 @@ + /* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */ +-/* Contributed to the OpenSSL Project 2004 +- * by Richard Levitte (richard@levitte.org) ++/* ++ * Contributed to the OpenSSL Project 2004 by Richard Levitte ++ * (richard@levitte.org) + */ + /* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). +@@ -39,17 +40,17 @@ + #include + + ASN1_SEQUENCE(PROXY_POLICY) = +- { +- ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), +- ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) ++ { ++ ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), ++ ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END(PROXY_POLICY) + + IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) + + ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = +- { +- ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), +- ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) ++ { ++ ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), ++ ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) + } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) + + IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +index 86c0ff7..6a5f337 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +@@ -1,5 +1,6 @@ + /* v3_pcons.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include +@@ -65,72 +65,77 @@ + #include + + static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *bcons, STACK_OF(CONF_VALUE) *extlist); ++ void *bcons, ++ STACK_OF(CONF_VALUE) ++ *extlist); + static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *values); + + const X509V3_EXT_METHOD v3_policy_constraints = { +-NID_policy_constraints, 0, +-ASN1_ITEM_ref(POLICY_CONSTRAINTS), +-0,0,0,0, +-0,0, +-i2v_POLICY_CONSTRAINTS, +-v2i_POLICY_CONSTRAINTS, +-NULL,NULL, +-NULL ++ NID_policy_constraints, 0, ++ ASN1_ITEM_ref(POLICY_CONSTRAINTS), ++ 0, 0, 0, 0, ++ 0, 0, ++ i2v_POLICY_CONSTRAINTS, ++ v2i_POLICY_CONSTRAINTS, ++ NULL, NULL, ++ NULL + }; + + ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { +- ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), +- ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) ++ ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), ++ ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) + } ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) + + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) + +- + static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, +- void *a, STACK_OF(CONF_VALUE) *extlist) ++ void *a, ++ STACK_OF(CONF_VALUE) ++ *extlist) + { +- POLICY_CONSTRAINTS *pcons = a; +- X509V3_add_value_int("Require Explicit Policy", +- pcons->requireExplicitPolicy, &extlist); +- X509V3_add_value_int("Inhibit Policy Mapping", +- pcons->inhibitPolicyMapping, &extlist); +- return extlist; ++ POLICY_CONSTRAINTS *pcons = a; ++ X509V3_add_value_int("Require Explicit Policy", ++ pcons->requireExplicitPolicy, &extlist); ++ X509V3_add_value_int("Inhibit Policy Mapping", ++ pcons->inhibitPolicyMapping, &extlist); ++ return extlist; + } + + static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) ++ X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *values) + { +- POLICY_CONSTRAINTS *pcons=NULL; +- CONF_VALUE *val; +- int i; +- if(!(pcons = POLICY_CONSTRAINTS_new())) { +- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for(i = 0; i < sk_CONF_VALUE_num(values); i++) { +- val = sk_CONF_VALUE_value(values, i); +- if(!strcmp(val->name, "requireExplicitPolicy")) { +- if(!X509V3_get_value_int(val, +- &pcons->requireExplicitPolicy)) goto err; +- } else if(!strcmp(val->name, "inhibitPolicyMapping")) { +- if(!X509V3_get_value_int(val, +- &pcons->inhibitPolicyMapping)) goto err; +- } else { +- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); +- X509V3_conf_err(val); +- goto err; +- } +- } +- if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { +- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION); +- goto err; +- } ++ POLICY_CONSTRAINTS *pcons = NULL; ++ CONF_VALUE *val; ++ int i; ++ if (!(pcons = POLICY_CONSTRAINTS_new())) { ++ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(values); i++) { ++ val = sk_CONF_VALUE_value(values, i); ++ if (!strcmp(val->name, "requireExplicitPolicy")) { ++ if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) ++ goto err; ++ } else if (!strcmp(val->name, "inhibitPolicyMapping")) { ++ if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) ++ goto err; ++ } else { ++ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME); ++ X509V3_conf_err(val); ++ goto err; ++ } ++ } ++ if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { ++ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ++ X509V3_R_ILLEGAL_EMPTY_EXTENSION); ++ goto err; ++ } + +- return pcons; +- err: +- POLICY_CONSTRAINTS_free(pcons); +- return NULL; ++ return pcons; ++ err: ++ POLICY_CONSTRAINTS_free(pcons); ++ return NULL; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +index 076f3ff..dd01c44 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +@@ -1,6 +1,7 @@ + /* v3_pku.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -62,42 +63,47 @@ + #include + #include + +-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); ++static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, ++ PKEY_USAGE_PERIOD *usage, BIO *out, ++ int indent); + /* +-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); +-*/ ++ * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, ++ * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); ++ */ + const X509V3_EXT_METHOD v3_pkey_usage_period = { +-NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), +-0,0,0,0, +-0,0,0,0, +-(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, +-NULL ++ NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), ++ 0, 0, 0, 0, ++ 0, 0, 0, 0, ++ (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, ++ NULL + }; + + ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { +- ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), +- ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) ++ ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), ++ ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) + } ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) + + IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) + + static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, +- PKEY_USAGE_PERIOD *usage, BIO *out, int indent) ++ PKEY_USAGE_PERIOD *usage, BIO *out, ++ int indent) + { +- BIO_printf(out, "%*s", indent, ""); +- if(usage->notBefore) { +- BIO_write(out, "Not Before: ", 12); +- ASN1_GENERALIZEDTIME_print(out, usage->notBefore); +- if(usage->notAfter) BIO_write(out, ", ", 2); +- } +- if(usage->notAfter) { +- BIO_write(out, "Not After: ", 11); +- ASN1_GENERALIZEDTIME_print(out, usage->notAfter); +- } +- return 1; ++ BIO_printf(out, "%*s", indent, ""); ++ if (usage->notBefore) { ++ BIO_write(out, "Not Before: ", 12); ++ ASN1_GENERALIZEDTIME_print(out, usage->notBefore); ++ if (usage->notAfter) ++ BIO_write(out, ", ", 2); ++ } ++ if (usage->notAfter) { ++ BIO_write(out, "Not After: ", 11); ++ ASN1_GENERALIZEDTIME_print(out, usage->notAfter); ++ } ++ return 1; + } + +-/* ++/*- + static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) + X509V3_EXT_METHOD *method; + X509V3_CTX *ctx; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +index da03bbc..22e9e58 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +@@ -1,5 +1,6 @@ + /* v3_pmaps.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,7 +57,6 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include +@@ -64,90 +64,94 @@ + #include + + static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, +- void *pmps, STACK_OF(CONF_VALUE) *extlist); ++ void *pmps, ++ STACK_OF(CONF_VALUE) ++ *extlist); + + const X509V3_EXT_METHOD v3_policy_mappings = { +- NID_policy_mappings, 0, +- ASN1_ITEM_ref(POLICY_MAPPINGS), +- 0,0,0,0, +- 0,0, +- i2v_POLICY_MAPPINGS, +- v2i_POLICY_MAPPINGS, +- 0,0, +- NULL ++ NID_policy_mappings, 0, ++ ASN1_ITEM_ref(POLICY_MAPPINGS), ++ 0, 0, 0, 0, ++ 0, 0, ++ i2v_POLICY_MAPPINGS, ++ v2i_POLICY_MAPPINGS, ++ 0, 0, ++ NULL + }; + + ASN1_SEQUENCE(POLICY_MAPPING) = { +- ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), +- ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) ++ ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), ++ ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) + } ASN1_SEQUENCE_END(POLICY_MAPPING) + +-ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, +- POLICY_MAPPING) ++ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, ++ POLICY_MAPPING) + ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) + + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) + +- + static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, +- void *a, STACK_OF(CONF_VALUE) *ext_list) ++ void *a, STACK_OF(CONF_VALUE) ++ *ext_list) + { +- POLICY_MAPPINGS *pmaps = a; +- POLICY_MAPPING *pmap; +- int i; +- char obj_tmp1[80]; +- char obj_tmp2[80]; +- for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { +- pmap = sk_POLICY_MAPPING_value(pmaps, i); +- i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); +- i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); +- X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); +- } +- return ext_list; ++ POLICY_MAPPINGS *pmaps = a; ++ POLICY_MAPPING *pmap; ++ int i; ++ char obj_tmp1[80]; ++ char obj_tmp2[80]; ++ for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { ++ pmap = sk_POLICY_MAPPING_value(pmaps, i); ++ i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); ++ i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); ++ X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); ++ } ++ return ext_list; + } + + static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) ++ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { +- POLICY_MAPPINGS *pmaps; +- POLICY_MAPPING *pmap; +- ASN1_OBJECT *obj1, *obj2; +- CONF_VALUE *val; +- int i; ++ POLICY_MAPPINGS *pmaps; ++ POLICY_MAPPING *pmap; ++ ASN1_OBJECT *obj1, *obj2; ++ CONF_VALUE *val; ++ int i; + +- if(!(pmaps = sk_POLICY_MAPPING_new_null())) { +- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); +- return NULL; +- } ++ if (!(pmaps = sk_POLICY_MAPPING_new_null())) { ++ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } + +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- val = sk_CONF_VALUE_value(nval, i); +- if(!val->value || !val->name) { +- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); +- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); +- X509V3_conf_err(val); +- return NULL; +- } +- obj1 = OBJ_txt2obj(val->name, 0); +- obj2 = OBJ_txt2obj(val->value, 0); +- if(!obj1 || !obj2) { +- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); +- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER); +- X509V3_conf_err(val); +- return NULL; +- } +- pmap = POLICY_MAPPING_new(); +- if (!pmap) { +- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); +- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- pmap->issuerDomainPolicy = obj1; +- pmap->subjectDomainPolicy = obj2; +- sk_POLICY_MAPPING_push(pmaps, pmap); +- } +- return pmaps; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ val = sk_CONF_VALUE_value(nval, i); ++ if (!val->value || !val->name) { ++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); ++ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ++ X509V3_R_INVALID_OBJECT_IDENTIFIER); ++ X509V3_conf_err(val); ++ return NULL; ++ } ++ obj1 = OBJ_txt2obj(val->name, 0); ++ obj2 = OBJ_txt2obj(val->value, 0); ++ if (!obj1 || !obj2) { ++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); ++ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ++ X509V3_R_INVALID_OBJECT_IDENTIFIER); ++ X509V3_conf_err(val); ++ return NULL; ++ } ++ pmap = POLICY_MAPPING_new(); ++ if (!pmap) { ++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); ++ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ pmap->issuerDomainPolicy = obj1; ++ pmap->subjectDomainPolicy = obj2; ++ sk_POLICY_MAPPING_push(pmaps, pmap); ++ } ++ return pmaps; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +index c1bb17f..4ae463e 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +@@ -1,6 +1,7 @@ + /* v3_prn.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,171 +65,195 @@ + + /* Extension printing routines */ + +-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); ++static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, ++ unsigned long flag, int indent, int supported); + + /* Print out a name+value stack */ + +-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) ++void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, ++ int ml) + { +- int i; +- CONF_VALUE *nval; +- if(!val) return; +- if(!ml || !sk_CONF_VALUE_num(val)) { +- BIO_printf(out, "%*s", indent, ""); +- if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "\n"); +- } +- for(i = 0; i < sk_CONF_VALUE_num(val); i++) { +- if(ml) BIO_printf(out, "%*s", indent, ""); +- else if(i > 0) BIO_printf(out, ", "); +- nval = sk_CONF_VALUE_value(val, i); +- if(!nval->name) BIO_puts(out, nval->value); +- else if(!nval->value) BIO_puts(out, nval->name); ++ int i; ++ CONF_VALUE *nval; ++ if (!val) ++ return; ++ if (!ml || !sk_CONF_VALUE_num(val)) { ++ BIO_printf(out, "%*s", indent, ""); ++ if (!sk_CONF_VALUE_num(val)) ++ BIO_puts(out, "\n"); ++ } ++ for (i = 0; i < sk_CONF_VALUE_num(val); i++) { ++ if (ml) ++ BIO_printf(out, "%*s", indent, ""); ++ else if (i > 0) ++ BIO_printf(out, ", "); ++ nval = sk_CONF_VALUE_value(val, i); ++ if (!nval->name) ++ BIO_puts(out, nval->value); ++ else if (!nval->value) ++ BIO_puts(out, nval->name); + #ifndef CHARSET_EBCDIC +- else BIO_printf(out, "%s:%s", nval->name, nval->value); ++ else ++ BIO_printf(out, "%s:%s", nval->name, nval->value); + #else +- else { +- int len; +- char *tmp; +- len = strlen(nval->value)+1; +- tmp = OPENSSL_malloc(len); +- if (tmp) +- { +- ascii2ebcdic(tmp, nval->value, len); +- BIO_printf(out, "%s:%s", nval->name, tmp); +- OPENSSL_free(tmp); +- } +- } ++ else { ++ int len; ++ char *tmp; ++ len = strlen(nval->value) + 1; ++ tmp = OPENSSL_malloc(len); ++ if (tmp) { ++ ascii2ebcdic(tmp, nval->value, len); ++ BIO_printf(out, "%s:%s", nval->name, tmp); ++ OPENSSL_free(tmp); ++ } ++ } + #endif +- if(ml) BIO_puts(out, "\n"); +- } ++ if (ml) ++ BIO_puts(out, "\n"); ++ } + } + + /* Main routine: print out a general extension */ + +-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent) ++int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, ++ int indent) + { +- void *ext_str = NULL; +- char *value = NULL; +- const unsigned char *p; +- X509V3_EXT_METHOD *method; +- STACK_OF(CONF_VALUE) *nval = NULL; +- int ok = 1; +- +- if(!(method = X509V3_EXT_get(ext))) +- return unknown_ext_print(out, ext, flag, indent, 0); +- p = ext->value->data; +- if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); +- else ext_str = method->d2i(NULL, &p, ext->value->length); +- +- if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1); +- +- if(method->i2s) { +- if(!(value = method->i2s(method, ext_str))) { +- ok = 0; +- goto err; +- } ++ void *ext_str = NULL; ++ char *value = NULL; ++ const unsigned char *p; ++ X509V3_EXT_METHOD *method; ++ STACK_OF(CONF_VALUE) *nval = NULL; ++ int ok = 1; ++ ++ if (!(method = X509V3_EXT_get(ext))) ++ return unknown_ext_print(out, ext, flag, indent, 0); ++ p = ext->value->data; ++ if (method->it) ++ ext_str = ++ ASN1_item_d2i(NULL, &p, ext->value->length, ++ ASN1_ITEM_ptr(method->it)); ++ else ++ ext_str = method->d2i(NULL, &p, ext->value->length); ++ ++ if (!ext_str) ++ return unknown_ext_print(out, ext, flag, indent, 1); ++ ++ if (method->i2s) { ++ if (!(value = method->i2s(method, ext_str))) { ++ ok = 0; ++ goto err; ++ } + #ifndef CHARSET_EBCDIC +- BIO_printf(out, "%*s%s", indent, "", value); ++ BIO_printf(out, "%*s%s", indent, "", value); + #else +- { +- int len; +- char *tmp; +- len = strlen(value)+1; +- tmp = OPENSSL_malloc(len); +- if (tmp) +- { +- ascii2ebcdic(tmp, value, len); +- BIO_printf(out, "%*s%s", indent, "", tmp); +- OPENSSL_free(tmp); +- } +- } ++ { ++ int len; ++ char *tmp; ++ len = strlen(value) + 1; ++ tmp = OPENSSL_malloc(len); ++ if (tmp) { ++ ascii2ebcdic(tmp, value, len); ++ BIO_printf(out, "%*s%s", indent, "", tmp); ++ OPENSSL_free(tmp); ++ } ++ } + #endif +- } else if(method->i2v) { +- if(!(nval = method->i2v(method, ext_str, NULL))) { +- ok = 0; +- goto err; +- } +- X509V3_EXT_val_prn(out, nval, indent, +- method->ext_flags & X509V3_EXT_MULTILINE); +- } else if(method->i2r) { +- if(!method->i2r(method, ext_str, out, indent)) ok = 0; +- } else ok = 0; +- +- err: +- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); +- if(value) OPENSSL_free(value); +- if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); +- else method->ext_free(ext_str); +- return ok; ++ } else if (method->i2v) { ++ if (!(nval = method->i2v(method, ext_str, NULL))) { ++ ok = 0; ++ goto err; ++ } ++ X509V3_EXT_val_prn(out, nval, indent, ++ method->ext_flags & X509V3_EXT_MULTILINE); ++ } else if (method->i2r) { ++ if (!method->i2r(method, ext_str, out, indent)) ++ ok = 0; ++ } else ++ ok = 0; ++ ++ err: ++ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); ++ if (value) ++ OPENSSL_free(value); ++ if (method->it) ++ ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); ++ else ++ method->ext_free(ext_str); ++ return ok; + } + +-int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) ++int X509V3_extensions_print(BIO *bp, char *title, ++ STACK_OF(X509_EXTENSION) *exts, ++ unsigned long flag, int indent) + { +- int i, j; +- +- if(sk_X509_EXTENSION_num(exts) <= 0) return 1; +- +- if(title) +- { +- BIO_printf(bp,"%*s%s:\n",indent, "", title); +- indent += 4; +- } +- +- for (i=0; ivalue); +- } +- if (BIO_write(bp,"\n",1) <= 0) return 0; +- } +- return 1; ++ int i, j; ++ ++ if (sk_X509_EXTENSION_num(exts) <= 0) ++ return 1; ++ ++ if (title) { ++ BIO_printf(bp, "%*s%s:\n", indent, "", title); ++ indent += 4; ++ } ++ ++ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { ++ ASN1_OBJECT *obj; ++ X509_EXTENSION *ex; ++ ex = sk_X509_EXTENSION_value(exts, i); ++ if (indent && BIO_printf(bp, "%*s", indent, "") <= 0) ++ return 0; ++ obj = X509_EXTENSION_get_object(ex); ++ i2a_ASN1_OBJECT(bp, obj); ++ j = X509_EXTENSION_get_critical(ex); ++ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) ++ return 0; ++ if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { ++ BIO_printf(bp, "%*s", indent + 4, ""); ++ M_ASN1_OCTET_STRING_print(bp, ex->value); ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ return 0; ++ } ++ return 1; + } + +-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) ++static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, ++ unsigned long flag, int indent, int supported) + { +- switch(flag & X509V3_EXT_UNKNOWN_MASK) { +- +- case X509V3_EXT_DEFAULT: +- return 0; +- +- case X509V3_EXT_ERROR_UNKNOWN: +- if(supported) +- BIO_printf(out, "%*s", indent, ""); +- else +- BIO_printf(out, "%*s", indent, ""); +- return 1; +- +- case X509V3_EXT_PARSE_UNKNOWN: +- return ASN1_parse_dump(out, +- ext->value->data, ext->value->length, indent, -1); +- case X509V3_EXT_DUMP_UNKNOWN: +- return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent); +- +- default: +- return 1; +- } ++ switch (flag & X509V3_EXT_UNKNOWN_MASK) { ++ ++ case X509V3_EXT_DEFAULT: ++ return 0; ++ ++ case X509V3_EXT_ERROR_UNKNOWN: ++ if (supported) ++ BIO_printf(out, "%*s", indent, ""); ++ else ++ BIO_printf(out, "%*s", indent, ""); ++ return 1; ++ ++ case X509V3_EXT_PARSE_UNKNOWN: ++ return ASN1_parse_dump(out, ++ ext->value->data, ext->value->length, indent, ++ -1); ++ case X509V3_EXT_DUMP_UNKNOWN: ++ return BIO_dump_indent(out, (char *)ext->value->data, ++ ext->value->length, indent); ++ ++ default: ++ return 1; ++ } + } +- + + #ifndef OPENSSL_NO_FP_API + int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) + { +- BIO *bio_tmp; +- int ret; +- if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; +- ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); +- BIO_free(bio_tmp); +- return ret; ++ BIO *bio_tmp; ++ int ret; ++ if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) ++ return 0; ++ ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); ++ BIO_free(bio_tmp); ++ return ret; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +index e18751e..6ff1521 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +@@ -1,6 +1,7 @@ + /* v3_purp.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2001. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. + */ + /* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -64,29 +65,42 @@ + static void x509v3_cache_extensions(X509 *x); + + static int check_ssl_ca(const X509 *x); +-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); +-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); +-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); ++static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, ++ int ca); ++static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, ++ int ca); ++static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, ++ int ca); + static int purpose_smime(const X509 *x, int ca); +-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); +-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); ++static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, ++ int ca); ++static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, ++ int ca); ++static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, ++ int ca); + static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); + static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); + +-static int xp_cmp(const X509_PURPOSE * const *a, +- const X509_PURPOSE * const *b); ++static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b); + static void xptable_free(X509_PURPOSE *p); + + static X509_PURPOSE xstandard[] = { +- {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL}, +- {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL}, +- {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, +- {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, +- {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, +- {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, +- {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, +- {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, ++ {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, ++ check_purpose_ssl_client, "SSL client", "sslclient", NULL}, ++ {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, ++ check_purpose_ssl_server, "SSL server", "sslserver", NULL}, ++ {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, ++ check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, ++ {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, ++ "S/MIME signing", "smimesign", NULL}, ++ {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, ++ check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, ++ {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, ++ "CRL signing", "crlsign", NULL}, ++ {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", ++ NULL}, ++ {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, ++ "OCSP helper", "ocsphelper", NULL}, + }; + + #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) +@@ -95,348 +109,367 @@ IMPLEMENT_STACK_OF(X509_PURPOSE) + + static STACK_OF(X509_PURPOSE) *xptable = NULL; + +-static int xp_cmp(const X509_PURPOSE * const *a, +- const X509_PURPOSE * const *b) ++static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) + { +- return (*a)->purpose - (*b)->purpose; ++ return (*a)->purpose - (*b)->purpose; + } + +-/* As much as I'd like to make X509_check_purpose use a "const" X509* +- * I really can't because it does recalculate hashes and do other non-const +- * things. */ ++/* ++ * As much as I'd like to make X509_check_purpose use a "const" X509* I ++ * really can't because it does recalculate hashes and do other non-const ++ * things. ++ */ + int X509_check_purpose(X509 *x, int id, int ca) + { +- int idx; +- const X509_PURPOSE *pt; +- if(!(x->ex_flags & EXFLAG_SET)) { +- CRYPTO_w_lock(CRYPTO_LOCK_X509); +- x509v3_cache_extensions(x); +- CRYPTO_w_unlock(CRYPTO_LOCK_X509); +- } +- if(id == -1) return 1; +- idx = X509_PURPOSE_get_by_id(id); +- if(idx == -1) return -1; +- pt = X509_PURPOSE_get0(idx); +- return pt->check_purpose(pt, x, ca); ++ int idx; ++ const X509_PURPOSE *pt; ++ if (!(x->ex_flags & EXFLAG_SET)) { ++ CRYPTO_w_lock(CRYPTO_LOCK_X509); ++ x509v3_cache_extensions(x); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509); ++ } ++ if (id == -1) ++ return 1; ++ idx = X509_PURPOSE_get_by_id(id); ++ if (idx == -1) ++ return -1; ++ pt = X509_PURPOSE_get0(idx); ++ return pt->check_purpose(pt, x, ca); + } + + int X509_PURPOSE_set(int *p, int purpose) + { +- if(X509_PURPOSE_get_by_id(purpose) == -1) { +- X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); +- return 0; +- } +- *p = purpose; +- return 1; ++ if (X509_PURPOSE_get_by_id(purpose) == -1) { ++ X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); ++ return 0; ++ } ++ *p = purpose; ++ return 1; + } + + int X509_PURPOSE_get_count(void) + { +- if(!xptable) return X509_PURPOSE_COUNT; +- return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; ++ if (!xptable) ++ return X509_PURPOSE_COUNT; ++ return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; + } + +-X509_PURPOSE * X509_PURPOSE_get0(int idx) ++X509_PURPOSE *X509_PURPOSE_get0(int idx) + { +- if(idx < 0) return NULL; +- if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx; +- return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); ++ if (idx < 0) ++ return NULL; ++ if (idx < (int)X509_PURPOSE_COUNT) ++ return xstandard + idx; ++ return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); + } + + int X509_PURPOSE_get_by_sname(char *sname) + { +- int i; +- X509_PURPOSE *xptmp; +- for(i = 0; i < X509_PURPOSE_get_count(); i++) { +- xptmp = X509_PURPOSE_get0(i); +- if(!strcmp(xptmp->sname, sname)) return i; +- } +- return -1; ++ int i; ++ X509_PURPOSE *xptmp; ++ for (i = 0; i < X509_PURPOSE_get_count(); i++) { ++ xptmp = X509_PURPOSE_get0(i); ++ if (!strcmp(xptmp->sname, sname)) ++ return i; ++ } ++ return -1; + } + + int X509_PURPOSE_get_by_id(int purpose) + { +- X509_PURPOSE tmp; +- int idx; +- if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) +- return purpose - X509_PURPOSE_MIN; +- tmp.purpose = purpose; +- if(!xptable) return -1; +- idx = sk_X509_PURPOSE_find(xptable, &tmp); +- if(idx == -1) return -1; +- return idx + X509_PURPOSE_COUNT; ++ X509_PURPOSE tmp; ++ int idx; ++ if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) ++ return purpose - X509_PURPOSE_MIN; ++ tmp.purpose = purpose; ++ if (!xptable) ++ return -1; ++ idx = sk_X509_PURPOSE_find(xptable, &tmp); ++ if (idx == -1) ++ return -1; ++ return idx + X509_PURPOSE_COUNT; + } + + int X509_PURPOSE_add(int id, int trust, int flags, +- int (*ck)(const X509_PURPOSE *, const X509 *, int), +- char *name, char *sname, void *arg) ++ int (*ck) (const X509_PURPOSE *, const X509 *, int), ++ char *name, char *sname, void *arg) + { +- int idx; +- X509_PURPOSE *ptmp; +- /* This is set according to what we change: application can't set it */ +- flags &= ~X509_PURPOSE_DYNAMIC; +- /* This will always be set for application modified trust entries */ +- flags |= X509_PURPOSE_DYNAMIC_NAME; +- /* Get existing entry if any */ +- idx = X509_PURPOSE_get_by_id(id); +- /* Need a new entry */ +- if(idx == -1) { +- if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { +- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ptmp->flags = X509_PURPOSE_DYNAMIC; +- } else ptmp = X509_PURPOSE_get0(idx); +- +- /* OPENSSL_free existing name if dynamic */ +- if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { +- OPENSSL_free(ptmp->name); +- OPENSSL_free(ptmp->sname); +- } +- /* dup supplied name */ +- ptmp->name = BUF_strdup(name); +- ptmp->sname = BUF_strdup(sname); +- if(!ptmp->name || !ptmp->sname) { +- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- /* Keep the dynamic flag of existing entry */ +- ptmp->flags &= X509_PURPOSE_DYNAMIC; +- /* Set all other flags */ +- ptmp->flags |= flags; +- +- ptmp->purpose = id; +- ptmp->trust = trust; +- ptmp->check_purpose = ck; +- ptmp->usr_data = arg; +- +- /* If its a new entry manage the dynamic table */ +- if(idx == -1) { +- if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { +- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- if (!sk_X509_PURPOSE_push(xptable, ptmp)) { +- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- return 1; ++ int idx; ++ X509_PURPOSE *ptmp; ++ /* ++ * This is set according to what we change: application can't set it ++ */ ++ flags &= ~X509_PURPOSE_DYNAMIC; ++ /* This will always be set for application modified trust entries */ ++ flags |= X509_PURPOSE_DYNAMIC_NAME; ++ /* Get existing entry if any */ ++ idx = X509_PURPOSE_get_by_id(id); ++ /* Need a new entry */ ++ if (idx == -1) { ++ if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { ++ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ptmp->flags = X509_PURPOSE_DYNAMIC; ++ } else ++ ptmp = X509_PURPOSE_get0(idx); ++ ++ /* OPENSSL_free existing name if dynamic */ ++ if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { ++ OPENSSL_free(ptmp->name); ++ OPENSSL_free(ptmp->sname); ++ } ++ /* dup supplied name */ ++ ptmp->name = BUF_strdup(name); ++ ptmp->sname = BUF_strdup(sname); ++ if (!ptmp->name || !ptmp->sname) { ++ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ /* Keep the dynamic flag of existing entry */ ++ ptmp->flags &= X509_PURPOSE_DYNAMIC; ++ /* Set all other flags */ ++ ptmp->flags |= flags; ++ ++ ptmp->purpose = id; ++ ptmp->trust = trust; ++ ptmp->check_purpose = ck; ++ ptmp->usr_data = arg; ++ ++ /* If its a new entry manage the dynamic table */ ++ if (idx == -1) { ++ if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { ++ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ if (!sk_X509_PURPOSE_push(xptable, ptmp)) { ++ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ return 1; + } + + static void xptable_free(X509_PURPOSE *p) +- { +- if(!p) return; +- if (p->flags & X509_PURPOSE_DYNAMIC) +- { +- if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { +- OPENSSL_free(p->name); +- OPENSSL_free(p->sname); +- } +- OPENSSL_free(p); +- } +- } ++{ ++ if (!p) ++ return; ++ if (p->flags & X509_PURPOSE_DYNAMIC) { ++ if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { ++ OPENSSL_free(p->name); ++ OPENSSL_free(p->sname); ++ } ++ OPENSSL_free(p); ++ } ++} + + void X509_PURPOSE_cleanup(void) + { +- unsigned int i; +- sk_X509_PURPOSE_pop_free(xptable, xptable_free); +- for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); +- xptable = NULL; ++ unsigned int i; ++ sk_X509_PURPOSE_pop_free(xptable, xptable_free); ++ for (i = 0; i < X509_PURPOSE_COUNT; i++) ++ xptable_free(xstandard + i); ++ xptable = NULL; + } + + int X509_PURPOSE_get_id(X509_PURPOSE *xp) + { +- return xp->purpose; ++ return xp->purpose; + } + + char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) + { +- return xp->name; ++ return xp->name; + } + + char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) + { +- return xp->sname; ++ return xp->sname; + } + + int X509_PURPOSE_get_trust(X509_PURPOSE *xp) + { +- return xp->trust; ++ return xp->trust; + } + + static int nid_cmp(int *a, int *b) +- { +- return *a - *b; +- } ++{ ++ return *a - *b; ++} + + int X509_supported_extension(X509_EXTENSION *ex) +- { +- /* This table is a list of the NIDs of supported extensions: +- * that is those which are used by the verify process. If +- * an extension is critical and doesn't appear in this list +- * then the verify process will normally reject the certificate. +- * The list must be kept in numerical order because it will be +- * searched using bsearch. +- */ +- +- static int supported_nids[] = { +- NID_netscape_cert_type, /* 71 */ +- NID_key_usage, /* 83 */ +- NID_subject_alt_name, /* 85 */ +- NID_basic_constraints, /* 87 */ +- NID_certificate_policies, /* 89 */ +- NID_ext_key_usage, /* 126 */ ++{ ++ /* ++ * This table is a list of the NIDs of supported extensions: that is ++ * those which are used by the verify process. If an extension is ++ * critical and doesn't appear in this list then the verify process will ++ * normally reject the certificate. The list must be kept in numerical ++ * order because it will be searched using bsearch. ++ */ ++ ++ static int supported_nids[] = { ++ NID_netscape_cert_type, /* 71 */ ++ NID_key_usage, /* 83 */ ++ NID_subject_alt_name, /* 85 */ ++ NID_basic_constraints, /* 87 */ ++ NID_certificate_policies, /* 89 */ ++ NID_ext_key_usage, /* 126 */ + #ifndef OPENSSL_NO_RFC3779 +- NID_sbgp_ipAddrBlock, /* 290 */ +- NID_sbgp_autonomousSysNum, /* 291 */ ++ NID_sbgp_ipAddrBlock, /* 290 */ ++ NID_sbgp_autonomousSysNum, /* 291 */ + #endif +- NID_policy_constraints, /* 401 */ +- NID_proxyCertInfo, /* 661 */ +- NID_inhibit_any_policy /* 748 */ +- }; ++ NID_policy_constraints, /* 401 */ ++ NID_proxyCertInfo, /* 661 */ ++ NID_inhibit_any_policy /* 748 */ ++ }; + +- int ex_nid; ++ int ex_nid; + +- ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); ++ ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + +- if (ex_nid == NID_undef) +- return 0; ++ if (ex_nid == NID_undef) ++ return 0; + +- if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, +- sizeof(supported_nids)/sizeof(int), sizeof(int), +- (int (*)(const void *, const void *))nid_cmp)) +- return 1; +- return 0; +- } +- ++ if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, ++ sizeof(supported_nids) / sizeof(int), sizeof(int), ++ (int (*)(const void *, const void *))nid_cmp)) ++ return 1; ++ return 0; ++} + + static void x509v3_cache_extensions(X509 *x) + { +- BASIC_CONSTRAINTS *bs; +- PROXY_CERT_INFO_EXTENSION *pci; +- ASN1_BIT_STRING *usage; +- ASN1_BIT_STRING *ns; +- EXTENDED_KEY_USAGE *extusage; +- X509_EXTENSION *ex; +- +- int i; +- if(x->ex_flags & EXFLAG_SET) return; ++ BASIC_CONSTRAINTS *bs; ++ PROXY_CERT_INFO_EXTENSION *pci; ++ ASN1_BIT_STRING *usage; ++ ASN1_BIT_STRING *ns; ++ EXTENDED_KEY_USAGE *extusage; ++ X509_EXTENSION *ex; ++ ++ int i; ++ if (x->ex_flags & EXFLAG_SET) ++ return; + #ifndef OPENSSL_NO_SHA +- X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); ++ X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); + #endif +- /* Does subject name match issuer ? */ +- if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) +- x->ex_flags |= EXFLAG_SI; +- /* V1 should mean no extensions ... */ +- if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; +- /* Handle basic constraints */ +- if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { +- if(bs->ca) x->ex_flags |= EXFLAG_CA; +- if(bs->pathlen) { +- if((bs->pathlen->type == V_ASN1_NEG_INTEGER) +- || !bs->ca) { +- x->ex_flags |= EXFLAG_INVALID; +- x->ex_pathlen = 0; +- } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); +- } else x->ex_pathlen = -1; +- BASIC_CONSTRAINTS_free(bs); +- x->ex_flags |= EXFLAG_BCONS; +- } +- /* Handle proxy certificates */ +- if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { +- if (x->ex_flags & EXFLAG_CA +- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 +- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { +- x->ex_flags |= EXFLAG_INVALID; +- } +- if (pci->pcPathLengthConstraint) { +- x->ex_pcpathlen = +- ASN1_INTEGER_get(pci->pcPathLengthConstraint); +- } else x->ex_pcpathlen = -1; +- PROXY_CERT_INFO_EXTENSION_free(pci); +- x->ex_flags |= EXFLAG_PROXY; +- } +- /* Handle key usage */ +- if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { +- if(usage->length > 0) { +- x->ex_kusage = usage->data[0]; +- if(usage->length > 1) +- x->ex_kusage |= usage->data[1] << 8; +- } else x->ex_kusage = 0; +- x->ex_flags |= EXFLAG_KUSAGE; +- ASN1_BIT_STRING_free(usage); +- } +- x->ex_xkusage = 0; +- if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { +- x->ex_flags |= EXFLAG_XKUSAGE; +- for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { +- switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { +- case NID_server_auth: +- x->ex_xkusage |= XKU_SSL_SERVER; +- break; +- +- case NID_client_auth: +- x->ex_xkusage |= XKU_SSL_CLIENT; +- break; +- +- case NID_email_protect: +- x->ex_xkusage |= XKU_SMIME; +- break; +- +- case NID_code_sign: +- x->ex_xkusage |= XKU_CODE_SIGN; +- break; +- +- case NID_ms_sgc: +- case NID_ns_sgc: +- x->ex_xkusage |= XKU_SGC; +- break; +- +- case NID_OCSP_sign: +- x->ex_xkusage |= XKU_OCSP_SIGN; +- break; +- +- case NID_time_stamp: +- x->ex_xkusage |= XKU_TIMESTAMP; +- break; +- +- case NID_dvcs: +- x->ex_xkusage |= XKU_DVCS; +- break; +- } +- } +- sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); +- } +- +- if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { +- if(ns->length > 0) x->ex_nscert = ns->data[0]; +- else x->ex_nscert = 0; +- x->ex_flags |= EXFLAG_NSCERT; +- ASN1_BIT_STRING_free(ns); +- } +- x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); +- x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); ++ /* Does subject name match issuer ? */ ++ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) ++ x->ex_flags |= EXFLAG_SI; ++ /* V1 should mean no extensions ... */ ++ if (!X509_get_version(x)) ++ x->ex_flags |= EXFLAG_V1; ++ /* Handle basic constraints */ ++ if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { ++ if (bs->ca) ++ x->ex_flags |= EXFLAG_CA; ++ if (bs->pathlen) { ++ if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) ++ || !bs->ca) { ++ x->ex_flags |= EXFLAG_INVALID; ++ x->ex_pathlen = 0; ++ } else ++ x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); ++ } else ++ x->ex_pathlen = -1; ++ BASIC_CONSTRAINTS_free(bs); ++ x->ex_flags |= EXFLAG_BCONS; ++ } ++ /* Handle proxy certificates */ ++ if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { ++ if (x->ex_flags & EXFLAG_CA ++ || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 ++ || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { ++ x->ex_flags |= EXFLAG_INVALID; ++ } ++ if (pci->pcPathLengthConstraint) { ++ x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint); ++ } else ++ x->ex_pcpathlen = -1; ++ PROXY_CERT_INFO_EXTENSION_free(pci); ++ x->ex_flags |= EXFLAG_PROXY; ++ } ++ /* Handle key usage */ ++ if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { ++ if (usage->length > 0) { ++ x->ex_kusage = usage->data[0]; ++ if (usage->length > 1) ++ x->ex_kusage |= usage->data[1] << 8; ++ } else ++ x->ex_kusage = 0; ++ x->ex_flags |= EXFLAG_KUSAGE; ++ ASN1_BIT_STRING_free(usage); ++ } ++ x->ex_xkusage = 0; ++ if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { ++ x->ex_flags |= EXFLAG_XKUSAGE; ++ for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { ++ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { ++ case NID_server_auth: ++ x->ex_xkusage |= XKU_SSL_SERVER; ++ break; ++ ++ case NID_client_auth: ++ x->ex_xkusage |= XKU_SSL_CLIENT; ++ break; ++ ++ case NID_email_protect: ++ x->ex_xkusage |= XKU_SMIME; ++ break; ++ ++ case NID_code_sign: ++ x->ex_xkusage |= XKU_CODE_SIGN; ++ break; ++ ++ case NID_ms_sgc: ++ case NID_ns_sgc: ++ x->ex_xkusage |= XKU_SGC; ++ break; ++ ++ case NID_OCSP_sign: ++ x->ex_xkusage |= XKU_OCSP_SIGN; ++ break; ++ ++ case NID_time_stamp: ++ x->ex_xkusage |= XKU_TIMESTAMP; ++ break; ++ ++ case NID_dvcs: ++ x->ex_xkusage |= XKU_DVCS; ++ break; ++ } ++ } ++ sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); ++ } ++ ++ if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { ++ if (ns->length > 0) ++ x->ex_nscert = ns->data[0]; ++ else ++ x->ex_nscert = 0; ++ x->ex_flags |= EXFLAG_NSCERT; ++ ASN1_BIT_STRING_free(ns); ++ } ++ x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); ++ x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); + #ifndef OPENSSL_NO_RFC3779 +- x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); +- x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, +- NULL, NULL); ++ x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); ++ x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, ++ NULL, NULL); + #endif +- for (i = 0; i < X509_get_ext_count(x); i++) +- { +- ex = X509_get_ext(x, i); +- if (!X509_EXTENSION_get_critical(ex)) +- continue; +- if (!X509_supported_extension(ex)) +- { +- x->ex_flags |= EXFLAG_CRITICAL; +- break; +- } +- } +- x->ex_flags |= EXFLAG_SET; ++ for (i = 0; i < X509_get_ext_count(x); i++) { ++ ex = X509_get_ext(x, i); ++ if (!X509_EXTENSION_get_critical(ex)) ++ continue; ++ if (!X509_supported_extension(ex)) { ++ x->ex_flags |= EXFLAG_CRITICAL; ++ break; ++ } ++ } ++ x->ex_flags |= EXFLAG_SET; + } + +-/* CA checks common to all purposes ++/*- ++ * CA checks common to all purposes + * return codes: + * 0 not a CA + * 1 is a CA +@@ -447,159 +480,202 @@ static void x509v3_cache_extensions(X509 *x) + + #define V1_ROOT (EXFLAG_V1|EXFLAG_SS) + #define ku_reject(x, usage) \ +- (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) ++ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) + #define xku_reject(x, usage) \ +- (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) ++ (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) + #define ns_reject(x, usage) \ +- (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) ++ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) + + static int check_ca(const X509 *x) + { +- /* keyUsage if present should allow cert signing */ +- if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; +- if(x->ex_flags & EXFLAG_BCONS) { +- if(x->ex_flags & EXFLAG_CA) return 1; +- /* If basicConstraints says not a CA then say so */ +- else return 0; +- } else { +- /* we support V1 roots for... uh, I don't really know why. */ +- if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; +- /* If key usage present it must have certSign so tolerate it */ +- else if (x->ex_flags & EXFLAG_KUSAGE) return 4; +- /* Older certificates could have Netscape-specific CA types */ +- else if (x->ex_flags & EXFLAG_NSCERT +- && x->ex_nscert & NS_ANY_CA) return 5; +- /* can this still be regarded a CA certificate? I doubt it */ +- return 0; +- } ++ /* keyUsage if present should allow cert signing */ ++ if (ku_reject(x, KU_KEY_CERT_SIGN)) ++ return 0; ++ if (x->ex_flags & EXFLAG_BCONS) { ++ if (x->ex_flags & EXFLAG_CA) ++ return 1; ++ /* If basicConstraints says not a CA then say so */ ++ else ++ return 0; ++ } else { ++ /* we support V1 roots for... uh, I don't really know why. */ ++ if ((x->ex_flags & V1_ROOT) == V1_ROOT) ++ return 3; ++ /* ++ * If key usage present it must have certSign so tolerate it ++ */ ++ else if (x->ex_flags & EXFLAG_KUSAGE) ++ return 4; ++ /* Older certificates could have Netscape-specific CA types */ ++ else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA) ++ return 5; ++ /* can this still be regarded a CA certificate? I doubt it */ ++ return 0; ++ } + } + + int X509_check_ca(X509 *x) + { +- if(!(x->ex_flags & EXFLAG_SET)) { +- CRYPTO_w_lock(CRYPTO_LOCK_X509); +- x509v3_cache_extensions(x); +- CRYPTO_w_unlock(CRYPTO_LOCK_X509); +- } ++ if (!(x->ex_flags & EXFLAG_SET)) { ++ CRYPTO_w_lock(CRYPTO_LOCK_X509); ++ x509v3_cache_extensions(x); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509); ++ } + +- return check_ca(x); ++ return check_ca(x); + } + + /* Check SSL CA: common checks for SSL client and server */ + static int check_ssl_ca(const X509 *x) + { +- int ca_ret; +- ca_ret = check_ca(x); +- if(!ca_ret) return 0; +- /* check nsCertType if present */ +- if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret; +- else return 0; ++ int ca_ret; ++ ca_ret = check_ca(x); ++ if (!ca_ret) ++ return 0; ++ /* check nsCertType if present */ ++ if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA) ++ return ca_ret; ++ else ++ return 0; + } + +- +-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) ++static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, ++ int ca) + { +- if(xku_reject(x,XKU_SSL_CLIENT)) return 0; +- if(ca) return check_ssl_ca(x); +- /* We need to do digital signatures with it */ +- if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; +- /* nsCertType if present should allow SSL client use */ +- if(ns_reject(x, NS_SSL_CLIENT)) return 0; +- return 1; ++ if (xku_reject(x, XKU_SSL_CLIENT)) ++ return 0; ++ if (ca) ++ return check_ssl_ca(x); ++ /* We need to do digital signatures with it */ ++ if (ku_reject(x, KU_DIGITAL_SIGNATURE)) ++ return 0; ++ /* nsCertType if present should allow SSL client use */ ++ if (ns_reject(x, NS_SSL_CLIENT)) ++ return 0; ++ return 1; + } + +-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) ++static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, ++ int ca) + { +- if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; +- if(ca) return check_ssl_ca(x); ++ if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC)) ++ return 0; ++ if (ca) ++ return check_ssl_ca(x); + +- if(ns_reject(x, NS_SSL_SERVER)) return 0; +- /* Now as for keyUsage: we'll at least need to sign OR encipher */ +- if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; +- +- return 1; ++ if (ns_reject(x, NS_SSL_SERVER)) ++ return 0; ++ /* Now as for keyUsage: we'll at least need to sign OR encipher */ ++ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT)) ++ return 0; ++ ++ return 1; + + } + +-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) ++static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, ++ int ca) + { +- int ret; +- ret = check_purpose_ssl_server(xp, x, ca); +- if(!ret || ca) return ret; +- /* We need to encipher or Netscape complains */ +- if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; +- return ret; ++ int ret; ++ ret = check_purpose_ssl_server(xp, x, ca); ++ if (!ret || ca) ++ return ret; ++ /* We need to encipher or Netscape complains */ ++ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) ++ return 0; ++ return ret; + } + + /* common S/MIME checks */ + static int purpose_smime(const X509 *x, int ca) + { +- if(xku_reject(x,XKU_SMIME)) return 0; +- if(ca) { +- int ca_ret; +- ca_ret = check_ca(x); +- if(!ca_ret) return 0; +- /* check nsCertType if present */ +- if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret; +- else return 0; +- } +- if(x->ex_flags & EXFLAG_NSCERT) { +- if(x->ex_nscert & NS_SMIME) return 1; +- /* Workaround for some buggy certificates */ +- if(x->ex_nscert & NS_SSL_CLIENT) return 2; +- return 0; +- } +- return 1; ++ if (xku_reject(x, XKU_SMIME)) ++ return 0; ++ if (ca) { ++ int ca_ret; ++ ca_ret = check_ca(x); ++ if (!ca_ret) ++ return 0; ++ /* check nsCertType if present */ ++ if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) ++ return ca_ret; ++ else ++ return 0; ++ } ++ if (x->ex_flags & EXFLAG_NSCERT) { ++ if (x->ex_nscert & NS_SMIME) ++ return 1; ++ /* Workaround for some buggy certificates */ ++ if (x->ex_nscert & NS_SSL_CLIENT) ++ return 2; ++ return 0; ++ } ++ return 1; + } + +-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) ++static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, ++ int ca) + { +- int ret; +- ret = purpose_smime(x, ca); +- if(!ret || ca) return ret; +- if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; +- return ret; ++ int ret; ++ ret = purpose_smime(x, ca); ++ if (!ret || ca) ++ return ret; ++ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) ++ return 0; ++ return ret; + } + +-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) ++static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, ++ int ca) + { +- int ret; +- ret = purpose_smime(x, ca); +- if(!ret || ca) return ret; +- if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; +- return ret; ++ int ret; ++ ret = purpose_smime(x, ca); ++ if (!ret || ca) ++ return ret; ++ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) ++ return 0; ++ return ret; + } + +-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) ++static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, ++ int ca) + { +- if(ca) { +- int ca_ret; +- if((ca_ret = check_ca(x)) != 2) return ca_ret; +- else return 0; +- } +- if(ku_reject(x, KU_CRL_SIGN)) return 0; +- return 1; ++ if (ca) { ++ int ca_ret; ++ if ((ca_ret = check_ca(x)) != 2) ++ return ca_ret; ++ else ++ return 0; ++ } ++ if (ku_reject(x, KU_CRL_SIGN)) ++ return 0; ++ return 1; + } + +-/* OCSP helper: this is *not* a full OCSP check. It just checks that +- * each CA is valid. Additional checks must be made on the chain. ++/* ++ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA ++ * is valid. Additional checks must be made on the chain. + */ + + static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) + { +- /* Must be a valid CA. Should we really support the "I don't know" +- value (2)? */ +- if(ca) return check_ca(x); +- /* leaf certificate is checked in OCSP_verify() */ +- return 1; ++ /* ++ * Must be a valid CA. Should we really support the "I don't know" value ++ * (2)? ++ */ ++ if (ca) ++ return check_ca(x); ++ /* leaf certificate is checked in OCSP_verify() */ ++ return 1; + } + + static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) + { +- return 1; ++ return 1; + } + +-/* Various checks to see if one certificate issued the second. ++/*- ++ * Various checks to see if one certificate issued the second. + * This can be used to prune a set of possible issuer certificates + * which have been looked up using some simple method such as by + * subject name. +@@ -613,51 +689,48 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) + + int X509_check_issued(X509 *issuer, X509 *subject) + { +- if(X509_NAME_cmp(X509_get_subject_name(issuer), +- X509_get_issuer_name(subject))) +- return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; +- x509v3_cache_extensions(issuer); +- x509v3_cache_extensions(subject); +- if(subject->akid) { +- /* Check key ids (if present) */ +- if(subject->akid->keyid && issuer->skid && +- ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) +- return X509_V_ERR_AKID_SKID_MISMATCH; +- /* Check serial number */ +- if(subject->akid->serial && +- ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), +- subject->akid->serial)) +- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; +- /* Check issuer name */ +- if(subject->akid->issuer) { +- /* Ugh, for some peculiar reason AKID includes +- * SEQUENCE OF GeneralName. So look for a DirName. +- * There may be more than one but we only take any +- * notice of the first. +- */ +- GENERAL_NAMES *gens; +- GENERAL_NAME *gen; +- X509_NAME *nm = NULL; +- int i; +- gens = subject->akid->issuer; +- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { +- gen = sk_GENERAL_NAME_value(gens, i); +- if(gen->type == GEN_DIRNAME) { +- nm = gen->d.dirn; +- break; +- } +- } +- if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) +- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; +- } +- } +- if(subject->ex_flags & EXFLAG_PROXY) +- { +- if(ku_reject(issuer, KU_DIGITAL_SIGNATURE)) +- return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; +- } +- else if(ku_reject(issuer, KU_KEY_CERT_SIGN)) +- return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; +- return X509_V_OK; ++ if (X509_NAME_cmp(X509_get_subject_name(issuer), ++ X509_get_issuer_name(subject))) ++ return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; ++ x509v3_cache_extensions(issuer); ++ x509v3_cache_extensions(subject); ++ if (subject->akid) { ++ /* Check key ids (if present) */ ++ if (subject->akid->keyid && issuer->skid && ++ ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid)) ++ return X509_V_ERR_AKID_SKID_MISMATCH; ++ /* Check serial number */ ++ if (subject->akid->serial && ++ ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), ++ subject->akid->serial)) ++ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; ++ /* Check issuer name */ ++ if (subject->akid->issuer) { ++ /* ++ * Ugh, for some peculiar reason AKID includes SEQUENCE OF ++ * GeneralName. So look for a DirName. There may be more than one ++ * but we only take any notice of the first. ++ */ ++ GENERAL_NAMES *gens; ++ GENERAL_NAME *gen; ++ X509_NAME *nm = NULL; ++ int i; ++ gens = subject->akid->issuer; ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ gen = sk_GENERAL_NAME_value(gens, i); ++ if (gen->type == GEN_DIRNAME) { ++ nm = gen->d.dirn; ++ break; ++ } ++ } ++ if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) ++ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; ++ } ++ } ++ if (subject->ex_flags & EXFLAG_PROXY) { ++ if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) ++ return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; ++ } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) ++ return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; ++ return X509_V_OK; + } +- +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +index 202c9e4..70c2795 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +@@ -1,6 +1,7 @@ + /* v3_skey.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -56,89 +57,92 @@ + * + */ + +- + #include + #include "cryptlib.h" + #include + +-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); +-const X509V3_EXT_METHOD v3_skey_id = { +-NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), +-0,0,0,0, +-(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, +-(X509V3_EXT_S2I)s2i_skey_id, +-0,0,0,0, +-NULL}; +- +-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +- ASN1_OCTET_STRING *oct) ++static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, char *str); ++const X509V3_EXT_METHOD v3_skey_id = { ++ NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), ++ 0, 0, 0, 0, ++ (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, ++ (X509V3_EXT_S2I)s2i_skey_id, ++ 0, 0, 0, 0, ++ NULL ++}; ++ ++char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) + { +- return hex_to_string(oct->data, oct->length); ++ return hex_to_string(oct->data, oct->length); + } + + ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, char *str) ++ X509V3_CTX *ctx, char *str) + { +- ASN1_OCTET_STRING *oct; +- long length; ++ ASN1_OCTET_STRING *oct; ++ long length; + +- if(!(oct = M_ASN1_OCTET_STRING_new())) { +- X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); +- return NULL; +- } ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { ++ X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } + +- if(!(oct->data = string_to_hex(str, &length))) { +- M_ASN1_OCTET_STRING_free(oct); +- return NULL; +- } ++ if (!(oct->data = string_to_hex(str, &length))) { ++ M_ASN1_OCTET_STRING_free(oct); ++ return NULL; ++ } + +- oct->length = length; ++ oct->length = length; + +- return oct; ++ return oct; + + } + + static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, char *str) ++ X509V3_CTX *ctx, char *str) + { +- ASN1_OCTET_STRING *oct; +- ASN1_BIT_STRING *pk; +- unsigned char pkey_dig[EVP_MAX_MD_SIZE]; +- unsigned int diglen; +- +- if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); +- +- if(!(oct = M_ASN1_OCTET_STRING_new())) { +- X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- if(ctx && (ctx->flags == CTX_TEST)) return oct; +- +- if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { +- X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); +- goto err; +- } +- +- if(ctx->subject_req) +- pk = ctx->subject_req->req_info->pubkey->public_key; +- else pk = ctx->subject_cert->cert_info->key->public_key; +- +- if(!pk) { +- X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); +- goto err; +- } +- +- EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); +- +- if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { +- X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- return oct; +- +- err: +- M_ASN1_OCTET_STRING_free(oct); +- return NULL; ++ ASN1_OCTET_STRING *oct; ++ ASN1_BIT_STRING *pk; ++ unsigned char pkey_dig[EVP_MAX_MD_SIZE]; ++ unsigned int diglen; ++ ++ if (strcmp(str, "hash")) ++ return s2i_ASN1_OCTET_STRING(method, ctx, str); ++ ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { ++ X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ if (ctx && (ctx->flags == CTX_TEST)) ++ return oct; ++ ++ if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) { ++ X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); ++ goto err; ++ } ++ ++ if (ctx->subject_req) ++ pk = ctx->subject_req->req_info->pubkey->public_key; ++ else ++ pk = ctx->subject_cert->cert_info->key->public_key; ++ ++ if (!pk) { ++ X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); ++ goto err; ++ } ++ ++ EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); ++ ++ if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { ++ X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ return oct; ++ ++ err: ++ M_ASN1_OCTET_STRING_free(oct); ++ return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +index 2a6bf11..a4e6a93 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +@@ -1,6 +1,7 @@ + /* v3_sxnet.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 1999. ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. + */ + /* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -67,196 +68,206 @@ + + #define SXNET_TEST + +-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); ++static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, ++ int indent); + #ifdef SXNET_TEST +-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *nval); ++static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval); + #endif + const X509V3_EXT_METHOD v3_sxnet = { +-NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), +-0,0,0,0, +-0,0, +-0, ++ NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, + #ifdef SXNET_TEST +-(X509V3_EXT_V2I)sxnet_v2i, ++ (X509V3_EXT_V2I)sxnet_v2i, + #else +-0, ++ 0, + #endif +-(X509V3_EXT_I2R)sxnet_i2r, +-0, +-NULL ++ (X509V3_EXT_I2R)sxnet_i2r, ++ 0, ++ NULL + }; + + ASN1_SEQUENCE(SXNETID) = { +- ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), +- ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) ++ ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), ++ ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) + } ASN1_SEQUENCE_END(SXNETID) + + IMPLEMENT_ASN1_FUNCTIONS(SXNETID) + + ASN1_SEQUENCE(SXNET) = { +- ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), +- ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) ++ ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), ++ ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) + } ASN1_SEQUENCE_END(SXNET) + + IMPLEMENT_ASN1_FUNCTIONS(SXNET) + + static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, +- int indent) ++ int indent) + { +- long v; +- char *tmp; +- SXNETID *id; +- int i; +- v = ASN1_INTEGER_get(sx->version); +- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); +- for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { +- id = sk_SXNETID_value(sx->ids, i); +- tmp = i2s_ASN1_INTEGER(NULL, id->zone); +- BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); +- OPENSSL_free(tmp); +- M_ASN1_OCTET_STRING_print(out, id->user); +- } +- return 1; ++ long v; ++ char *tmp; ++ SXNETID *id; ++ int i; ++ v = ASN1_INTEGER_get(sx->version); ++ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); ++ for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { ++ id = sk_SXNETID_value(sx->ids, i); ++ tmp = i2s_ASN1_INTEGER(NULL, id->zone); ++ BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); ++ OPENSSL_free(tmp); ++ M_ASN1_OCTET_STRING_print(out, id->user); ++ } ++ return 1; + } + + #ifdef SXNET_TEST + +-/* NBB: this is used for testing only. It should *not* be used for anything ++/* ++ * NBB: this is used for testing only. It should *not* be used for anything + * else because it will just take static IDs from the configuration file and + * they should really be separate values for each user. + */ + +- +-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *nval) ++static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, ++ STACK_OF(CONF_VALUE) *nval) + { +- CONF_VALUE *cnf; +- SXNET *sx = NULL; +- int i; +- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- cnf = sk_CONF_VALUE_value(nval, i); +- if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) +- return NULL; +- } +- return sx; ++ CONF_VALUE *cnf; ++ SXNET *sx = NULL; ++ int i; ++ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { ++ cnf = sk_CONF_VALUE_value(nval, i); ++ if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) ++ return NULL; ++ } ++ return sx; + } +- +- ++ + #endif + + /* Strong Extranet utility functions */ + + /* Add an id given the zone as an ASCII number */ + +-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, +- int userlen) ++int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) + { +- ASN1_INTEGER *izone = NULL; +- if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { +- X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); +- return 0; +- } +- return SXNET_add_id_INTEGER(psx, izone, user, userlen); ++ ASN1_INTEGER *izone = NULL; ++ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { ++ X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); ++ return 0; ++ } ++ return SXNET_add_id_INTEGER(psx, izone, user, userlen); + } + + /* Add an id given the zone as an unsigned long */ + + int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, +- int userlen) ++ int userlen) + { +- ASN1_INTEGER *izone = NULL; +- if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { +- X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); +- M_ASN1_INTEGER_free(izone); +- return 0; +- } +- return SXNET_add_id_INTEGER(psx, izone, user, userlen); +- ++ ASN1_INTEGER *izone = NULL; ++ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { ++ X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); ++ M_ASN1_INTEGER_free(izone); ++ return 0; ++ } ++ return SXNET_add_id_INTEGER(psx, izone, user, userlen); ++ + } + +-/* Add an id given the zone as an ASN1_INTEGER. +- * Note this version uses the passed integer and doesn't make a copy so don't +- * free it up afterwards. ++/* ++ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the ++ * passed integer and doesn't make a copy so don't free it up afterwards. + */ + + int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, +- int userlen) ++ int userlen) + { +- SXNET *sx = NULL; +- SXNETID *id = NULL; +- if(!psx || !zone || !user) { +- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); +- return 0; +- } +- if(userlen == -1) userlen = strlen(user); +- if(userlen > 64) { +- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); +- return 0; +- } +- if(!*psx) { +- if(!(sx = SXNET_new())) goto err; +- if(!ASN1_INTEGER_set(sx->version, 0)) goto err; +- *psx = sx; +- } else sx = *psx; +- if(SXNET_get_id_INTEGER(sx, zone)) { +- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); +- return 0; +- } ++ SXNET *sx = NULL; ++ SXNETID *id = NULL; ++ if (!psx || !zone || !user) { ++ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ++ X509V3_R_INVALID_NULL_ARGUMENT); ++ return 0; ++ } ++ if (userlen == -1) ++ userlen = strlen(user); ++ if (userlen > 64) { ++ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); ++ return 0; ++ } ++ if (!*psx) { ++ if (!(sx = SXNET_new())) ++ goto err; ++ if (!ASN1_INTEGER_set(sx->version, 0)) ++ goto err; ++ *psx = sx; ++ } else ++ sx = *psx; ++ if (SXNET_get_id_INTEGER(sx, zone)) { ++ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID); ++ return 0; ++ } + +- if(!(id = SXNETID_new())) goto err; +- if(userlen == -1) userlen = strlen(user); +- +- if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; +- if(!sk_SXNETID_push(sx->ids, id)) goto err; +- id->zone = zone; +- return 1; +- +- err: +- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); +- SXNETID_free(id); +- SXNET_free(sx); +- *psx = NULL; +- return 0; ++ if (!(id = SXNETID_new())) ++ goto err; ++ if (userlen == -1) ++ userlen = strlen(user); ++ ++ if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) ++ goto err; ++ if (!sk_SXNETID_push(sx->ids, id)) ++ goto err; ++ id->zone = zone; ++ return 1; ++ ++ err: ++ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE); ++ SXNETID_free(id); ++ SXNET_free(sx); ++ *psx = NULL; ++ return 0; + } + + ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) + { +- ASN1_INTEGER *izone = NULL; +- ASN1_OCTET_STRING *oct; +- if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { +- X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); +- return NULL; +- } +- oct = SXNET_get_id_INTEGER(sx, izone); +- M_ASN1_INTEGER_free(izone); +- return oct; ++ ASN1_INTEGER *izone = NULL; ++ ASN1_OCTET_STRING *oct; ++ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { ++ X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); ++ return NULL; ++ } ++ oct = SXNET_get_id_INTEGER(sx, izone); ++ M_ASN1_INTEGER_free(izone); ++ return oct; + } + + ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) + { +- ASN1_INTEGER *izone = NULL; +- ASN1_OCTET_STRING *oct; +- if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { +- X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); +- M_ASN1_INTEGER_free(izone); +- return NULL; +- } +- oct = SXNET_get_id_INTEGER(sx, izone); +- M_ASN1_INTEGER_free(izone); +- return oct; ++ ASN1_INTEGER *izone = NULL; ++ ASN1_OCTET_STRING *oct; ++ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { ++ X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); ++ M_ASN1_INTEGER_free(izone); ++ return NULL; ++ } ++ oct = SXNET_get_id_INTEGER(sx, izone); ++ M_ASN1_INTEGER_free(izone); ++ return oct; + } + + ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) + { +- SXNETID *id; +- int i; +- for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { +- id = sk_SXNETID_value(sx->ids, i); +- if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; +- } +- return NULL; ++ SXNETID *id; ++ int i; ++ for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { ++ id = sk_SXNETID_value(sx->ids, i); ++ if (!M_ASN1_INTEGER_cmp(id->zone, zone)) ++ return id->user; ++ } ++ return NULL; + } + + IMPLEMENT_STACK_OF(SXNETID) ++ + IMPLEMENT_ASN1_SET_OF(SXNETID) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +index 7a45216..ff32afe 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +@@ -1,5 +1,6 @@ + /* v3_utl.c */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ + /* ==================================================================== +@@ -10,7 +11,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -57,7 +58,6 @@ + */ + /* X509 v3 extension utilities */ + +- + #include + #include + #include "cryptlib.h" +@@ -66,10 +66,10 @@ + #include + + static char *strip_spaces(char *name); +-static int sk_strcmp(const char * const *a, const char * const *b); ++static int sk_strcmp(const char *const *a, const char *const *b); + static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); + static void str_free(void *str); +-static int append_ia5(STACK **sk, ASN1_IA5STRING *email); ++static int append_ia5(STACK ** sk, ASN1_IA5STRING *email); + + static int ipv4_from_asc(unsigned char *v4, const char *in); + static int ipv6_from_asc(unsigned char *v6, const char *in); +@@ -79,793 +79,832 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen); + /* Add a CONF_VALUE name value pair to stack */ + + int X509V3_add_value(const char *name, const char *value, +- STACK_OF(CONF_VALUE) **extlist) +-{ +- CONF_VALUE *vtmp = NULL; +- char *tname = NULL, *tvalue = NULL; +- if(name && !(tname = BUF_strdup(name))) goto err; +- if(value && !(tvalue = BUF_strdup(value))) goto err; +- if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; +- if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; +- vtmp->section = NULL; +- vtmp->name = tname; +- vtmp->value = tvalue; +- if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; +- return 1; +- err: +- X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); +- if(vtmp) OPENSSL_free(vtmp); +- if(tname) OPENSSL_free(tname); +- if(tvalue) OPENSSL_free(tvalue); +- return 0; ++ STACK_OF(CONF_VALUE) **extlist) ++{ ++ CONF_VALUE *vtmp = NULL; ++ char *tname = NULL, *tvalue = NULL; ++ if (name && !(tname = BUF_strdup(name))) ++ goto err; ++ if (value && !(tvalue = BUF_strdup(value))) ++ goto err; ++ if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) ++ goto err; ++ if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) ++ goto err; ++ vtmp->section = NULL; ++ vtmp->name = tname; ++ vtmp->value = tvalue; ++ if (!sk_CONF_VALUE_push(*extlist, vtmp)) ++ goto err; ++ return 1; ++ err: ++ X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); ++ if (vtmp) ++ OPENSSL_free(vtmp); ++ if (tname) ++ OPENSSL_free(tname); ++ if (tvalue) ++ OPENSSL_free(tvalue); ++ return 0; + } + + int X509V3_add_value_uchar(const char *name, const unsigned char *value, +- STACK_OF(CONF_VALUE) **extlist) +- { +- return X509V3_add_value(name,(const char *)value,extlist); +- } ++ STACK_OF(CONF_VALUE) **extlist) ++{ ++ return X509V3_add_value(name, (const char *)value, extlist); ++} + + /* Free function for STACK_OF(CONF_VALUE) */ + + void X509V3_conf_free(CONF_VALUE *conf) + { +- if(!conf) return; +- if(conf->name) OPENSSL_free(conf->name); +- if(conf->value) OPENSSL_free(conf->value); +- if(conf->section) OPENSSL_free(conf->section); +- OPENSSL_free(conf); ++ if (!conf) ++ return; ++ if (conf->name) ++ OPENSSL_free(conf->name); ++ if (conf->value) ++ OPENSSL_free(conf->value); ++ if (conf->section) ++ OPENSSL_free(conf->section); ++ OPENSSL_free(conf); + } + + int X509V3_add_value_bool(const char *name, int asn1_bool, +- STACK_OF(CONF_VALUE) **extlist) ++ STACK_OF(CONF_VALUE) **extlist) + { +- if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); +- return X509V3_add_value(name, "FALSE", extlist); ++ if (asn1_bool) ++ return X509V3_add_value(name, "TRUE", extlist); ++ return X509V3_add_value(name, "FALSE", extlist); + } + + int X509V3_add_value_bool_nf(char *name, int asn1_bool, +- STACK_OF(CONF_VALUE) **extlist) ++ STACK_OF(CONF_VALUE) **extlist) + { +- if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); +- return 1; ++ if (asn1_bool) ++ return X509V3_add_value(name, "TRUE", extlist); ++ return 1; + } + +- + char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) + { +- BIGNUM *bntmp = NULL; +- char *strtmp = NULL; +- if(!a) return NULL; +- if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || +- !(strtmp = BN_bn2dec(bntmp)) ) +- X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); +- BN_free(bntmp); +- return strtmp; ++ BIGNUM *bntmp = NULL; ++ char *strtmp = NULL; ++ if (!a) ++ return NULL; ++ if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || ++ !(strtmp = BN_bn2dec(bntmp))) ++ X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ++ BN_free(bntmp); ++ return strtmp; + } + + char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) + { +- BIGNUM *bntmp = NULL; +- char *strtmp = NULL; +- if(!a) return NULL; +- if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || +- !(strtmp = BN_bn2dec(bntmp)) ) +- X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); +- BN_free(bntmp); +- return strtmp; ++ BIGNUM *bntmp = NULL; ++ char *strtmp = NULL; ++ if (!a) ++ return NULL; ++ if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || ++ !(strtmp = BN_bn2dec(bntmp))) ++ X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); ++ BN_free(bntmp); ++ return strtmp; + } + + ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) + { +- BIGNUM *bn = NULL; +- ASN1_INTEGER *aint; +- int isneg, ishex; +- int ret; +- if (!value) { +- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); +- return 0; +- } +- bn = BN_new(); +- if (value[0] == '-') { +- value++; +- isneg = 1; +- } else isneg = 0; +- +- if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { +- value += 2; +- ishex = 1; +- } else ishex = 0; +- +- if (ishex) ret = BN_hex2bn(&bn, value); +- else ret = BN_dec2bn(&bn, value); +- +- if (!ret || value[ret]) { +- BN_free(bn); +- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); +- return 0; +- } +- +- if (isneg && BN_is_zero(bn)) isneg = 0; +- +- aint = BN_to_ASN1_INTEGER(bn, NULL); +- BN_free(bn); +- if (!aint) { +- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); +- return 0; +- } +- if (isneg) aint->type |= V_ASN1_NEG; +- return aint; ++ BIGNUM *bn = NULL; ++ ASN1_INTEGER *aint; ++ int isneg, ishex; ++ int ret; ++ if (!value) { ++ X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); ++ return 0; ++ } ++ bn = BN_new(); ++ if (value[0] == '-') { ++ value++; ++ isneg = 1; ++ } else ++ isneg = 0; ++ ++ if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { ++ value += 2; ++ ishex = 1; ++ } else ++ ishex = 0; ++ ++ if (ishex) ++ ret = BN_hex2bn(&bn, value); ++ else ++ ret = BN_dec2bn(&bn, value); ++ ++ if (!ret || value[ret]) { ++ BN_free(bn); ++ X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); ++ return 0; ++ } ++ ++ if (isneg && BN_is_zero(bn)) ++ isneg = 0; ++ ++ aint = BN_to_ASN1_INTEGER(bn, NULL); ++ BN_free(bn); ++ if (!aint) { ++ X509V3err(X509V3_F_S2I_ASN1_INTEGER, ++ X509V3_R_BN_TO_ASN1_INTEGER_ERROR); ++ return 0; ++ } ++ if (isneg) ++ aint->type |= V_ASN1_NEG; ++ return aint; + } + + int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, +- STACK_OF(CONF_VALUE) **extlist) ++ STACK_OF(CONF_VALUE) **extlist) + { +- char *strtmp; +- int ret; +- if(!aint) return 1; +- if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; +- ret = X509V3_add_value(name, strtmp, extlist); +- OPENSSL_free(strtmp); +- return ret; ++ char *strtmp; ++ int ret; ++ if (!aint) ++ return 1; ++ if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) ++ return 0; ++ ret = X509V3_add_value(name, strtmp, extlist); ++ OPENSSL_free(strtmp); ++ return ret; + } + + int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) + { +- char *btmp; +- if(!(btmp = value->value)) goto err; +- if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") +- || !strcmp(btmp, "Y") || !strcmp(btmp, "y") +- || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { +- *asn1_bool = 0xff; +- return 1; +- } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") +- || !strcmp(btmp, "N") || !strcmp(btmp, "n") +- || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { +- *asn1_bool = 0; +- return 1; +- } +- err: +- X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); +- X509V3_conf_err(value); +- return 0; ++ char *btmp; ++ if (!(btmp = value->value)) ++ goto err; ++ if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") ++ || !strcmp(btmp, "Y") || !strcmp(btmp, "y") ++ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { ++ *asn1_bool = 0xff; ++ return 1; ++ } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") ++ || !strcmp(btmp, "N") || !strcmp(btmp, "n") ++ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { ++ *asn1_bool = 0; ++ return 1; ++ } ++ err: ++ X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL, ++ X509V3_R_INVALID_BOOLEAN_STRING); ++ X509V3_conf_err(value); ++ return 0; + } + + int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) + { +- ASN1_INTEGER *itmp; +- if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { +- X509V3_conf_err(value); +- return 0; +- } +- *aint = itmp; +- return 1; ++ ASN1_INTEGER *itmp; ++ if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { ++ X509V3_conf_err(value); ++ return 0; ++ } ++ *aint = itmp; ++ return 1; + } + +-#define HDR_NAME 1 +-#define HDR_VALUE 2 ++#define HDR_NAME 1 ++#define HDR_VALUE 2 + +-/*#define DEBUG*/ ++/* ++ * #define DEBUG ++ */ + + STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + { +- char *p, *q, c; +- char *ntmp, *vtmp; +- STACK_OF(CONF_VALUE) *values = NULL; +- char *linebuf; +- int state; +- /* We are going to modify the line so copy it first */ +- linebuf = BUF_strdup(line); +- state = HDR_NAME; +- ntmp = NULL; +- /* Go through all characters */ +- for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { +- +- switch(state) { +- case HDR_NAME: +- if(c == ':') { +- state = HDR_VALUE; +- *p = 0; +- ntmp = strip_spaces(q); +- if(!ntmp) { +- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); +- goto err; +- } +- q = p + 1; +- } else if(c == ',') { +- *p = 0; +- ntmp = strip_spaces(q); +- q = p + 1; ++ char *p, *q, c; ++ char *ntmp, *vtmp; ++ STACK_OF(CONF_VALUE) *values = NULL; ++ char *linebuf; ++ int state; ++ /* We are going to modify the line so copy it first */ ++ linebuf = BUF_strdup(line); ++ state = HDR_NAME; ++ ntmp = NULL; ++ /* Go through all characters */ ++ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); ++ p++) { ++ ++ switch (state) { ++ case HDR_NAME: ++ if (c == ':') { ++ state = HDR_VALUE; ++ *p = 0; ++ ntmp = strip_spaces(q); ++ if (!ntmp) { ++ X509V3err(X509V3_F_X509V3_PARSE_LIST, ++ X509V3_R_INVALID_NULL_NAME); ++ goto err; ++ } ++ q = p + 1; ++ } else if (c == ',') { ++ *p = 0; ++ ntmp = strip_spaces(q); ++ q = p + 1; + #if 0 +- printf("%s\n", ntmp); ++ printf("%s\n", ntmp); + #endif +- if(!ntmp) { +- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); +- goto err; +- } +- X509V3_add_value(ntmp, NULL, &values); +- } +- break ; +- +- case HDR_VALUE: +- if(c == ',') { +- state = HDR_NAME; +- *p = 0; +- vtmp = strip_spaces(q); ++ if (!ntmp) { ++ X509V3err(X509V3_F_X509V3_PARSE_LIST, ++ X509V3_R_INVALID_NULL_NAME); ++ goto err; ++ } ++ X509V3_add_value(ntmp, NULL, &values); ++ } ++ break; ++ ++ case HDR_VALUE: ++ if (c == ',') { ++ state = HDR_NAME; ++ *p = 0; ++ vtmp = strip_spaces(q); + #if 0 +- printf("%s\n", ntmp); ++ printf("%s\n", ntmp); + #endif +- if(!vtmp) { +- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); +- goto err; +- } +- X509V3_add_value(ntmp, vtmp, &values); +- ntmp = NULL; +- q = p + 1; +- } +- +- } +- } +- +- if(state == HDR_VALUE) { +- vtmp = strip_spaces(q); ++ if (!vtmp) { ++ X509V3err(X509V3_F_X509V3_PARSE_LIST, ++ X509V3_R_INVALID_NULL_VALUE); ++ goto err; ++ } ++ X509V3_add_value(ntmp, vtmp, &values); ++ ntmp = NULL; ++ q = p + 1; ++ } ++ ++ } ++ } ++ ++ if (state == HDR_VALUE) { ++ vtmp = strip_spaces(q); + #if 0 +- printf("%s=%s\n", ntmp, vtmp); ++ printf("%s=%s\n", ntmp, vtmp); + #endif +- if(!vtmp) { +- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); +- goto err; +- } +- X509V3_add_value(ntmp, vtmp, &values); +- } else { +- ntmp = strip_spaces(q); ++ if (!vtmp) { ++ X509V3err(X509V3_F_X509V3_PARSE_LIST, ++ X509V3_R_INVALID_NULL_VALUE); ++ goto err; ++ } ++ X509V3_add_value(ntmp, vtmp, &values); ++ } else { ++ ntmp = strip_spaces(q); + #if 0 +- printf("%s\n", ntmp); ++ printf("%s\n", ntmp); + #endif +- if(!ntmp) { +- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); +- goto err; +- } +- X509V3_add_value(ntmp, NULL, &values); +- } +-OPENSSL_free(linebuf); +-return values; ++ if (!ntmp) { ++ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); ++ goto err; ++ } ++ X509V3_add_value(ntmp, NULL, &values); ++ } ++ OPENSSL_free(linebuf); ++ return values; + +-err: +-OPENSSL_free(linebuf); +-sk_CONF_VALUE_pop_free(values, X509V3_conf_free); +-return NULL; ++ err: ++ OPENSSL_free(linebuf); ++ sk_CONF_VALUE_pop_free(values, X509V3_conf_free); ++ return NULL; + + } + + /* Delete leading and trailing spaces from a string */ + static char *strip_spaces(char *name) + { +- char *p, *q; +- /* Skip over leading spaces */ +- p = name; +- while(*p && isspace((unsigned char)*p)) p++; +- if(!*p) return NULL; +- q = p + strlen(p) - 1; +- while((q != p) && isspace((unsigned char)*q)) q--; +- if(p != q) q[1] = 0; +- if(!*p) return NULL; +- return p; ++ char *p, *q; ++ /* Skip over leading spaces */ ++ p = name; ++ while (*p && isspace((unsigned char)*p)) ++ p++; ++ if (!*p) ++ return NULL; ++ q = p + strlen(p) - 1; ++ while ((q != p) && isspace((unsigned char)*q)) ++ q--; ++ if (p != q) ++ q[1] = 0; ++ if (!*p) ++ return NULL; ++ return p; + } + + /* hex string utilities */ + +-/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its +- * hex representation +- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) ++/* ++ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its ++ * hex representation @@@ (Contents of buffer are always kept in ASCII, also ++ * on EBCDIC machines) + */ + + char *hex_to_string(unsigned char *buffer, long len) + { +- char *tmp, *q; +- unsigned char *p; +- int i; +- const static char hexdig[] = "0123456789ABCDEF"; +- if(!buffer || !len) return NULL; +- if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { +- X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- q = tmp; +- for(i = 0, p = buffer; i < len; i++,p++) { +- *q++ = hexdig[(*p >> 4) & 0xf]; +- *q++ = hexdig[*p & 0xf]; +- *q++ = ':'; +- } +- q[-1] = 0; ++ char *tmp, *q; ++ unsigned char *p; ++ int i; ++ const static char hexdig[] = "0123456789ABCDEF"; ++ if (!buffer || !len) ++ return NULL; ++ if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { ++ X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ q = tmp; ++ for (i = 0, p = buffer; i < len; i++, p++) { ++ *q++ = hexdig[(*p >> 4) & 0xf]; ++ *q++ = hexdig[*p & 0xf]; ++ *q++ = ':'; ++ } ++ q[-1] = 0; + #ifdef CHARSET_EBCDIC +- ebcdic2ascii(tmp, tmp, q - tmp - 1); ++ ebcdic2ascii(tmp, tmp, q - tmp - 1); + #endif + +- return tmp; ++ return tmp; + } + +-/* Give a string of hex digits convert to +- * a buffer ++/* ++ * Give a string of hex digits convert to a buffer + */ + + unsigned char *string_to_hex(char *str, long *len) + { +- unsigned char *hexbuf, *q; +- unsigned char ch, cl, *p; +- if(!str) { +- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); +- return NULL; +- } +- if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; +- for(p = (unsigned char *)str, q = hexbuf; *p;) { +- ch = *p++; ++ unsigned char *hexbuf, *q; ++ unsigned char ch, cl, *p; ++ if (!str) { ++ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); ++ return NULL; ++ } ++ if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) ++ goto err; ++ for (p = (unsigned char *)str, q = hexbuf; *p;) { ++ ch = *p++; + #ifdef CHARSET_EBCDIC +- ch = os_toebcdic[ch]; ++ ch = os_toebcdic[ch]; + #endif +- if(ch == ':') continue; +- cl = *p++; ++ if (ch == ':') ++ continue; ++ cl = *p++; + #ifdef CHARSET_EBCDIC +- cl = os_toebcdic[cl]; ++ cl = os_toebcdic[cl]; + #endif +- if(!cl) { +- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); +- OPENSSL_free(hexbuf); +- return NULL; +- } +- if(isupper(ch)) ch = tolower(ch); +- if(isupper(cl)) cl = tolower(cl); +- +- if((ch >= '0') && (ch <= '9')) ch -= '0'; +- else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; +- else goto badhex; +- +- if((cl >= '0') && (cl <= '9')) cl -= '0'; +- else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; +- else goto badhex; +- +- *q++ = (ch << 4) | cl; +- } ++ if (!cl) { ++ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); ++ OPENSSL_free(hexbuf); ++ return NULL; ++ } ++ if (isupper(ch)) ++ ch = tolower(ch); ++ if (isupper(cl)) ++ cl = tolower(cl); ++ ++ if ((ch >= '0') && (ch <= '9')) ++ ch -= '0'; ++ else if ((ch >= 'a') && (ch <= 'f')) ++ ch -= 'a' - 10; ++ else ++ goto badhex; ++ ++ if ((cl >= '0') && (cl <= '9')) ++ cl -= '0'; ++ else if ((cl >= 'a') && (cl <= 'f')) ++ cl -= 'a' - 10; ++ else ++ goto badhex; ++ ++ *q++ = (ch << 4) | cl; ++ } + +- if(len) *len = q - hexbuf; ++ if (len) ++ *len = q - hexbuf; + +- return hexbuf; ++ return hexbuf; + +- err: +- if(hexbuf) OPENSSL_free(hexbuf); +- X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); +- return NULL; ++ err: ++ if (hexbuf) ++ OPENSSL_free(hexbuf); ++ X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); ++ return NULL; + +- badhex: +- OPENSSL_free(hexbuf); +- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); +- return NULL; ++ badhex: ++ OPENSSL_free(hexbuf); ++ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); ++ return NULL; + + } + +-/* V2I name comparison function: returns zero if 'name' matches +- * cmp or cmp.* ++/* ++ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* + */ + + int name_cmp(const char *name, const char *cmp) + { +- int len, ret; +- char c; +- len = strlen(cmp); +- if((ret = strncmp(name, cmp, len))) return ret; +- c = name[len]; +- if(!c || (c=='.')) return 0; +- return 1; ++ int len, ret; ++ char c; ++ len = strlen(cmp); ++ if ((ret = strncmp(name, cmp, len))) ++ return ret; ++ c = name[len]; ++ if (!c || (c == '.')) ++ return 0; ++ return 1; + } + +-static int sk_strcmp(const char * const *a, const char * const *b) ++static int sk_strcmp(const char *const *a, const char *const *b) + { +- return strcmp(*a, *b); ++ return strcmp(*a, *b); + } + + STACK *X509_get1_email(X509 *x) + { +- GENERAL_NAMES *gens; +- STACK *ret; +- gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); +- ret = get_email(X509_get_subject_name(x), gens); +- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); +- return ret; ++ GENERAL_NAMES *gens; ++ STACK *ret; ++ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); ++ ret = get_email(X509_get_subject_name(x), gens); ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ return ret; + } + + STACK *X509_get1_ocsp(X509 *x) + { +- AUTHORITY_INFO_ACCESS *info; +- STACK *ret = NULL; +- int i; +- info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); +- if (!info) +- return NULL; +- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) +- { +- ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); +- if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) +- { +- if (ad->location->type == GEN_URI) +- { +- if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier)) +- break; +- } +- } +- } +- AUTHORITY_INFO_ACCESS_free(info); +- return ret; ++ AUTHORITY_INFO_ACCESS *info; ++ STACK *ret = NULL; ++ int i; ++ info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); ++ if (!info) ++ return NULL; ++ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { ++ ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); ++ if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) { ++ if (ad->location->type == GEN_URI) { ++ if (!append_ia5 ++ (&ret, ad->location->d.uniformResourceIdentifier)) ++ break; ++ } ++ } ++ } ++ AUTHORITY_INFO_ACCESS_free(info); ++ return ret; + } + + STACK *X509_REQ_get1_email(X509_REQ *x) + { +- GENERAL_NAMES *gens; +- STACK_OF(X509_EXTENSION) *exts; +- STACK *ret; +- exts = X509_REQ_get_extensions(x); +- gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); +- ret = get_email(X509_REQ_get_subject_name(x), gens); +- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); +- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); +- return ret; ++ GENERAL_NAMES *gens; ++ STACK_OF(X509_EXTENSION) *exts; ++ STACK *ret; ++ exts = X509_REQ_get_extensions(x); ++ gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); ++ ret = get_email(X509_REQ_get_subject_name(x), gens); ++ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); ++ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ++ return ret; + } + +- + static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) + { +- STACK *ret = NULL; +- X509_NAME_ENTRY *ne; +- ASN1_IA5STRING *email; +- GENERAL_NAME *gen; +- int i; +- /* Now add any email address(es) to STACK */ +- i = -1; +- /* First supplied X509_NAME */ +- while((i = X509_NAME_get_index_by_NID(name, +- NID_pkcs9_emailAddress, i)) >= 0) { +- ne = X509_NAME_get_entry(name, i); +- email = X509_NAME_ENTRY_get_data(ne); +- if(!append_ia5(&ret, email)) return NULL; +- } +- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) +- { +- gen = sk_GENERAL_NAME_value(gens, i); +- if(gen->type != GEN_EMAIL) continue; +- if(!append_ia5(&ret, gen->d.ia5)) return NULL; +- } +- return ret; ++ STACK *ret = NULL; ++ X509_NAME_ENTRY *ne; ++ ASN1_IA5STRING *email; ++ GENERAL_NAME *gen; ++ int i; ++ /* Now add any email address(es) to STACK */ ++ i = -1; ++ /* First supplied X509_NAME */ ++ while ((i = X509_NAME_get_index_by_NID(name, ++ NID_pkcs9_emailAddress, i)) >= 0) { ++ ne = X509_NAME_get_entry(name, i); ++ email = X509_NAME_ENTRY_get_data(ne); ++ if (!append_ia5(&ret, email)) ++ return NULL; ++ } ++ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { ++ gen = sk_GENERAL_NAME_value(gens, i); ++ if (gen->type != GEN_EMAIL) ++ continue; ++ if (!append_ia5(&ret, gen->d.ia5)) ++ return NULL; ++ } ++ return ret; + } + + static void str_free(void *str) + { +- OPENSSL_free(str); ++ OPENSSL_free(str); + } + +-static int append_ia5(STACK **sk, ASN1_IA5STRING *email) ++static int append_ia5(STACK ** sk, ASN1_IA5STRING *email) + { +- char *emtmp; +- /* First some sanity checks */ +- if(email->type != V_ASN1_IA5STRING) return 1; +- if(!email->data || !email->length) return 1; +- if(!*sk) *sk = sk_new(sk_strcmp); +- if(!*sk) return 0; +- /* Don't add duplicates */ +- if(sk_find(*sk, (char *)email->data) != -1) return 1; +- emtmp = BUF_strdup((char *)email->data); +- if(!emtmp || !sk_push(*sk, emtmp)) { +- X509_email_free(*sk); +- *sk = NULL; +- return 0; +- } +- return 1; ++ char *emtmp; ++ /* First some sanity checks */ ++ if (email->type != V_ASN1_IA5STRING) ++ return 1; ++ if (!email->data || !email->length) ++ return 1; ++ if (!*sk) ++ *sk = sk_new(sk_strcmp); ++ if (!*sk) ++ return 0; ++ /* Don't add duplicates */ ++ if (sk_find(*sk, (char *)email->data) != -1) ++ return 1; ++ emtmp = BUF_strdup((char *)email->data); ++ if (!emtmp || !sk_push(*sk, emtmp)) { ++ X509_email_free(*sk); ++ *sk = NULL; ++ return 0; ++ } ++ return 1; + } + +-void X509_email_free(STACK *sk) ++void X509_email_free(STACK * sk) + { +- sk_pop_free(sk, str_free); ++ sk_pop_free(sk, str_free); + } + +-/* Convert IP addresses both IPv4 and IPv6 into an +- * OCTET STRING compatible with RFC3280. ++/* ++ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible ++ * with RFC3280. + */ + + ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) +- { +- unsigned char ipout[16]; +- ASN1_OCTET_STRING *ret; +- int iplen; ++{ ++ unsigned char ipout[16]; ++ ASN1_OCTET_STRING *ret; ++ int iplen; + +- /* If string contains a ':' assume IPv6 */ ++ /* If string contains a ':' assume IPv6 */ + +- iplen = a2i_ipadd(ipout, ipasc); ++ iplen = a2i_ipadd(ipout, ipasc); + +- if (!iplen) +- return NULL; ++ if (!iplen) ++ return NULL; + +- ret = ASN1_OCTET_STRING_new(); +- if (!ret) +- return NULL; +- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) +- { +- ASN1_OCTET_STRING_free(ret); +- return NULL; +- } +- return ret; +- } ++ ret = ASN1_OCTET_STRING_new(); ++ if (!ret) ++ return NULL; ++ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { ++ ASN1_OCTET_STRING_free(ret); ++ return NULL; ++ } ++ return ret; ++} + + ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) +- { +- ASN1_OCTET_STRING *ret = NULL; +- unsigned char ipout[32]; +- char *iptmp = NULL, *p; +- int iplen1, iplen2; +- p = strchr(ipasc,'/'); +- if (!p) +- return NULL; +- iptmp = BUF_strdup(ipasc); +- if (!iptmp) +- return NULL; +- p = iptmp + (p - ipasc); +- *p++ = 0; +- +- iplen1 = a2i_ipadd(ipout, iptmp); +- +- if (!iplen1) +- goto err; +- +- iplen2 = a2i_ipadd(ipout + iplen1, p); +- +- OPENSSL_free(iptmp); +- iptmp = NULL; +- +- if (!iplen2 || (iplen1 != iplen2)) +- goto err; +- +- ret = ASN1_OCTET_STRING_new(); +- if (!ret) +- goto err; +- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) +- goto err; +- +- return ret; +- +- err: +- if (iptmp) +- OPENSSL_free(iptmp); +- if (ret) +- ASN1_OCTET_STRING_free(ret); +- return NULL; +- } +- ++{ ++ ASN1_OCTET_STRING *ret = NULL; ++ unsigned char ipout[32]; ++ char *iptmp = NULL, *p; ++ int iplen1, iplen2; ++ p = strchr(ipasc, '/'); ++ if (!p) ++ return NULL; ++ iptmp = BUF_strdup(ipasc); ++ if (!iptmp) ++ return NULL; ++ p = iptmp + (p - ipasc); ++ *p++ = 0; ++ ++ iplen1 = a2i_ipadd(ipout, iptmp); ++ ++ if (!iplen1) ++ goto err; ++ ++ iplen2 = a2i_ipadd(ipout + iplen1, p); ++ ++ OPENSSL_free(iptmp); ++ iptmp = NULL; ++ ++ if (!iplen2 || (iplen1 != iplen2)) ++ goto err; ++ ++ ret = ASN1_OCTET_STRING_new(); ++ if (!ret) ++ goto err; ++ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) ++ goto err; ++ ++ return ret; ++ ++ err: ++ if (iptmp) ++ OPENSSL_free(iptmp); ++ if (ret) ++ ASN1_OCTET_STRING_free(ret); ++ return NULL; ++} + + int a2i_ipadd(unsigned char *ipout, const char *ipasc) +- { +- /* If string contains a ':' assume IPv6 */ +- +- if (strchr(ipasc, ':')) +- { +- if (!ipv6_from_asc(ipout, ipasc)) +- return 0; +- return 16; +- } +- else +- { +- if (!ipv4_from_asc(ipout, ipasc)) +- return 0; +- return 4; +- } +- } ++{ ++ /* If string contains a ':' assume IPv6 */ ++ ++ if (strchr(ipasc, ':')) { ++ if (!ipv6_from_asc(ipout, ipasc)) ++ return 0; ++ return 16; ++ } else { ++ if (!ipv4_from_asc(ipout, ipasc)) ++ return 0; ++ return 4; ++ } ++} + + static int ipv4_from_asc(unsigned char *v4, const char *in) +- { +- int a0, a1, a2, a3; +- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) +- return 0; +- if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) +- || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) +- return 0; +- v4[0] = a0; +- v4[1] = a1; +- v4[2] = a2; +- v4[3] = a3; +- return 1; +- } ++{ ++ int a0, a1, a2, a3; ++ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) ++ return 0; ++ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) ++ || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) ++ return 0; ++ v4[0] = a0; ++ v4[1] = a1; ++ v4[2] = a2; ++ v4[3] = a3; ++ return 1; ++} + + typedef struct { +- /* Temporary store for IPV6 output */ +- unsigned char tmp[16]; +- /* Total number of bytes in tmp */ +- int total; +- /* The position of a zero (corresponding to '::') */ +- int zero_pos; +- /* Number of zeroes */ +- int zero_cnt; +- } IPV6_STAT; +- ++ /* Temporary store for IPV6 output */ ++ unsigned char tmp[16]; ++ /* Total number of bytes in tmp */ ++ int total; ++ /* The position of a zero (corresponding to '::') */ ++ int zero_pos; ++ /* Number of zeroes */ ++ int zero_cnt; ++} IPV6_STAT; + + static int ipv6_from_asc(unsigned char *v6, const char *in) +- { +- IPV6_STAT v6stat; +- v6stat.total = 0; +- v6stat.zero_pos = -1; +- v6stat.zero_cnt = 0; +- /* Treat the IPv6 representation as a list of values +- * separated by ':'. The presence of a '::' will parse +- * as one, two or three zero length elements. +- */ +- if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) +- return 0; +- +- /* Now for some sanity checks */ +- +- if (v6stat.zero_pos == -1) +- { +- /* If no '::' must have exactly 16 bytes */ +- if (v6stat.total != 16) +- return 0; +- } +- else +- { +- /* If '::' must have less than 16 bytes */ +- if (v6stat.total == 16) +- return 0; +- /* More than three zeroes is an error */ +- if (v6stat.zero_cnt > 3) +- return 0; +- /* Can only have three zeroes if nothing else present */ +- else if (v6stat.zero_cnt == 3) +- { +- if (v6stat.total > 0) +- return 0; +- } +- /* Can only have two zeroes if at start or end */ +- else if (v6stat.zero_cnt == 2) +- { +- if ((v6stat.zero_pos != 0) +- && (v6stat.zero_pos != v6stat.total)) +- return 0; +- } +- else +- /* Can only have one zero if *not* start or end */ +- { +- if ((v6stat.zero_pos == 0) +- || (v6stat.zero_pos == v6stat.total)) +- return 0; +- } +- } +- +- /* Format result */ +- +- if (v6stat.zero_pos >= 0) +- { +- /* Copy initial part */ +- memcpy(v6, v6stat.tmp, v6stat.zero_pos); +- /* Zero middle */ +- memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); +- /* Copy final part */ +- if (v6stat.total != v6stat.zero_pos) +- memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, +- v6stat.tmp + v6stat.zero_pos, +- v6stat.total - v6stat.zero_pos); +- } +- else +- memcpy(v6, v6stat.tmp, 16); +- +- return 1; +- } ++{ ++ IPV6_STAT v6stat; ++ v6stat.total = 0; ++ v6stat.zero_pos = -1; ++ v6stat.zero_cnt = 0; ++ /* ++ * Treat the IPv6 representation as a list of values separated by ':'. ++ * The presence of a '::' will parse as one, two or three zero length ++ * elements. ++ */ ++ if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) ++ return 0; ++ ++ /* Now for some sanity checks */ ++ ++ if (v6stat.zero_pos == -1) { ++ /* If no '::' must have exactly 16 bytes */ ++ if (v6stat.total != 16) ++ return 0; ++ } else { ++ /* If '::' must have less than 16 bytes */ ++ if (v6stat.total == 16) ++ return 0; ++ /* More than three zeroes is an error */ ++ if (v6stat.zero_cnt > 3) ++ return 0; ++ /* Can only have three zeroes if nothing else present */ ++ else if (v6stat.zero_cnt == 3) { ++ if (v6stat.total > 0) ++ return 0; ++ } ++ /* Can only have two zeroes if at start or end */ ++ else if (v6stat.zero_cnt == 2) { ++ if ((v6stat.zero_pos != 0) ++ && (v6stat.zero_pos != v6stat.total)) ++ return 0; ++ } else ++ /* Can only have one zero if *not* start or end */ ++ { ++ if ((v6stat.zero_pos == 0) ++ || (v6stat.zero_pos == v6stat.total)) ++ return 0; ++ } ++ } ++ ++ /* Format result */ ++ ++ if (v6stat.zero_pos >= 0) { ++ /* Copy initial part */ ++ memcpy(v6, v6stat.tmp, v6stat.zero_pos); ++ /* Zero middle */ ++ memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); ++ /* Copy final part */ ++ if (v6stat.total != v6stat.zero_pos) ++ memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, ++ v6stat.tmp + v6stat.zero_pos, ++ v6stat.total - v6stat.zero_pos); ++ } else ++ memcpy(v6, v6stat.tmp, 16); ++ ++ return 1; ++} + + static int ipv6_cb(const char *elem, int len, void *usr) +- { +- IPV6_STAT *s = usr; +- /* Error if 16 bytes written */ +- if (s->total == 16) +- return 0; +- if (len == 0) +- { +- /* Zero length element, corresponds to '::' */ +- if (s->zero_pos == -1) +- s->zero_pos = s->total; +- /* If we've already got a :: its an error */ +- else if (s->zero_pos != s->total) +- return 0; +- s->zero_cnt++; +- } +- else +- { +- /* If more than 4 characters could be final a.b.c.d form */ +- if (len > 4) +- { +- /* Need at least 4 bytes left */ +- if (s->total > 12) +- return 0; +- /* Must be end of string */ +- if (elem[len]) +- return 0; +- if (!ipv4_from_asc(s->tmp + s->total, elem)) +- return 0; +- s->total += 4; +- } +- else +- { +- if (!ipv6_hex(s->tmp + s->total, elem, len)) +- return 0; +- s->total += 2; +- } +- } +- return 1; +- } +- +-/* Convert a string of up to 4 hex digits into the corresponding +- * IPv6 form. ++{ ++ IPV6_STAT *s = usr; ++ /* Error if 16 bytes written */ ++ if (s->total == 16) ++ return 0; ++ if (len == 0) { ++ /* Zero length element, corresponds to '::' */ ++ if (s->zero_pos == -1) ++ s->zero_pos = s->total; ++ /* If we've already got a :: its an error */ ++ else if (s->zero_pos != s->total) ++ return 0; ++ s->zero_cnt++; ++ } else { ++ /* If more than 4 characters could be final a.b.c.d form */ ++ if (len > 4) { ++ /* Need at least 4 bytes left */ ++ if (s->total > 12) ++ return 0; ++ /* Must be end of string */ ++ if (elem[len]) ++ return 0; ++ if (!ipv4_from_asc(s->tmp + s->total, elem)) ++ return 0; ++ s->total += 4; ++ } else { ++ if (!ipv6_hex(s->tmp + s->total, elem, len)) ++ return 0; ++ s->total += 2; ++ } ++ } ++ return 1; ++} ++ ++/* ++ * Convert a string of up to 4 hex digits into the corresponding IPv6 form. + */ + + static int ipv6_hex(unsigned char *out, const char *in, int inlen) +- { +- unsigned char c; +- unsigned int num = 0; +- if (inlen > 4) +- return 0; +- while(inlen--) +- { +- c = *in++; +- num <<= 4; +- if ((c >= '0') && (c <= '9')) +- num |= c - '0'; +- else if ((c >= 'A') && (c <= 'F')) +- num |= c - 'A' + 10; +- else if ((c >= 'a') && (c <= 'f')) +- num |= c - 'a' + 10; +- else +- return 0; +- } +- out[0] = num >> 8; +- out[1] = num & 0xff; +- return 1; +- } +- +- +-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, +- unsigned long chtype) +- { +- CONF_VALUE *v; +- int i, mval; +- char *p, *type; +- if (!nm) +- return 0; +- +- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) +- { +- v=sk_CONF_VALUE_value(dn_sk,i); +- type=v->name; +- /* Skip past any leading X. X: X, etc to allow for +- * multiple instances +- */ +- for(p = type; *p ; p++) ++{ ++ unsigned char c; ++ unsigned int num = 0; ++ if (inlen > 4) ++ return 0; ++ while (inlen--) { ++ c = *in++; ++ num <<= 4; ++ if ((c >= '0') && (c <= '9')) ++ num |= c - '0'; ++ else if ((c >= 'A') && (c <= 'F')) ++ num |= c - 'A' + 10; ++ else if ((c >= 'a') && (c <= 'f')) ++ num |= c - 'a' + 10; ++ else ++ return 0; ++ } ++ out[0] = num >> 8; ++ out[1] = num & 0xff; ++ return 1; ++} ++ ++int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, ++ unsigned long chtype) ++{ ++ CONF_VALUE *v; ++ int i, mval; ++ char *p, *type; ++ if (!nm) ++ return 0; ++ ++ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { ++ v = sk_CONF_VALUE_value(dn_sk, i); ++ type = v->name; ++ /* ++ * Skip past any leading X. X: X, etc to allow for multiple instances ++ */ ++ for (p = type; *p; p++) + #ifndef CHARSET_EBCDIC +- if ((*p == ':') || (*p == ',') || (*p == '.')) ++ if ((*p == ':') || (*p == ',') || (*p == '.')) + #else +- if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) ++ if ((*p == os_toascii[':']) || (*p == os_toascii[',']) ++ || (*p == os_toascii['.'])) + #endif +- { +- p++; +- if(*p) type = p; +- break; +- } ++ { ++ p++; ++ if (*p) ++ type = p; ++ break; ++ } + #ifndef CHARSET_EBCDIC +- if (*type == '+') ++ if (*type == '+') + #else +- if (*type == os_toascii['+']) ++ if (*type == os_toascii['+']) + #endif +- { +- mval = -1; +- type++; +- } +- else +- mval = 0; +- if (!X509_NAME_add_entry_by_txt(nm,type, chtype, +- (unsigned char *) v->value,-1,-1,mval)) +- return 0; +- +- } +- return 1; +- } ++ { ++ mval = -1; ++ type++; ++ } else ++ mval = 0; ++ if (!X509_NAME_add_entry_by_txt(nm, type, chtype, ++ (unsigned char *)v->value, -1, -1, ++ mval)) ++ return 0; ++ ++ } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +index d538ad8..40b0076 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +@@ -7,7 +7,7 @@ + * are met: + * + * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. ++ * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in +@@ -53,7 +53,8 @@ + * + */ + +-/* NOTE: this file was auto generated by the mkerr.pl script: any changes ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ +@@ -65,155 +66,174 @@ + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR + +-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) +-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) ++# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) ++# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) + +-static ERR_STRING_DATA X509V3_str_functs[]= +- { +-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"}, +-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"}, +-{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, +-{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, +-{ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, +-{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, +-{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, +-{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, +-{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, +-{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, +-{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, +-{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, +-{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, +-{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"}, +-{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, +-{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, +-{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, +-{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, +-{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, +-{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, +-{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, +-{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, +-{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, +-{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, +-{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, +-{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, +-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, +-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, +-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, +-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, +-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, +-{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, +-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, +-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, +-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, +-{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, +-{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, +-{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, +-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, +-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, +-{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, +-{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, +-{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, +-{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, +-{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, +-{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, +-{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"}, +-{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, +-{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, +-{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, +-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, +-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, +-{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, +-{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, +-{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, +-{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, +-{ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, +-{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, +-{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, +-{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, +-{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA X509V3_str_functs[] = { ++ {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), ++ "ASIDENTIFIERCHOICE_CANONIZE"}, ++ {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), ++ "ASIDENTIFIERCHOICE_IS_CANONICAL"}, ++ {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, ++ {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, ++ {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, ++ {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, ++ {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, ++ {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, ++ {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, ++ {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, ++ {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, ++ {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, ++ {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), ++ "I2V_AUTHORITY_INFO_ACCESS"}, ++ {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, ++ {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, ++ {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, ++ {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, ++ {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, ++ {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, ++ {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, ++ {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, ++ {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, ++ {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, ++ {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, ++ {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, ++ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, ++ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, ++ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, ++ {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, ++ {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, ++ {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, ++ {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, ++ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), ++ "V2I_AUTHORITY_INFO_ACCESS"}, ++ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, ++ {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, ++ {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, ++ {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, ++ {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, ++ {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, ++ {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, ++ {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, ++ {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, ++ {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), ++ "V3_ADDR_VALIDATE_PATH_INTERNAL"}, ++ {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, ++ {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, ++ {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, ++ {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, ++ {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, ++ {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, ++ {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, ++ {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, ++ {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, ++ {0, NULL} ++}; + +-static ERR_STRING_DATA X509V3_str_reasons[]= +- { +-{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"}, +-{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"}, +-{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"}, +-{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"}, +-{ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"}, +-{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"}, +-{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"}, +-{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"}, +-{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"}, +-{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"}, +-{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"}, +-{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"}, +-{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"}, +-{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"}, +-{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"}, +-{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"}, +-{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"}, +-{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"}, +-{ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"}, +-{ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"}, +-{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"}, +-{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"}, +-{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"}, +-{ERR_REASON(X509V3_R_INVALID_IPADDRESS) ,"invalid ipaddress"}, +-{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"}, +-{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"}, +-{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"}, +-{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"}, +-{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"}, +-{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"}, +-{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"}, +-{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"}, +-{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"}, +-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"}, +-{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"}, +-{ERR_REASON(X509V3_R_INVALID_SAFI) ,"invalid safi"}, +-{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"}, +-{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"}, +-{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"}, +-{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"}, +-{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"}, +-{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"}, +-{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"}, +-{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"}, +-{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"}, +-{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"}, +-{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"}, +-{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"}, +-{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"}, +-{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"}, +-{ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"}, +-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"}, +-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"}, +-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"}, +-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"}, +-{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"}, +-{ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"}, +-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"}, +-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"}, +-{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"}, +-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"}, +-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"}, +-{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"}, +-{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"}, +-{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"}, +-{0,NULL} +- }; ++static ERR_STRING_DATA X509V3_str_reasons[] = { ++ {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, ++ {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"}, ++ {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, ++ {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), ++ "bn to asn1 integer error"}, ++ {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, ++ {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, ++ {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"}, ++ {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION), ++ "error creating extension"}, ++ {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"}, ++ {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"}, ++ {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"}, ++ {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"}, ++ {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"}, ++ {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), ++ "extension setting not supported"}, ++ {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, ++ {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, ++ {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, ++ {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), ++ "incorrect policy syntax tag"}, ++ {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, ++ {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"}, ++ {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"}, ++ {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING), ++ "invalid extension string"}, ++ {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"}, ++ {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"}, ++ {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"}, ++ {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, ++ {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"}, ++ {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"}, ++ {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"}, ++ {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"}, ++ {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER), ++ "invalid object identifier"}, ++ {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"}, ++ {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER), ++ "invalid policy identifier"}, ++ {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING), ++ "invalid proxy policy setting"}, ++ {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"}, ++ {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"}, ++ {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"}, ++ {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"}, ++ {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"}, ++ {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"}, ++ {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), ++ "need organization and numbers"}, ++ {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"}, ++ {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"}, ++ {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"}, ++ {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"}, ++ {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), ++ "no proxy cert policy language defined"}, ++ {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, ++ {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, ++ {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, ++ {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, ++ {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, ++ {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED), ++ "policy language alreadty defined"}, ++ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, ++ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED), ++ "policy path length alreadty defined"}, ++ {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), ++ "policy syntax not currently supported"}, ++ {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), ++ "policy when proxy language requires no policy"}, ++ {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, ++ {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), ++ "unable to get issuer details"}, ++ {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), ++ "unable to get issuer keyid"}, ++ {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), ++ "unknown bit string argument"}, ++ {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"}, ++ {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"}, ++ {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"}, ++ {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"}, ++ {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"}, ++ {0, NULL} ++}; + + #endif + + void ERR_load_X509V3_strings(void) +- { ++{ + #ifndef OPENSSL_NO_ERR + +- if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) +- { +- ERR_load_strings(0,X509V3_str_functs); +- ERR_load_strings(0,X509V3_str_reasons); +- } ++ if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) { ++ ERR_load_strings(0, X509V3_str_functs); ++ ERR_load_strings(0, X509V3_str_reasons); ++ } + #endif +- } ++} +diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h +index cc90f5e..4a85a9c 100644 +--- a/Cryptlib/OpenSSL/e_os.h ++++ b/Cryptlib/OpenSSL/e_os.h +@@ -5,21 +5,21 @@ + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. +- * ++ * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * ++ * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. +- * ++ * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: +@@ -34,10 +34,10 @@ + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from ++ * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * ++ * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +@@ -49,7 +49,7 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. +- * ++ * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence +@@ -57,333 +57,354 @@ + */ + + #ifndef HEADER_E_OS_H +-#define HEADER_E_OS_H ++# define HEADER_E_OS_H + +-#include ++# include + +-#include +-/* contains what we can justify to make visible +- * to the outside; this file e_os.h is not part of the exported +- * interface. */ ++# include ++/* ++ * contains what we can justify to make visible to the ++ * outside; this file e_os.h is not part of the exported interface. ++ */ + + #ifdef __cplusplus + extern "C" { + #endif + + /* Used to checking reference counts, most while doing perl5 stuff :-) */ +-#ifdef REF_PRINT +-#undef REF_PRINT +-#define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) +-#endif ++# ifdef REF_PRINT ++# undef REF_PRINT ++# define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) ++# endif + +-#ifndef DEVRANDOM +-/* set this to a comma-separated list of 'random' device files to try out. +- * My default, we will try to read at least one of these files */ +-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" +-#endif +-#ifndef DEVRANDOM_EGD +-/* set this to a comma-seperated list of 'egd' sockets to try out. These +- * sockets will be tried in the order listed in case accessing the device files +- * listed in DEVRANDOM did not return enough entropy. */ +-#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" +-#endif ++# ifndef DEVRANDOM ++/* ++ * set this to a comma-separated list of 'random' device files to try out. My ++ * default, we will try to read at least one of these files ++ */ ++# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" ++# endif ++# ifndef DEVRANDOM_EGD ++/* ++ * set this to a comma-seperated list of 'egd' sockets to try out. These ++ * sockets will be tried in the order listed in case accessing the device ++ * files listed in DEVRANDOM did not return enough entropy. ++ */ ++# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" ++# endif + +-#if defined(OPENSSL_SYS_VXWORKS) ++# if defined(OPENSSL_SYS_VXWORKS) + # define NO_SYS_PARAM_H + # define NO_CHMOD + # define NO_SYSLOG +-#endif +- +-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) +-# if macintosh==1 +-# ifndef MAC_OS_GUSI_SOURCE ++# endif ++ ++# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) ++# if macintosh==1 ++# ifndef MAC_OS_GUSI_SOURCE + # define MAC_OS_pre_X + # define NO_SYS_TYPES_H +- typedef long ssize_t; ++typedef long ssize_t; ++# endif ++# define NO_SYS_PARAM_H ++# define NO_CHMOD ++# define NO_SYSLOG ++# undef DEVRANDOM ++# define GETPID_IS_MEANINGLESS + # endif +-# define NO_SYS_PARAM_H +-# define NO_CHMOD +-# define NO_SYSLOG +-# undef DEVRANDOM +-# define GETPID_IS_MEANINGLESS + # endif +-#endif + + /******************************************************************** + The Microsoft section + ********************************************************************/ +-/* The following is used becaue of the small stack in some +- * Microsoft operating systems */ +-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) +-# define MS_STATIC static +-#else ++/* ++ * The following is used becaue of the small stack in some Microsoft ++ * operating systems ++ */ ++# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) ++# define MS_STATIC static ++# else + # define MS_STATIC +-#endif ++# endif + +-#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) ++# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) + # define WIN32 +-#endif +-#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16) ++# endif ++# if defined(OPENSSL_SYS_WIN16) && !defined(WIN16) + # define WIN16 +-#endif +-#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) ++# endif ++# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) + # define WINDOWS +-#endif +-#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) ++# endif ++# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) + # define MSDOS +-#endif ++# endif + +-#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) ++# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS) + # define GETPID_IS_MEANINGLESS +-#endif ++# endif + +-#ifdef WIN32 +-#define get_last_sys_error() GetLastError() +-#define clear_sys_error() SetLastError(0) +-#if !defined(WINNT) +-#define WIN_CONSOLE_BUG +-#endif +-#else +-#define get_last_sys_error() errno +-#define clear_sys_error() errno=0 +-#endif ++# ifdef WIN32 ++# define get_last_sys_error() GetLastError() ++# define clear_sys_error() SetLastError(0) ++# if !defined(WINNT) ++# define WIN_CONSOLE_BUG ++# endif ++# else ++# define get_last_sys_error() errno ++# define clear_sys_error() errno=0 ++# endif + +-#if defined(WINDOWS) +-#define get_last_socket_error() WSAGetLastError() +-#define clear_socket_error() WSASetLastError(0) +-#define readsocket(s,b,n) recv((s),(b),(n),0) +-#define writesocket(s,b,n) send((s),(b),(n),0) +-#elif defined(__DJGPP__) +-#define WATT32 +-#define get_last_socket_error() errno +-#define clear_socket_error() errno=0 +-#define closesocket(s) close_s(s) +-#define readsocket(s,b,n) read_s(s,b,n) +-#define writesocket(s,b,n) send(s,b,n,0) +-#elif defined(MAC_OS_pre_X) +-#define get_last_socket_error() errno +-#define clear_socket_error() errno=0 +-#define closesocket(s) MacSocket_close(s) +-#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) +-#define writesocket(s,b,n) MacSocket_send((s),(b),(n)) +-#elif defined(OPENSSL_SYS_VMS) +-#define get_last_socket_error() errno +-#define clear_socket_error() errno=0 +-#define ioctlsocket(a,b,c) ioctl(a,b,c) +-#define closesocket(s) close(s) +-#define readsocket(s,b,n) recv((s),(b),(n),0) +-#define writesocket(s,b,n) send((s),(b),(n),0) +-#elif defined(OPENSSL_SYS_VXWORKS) +-#define get_last_socket_error() errno +-#define clear_socket_error() errno=0 +-#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) +-#define closesocket(s) close(s) +-#define readsocket(s,b,n) read((s),(b),(n)) +-#define writesocket(s,b,n) write((s),(char *)(b),(n)) +-#elif defined(OPENSSL_SYS_NETWARE) +-#if defined(NETWARE_BSDSOCK) +-#define get_last_socket_error() errno +-#define clear_socket_error() errno=0 +-#define closesocket(s) close(s) +-#define ioctlsocket(a,b,c) ioctl(a,b,c) +-#if defined(NETWARE_LIBC) +-#define readsocket(s,b,n) recv((s),(b),(n),0) +-#define writesocket(s,b,n) send((s),(b),(n),0) +-#else +-#define readsocket(s,b,n) recv((s),(char*)(b),(n),0) +-#define writesocket(s,b,n) send((s),(char*)(b),(n),0) +-#endif +-#else +-#define get_last_socket_error() WSAGetLastError() +-#define clear_socket_error() WSASetLastError(0) +-#define readsocket(s,b,n) recv((s),(b),(n),0) +-#define writesocket(s,b,n) send((s),(b),(n),0) +-#endif +-#else +-#define get_last_socket_error() errno +-#define clear_socket_error() errno=0 +-#define ioctlsocket(a,b,c) ioctl(a,b,c) +-#define closesocket(s) close(s) +-#define readsocket(s,b,n) read((s),(b),(n)) +-#define writesocket(s,b,n) write((s),(b),(n)) +-#endif ++# if defined(WINDOWS) ++# define get_last_socket_error() WSAGetLastError() ++# define clear_socket_error() WSASetLastError(0) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# elif defined(__DJGPP__) ++# define WATT32 ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define closesocket(s) close_s(s) ++# define readsocket(s,b,n) read_s(s,b,n) ++# define writesocket(s,b,n) send(s,b,n,0) ++# elif defined(MAC_OS_pre_X) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define closesocket(s) MacSocket_close(s) ++# define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) ++# define writesocket(s,b,n) MacSocket_send((s),(b),(n)) ++# elif defined(OPENSSL_SYS_VMS) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define ioctlsocket(a,b,c) ioctl(a,b,c) ++# define closesocket(s) close(s) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# elif defined(OPENSSL_SYS_VXWORKS) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c)) ++# define closesocket(s) close(s) ++# define readsocket(s,b,n) read((s),(b),(n)) ++# define writesocket(s,b,n) write((s),(char *)(b),(n)) ++# elif defined(OPENSSL_SYS_NETWARE) ++# if defined(NETWARE_BSDSOCK) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define closesocket(s) close(s) ++# define ioctlsocket(a,b,c) ioctl(a,b,c) ++# if defined(NETWARE_LIBC) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# else ++# define readsocket(s,b,n) recv((s),(char*)(b),(n),0) ++# define writesocket(s,b,n) send((s),(char*)(b),(n),0) ++# endif ++# else ++# define get_last_socket_error() WSAGetLastError() ++# define clear_socket_error() WSASetLastError(0) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# endif ++# else ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define ioctlsocket(a,b,c) ioctl(a,b,c) ++# define closesocket(s) close(s) ++# define readsocket(s,b,n) read((s),(b),(n)) ++# define writesocket(s,b,n) write((s),(b),(n)) ++# endif + +-#ifdef WIN16 +-# define MS_CALLBACK _far _loadds +-# define MS_FAR _far +-#else ++# ifdef WIN16 ++# define MS_CALLBACK _far _loadds ++# define MS_FAR _far ++# else + # define MS_CALLBACK + # define MS_FAR +-#endif ++# endif + +-#ifdef OPENSSL_NO_STDIO ++# ifdef OPENSSL_NO_STDIO + # undef OPENSSL_NO_FP_API + # define OPENSSL_NO_FP_API +-#endif ++# endif + +-#if (defined(WINDOWS) || defined(MSDOS)) ++# if (defined(WINDOWS) || defined(MSDOS)) + + # ifdef __DJGPP__ +-# include +-# include +-# include +-# include +-# include +-# define _setmode setmode +-# define _O_TEXT O_TEXT +-# define _O_BINARY O_BINARY +-# undef DEVRANDOM +-# define DEVRANDOM "/dev/urandom\x24" +-# endif /* __DJGPP__ */ ++# include ++# include ++# include ++# include ++# include ++# define _setmode setmode ++# define _O_TEXT O_TEXT ++# define _O_BINARY O_BINARY ++# undef DEVRANDOM ++# define DEVRANDOM "/dev/urandom\x24" ++# endif /* __DJGPP__ */ + + # ifndef S_IFDIR +-# define S_IFDIR _S_IFDIR ++# define S_IFDIR _S_IFDIR + # endif + + # ifndef S_IFMT +-# define S_IFMT _S_IFMT ++# define S_IFMT _S_IFMT + # endif + + # if !defined(WINNT) && !defined(__DJGPP__) +-# define NO_SYSLOG ++# define NO_SYSLOG + # endif + # define NO_DIRENT + + # ifdef WINDOWS +-# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) ++# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) + /* +- * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." +- * Most notably we ought to check for availability of each specific +- * routine with GetProcAddress() and/or quard NT-specific calls with +- * GetVersion() < 0x80000000. One can argue that in latter "or" case +- * we ought to /DELAYLOAD some .DLLs in order to protect ourselves +- * against run-time link errors. This doesn't seem to be necessary, +- * because it turned out that already Windows 95, first non-NT Win32 +- * implementation, is equipped with at least NT 3.51 stubs, dummy +- * routines with same name, but which do nothing. Meaning that it's +- * apparently appropriate to guard generic NT calls with GetVersion +- * alone, while NT 4.0 and above calls ought to be additionally +- * checked upon with GetProcAddress. +- */ +-# define _WIN32_WINNT 0x0400 +-# endif +-# include +-# include +-# include +-# include +-# include +-# ifdef _WIN64 +-# define strlen(s) _strlen31(s) ++ * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." ++ * Most notably we ought to check for availability of each specific ++ * routine with GetProcAddress() and/or quard NT-specific calls with ++ * GetVersion() < 0x80000000. One can argue that in latter "or" case ++ * we ought to /DELAYLOAD some .DLLs in order to protect ourselves ++ * against run-time link errors. This doesn't seem to be necessary, ++ * because it turned out that already Windows 95, first non-NT Win32 ++ * implementation, is equipped with at least NT 3.51 stubs, dummy ++ * routines with same name, but which do nothing. Meaning that it's ++ * apparently appropriate to guard generic NT calls with GetVersion ++ * alone, while NT 4.0 and above calls ought to be additionally ++ * checked upon with GetProcAddress. ++ */ ++# define _WIN32_WINNT 0x0400 ++# endif ++# include ++# include ++# include ++# include ++# include ++# ifdef _WIN64 ++# define strlen(s) _strlen31(s) + /* cut strings to 2GB */ +-static unsigned int _strlen31(const char *str) +- { +- unsigned int len=0; +- while (*str && len<0x80000000U) str++, len++; +- return len&0x7FFFFFFF; +- } +-# endif +-# include +-# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) ++static __inline unsigned int _strlen31(const char *str) ++{ ++ unsigned int len = 0; ++ while (*str && len < 0x80000000U) ++ str++, len++; ++ return len & 0x7FFFFFFF; ++} ++# endif ++# include ++# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) + /* compensate for bug in VC6 ctype.h */ +-# undef isspace +-# undef isdigit +-# undef isalnum +-# undef isupper +-# undef isxdigit +-# endif +-# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) +-# if _MSC_VER>=1300 +-# undef stdin +-# undef stdout +-# undef stderr +- FILE *__iob_func(); +-# define stdin (&__iob_func()[0]) +-# define stdout (&__iob_func()[1]) +-# define stderr (&__iob_func()[2]) +-# elif defined(I_CAN_LIVE_WITH_LNK4049) +-# undef stdin +-# undef stdout +-# undef stderr +- /* pre-1300 has __p__iob(), but it's available only in msvcrt.lib, +- * or in other words with /MD. Declaring implicit import, i.e. +- * with _imp_ prefix, works correctly with all compiler options, +- * but without /MD results in LINK warning LNK4049: +- * 'locally defined symbol "__iob" imported'. ++# undef isspace ++# undef isdigit ++# undef isalnum ++# undef isupper ++# undef isxdigit ++# endif ++# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) ++# if _MSC_VER>=1300 ++# undef stdin ++# undef stdout ++# undef stderr ++FILE *__iob_func(); ++# define stdin (&__iob_func()[0]) ++# define stdout (&__iob_func()[1]) ++# define stderr (&__iob_func()[2]) ++# elif defined(I_CAN_LIVE_WITH_LNK4049) ++# undef stdin ++# undef stdout ++# undef stderr ++ /* ++ * pre-1300 has __p__iob(), but it's available only in msvcrt.lib, ++ * or in other words with /MD. Declaring implicit import, i.e. with ++ * _imp_ prefix, works correctly with all compiler options, but ++ * without /MD results in LINK warning LNK4049: 'locally defined ++ * symbol "__iob" imported'. + */ +- extern FILE *_imp___iob; +-# define stdin (&_imp___iob[0]) +-# define stdout (&_imp___iob[1]) +-# define stderr (&_imp___iob[2]) +-# endif ++extern FILE *_imp___iob; ++# define stdin (&_imp___iob[0]) ++# define stdout (&_imp___iob[1]) ++# define stderr (&_imp___iob[2]) + # endif ++# endif + # endif + # include + # include + + # ifdef OPENSSL_SYS_WINCE +-# include ++# include + # endif + + # define ssize_t long + + # if defined (__BORLANDC__) +-# define _setmode setmode +-# define _O_TEXT O_TEXT +-# define _O_BINARY O_BINARY +-# define _int64 __int64 +-# define _kbhit kbhit ++# define _setmode setmode ++# define _O_TEXT O_TEXT ++# define _O_BINARY O_BINARY ++# define _int64 __int64 ++# define _kbhit kbhit + # endif + + # if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST) +-# define EXIT(n) _wsetexit(_WINEXITNOPERSIST) +-# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) ++# define EXIT(n) _wsetexit(_WINEXITNOPERSIST) ++# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0) + # else +-# define EXIT(n) exit(n) ++# define EXIT(n) exit(n) + # endif + # define LIST_SEPARATOR_CHAR ';' + # ifndef X_OK +-# define X_OK 0 ++# define X_OK 0 + # endif + # ifndef W_OK +-# define W_OK 2 ++# define W_OK 2 + # endif + # ifndef R_OK +-# define R_OK 4 ++# define R_OK 4 + # endif +-# define OPENSSL_CONF "openssl.cnf" +-# define SSLEAY_CONF OPENSSL_CONF +-# define NUL_DEV "nul" +-# define RFILE ".rnd" ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define NUL_DEV "nul" ++# define RFILE ".rnd" + # ifdef OPENSSL_SYS_WINCE +-# define DEFAULT_HOME "" ++# define DEFAULT_HOME "" + # else +-# define DEFAULT_HOME "C:" ++# define DEFAULT_HOME "C:" + # endif + +-#else /* The non-microsoft world world */ ++/* Avoid Visual Studio 13 GetVersion deprecated problems */ ++# if defined(_MSC_VER) && _MSC_VER>=1800 ++# define check_winnt() (1) ++# define check_win_minplat(x) (1) ++# else ++# define check_winnt() (GetVersion() < 0x80000000) ++# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) ++# endif ++ ++# else /* The non-microsoft world */ + + # ifdef OPENSSL_SYS_VMS +-# define VMS 1 +- /* some programs don't include stdlib, so exit() and others give implicit +- function warnings */ +-# include +-# if defined(__DECC) +-# include +-# else +-# include +-# endif +-# define OPENSSL_CONF "openssl.cnf" +-# define SSLEAY_CONF OPENSSL_CONF +-# define RFILE ".rnd" +-# define LIST_SEPARATOR_CHAR ',' +-# define NUL_DEV "NLA0:" ++# define VMS 1 ++ /* ++ * some programs don't include stdlib, so exit() and others give implicit ++ * function warnings ++ */ ++# include ++# if defined(__DECC) ++# include ++# else ++# include ++# endif ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define RFILE ".rnd" ++# define LIST_SEPARATOR_CHAR ',' ++# define NUL_DEV "NLA0:" + /* We don't have any well-defined random devices on VMS, yet... */ +-# undef DEVRANDOM +- /* We need to do this since VMS has the following coding on status codes: ++# undef DEVRANDOM ++ /*- ++ We need to do this since VMS has the following coding on status codes: + + Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... + The important thing to know is that odd numbers are considered +- good, while even ones are considered errors. ++ good, while even ones are considered errors. + Bits 3-15: actual status number + Bits 16-27: facility number. 0 is considered "unknown" + Bits 28-31: control bits. If bit 28 is set, the shell won't try to +@@ -394,317 +415,340 @@ static unsigned int _strlen31(const char *str) + the status is tagged as an error, which I believe is what is wanted here. + -- Richard Levitte + */ +-# define EXIT(n) do { int __VMS_EXIT = n; \ ++# define EXIT(n) do { int __VMS_EXIT = n; \ + if (__VMS_EXIT == 0) \ +- __VMS_EXIT = 1; \ +- else \ +- __VMS_EXIT = (n << 3) | 2; \ ++ __VMS_EXIT = 1; \ ++ else \ ++ __VMS_EXIT = (n << 3) | 2; \ + __VMS_EXIT |= 0x10000000; \ +- exit(__VMS_EXIT); } while(0) +-# define NO_SYS_PARAM_H ++ exit(__VMS_EXIT); } while(0) ++# define NO_SYS_PARAM_H + + # elif defined(OPENSSL_SYS_NETWARE) +-# include +-# include +-# define NO_SYS_TYPES_H +-# undef DEVRANDOM +-# ifdef NETWARE_CLIB +-# define getpid GetThreadID +- extern int GetThreadID(void); ++# include ++# include ++# define NO_SYS_TYPES_H ++# undef DEVRANDOM ++# ifdef NETWARE_CLIB ++# define getpid GetThreadID ++extern int GetThreadID(void); + /* # include */ +- extern int kbhit(void); +- extern void delay(unsigned milliseconds); +-# else +-# include +-# endif +-# define NO_SYSLOG +-# define _setmode setmode +-# define _kbhit kbhit +-# define _O_TEXT O_TEXT +-# define _O_BINARY O_BINARY +-# define OPENSSL_CONF "openssl.cnf" +-# define SSLEAY_CONF OPENSSL_CONF +-# define RFILE ".rnd" +-# define LIST_SEPARATOR_CHAR ';' +-# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } ++extern int kbhit(void); ++extern void delay(unsigned milliseconds); ++# else ++# include ++# endif ++# define NO_SYSLOG ++# define _setmode setmode ++# define _kbhit kbhit ++# define _O_TEXT O_TEXT ++# define _O_BINARY O_BINARY ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define RFILE ".rnd" ++# define LIST_SEPARATOR_CHAR ';' ++# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } + + # else + /* !defined VMS */ +-# ifdef OPENSSL_SYS_MPE +-# define NO_SYS_PARAM_H +-# endif +-# ifdef OPENSSL_UNISTD +-# include OPENSSL_UNISTD +-# else +-# include +-# endif +-# ifndef NO_SYS_TYPES_H +-# include +-# endif +-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) +-# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP +- * (unless when compiling with -D_POSIX_SOURCE, +- * which doesn't work for us) */ +-# endif +-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) +-# define ssize_t int /* ditto */ +-# endif +-# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ +-# define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) +- typedef unsigned long clock_t; +-# endif +- +-# define OPENSSL_CONF "openssl.cnf" +-# define SSLEAY_CONF OPENSSL_CONF +-# define RFILE ".rnd" +-# define LIST_SEPARATOR_CHAR ':' +-# define NUL_DEV "/dev/null" +-# define EXIT(n) exit(n) ++# ifdef OPENSSL_SYS_MPE ++# define NO_SYS_PARAM_H ++# endif ++# ifdef OPENSSL_UNISTD ++# include OPENSSL_UNISTD ++# else ++# include ++# endif ++# ifndef NO_SYS_TYPES_H ++# include ++# endif ++# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) ++# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP ++ * (unless when compiling with ++ * -D_POSIX_SOURCE, which doesn't work for ++ * us) */ ++# endif ++# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) ++# define ssize_t int /* ditto */ ++# endif ++# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ ++# define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) ++typedef unsigned long clock_t; ++# endif ++ ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define RFILE ".rnd" ++# define LIST_SEPARATOR_CHAR ':' ++# define NUL_DEV "/dev/null" ++# define EXIT(n) exit(n) + # endif + +-# define SSLeay_getpid() getpid() +- +-#endif ++# define SSLeay_getpid() getpid() + ++# endif + + /*************/ + +-#ifdef USE_SOCKETS ++# ifdef USE_SOCKETS + # if defined(WINDOWS) || defined(MSDOS) + /* windows world */ + +-# ifdef OPENSSL_NO_SOCK +-# define SSLeay_Write(a,b,c) (-1) +-# define SSLeay_Read(a,b,c) (-1) +-# define SHUTDOWN(fd) close(fd) +-# define SHUTDOWN2(fd) close(fd) +-# elif !defined(__DJGPP__) +-# include ++# ifdef OPENSSL_NO_SOCK ++# define SSLeay_Write(a,b,c) (-1) ++# define SSLeay_Read(a,b,c) (-1) ++# define SHUTDOWN(fd) close(fd) ++# define SHUTDOWN2(fd) close(fd) ++# elif !defined(__DJGPP__) ++# include + extern HINSTANCE _hInstance; +-# ifdef _WIN64 ++# ifdef _WIN64 + /* + * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because + * the value constitutes an index in per-process table of limited size + * and not a real pointer. + */ +-# define socket(d,t,p) ((int)socket(d,t,p)) +-# define accept(s,f,l) ((int)accept(s,f,l)) +-# endif +-# define SSLeay_Write(a,b,c) send((a),(b),(c),0) +-# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) +-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } +-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } +-# else +-# define SSLeay_Write(a,b,c) write_s(a,b,c,0) +-# define SSLeay_Read(a,b,c) read_s(a,b,c) +-# define SHUTDOWN(fd) close_s(fd) +-# define SHUTDOWN2(fd) close_s(fd) ++# define socket(d,t,p) ((int)socket(d,t,p)) ++# define accept(s,f,l) ((int)accept(s,f,l)) + # endif ++# define SSLeay_Write(a,b,c) send((a),(b),(c),0) ++# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) ++# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } ++# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } ++# else ++# define SSLeay_Write(a,b,c) write_s(a,b,c,0) ++# define SSLeay_Read(a,b,c) read_s(a,b,c) ++# define SHUTDOWN(fd) close_s(fd) ++# define SHUTDOWN2(fd) close_s(fd) ++# endif + + # elif defined(MAC_OS_pre_X) + +-# include "MacSocket.h" +-# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) +-# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) +-# define SHUTDOWN(fd) MacSocket_close(fd) +-# define SHUTDOWN2(fd) MacSocket_close(fd) ++# include "MacSocket.h" ++# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) ++# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) ++# define SHUTDOWN(fd) MacSocket_close(fd) ++# define SHUTDOWN2(fd) MacSocket_close(fd) + + # elif defined(OPENSSL_SYS_NETWARE) +- /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD +- */ +-# if defined(NETWARE_BSDSOCK) +-# include +-# include +-# include +-# if defined(NETWARE_CLIB) +-# include +-# else +-# include +-# endif +-# define INVALID_SOCKET (int)(~0) +-# else +-# include +-# endif +-# define SSLeay_Write(a,b,c) send((a),(b),(c),0) +-# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) +-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } +-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } +- +-# else +- +-# ifndef NO_SYS_PARAM_H +-# include +-# endif +-# ifdef OPENSSL_SYS_VXWORKS +-# include +-# elif !defined(OPENSSL_SYS_MPE) +-# include /* Needed under linux for FD_XXX */ +-# endif +- +-# include +-# if defined(OPENSSL_SYS_VMS_NODECC) +-# include +-# include +-# include ++ /* ++ * NetWare uses the WinSock2 interfaces by default, but can be ++ * configured for BSD ++ */ ++# if defined(NETWARE_BSDSOCK) ++# include ++# include ++# include ++# if defined(NETWARE_CLIB) ++# include + # else +-# include +-# ifdef FILIO_H +-# include /* Added for FIONBIO under unixware */ +-# endif +-# include +-# include +-# endif +- +-# if defined(NeXT) || defined(_NEXT_SOURCE) +-# include +-# include ++# include + # endif ++# define INVALID_SOCKET (int)(~0) ++# else ++# include ++# endif ++# define SSLeay_Write(a,b,c) send((a),(b),(c),0) ++# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) ++# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } ++# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } + +-# ifdef OPENSSL_SYS_AIX +-# include +-# endif ++# else + +-# ifdef __QNX__ +-# include ++# ifndef NO_SYS_PARAM_H ++# include ++# endif ++# ifdef OPENSSL_SYS_VXWORKS ++# include ++# elif !defined(OPENSSL_SYS_MPE) ++# include /* Needed under linux for FD_XXX */ ++# endif ++ ++# include ++# if defined(OPENSSL_SYS_VMS_NODECC) ++# include ++# include ++# include ++# else ++# include ++# ifdef FILIO_H ++# include /* Added for FIONBIO under unixware */ + # endif +- +-# if defined(sun) +-# include ++# include ++# include ++# endif ++ ++# if defined(NeXT) || defined(_NEXT_SOURCE) ++# include ++# include ++# endif ++ ++# ifdef OPENSSL_SYS_AIX ++# include ++# endif ++ ++# ifdef __QNX__ ++# include ++# endif ++ ++# if defined(sun) ++# include ++# else ++# ifndef VMS ++# include + # else +-# ifndef VMS +-# include +-# else +- /* ioctl is only in VMS > 7.0 and when socketshr is not used */ +-# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) +-# include +-# endif +-# endif ++ /* ioctl is only in VMS > 7.0 and when socketshr is not used */ ++# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) ++# include ++# endif + # endif ++# endif + +-# ifdef VMS +-# include +-# if defined(TCPIP_TYPE_SOCKETSHR) +-# include +-# endif ++# ifdef VMS ++# include ++# if defined(TCPIP_TYPE_SOCKETSHR) ++# include + # endif +- +-# define SSLeay_Read(a,b,c) read((a),(b),(c)) +-# define SSLeay_Write(a,b,c) write((a),(b),(c)) +-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } +-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } +-# ifndef INVALID_SOCKET +-# define INVALID_SOCKET (-1) +-# endif /* INVALID_SOCKET */ ++# endif ++ ++# define SSLeay_Read(a,b,c) read((a),(b),(c)) ++# define SSLeay_Write(a,b,c) write((a),(b),(c)) ++# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } ++# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } ++# ifndef INVALID_SOCKET ++# define INVALID_SOCKET (-1) ++# endif /* INVALID_SOCKET */ + # endif +-#endif ++# endif + +-#if defined(__ultrix) ++# if defined(__ultrix) + # ifndef ssize_t +-# define ssize_t int ++# define ssize_t int + # endif +-#endif ++# endif + +-#if defined(sun) && !defined(__svr4__) && !defined(__SVR4) ++# if defined(sun) && !defined(__svr4__) && !defined(__SVR4) + /* include headers first, so our defines don't break it */ +-#include +-#include ++# include ++# include + /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */ +-# define memmove(s1,s2,n) bcopy((s2),(s1),(n)) +-# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) +-extern char *sys_errlist[]; extern int sys_nerr; +-# define strerror(errnum) \ +- (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) ++# define memmove(s1,s2,n) bcopy((s2),(s1),(n)) ++# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) ++extern char *sys_errlist[]; ++extern int sys_nerr; ++# define strerror(errnum) \ ++ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) + /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ +-#include "crypto/o_str.h" +-# define memcmp OPENSSL_memcmp +-#endif ++# include "crypto/o_str.h" ++# define memcmp OPENSSL_memcmp ++# endif + +-#ifndef OPENSSL_EXIT +-# if defined(MONOLITH) && !defined(OPENSSL_C) +-# define OPENSSL_EXIT(n) return(n) +-# else +-# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0) ++# ifndef OPENSSL_EXIT ++# if defined(MONOLITH) && !defined(OPENSSL_C) ++# define OPENSSL_EXIT(n) return(n) ++# else ++# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0) ++# endif + # endif +-#endif + + /***********************************************/ + +-/* do we need to do this for getenv. +- * Just define getenv for use under windows */ ++/* ++ * do we need to do this for getenv. Just define getenv for use under windows ++ */ + +-#ifdef WIN16 ++# ifdef WIN16 + /* How to do this needs to be thought out a bit more.... */ +-/*char *GETENV(char *); +-#define Getenv GETENV*/ +-#define Getenv getenv +-#else +-#define Getenv getenv +-#endif ++/* ++ * char *GETENV(char *); #define Getenv GETENV ++ */ ++# define Getenv getenv ++# else ++# define Getenv getenv ++# endif + +-#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ ++# define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ + +-#ifdef sgi +-#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ +-#endif +-#ifdef OPENSSL_SYS_SNI +-#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ +-#endif ++# ifdef sgi ++# define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ ++# endif ++# ifdef OPENSSL_SYS_SNI ++# define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from ++ * the same bug. */ ++# endif + +-#if defined(OPENSSL_SYS_WINDOWS) ++# if defined(OPENSSL_SYS_WINDOWS) + # define strcasecmp _stricmp + # define strncasecmp _strnicmp +-#elif defined(OPENSSL_SYS_VMS) ++# elif defined(OPENSSL_SYS_VMS) + /* VMS below version 7.0 doesn't have strcasecmp() */ + # include "o_str.h" + # define strcasecmp OPENSSL_strcasecmp + # define strncasecmp OPENSSL_strncasecmp + # define OPENSSL_IMPLEMENTS_strncasecmp +-#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) ++# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) + # define strcasecmp stricmp + # define strncasecmp strnicmp +-#elif defined(OPENSSL_SYS_NETWARE) ++# elif defined(OPENSSL_SYS_NETWARE) + # include + # if defined(NETWARE_CLIB) +-# define strcasecmp stricmp +-# define strncasecmp strnicmp +-# endif /* NETWARE_CLIB */ +-#endif ++# define strcasecmp stricmp ++# define strncasecmp strnicmp ++# endif /* NETWARE_CLIB */ ++# endif + +-#if defined(OPENSSL_SYS_OS2) && defined(__EMX__) +-# include +-# include +-# define NO_SYSLOG +-#endif ++# if defined(OPENSSL_SYS_OS2) && defined(__EMX__) ++# include ++# include ++# define NO_SYSLOG ++# endif + + /* vxworks */ +-#if defined(OPENSSL_SYS_VXWORKS) +-#include +-#include +-#include ++# if defined(OPENSSL_SYS_VXWORKS) ++# include ++# include ++# include + +-#define TTY_STRUCT int ++# define TTY_STRUCT int + +-#define sleep(a) taskDelay((a) * sysClkRateGet()) ++# define sleep(a) taskDelay((a) * sysClkRateGet()) + +-#include +-#include +-#include ++# include ++# include ++# include + +-#define getpid taskIdSelf ++# define getpid taskIdSelf + +-/* NOTE: these are implemented by helpers in database app! +- * if the database is not linked, we need to implement them +- * elswhere */ ++/* ++ * NOTE: these are implemented by helpers in database app! if the database is ++ * not linked, we need to implement them elswhere ++ */ + struct hostent *gethostbyname(const char *name); + struct hostent *gethostbyaddr(const char *addr, int length, int type); + struct servent *getservbyname(const char *name, const char *proto); + +-#endif ++# endif + /* end vxworks */ + ++# if !defined(inline) && !defined(__cplusplus) ++# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L ++ /* do nothing, inline works */ ++# elif defined(__GNUC__) && __GNUC__>=2 ++# define inline __inline__ ++# elif defined(_MSC_VER) ++ /* ++ * Visual Studio: inline is available in C++ only, however ++ * __inline is available for C, see ++ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx ++ */ ++# define inline __inline ++# else ++# define inline ++# endif ++# endif ++ + #ifdef __cplusplus + } + #endif + + #endif +- +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index 897ef2d..89ccd84 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,8 +1,9 @@ + #/bin/sh + DIR=$1 +-version="0.9.8zb" ++version="0.9.8zf" + + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/constant_time_locl.h crypto/constant_time_locl.h + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dyn_lck.c crypto/dyn_lck.c + install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c +diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c +index 7b8bca5..4ce2b06 100644 +--- a/Cryptlib/Pk/CryptAuthenticode.c ++++ b/Cryptlib/Pk/CryptAuthenticode.c +@@ -9,7 +9,7 @@ + AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for + data structure. + +-Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -123,7 +123,7 @@ AuthenticodeVerify ( + // Un-matched SPC_INDIRECT_DATA_OBJID. + // + goto _Exit; +- } ++ } + + + SpcIndirectDataContent = (UINT8 *)(Pkcs7->d.sign->contents->d.other->value.asn1_string->data); +@@ -135,16 +135,27 @@ AuthenticodeVerify ( + + if ((Asn1Byte & 0x80) == 0) { + // +- // Short Form of Length Encoding ++ // Short Form of Length Encoding (Length < 128) + // + ContentSize = (UINTN) (Asn1Byte & 0x7F); + // + // Skip the SEQUENCE Tag; + // + SpcIndirectDataContent += 2; ++ ++ } else if ((Asn1Byte & 0x81) == 0x81) { ++ // ++ // Long Form of Length Encoding (128 <= Length < 255, Single Octet) ++ // ++ ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); ++ // ++ // Skip the SEQUENCE Tag; ++ // ++ SpcIndirectDataContent += 3; ++ + } else if ((Asn1Byte & 0x82) == 0x82) { + // +- // Long Form of Length Encoding, only support two bytes. ++ // Long Form of Length Encoding (Length > 255, Two Octet) + // + ContentSize = (UINTN) (*(UINT8 *)(SpcIndirectDataContent + 2)); + ContentSize = (ContentSize << 8) + (UINTN)(*(UINT8 *)(SpcIndirectDataContent + 3)); +@@ -152,6 +163,7 @@ AuthenticodeVerify ( + // Skip the SEQUENCE Tag; + // + SpcIndirectDataContent += 4; ++ + } else { + goto _Exit; + } +diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c +index 05c3f87..a9665d5 100644 +--- a/Cryptlib/Pk/CryptPkcs7Verify.c ++++ b/Cryptlib/Pk/CryptPkcs7Verify.c +@@ -10,7 +10,7 @@ + WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated + Variable and will do basic check for data structure. + +-Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -123,7 +123,7 @@ X509VerifyCb ( + @param[in] P7Length Length of the PKCS#7 message in bytes. + @param[out] WrapFlag If TRUE P7Data is a ContentInfo structure, otherwise + return FALSE. +- @param[out] WrapData If return status of this function is TRUE: ++ @param[out] WrapData If return status of this function is TRUE: + 1) when WrapFlag is TRUE, pointer to P7Data. + 2) when WrapFlag is FALSE, pointer to a new ContentInfo + structure. It's caller's responsibility to free this +@@ -227,7 +227,7 @@ WrapPkcs7Data ( + @param[in] X509Stack Pointer to a X509 stack object. + @param[out] Cert Pointer to a X509 certificate. + @param[out] CertSize Length of output X509 certificate in bytes. +- ++ + @retval TRUE The X509 stack pop succeeded. + @retval FALSE The pop operation failed. + +@@ -359,7 +359,7 @@ Pkcs7GetSigners ( + (TrustedCert == NULL) || (CertLength == NULL) || (P7Length > INT_MAX)) { + return FALSE; + } +- ++ + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); + if (!Status) { + return Status; +@@ -410,7 +410,7 @@ Pkcs7GetSigners ( + // + BufferSize = sizeof (UINT8); + OldSize = BufferSize; +- ++ + for (Index = 0; ; Index++) { + Status = X509PopCertificate (Stack, &SingleCert, &SingleCertSize); + if (!Status) { +@@ -455,7 +455,7 @@ Pkcs7GetSigners ( + *CertStack = CertBuf; + *StackLength = BufferSize; + Status = TRUE; +- } ++ } + + _Exit: + // +@@ -485,7 +485,7 @@ _Exit: + if (OldBuf != NULL) { + free (OldBuf); + } +- ++ + return Status; + } + +@@ -556,11 +556,11 @@ Pkcs7Verify ( + // + // Check input parameters. + // +- if (P7Data == NULL || TrustedCert == NULL || InData == NULL || ++ if (P7Data == NULL || TrustedCert == NULL || InData == NULL || + P7Length > INT_MAX || CertLength > INT_MAX || DataLength > INT_MAX) { + return FALSE; + } +- ++ + Pkcs7 = NULL; + DataBio = NULL; + Cert = NULL; +@@ -578,18 +578,23 @@ Pkcs7Verify ( + if (EVP_add_digest (EVP_sha256 ()) == 0) { + return FALSE; + } ++ if (EVP_add_digest (EVP_sha384 ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_digest (EVP_sha512 ()) == 0) { ++ return FALSE; ++ } + if (EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA) == 0) { + return FALSE; + } + +- + Status = WrapPkcs7Data (P7Data, P7Length, &Wrapped, &SignedData, &SignedDataSize); + if (!Status) { + return Status; + } + + Status = FALSE; +- ++ + // + // Retrieve PKCS#7 Data (DER encoding) + // +@@ -674,4 +679,4 @@ _Exit: + } + + return Status; +-} ++} +\ No newline at end of file +diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c +index 5abe970..29efc42 100644 +--- a/Cryptlib/Pk/CryptX509.c ++++ b/Cryptlib/Pk/CryptX509.c +@@ -1,7 +1,7 @@ + /** @file + X.509 Certificate Handler Wrapper Implementation over OpenSSL. + +-Copyright (c) 2010 - 2012, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2014, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -484,3 +484,79 @@ _Exit: + + return Status; + } ++ ++/** ++ Retrieve the TBSCertificate from one given X.509 certificate. ++ ++ @param[in] Cert Pointer to the given DER-encoded X509 certificate. ++ @param[in] CertSize Size of the X509 certificate in bytes. ++ @param[out] TBSCert DER-Encoded To-Be-Signed certificate. ++ @param[out] TBSCertSize Size of the TBS certificate in bytes. ++ ++ If Cert is NULL, then return FALSE. ++ If TBSCert is NULL, then return FALSE. ++ If TBSCertSize is NULL, then return FALSE. ++ ++ @retval TRUE The TBSCertificate was retrieved successfully. ++ @retval FALSE Invalid X.509 certificate. ++ ++**/ ++BOOLEAN ++EFIAPI ++X509GetTBSCert ( ++ IN CONST UINT8 *Cert, ++ IN UINTN CertSize, ++ OUT UINT8 **TBSCert, ++ OUT UINTN *TBSCertSize ++ ) ++{ ++ CONST UINT8 *Temp; ++ INTN Asn1Tag; ++ INTN ObjClass; ++ UINTN Length; ++ ++ // ++ // Check input parameters. ++ // ++ if ((Cert == NULL) || (TBSCert == NULL) || (TBSCertSize == NULL)) { ++ return FALSE; ++ } ++ ++ // ++ // An X.509 Certificate is: (defined in RFC3280) ++ // Certificate ::= SEQUENCE { ++ // tbsCertificate TBSCertificate, ++ // signatureAlgorithm AlgorithmIdentifier, ++ // signature BIT STRING } ++ // ++ // and ++ // ++ // TBSCertificate ::= SEQUENCE { ++ // version [0] Version DEFAULT v1, ++ // ... ++ // } ++ // ++ // So we can just ASN1-parse the x.509 DER-encoded data. If we strip ++ // the first SEQUENCE, the second SEQUENCE is the TBSCertificate. ++ // ++ Temp = Cert; ++ ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)CertSize); ++ ++ if (Asn1Tag != V_ASN1_SEQUENCE) { ++ return FALSE; ++ } ++ ++ *TBSCert = (UINT8 *)Temp; ++ ++ ASN1_get_object (&Temp, (long *)&Length, (int *)&Asn1Tag, (int *)&ObjClass, (long)Length); ++ // ++ // Verify the parsed TBSCertificate is one correct SEQUENCE data. ++ // ++ if (Asn1Tag != V_ASN1_SEQUENCE) { ++ return FALSE; ++ } ++ ++ *TBSCertSize = Length + (Temp - *TBSCert); ++ ++ return TRUE; ++} +-- +2.1.4 + diff --git a/shim.changes b/shim.changes index 2fca971..ed76f84 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Apr 7 07:42:06 UTC 2015 - glin@suse.com + +- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and + openssl to 0.9.8zf +- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall + the shim protocols at Exit (bsc#919675) +- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust + the buffer size for the boot options (bsc#920515) +- Refresh shim-opensuse-cert-prompt.patch + ------------------------------------------------------------------- Thu Apr 2 16:31:28 UTC 2015 - crrodriguez@opensuse.org diff --git a/shim.spec b/shim.spec index 728fe0f..a6d5adb 100644 --- a/shim.spec +++ b/shim.spec @@ -48,6 +48,12 @@ Patch2: shim-only-os-name.patch Patch3: shim-fix-gnu-efi-30w.patch # PATCH-FIX-UPSTREAM shim-fix-mokmanager-sections.patch glin@suse.com -- Fix the objcopy parameters for the EFI files Patch4: shim-fix-mokmanager-sections.patch +# PATCH-FIX-UPSTREAM shim-bsc919675-uninstall-shim-protocols.patch glin@suse.com -- Uinstall the shim protocols at Exit +Patch5: shim-bsc919675-uninstall-shim-protocols.patch +# PATCH-FIX-UPSTREAM shim-bsc920515-fix-fallback-buffer-length.patch glin@suse.com -- Fix the buffer size for the boot options +Patch6: shim-bsc920515-fix-fallback-buffer-length.patch +# PATCH-FIX-UPSTREAM shim-update-cryptlib.patch glin@suse.com -- Update Cryptlib and openssl +Patch7: shim-update-cryptlib.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not Patch100: shim-opensuse-cert-prompt.patch Patch101: shim-gcc5.patch @@ -78,6 +84,9 @@ Authors: %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %patch100 -p1 %patch101 -p1 %build